[MNT-1613] CLONE -CMIS web services do not appear to allow ticket authentication Created: 04-Feb-11  Updated: 19-Mar-13  Resolved: 11-Feb-11

Status: Closed
Project: Service Packs and Hot Fixes
Component/s: CMIS, Repository Authentication and SSO
Affects Version/s: 3.3.2
Fix Version/s: 3.4.1

Type: Service Pack Request
Reporter: Richard Mcknight Assignee: Closed Bugs
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
is clone of MNT-1671 CMIS web services do not appear to al... Closed
Related
Bug Priority:
Category 1
ACT Numbers:

22538


 Description   

To illustrate:

  • Obtain a ticket.
  • Include the ticket in a request posted to /alfresco/cmis/RepositoryService similar to the following

<soapenv:Envelope xmlns:ns="http://docs.oasis-open.org/ns/cmis/messaging/200908/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsu:Timestamp wsu:Id="Timestamp-94" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsu:Created>2010-09-09T16:53:02.109Z</wsu:Created><wsu:Expires>2010-09-09T16:58:02.109Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken wsu:Id="UsernameToken-93" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Username>ticket</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">TICKET_662cbb11fd3a3d3a274c716e671a6d701df631c1</wsse:Password><wsu:Created>2010-09-09T16:53:02.109Z</wsu:Created></wsse:UsernameToken></wsse:Security></soapenv:Header>
<soapenv:Body>
<ns:getRepositories>
<ns:extension>
<!-You may enter ANY elements at this point->
</ns:extension>
</ns:getRepositories>
</soapenv:Body>
</soapenv:Envelope>

  • Response similar to the following will be received:
    <soap:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-20367412"><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2010-09-22T16:08:57.367Z</wsu:Created><wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2010-09-22T16:13:57.367Z</wsu:Expires></wsu:Timestamp></wsse:Security></soap:Header><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>Invalid user name or password specified</faultstring></soap:Fault></soap:Body></soap:Envelope>


 Comments   
Comment by David Caruana [ 08-Feb-11 ]

The CMIS Web Services authenticator only supports username/password authentication.

We could add ticket validation, but we'd need to establish a unique way of identifying that a ticket has been passed. It's possible for a user to be named 'ticket'.

Potentially, we could use a PASSWORD_TYPE of PW_NONE, and assume the username is the ticket.

Comment by David Caruana [ 09-Feb-11 ]

A simple solution for passing a ticket is to provide a empty/null username, and the ticket in the password.

Comment by David Caruana [ 11-Feb-11 ]

V3.4 r25467

Ticket can be specified in password, if any of the following are true:

a) username is not specified (i.e. null, or length of zero)
b) username is equal to "ROLE_TICKET" (case insensitive)

The CMIS REST API has also been updated to support the above, so it's consistent with Web Services.

Project Swift will continue to support this when we merge in the refactored CMIS work based on OpenCMIS.

Comment by David Caruana [ 11-Feb-11 ]

Merged to DEV/V3.4-BUG-FIX r25468

Comment by David Caruana [ 11-Feb-11 ]

Merged to DEV/SWIFT r25469

Comment by Alfresco QA Team (Inactive) [ 10-Mar-11 ]

Validated against 3.4.1.234

Generated at Tue Jul 07 03:20:47 BST 2020 using JIRA 7.6.3#76005-sha1:8a4e38d34af948780dbf52044e7aafb13a7cae58.