Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Manage authentication in a custom web app relying on Alfresco Repository

mlagneaux
Champ on-the-rise
Champ on-the-rise

‎08-11-2016 10:06 AM

Hello,

I'm working on a web application relying on Alfresco Repository (Community 5.1) as a back end. It can be seen as an alternative to Alfresco Share.

I have several questions about managing authentication in this web application.

For now, my login page makes a POST request to native webscript /alfresco/s/api/login. This webscript returns a ticket (which I store in sessionStorage for the moment); I use that ticket in each request to Alfresco by adding the following parameter at the end of my URL "&alf_ticket=[my ticket]".

This works but different things bother me:
- I have to get my ticket back in Javascript and concatenate the alf_ticket parameter to each HTTP request to Alfresco
- The ticket appears clearly in every URL I call: it does not seem really good at a security level

Are there any best practices to authenticate and query Alfresco from this kind of web app? Does anyone ever try to do this and how?
I saw that Share authentication uses various cookies including JSESSIONID cookie which is associated with the path /alfresco. Should I use this cookie rather than alf_ticket? If so, how to get it?

Thank you in advance for your help.
Labels:
0 Kudos
2 REPLIES 2

openpj
Elite Collaborator
Elite Collaborator

‎09-22-2016 10:54 AM

I suggest you to enable the external authentication of Alfresco.

In this way you can proxy each HTTP call against any WebScripts directly decorating the HTTP Header with the username of the user that should execute the method without using alf_ticket in query string.

Please take a look at the official documentation:

External authentication and SSO | Alfresco Documentation 

Please let us know if you need more information.

Hope this helps.

0 Kudos

ddraper
World-Class Innovator
World-Class Innovator

‎09-22-2016 12:05 PM

It would be great to learn a bit more about what you're doing... for example, why you're building a new client rather than customizing Share? and what technology stack you're going to be using. 

For example, you may or may not be aware that you can build a Surf client really easily using the Aikau Maven Archetype. You wouldn't be limited to using Aikau (although that would obviously be an option) but it would provide a simple way of getting a basic client up and running with authentication all taken care of (allowing you to access CMIS, Repo WebScripts and the Public API). 

Instructions on creating a custom client using this archetype can be found here

0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC