Scenarios

1. Anonymous data capture with administrator

1. Setup at least one user and role for your container.

   • The easiest way to do this with Tomcat, if you don't have already users setup within your system (via a Tomcat realm for example), is to modify Tomcat's tomcat-users.xml file, for example as follows:

   Copy

   <tomcat-users>
     <user
       username="orbeon-admin"
       password="Secret, change me!" 
       roles="orbeon-admin"/>
   </tomcat-users>

2. Enumerate the role in the following property:

   Copy

   <property
     as="xs:string"
     name="oxf.fr.authentication.container.roles"
     value="orbeon-admin"/>

3. Protect Form Builder and, optionally, the Form Runner Home page

   • In web.xml, uncomment the permissions section.

   • Replace:

   Copy

   <url-pattern>/fr/*</url-pattern>

   with:

   Copy

   <url-pattern>/fr/orbeon/builder/*</url-pattern>
   <!-- Optional, to prevent anonymous users from accessing the Form Runner Home page -->
   <url-pattern>/fr/</url-pattern>

   and replace the role name:

   Copy

   <role-name>orbeon-user</role-name>

4. Set, in form-builder-permissions.xml:

   Copy

   <role name="orbeon-admin" app="*" form="*"/>

5. Remove demo forms and apps from Orbeon Forms.

• See Creating a Production WAR.

1. Within Form Builder

• make sure that all your forms have permissions enabled (PE feature only)

• set the create permission for all users

• set all permissions for the role orbeon-admin

• republish your forms

• see also #1860

1. Configure forms' buttons

• You will want only a "Send" or "Submit" button, as a plain "Save" button doesn't make sense in this case.

With this setup:

• Published forms are not protected by the container. They are protected by Form Runner permissions.

• Form Builder is protected by the container so that anonymous users can't create new forms.

• Form Builder also requires orbeon-admin at the Orbeon Forms level.

• Any user, logged in or anonymous, can create form data from any published form.

• All other operations (read, update, delete) are not available to anonymous users or logged in users without the orbeon-admin role. Users with the orbeon-admin role have

• Users with the orbeon-admin role can perform any operations on the form data after they are logged in.

Limitations:

• Anonymous data entry does not support autosave.

• As an administrator, you first have to login, for example by accessing Form Builder, before accessing published forms' Summary page (issue #1292).

See also

• Setup users for access control - How to setup Orbeon Forms so that users and roles are provided.

• Login & Logout - Optional user menu for providing links to login and logout functions.

• Access control for deployed forms - How to control access to deployed forms.

• Form fields - How to control access to specific form fields based on the user user's roles.

• Access control for editing forms - How to control access to Form Builder.

  • Owner and group member permissions - Access based on ownership and groups.

  • Organization-based permissions – Access based on organizational structure.

  • Token-based permissions - Token-based permissions

• Scenarios