Hi folks,
i am just working through the workflow examples in the famous Alfresco Developer Guide.
On exercising the "HelloWorldFork" example, i noticed that i can deploy a workflow using path /alfresco/jbpm/deployprocess without any kind of authentication? !
Which in turn leads me to the conclusion that any dumb idiot would be able to deploy workflow definitions to an Alfresco server?
When i'm right, this would be a giant security hole, so is there some means to secure the deployer?
Greetings
Gyro Helpless
i am just working through the workflow examples in the famous Alfresco Developer Guide.
On exercising the "HelloWorldFork" example, i noticed that i can deploy a workflow using path /alfresco/jbpm/deployprocess without any kind of authentication? !
Which in turn leads me to the conclusion that any dumb idiot would be able to deploy workflow definitions to an Alfresco server?When i'm right, this would be a giant security hole, so is there some means to secure the deployer?
Greetings
Gyro Helpless
I guess you dont!
I guess Jeff does the Job on using the Workflow-Console. This section is restricted to Admin-Users.
I agree, the access via workflow console is subject to the usual access control.
No, i was speaking about the deployment that happens from within Eclipse/GPD: this one does NOWHERE ask for a login, and i dont even see an input field for login credentials in the deployment tab?! And i really CAN deploy to my Alfresco test instance without any authorization
Cheers
Gyro
