Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HttpClient and CSRF token in Alfresco Ent v4.2.1

nenad982
Champ on-the-rise
Champ on-the-rise

‎04-25-2014 12:56 PM

Hi all,

in Alfresco Enterprise v4.1.2 we had script that used


org.apache.commons.httpclient.HttpClient


to call out-of-the-box alfresco's services. When this script is called, first we will authenticate user calling (POST /share/page/dologin) and after that other core services that we need. But from Alfresco Enterprise v4.1.4 CSRF Filter is introduced.

So is there some way to fetch Alfresco-CSRF-Token after user is logged in using HttpClient in Java API, and use that token in all subsequent service calls?

Thanks…

Labels:
0 Kudos
3 REPLIES 3

kaynezhang
World-Class Innovator
World-Class Innovator

‎04-25-2014 09:00 PM

You can call api 
 http://localhost:8080/alfresco/service/api/login
to login and get login ticket.
Then passing ticket as a http request parameter in folloing calls ,like follow

      HttpClient client = new HttpClient();
      String apiurl = "http://localhost:8080/alfresco/service/api/login";
      PostMethod post = new PostMethod(apiurl);
      JSONObject login = new JSONObject();
      login.put("username", "admin");
      login.put("password", "admin");
      post.setDoAuthentication(true);
      post.setRequestHeader("Content-Type", "application/json");
      post.setRequestEntity(new StringRequestEntity(login.toString(),"application/json", "UTF-8"));
      int status = client.executeMethod(post);
      String responseData = post.getResponseBodyAsString();
      JSONObject response = new JSONObject(responseData);
      String ticket = response.getJSONObject("data").getString("ticket"); // get login ticket

      String apiurl = other webscript url "+"?alf_ticket="+ticket; //pass ticket as parameter in following calls
      PostMethod post = new PostMethod(apiurl);
0 Kudos

nenad982
Champ on-the-rise
Champ on-the-rise
In response to kaynezhang

‎04-26-2014 08:08 AM

Hi kaynezhang,

thanks a lot for your response. Your answers are very helpful.
I am not sure that Alfresco-CSRF-Token and ticket are the same thing. I saw that in v4.2.1 of Alfresco new Alfresco-CSRF-Token request header is included for all subsequent requests after user login.

So can I use the ticket value as value for Alfresco-CSRF-Token request header?

Thanks
0 Kudos

nenad982
Champ on-the-rise
Champ on-the-rise
In response to nenad982

‎05-07-2014 03:50 AM

Did anyone have experience with HttpClient and CSRF token?

Thanks in advance
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC