Form Submission Access Controller Service

   Journey Manager (JM) The transaction engine for the platform. |   System Manager / DevOps |  All versions This feature is related to all versions.

Manager has a variety of built-in security access rules. One of them is to allow a user to access form's submissions only if a user's session matches a session used to render that form. If the sessions don't match, the user is expected to re-enter the save challenge details. However, Composer forms prior to version 4.3 SP3 don't have this functionality within the form flow.

Manager comes with the form submission access controller service, which you can use to change and override the existing users access rules to form's submissions.

Note

If a session is re-established, access to the submissions will only be valid within the Anonymous Submission Access Timeout time configured for this form space.

To configure the form submission access controller service:

  1. Select Services > Core Global Services.
  2. Locate the service and click Edit.
  3. Click the Service Definition tab to edit the standard service configuration.
  4. Click the Parameters Edit tab to view or update the service configuration.
  5. Specify the system wide Content Security PolicyContent Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website—covered types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features. For more information, see https://www.w3.org/TR/CSP/ (CSP) security HTTP header value in the Form CSP Header Value field.
  6. Note

    Check the Security Header setting, which is a part of a form space configuration.

  7. Select the Support Browser IE10 checkbox to support the legacy Internet Explorer 10 (IE10) browser.
  8. Select the Support Browser IE8 checkbox to support the legacy Internet Explorer 8 (IE8) browser.
  9. Note

    IE8 doesn't support TLS 1.1-1.2 or Content Security Protection (CSP).

  10. Select the Support Browser IE9 checkbox to support the legacy Internet Explorer 9 (IE9) browser.
  11. Note

    IE9 doesn't support TLS 1.1-1.2 or Content Security Protection (CSP).

  12. Select a save challenge session recovery mode from the User Agent Save Challenge Session Recovery dropdown list to override the existing behavior. You can use one of the following options:
  13. Click Save to update the changes.

Next, learn how to view core global services.