Display a document without authentification - javascript

I am currently developping a java/jee application using alfresco as ged and spring as a framework.I want to display a file in the navigator without authentification requirment.So how can i do that.By the way i have 2 modules in my project:Frontend and backend which are communicating via rest calls.From the backend i tried to pass the byte array of the object but unfortunately i recieved it as string so i can't work with it.So any suggestion to solve this issue?
public Map<String, Object> getCourrierDetails(String idCourrier) throws Exception {
Map<String, Object> courriersDetails = runtimeService.getVariables(idCourrier);
courriersDetails.put("idCourrier", idCourrier);
DocumentDaoImpl dao=new DocumentDaoImpl();
Document docCmis = (Document) dao.getDocument("workspace://SpacesStore/73871a36-9a6c-42c6-b3e3-7d68362fe9c0");
byte[] myByteArray = readContent(docCmis.getContentStream().getStream());
ByteArrayResource resource = new ByteArrayResource(myByteArray) {
#Override
public String getFilename() {
return docCmis.getContentStreamFileName();
}
};
System.out.println(resource.getFilename());
//courriersDetails.put("resources", myByteArray);
System.out.println(courriersDetails.get("resources")+" rrrr");
//courriersDetails.put("contentStream",docCmis.getContentStream().getStream());
return courriersDetails;
}

Assuming your front-end and back-end are custom and your back-end communicates with Alfresco, all you need to do is write a proxy that resides in your back-end.
The proxy can establish a session with Alfresco using a pre-configured "service account" that has access to the content. In this way, the person using your custom webapp does not use their own credentials to get the object from Alfresco. Instead, the service account is used and the web app streams that to the requester.
For example, in one of my projects I have an AssetService that uses CMIS to get the InputStream from content given its ID:
public InputStream download(String assetId) {
CmisObject obj = session.getObject(assetId);
Document doc = null;
if (obj.getBaseTypeId().equals(BaseTypeId.CMIS_DOCUMENT)) {
doc = (Document) obj;
}
return doc.getContentStream().getStream();
}
Then, my Controller just asks the service for the asset to get some info about it to make it easy to set some helpful headers, then it gets the input stream from the asset service and returns that:
#RequestMapping(value = "/api/asset/{assetId:.+}/download/{name}", method = RequestMethod.GET)
public ResponseEntity<InputStreamResource> downloadAsset(
#PathVariable("assetId") String assetId,
#PathVariable("name") String name) {
// get the asset so we can get some info about it
Asset asset = assetService.getAsset(assetId);
// set the http headers (mimetype and length at a minimum)
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.setContentType(MediaType.parseMediaType(asset.getMimetype()));
httpHeaders.setContentLength(asset.getLength());
// get the content stream
InputStream inputStream = assetService.download(assetId);
InputStreamResource inputStreamResource = new InputStreamResource(inputStream);
return new ResponseEntity<InputStreamResource>(inputStreamResource, httpHeaders, HttpStatus.OK);
}
This example uses Spring MVC within a Spring Boot app but of course you could do something similar with a plain old servlet if you want.

One option is to write your own web script and set it up in a way that it allows guest access.
http://docs.alfresco.com/4.1/concepts/ws-authenticating.html
There's also an option to completely disable permission checking, which I have never tried, though.
https://community.alfresco.com/thread/175381-disabling-permission-checking

Related

How to inform a web interface about the status of a variable?

I am using Spring MVC for a web app(with JQuery for front-end). I have a service that has a status variable that changes based on the progress of a certain method.
The code looks like the following:
#Service
public class PatchGenerationService {
private String status;
public String getStatus() {
return status;
}
public void generatePatch(){
status = STATUS_PREPARE;
//some code
status = STATUS_LOOKUP;
//and so on
status = STATUS_FINISHED;
}
}
There are several asynchronous threads running this service at the same time, created by different clients. I want to be able to inform each client on the status of the thread created for him.
Here is the service where the PatchGenerationService is created:
#Async
public static void createPatchFromSelectedCommits(String branch, String tagName, List<Commit> commits) {
log.info("generating a new patch");
PatchGenerationService patchGenerationService = new PatchGenerationService();
patchGenerationService.generatePatch(/*attributes*/);
log.info("patch generation ended");
}
How can I send the information with the value of the status variable to the client each time this variable changes?
You should take a look to this documentation : Using WebSocket to build an interactive web application
Using WebSocket to build an interactive web application
This guide walks you through the process of creating a "hello world"
application that sends messages back and forth, between a browser and
the server. WebSocket is a very thin, lightweight layer above TCP. It
makes it very suitable to use "subprotocols" to embed messages. In
this guide we’ll dive in and use STOMP messaging with Spring to create
an interactive web application.
In simple words, your backend will send a message to your frontend to notify him of the change of status.
I have finally found the answer in this project: Github Link
In fact it would have been rather difficult to retrieve the specific PatchGenerationService object. I have thus modified the class so that it implements Runnable.
I now override the run method in PatchGenerationService:
#Override
public void run() {
generatePatch( patchName, branchName, tagName, version, author, applierRelease, selectedCommits);
}
I am using STOMP with SockJS in order to send messages to the client every time the statuts variable changes:
public void sendProgress(String exception){
logger.info("status:" +status);
Status statusWithException=new Status(status,exception);
template.convertAndSend("/generationStatus/status", statusWithException);
}
public void generatePatch(String patchName, String branchName, String tagName, String version, String author, String applierRelease, List<Commit> selectedCommits) {
//String status;
status = STATUS_PREPARE;
sendProgress("");
}
The connection is managed by a broker:
#Configuration
#EnableWebSocketMessageBroker
public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer {
#Override
public void configureMessageBroker(MessageBrokerRegistry config) {
config.enableSimpleBroker("/generationStatus");
config.setApplicationDestinationPrefixes("/app");
}
#Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/status").withSockJS();
}
}
The connect method on the client side subscribes to the generationStatus/status url:
function connect() {
console.log('connecting to generation status');
var socket = new SockJS('/status');
stompClient = Stomp.over(socket);
stompClient.connect({}, function (frame) {
console.log('Connected: ' + frame);
stompClient.subscribe('/generationStatus/status', function (data) {
console.log(data);
});
});
}

How to use React's BrowserRouter on client and Java REST API (Spring Boot) on the server?

I want to use React on the client and Java Spring Boot on the server for REST API, both client and server are packaged together so they are hosted on the same application server.
I can already query the server APIs via the /api path.
But (how) can I use the BrowserRouter of react-router-dom (Router v4) on the client instead of the HashRouter?
I don't know Spring Boot well, but I guess I could check on the server if the route does not match /api, then I would return the index.html with all the react logic handling the route based on HTTP query location path?
I hope I am clear, I don't want the hash in the URL and routing must be done on the client.
Quite old, but in general all you would need is to match api first, and then have a wildcard to match everything else and return index...
This way any deep linking would still work, by serving the root of your react app, where react router will pick up on the URL the browser holds.
Spring should handle something as simple as #RequestMapping(value = "/") as routing everything to index. I would expect if you specify /api/ it would be more specific and take precedence.
I finally found how to catch all GET requests and return my React app, it was deadly simple, just use a wild card *, note that /* will not work.
#Value("${server.servlet.context-path}")
private String contextPath;
#GetMapping("*")
public ModelAndView defaultPage(Map<String, Object> model) {
model.put("contextPath", contextPath);
return new ModelAndView("index", model);
}
In this example, the index points to this file /src/main/resources/static/index.html
Wildcard * has been binded to ResourceHttpRequestHandler, it's better to keep it:
Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
If you need more management(such as server-side-render), you could define yourself's ErrorController.
So when spring router matches nothing, spring can respond your react ssr result:
#Controller
public class ServerSideRenderrer implements ErrorController {
#Override
public String getErrorPath() {
return "/error";
}
#RequestMapping(value = "/error")
#ResponseBody
public String error(HttpServletRequest request, HttpServletResponse response) {
Integer statusCode = (Integer) request.getAttribute("javax.servlet.error.status_code");
String original = request.getAttribute(RequestDispatcher.FORWARD_REQUEST_URI);
String method = request.getMethod();
if (statusCode == 404 && method.equalsIgnoreCase("GET") && original.contains("xxx")) {
response.setStatus(200);
return ssrHtmlContent;
}
return "Error handling";
}
}

spring boot multiple database configuration with microsoft sql server

i've multiple databases under a single sql server database.
from application.properties file. i've configured to default schema in springboot.
now i would like to chage to another database with same url, usrname, pawd.
how can i changedo this ? when i give annotation over class with
#table (name = db2.dbo.tname)
it throws error saying,
unable to map this dboject in database 1
here's my configuration:
spring.datasource.url=jdbc:sqlserver://localhost:1433;databaseName=testdb;integratedSecurity=false;
spring.datasource.username=sa
spring.datasource.password=myPassword
spring.datasource.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerConnection
spring.datasource.initialize=true
my application works with the default db i gave on application properties. but i've to connect to another database.
how can i resolve this?
You cannot use the regular spring properties to do that. Here's an example on how you can connect to TWO databases (Or more if you need):
First you have to disable the autoconfiguration that picks up just one DB:
#EnableAutoConfiguration(exclude = {DataSourceAutoConfiguration.class, HibernateJpaAutoConfiguration.class, DataSourceTransactionManagerAutoConfiguration.class})
And now you just have to provide your own configuration for JPA and Datasources:
#Configuration
#EnableJpaRepositories(entityManagerFactoryRef = "ds1EntityManagerFactory",
transactionManagerRef = "ds1TransactionManager",
basePackageClasses = Ds1Repository.class)
public class DataSource1Config {
#Bean
PlatformTransactionManager ds1TransactionManager() {
return new JpaTransactionManager(tfccgEntityManagerFactory().getObject());
}
#Bean
LocalContainerEntityManagerFactoryBean ds1EntityManagerFactory() {
HibernateJpaVendorAdapter vendorAdapter = new HibernateJpaVendorAdapter();
LocalContainerEntityManagerFactoryBean factoryBean = new LocalContainerEntityManagerFactoryBean();
factoryBean.setDataSource(ds1());
factoryBean.setJpaVendorAdapter(vendorAdapter);
factoryBean.setPackagesToScan(Ds1Entity.class.getPackage().getName());
factoryBean.getJpaPropertyMap().put("hibernate.dialect", dialect);
factoryBean.getJpaPropertyMap().put("hibernate.show_sql", showSQL);
factoryBean.getJpaPropertyMap().put("hibernate.globally_quoted_identifiers", quoteIdentifiers);
return factoryBean;
}
#Bean
DataSource ds1() {
BasicDataSource dataSource = new BasicDataSource();
dataSource.setUrl(url);
dataSource.setDriverClassName(driverClass);
dataSource.setUsername(username);
dataSource.setPassword(password);
dataSource.setTestOnBorrow(testOnBorrow);
dataSource.setMaxTotal(maxTotal);
dataSource.setInitialSize(initialSize);
dataSource.setMaxIdle(maxIdle);
return dataSource;
}
}
You can have a copy of this class for a ds2 datasource on which you'll have a second set of transactionManager entityManagerFactory and datasource and on which you'll enable JPA Repositories and Entity scan for different packages and name the beans with different names.
Then, If you need transaction isolation in a method you'll have to provide the transactionManager name since you'd have 2:
#Transactional(transactionManager = "ds1TransactionManager")

SignalR service: Get message depending on user role

I created
MVC app (installed -Install-Package Microsoft.AspNet.SignalR.JS) (ref here)
Web Service
(//Install from Nuget Package window
//Install-Package Microsoft ASP.NET SignalR .NET Client
//Install-Package Microsoft ASP.NET SignalR Core Components)
Signalr Service (Installed -Install-Package Microsoft.AspNet.SignalR.SelfHost and Install-Package Microsoft.Owin.Cors)
What I am doing: I am calling MVC page and after processing one task using web service. In that web service when task is processing I want to notify user what is going on behind the seen like task is in processing or it is done using Signalr service.
I created All project separately.
using web Service I am calling the signalr hubs (see here)
challenges facing:
I want to broadcast the message to that user and if no. of user are there then depending on there role i want to send messages.
Edited:Extra Enhancement added in my project:I have no. of MVC app and its corresponding Web services and My single signalR service so how can I identify which MVC app calling it corresponding service and service pushing to all or it application users or particular user. Like pusher will create application Id to application and number of tokens for user. It is possible to do it.
Summary:
I'm not sure that it's possible to have the hubs living on the WCF SignalR service. It would be best to let the MVC project act as a proxy between the client and web service. You can connect to SignalR later with other clients (such as desktop clients) if that's one of your requirements, and also connect to this hub from your web service to send updates to the clients and/or users in a specified group.
Workflow:
To start, the flow would look more like this:
Managing Client Connections:
If you are using an in-memory approach to managing your connected users, then you could start by adding the connection id and the user id to whatever collection you are using to handle this. For example:
public static ConcurrentDictionary<String, String> UsersOnline = new ConcurrentDictionary<String, String>();
public override System.Threading.Tasks.Task OnConnected()
{
UsersOnline.TryAdd(Context.ConnectionId, Context.User.Identity.GetUserId());
return base.OnConnected();
}
A word of caution: The Context.User will be null unless you map SignalR after the authentication.
It may be beneficial to store the connection id in variable on the client side as well so you can pass it to your methods later.
var connectionId;
var testHub = $.connection.testHub;
$.connection.hub.start().done(function () {
connectionId = $.connection.hub.id;
}
The Hub:
The hub can be used to communicate with the web service. In this example I'll be using it as a soap service, but rest should work just the same.
public void LongRunningTask(String ConnectionId)
{
using (var svc = new Services.MyWebService.SignalRTestServiceClient())
{
svc.LongRunningTask(ConnectionId);
} // end using
} // end LongRunningTask
Note that we pass the connection id to the service as well. This comes into play when the service starts sending messages back to the MVC project to deliver to the client(s).
Listener or Web API:
Set up a listener controller or a Web API on the MVC site to receive messages from the web service.
public ActionResult SignalR(String Message, String Type, String ConnectionId)
{
if (!String.IsNullOrWhiteSpace(Message) && !String.IsNullOrWhiteSpace(Type) && !String.IsNullOrWhiteSpace(ConnectionId))
{
if (Type == "ShowAlert")
{
// Determine if the user that started the process is still online
bool UserIsOnline = Hubs.TestHub.UsersOnline.ContainsKey(ConnectionId);
// We need this to execute our client methods
IHubContext TestHub = GlobalHost.ConnectionManager.GetHubContext<Hubs.TestHub>();
if (UserIsOnline)
{
// Show the alert to only the client that started the process.
TestHub.Clients.Client(ConnectionId).showAlert(Message);
} // end if
else
{
List<String> UserIdsInRole = new List<String>();
using (var connection = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["DefaultConnection"].ToString()))
{
// Assuming you're using Identity framework since it is an MVC project, get all the ids for users in a given role.
// This is using Dapper
UserIdsInRole = connection.Query<String>(#"
SELECT ur.UserId
FROM AspNetUserRoles ur
JOIN AspNetRoles r ON ur.RoleId = r.Id
WHERE r.Name = #rolename
", new { rolename = "SpecialRole" }).ToList();
} // end using
// Find what users from that role are currently connected
List<String> ActiveUsersInRoleConnectionIds = Hubs.TestHub.UsersOnline.Where(x => UserIdsInRole.Contains(x.Value)).Select(y => y.Key).ToList();
// Send the message to the users in that role who are currently connected
TestHub.Clients.Clients(ActiveUsersInRoleConnectionIds).showAlert(Message);
} // end else (user is not online)
} // end if type show alert
} // end if nothing is null or whitespace
return new HttpStatusCodeResult(200);
} // end SignalR
Web Service:
The web service method that does the long running work should accept a client id as well, so it can send it back to the listener controller or web API. It can use a method similar to this (using RestSharp) to connect back to the MVC project:
public void ShowAlert(String Message, String ConnectionId)
{
RestClient Client = new RestClient("http://localhost:8888");
RestRequest Request = new RestRequest("/Listener/SignalR", Method.POST);
Request.Parameters.Add(new Parameter() { Name = "Message", Type = ParameterType.QueryString, Value = Message });
Request.Parameters.Add(new Parameter() { Name = "Type", Type = ParameterType.QueryString, Value = "ShowAlert" });
Request.Parameters.Add(new Parameter() { Name = "ConnectionId", Type = ParameterType.QueryString, Value = ConnectionId });
IRestResponse Response = Client.Execute(Request);
} // end Show Alert
Demo:
I did a proof of concept and uploaded it to Github.

Creating a YouTube Service via ASP.NET using a pre-existing Access Token

I've been working on a Website for users to upload videos to a shared YouTube account for later access. After much work I've been able to get an Active Token, and viable Refresh Token.
However, the code to initialize the YouTubeService object looks like this:
UserCredential credential;
using (var stream = new FileStream("client_secrets.json", FileMode.Open, FileAccess.Read))
{
credential = await GoogleWebAuthorizationBroker.AuthorizeAsync(
GoogleClientSecrets.Load(stream).Secrets,
// This OAuth 2.0 access scope allows an application to upload files to the
// authenticated user's YouTube channel, but doesn't allow other types of access.
new[] { YouTubeService.Scope.YoutubeUpload },
"user",
CancellationToken.None
);
}
var youtubeService = new YouTubeService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = Assembly.GetExecutingAssembly().GetName().Name,
});
I've already got a token, and I want to use mine. I'm using ASP.NET version 3.5, and so I can't do an async call anyways.
Is there any way I can create a YouTubeService object without the async call, and using my own token? Is there a way I can build a credential object without the Authorization Broker?
Alternatively, the application used YouTube API V2 for quite some time, and had a form that took a token, and did a post action against a YouTube URI that was generated alongside the token in API V2. Is there a way I can implement that with V3? Is there a way to use Javascript to upload videos, and possibly an example that I could use in my code?
NOTE: I ended up upgrading my Framework to 4.5 to access the google libraries.
To programatically initialize a UserCredential Object you've got to build a Flow, and TokenResponse. A Flow Requires a Scope (aka the permissions we are seeking for the credentials.
using Google.Apis.Auth.OAuth2;
using Google.Apis.Auth.OAuth2.Responses;
using Google.Apis.Auth.OAuth2.Flows;
string[] scopes = new string[] {
YouTubeService.Scope.Youtube,
YouTubeService.Scope.YoutubeUpload
};
GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer
{
ClientSecrets = new ClientSecrets
{
ClientId = XXXXXXXXXX, <- Put your own values here
ClientSecret = XXXXXXXXXX <- Put your own values here
},
Scopes = scopes,
DataStore = new FileDataStore("Store")
});
TokenResponse token = new TokenResponse {
AccessToken = lblActiveToken.Text,
RefreshToken = lblRefreshToken.Text
};
UserCredential credential = new UserCredential(flow, Environment.UserName, token);
Hope that helps.
Currently the official Google .NET client library does not work with .NET Framework 3.5. (Note: this is an old question the library hasn't supported .NET 3.5 since 2014. So the statement would have been valid then as well.) That being said you are not going to be able to create a service for the Google .NET client library using an existing access token. Also not possible to create it with an access token using any .NET Framework you would need to create your own implementation of Idatastore and load a refresh token.
Supported Platforms
.NET Framework 4.5 and 4.6
.NET Core (via netstandard1.3 support)
Windows 8 Apps
Windows Phone 8 and 8.1
Portable Class Libraries
That being said you are going to have to code this yourself from the ground up. I have done it and it is doable.
Authentication :
You have stated you have your refresh token already so I won't go into how to create that.
The following is a HTTP POST call
Refresh access token request:
https://accounts.google.com/o/oauth2/token
client_id={ClientId}.apps.googleusercontent.com&client_secret={ClientSecret}&refresh_token=1/ffYmfI0sjR54Ft9oupubLzrJhD1hZS5tWQcyAvNECCA&grant_type=refresh_token
Refresh Access token response:
{ "access_token" : "ya29.1.AADtN_XK16As2ZHlScqOxGtntIlevNcasMSPwGiE3pe5ANZfrmJTcsI3ZtAjv4sDrPDRnQ", "token_type" : "Bearer", "expires_in" : 3600 }
An call you make to the YouTube API you can either add the access token as the authorization bearer token or you can just take it on to the end of any request
https://www.googleapis.com/youtube/v3/search?access_token={token here}
I have a full post on all of the calls to the auth server Google 3 legged Oauth2 flow. I just use normal webRequets for all my calls.
// Create a request for the URL.
WebRequest request = WebRequest.Create("http://www.contoso.com/default.html");
// If required by the server, set the credentials.
request.Credentials = CredentialCache.DefaultCredentials;
// Get the response.
WebResponse response = request.GetResponse();
// Display the status.
Console.WriteLine (((HttpWebResponse)response).StatusDescription);
// Get the stream containing content returned by the server.
Stream dataStream = response.GetResponseStream();
// Open the stream using a StreamReader for easy access.
StreamReader reader = new StreamReader(dataStream);
// Read the content.
string responseFromServer = reader.ReadToEnd();
// Display the content.
Console.WriteLine(responseFromServer);
// Clean up the streams and the response.
reader.Close();
response.Close();
Upgrade .NET 4+
If you can upgrade to the newest version of .NET using the library will be much easier. This is from Googles official documentation Web Applications ASP.NET. I have some additional sample code on my github account which shoes how to use the Google Drive API. Google dotnet samples YouTube data v3.
using System;
using System.Web.Mvc;
using Google.Apis.Auth.OAuth2;
using Google.Apis.Auth.OAuth2.Flows;
using Google.Apis.Auth.OAuth2.Mvc;
using Google.Apis.Drive.v2;
using Google.Apis.Util.Store;
namespace Google.Apis.Sample.MVC4
{
public class AppFlowMetadata : FlowMetadata
{
private static readonly IAuthorizationCodeFlow flow =
new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer
{
ClientSecrets = new ClientSecrets
{
ClientId = "PUT_CLIENT_ID_HERE",
ClientSecret = "PUT_CLIENT_SECRET_HERE"
},
Scopes = new[] { DriveService.Scope.Drive },
DataStore = new FileDataStore("Drive.Api.Auth.Store")
});
public override string GetUserId(Controller controller)
{
// In this sample we use the session to store the user identifiers.
// That's not the best practice, because you should have a logic to identify
// a user. You might want to use "OpenID Connect".
// You can read more about the protocol in the following link:
// https://developers.google.com/accounts/docs/OAuth2Login.
var user = controller.Session["user"];
if (user == null)
{
user = Guid.NewGuid();
controller.Session["user"] = user;
}
return user.ToString();
}
public override IAuthorizationCodeFlow Flow
{
get { return flow; }
}
}
}
Top tip YouTube doesn't support service accounts your going to have to stick with Oauth2. As long as you have authenticated your code once it should continue to work.

Categories