Hyland Connect

marcus · ‎12-11-2007

Some quick background to the system architecture first;

1. Alfresco 2.1 system "AlfrescoProd" running on server A, configured to authenticate via NTLM against Active Directory on domain THEDOMAIN
2. Custom java application "AceApp" running on server B, which also authenticates via NTLM against Active Directory on domain THEDOMAIN

I have a requirement to make some web services based calls from AceApp to AlfrescoProd to pull some alfresco based content into AceApp. Is there a way to use the NTLM credentials that have already been gathered by AceApp's authentication mechanism along with the web service calls to AlfrescoProd to make sure that the web service call is executed on the AlfrescoProd side as the same user that is using AceApp?

marcus · ‎12-11-2007

To follow up, there's a method that I know works, but takes advantage of some cross site request forgery stuff that could be exploited if used nefariously, which is why I'm hoping there's a less exploitable way of doing things

Create the following in Data Dictionary/Scripts/key.js


var output = 'var _ALF_TICKET = "'+session.ticket+'";';
output;
‍‍‍‍

Add the following to your own application


<script type="text/javascript" src="http://alfresco.domain:8080/alfresco/command/script/execute?scriptPath=/Company%20Home/Data%20Dictio..."></script>

<script type="text/javascript">
   // if _ALF_TICKET now exists, lets refresh with it as a parameter
   if (_ALF_TICKET != null) {
      // use some ajax to blast _ALF_TICKET back into your application and bounce off to the next page
   }
</script>
‍‍‍‍‍‍‍‍‍‍

Hyland Connect

Authenticating webservices in an NTLM environment