chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Müller <f...@apache.org>
Subject Re: OpenCMIS Workbench question
Date Fri, 22 Aug 2014 11:54:51 GMT
Hi Sergey,

The scenario is a valid, but the server behavior is not very common. Most
servers only expose the repositories that the current user can actually work
with. That is, the repository list is filtered on the server side and not on the
client side. OpenCMIS sends the user credentials with the getRepositories()
call, which allows server side filtering.

It would be interesting to know what the AtomPub binding returns. Whatever it
does, it must be inconsistent with the Web Service binding. It either filters
the repositories on the server side or it provides all repository infos, which
is obviously not possible with the Web Services binding.

I have changed the Web Service code now. (You have to download the source code
and build it locally.)
It catches exceptions thrown by getRepositoryInfo() and provides a repository
info stub that only contains the repository ID and the repository name. You
wouldn't be able to connect to those repositories, but since the server already
revealed their existence OpenCMIS shouldn't hide them.

- Florian


> Hi,
> 
> I ran into the following scenario while attempting to use OpenCMIS Workbench
> with EMC Documentum implementation of CMIS. We have multiple Documentum
> repositories enabled on a single CMIS service endpoint. However each
> repository has its own security settings requiring to use unique credentials
> for each repository. When I attempt to use OpenCMIS Workbench with Web
> Services binding for this setup, OpenCMIS Workbench throws an error when
> trying to load the list of repositories after I press "Load Repositories"
> button on Login screen. Here is the partial stack trace of the error:
> 
> org.apache.chemistry.opencmis.commons.exceptions.CmisRuntimeException: Failed
> to get repository information
> [E_QUERY_ACTION_FAILED] "QUERY" action failed. [DFC_BOF_WRONG_IDENTITY]
> LoginInfo and Principal for "<removed>" docbase are not defined or wrong.
> [DFC_BOF_WRONG_IDENTITY] [DFC_BOF_WRONG_IDENTITY] LoginInfo and Principal for
> "<removed>" docbase are not defined or wrong.
> 	at
> org.apache.chemistry.opencmis.client.bindings.spi.webservices.AbstractWebServicesService.convertException(AbstractWebServicesService.java:119)
> 	at
> org.apache.chemistry.opencmis.client.bindings.spi.webservices.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:96)
> 	at
> org.apache.chemistry.opencmis.client.bindings.impl.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:90)
> 	at
> org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.getRepositories(SessionFactoryImpl.java:135)
> 	at
> org.apache.chemistry.opencmis.workbench.model.ClientSession.connect(ClientSession.java:192)
> 	at
> org.apache.chemistry.opencmis.workbench.model.ClientSession.<init>(ClientSession.java:117)
> 	at
> org.apache.chemistry.opencmis.workbench.LoginDialog.createClientSession(LoginDialog.java:265)
> 	at
> org.apache.chemistry.opencmis.workbench.LoginDialog$1.actionPerformed(LoginDialog.java:119)
> 	at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1995)
> 
> After reviewing OpenCMIS source code, it looks like the "Load Repositories"
> routine includes invoking RepositoryService.getRepositoryInfos() method. The
> implementation of this method for the Web Services binding executes
> getRepositories CMIS service call, and then for each of the returned
> repository invokes getRepositoryInfo CMIS service call. And it appears that
> Documentum simply doesn't allow getRepositoryInfo CMIS service call to be
> executed for unauthenticated clients.
> 
> Question: our setup with multiple repositories each having unique security
> settings and available on a single CMIS service endpoint seems to be valid and
> conforming to CMIS specification. The way Documentum handles authentication
> for getRepositoryInfo CMIS service call for Web Services binding also appears
> to conform CMIS spec. 1.1 (paragraph 4.1.2). Should OpenCMIS Workbench be
> modified to handle this specific use case gracefully? I think that OpenCMIS
> Workbench should allow a user to see the list of repositories for which
> provided credentials work while "filtering out" all repositories for which it
> cannot execute getRepositoryInfo CMIS service call. Or am I missing something
> and our Documentum setup is against something defined in CMIS specification?
> 
> Any feedback s greatly appreciated. Thank you!
> 
> --
> Sergey Alshuk
>

Mime
View raw message