Orbeon Search

Comments? Feedback?

This wiki does not yet support public comments (a limitation of Google Sites), so we encourage you to post your comments either:

On Twitter by responding to @orbeon.

On our community mailing list: subscribe sending an email to ops-users-subscribe@ow2.org (content of subject/body doesn't matter), you'll get a response with the email to use to send your message to the community mailing list.

Recent site activity
Documentation‎ > ‎I. User Guide‎ > ‎

Orbeon Form Runner - Programmer and Administrator Guide

Contents

  1. 1 Form Runner pages
    1. 1.1 Introduction
    2. 1.2 Summary page
    3. 1.3 Detail page
      1. 1.3.1 New
      2. 1.3.2 Edit
      3. 1.3.3 View
    4. 1.4 Home page
  2. 2 Securing Form Runner
    1. 2.1 Using an Apache front-end
    2. 2.2 Securing services
  3. 3 Form Runner access and authentication
    1. 3.1 Features
    2. 3.2 Scenario: protecting forms from anonymous access
    3. 3.3 Scenario: data capture only
    4. 3.4 Scenario: users have full access to specific forms
  4. 4 Form structure
  5. 5 Data structure
  6. 6 Data saved to the persistence layer
  7. 7 See: Styling.
  8. 8 Customizing the form's look and feel 
  9. 9 Configuring the presentation of automatic PDF output
  10. 10 Internationalization
[STATUS: PRELIMINARY]

Form Runner pages

Introduction

Form Runner features a number of different pages:
  • Summary page:
    • the summary page shows the form data for a given form
  • Detail page:
    • "new" mode: create new form data, starting usually with a blank form
    • "edit" mode: edit existing form data loaded from the database
    • "view" mode: same as "edit", but read-only, to review the data entered in edit mode
  • Home page
    • show all the forms and actions available to the current user
    • NOTE: This is only available for the Oracle and MySQL persistence layer as of 2012-02.

Summary page

The following buttons are available on the summary page:
  • New
  • Review
  • PDF
  • Test (Form Builder only)
  • Delete
  • Import
You configure the presence of these buttons on the page via properties.

Detail page

New

[TODO]

Edit

[TODO]

View

[TODO]

Home page

See Home page.

Securing Form Runner

Using an Apache front-end

Example Apache configuration to proxy requests to Tomcat:

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / ajp://localhost:8099/
ProxyPassReverse / ajp://localhost:8099/

Example Tomcat connector configuration:

<Connector port="8099" protocol="AJP/1.3" redirectPort="8443" maxThreads="10"
 enableLookups="false" backlog="50" tomcatAuthentication="true" address="127.0.0.1"/>

The address="127.0.0.1" attribute limits requests to Tomcat's from the local server.

Securing services

It is important to prevent external access to Form Runner services, including the eXist database (if used) and services used internally by Form Runner.

Here is an example of Apache configuration using mod_rewrite:

# Don't allow eXist REST API from outside
RewriteRule ^/exist/rest/.* - [F]

# Don't allow Form Runner REST API from outside
RewriteRule ^/orbeon/fr/service/.* - [F]

In addition:
  • the eXist database, if used, must be secured properly. See Configuring a Form Runner eXist database
  • you can use an IP filter to make sure that requests to services are coming only from authorized computers

Form Runner access and authentication

Features

As of November 2010, Form Runner does not have a built-in user management system, but it can integrate with such systems using standard Java servlet authentication and/or a front-end such as Apache.

Form Runner exposes URLs that are friendly to path matching, so simple authentication scenarios are easy to cover with path-based (URL-based) authorization.

NOTE: We hope to provide built-in user management as an option in the future.

Scenario: protecting forms from anonymous access

Example Apache configuration ensuring that Form Runner paths require a logged user:

<LocationMatch /orbeon/fr/.*)>
  AuthType Basic
  AuthName "Orbeon Forms"
  AuthUserFile .htpasswd
  AuthGroupFile .htgroups

  Require valid-user

</LocationMatch>

A similar configuration can be done on the servlet side, e.g. with Tomcat.

[TODO]

[TODO: also mention new Liferay access control since 2011-05]

Scenario: data capture only

In this scenario, you want users (logged in or anonymous) to be able to:
  • enter form data
  • review the data
  • submit the data
But not:
  • view/edit data already submitted
  • view other users' data
In this case, you want to allow paths of the form:
  • http://server.com/orbeon/fr/[APP_NAME]/[FORM_NAME]/new
But disallow any other path.

Example Apache configuration requiring a valid user except for the "new" paths:

<LocationMatch /orbeon/fr/orbeon/register(?!/new/?)>
  AuthType Basic
  AuthName "Orbeon Forms"
  AuthUserFile .htpasswd
  AuthGroupFile .htgroups

  Require valid-user

</LocationMatch>


Scenario: users have full access to specific forms

[TODO]

Form structure

[TODO]

Data structure

[TODO]

[TODO: also mention new custom XML/binds since 2011-05]

Data saved to the persistence layer

When Form Runner saves XML data to the persistence layer, or sends it through the workflow-send button:
  • saving/sending works only if the data is valid
  • the data for non-visible sections and controls is not pruned from the XML document

Customizing the form's look and feel 

See: Styling.

Configuring the presentation of automatic PDF output

See: Styling.

Internationalization

Form Runner is an internationalized application. This means that it supports multiple languages. This is done at two levels:
  • Form Runner interface: navigation buttons, etc.
  • The actual labels, help, etc. of the form being shown
[TODO]

Subpages (1): Home Page

Sign in  |  Recent Site Activity  |  Revision History  |  Terms  |  Report Abuse  |  Print page  |  Powered by Google Sites