Hi,
I ran into the following scenario while attempting to use OpenCMIS Workbench
with EMC Documentum implementation of CMIS. We have multiple Documentum
repositories enabled on a single CMIS service endpoint. However each repository
has its own security settings requiring to use unique credentials for each
repository. When I attempt to use OpenCMIS Workbench with Web Services binding
for this setup, OpenCMIS Workbench throws an error when trying to load the list
of repositories after I press "Load Repositories" button on Login screen. Here
is the partial stack trace of the error:
org.apache.chemistry.opencmis.commons.exceptions.CmisRuntimeException: Failed
to get repository information
[E_QUERY_ACTION_FAILED] "QUERY" action failed. [DFC_BOF_WRONG_IDENTITY]
LoginInfo and Principal for "<removed>" docbase are not defined or wrong.
[DFC_BOF_WRONG_IDENTITY] [DFC_BOF_WRONG_IDENTITY] LoginInfo and Principal for
"<removed>" docbase are not defined or wrong.
at
org.apache.chemistry.opencmis.client.bindings.spi.webservices.AbstractWebServicesService.convertException(AbstractWebServicesService.java:119)
at
org.apache.chemistry.opencmis.client.bindings.spi.webservices.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:96)
at
org.apache.chemistry.opencmis.client.bindings.impl.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:90)
at
org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.getRepositories(SessionFactoryImpl.java:135)
at
org.apache.chemistry.opencmis.workbench.model.ClientSession.connect(ClientSession.java:192)
at
org.apache.chemistry.opencmis.workbench.model.ClientSession.<init>(ClientSession.java:117)
at
org.apache.chemistry.opencmis.workbench.LoginDialog.createClientSession(LoginDialog.java:265)
at
org.apache.chemistry.opencmis.workbench.LoginDialog$1.actionPerformed(LoginDialog.java:119)
at
javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1995)
After reviewing OpenCMIS source code, it looks like the "Load Repositories"
routine includes invoking RepositoryService.getRepositoryInfos() method. The
implementation of this method for the Web Services binding executes
getRepositories CMIS service call, and then for each of the returned repository
invokes getRepositoryInfo CMIS service call. And it appears that Documentum
simply doesn't allow getRepositoryInfo CMIS service call to be executed for
unauthenticated clients.
Question: our setup with multiple repositories each having unique security
settings and available on a single CMIS service endpoint seems to be valid and
conforming to CMIS specification. The way Documentum handles authentication for
getRepositoryInfo CMIS service call for Web Services binding also appears to
conform CMIS spec. 1.1 (paragraph 4.1.2). Should OpenCMIS Workbench be modified
to handle this specific use case gracefully? I think that OpenCMIS Workbench
should allow a user to see the list of repositories for which provided
credentials work while "filtering out" all repositories for which it cannot
execute getRepositoryInfo CMIS service call. Or am I missing something and our
Documentum setup is against something defined in CMIS specification?
Any feedback s greatly appreciated. Thank you!
--
Sergey Alshuk
