0

I've been using the opencmis Api to connect a Liferay portal to an Alfresco Repository

The usual way is

  1. Set the session parameters, providing user's login credentials

    parameter.put(SessionParameter.USER, "user_name"); 
parameter.put(SessionParameter.PASSWORD, "user_unencrypted_password");

  2. Get a Session with these parameters

        SessionFactory factory = SessionFactoryImpl.newInstance();
Session session = factory.getRepositories(parameter).get(0).createSession();

Now, my problem is that I'm using LDAP authentication, and I cannot know the user's unencrypted password in the session client ( a quite common security requirement). So while my user's password is synchronized between the 2 Systems (web Portal and Alfresco), I'm still not able to create a session.

So is there an alternative way to create a session for a specific user, without knowing the user's unencrypted pass ? For Example, if I connect as an Alfresco Admin, could I impersonate another user?

Edit: I guess there are some workarounds around this, like using alternate APIs (webScript, REST API and custom functions in Alfresco), but I'd prefer a solution that's preferably more straightforward and clean, and if possible, does not use multiple API's

yannicuLar
  • 3,083
  • 3
  • 32
  • 50
  • Could you use their Alfresco Ticket? – Gagravarr Jun 10 '13 at 09:15
  • @Gagravarr, could you please tell me how could I use that Ticket ? Just to make myself clear, I ultimately need to create a CmisSession for any given user, not an admin or any fixed account. – yannicuLar Jun 10 '13 at 09:40
  • 1
    Can't you just fetch the Alfresco ticket for the current user, then send a request with a username of `ROLE_TICKET` and the ticket as the password? (It's documented [here](http://wiki.alfresco.com/wiki/CMIS#Apache_Chemistry_OpenCMIS) amongst other places)) – Gagravarr Jun 10 '13 at 11:25
  • Just to be sure I understand, you propose 1) getting an Alfresco Ticket using an Alfresco-Admin account, whose password will be known to my client, then 2) get a new CmisSession for the desired User (unknown password) using the ticket instead for the pass for the [SessionParameter.PASSWORD] PArameter ?? Is that right ? – yannicuLar Jun 10 '13 at 13:18
  • 1
    Not quite. Somehow, via admin credentials or otherwise, get the ticket for the current (non-admin) user. Then, create the session with a username of `ROLE_TICKET` and the ticket as the password, and you'll be connected as the user who owns that ticket – Gagravarr Jun 10 '13 at 13:24
  • I think that using a Ticket to connect through Cmis, creates a cmisSession for the user that requested the ticked. So the the user's (not the admin) username and password are needed again. I guess that there should be some workaround to create a custom functionality to get an impersonated Alfresco Ticket, But that's definitely gonna need more API's, Webscripts etc – yannicuLar Jun 10 '13 at 13:55
  • There are various ways to get the Alfresco ticket for the currently logged in user. You'd probably be best off asking a new Liferay integration specific question about how to do that – Gagravarr Jun 10 '13 at 14:04

0 Answers0