Plug-in Web pages, script files, images and other resources can be hosted in Assets Server or on an external server. Assets Server acts as a Web server for the resources hosted in the <config>/plugins folder.
Assets Server supports folder based security configuration through webaccess.config.xml files placed within the plug-in folders. This article describes how to configure and use these Web access files.
Webaccess file format
File name: webaccess.config.xml
Placed in: any subfolder of the active plug-ins folder.
<webaccess public="true or false"> <requiredRoles> <role>...</role> <role>...</role> </requiredRoles> </webaccess>
- public. Set to 'true' to open up the contents of a folder for everyone Use this when there are no restrictions for accessing a Web page.
- requiredRoles. Grants users access to the contents of a folder if they have the specified Capabilities assigned, including custom capabilities. Use this for Web pages that are not public, such as pages used by an action plug-in.
When applying Web access files, take note of the following:
- The only folders hosted by the server are:
- Access is denied when a folder and its parent folders do not contain a Web access file.
- Security is applied hierarchically to the folder that contains the Web access file, including its sub folders. Web access files in sub folders are in this case ignored.
Security changes are not directly applied when you add or modify a Web access file. The Web access files are loaded and re-loaded when plug-ins are loaded and re-loaded, meaning that they are loaded when the server is started. They can be manually reloaded in the Management Console.
Web access file examples.
Typical configuration for an action plug-in
<webaccess> <requiredRoles> <role>ROLE_WEB_CLIENT</role> </requiredRoles> </webaccess>
<webaccess> <requiredRoles> <role>ROLE_CUSTOM_MY_ACTION</role> </requiredRoles> </webaccess>
<webaccess> <requiredRoles> <role>ROLE_DOWNLOAD</role> <role>ROLE_CUSTOM_MY_WEB_INTERFACE</role> </requiredRoles> </webaccess>