Hi Jorge,
Authentication related data should be sent in a binding specific
manner.
There are several standards for Web Services how to encode and
transport authentication and authorization data in the SOAP header. I'm
not sure whether one of those fits your use case.
There is not much for the AtomPub and the Browser binding, though. HTTP
headers seem to be the obvious choice here.
In all cases you have to build a custom authentication provider. The
CMIS spec only recommends a basic authentication scheme and that's all
OpenCMIS supports out-of-the-box. I guess at some point we will add
other generic schemes like OAuth. But non-standard features like an
on-behalf user will always require custom client and server code.
- Florian
Hello Florian,
we have our own CMIS server implementations and we would like to send
extra information in every service method.
My initial idea was to send in the extension data this extra
information, I can give you a couple of examples:
- CAS authentication tokens. In our architecture we have front-end
applications in which the user authenticates and these applications
are then connecting to CMIS servers. The front-end applications don't
know the password of the final user and we would like to send a CAS
ticket in every CMIS request. With chemistry we create a session
passing the initial ticket, but while the CMIS session is alive we
want to send a new CAS ticket for each CMIS operation.
- Or on-behalf user IDs. We may work as a user directly or acting
like another delegated account. We could use the authentication
provider and attach this info in the HTTP header, but in this case we
need to adapt not only the server, the client as well.
Regards.
Jorge MARTIN CUERVO
European Commission
DG TRADE
Unit A4
CHAR 02/077
B-1049 Brussels/Belgium
+32 2 298 86 27
jorge.martin-cue...@ext.ec.europa.eu
-----Original Message-----
From: Florian Müller [mailto:f...@apache.org]
Sent: Monday, November 11, 2013 5:05 PM
To: dev@chemistry.apache.org
Cc: MARTIN CUERVO Jorge (TRADE-EXT)
Subject: Re: sending extension data in all service invocation
Hi,
I'm not exactly sure what you want achieve. The only way to send
extra
data that works across all operations and all bindings is to use a
HTTP
header, which requires a custom authentication provider. But the
amount
and the format of this data is very limited. It also requires a
server
that understands the extra data.
Is that what you are looking for?
- Florian
Hello everybody,
We are using Apache Chemistry client library to connect to a CMIS
repository.
We would like to send in every method invocation extra data in the
extension data space, is there any way to do it centralized?
I was thinking about extending the binding implementation, but this
raises a couple of issues:
· I need to extend all the current existing bindings
· The classes are quite big and prone to change by you J
Another idea is to use a custom authentication provider …
Any suggestion?
Many thanks in advance.
JORGE MARTIN CUERVO
EUROPEAN COMMISSION
DG TRADE
Unit A4
CHAR 02/077
B-1049 Brussels/Belgium
+32 2 298 86 27
jorge.martin-cue...@ext.ec.europa.eu [1]
Links:
------
[1] mailto:jorge.martin-cue...@ext.ec.europa.eu
