How would I go about developing a simple DFS custom service that passes in a userid and returns a login ticket? Is there any sample code that already implements this using DFS 6.5?
Thanks
Do you want to do something different than what the ContextRegistryService does? That's what the existing service is for.
The ContextRegistryService is rudimentary at best. I need to simulate single sign-on; get the user's repository credentials without having to pass the user's id (so they don't have to log in every time they want to view a document in the repository). This functionality is not exposed in DFS, e.g. access DFC IdfSessionManager in order to return a user login ticket that is subsequently used by my custom application.
If there is a way to do this via the DFS .net productivity layer, by all means let me know - according to EMC tech support and dev engineers, it is not exposed in DFS.
CORRECTION: "I need to simulate single sign-on; get the user's repository credentials without having to pass the user's id" - user's id should read user's password.
It's OK to develop a customized service to return login ticket. DFS dev guide should have provided you enough information. You need to use DFC interface to get login ticket. But you cannot use our existing services, such as object service, schema service, etc. Because these services don't support this kind of authentication.
-simon
Hi,
I had to do the same thing in my app, here is the service. Just update the package and namespace info, then package and deploy it:
package use.your.package;
import com.documentum.fc.client.IDfSession;import com.documentum.fc.client.IDfSessionManager;import com.emc.documentum.fs.rt.annotations.DfsPojoService;import com.emc.documentum.fs.rt.context.DfcSessionManager;
@DfsPojoService(targetNamespace = "http://use.your.namespace")public class AuthTicketService {/** * Gets the authentication ticket for a particular user. This service must be executed with superuser privileges. * * @param userName - the user for which the login ticket is desired * @param scope - the scope of the acquired login ticket. It can be "server", "docbase", or "global". * @param timeout - How long will acquired login ticket remain valid since generation. * @param singleUse - if the login ticket can be used once only * @param serverName - When single_use is true, the acquired one-time login ticket will be valid in the specified server only. * @return * @throws Exception */public String getAuthTicket(String userName, String scope, int timeout, boolean singleUse, String serverName, String docbaseName) throws Exception{String ticket =
null;IDfSessionManager manager =
null;IDfSession session =
null;
try {manager = DfcSessionManager.getSessionManager();
session = manager.getSession(docbaseName);
ticket = session.getLoginTicketEx(userName, scope, timeout,
singleUse, serverName);
catch (DfException dfe) {System.
out.println("Exception in SSO service: " + dfe.getMessage());}
finally {
if (session != null)manager.release(session);
}
return ticket;
}}
You need to use DFC interface to get login ticket. But you cannot use our existing services, such as object service, schema service, etc. Because these services don't support this kind of authentication.
He could always use the ticket to get a token from the ContextRegistryService. Just fill in ticket in the password field of the RepositoryIdentity object. Then he could use the other DFS services.
that sounds a reasonable workaround.
Hello, ALL
I try to use token from ContextRegistryService in other services.
Write it to header:
<ServiceContext xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" token="winxpsp3-cln/192.168.0.165-1265630977625-1395718088356896502-33" />
But, the exception occurs:
"Authorization failed, could not find identities in service context with token \"temporary/127.0.0.1-1265631090078-732600001815801536\""
Why?
