Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Sample Webscript - asks for basic authentication?

theorbix
Confirmed Champ
Confirmed Champ

‎04-17-2008 07:30 PM

Hi, I'm totally news to WebScripts… so I've started playing with the sample WebScripts provided with Alfresco 2.1.2.

I launched Internet Explorer on my development machine and pointed the browser to the following WebScript:

http://localhost:8080/alfresco/service/sample/folder/Company%20Home

What happens is that IE shows the basic authentication dialog. Once I enter a valid Alfresco username and password, the Web Script shows the content of the space as expected.

Is there a way to "execute" the WebScript and see its results bypassing the authentication dialog?
Labels:
0 Kudos
8 REPLIES 8

pmonks
Star Contributor
Star Contributor

‎04-17-2008 10:50 PM

It depends on the Web Script - as described at http://wiki.alfresco.com/wiki/Web_Scripts#1._Create_a_Description_Document there are a number of authentication policies that a Web Script can use, including "none" (no authentication whatsoever).  Of course in that case the Web Script will not have access to much of the repository (since it's effectively running without any Alfresco authorisation credentials at all), so there's only so far you can get with a non-authenticating Web Script.

That said, all Web Scripts can also be accessed via /alfresco/wcservice, which uses the native Web Client authentication mechanism instead of HTTP Basic Auth - either way a login prompt will still be presented if the Web Scripts requires authentication (<authentication>user</authentication> or <authentication>admin</authentication>).

For data Web Scripts (ie. Web Scripts that are being invoked programmatically from an external application) I encourage people to call the Web Script via /alfresco/service (ie. using HTTP Basic Authentication) and then pre-emptively send the HTTP Basic Authentication credentials with every request.  This bypasses the usual multi-request dance that browsers do when confronted with a 401 status code, resulting in practically no overhead for making authenticated calls (beyond the minor cost of passing the single HTTP Basic Authentication header in each request).

Cheers,
Peter
0 Kudos

theorbix
Confirmed Champ
Confirmed Champ

‎04-18-2008 12:27 PM

Thanks Peter for the quick response.
I was a bit confused, since the description of the stample Web Script was:

<webscript>
  <shortname>Folder Listing Sample</shortname>
  <description>Sample demonstrating the listing of folder contents</description>
  <url>/sample/folder/{path}</url>
  <format default="html">argument</format>
  <authentication>guest</authentication>
  <transaction>required</transaction>
</webscript>

The <authentication>guest</authentication> item made me think that this web script was accessible without authentication.
0 Kudos

pmonks
Star Contributor
Star Contributor

‎04-18-2008 12:34 PM

Guest Web Scripts are accessible without authentication, but you need to add "?guest=true" to the end of the URL (to differentiate "none" access from "guest" access).  This is described at http://wiki.alfresco.com/wiki/Web_Scripts#Security.

Cheers,
Peter
0 Kudos

theorbix
Confirmed Champ
Confirmed Champ

‎04-23-2008 01:37 PM

Pmonks, this is exactly what I was looking for!  Smiley Very Happy

I've tried to use the ?guest=true parameter, but I get a security exception:

he Web Script /alfresco/service/sample/folder/Company Home has responded with a status of 500 - Internal Error.

500 Description:    An error inside the HTTP server which prevented it from fulfilling the request.
 
Message:   Error during processing of the template 'get(parent) failed on instance of org.alfresco.repo.template.TemplateNode'. Please contact your system administrator.
 
Exception:   net.sf.acegisecurity.AccessDeniedException - Access is denied.
 
net.sf.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:86)
net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:394)
net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:49)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
org.alfresco.repo.audit.AuditComponentImpl.audit(AuditComponentImpl.java:241)
org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:69)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
$Proxy3.getPrimaryParent(Unknown Source)
org.alfresco.repo.template.TemplateNode.getParent(TemplateNode.java:314)
sun.reflect.GeneratedMethodAccessor3190.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
freemarker.ext.beans.BeansWrapper.invokeMethod(BeansWrapper.java:616)
freemarker.ext.beans.BeanModel.invokeThroughDescriptor(BeanModel.java:272)
freemarker.ext.beans.BeanModel.get(BeanModel.java:183)
freemarker.core.Dot._getAsTemplateModel(Dot.java:76)
freemarker.core.Expression.getAsTemplateModel(Expression.java:89)
freemarker.core.BuiltIn$existsBI._getAsTemplateModel(BuiltIn.java:636)
freemarker.core.BuiltIn$existsBI.isTrue(BuiltIn.java:647)
freemarker.core.ConditionalBlock.accept(ConditionalBlock.java:77)
freemarker.core.Environment.visit(Environment.java:196)
freemarker.core.MixedContent.accept(MixedContent.java:92)
freemarker.core.Environment.visit(Environment.java:196)
freemarker.core.Environment.process(Environment.java:176)
freemarker.template.Template.process(Template.java:232)
org.alfresco.repo.template.FreeMarkerProcessor.process(FreeMarkerProcessor.java:201)
org.alfresco.web.scripts.AbstractWebScript.renderTemplate(AbstractWebScript.java:392)
org.alfresco.web.scripts.DeclarativeWebScript.renderFormatTemplate(DeclarativeWebScript.java:257)
org.alfresco.web.scripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:163)
org.alfresco.web.scripts.WebScriptRuntime.wrappedExecute(WebScriptRuntime.java:364)
org.alfresco.web.scripts.WebScriptRuntime$1.execute(WebScriptRuntime.java:330)
org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:236)
org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:166)
org.alfresco.web.scripts.WebScriptRuntime.transactionedExecute(WebScriptRuntime.java:341)
org.alfresco.web.scripts.WebScriptRuntime.authenticatedExecute(WebScriptRuntime.java:284)
org.alfresco.web.scripts.WebScriptRuntime.executeScript(WebScriptRuntime.java:150)
org.alfresco.web.scripts.WebScriptServlet.service(WebScriptServlet.java:109)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
java.lang.Thread.run(Thread.java:595)
 
Exception:   org.alfresco.repo.security.permissions.AccessDeniedException - Access Denied. You do not have the appropriate permissions to perform this operation.
 
org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53)
 
Exception:   java.lang.reflect.InvocationTargetException
 
sun.reflect.GeneratedMethodAccessor3190.invoke(Unknown Source)
 
Exception:   freemarker.template.TemplateModelException - get(parent) failed on instance of org.alfresco.repo.template.TemplateNode
 
freemarker.ext.beans.BeanModel.get(BeanModel.java:223)
 
Exception:   org.alfresco.service.cmr.repository.TemplateException - Error during processing of the template 'get(parent) failed on instance of org.alfresco.repo.template.TemplateNode'. Please contact your system administrator.
 
org.alfresco.repo.template.FreeMarkerProcessor.process(FreeMarkerProcessor.java:205)
 
Server:   Alfresco Enterprise Network v2.1.1 (193) schema 77
Time:   Apr 23, 2008 7:33:35 PM
 
Diagnostics:   Inspect Web Script (org/alfresco/sample/folder.get)

So it seems that my "guest" account does not have the proper access rights required to execute the Web Script… but I don't understand exactly what's wrong.

The Company Home folder is visible to the Guest users, as well as the content of the spaces under Data Dictionary… what else could be wrong???
0 Kudos

bderidder
Champ in-the-making
Champ in-the-making

‎05-08-2008 05:36 AM

I am running into the same issue now. Is there a solution to the above?
0 Kudos

vinuraga
Champ in-the-making
Champ in-the-making

‎05-08-2008 08:49 AM

specify <authentication>user</authentication> in your xyz.get.desc.xml,
u hav to look into the above xml file.
0 Kudos

robain
Champ in-the-making
Champ in-the-making

‎12-09-2008 01:23 PM

Peter,
I have a setup where the authentication is done against ldap with chaining. But during basic authentication in webscript (/alfresco/service/) seems like the user accounts are not created if the login is the first one ever. But the account is created is login the doen through the webclient. Is there a way to change this behaviour to have the basic authentication create the account if its the first login.

Thanks
0 Kudos

pmonks
Star Contributor
Star Contributor

‎12-09-2008 01:27 PM

I don't believe so, no, and I'm not sure if that would be possible.  Still, it might be worth raising an enhancement request in JIRA (http://issues.alfresco.com/) to see what the engineers think of it.

That said, if you've configured LDAP authentication I'd suggest you also configure LDAP synchronisation (http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration#LDAP_Synchronizat...) so that all of the user accounts and groups are created ahead of time.  That will avoid this problem altogether.

Cheers,
Peter
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC