Hyland Connect

idwright · ‎06-04-2014

This seems like a rather simple question so apologies for asking but I can't find the answer.

I'm wanting to experiment with the CMIS 1.1 browser bindings via client side javascript in Share

For the deprecated CMIS interface the URL is:
Alfresco.constants.PROXY_URI + "cmis/p/…"

Going directly to Alfresco, i.e. not via Share, the URL is:
https://localhost:8080/alfresco/api/-default-/public/cmis/versions/1.1/browser/root/?cmisselector=ch...

Both of these work fine.

The question is how to access CMIS 1.1 via the share proxy?

(I believe the proxy
https://localhost:8444/share/proxy/alfresco/cmis/p/
maps to
https://localhost:8443/alfresco/s/cmis/p/
so the s or service part is different
)

kaynezhang · ‎06-04-2014

Why do you want to use share proxy? you can just send(GET/POST) request to alfresco repository directly using javascript.
The browser binding is designed to use just with HTML and JavaScript

idwright · ‎06-05-2014

It's necessary to use the proxy to avoid cross-site scripting limitations.
The legacy CMIS end points are supported via the proxy but I'd like to avoid using deprecated end points.
(Granted it's possible to work around this, how depends on the overall configuration, but examples using the legacy CMIS end points always seem to use the proxy so I thought it would be best to follow suit if possible)
Using the browser binding is to avoid the overhead of translating from XML to JSON.

I'm thinking about creating a CMIS based dojo data store which would be quite useful as it would easily plug in to lots of existing Dojo widgets (but like I said this is all experimental at this point - it would certainly be easier to do something more specific for the particular use case)

kaynezhang · ‎06-05-2014

You can use JSONP to bypass Same-Origin Policy,please look at http://docs.alfresco.com/4.2/pra/1/concepts/cmis-1.1-browser-binding-get.html

idwright · ‎06-06-2014

Thanks for the link
Like I said ways around it - I just thought I'd start by looking at options compatible with the deprecated CMIS api.

Undoubtably JSONP is the right way to approach this.

I think I'll take it that the answer to the original question is that there isn't a share proxy to the new CMIS endpoints .

kevinr · ‎10-10-2014

Thank you for raising this on JIRA also. We can add a Share proxy endpoint for CMIS 1.1 browser bindings so you should then be able to use the standard authentication mechanisms.

https://issues.alfresco.com/jira/browse/ALF-21129

Cheers,

Kevin

kevinr · ‎10-15-2014

I have tried adding an endpoint for the public API to Share Surf proxy config. I mapped "alfresco-public" to the public API REST URL on the Alfresco end so I could make calls like /cmis/versions/1.1/browser from Share.

However the authentication does not work nor can I find a simple way to map it across.

Looking deeper at PublicApiAuthenticatorFactory class (which is used to authentication the public API), it appears that it does not in fact support the various mechanisms that other endpoints support. It is quite strict, only supporting OAuth or X-Remote-User with a predefined X-Alfresco-Authenticator-Key from a list set in the repository. This is not easily done with the available authentication paths in Share currently.

So I cannot see a simple way to do this currently and it will require further investigation. I will try to make some time for it after the 5.0 release - as I find it very strange that the public API is different to the other endpoints in Alfresco! It does not make it easy to use unless you go the direct OAuth route…

softwareloop · ‎10-29-2014

I'm having the same issue while migrating a plugin from 4.2.f/5.0.a to 5.0.b. The plugin called the deprecated cmis API from javascript in the browser, via Share's proxy. In 5.0.b the deprecated cmis api is no longer available so I have to use the public alfresco/api. I'm experiencing the same problem as in the original post.

To do some experiments, I've also tried to add the endpoint as suggested:

<blockcode>
         <endpoint>
            <id>alfresco-public</id>
            <name>Alfresco public API - user access</name>
            <description>Access to Alfresco API that require user authentication</description>
            <connector-id>alfresco</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/api</endpoint-url>
            <identity>user</identity>
         </endpoint>
</blockcode>

…but at the moment I'm stuck with 401 Unathorized responses.

idwright · ‎11-03-2014

The best I've managed so far is to obtain a ticket and append that to the CMIS URL as the alf_ticket parameter

There are various posts describing how to create a service that returns a ticket for a logged in user essentially:

get-ticket.get.desc.xml


<webscript>
   <shortname>Get current ticket</shortname>
   <description>Returns a valid ticket for the currently logged in user
   </description>
   <url>/auth/get-ticket</url>
   <format default="json" />
   <authentication>user</authentication>
   <transaction>none</transaction>
</webscript>
‍‍‍‍‍‍‍‍‍‍‍

get-ticket.get.js


model.sessionTicket = session.getTicket();
‍‍‍

get-ticket.get.json.ftl


<#escape x as jsonUtils.encodeJSONString(x)>
{
   "ticket": "${sessionTicket}"
}
</#escape>
‍‍‍‍‍‍‍

kevinr · ‎11-12-2014

Yes that is the best workaround for now - it is not ideal obviously and will not map nicely onto whatever SSO you are already using for Share - which is what we'd like to fix.

Cheers,

Kevin

Hyland Connect

CMIS 1.1 browser bindings via share proxy