Add authentication token to the Download Servlet

[jgeuens]

Hi,

We want to use the OpenKM as background document management system for our ERP application.
Therefore we will use Webservices to create documents from our ERP application in the DMS and store the document url in our ERP application.

Is it possible to retrieve a token with the authentication webservice and add it to the OKMDownloadServlet?
I want to store the document download url in our ERP application, and when a user clicks on the url in the ERP application, the document will be downloaded/opened without loging into OpenKM.
Both the ERP as the DMS system are linked to a LDAP server, so I can pass the user credentials from the ERP application to the authentication webservices of OpenKM to retrieve a token.

Download url when logged into OpenKM : http://demo.openkm.com/OpenKM/OKMDownlo ... vcbvcb.doc

Download url not logged into OpenKM, but with token from authentication Webservice : http://demo.openkm.com/OpenKM/OKMDownlo ... 0123456789[/b]

So it looks like a single sign on...

Any help would be appreciated...

Greetz, Joris

[jllort]

That's not a great idea, because all secutiry is losed using that system, probably you're thinking losing all permissions use, because you're only using one user to interact with OpenKM via Webservices, and really there's no security in your repository ( in user view, only there's one user ? ).

It's not possible setting token to DownloadServlet ( needs starting jboss session, then is created the token ), it'll be a bad idea passing the token etc...

I think the best way is downloading file to local server using webservices and then expose it, via web url ( hope you could understand it ).

Other way for doing it need changing some source code, could be done, but it'll be more complex. If you need it you can contact with us using our contact form and our sales dept will give to you some price for doing it www.openkm.com/Contact

[jgeuens]

Hi,

Thanks for your fast reply!

I was not going to use one user. Each user logs in with its own user/password in our application and I want to pass at the background of our application these credentials to the OpenKM system to login, get a token and to send back the download url with the token added. If the user has not the right permission, downloading the file will fail. If the user is nog registered in the OpenKM system, getting a token will fail. Otherwise the file can be downloaded without loging into the OpenKM system explicitly.

The suggestion you give, downloading the file on the local server with the Document service, is an alternative for my problem. But than I have to use my local server to get the document and pass it to the client. Each document has to pass my local server, without added value. In the fist case, my server could just pass the url, so that the download action occurs on client side and my local server hasn't to do a lot of heavy work.

I created an overview of both cases :

Case 1 :

client :get document
local server :lookup url of the document in the local database
local server:call OpenKM webservice with client credentials to get token
OpenKM:login to get token
local server:add token to the document url
local server:send it back to the client
client:open local browser to download the document


Case 2 :

client :get document
local server : lookup url of the document in the local database
local server :call OpenKM webservice with client credentials to get token
OpenKM:login to get token
local server :call OpenKM webservice with token to download the document
local server :send the byte array back to the client
client :save the byte array in the clients temp folder
client :open a client application to view the document


The first case is possible in another DMS system, Alfresco. Have a look at http://wiki.alfresco.com/wiki/URL_Addre ... L_Argument.
So there is no security loss, because we are using the client credentials to pass and not one general user.

What do you think?

Greetz, Joris

[pavila]

In the second case you don't have to store the downloaded document in a temporary folder. You can create a webservices-based server which take the document from OpenKM and send-back to the client directly.

Also is possible the add a new servlet in OpenKM which can download a document directly using BASIC authentication.

[jgeuens]

Hi Pavila,

I've some questions about your reply.

My application works with a swing fat client and connects to a J2EE server. So I want to make my J2EE server responsible to call the OpenKM webservices. If I want to switch to another document server in the future or another version, I only have to change my server side module and not all my clients. My server side module has a generic interface for the client, document server independent. So my clients are not able to call webservices, they can only call J2EE session beans.

* What do you mean with "send-back to the client directly"? With my fat client I've to call a session bean and to send back a byte array with the document content, I can not send back the url (already authenticated) so that the client's browser will download the document?

* What do you mean with "BASIC authentication"? Just making the repository accessible for everyone?

Greetz, Joris

[pavila]

With BASIC authentication you can provide the username and password in the URL. See http://en.wikipedia.org/wiki/Basic_acce ... entication for more info.