chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <>
Subject RE: OpenCMIS Workbench question
Date Fri, 22 Aug 2014 15:17:03 GMT
Hi Florian,

You are right: Documentum behavior for AtomPub binding is different. Documentum filters out
the repositories on the server side based on the sent credentials. So it's partially Documentum
"fault" ;-)

And thank you for changing RepositoryService implementation for Web Services binding in the
trunk. I've made similar change locally yesterday to get through this issue and it worked.


-----Original Message-----
From: Florian Müller [] 
Sent: Friday, August 22, 2014 4:55 AM
To: Alshuk, Sergey; dev
Subject: Re: OpenCMIS Workbench question

Hi Sergey,

The scenario is a valid, but the server behavior is not very common. Most servers only expose
the repositories that the current user can actually work with. That is, the repository list
is filtered on the server side and not on the client side. OpenCMIS sends the user credentials
with the getRepositories() call, which allows server side filtering.

It would be interesting to know what the AtomPub binding returns. Whatever it does, it must
be inconsistent with the Web Service binding. It either filters the repositories on the server
side or it provides all repository infos, which is obviously not possible with the Web Services

I have changed the Web Service code now. (You have to download the source code and build it
locally.) It catches exceptions thrown by getRepositoryInfo() and provides a repository info
stub that only contains the repository ID and the repository name. You wouldn't be able to
connect to those repositories, but since the server already revealed their existence OpenCMIS
shouldn't hide them.

- Florian

> Hi,
> I ran into the following scenario while attempting to use OpenCMIS 
> Workbench with EMC Documentum implementation of CMIS. We have multiple 
> Documentum repositories enabled on a single CMIS service endpoint. 
> However each repository has its own security settings requiring to use 
> unique credentials for each repository. When I attempt to use OpenCMIS 
> Workbench with Web Services binding for this setup, OpenCMIS Workbench 
> throws an error when trying to load the list of repositories after I press "Load Repositories"
> button on Login screen. Here is the partial stack trace of the error:
> org.apache.chemistry.opencmis.commons.exceptions.CmisRuntimeException: 
> Failed to get repository information [E_QUERY_ACTION_FAILED] "QUERY" 
> action failed. [DFC_BOF_WRONG_IDENTITY] LoginInfo and Principal for 
> "<removed>" docbase are not defined or wrong.
> Principal for "<removed>" docbase are not defined or wrong.
> 	at
> org.apache.chemistry.opencmis.client.bindings.spi.webservices.AbstractWebServicesService.convertException(
> 	at
> org.apache.chemistry.opencmis.client.bindings.spi.webservices.RepositoryServiceImpl.getRepositoryInfos(
> 	at
> org.apache.chemistry.opencmis.client.bindings.impl.RepositoryServiceImpl.getRepositoryInfos(
> 	at
> org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.getRepositories(
> 	at
> org.apache.chemistry.opencmis.workbench.model.ClientSession.connect(
> 	at
> org.apache.chemistry.opencmis.workbench.model.ClientSession.<init>(
> 	at
> org.apache.chemistry.opencmis.workbench.LoginDialog.createClientSession(
> 	at
> org.apache.chemistry.opencmis.workbench.LoginDialog$1.actionPerformed(
> 	at 
> javax.swing.AbstractButton.fireActionPerformed(
> 5)
> After reviewing OpenCMIS source code, it looks like the "Load Repositories"
> routine includes invoking RepositoryService.getRepositoryInfos() 
> method. The implementation of this method for the Web Services binding 
> executes getRepositories CMIS service call, and then for each of the 
> returned repository invokes getRepositoryInfo CMIS service call. And 
> it appears that Documentum simply doesn't allow getRepositoryInfo CMIS 
> service call to be executed for unauthenticated clients.
> Question: our setup with multiple repositories each having unique 
> security settings and available on a single CMIS service endpoint 
> seems to be valid and conforming to CMIS specification. The way 
> Documentum handles authentication for getRepositoryInfo CMIS service 
> call for Web Services binding also appears to conform CMIS spec. 1.1 
> (paragraph 4.1.2). Should OpenCMIS Workbench be modified to handle 
> this specific use case gracefully? I think that OpenCMIS Workbench 
> should allow a user to see the list of repositories for which provided 
> credentials work while "filtering out" all repositories for which it 
> cannot execute getRepositoryInfo CMIS service call. Or am I missing something and our
Documentum setup is against something defined in CMIS specification?
> Any feedback s greatly appreciated. Thank you!
> --
> Sergey Alshuk
View raw message