Hyland Connect

sacco · ‎02-05-2008

Is it possible to change or force the authentication mechanism (mechanism in the
sense used by acegi) used by Alfresco for, say, some or all scripts and/or
templates? That is, I know it can be done in acegi, but I don't know how
Alfresco makes this setting and, more importantly, what might be the other
consequences of changing it.

Background: I've been experimenting with Templates/Scripts to produce
RSS feeds for spaces. The examples given on the Wiki are all strictly for
Guest access, but we need to run as an authenticated user (and in any case
don't necessarily want to give Guest access to all the spaces where a feed
could be useful):

Although the RSS spec says nothing about authentication, many clients
can already do this, particularly those which are browser add-ons. The
good news is that with a bit of fiddling it already seems possible to
use Alfresco + Templates/Scripts with some of these, but only in the case
where

For example, one might be looking at the feed in a browser that has
already received a session ticket in a cookie, or else the browser might
display the login page, effectively as an 'error' message.

Other clients, however, lack the ability to accept and present the
credentials 'up front', but will prompt the user for a username and
password if asked to perform DIGEST or BASIC authentication by the
server.

The only thing, therefore, that is lacking for a reasonably effective
implementation of private feeds, is the ability to make the server
challenge the client for DIGEST or BASIC authentication for certain
non-interactive URLs.

There should be an easy way to configure this: can anybody tell me where ?

Alternatively, it would be useful to have a converse setting to the
?guest=true parameter: where

?guest=true

'run the script as guest'

no setting

'run as the current user if already logged in;
otherwise try to get credentials through the login page, and run as guest only if this fails;

?guest=false

'challenge the client to authenticate with DIGEST (or BASIC)'

Or perhaps that's too much over-loading, and another parameter is
required (or more values for the setting).

Another way to achieve this behind an Apache front-end would be to hook
an external authentication mechanism onto the end of the chain, and then
to offer DIGEST/BASIC only for specific URLs, but this would be far more
complicated and depends on several other issues.

mikeh · ‎02-05-2008

Web scripts can already authenticate using HTTP Basic authentication - you just need to access them using that servlet, configured at the URL "/service".

e.g.

http://localhost:8080/alfresco/service/ui/doclist.atom‍

Does that solve your issue?

Mike

schneika · ‎02-22-2008

Please can you give me an example. We use LDAP-Sync an NTLM-Auth and have no guest-user anymore.
But we want some RSS-Feeds for all user/usergroups.
How can i implement this feature in my RSS-Freemarker-Template

<?xml version="1.0" encoding="ISO-8859-1"?>
<rss version="2.0">
   <channel>
      <title>QMS-Handbuch RSS-Feed</title>
      <copyright>Copyright © KGS 2007</copyright>
      <#assign hostname="http://hostname:8080/alfresco">
      <#assign spaceref="${hostname}/navigate/browse/${space.nodeRef.storeRef.protocol}/${space.nodeRef.storeRef.identifier}/${space.nodeRef.id}">
      <#assign datetimeformat="EEE, dd MMM yyyy HH:mm:ss zzz">
      <link>${spaceref}</link>
      <description>Aktualisierte Inhalte im '${space.name}'</description>
      <language>de-de</language>
      <lastBuildDate>${date?string(datetimeformat)}</lastBuildDate>
      <pubDate>${date?string(datetimeformat)}</pubDate>
      <ttl>120</ttl>
      <generator>Alfresco 2.1.1</generator>
      <image>
         <title>${space.name}</title>
         <width>64</width>
         <height>64</height>
         <link>${spaceref}</link>
         <url>${hostname}${space.icon32}</url>
      </image>
      <#assign weekms=1000*60*60*24*7>
      <#list space.childrenByXPath[".//*[subtypeOf('cm:content')]"] as child>
      <#if (dateCompare(child.properties["cm:modified"], date, weekms) == 1) || (dateCompare(child.properties["cm:created"], date, weekms) == 1)>
      <item>
         <title>${child.properties.name}</title>
         <link>${hostname}${child.url}</link>
         <description>
           
              ${"<a href='${hostname}${child.url}'>"?xml}${child.properties.name}${"</a>"?xml}
             
                    <#if child.properties["cm:description"]?exists && child.properties["cm:description"] != ""> ${child.properties["cm:description"]}
               </#if> 

 <#if child.properties["cm:author"]?exists && child.properties["cm:author"] != ""> —– Autor: ${child.properties["cm:author"]}
               </#if> 

 <#if hasAspect(child, "cm:versionable") == 1> 
               <versionLabel>Version ${child.versionHistory?sort_by("versionLabel")?reverse[0].versionLabel}</versionLabel> 
               </#if> 
                                          
                <modifier>geÃƒÂ¤ndert von ${child.properties["cm:modifier"]}</modifier>
               <pubDate>am ${child.properties["cm:modified"]?string(datetimeformat)}</pubDate>

            </description>
            <pubDate>${child.properties["cm:modified"]?string(datetimeformat)}</pubDate>
            <guid isPermaLink="false">${hostname}${child.url}</guid>
      </item>
      </#if>
      </#list>
   </channel>
</rss>‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

in Browser i get HTTP Status 403 "Access to the specified resource has been frobidden". No alfresco.log!

Hyland Connect

RSS & Changing the authentication mechanism for Template