0

In IBM Connections 4.0 and 4.5, is there any way - probably by authenticating as a user with some special authorisation - to get the "Action Required" entries from another user's activity stream?

I have a user authorised to post to other users' streams by mapping that user to a security role in the WidgetContainer application, but the same role doesn't allow getting other users' streams.

I've tried a URL path like this, with UserId replaced by an actual user's id:
/connections/opensocial/basic/rest/activitystreams/UserId/@actions/@all

In Connections 4.0, that produces this message, which is strange because posting to the same user id works fine:
Error 400: The user ID(s) [UserId] is/are not recognized by the system.

In Connections 4.5, the same URL path produces the more sensible message "Access denied".

My use case:
We have an application which puts a highly-customised UI on Activities, and modifies Activities data without using the Connections API by updating the database. If a to-do is completed through our custom UI, we want to search the assignee's "Action Required" stream for any entries relating to that to-do, then remove the "actionable" flag from those entries.

Scott Leis
  • 2,810
  • 6
  • 28
  • 42
  • did you try with a user that has the trusted thirdparty application role? – Paul Bastide Mar 27 '14 at 17:20
  • If you mean the role that is actually called "trustedExternalApplication" in the "WidgetContainer" application, then yes. The only user I tried has that role, can post to other users' stream, but cannot get those streams. – Scott Leis Mar 28 '14 at 01:21
  • ok, the answer is going to be kind of complex – Paul Bastide Mar 28 '14 at 11:26

2 Answers2

0

If the roles don't work for you, you can build a Trusted Authentication Interceptor, or TAI. The TAI is an SPI that you implement to provide authentication, you can write your own custom TAI to authorize your service/role dependent on the flow, and then create/retrieve the java Principal for the user you need.

Description of TAI http://infolib.lotus.com/resources/portal/8.0.0/doc/en_us/PT800ACD002/security/sec_ws_tai.html http://www.ibm.com/developerworks/websphere/techjournal/1307_lansche/1307_lansche.html

Examples of Developing/Sample Code https://www.ibm.com/developerworks/websphere/techjournal/0508_benantar/0508_benantar.html

that's the best I can think of in this case. TAI is very gorpy implementation wise/complex, but once you see how to create it, it may help in this case.

Paul Bastide
  • 1,505
  • 4
  • 17
  • 22
  • I did a little reading about TAIs a few months ago, but have never actually used them. I don't have enough time for such a solution right now, so will leave this on the to-do list. – Scott Leis Apr 01 '14 at 04:31
  • 1
    the new etai that is now out, http://www.google.co.uk/url?sa=t&rct=j&q=ibm%20etai&source=web&cd=1&cad=rja&uact=8&ved=0CC4QFjAA&url=http%3A%2F%2Fwww.ibm.com%2Fsupport%2Fdocview.wss%3Fuid%3Dswg24016601&ei=_Ot8U7ayL8ay0QWLq4GwDg&usg=AFQjCNEHe5CgyL8oFwn2j3o_RppMGHtu3Q&sig2=CRlJJJPCUZwVAbuiI_uHUQ&bvm=bv.67229260,d.d2k – mike prendergast May 21 '14 at 18:10
0

the new etai that is out now @ http://www-01.ibm.com/support/docview.wss?uid=swg24016601

has quite a bit more flexibility.. if this is important to you , you may want to look again

mike prendergast
  • 126
  • 1
  • 3
  • Nice to know, but this would be excessive. This is for a product we intend to sell, which needs to be able to run inside IBM Connections with no dependency on TAM or similar additions. – Scott Leis May 22 '14 at 01:32