cancel
Showing results for 
Search instead for 
Did you mean: 

Problem with CRSF Token durant Upload (Afresco community 7.3.0)

kockg
Champ in-the-making
Champ in-the-making

Hello,

I try to test performance with jmeter on alfresco.  I would like to send numberous files to see what could be the limit ...

On a old alfresco, when i did upload of some file, the Path used were : /share/proxy/alfresco/api/upload

It permitted me to send files by jmeter on alfresco without problem.

On my new alfresco (7.0.3), the path looks like : (taken by script recorder)

/share/proxy/alfresco/api/upload?Alfresco-CSRFToken=Kx2T3mXBQwVPyhKiD0xwb8AA9Vl0qNV2gO0z1cq3UYM%3D-148

Which doesn't permit to do it by jmeter (can't know the token of session by advance)

I have tried pass CSRFPolicy to "true" in share-config-custom but didn't change anything

Is there a way for not using token when upload a file ???

Thank you

3 REPLIES 3

abhinavmishra14
World-Class Innovator
World-Class Innovator

Alfresco 7.3 is still not officially released AFAIK, as you have mentioned the version in the title of the post, but i believe you are using 7.0.x version. Just in case, Use the latest stable release version from here: https://www.alfresco.com/thank-you/thank-you-downloading-alfresco-community-edition

Why don't you use these API calls if the goal is to load test uploads: 

POST: /alfresco/service/api/upload

You can find additional details about the upload api (/alfresco/service/api/upload) here: https://javaworld-abhinav.blogspot.com/2014/09/upload-documents-to-alfresco-using-rest.html

You can also take a look at this jmeter plugin that can be used to load test uplods via http or ftp :

https://github.com/abhinavmishra14/AlfrescoJMeterLoadTestPlugin

or 

Use V1 REST API for upload requests: 

POST: /alfresco/api/-default-/public/alfresco/versions/1/nodes/{id}/children

On the other hand, you have option to disbale csrf by adding following to alfresco-global.properties (Not recommeded for production environment)

csrf.filter.enabled=false  

and for share, update the share-config-custom.xml:

<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
   <filter/>
</config>
~Abhinav
(ACSCE, AWS SAA, Azure Admin)

Hello,

Thanks for answer.

I really use the version 7.3.0 (version I have obtained using docker way of installation of the community)

I tried :

POST: /alfresco/service/api/upload

But it doesn't work on that version Smiley Sad 

Seems it need a session token , which make my problem .... 

abhinavmishra14
World-Class Innovator
World-Class Innovator

That's correct. You can't upload to repository without authentication. 

You can either send the alf_ticket with the request by first calling login api. or you can use basic authentication mechanism like you did with share. There is "NO WAY" you can bypass authentication and upload to repo AFAIK.

here are some examples tested via curl:

V1 API example:

Using alf_ticket:
$ curl -X POST -F filedata=@test2.txt -F "name=somefile.txt" -F "nodeType=cm:content" -F "cm:title=My text" -F "cm:description=My text document description" -F "relativePath=/Sites/testsite/documentLibrary/myfolder" http://localhost:8080/alfresco/api/-default-/public/alfresco/versions/1/nodes/-root-/children?alf_ticket=TICKET_455c2e0153a24170466005a9b9326607cee59674 OR Basic auth: $ curl -X POST -F filedata=@test2.txt -F "name=somefile.txt" -F "nodeType=cm:content" -F "cm:title=My text" -F "cm:description=My text document description" -F "relativePath=/Sites/testsite/documentLibrary/myfolder" -H 'Authorization: Basic VElDS0VUXzQ1NWMyZTAxNTNhMjQxNzA0NjYwMDVhOWI5MzI2NjA3Y2VlNTk2NzQ=' http://localhost:8080/alfresco/api/-default-/public/alfresco/versions/1/nodes/-root-/children

Repo based api should work same way by passing alf_ticket or basic auth. I don't whether you gone through this: https://javaworld-abhinav.blogspot.com/2014/09/upload-documents-to-alfresco-using-rest.html

there are in detail steps 

~Abhinav
(ACSCE, AWS SAA, Azure Admin)