CS - SOAP::Lite - authorization

TeamSite 6.5
CS 2.0
Solaris 8

I took the code from this post and started to play with CS via SOAP::Lite in PERL.

It all works fine... but I'm seeing something strange.

It appears that I can log in with any valid user name without a valid password.

I've tried it on the ts server box and remotely.. it appears I am able to read and set information via CS using the beginSessionUsingPassword method for access.

I've attached the sample modules and code I was testing with, it's setup to run on a local ts server.

Can someone verify that this is happening to them.

change this line (18)
# login
my $login = $access->beginSessionUsingPassword('someuser','master','','en', 'TeamSite','localhost');

to a valid user name, leaving the password field blank.

change this line (49)
$result = $filesys->fileSetPrivate($context,'/default/main/CWS/WORKAREA/Global/templatedata/sysAdmin/deployment/datacapture.cfg', 1);

to a valid vpath.

It should set that file to private, as well as list all the branch details as per the original example.

This is the soap packets that are sent for access


  POST http://localhost/iw/services/cm/2.0/accessservice
  Accept: text/xml
  Accept: multipart/*
  Content-Length: 805
  Content-Type: text/xml; charset=utf-8
  SOAPAction: ""
  <SOAP-ENV:Envelope xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance" xmlnsOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlnsOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/1999/XMLSchema" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
   <SOAP-ENV:Body>
    <namesp1:beginSessionUsingPassword xmlns:namesp1="http://content-services.org/cm/2.0/access">
     <userName xsi:type="xsd:string">
      validuser
     </userName>
     <roleName xsi:type="xsd:string">
      master
     </roleName>
     <password xsi:type="xsd:string"/>
      <locale xsi:type="xsd:string">
       en
      </locale>
      <appContext xsi:type="xsd:string">
       TeamSite
      </appContext>
      <serverName xsi:type="xsd:string">
       localhost
      </serverName>
    </namesp1:beginSessionUsingPassword>
   </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>

  HTTP/1.1 200 (OK) 
  Connection: close
  Date: Fri, 04 Mar 2005 17:02:20 GMT
  Server: Apache/1.3.31 (Unix) mod_fastcgi/2.4.2 mod_ssl/2.8.19 OpenSSL/0.9.7d
  Content-Type: text/xml; charset="utf-8"
  Client-Date: Fri, 04 Mar 2005 17:02:20 GMT
  Client-Peer: 127.0.0.1:80
  Client-Response-Num: 1
  Client-Transfer-Encoding: chunked
  EmbeddedSOAPServer: WASP-C++ Goldfish/4.5.1-iwn1 (SunOS sun4u 5.8 Generic_117350-08)
  P3P: CP="CAO PSA OUR"
  <SOAP-ENV:Envelope xmlnsOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlnsE="http://schemas.xmlsoap.org/soap/encoding/">
   <SOAP-ENV:Body SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
    <ns0:beginSessionUsingPasswordResponse xmlns:ns0="http://content-services.org/cm/2.0/access">
     <beginSessionUsingPasswordReturn xsi:type="ns1:CSLoginInfo" xmlns:ns1="http://content-services.org/access/services2.0.xsd">
      <context xsi:type="ns2:CSContext" xmlns:ns2="http://content-services.org/types/services2.0.xsd">
       <locale xsi:type="xsd:string">
        en
       </locale>
       <appContext xsi:type="xsd:string">
        TeamSite
       </appContext>
       <sessionString xsi:type="xsd:string">
        52616e646f6d49564ae00f33bad727d7cf020990ba0a8c9743ef433039e7613c43de2e15c585f085d60452c58b45737f
       </sessionString>
       <serverName xsi:type="xsd:string">
        localhost
       </serverName>
      </context>
      <userName xsi:type="xsd:string">
       jc88151
      </userName>
      <roleName xsi:type="xsd:string">
       master
      </roleName>
      <expirationDate xsi:type="xsd:dateTime">
       2005-03-05T12:02:20-05:00
      </expirationDate>
     </beginSessionUsingPasswordReturn>
    </ns0:beginSessionUsingPasswordResponse>
   </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>

John Cuiuli

Find more posts tagged with

Comments

Johnny

Well something interesting just came up.

I can log into teamsite through the UI (std, pro) without a password!

Something definitely wrong here, I'll be raising a support call.

Solaris 8
TeamSite iwserver: 6.5.0 Build 45607 Interwoven 20050208
Reporting module installed.

John Cuiuli

Johnny

Problem solved.

It was me jumping to conclusions.

I decided to check how authentication was setup.
It was set up for PAM when there was no PAM being used.

I changed it back to local and all is fine.

John Cuiuli

Ottawa_IWOV

Hi John -

You seem to be very active on this forum. I am looking for some help. I have a script to a simple getExtendedAttributes, but it is throwing errors.

I took the sample code from Navneet. Here is the meat:

my $fileVPath=SOAP: Smiley Very Happy

ata->type(string=>'/default/main/FAC/content/WORKAREA/content/templatedata/fac_e/generic/data/air_canada_021751')->name('fileVPath');
my $eaTitle=SOAP: Smiley Very Happy

ata->type(string=>'TeamSite/Metadata/dc.title')->name('eaNameList');

$result=$filesys->getExtendedAttributes($context, $fileVPath, $eaTitle);
if ($result->fault) {
print $result->faultcode, " : ", $result->faultstring, "\n";
die "Error getting extended attributes";
}

And here is the wsdl operation:

<wsdl Smiley Surprised

peration name="getExtendedAttributes" parameterOrder="context fileVPath eaNameList">
<wsdl:documentation>
Gets the extended attributes for a file. For use only with small
EAs.
</wsdl:documentation>
<wsdl:input message="impl:getExtendedAttributesRequest"/>
<wsdl Smiley Surprised

utput message="impl:getExtendedAttributesResponse"/>
<wsdl:fault message="impl:CSException" name="CSException"/>
</wsdl Smiley Surprised

peration>

It seems to barf on what is getting passed in as eaNameList.

Any thoughts on this one?

Johnny

Reading the WSDL documentation (get yourself a WSDL editor that can document the WSDL as HTML - www.capeclear.com provides SOA Editor which is decent enough as it's fee), eaNameList is an xsd: array of strings, not a scalar string.

If you are looking for one EA... you may have just a typo and are looking for

getExtendedAttribute

instead of

getExtendedAttributes

- note the s for plural.

But I'm not sure because you haven't specified the other params (You need an offset as it returns chunked data). I haven't used these, so I don't have much more to offer sorry.

John Cuiuli

Ottawa_IWOV

Anyone know how I pass an arrayOf_xsd_string

I get de-serialization errors in Perl. Is there a special SOAP: Smiley Very Happy

ata->type I have to use (other than string).

IThanks,