问题
I set up j_security_check with form authentication on my orbeon app and it works fine. Orbeon is under URL https://localhost:8444/orbeon/.
The problem is that I have embedded orbeon API in my jsp page which is under URL https://localhost:8444/BackOffice/form.jsp. On this page I display some orbeon form and when I try to go to this jsp page login page pop up instead.
I changed the cookie path to / (instead of /orbeon) in web.xml:
<session-config>
<session-timeout>60</session-timeout>
<cookie-config>
<path>/</path>
</cookie-config>
</session-config>
but it didn't help. I'm still facing the same problem.
When I look at the HTTP requests I can see that when I'm trying to reach the JSP page, an HTTP request with 2 JSESSIONIDs is issued (one for orbeon, one for backoffice), so everything should works fine but it doesn't.
Does anyone know what I am doing wrong?
回答1:
By embedding, I assume that you're referring to the Form Runner Java Embedding API. If that is the case, end-users should never be hitting /orbeon directly, assuming is this where Orbeon Forms is deployed. Instead they should go through your app, which includes the form produced by Orbeon Forms.
来源:https://stackoverflow.com/questions/35012728/orbeon-security-doesnt-work-correctly-for-orbeon-embedded-api