Home
Extended ECM
API, SDK, REST and Web Services
Forward LiveLink session cookie to a servlet and back again
David_Beliveau_(sanmin013_-_(deleted))
Hello,We have the need to submit a livelink form that calls a Java servlet, performs some tasks, then the servlet needs to forward the login cookie to a URL that starts a workflow.How can you pass/initialize the cookie that contains the user's credentials to a servlet, then from the servlet to another URL, so that the user is not asked to login again?Thanks!
Find more posts tagged with
Comments
John_Shoun
I don't think that this can be made to work. The cookie is encrypted with the user's IP address to prevent just this type of identity theft (or transfer in your case).If you pass the cookie to the Java servlet, then it would fail authentication because it would be sending the cookie from another IP address that won't decrypt properly.There is a server configuration change you can make that causes the cookie to not me encrypted -- it's stored in clear text (user id and password). In that case it could be passed around. But I wouldn't recommend that because of the security hole.I would recommend a different desgin. Have the servlet use LAPI to connect to the Livelink server and initiate the workflow instead of using the URL. The servlet can use an admin account with 'change user' rights to allow it to pretend to be the original requestor.
volvostephen
Does the servlet need the cookie? If not, then just redirect when you are done to a livelink URL (or put a HTML / JSP page in the /livelink/ directory) and the browser will just send the existing cookie. You can also likely modify the nextURL arguement on the workflow initiation to go to a custom page again if you want.Might work...
David_Beliveau_(sanmin013_-_(deleted))
Actually I am not all that interested what is in the cookie. Here is the scenario that I am trying to perform:1. User submits a LiveLink HTML form, with files attached.2. I want to upload those files to a LiveLink folder,3. Then start a workflow.So far, what I am trying to do is submitting the form to a servlet that collects the multipart files and does the upload via LAPI. Then I was trying to build the URL to redirect to, that will start the workflow with the rest of the form data. At this point it works, but LiveLink asks for another login when I redirect from my servlet. Embedding a login into the URL isn't feasable because I need to know who the initiator is. Perhaps there is a way to get the user login from the cookie?Any thoughts? Am I going about this wrong, or is there a more efficient solution?Thanks!
volvostephen
You shouldn't be getting prompted. If you are, that likely means that the domain for Livelink is being referenced differently. For example - if you use a fully qualified domain name and the cookie is set by that, if you were to redirect to a server name, you would be forced to login. Same holds true foran IP address. Also, you have to make sure the path isn't being changed (for example you could have 2 paths pointing to the same instance). Overall, if you get all this information from the Referrer and redirect based on that, you should be ok.
David_Beliveau_(sanmin013_-_(deleted))
Thats it, I was using two different domain alias for the URL. Once they matched it worked, thanks!
T-Systems_Administrator
Hallo DavidI have the same problem just as you have. It is very grateful if you could attach your solution here.Kind regards,
