Hyland Community
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Authentication and Automation APIs

franck102_
Champ in-the-making
Champ in-the-making

‎11-09-2012 04:30 AM

I am a bit confused about how authentication works with the Java automation APIs. I would like to use a shared secret between the client and the server, and to use impersonation when a client request comes in to switch the the requesting user's security context. I also need to authenticate the user. Roughly I am trying something along those lines:

// client init
session = client.getSession("Administrator", "Administrator"); // will replace with shared secret

// request comes in from user Bob
session.verifyCredentials("bob", bob's password) // how do I do this??
session.newRequest("Auth.LoginAs").set("name", "bob");
session.do_some_stuff()
session.newRequest("Auth.Logout");

I have two issues:

  1. How can I validate Bob's credentials (without starting a new session, which is too slow)?
  2. after Auth.LoginAs, I can still successfully use the session to readDocument for which Bob has been denied the READ permission - is LoginAs really impersonating the user?

Thanks!

0 Kudos
2 REPLIES 2

franck102_
Champ in-the-making
Champ in-the-making

‎11-09-2012 07:29 AM

Looking into the source code it seems that LoginAs would work only if I chain it with my "do_some_stuff" on the server side... however that doesn't work well for me, I would need to define automation chains for every operation I ever want to use.

0 Kudos

franck102_
Champ in-the-making
Champ in-the-making

‎11-12-2012 05:12 AM

I finally realized that establishing a session is really fast (as opposed to creating a new automation client), so I don't actually have a need for impersonation.

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC
li.common.scroll-to.top