Hi,

After the post concerning the Documentum : Ticketed Authentication, Generation Of DM_TICKET, I would expose in this post the principal-mode authentication via the use of IDfPrincipalSupport interface.

The DFC javadoc describes this interface: An interface supported by classes that can establish sessions using principal-mode authentication. Principal-mode authentication is a form of authentication in which the caller has already established the validity of the user and therefore an explicit password verification is not needed.
 
 

IDfPrincipalSupport Interface

In order to use principal support, the IDfPrincipalSupport object must be a custom class that implements IDfPrincipalSupport and overrides its IDfSession IDfPrincipalSupport.getSession(String docbaseName, String principalName) method. More, this class must could have a constructor with Constructor(IDfTrustManager trustManager) parameter for an established authentication within the admin-user.
 
A getSession method with String docbaseName, String principalName parameters corresponding to the docbase and login of user for which a session must be created. First a session is created for the admin-user with the established dfSessionManager

synchronized (dfSessionManager) {
	if (!dfSessionManager.hasIdentity(docbaseName)) {
		dfSessionManager.setIdentity(docbaseName, dfTrustManager.getTrustCredential(docbaseName));
	}
}
IDfSession dfSession = dfSessionManager.getSession(docbaseName);

 
….and second, a LoginTicket is created for principalName user via the previously created session:

IDfClientX dfClientX = new DfClientX();
IDfClient dfClient = dfClientX.getLocalClient();
result = dfClient.newSession(docbaseName, new DfLoginInfo(principalName, dfSession.getLoginTicketForUser(principalName)));

 
…. and last, the first created session of admin-user is released:

dfSessionManager.release(dfSession);

 
Here the full code of MyPrincipalSupport class:


	private static class MyPrincipalSupport implements IDfPrincipalSupport {

		private final IDfTrustManager dfTrustManager;
		private final IDfSessionManager dfSessionManager;

		public MyPrincipalSupport(IDfTrustManager trustManager) throws DfException {
			if (trustManager == null) {
				throw new IllegalArgumentException("trustManager cannot be null");
			}
			this.dfTrustManager = trustManager;
			IDfClientX dfClientX = new DfClientX();
			IDfClient dfClient = dfClientX.getLocalClient();
			this.dfSessionManager = dfClient.newSessionManager();
		}

		@Override
		public IDfSession getSession(String docbaseName, String principalName) throws DfPrincipalException {
			try {
				if (!dfSessionManager.hasIdentity(docbaseName)) {
					synchronized (dfSessionManager) {
						if (!dfSessionManager.hasIdentity(docbaseName)) {
							dfSessionManager.setIdentity(docbaseName, dfTrustManager.getTrustCredential(docbaseName));
						}
					}
				}
				IDfSession result;
				IDfSession dfSession = dfSessionManager.getSession(docbaseName);
				try {
					IDfClientX dfClientX = new DfClientX();
					IDfClient dfClient = dfClientX.getLocalClient();
					result = dfClient.newSession(docbaseName, new DfLoginInfo(principalName, dfSession.getLoginTicketForUser(principalName)));
				} finally {
					dfSessionManager.release(dfSession);
				}
				return result;
			} catch (DfPrincipalException e) {
				throw e;
			} catch (Exception e) {
				throw new DfPrincipalException(MessageFormat.format("Unable to retrieve IdfSession for user \"{0}\" and docbase {1}", principalName, docbaseName), e);
			}
		}
	}

 
 

Identity Mode VS Principal Support Mode

The Identity Mode is the classic authentication method via the parameters String userAdmin, String passwdAdmin, String docbase:

		IDfLoginInfo login = new DfLoginInfo();
		login.setUser(userAdmin);
		login.setPassword(passwdAdmin);
		IDfClientX clientx = new DfClientX();
		IDfClient client = clientx.getLocalClient();

		this.sessMgr = client.newSessionManager();
		this.sessMgr.setIdentity(docbase, login);
	
		this.idfSession = sessMgr.getSession(docbase);
		if (this.idfSession != null)
			System.out.println("Session created successfully");

 
The Principal Support Mode is a proxy authentication method using the class implementing IDfPrincipalSupport with the parameters String userAdmin, String passwdAdmin, String docbase, String principalName. The void setPrincipalSupport(IDfPrincipalSupport support) method changes the session manager mode from “Identity” mode to “Principal Support” mode in order to support single sign in. This method allows a client to define a handler that creates sessions on behalf of principal users.

		IDfLoginInfo login = new DfLoginInfo();
		login.setUser(userAdmin);
		login.setPassword(passwdAdmin);
		IDfClientX clientx = new DfClientX();
		IDfClient client = clientx.getLocalClient();

		client.setPrincipalSupport(new MyPrincipalSupport(new DfSimpleTrustManager(new DfLoginInfo(userAdmin, passwdAdmin))));
		this.sessMgr = client.newSessionManager();
		this.sessMgr.setPrincipalName(principalName);
		
		this.idfSession = sessMgr.getSession(docbase);
		if (this.idfSession != null)
			System.out.println("Session created successfully");

 
 

TESTS : Identity Mode VS Principal Support Mode

Here, a test class creating a document using these 2 modes:

package com.huo.test.ecm.test5;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.text.MessageFormat;

import org.apache.commons.io.IOUtils;

import com.documentum.com.DfClientX;
import com.documentum.com.IDfClientX;
import com.documentum.fc.client.DfPrincipalException;
import com.documentum.fc.client.DfSimpleTrustManager;
import com.documentum.fc.client.IDfClient;
import com.documentum.fc.client.IDfDocument;
import com.documentum.fc.client.IDfPrincipalSupport;
import com.documentum.fc.client.IDfSession;
import com.documentum.fc.client.IDfSessionManager;
import com.documentum.fc.client.IDfTrustManager;
import com.documentum.fc.common.DfException;
import com.documentum.fc.common.DfLoginInfo;
import com.documentum.fc.common.IDfLoginInfo;
import com.documentum.fc.common.impl.MessageHelper;



/**
 * Documentum DFC - Principal-Mode Authentication : Use of IDfPrincipalSupport
 * 
 * Use of "IDfPrincipalSupport" interface:
 * 			An interface supported by classes that can establish sessions using principal-mode authentication. 
 * 			Principal-mode authentication is a form of authentication in which the caller has already established the validity of the user and therefore an explicit 
 * 			password verification is not needed.
 * 
 */
public class DfcPrincipalSupportLoginTest {


	IDfSession idfSession = null;
	IDfSessionManager sessMgr = null;

	private static class MyPrincipalSupport implements IDfPrincipalSupport {

		private final IDfTrustManager dfTrustManager;
		private final IDfSessionManager dfSessionManager;

		public MyPrincipalSupport(IDfTrustManager trustManager) throws DfException {
			if (trustManager == null) {
				throw new IllegalArgumentException("trustManager cannot be null");
			}
			this.dfTrustManager = trustManager;
			IDfClientX dfClientX = new DfClientX();
			IDfClient dfClient = dfClientX.getLocalClient();
			this.dfSessionManager = dfClient.newSessionManager();
		}

		@Override
		public IDfSession getSession(String docbaseName, String principalName) throws DfPrincipalException {
			try {
				if (!dfSessionManager.hasIdentity(docbaseName)) {
					synchronized (dfSessionManager) {
						if (!dfSessionManager.hasIdentity(docbaseName)) {
							dfSessionManager.setIdentity(docbaseName, dfTrustManager.getTrustCredential(docbaseName));
						}
					}
				}
				IDfSession result;
				IDfSession dfSession = dfSessionManager.getSession(docbaseName);
				try {
					IDfClientX dfClientX = new DfClientX();
					IDfClient dfClient = dfClientX.getLocalClient();
					result = dfClient.newSession(docbaseName, new DfLoginInfo(principalName, dfSession.getLoginTicketForUser(principalName)));
				} finally {
					dfSessionManager.release(dfSession);
				}
				return result;
			} catch (DfPrincipalException e) {
				throw e;
			} catch (Exception e) {
				throw new DfPrincipalException(MessageFormat.format("Unable to retrieve IdfSession for user \"{0}\" and docbase {1}", principalName, docbaseName), e);
			}
		}
	}
	



	/**
	 * Create a Session in "Identity Mode" OR "Principal Support Mode"
	 * @param userAdmin
	 * @param passwdAdmin
	 * @param docbase
	 * @param principalName
	 * @throws Exception
	 */
	public DfcPrincipalSupportLoginTest(String userAdmin, String passwdAdmin, String docbase, String principalName) throws Exception {

		IDfLoginInfo login = new DfLoginInfo();
		login.setUser(userAdmin);
		login.setPassword(passwdAdmin);
		IDfClientX clientx = new DfClientX();
		IDfClient client = clientx.getLocalClient();

		// Principal Support Mode 
		if(principalName!=null){
			client.setPrincipalSupport(new MyPrincipalSupport(new DfSimpleTrustManager(new DfLoginInfo(userAdmin, passwdAdmin))));
			this.sessMgr = client.newSessionManager();
			this.sessMgr.setPrincipalName(principalName);
			
		// Identity Mode
		}else{
			this.sessMgr = client.newSessionManager();
			this.sessMgr.setIdentity(docbase, login);
		}
		
		this.idfSession = sessMgr.getSession(docbase);
		if (this.idfSession != null)
			System.out.println("Session created successfully");
	}	
	


	public void releaseSession() throws Exception {
		if(sessMgr!=null && idfSession!=null){
			sessMgr.release(idfSession);
		}
	}
	




	public static void main(String[] args) throws Exception {
		testWithSession();
		
		testWithSessionOfPrincipalNameViaPrincipalSupport();
	}
	
	public static void testWithSession() throws Exception {
		long startTime = 0;
		long stopTime = 0;
		
		String userAdmin = "adminuser";
		String passwdAdmin = "pass_4adminuser";
		String docbase = "MY_DOCBASE";
		
		DfcPrincipalSupportLoginTest object = new DfcPrincipalSupportLoginTest(userAdmin, passwdAdmin, docbase, null);
		
		boolean isTransactionalSession = false;
		boolean noErrorWithCurrentDocument = false;
		try {
			if (!object.idfSession.isTransactionActive()) {
				object.idfSession.beginTrans();
				isTransactionalSession = true;
			}

			startTime = System.currentTimeMillis();
			
			// --- MetaData
			IDfDocument dfDocument = (IDfDocument) object.idfSession.newObject("my_huo_document");
			dfDocument.setObjectName("Object's name");
			dfDocument.setTitle("Object's title");
			dfDocument.setString("owner_name", userAdmin);
			dfDocument.setString("year", "2018");
			dfDocument.setString("status_label", "DRAFT");
			dfDocument.setContentType("excel12book");

			// --- Content
			ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
			InputStream inputStream = null;
			try {
				File contentFile = new File("C:\\Users\\principalName\\Desktop\\temp.pdf");
				inputStream = new FileInputStream(contentFile);
				IOUtils.copy(inputStream, byteArrayOutputStream);
				dfDocument.setContent(byteArrayOutputStream);
				dfDocument.save();
			} finally {
				if(inputStream!=null){
					inputStream.close();
				}

				byteArrayOutputStream.close();
			}
			System.out.println("New document created successfully : " + dfDocument.getObjectId().getId());
			System.out.println("---------------------- ");
			System.out.println("object_name : " + dfDocument.getString("object_name"));
			System.out.println("title : " + dfDocument.getString("title"));
			System.out.println("owner_name : " + dfDocument.getString("owner_name"));
			System.out.println("r_modifier : " + dfDocument.getString("r_modifier"));
			System.out.println("r_creator_name : " + dfDocument.getString("r_creator_name"));
			for(int i=0 ; i<dfDocument.getVersionLabelCount(); i++){
				System.out.println("r_version_label ["+i+"]: " + dfDocument.getVersionLabel(i));
			}

			stopTime = System.currentTimeMillis();
			
			noErrorWithCurrentDocument = true;
			
		} catch (Throwable e) {
			StringBuilder sb = new StringBuilder(MessageFormat.format("ERROR : {0}", "java.lu"));
			sb.append(IOUtils.LINE_SEPARATOR);
			sb.append(MessageHelper.getStackTraceAsString(e));
			System.out.println(sb.toString());
			
		} finally {
			if (isTransactionalSession) {
				if (noErrorWithCurrentDocument) {
					object.idfSession.commitTrans();
				} else {
					object.idfSession.abortTrans();
				}
			}
			// to release a docbase session
			object.releaseSession();
			
			long elapsedTime = stopTime - startTime;
			System.out.println(MessageFormat.format("Execute() total execution time : {0} ms ", elapsedTime));
		}
	}
	



	public static void testWithSessionOfPrincipalNameViaPrincipalSupport() throws Exception {
		long startTime = 0;
		long stopTime = 0;
		
		String userAdmin = "adminuser";
		String passwdAdmin = "pass_4adminuser";
		String docbase = "MY_DOCBASE";
		String principalName = "principalName";
		
		DfcPrincipalSupportLoginTest object = new DfcPrincipalSupportLoginTest(userAdmin, passwdAdmin, docbase, principalName);
		
		boolean isTransactionalSession = false;
		boolean noErrorWithCurrentDocument = false;
		try {
			if (!object.idfSession.isTransactionActive()) {
				object.idfSession.beginTrans();
				isTransactionalSession = true;
			}

			startTime = System.currentTimeMillis();
			
			// --- MetaData
			IDfDocument dfDocument = (IDfDocument) object.idfSession.newObject("my_huo_document");
			dfDocument.setObjectName("Object's name");
			dfDocument.setTitle("Object's title");
			dfDocument.setString("owner_name", principalName);
			dfDocument.setString("year", "2018");
			dfDocument.setString("status_label", "DRAFT");
			dfDocument.setContentType("excel12book");

			// --- Content
			ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
			InputStream inputStream = null;
			try {
				File contentFile = new File("C:\\Users\\principalName\\Desktop\\temp.pdf");
				inputStream = new FileInputStream(contentFile);
				IOUtils.copy(inputStream, byteArrayOutputStream);
				dfDocument.setContent(byteArrayOutputStream);
				dfDocument.save();
			} finally {
				if(inputStream!=null){
					inputStream.close();
				}

				byteArrayOutputStream.close();
			}
			
			System.out.println("New document created successfully : " + dfDocument.getObjectId().getId());

			System.out.println("---------------------- ");
			System.out.println("object_name : " + dfDocument.getString("object_name"));
			System.out.println("title : " + dfDocument.getString("title"));
			System.out.println("owner_name : " + dfDocument.getString("owner_name"));
			System.out.println("r_modifier : " + dfDocument.getString("r_modifier"));
			System.out.println("r_creator_name : " + dfDocument.getString("r_creator_name"));
			for(int i=0 ; i<dfDocument.getVersionLabelCount(); i++){
				System.out.println("r_version_label ["+i+"]: " + dfDocument.getVersionLabel(i));
			}

			stopTime = System.currentTimeMillis();
			
			noErrorWithCurrentDocument = true;
			
		} catch (Throwable e) {
			StringBuilder sb = new StringBuilder(MessageFormat.format("ERROR : {0}", "java.lu"));
			sb.append(IOUtils.LINE_SEPARATOR);
			sb.append(MessageHelper.getStackTraceAsString(e));
			System.out.println(sb.toString());
			
		} finally {
			if (isTransactionalSession) {
				if (noErrorWithCurrentDocument) {
					object.idfSession.commitTrans();
				} else {
					object.idfSession.abortTrans();
				}
			}
			// to release a docbase session
			object.releaseSession();
			
			long elapsedTime = stopTime - startTime;
			System.out.println(MessageFormat.format("Execute() total execution time : {0} ms ", elapsedTime));
		}
	}
	
}

 
 
… the outputs are:

New document created successfully : 090xxxxxxxxxxxff4
---------------------- 
object_name : Object's name
title : Object's title
owner_name : adminuser
r_modifier : adminuser
r_creator_name : adminuser
r_version_label [0]: 1.0
r_version_label [1]: CURRENT
Execute() total execution time : 8,327 ms 




New document created successfully : 090xxxxxxxxxxxff5
---------------------- 
object_name : Object's name
title : Object's title
owner_name : principalName
r_modifier : principalName
r_creator_name : principalName
r_version_label [0]: 1.0
r_version_label [1]: CURRENT
Execute() total execution time : 600 ms 

Best regards,

Huseyin OZVEREN