对于orbeon嵌入式api,Orbeon安全性无法正常工作 [英] Orbeon security doesn't work correctly for orbeon embedded api
问题描述
我在我的orbeon应用程序上使用表单身份验证设置了 j_security_check ,它运行正常。 Orbeon位于URL https:// localhost:8444 / orbeon / 。
I set up j_security_check with form authentication on my orbeon app and it works fine. Orbeon is under URL https://localhost:8444/orbeon/.
问题是我在我的jsp页面中嵌入了orbeon API,该页面位于URL
HTTPS://本地主机:8444 /内部/ form.jsp 。在这个页面上,我显示了一些orbeon表单,当我尝试转到这个jsp页面登录页面时,会弹出。
The problem is that I have embedded orbeon API in my jsp page which is under URL https://localhost:8444/BackOffice/form.jsp. On this page I display some orbeon form and when I try to go to this jsp page login page pop up instead.
我将cookie路径更改为 / (而不是 / orbeon )在web.xml中:
I changed the cookie path to / (instead of /orbeon) in web.xml:
<session-config>
<session-timeout>60</session-timeout>
<cookie-config>
<path>/</path>
</cookie-config>
</session-config>
但它没有帮助。我仍然面临同样的问题。
but it didn't help. I'm still facing the same problem.
当我查看HTTP请求时,我可以看到当我尝试访问JSP页面时,会发出一个带有2个JSESSIONID的HTTP请求(一个用于orbeon,一个用于后台),所以一切都应该工作正常,但事实并非如此。
When I look at the HTTP requests I can see that when I'm trying to reach the JSP page, an HTTP request with 2 JSESSIONIDs is issued (one for orbeon, one for backoffice), so everything should works fine but it doesn't.
有谁知道我做错了什么?
Does anyone know what I am doing wrong?
推荐答案
通过嵌入,我假设您指的是表单运行器Java嵌入API 。如果是这种情况,最终用户永远不应该直接点击 / orbeon ,假设这是部署Orbeon Forms的地方。相反,他们应该浏览你的应用程序,其中包括Orbeon Forms生成的表格。
By embedding, I assume that you're referring to the Form Runner Java Embedding API. If that is the case, end-users should never be hitting /orbeon directly, assuming is this where Orbeon Forms is deployed. Instead they should go through your app, which includes the form produced by Orbeon Forms.
这篇关于对于orbeon嵌入式api,Orbeon安全性无法正常工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
