plug-in web pages, script files, images and other resources can be hosted inside Elvis or on an external server. The Elvis server acts as a web server for the resources hosted in the <config>/plugins folder.
Elvis supports folder based security configuration through webaccess.config.xml files placed inside your plug-in folders. This article describes how to configure and use these webaccess files.
Webaccess file format
Filename: webaccess.config.xml
Placed in: any subfolder of the active plug-ins folder
<webaccess public="true or false">
<requiredRoles>
<role>...</role>
<role>...</role>
</requiredRoles>
</webaccess>
The webaccess file format supports two main functions:
- public="true", opens up the contents of a folder for everyone, useful if you do not have any restrictions in accessing a web page.
- requiredRoles, opens up the contents of a folder if the currently logged in user has the specified capabilities assigned, these can also be custom capabilities. Using requiredRoles is useful for web pages that are not public, like pages used by an action plug-in.
Basic rules
These are basic rules you have to bear in mind when applying webaccess files:
- The <config>/plugins/active folder and the <config>/plugins/plugin_base folder are the only folders hosted by the server.
- Access is denied when a folder and it's parent folders do not contain a webaccess file.
- Security is applied hierarchically to the folder the webaccess file is in, including it's sub folders, webaccess files in subfolders are in this case ignored.
Management
Security changes are not directly applied when you add or modify a webaccess file. The webaccess files are loaded and re-loaded when plug-ins are loaded and re-loaded. Which means they are loaded at server startup, and they can be manually reloaded in System > Manage plug-ins.
The plug-in admin also shows an overview of the currently loaded webaccess settings.
Examples
Webaccess file examples.
Public access
<webaccess public="true"/>
Typical configuration for an action plug-in
<webaccess>
<requiredRoles>
<role>ROLE_AIR_CLIENT</role>
</requiredRoles>
</webaccess>
Custom capability
<webaccess>
<requiredRoles>
<role>ROLE_CUSTOM_MY_ACTION</role>
</requiredRoles>
</webaccess>
Multiple capabilities
<webaccess>
<requiredRoles>
<role>ROLE_DOWNLOAD</role>
<role>ROLE_CUSTOM_MY_WEB_INTERFACE</role>
</requiredRoles>
</webaccess>
Comment
Do you have corrections or additional information about this article? Leave a comment! Do you have a question about what is described in this article? Please contact Support.
0 comments
Please sign in to leave a comment.