I tried to connect to Documentum content server repository using cmis API, but I am not able to connect.
I have Documentum content server & web top application, Now I just want to connect to repository, and I need repository session.
How to connect to documentum repository using CMIS API?
I tried to use following code, but its not working because Its a code snipet which I used for connecting Alfresco repository, and I just modified same with Documentum server IP.
So any sample code will be really helpful, At list If I can get repository session object, It would be great.
SessionFactory factory = SessionFactoryImpl.newInstance();
Map<String, String> parameter = new HashMap<String, String>();
// user credentials
parameter.put(SessionParameter.USER, "user");
parameter.put(SessionParameter.PASSWORD, "pass");
// Uncomment for Atom Pub binding
parameter.put(SessionParameter.ATOMPUB_URL, "http://localhost:8080//cmis/atom");
// Uncomment for Atom Pub binding
parameter.put(SessionParameter.BINDING_TYPE, BindingType.ATOMPUB.value());
parameter.put(SessionParameter.AUTHENTICATION_PROVIDER_CLASS,
CmisBindingFactory.NTLM_AUTHENTICATION_PROVIDER);
List<Repository> repositories = factory.getRepositories(parameter);
sourceSession = repositories.get(0).createSession();
With above code I am not able to get repository session, so please let me know if I am doing anything wrong, or please share any other sample code if you have.
I used above code to get Alfresco repository session, But I am not familiar with documentum, So I tried with modifying same alfresco cmis code.
First of all, avoid NTLM! Even if you get it working at some point, you will run into strange issues later.
This document is a bit outdated, but maybe it contains a few clues for you: http://www.jouvinio.net/wiki/images/a/a4/Documentum_cmis_6.7_deployment.pdf
Related
I'm trying to create a serverless function for Kong for authentication purposes. I'm required to use a client certificate to authenticate with the remote service that we have to use. I can't seem to get this working and there appears to be no clear documentation on how to do this. I've tried pintsized/lua-resty-http, ngx.socket.tcp(), and luacurl (failed to build) without success. I'm using the newest version of Kong in an Alpine Linux container in case that matters.
What is the best way to do this? Right now I'm considering simply calling curl from within Lua as I know that works, but I was hoping for a better solution that I can do with just Lua/OpenResty.
Thanks.
UPDATE: I just wanted to add, just in case it helps, that I'm already building a new image based on the official Kong one as I had to modify the nginx configuration templates, so installing new software into the container is not an issue.
All,
Apologies for the ugly code, but it looks like a found an answer that works:
require("socket")
local currUrl= "https://some.url/"
local https = require("ssl.https")
local ltn12 = require("ltn12")
local chunks = {}
local body, code, headers, status = https.request{
mode = "client",
url = currUrl,
protocol = "tlsv1_2",
certificate = "/certs/bundle.crt",
key = "/certs/bundle.key",
verify = "none",
sink = ltn12.sink.table(chunks),
}
If someone has a better answer, I'd appreciate it, but it's hard to complain about this one. The main issue is that while this works for a GET request, I'll be wanting to do POSTs to a service in a future and I have no idea how to do it using similar code. I'd like one libary/API that can do any type of REST request.
This blog got me on the right track: http://notebook.kulchenko.com/programming/https-ssl-calls-with-lua-and-luasec
When I try to clone a tfs hosted git repo http://tfstta.com:8080/tfs/DefaultCollection/_git/SampleTFSGit from my linux machine, I face the Authentication not supported error:
org.eclipse.jgit.api.errors.TransportException: http://:#tfstta.int.thomson.com:8080/tfs/DefaultCollection/_git/SampleTFSGit.git: authentication not supported*
Enabling basic authentication/alternate credentials does not seem to be an option.
Could someone please tell me a work around for this? I would be very grateful!
Goto Eclipse Menu
Window -> Preferences -> Team -> Git -> right side panel update time to 3000. `Connection timeout (seconds): 3000. Click on Apply and Close button. Clone again it will solve your problem.
This issue happens because JGit doesn't fully support NTLM, and instead of falling back to Basic auth or something else, it will stop right there.
Usually TFS answers failed authentication with multiple WWW-Authenticate headers. What happens here is that there is a bug in JGit's org.eclipse.jgit.transport.http.apache.HttpClientConnection, that will take into consideration only the last of the WWW-Authenticate headers, making it give up before even trying other connection types.
What I suggest is use your own implementation of org.eclipse.jgit.transport.http.HttpConnection, implementing like this:
#Override
public Map<String, List<String>> getHeaderFields() {
Map<String, List<String>> ret = new HashMap<>();
for (Header hdr : resp.getAllHeaders()) {
List<String> list;
if(ret.containsKey(hdr.getName())) list = ret.get(hdr.getName());
else { list = new LinkedList<>(); ret.put(hdr.getName(), list); }
for (HeaderElement hdrElem : hdr.getElements())
list.add(hdrElem.toString());
}
return ret;
}
Or if you are lazy (like me), you can just switch to org.eclipse.jgit.transport.http.JDKHttpConnection and be happy because it uses native Java connection underneath, that works correctly.
If you are trying to use Spring Cloud Config Server with a TFS Git Repository, my choice is just to implement your own ConfigurableHttpConnectionFactory
/**
* This will use native Java connections, instead of crappy ecplise implementation.
* There will be no management of implementation though. I cannot assure
*/
public class SpringJDKConnectionFactory extends JDKHttpConnectionFactory implements ConfigurableHttpConnectionFactory {
#Override
public void addConfiguration(MultipleJGitEnvironmentProperties environmentProperties) {
}
}
And have a configuration loading over the Spring's default:
#Configuration
public class JGitConnectionFactoryConfiguration {
#Bean
#Primary
public ConfigurableHttpConnectionFactory configurableHttpConnectionFactory() {
return new SpringJDKConnectionFactory();
}
}
But beware, TFS will probably not like Basic auth with direct passwords. So create a "Personal Access Token" in TFS, and use that as a password instead.
Simple sample code:
public static void main(String[] args) throws GitAPIException, IOException {
CloneCommand cmd;
String url = "http://tfs-url.com/Git-Repo";
File file = new File("build/git_test");
if(file.exists())
FileUtils.delete(file,FileUtils.RECURSIVE);
cmd = new CloneCommand();
cmd.setDirectory(file);
cmd.setURI(url);
//#use Personal access tokens as basic auth only accepts these
cmd.setCredentialsProvider(new UsernamePasswordCredentialsProvider("UserAccount","personalaccesstoken"));
ConfigurableHttpConnectionFactory cf = new SpringJDKConnectionFactory();
HttpTransport.setConnectionFactory(cf);
Git git = cmd.call();
}
You might want to try https://www.visualstudio.com/en-us/products/team-explorer-everywhere-vs.aspx since it is Microsoft's cross-platform TFS command-line. The code is posted on GitHub if you want to try and patch the authentication helpers back to jGit.
I would recommend you to upgrade your TFS server to the latest Update 3 and then use SSH Authentication for Git Repository.
SSH Support for Git Repos
With TFS 2015 Update 3, you can now connect to any Team Foundation
Server Git repo using an SSH key. This is very helpful if you develop
on Linux or Mac. Just upload your personal SSH key and you're ready to
go.
I have faced this issue with a new pc (configured by someone else). Fixed error with reinstalling JDK and running eclipse with it.
I used a bad approach but for initial work, it's fine for me.
In my case, I switched Project visibility on gitlab from private to public. Go to Gitab -> <your project> -> Settings -> General -> Visibility, project features, permissions -> switch to Public
In application.properties I added only spring.cloud.config.server.git.uri without authentication properties and also at the end of the gitlab uri added .git
http://gitlab.com/<your-repo-name>.git
I don't recommend this approach for people who work tasks for the company.
When you use command below, you'll be prompted to enter the username and password.
git-clone http://:#tfstta.int.thomson.com:8080/tfs/DefaultCollection/_git/SampleTFSGit
In my test, when send the command, you'll be prompted a Windows Security. It's not needed to use basic authentication/alternate credentials, simply type domaine\username and the password will connect to TFS.
I am creating multiple applications which works the same. For every application I use an adapter which contains the same procedures, but perform the request to a different back end (same host, only different path).
The thing I would like is to add a configuration file (json / xml) to the adapters which I can load and fetch some information from such as the path so I know which back end I need to call. The configuration is now in top of the file, but in the future it would be lovely to be able to update the adapter without changing the configuration afterwards.
Is there a way to load a second file located in the same directory (as where the adapter xml and implementation file are)? I tried using XMLHttpRequest, but this doesn't work as it is unavailable. The code I tried, but couldn't test as the fifth line already breaks.
var config = null;
function loadConfiguration() {
var loader = new XMLHttpRequest();
loader.overrideMimeType('application/json');
loader.open('GET', 'config.json', false);
loader.onreadystatechange = function () {
// Only for async calls.
config = loader.responseText;
};
config = loader.send();
}
If there is a better way, I would love to hear it! We upgraded to MFPF 7.0 if there are any new possibilities.
You cannot do this with JavaScript adapters, however in MFPF 7.0 there is a new type of adapters: Java adapters. Using Java adapters you can achieve this.
The following blog post explains how you can provide a single adapter that will allow you to point to different hosts or differents paths in the same host, etc...
See here: Changing the adapter host at runtime
I'm running Jackrabbit 2.6.4 in Glassfish 4. I have deployed Jackrabbit as a connector resource using the provided rar.
I have got it up and running so that I can call the Jackrabbit repository from inside stateless EJB's and can create nodes etc.. I am now trying to replace the Default LoginModule Mechanism that is provided out of the box with my own custom LoginModule.
So far I have:
Created a Custom Realm and LoginModule that returns a users Principles (currently String values e.g. admin, read, write) and deployed this to the domain/lib directory
Configured my web.xml and sun-web.xml files with the roles to group mappings and enabled basic authentication. This is all working as expected and I can enforce roles on my EJBs.
Got Jackrabbit to use my Custom Login module instead of it's own (I removed the login module configuration from repository.xml and changed the security app name to match my realm name)
I am now running into the following problems:
Jackrabbit does not find the existing subject created by the application container when I login. This appears to be a problem with the way Jackrabbit looks up the Subject:
AccessControlContext acc = AccessController.getContext();
subject = Subject.getSubject(acc);
This returns null in Glassfish. Instead it appears you need to use:
Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
I worked round this issue by getting the subject using the above code and then logging in to a repository inside a Subject.doAs block e.g.
Subject.doAs(subject, new PrivilegedAction<String>() {
#Override public String run() {
Session session = null;
try {
session = repository.login();
} catch (RepositoryException e) {
log.error("Failed", e);
} finally {
if (session != null) {
session.logout();
}
}
This now works but the next problem is that the JackRabbit DefaultAccessManager expects the Subject to contain JackRabbit typed principles e.g. org.apache.jackrabbit.core.security.SystemPrincipal which I can not return from my custom login module as it does not have access to the JackRabbit classes.
My first attempt to work around this was to create my own AccessManager but JackRabbit can't instantiate this as it is in my WAR and is not available to the JackRabbit code inside the connector resource.
My next attempt was to programmatically add the principle to the Subject inside my EJB before passing it to Jackrabbit, this worked but then I discovered running Subject.doAs inside an EJB in glassfish causes a number of issues and does not appear to be supported. There are also background threads inside Jackrabbit that need a subject with the JackRabbit typed principles in it.
I am now completely stumped on how to get a custom JAAS glassfish login module to work with Jackrabbit inside Glassfish and am wondering if anyone out there has figured this out.
In the mean time I am currently considering giving up on JackRabbit security and handling it all in my application layer and just using the default login module under the covers to log into Jackrabbit.
I've finally got Glassfish, JackRabbit and JAAS working together so that I can create a Subject using my custom LoginModule that JackRabbit then uses to create a session. Below are the steps that I took to resolve this issues described in my original question:
Instead of using the JackRabbit RAR (Model 2) I now include the JackRabbit Jars inside my war (Model 1). This allowed me to implement my own custom AccessManager that does not rely on the JackRabbit typed principles. The biggest disadvantage of this approach is that I now have to create and shutdown the repository myself. The solution I went with was an ApplicationScoped CDI Producer that creates the repo and the shuts it down in the dispose method. This makes it easy to inject the repo into the classes.
I solved the issue with JackRabbit finding the Subject in Glassfish by patching jackrabbit-core. It appears this issue has been around for some time see (JCR-3188), and a patch has been provided but never included in the source code. I applied the patch to 2.6.4 and JackRabbit is now able to find and use the Subject in Glassfish.
I'm using the web deploy API to deploy a web package (.zip file, created by MSDeploy.exe) to programmatically roll the package out to a server (we need to do some other things before we release the package which is why we're not doing it all in one go using MSDeploy.exe).
Here's the code I have. My question is really to clarify what is happening when this is executed. In the package parameters XML file I have the application name specified ("Default Web Site") but that's about it, there's no other params are specified in there. From testing the server it appears the package gets deployed successfully but my question is are any other settings on the server I'm deploying to getting changed without my knowledge, are any default settings published etc.? Things like security settings, directory browsing etc. that I might not be aware of? The code here seems to deploy the package but I'm anxious about using this on a production environment when I'm so unsure of how this API works. The MS documentation is not helpful (more like non-existant, actually).
DeploymentChangeSummary changes;
string packageToDeploy = "C:/MyPackageLocation.zip";
string packageParametersFile = "C:/MyPackageLocation.SetParameters.xml";
DeploymentBaseOptions destinationOptions = new DeploymentBaseOptions()
{
UserName = "MyUsername",
Password = "MyPassword",
ComputerName = "localhost"
};
using (DeploymentObject deploymentObject = DeploymentManager.CreateObject(DeploymentWellKnownProvider.Package,
packageToDeploy))
{
deploymentObject.SyncParameters.Load(packageParametersFile);
DeploymentSyncOptions syncOptions = new DeploymentSyncOptions();
syncOptions.WhatIf = false;
//Deploy the package to the server.
changes = deploymentObject.SyncTo(destinationOptions, syncOptions);
}
If anyone could clarify that this snippet should deploy a package to a web site application on a server, without changing any existing server settings (unless specified in the SetParameters.xml file) that would be really helpful. Any good resources on using the API or an explanation of how web deployment works behind the scenes would also be much appreciated!
The setparameters file just controls the value for the parameters defined in the package. A package might be doing much more than that. Web deploy has a concept of providers and any given package can have one or more providers.
If you want to make sure that the package is not changing server side settings the best approach you can take is to use the API but make the packages be deployed via Web Management Service. This will give you two benefits:
You can control what providers you allow through.
You can add users and give restricted permissions to them to deploy to their site or their folder etc.
The alternate approach is to:
In the package manually look at the archive.xml and look for the providers in the package. As long as you dont see any of the following providers that can cause server settings change such as apphostconfig or webserver or regkey (this is not a comprehensive list) you should be good. Runcommand is a provider that allows you to execute batch scripts or commands. While it is a good provider for admins themselves you need to consider whether you want to allow packages with such providers to run.
You can do the above mentioned inspection in code by calling getchildren on the deployment object you create out of the package and inspect the providers and the provider paths.