cancel
Showing results for 
Search instead for 
Did you mean: 

RSS & Changing the authentication mechanism for Template

sacco
Champ in-the-making
Champ in-the-making
Is it possible to change or force the authentication mechanism (mechanism in the
sense used by acegi) used by Alfresco for, say, some or all scripts and/or
templates?  That is, I know it can be done in acegi, but I don't know how
Alfresco makes this setting and, more importantly, what might be the other
consequences of changing it.

Background:  I've been experimenting with Templates/Scripts to produce
RSS feeds for spaces. The examples given on the Wiki are all strictly for 
Guest  access, but we need to run as an authenticated user (and in any case
don't necessarily want to give Guest access to all the spaces where a feed
could be useful): 

Although the RSS spec says nothing about authentication, many clients
can already do this, particularly those which are browser add-ons.  The
good news is that with a bit of fiddling it already seems possible to
use Alfresco + Templates/Scripts with some of these, but only in the case
where
    login credentials must be presented up front (e.g. a Web-service call)
    or
    a session can be established through a login page.
For example, one might be looking at the feed in a browser that has
already received a session ticket in a cookie, or else the browser might
display the login page, effectively as an 'error' message.

Other clients, however, lack the ability to accept and present  the
credentials 'up front', but will prompt the user for a username and
password if asked to perform DIGEST or BASIC authentication by the
server.

The only thing, therefore,  that is lacking for a reasonably effective
implementation of private feeds, is the ability to make the server
challenge the client for DIGEST or BASIC authentication for certain
non-interactive URLs.


There should be an easy way to configure this: can anybody tell me where ?

Alternatively, it would be useful to have a converse setting to the 
?guest=true  parameter:  where
    ?guest=true  means
    'run the script as guest'

    no setting  means 
    'run as the current user if already logged in;
    otherwise try to get credentials through the login page, and run as guest only if this fails;


    ?guest=false  means 
    'challenge the client to authenticate with DIGEST (or BASIC)'
Or perhaps that's too much over-loading, and another parameter is
required (or more values for the setting).

Another way to achieve this behind an Apache front-end would be to hook
an external authentication mechanism onto the end of the chain, and then
to offer DIGEST/BASIC only for specific URLs, but this would be far more
complicated and depends on several other issues.
2 REPLIES 2

mikeh
Star Contributor
Star Contributor
Web scripts can already authenticate using HTTP Basic authentication - you just need to access them using that servlet, configured at the URL "/service".

e.g.
http://localhost:8080/alfresco/service/ui/doclist.atom

Does that solve your issue?

Mike

schneika
Champ in-the-making
Champ in-the-making
Please can you give me an example. We use LDAP-Sync an NTLM-Auth and have no guest-user anymore.
But we want some RSS-Feeds for all user/usergroups.
How can i implement this feature in my RSS-Freemarker-Template

<?xml version="1.0" encoding="ISO-8859-1"?>
<rss version="2.0">
   <channel>
      <title>QMS-Handbuch RSS-Feed</title>
      <copyright>Copyright © KGS 2007</copyright>
      <#assign hostname="http://hostname:8080/alfresco">
      <#assign spaceref="${hostname}/navigate/browse/${space.nodeRef.storeRef.protocol}/${space.nodeRef.storeRef.identifier}/${space.nodeRef.id}">
      <#assign datetimeformat="EEE, dd MMM yyyy HH:mm:ss zzz">
      <link>${spaceref}</link>
      <description>Aktualisierte Inhalte im '${space.name}'</description>
      <language>de-de</language>
      <lastBuildDate>${date?string(datetimeformat)}</lastBuildDate>
      <pubDate>${date?string(datetimeformat)}</pubDate>
      <ttl>120</ttl>
      <generator>Alfresco 2.1.1</generator>
      <image>
         <title>${space.name}</title>
         <width>64</width>
         <height>64</height>
         <link>${spaceref}</link>
         <url>${hostname}${space.icon32}</url>
      </image>
      <#assign weekms=1000*60*60*24*7>
      <#list space.childrenByXPath[".//*[subtypeOf('cm:content')]"] as child>
      <#if (dateCompare(child.properties["cm:modified"], date, weekms) == 1) || (dateCompare(child.properties["cm:created"], date, weekms) == 1)>
      <item>
         <title>${child.properties.name}</title>
         <link>${hostname}${child.url}</link>
         <description>
          
              ${"<a href='${hostname}${child.url}'>"?xml}${child.properties.name}${"</a>"?xml}
            
                    <#if child.properties["cm:description"]?exists && child.properties["cm:description"] != ""> ${child.properties["cm:description"]}
               </#if>

<#if child.properties["cm:author"]?exists && child.properties["cm:author"] != ""> —– Autor: ${child.properties["cm:author"]}
               </#if>

<#if hasAspect(child, "cm:versionable") == 1>
               <versionLabel>Version ${child.versionHistory?sort_by("versionLabel")?reverse[0].versionLabel}</versionLabel>
               </#if>
                                         
                <modifier>geändert von ${child.properties["cm:modifier"]}</modifier>
               <pubDate>am ${child.properties["cm:modified"]?string(datetimeformat)}</pubDate>

            </description>
            <pubDate>${child.properties["cm:modified"]?string(datetimeformat)}</pubDate>
            <guid isPermaLink="false">${hostname}${child.url}</guid>
      </item>
      </#if>
      </#list>
   </channel>
</rss>

in Browser i get HTTP Status 403 "Access to the specified resource has been frobidden". No alfresco.log!