Hi,
Do you mean 'Would you want the client to request the *URL* with an extra
extension parameter..."?
I'll be retrieving the URL with this (straight from your book):
if (session.getBinding().getObjectService() instanceof LinkAccess) {
return ((LinkAccess)
session.getBinding().getObjectService()).loadContentLink(session.getRepositoryInfo()
.getId(), document.getId());
}
If that URL had the token, great - if not and we had to do something extra
(like add it ourselves somehow), still OK. The main thing is that the
repository can actually use a URL with the token in it.
Another thing occurred to me - would some kind of Single-sign on make all
this 'just work' (including the viewer)? Apologies that I keep mentioning
the viewer, but it's the main problem here!
Thanks,
Tim
On Thu, Aug 28, 2014 at 5:10 PM, Jay Brown <jay.br...@us.ibm.com> wrote:
> No we don't currently support this but I am just trying to think this
> through from a security perspective if we wanted to add a feature.
> We can't include the user's security token in all of the returned stream
> url's by default. I would have to be requested.
>
> Would you want the client to request the document with an extra extension
> parameter indicating that the stream url should be returned with the
> current users LTPA token embedded? (includeAuthToken=true)
>
>
> Jay Brown
> Senior Engineer, ECM Development
> IBM Software Group
> jay.br...@us.ibm.com
> www.linkedin.com/in/parityerror/
>
> [image: Inactive hide details for Tim Webster ---08/28/2014 02:37:16
> AM---Jay, I've re-read your email, and I think I misunderstood wha]Tim
> Webster ---08/28/2014 02:37:16 AM---Jay, I've re-read your email, and I
> think I misunderstood what you were saying...
>
>
>
> From:
>
>
> Tim Webster <tim.webs...@gmail.com>
>
> To:
>
>
> "dev@chemistry.apache.org" <dev@chemistry.apache.org>
>
> Date:
>
>
> 08/28/2014 02:37 AM
>
> Subject:
>
>
> Re: IBM FileNet P8 CMIS URL addressability + Daeja ViewOne Viewer
> ------------------------------
>
>
>
> Jay,
>
> I've re-read your email, and I think I misunderstood what you were
> saying...
>
> *"We currently only support LTPA tokens with the FileNet CMIS server. So
>
> if your client adds a 'Cookie' header with a value of a valid LTPA token
> (for the domain where the CMIS and CE server reside) your request will
> succeed without a challenge for credentials. "*
>
>
> This is fine if we were actually constructing the HTTP request ourselves,
> but we're not - the Daeja ViewOne applet is doing it.
>
> *"...would you need us to support the passing of the token as a parameter
> in the Content stream URL?"*
>
>
> This would in fact help - if the content stream URL contained the token, I
> could just pass that URL to the applet and it can do the rest. As it is,
> does P8 support any URL of this type to retrieve content?
>
> Thanks,
>
> Tim
>
>
>
>
> On Wed, Aug 27, 2014 at 6:26 PM, Jay Brown <jay.br...@us.ibm.com> wrote:
>
> > We currently only support LTPA tokens with the FileNet CMIS server. So
> > if your client adds a 'Cookie' header with a value of a valid LTPA token
> > (for the domain where the CMIS and CE server reside) your request will
> > succeed without a challenge for credentials.
> >
> > Does this help you or would you need us to support the passing of the
> > token as a parameter in the Content stream URL?
> >
> >
> > Jay Brown
> > ECM Development, IBM
> >
> >
> > [image: Inactive hide details for Tim Webster ---08/27/2014 03:36:11
> > AM---Hi, I'm looking to stream documents to the Daeja ViewOne View]Tim
> > Webster ---08/27/2014 03:36:11 AM---Hi, I'm looking to stream documents
> to
> > the Daeja ViewOne Viewer applet using a
> >
> >
> >
> > From:
> >
> >
> > Tim Webster <tim.webs...@gmail.com>
> >
> > To:
> >
> >
> > "dev@chemistry.apache.org" <dev@chemistry.apache.org>
> >
> > Date:
> >
> >
> > 08/27/2014 03:36 AM
> >
> > Subject:
>
> >
> >
> > IBM FileNet P8 CMIS URL addressability + Daeja ViewOne Viewer
> > ------------------------------
>
> >
> >
> >
> > Hi,
> >
> > I'm looking to stream documents to the Daeja ViewOne Viewer applet using
> a
> > single URL. I understand that a document can be retrieved from the
> > repository using a URL like so:
> >
> >
> http://host:port
>
> >
> >
> /fncmis/resources/DEV/ContentStream/idd_9B7C7D0A-A236-489C-A512-AB32B2E676D7/0/document1.xlsx
> >
> > However the server prompts the user for basic HTTP authentication
> > credentials. It looks like Alfresco has a way to deal with this:
> >
> > https://wiki.alfresco.com/wiki/URL_Addressability
> >
> > Is there anything similar we can do for FileNet?
> >
> > Sorry a bit off-topic, but if there are any IBM people out there, do you
> > know if credentials can be supplied to the Daeja ViewOne applet? Maybe
> this
> > would be a way to deal with it instead...
> >
> > Thanks,
> >
> >
> >
>
>
>
