Monday, April 24, 2017

Improved constraints on attachments uploads

Until Orbeon Forms 2016.3, there was only one way of controlling attachment constraints: via a single, global property. So you could say that that the maximum file attachment upload size was 100 MB, and that would apply to all attachments in all forms.

The upcoming Orbeon Forms 2017.1 provides a lot more flexibility, allowing you to set:
  • The maximum file size for a given attachment field
  • The maximum aggregate size for all the attachment fields on a given form
  • The supported file types for either a given attachment field or all the attachment fields in a form
For each one of those, you can:
  • Define a default, through properties. You can set that default to apply to all the forms in a Form Runner application, or to a specific form.
  • Override the default through the Form Builder UI.
Per-control settings allow you to specify for example that a given attachment must be a text file, and that another attachment on the same form has a maximum attachment size of 2 MB (less than the default). Such settings are specified in the "Control Settings" dialog:

Per-application and per-form settings can be specified as usual via properties or, in the case of per-form settings, directly in Form Builder's "Form Settings" dialog:

Finally, the maximum aggregate attachment size allows you to specify, for example, that for a given form being filled by a user at most 50 MB of attachments can be provided, no matter how many attachment controls are in the form. This upper limit on the attachments provided helps prevent an undesired explosion of uploaded data, especially if you use repeated grids or sections that contain attachments.

We hope you will like these new features, which will be available in the upcoming Orbeon Forms 2017.1!

Tuesday, February 14, 2017

Introducing organization-based permissions

With Form Builder, form authors can define permissions for the form they are creating. Permissions can depend on:
  • The user's role, for instance: "any user with the role admin can delete data".
  • The user being the one who initially created the data, also known as owner, for instance: "owners can view and update their own data".
  • The user being in the same group as the owner, e.g. users in the same group as the owner can read the data.
In addition to roles and groups, most companies have a hierarchical organizational structure, say:

Within such a structure:
  • An individual user can be a member of zero, one, or more organizations. For instance Mary could be a member of the "iOS" and "Support" organizations.
  • An individual user can have zero, one, or more organization roles. For instance, if Mary is also the manager of the "iOS" organization, in the system, she will have the role "manager" tied to organization "iOS". Informally, we could write this role as manager(organization = "iOS").
How does Orbeon Forms know about your organizations, what organizations each individual user is a member of, and what are their organization roles? In one of two ways, depending on where your users and organizations are defined:
With Orbeon Forms knowing about your hierarchy of organizations, users in those organizations, and roles like "manager" assigned to those users as necessary, form authors can define organization-based permissions. For instance, a form author can say that for their "expense report" form, managers can access data created by the people they manage. And this applies to people they manage directly, as well as people in sub-organizations. With that permission defined:
  1. Assuming Tom in the iOS organization creates an expense report,
  2. his manager, Mary will be able to access it,
  3. and so will John, the VP of engineering, defined in the system as manager of the "Engineering" organization,
  4. and so will Carla, the CEO, defined in the system as manager of Acme, which sits at the root of the organizational structure.

As illustrated by the case of the expense report, this feature allows forms to be used in a number of new scenarios. Organization-based permissions are also an important building block to the more comprehensive support for workflows that we are currently working on.

Support for organization-based permissions is available in Orbeon Forms 2016.3, and works on all supported databases, namely eXist, MySQL, PostgreSQL, Oracle, SQL Server, and DB2. Support on Oracle, SQL Server, and DB2 is available only on Orbeon Forms PE. And for more information, see the documentation on organization-based permissions.

Monday, February 6, 2017

Form Builder embedding

Orbeon Forms has had a Java embedding API since version 4.7. This allows you to embed a form within a Java web application, including from a JSP page.

Starting Orbeon Forms 2016.3,  in addition to published forms, you can also embed Form Builder in the same way: just use orbeon and builder as Form Runner application and form names.

The following features are supported:

  • Creating a new form definition.
  • Editing an existing form definition.
  • Testing the form definition.
  • Saving and publishing the form definition.

The embedding application can set the size the embedded Form Builder <div> element via CSS or JavaScript, and Form Builder will adjust its size accordingly. It is better to pick a fairly large minimal width and height as Form Builder just takes some space!

Note that the Form Builder "New" and "Summary" buttons are hidden when Form Builder is embedded, as navigating between pages is not yet supported when embedding.

For more, see the documentation. We hope you will like this new feature!

Thursday, January 19, 2017


Many forms don’t live in a vacuum: they require communicating with the outside world to help the user enter data. The items of a selection control such as a dropdown list might come from a central database, for instance. Orbeon Forms PE provides a way to do this via HTTP services, database services and actions.

This is all good but Orbeon Forms services and actions so far only allowed you to use the response from a service to set control values and itemsets. This meant that once the action had completed, that was it. You could not, in particular, use the returned values in formulas for form validation or calculations, or refer to a value returned by the service at a later time. One way around that was to store useful values returned from services into hidden controls. While that solution worked well for a few values, it didn’t scale well for larger sets of data.

So we implemented a new feature which we call datasets to help. A dataset is a mutable [1] piece of data stored in the form in XML format. [2] A dataset is identified by a unique name within the form, such as activity-dataset.

You create a dataset using the Actions Editor. There you can chose the “Save to Dataset” response action to save the entire service response to a dataset identified by name.

Actions Editor with the New Save to Dataset Action
Actions Editor with the New Save to Dataset Action

Your form can load one or more datasets via services when the form loads. Then you can use data from these datasets in formulas. The form can also load more datasets or update existing datasets at a later time in response to user actions.

Storing data into a dataset only makes sense if you make use of that data at a later point. Orbeon Forms therefore provides a new function, fr:dataset(), which returns the data of a given dataset by name. You can use that function from any formula appearing in the form. For example:

fr:dataset('activity-dataset')/status = 'pending'

Note that for now, a dataset is transient and “lives” only as long as the user stays on the given form page:

  • It is not saved alongside the form data in the database.
  • It is not passed around when navigating between the “edit” and “view” modes.

Multiple actions calling services can store data into the same dataset, or in separate datasets. The action which last updates a dataset with a given name overwrites the entire content of the dataset.

For more on datasets, see the documentation.

This feature will be available in Orbeon Forms 2017.1. We hope you will like this feature!

  1. That is, it can change over time.  ↩

  2. The internal format is always XML, but it can originate from a call to a JSON service as well.  ↩

Friday, December 30, 2016

Orbeon Forms 2016.3

We just made it: today we released Orbeon Forms 2016.3, the third and last major release of Orbeon Forms for 2016! This release introduces several important features and enhancements.

Major features and enhancement

Support for organizations

This release introduces support for the notion of organizations. An organization can be a company location, a group within a company, or any other group of users. What makes organizations interesting is that they follow a hierarchy: both Acme USA and Acme France could be children organizations of Acme World, Inc., for example.

Organizations in Orbeon Forms are used to define permissions: the organization owner for Acme France might be given the permission to access all the invoice data for that organization. However, other members of the organization would not have that much visibility and might only be able to see invoices which they created. And an organization owner for Acme World, Inc., in turn, would have permission to access all the invoices for the children organizations. This kind of logic is not possible simply with the notion of groups, which Orbeon Forms already supports.

When using Liferay, the Form Runner portlet directly provides to Orbeon Forms with Liferay organizations information. When not using Liferay, it is possible to provide organizations information via an HTTP header. For more details, see the documentation as it pertains to the integration with Liferay.

Wizard enhancements

When using the validated mode, the wizard now adds a strict mode, which always prevents from navigating forward if there is an error in the current or previous section, even if following sections have already been visited. (doc)

Support for embedding Form Builder

The Form Runner Java Embedding API now supports embedding Form Builder. (doc)

Other features and enhancements

Form Builder

  • You can now reorder roles in the permissions dialog.
  • The itemset editor makes it easy to clear all items to start a new itemset.

Form Runner

  • Nested sections produce proper HTML headings: H2, H3, etc. This is useful for accessibility and styling.
  • You can control which controls can receive initial focus when showing a form, a new wizard section or a new repeat iteration with two new properties: and (doc)
  • The following new functions are added:
    • xxf:json-to-xml() and xxf:xml-to-json() (doc)
    • xxf:user-organizations() and xxf:user-ancestor-organizations() (doc)
    • fr:is-wizard-first-page() and fr:is-wizard-last-page() (doc)
    • fr:created-dateTime() and fr:modified-dateTime() (doc, doc)
  • The image annotation control now properly scale large images.

XForms engine

  • The following new function is added:
    • xxf:is-control-relevant() (doc)

Other platform enhancements

The process of building a release of Orbeon Forms has been improved, by migrating largely to sbt as a build tool. In addition, there are now more automated integration tests for database operations.

While these enhancements are not directly visible to users, we hope they will help make Orbeon Forms even more robust and reliable.

Other new features and bug-fixes

Including the major features and enhancements above, we closed over 80 issues since Orbeon Forms 2016.2.


See Localizing Orbeon Forms for the latest localization support. Localization depends on volunteers, so please let us know if you want to help!

Browser support

  • Form Builder (creating forms)
    • Chrome 55 (latest stable version)
    • Firefox 50 (latest stable version) and the current Firefox ESR
    • IE 11 or Edge
    • Safari 8, 9 or 10
  • Form Runner (accessing form)
    • All browsers supported by Form Builder (see above)
    • IE8, IE9 and IE10
    • Safari Mobile on iOS 7, iOS 8, iOS 9 and iOS 10
    • Chrome for Android (stable channel)

Compatibility notes


  • The "noscript" mode is now officially deprecated.

Deprecations and removals

The following components are deprecated and will be removed in a subsequent release:
  • fr:fusion-charts component
  • oxf:chart processor

Download and feedback

You can download the latest version of Orbeon Forms from the downloads page.

Don't forget to grab a trial license for the PE version.

Please send feedback:
We hope you enjoy this release!

Thursday, November 17, 2016

Orbeon Forms 2016.2.2 PE

Today we released Orbeon Forms 2016.2.2 PE. This update to Orbeon Forms 2016.2 PE contains bug-fixes and is recommended for all Orbeon Forms 2016.2 PE and Orbeon Forms 2016.2.1 PE users.

Specifically, this release addresses the following issues:
    • Form Builder
      • Section/Grid Settings for repeated grid: can uncheck readonly checkbox (#2890)
    • Form Runner
      • HTML label in repeated grid resets to non-HTML (#2943)
      • Send with redirect from proxy portlet doesn't redirect in portal (#2967)
      • not primary key on SQL Server (#2973)
      • 404 after deleting a draft (#2963)
      • Autosaved image attachment not working (#2980)
      • Home Page: reindex doesn't work if remote servers are configured (#2983)
      • Excel import doesn't show Import button if database is empty (#2987)
      • ORA-00904 when attaching a file (#2997)
      You can download the latest version of Orbeon Forms from the downloads page.
        Don't forget to grab a trial license for the PE version.

        Please send feedback:
        We hope you enjoy this release!

        Friday, October 14, 2016

        Orbeon Forms 2016.1.1 PE

        Today we released Orbeon Forms 2016.1.1 PE. This is an update to Orbeon Forms 2016.1 PE which contains bug-fixes and important security fixes and is recommended for all Orbeon Forms 2016.1 PE users.

        Please note that this release is separate from the recently-released Orbeon Forms 2016.2.1 PE, which contains all these fixes and more for Orbeon Forms 2016.2 users.

        Specifically, this release addresses the following issues:
          • Form Runner
            • Form Metadata API returns latest updated version instead of latest version (#2780)
            • Refresh button is no longer narrow (#2739)
            • Error producing PDF when input field contains `]]>` (#2847)
            • `digits-after-decimal` must not apply to integer values (#2856)
            • fr:number: incorrect behavior with "." as grouping separator (#2857)
            • fr:number: blur from field doesn't reformat value if no change (#2858)
            • FB: Cannot read property 'setAttribute' of undefined when pasting form (#2860)
            • IE 9 crash when adding a row in a repeated grid (#2842)
            • Home page admin view thinks one form is selected (#2810)
            • Date picker buttons don't work with IE9 (#2893)
            • fr:datetime doesn't show as readonly (#2925)
          • XForms
            • Dialog on JavaScript error not shown anymore (#2774)
            • Separate deployment: content "cut" with .html (#2775)
            • XForms Server must not accept unencrypted payload (#2926)
            • Upgrade Apache Commons Collections (#2929)
            You can download the latest version of Orbeon Forms from the downloads page.
              Don't forget to grab a trial license for the PE version.

              Please send feedback:
              We hope you enjoy this release!