Setting the servlet's parameters

By setting the parameters of the xmlwebgui servlet you can control it's behaviour to fit into your application framework.

setting the rootDir parameter

The rootDir parameter should point to the directory where XML Web GUI gets it's templates from and saves it's restlts to.

security issues

Please remember that XML Web GUI adresses templates and results via relative paths and that moving out of the rootDir is for security reasons not allowed.

Example 3.1. Default configuration

<context-param> <param-name>rootDir</param-name> <!-- Enter the base path for templates and results here --> <param-value>C:/java/tomcat401/webapps/xmlwebgui/</param-value> </context-param>

User-Management and security

the session validator.  The session validator is another security feature. This parameter should point to the URL of a servlet or script of your application which accepts a POST-request with your application's common session id included. This servlet should resolve the username or groupname of the user this session belongs to and return it.

For the case that you want to run XML Web GUI standalone or your application does not support multiple users you will not need to change anything because a “Dummy-Session-Validator” is inclued in the XML Web GUI distribution

Example 3.2. the default session validator

<context-param> <param-name>sessionValidatorURL</param-name> <!-- Enter the url for validating the session here --> <param-value>http://localhost:8080/xmlwebgui/username</param-value> </context-param>

defining the name of your session-id parameter.  Edit this parameter that it matches your application's session-id parameter name.

In most cases this is something like session or sid.

Example 3.3. the default session id parameter name

This is the default configuration of the session-id parameter name <context-param> <param-name>sessionIdParameterName</param-name> <!-- Enter the variable name of your webapp's session id here --> <param-value>sessionid</param-value> </context-param>

the users.xml configuration file

In the users.xml configuration file the rights of users or usergroups are stored. After getting the username from the session-validator XML Web GUI will look up this file to find out, if the user is allowed to read and write this file or not.

The rules for specifing user rights are defined in users.dtd which is in the same directory.

The file contains the root element users which contains a sequence of at least one user elements. Each user element needs to have the attribute name specified. This is an ID-attribute which means that every name can only occur once in a document.

The content of user is a sequence of one read and one write element. Each read or write element contains a sequence of allow and disallow elements. Theese elements are empty and have the pattern attribute which contains a regular expression which the allowed or disallowed path has to match.

Example 3.4. unrestricted access

This example gains unlimited access to the filesystem for the user root. <user name="root"> <read> <allow pattern=".*" /> </read> <write> <allow pattern=".*" /> </write> </user>

exit and error URL

The last two parameters exitUrl and errorUrl point to an URL that is accessed after saving and exiting XML Web GUI or if an error occurs.