|Image by M. H. Stephens|
But in June we did some refactoring which has made it possible to implement a series of improvements:
- The configured not-found handler is triggered in more relevant cases, including when accessing a non-existing Form Runner form or document. This works with the controller catching special exceptions, which could not be done before.
- There is a new error handler. Previously, you had to catch errors at the web application level.
- There is a new unauthorized handler, which allows you to show a particular page when a user doesn't have access to a given page or service.
- Path matching is improved:
- it is more efficient
- you simply write matcher="regexp" instead of matcher="oxf:perl5-matcher"
- the matcher can be configured at the top level (regexp or glob)
- Some elements and attributes now have more meaningful names (the older names are deprecated):
- the controller element replaces the config element
- the path attribute replaces the path-info attribute
- the mediatype attribute replaces the mime-type attribute
- A new <service> element is introduced, which describes a service instead of a page.
In addition, we have started implementing protection of pages and services. As of M10, pages work like before, while services require a secret token to be present. For now, this means that a service can only be accessed by an Orbeon Forms application and not from the outside world. This means that services are more secure, including services used internally by Form Runner.
For a comprehensive real-life example, see the Form Runner page flow.