Hyland Connect

eliseosoto · ‎03-11-2009

Here's an overview of what I've done so far in order to use the CMIS Web Service implementation using the SoapUItool.

This assumes that you have the Alfresco Labs 3 Server running with the default admin/admin username.

The first thing I do is add this WSDL to SoapUI: http://localhost:8080/alfresco/wsdl/authentication-service.wsdl
And then I call startSession like this:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.alfresco.org/ws/service/authentication/1.0">
   <soapenv:Header/>
   <soapenv:Body>
      <ns:startSession>
         <ns:username>admin</ns:username>
         <ns:password>admin</ns:password>
      </ns:startSession>
   </soapenv:Body>
</soapenv:Envelope>‍‍‍‍‍‍‍‍‍

This returns a different ticket every time, here's an example:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <soapenv:Body>
      <startSessionResponse xmlns="http://www.alfresco.org/ws/service/authentication/1.0">
         <startSessionReturn>
            <username>admin</username>
            <ticket>TICKET_610f5e78c8e4932181abb7ef7f8a405719ec07b6</ticket>
            <sessionid>FF7AD69527D3E12D7A16852F608A3D34</sessionid>
         </startSessionReturn>
      </startSessionResponse>
   </soapenv:Body>
</soapenv:Envelope>‍‍‍‍‍‍‍‍‍‍‍

Then I add the RepositoryService WSDL (http://localhost:8080/alfresco/cmis/RepositoryService?wsdl) and configure WS-Security by double-clicking the Project Name in the Navigator like this:
[img]http://www.postimage.org/Pq1purHA.jpg[/img]

Username: admin
Password: The ticket (i.e. TICKET_610f5e78c8e4932181abb7ef7f8a405719ec07b6)
Must Understand: Checked
Add Nonce: Checked
Add Created: Checked
Password Type: PasswordDigest (as seen in some other topics in this forums, please search)

Then I set this to be used in the Outgoing WSS of the Aut section of the Request:
[img]http://www.postimage.org/aV1nmbzA.jpg[/img]

However when I invoke getRepositories like this (raw request):

<soapenv:Envelope xmlns:ns="http://www.cmis.org/2008/05" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-26993204" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>admin</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">ITpkPgLw8IrNtexohxt4WhVlpUM=</wsse:Password>
            <wsse:Nonce>MW7JmYsaQIrM8DD63cdN3Q==</wsse:Nonce>
            <wsu:Created>2009-03-11T21:31:13.284Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <ns:getRepositories/>
   </soapenv:Body>
</soapenv:Envelope>‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

I get this error:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
   <soap:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsu:Timestamp wsu:Id="Timestamp-31502959" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsu:Created>2009-03-11T21:31:13.299Z</wsu:Created>
            <wsu:Expires>2009-03-11T21:36:13.299Z</wsu:Expires>
         </wsu:Timestamp>
      </wsse:Security>
   </soap:Header>
   <soap:Body>
      <soap:Fault>
         <faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:FailedAuthentication</faultcode>
         <faultstring>The security token could not be authenticated or authorized</faultstring>
      </soap:Fault>
   </soap:Body>
</soap:Envelope>‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

The security token could not be authenticated or authorized, this is the problem I have right now. What am I doing wrong? Why isn't Alfresco accepting my password?

Please help 😎

paulraby · ‎03-19-2009

What works for me is:

1) Don't bother getting a token
2) Set the password to admin instead of a token
3) Ensure you also add a timestamp WSS entry with a sensible Time to Live value

Let me know if that works for you.

Paul

viswa_gogineni · ‎04-02-2009

Hi Paul,

I tried using passwordtext, passworddigest (ticket from authenticationservice /authentication webscript), none works.
Is CMIS working for you? If yes, Could you help us by posting sample SOAP header (similar to the one which works).

I'm trying to access services through SOAPUI2.2 client and not successful, it gives 'The security token could not be authenticated or authorized' error.

Thanks in advance

Vishwa

shamabbas · ‎09-02-2009

I followed steps given above before I was also getting same error but after following steps told above I'm getting other exception.

<faultstring>Server Error</faultstring>

<detail>
            <ns2:stackTrace xmlns:ns2="http://xml.apache.org/axis/">Server Error
   at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:474)
   at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
   at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
   at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
   at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
   at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
   at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
   at java.lang.Thread.run(Unknown Source)</ns2:stackTrace>

Please reply as soon as possible. So i can move further.

Thanks in advance…

brus · ‎10-02-2009

check this out:
http://drquyong.com/myblog/wp-content/uploads/2009/05/soapui_for_alfresco_cmis.pdf

jyothsnareddy · ‎10-03-2013

Link is not available..can i get that pdf please……Since I also goto the same errror

shamabbas · ‎10-05-2009

Thanks a lotz for ur reply…
but i have already developed API i wanted to…
but thanks again for replying…

sham

bhagavath · ‎10-16-2009

Hi,

i am tryin to use cmisws.wsdl web service which is provided by alfresco.. but when i'm trying to execute any of the method it is asking for authentication..though im sending it in header..Example for getRepositoryInfo..

Requset Soap:

<?xml version="1.0" encoding="UTF-8" ?>
<soapenv:Envelope
 xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
 xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
 xmlns:xsd="http://www.w3.org/2001/XMLSchema"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<ns3:Header xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns3="http://schemas.xmlsoap.org/soap/envelope/"> <ns2:Security mustUnderstand="1"> <ns1:Timestamp> <ns1:Created>2009-10-16T16:04:22.609Z</ns1:Created> <ns1:Expires>2010-10-12T16:04:22.609Z</ns1:Expires> </ns1:Timestamp> <ns2:UsernameToken> <ns2:Username>bhagavathm@virtusa.com</ns2:Username> <ns2:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">TICKET_e9bdc30a131946034d0a326ab36de5292c148622</ns2:Password> </ns2:UsernameToken> </ns2:Security> </ns3:Header> 

<soapenv:Body>
<ns1:getRepositoryInfo xmlns:ns1="http://docs.oasis-open.org/ns/cmis/messaging/200901">

</ns1:getRepositoryInfo>
</soapenv:Body>
</soapenv:Envelope>‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Response Soap:

<?xml version='1.0' encoding='utf-8'?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-18591560"><wsu:Created>2009-10-16T12:45:20.946Z</wsu:Created><wsu:Expires>2009-10-16T12:50:20.946Z</wsu:Expires></wsu:Timestamp></wsse:Security></soap:Header><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>Invalid user name or password specified</faultstring></soap:Fault></soap:Body></soap:Envelope>‍‍

do i need any other authentication for cmis web services.. because using the same soap security header im able to access content service methods..

can any one help me out…thanks in advance..

Bhagavath.

sameer1sharma · ‎02-10-2011

Hi,
    I'm trying to do load balancing between two alfresco server. But I'm getting below error.
    When both alfresco server and Apache HTTP server is up; and uploads content with alfresco web service client then in alfresco log file below error comes and the content is not uploaded in any alfresco server.
I'm using web services to upload content in alfresco.
With one alfresco with Apache HTTP server is working fine means content uploads in alfresco. But when both server is up and running then in the case I'm getting the error.

Error:
16:18:58,536 DEBUG [org.apache.axis.EXCEPTIONS] AxisFault:
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
faultSubcode:
faultString: WSDoAllReceiver: security processing failed; nested exception is:
   org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized
faultActor:
faultNode:
faultDetail:
   {http://xml.apache.org/axis/}hostname:BVALF.LB77

WSDoAllReceiver: security processing failed; nested exception is:
   org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized
   at org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:163)
   at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)

Prerequisite:
                  Two Instance of alfresco server (Both are in separate server)
                   Apache HTTP Server
                   Mod JK Tomcat Connector

I've also done clustering and failover, both are working fine as of now, only issue is with load balancing.
Below are details:
worker.properties file

workers.tomcat_home=/apps/Alfresco
workers.java_home=/usr/java/jdk1.5.0_15
ps=/

worker.list=worker1,worker2,loadbalancer,jkstatus

#worker worker1
worker.worker1.host=10.102.150.77
worker.worker1.port=8009
worker.worker1.type=ajp13
worker.worker1.lbfactor=1

#worker worker2
worker.worker2.host=10.102.150.57
worker.worker2.port=8009
worker.worker2.type=ajp13
worker.worker2.lbfactor=1

#worker Load balancing
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=worker1,worker2
worker.loadbalancer.sticky_session=1

#JKSTATUS
worker.jkstatus.type=status

httpd.conf

LoadModule jk_module modules/mod_jk-1.2.31-httpd-2.2.x.so
JkworkersFile conf/workers.properties

<VirtualHost 10.102.150.77:8021>
   ServerName BVALF.LB77
   JkLogFile logs/mod_jk.log
   JkMount /jkstatus/* jkstatus
   #JkMount /* loadbalancer
   JkMount /alfresco loadbalancer
   JkMount /alfresco/* loadbalancer
   #CertificatePath /etc/pki/tls/certs/
   JkLogLevel debug
   #JkStripSession On
</VirtualHost>

Server.xml changes in both alfresco server.

<Connector port="8010" protocol="HTTP/1.1" URIEncoding="UTF-8"
               connectionTimeout="20000"
               redirectPort="8443" />

<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" enableLookups="true" minProcessors="5" maxProcessors="75" minSpareThreads="200" maxThreads="1000" />

<Engine name="Catalina" defaultHost="BVALF.LB77" jvmRoute='worker1'>

<Host name="BVALF.LB77" appBase="webapps"
            unpackWARs="true" autoDeploy="true"
            xmlValidation="false" xmlNamespaceAware="false">

Same has done for second server.

Please resolve my issue. I'm struggling like anything.

Sameer Sharma

gsagarsrinivas · ‎10-18-2011

Thanks Paul. It worked for me.

What works for me is:

1) Don't bother getting a token
2) Set the password to admin instead of a token
3) Ensure you also add a timestamp WSS entry with a sensible Time to Live value

Let me know if that works for you.

Paul

Hyland Connect

Using SoapUI to access the CMIS web services