topic Re: HttpClient and CSRF token in Alfresco Ent v4.2.1 in Alfresco Archive https://connect.hyland.com/t5/alfresco-archive/httpclient-and-csrf-token-in-alfresco-ent-v4-2-1/m-p/291618#M244748 <HTML><HEAD></HEAD><BODY><SPAN>You can call api </SPAN><PRE class="language-none line-numbers"><CODE> <A href="http://localhost:8080/alfresco/service/api/login" rel="nofollow noopener noreferrer">http://localhost:8080/alfresco/service/api/login</A> <SPAN class="line-numbers-rows"><SPAN>‍</SPAN></SPAN></CODE></PRE><SPAN> to login and get login ticket.</SPAN><BR /><SPAN>Then passing ticket as a http request parameter in folloing calls ,like follow</SPAN><BR /><PRE class="language-none line-numbers"><CODE><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;HttpClient client = new HttpClient();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;String apiurl = "<A href="http://localhost:8080/alfresco/service/api/login" rel="nofollow noopener noreferrer">http://localhost:8080/alfresco/service/api/login</A>";<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;PostMethod post = new PostMethod(apiurl);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;JSONObject login = new JSONObject();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;login.put("username", "admin");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;login.put("password", "admin");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;post.setDoAuthentication(true);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;post.setRequestHeader("Content-Type", "application/json");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;post.setRequestEntity(new StringRequestEntity(login.toString(),"application/json", "UTF-8"));<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;int status = client.executeMethod(post);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;String responseData = post.getResponseBodyAsString();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;JSONObject response = new JSONObject(responseData);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;String ticket = response.getJSONObject("data").getString("ticket"); // get login ticket<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;String apiurl = other webscript url "+"?alf_ticket="+ticket; //pass ticket as parameter in following calls<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;PostMethod post = new PostMethod(apiurl);<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE></BODY></HTML> Sat, 26 Apr 2014 01:00:22 GMT kaynezhang 2014-04-26T01:00:22Z HttpClient and CSRF token in Alfresco Ent v4.2.1 https://connect.hyland.com/t5/alfresco-archive/httpclient-and-csrf-token-in-alfresco-ent-v4-2-1/m-p/291617#M244747 Hi all,in Alfresco Enterprise v4.1.2 we had script that usedorg.apache.commons.httpclient.HttpClient‍‍‍to call out-of-the-box alfresco's services. When this script is called, first we will authenticate user calling (POST /share/page/dologin) and after that other core services that we need. But from Fri, 25 Apr 2014 16:56:58 GMT https://connect.hyland.com/t5/alfresco-archive/httpclient-and-csrf-token-in-alfresco-ent-v4-2-1/m-p/291617#M244747 nenad982 2014-04-25T16:56:58Z Re: HttpClient and CSRF token in Alfresco Ent v4.2.1 https://connect.hyland.com/t5/alfresco-archive/httpclient-and-csrf-token-in-alfresco-ent-v4-2-1/m-p/291618#M244748 <HTML><HEAD></HEAD><BODY><SPAN>You can call api </SPAN><PRE class="language-none line-numbers"><CODE> <A href="http://localhost:8080/alfresco/service/api/login" rel="nofollow noopener noreferrer">http://localhost:8080/alfresco/service/api/login</A> <SPAN class="line-numbers-rows"><SPAN>‍</SPAN></SPAN></CODE></PRE><SPAN> to login and get login ticket.</SPAN><BR /><SPAN>Then passing ticket as a http request parameter in folloing calls ,like follow</SPAN><BR /><PRE class="language-none line-numbers"><CODE><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;HttpClient client = new HttpClient();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;String apiurl = "<A href="http://localhost:8080/alfresco/service/api/login" rel="nofollow noopener noreferrer">http://localhost:8080/alfresco/service/api/login</A>";<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;PostMethod post = new PostMethod(apiurl);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;JSONObject login = new JSONObject();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;login.put("username", "admin");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;login.put("password", "admin");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;post.setDoAuthentication(true);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;post.setRequestHeader("Content-Type", "application/json");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;post.setRequestEntity(new StringRequestEntity(login.toString(),"application/json", "UTF-8"));<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;int status = client.executeMethod(post);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;String responseData = post.getResponseBodyAsString();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;JSONObject response = new JSONObject(responseData);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;String ticket = response.getJSONObject("data").getString("ticket"); // get login ticket<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;String apiurl = other webscript url "+"?alf_ticket="+ticket; //pass ticket as parameter in following calls<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;PostMethod post = new PostMethod(apiurl);<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE></BODY></HTML> Sat, 26 Apr 2014 01:00:22 GMT https://connect.hyland.com/t5/alfresco-archive/httpclient-and-csrf-token-in-alfresco-ent-v4-2-1/m-p/291618#M244748 kaynezhang 2014-04-26T01:00:22Z Re: HttpClient and CSRF token in Alfresco Ent v4.2.1 https://connect.hyland.com/t5/alfresco-archive/httpclient-and-csrf-token-in-alfresco-ent-v4-2-1/m-p/291619#M244749 <HTML><HEAD></HEAD><BODY><SPAN>Hi kaynezhang,</SPAN><BR /><BR /><SPAN>thanks a lot for your response. Your answers are very helpful. </SPAN><BR /><SPAN>I am not sure that Alfresco-CSRF-Token and ticket are the same thing. I saw that in v4.2.1 of Alfresco new Alfresco-CSRF-Token request header is included for all subsequent requests after user login. </SPAN><BR /><BR /><SPAN>So can I use the ticket value as value for Alfresco-CSRF-Token request header?</SPAN><BR /><BR /><SPAN>Thanks</SPAN></BODY></HTML> Sat, 26 Apr 2014 12:08:39 GMT https://connect.hyland.com/t5/alfresco-archive/httpclient-and-csrf-token-in-alfresco-ent-v4-2-1/m-p/291619#M244749 nenad982 2014-04-26T12:08:39Z Re: HttpClient and CSRF token in Alfresco Ent v4.2.1 https://connect.hyland.com/t5/alfresco-archive/httpclient-and-csrf-token-in-alfresco-ent-v4-2-1/m-p/291620#M244750 <HTML><HEAD></HEAD><BODY><SPAN>Did anyone have experience with HttpClient and CSRF token?</SPAN><BR /><BR /><SPAN>Thanks in advance</SPAN></BODY></HTML> Wed, 07 May 2014 07:50:16 GMT https://connect.hyland.com/t5/alfresco-archive/httpclient-and-csrf-token-in-alfresco-ent-v4-2-1/m-p/291620#M244750 nenad982 2014-05-07T07:50:16Z