Configuring Security Settings
Oxygen XML Web Author includes a built-in mechanism for restricting outgoing network connections. There is a Security page in the Administration Page that provides options for handling security-related features, including an option for specifying trusted code locations and a firewall option where you can choose to restrict access to hosts that are not specified as being trusted.
Trusted Code
*//github.com/*
webdav-https://my-server:8081/repo/*
*
Firewall
www.oxygenxml.com:443
*.mycompany.intranet
To allow connections to a domain regardless of the port, you can specify just the domain
name. The wildcard character *
can also be used, for example, to match any
subdomain.
When you choose to Allow All Connections and Log each
connection, a log entry will be added for each outgoing connection that
contains the [OUTGOING CONNECTION]
token. This is useful for monitoring and
for determining which domains should be marked as trusted.
-
Plugins can specify whether a connection is allowed or denied, regardless of whether or not they are listed in the Security page. For example, the Perforce plugin allows connections to the Perforce server configured in the Administration Page.
To see which plugins allowed or denied connections, you can activate logging for this kind of events by adding the following line to the log configuration file:log4j.category.com.oxygenxml.webauthor.SecurityManager=info
Lines that correspond to such events contain the token
[PLUGIN FIREWALL DECISION]
. - Connections that have no security risks (such as connections to the License Server) are also allowed regardless of the settings in the Security page.