Hyland Connect

stevereiner · ‎10-15-2008

Does anyone know if Adobe LiveCycle Content Services ES web scripts support something like the alf_ticket param available with regular alfresco? On content services the service/api/login web script returns a saml assertion xml file in the ticket element instead of a single ticket value.

Thanks,
Steve

stevereiner · ‎10-20-2008

I tried using the whole saml assertion xml section (everything inside the <ticket></ticket> root element) encoded as alf_ticket param value. Didn't help (still get authentication dialogs with webscripts).

http://www.adobeforums.com/webx/.59b6c104/0

Steve

mikeh · ‎10-20-2008

Hi Steve

Yes, the encoded ticket is 2426 characters long, therefore has to be sent as an HTTP header to avoid the IE6 and IE7 2048 character limit on a GET URL.

The header name is ticket - let me know if you need an HTTP trace and I'll see if I can grab one.

Cheers,
Mike

stevereiner · ‎10-20-2008

Mike,
I tried using http headers named "ticket" with webscripts on livecycle content services es and wasn't able to authenticate via flex/flash.( Also tried "ticket" instead of "alf_ticket" as url arg.) I tried combinations of with and without <ticket> root element and encoded/not encoded. Was able to authenticate with basic auth header on HTTPService webscripts but can't use this with upload / download webscripts.

Note: sample ticket below length 1643


<Assertion AssertionID="bcb9d36e8f7b5927383d6480e860591b" IssueInstant="2008-10-21T01:15:21.778Z" Issuer="LiveCycle" MajorVersion="1" MinorVersion="1" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"><Conditions NotBefore="2008-10-21T01:14:21.778Z" NotOnOrAfter="2008-10-21T03:15:21.778Z"/><AuthenticationStatement AuthenticationInstant="2008-10-21T01:14:21.778Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><NameIdentifier NameQualifier="DefaultDom">administrator</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#'/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1'/><ds:Reference URI="#bcb9d36e8f7b5927383d6480e860591b"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature'/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="code ds kind rw saml samlp typens #default" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#'/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1'/><ds:DigestValue>Zy80NEdSWpbhXsDJ3gHu+8OjZPs=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Eb19gJR41JutgzNK/uddJtq5Jho=</ds:SignatureValue></ds:Signature></Assertion>
‍‍‍

Thanks,
Steve

mikeh · ‎10-21-2008

Steve

I don't actually have access to a live system to test this right now - but I can see the ticket HTTP header working in a dev environment (and obviously we did a lot of testing with Adobe themselves).

Can you install Microsoft Fiddler and check what's actually being sent by the Flex client please?

Cheers,
Mike

demone · ‎12-17-2009

Mike,

I have a similar problem here with LiveCycle ES.
I need to import 170GB of directories and files from filesystem into contentspace and I'm using C# with Alfresco WebServices API.
Given the fact that files can reach 1GB in size and that a soap request is impossible to do I thought to import files using the UploadContentServlet (http://wiki.alfresco.com/wiki/URL_Addressability).
Problem is that it seems to me you can't specify the ticket arg as header param cause everytime I get:

-0 [main] WARN client.DefaultClientRequestDirector - Authentication error: Unable to respond to any of these challenges: {}
-HTTP Status 401 - Unauthorized
-This request requires HTTP authentication (FROM RESPONSE IN FIDDLER2).

To see if it was the LiveCycle Alfresco implementation or not I installed Alfresco 3.2r CE and tried with simple Java.
It is working passing ?ticket=***** but not using header like this: …addHeader("ticket","TICKET_f8da8f2504d7fe04c77f3ac8abcf28f5f14322a7"), it seems the header is ignored.
As per your suggestion I used Fiddler to simulate the call and it had the same behavior.

Is there any other method to import large files into the repository ?
Is there any extra workings I need to do when using headers ?

Thanks



import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URISyntaxException;

import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpException;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.DefaultHttpClient;

import sun.misc.BASE64Encoder;
import eu.medsea.mimeutil.MimeType;
import eu.medsea.mimeutil.MimeUtil;
import eu.medsea.mimeutil.MimeUtil2;
long start = System.currentTimeMillis();
            
            String host = "localhost";
            int port = 8080;
            String username = "admin";
            String password = "password";
            String parentFolder = "Company Home";
            String filePath = "c:\\a.pdf";
            String description = "PDF upload test";
            String author = "administrator";
            String ticket = "TICKET_773a26b26495056255dbf1c983cff2401f5a76b5";
            String url = "http://" + host + ":" + port + "/alfresco/upload/workspace/SpacesStore/big.pdf";
            String contentType = "application/atom+xml;type=entry";
                 
            DefaultHttpClient httpclient = new DefaultHttpClient();
                      
                      //NOT NEEDED BTW
            httpclient.getCredentialsProvider().setCredentials(
                  new AuthScope(host, port),
                  new UsernamePasswordCredentials(username, password));
            
            HttpPut httppost = null;
         try {
            httppost = new HttpPut(url);
         } catch (URISyntaxException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
         }

                      //TICKET HEADER
            httppost.addHeader("ticket", ticket);

            System.out.println("executing request" + httppost.getRequestLine());
            HttpResponse response = null;
         try {

            response = httpclient.execute(httppost);            

         } catch (HttpException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
         } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
         } catch (InterruptedException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
         }
            HttpEntity entity = response.getEntity();

            System.out.println("—————————————-");
            System.out.println(response.getStatusLine());
            if (entity != null) {
               System.out.println("Response content type: " + entity.getContentType());
               long contentLength = entity.getContentLength();
               System.out.println("Response content length: "
                     + entity.getContentLength());
               
               if (contentLength > 0) {
                  byte [] b = new byte[(int) contentLength];
                  try {
                  entity.getContent().read(b);
               } catch (IllegalStateException e) {
                  // TODO Auto-generated catch block
                  e.printStackTrace();
               } catch (IOException e) {
                  // TODO Auto-generated catch block
                  e.printStackTrace();
               }
                  System.out.println("Response content: " + new String(b));
               }
               
               try {
               entity.writeTo(System.out);
            } catch (IOException e) {
               // TODO Auto-generated catch block
               e.printStackTrace();
            }
            }

            // When HttpClient instance is no longer needed,
            // shut down the connection manager to ensure
            // immediate deallocation of all system resources
            httpclient.getConnectionManager().shutdown();
            long end = System.currentTimeMillis();
            System.out.println("Time spend: " + (end-start) + "ms");
         }
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

stevereiner · ‎12-17-2009

1. I still haven't figured out how to pass a ticket header to LC content services
2. Can use a basic authenticaiton header
3. If you run in a browser, and have logged into Contentspace, you will have authentication in a cookie (and can call webscripts via /contentspace/wcservice, maybe for calling the the upload servlet too)
4. Someone from Adobe had mentioned a contentservices.dsc which has DocumentManagementService and it exposes storeContent, retrieveContent, copyContent This is a wrapper around undocumented java webscripts in /contentspace/service/adobe/contentmanager (so it may have limits on file sizes due to having a webscript backend)

demone · ‎12-18-2009

Thank you Steve,
I cant understand your second point, is it possible to call the servlet using basic auth ?
It seems to me Alfresco is ignoring my "ticket" header so I expect the same from LC contentspace.
I'v looked inside the contentspace.dsc the one that creates contentspace components inside LC but it seems to me it uses webscripts or webservices so its not useful for large files and you must consider that you need to feed those components with LC document type that creates a copy of the source file inside LC Tmp.
It seems to me the best thing to do in my context is to use the http methods but that's where I'm failing ;(

demone · ‎12-20-2009

From my tests and looking at the source code those servlets definitely ignore a ticket passed as header, they only use parameters.

From: https://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/HEAD/root/projects/web-client/source/ja...


// see if a ticket or a force Guest parameter has been supplied
String ticket = req.getParameter(ARG_TICKET);
‍‍‍‍

So, the only thing left is to use basic authentication, but I tried -EVERYTHING- and I can't make it work, no way.
Can anyone please help me with some code ?

Thank you in advance

stevereiner · ‎12-21-2009

someone had an java example of basic authentication header not using HttpClient http://forums.alfresco.com/en/viewtopic.php?f=36&t=23522&p=76890&hilit=basic+authentication#p76890

basic authentication using HttpClient
http://svn.apache.org/viewvc/httpcomponents/oac.hc3x/trunk/src/examples/BasicAuthenticationExample.j...

Looks like what you had except they also call get.setDoAuthentication( true );
( Also you used "admin", asssume you added this user, since LC doesn't have an "admin" user by default like regular alfresco, only "administrator")

Hyland Connect

webscripts, tickets, livecycle content services