Hyland Connect

cperez · ‎09-17-2014

Hi all

I try to get the alf_ticket using ajax within a ftl page using the username and the password in properties file, but my page show the login and password if in my browser I select "inspect element" or if I use firebug.

My nodeAct.get.html.ftl file is :


<html>
   <head>
      <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
      <script type="text/javascript">
         jQuery.support.cors = true;
         var urlTicket = "${url.serviceContext}/api/login?u=" +${un}" "&pw=" +${up};
         var ticket = "";
         var request = $.get(urlTicket, function(data,status){
            ticket = data.toString().substring(48,95);
            //window.location.href = "${url.serviceContext}/doAct?nId=${nId}${arguments}&alf_ticket="+ticket;
            },'html'
         );
         request.error(function(jqXHR, textStatus) {
            if (textStatus == 'error'){
               status.code = 403;
               status.message = "User not found.";
               status.redirect = true;
            }
         });
      </script>
      <title>Show file</title>
   </head>
   <body>
…
   </body>
</html>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

and my nodeAct.get.properties file is:


un=admin
up=aold_pss
‍‍‍‍

What can I do to hide the user and the password to users??

Thanks a lot in advance

kaynezhang · ‎09-20-2014

If you are runing

nodeAct.get.html.ftl‍

in share ,you don't need to login again to get the ticket,you can access the repository through the proxy servlet.

If you are runing

nodeAct.get.html.ftl‍

in your own application ,you can submit your reqeust to a proxy servlet in your application,in your proxy servlet read

nodeAct.get.properties‍

file ,call repository login api and then return ticket to browser.

Hyland Connect

How to hide properties values to end-users?