Hyland Connect

novel · ‎10-26-2010

Is it possible make a page "private" that requires login/pwd to access it?

bremmington · ‎10-26-2010

No. That would require custom development currently, but it is something that we plan to introduce at some point.

mhulduban · ‎12-09-2010

Hi,
I was wondering if there are any news regarding the development of an authentication layer for the wcmqs.
Is there gonna be such a feature in the final release of Enterprise Alfresco 3.4?
Thanks

bremmington · ‎12-09-2010

If by authentication layer you mean the ability to mark sections of the site as "private" within the editorial system then the answer is no. As mentioned earlier, this will come along at some point in the future, but we don't typically add new functionality between community and enterprise releases - the time is spent testing and fixing any bugs that are found. I can't say when this functionality will be scheduled.

However, Surf itself is a view resolver built on top of Spring MVC that has very strong capabilities when it comes to plugging into authentication systems, so the framework is there to allow the functionality to be developed. It would be useful to hear what kind of features you'd like to see developed (in as much detail as possible). We can use that to guide us when we come to design and build it.

mhulduban · ‎12-13-2010

Thank you for your feedback.
Let me elaborate on our specific case. We are going to build two web sites based on an Alfresco 3.4 Enterprise CM repository. We are considering using the Spring/Surf framework, and also using the Web Quick Start as a starting point.
Our sites will run as external applications inside an IFrame Portlet which is deployed on a jbossportal application.
The authentication will be managed by calling a Single Sign On Web Service running inside the jboss application.
Once authenticated, the users will navigate the aformentioned Spring/Surf sites. Based on a user profile associated to their login, they will be granted access to part of the contents and denied access to others. For example, a user could be able to see all the news titles, but should be able to expand and read only the ones that he is enabled to (we will eventually provide paid content).
So apart from the authentication, that will be managed by an external SSO, we will also have to implement some profiling. It seems natural to me to use the profiling mechanism built into the alfresco repository. So what we would like to do is to define our user, roles and credentials regarding access to content folders/categories in Alfresco, and to implement a Surf application that retrieves the content to be presented to the user based on this configuration.
We have already seen that the Javascript API for accessing content in the repository, provided by Alfresco, allows the use of a token identifying a user session, and thus allowing the transparent leverage of the authentication/profiling layer built-into the Alfresco CM.
It would be nice to have the Web Quick Start predisposed for retrieving content based of some user credentials, as real life web applications often require profiling and content filtering (content available only to registered users, paid content etc). In the meantime I think we will start and do it ourselves. Any suggestion is welcome.
Thank you

tlb · ‎12-29-2010

I've had some success in this area.

the bean declaration for org.alfresco.wcm.client.util.impl.CmisSessionPoolImpl has a note that says it wraps 2 types of session pool, but only 1 is provided, guestSessionPool. Inside CmisSessionPoolImpl, there is a function stub that is used to get authenticated cmis sessions, so that must be the second type of session pool.

alfresco provides a working example of cmis with the spring-cmis project. Look in here to see how they have managed authenticated sessions. org.springframework.extensions.cmis.service.InMemoryConnectionManager has methods to create and manage cmis sessions.

Create a bean for InMemoryConnectionManager and let your login controller use it to create a cmis session when you log in. Also give the CmisSessionPoolImpl a reference to this bean so that the CmisSessionInterceptor can select between the guest pool and this pool.

I believe that org.alfresco.wcm.client.interceptor.CmisSessionInterceptor can be overridden to check for a valid HTTP session and then select the "authenticated" CMIS session before passing the request on. I've modified it directly because It normally grabs a guest session on every request.

In wcmqs-api.properties file set wcmqs.api.assetFactoryType=cmis and viola. Now the wqs application has assumed the identity of a user login. Some changes may not show immediately after login because the assets are in a cache.

Some things to note.
1. The method provided to retrieve the authenticated session requires username,password. I feel like this should be some arbitrary identifier related to the http session as the password isn't known on every request.
2. InMemoryConnectionManager uses CmisRequestConnector i think, which uses the configservice and another xml config file just for cmis server info. This introduces additional dependencies some of which may not be necessary.

I am still working on this and fairly new to spring and web programming stuff so any comments or tips are appreciated. And thanks to Alfresco team for putting together such awesome software and letting me play with it.

paulm · ‎11-14-2011

Hi, your pointers above are helpful. Did you got any further with this, and what were your thoughts? I'm about to start work on this and authentication is a must for my project.

Hyland Connect

private access