Hi,
After the post concerning the Documentum : Ticketed Authentication, Generation Of DM_TICKET, I would expose in this post the principal-mode authentication via the use of IDfPrincipalSupport interface.
The DFC javadoc describes this interface: An interface supported by classes that can establish sessions using principal-mode authentication. Principal-mode authentication is a form of authentication in which the caller has already established the validity of the user and therefore an explicit password verification is not needed.
IDfPrincipalSupport Interface
In order to use principal support, the IDfPrincipalSupport object must be a custom class that implements IDfPrincipalSupport and overrides its IDfSession IDfPrincipalSupport.getSession(String docbaseName, String principalName) method. More, this class must could have a constructor with Constructor(IDfTrustManager trustManager) parameter for an established authentication within the admin-user.
A getSession method with String docbaseName, String principalName parameters corresponding to the docbase and login of user for which a session must be created. First a session is created for the admin-user with the established dfSessionManager
1 | synchronized (dfSessionManager) { |
2 | if (!dfSessionManager.hasIdentity(docbaseName)) { |
3 | dfSessionManager.setIdentity(docbaseName, dfTrustManager.getTrustCredential(docbaseName)); |
6 | IDfSession dfSession = dfSessionManager.getSession(docbaseName); |
….and second, a LoginTicket is created for principalName user via the previously created session:
1 | IDfClientX dfClientX = new DfClientX(); |
2 | IDfClient dfClient = dfClientX.getLocalClient(); |
3 | result = dfClient.newSession(docbaseName, new DfLoginInfo(principalName, dfSession.getLoginTicketForUser(principalName))); |
…. and last, the first created session of admin-user is released:
1 | dfSessionManager.release(dfSession); |
Here the full code of MyPrincipalSupport class:
01 | private static class MyPrincipalSupport implements IDfPrincipalSupport { |
03 | private final IDfTrustManager dfTrustManager; |
04 | private final IDfSessionManager dfSessionManager; |
06 | public MyPrincipalSupport(IDfTrustManager trustManager) throws DfException { |
07 | if (trustManager == null) { |
08 | throw new IllegalArgumentException("trustManager cannot be null"); |
10 | this.dfTrustManager = trustManager; |
11 | IDfClientX dfClientX = new DfClientX(); |
12 | IDfClient dfClient = dfClientX.getLocalClient(); |
13 | this.dfSessionManager = dfClient.newSessionManager(); |
17 | public IDfSession getSession(String docbaseName, String principalName) throws DfPrincipalException { |
19 | if (!dfSessionManager.hasIdentity(docbaseName)) { |
20 | synchronized (dfSessionManager) { |
21 | if (!dfSessionManager.hasIdentity(docbaseName)) { |
22 | dfSessionManager.setIdentity(docbaseName, dfTrustManager.getTrustCredential(docbaseName)); |
27 | IDfSession dfSession = dfSessionManager.getSession(docbaseName); |
29 | IDfClientX dfClientX = new DfClientX(); |
30 | IDfClient dfClient = dfClientX.getLocalClient(); |
31 | result = dfClient.newSession(docbaseName, new DfLoginInfo(principalName, dfSession.getLoginTicketForUser(principalName))); |
33 | dfSessionManager.release(dfSession); |
36 | } catch (DfPrincipalException e) { |
38 | } catch (Exception e) { |
39 | throw new DfPrincipalException(MessageFormat.format("Unable to retrieve IdfSession for user \"{0}\" and docbase {1}", principalName, docbaseName), e); |
Identity Mode VS Principal Support Mode
The Identity Mode is the classic authentication method via the parameters String userAdmin, String passwdAdmin, String docbase:
01 | IDfLoginInfo login = new DfLoginInfo(); |
02 | login.setUser(userAdmin); |
03 | login.setPassword(passwdAdmin); |
04 | IDfClientX clientx = new DfClientX(); |
05 | IDfClient client = clientx.getLocalClient(); |
07 | this.sessMgr = client.newSessionManager(); |
08 | this.sessMgr.setIdentity(docbase, login); |
10 | this.idfSession = sessMgr.getSession(docbase); |
11 | if (this.idfSession != null) |
12 | System.out.println("Session created successfully"); |
The Principal Support Mode is a proxy authentication method using the class implementing IDfPrincipalSupport with the parameters String userAdmin, String passwdAdmin, String docbase, String principalName. The void setPrincipalSupport(IDfPrincipalSupport support) method changes the session manager mode from “Identity” mode to “Principal Support” mode in order to support single sign in. This method allows a client to define a handler that creates sessions on behalf of principal users.
01 | IDfLoginInfo login = new DfLoginInfo(); |
02 | login.setUser(userAdmin); |
03 | login.setPassword(passwdAdmin); |
04 | IDfClientX clientx = new DfClientX(); |
05 | IDfClient client = clientx.getLocalClient(); |
07 | client.setPrincipalSupport(new MyPrincipalSupport(new DfSimpleTrustManager(new DfLoginInfo(userAdmin, passwdAdmin)))); |
08 | this.sessMgr = client.newSessionManager(); |
09 | this.sessMgr.setPrincipalName(principalName); |
11 | this.idfSession = sessMgr.getSession(docbase); |
12 | if (this.idfSession != null) |
13 | System.out.println("Session created successfully"); |
TESTS : Identity Mode VS Principal Support Mode
Here, a test class creating a document using these 2 modes:
001 | package com.huo.test.ecm.test5; |
003 | import java.io.ByteArrayOutputStream; |
005 | import java.io.FileInputStream; |
006 | import java.io.InputStream; |
007 | import java.text.MessageFormat; |
009 | import org.apache.commons.io.IOUtils; |
011 | import com.documentum.com.DfClientX; |
012 | import com.documentum.com.IDfClientX; |
013 | import com.documentum.fc.client.DfPrincipalException; |
014 | import com.documentum.fc.client.DfSimpleTrustManager; |
015 | import com.documentum.fc.client.IDfClient; |
016 | import com.documentum.fc.client.IDfDocument; |
017 | import com.documentum.fc.client.IDfPrincipalSupport; |
018 | import com.documentum.fc.client.IDfSession; |
019 | import com.documentum.fc.client.IDfSessionManager; |
020 | import com.documentum.fc.client.IDfTrustManager; |
021 | import com.documentum.fc.common.DfException; |
022 | import com.documentum.fc.common.DfLoginInfo; |
023 | import com.documentum.fc.common.IDfLoginInfo; |
024 | import com.documentum.fc.common.impl.MessageHelper; |
029 | * Documentum DFC - Principal-Mode Authentication : Use of IDfPrincipalSupport |
031 | * Use of "IDfPrincipalSupport" interface: |
032 | * An interface supported by classes that can establish sessions using principal-mode authentication. |
033 | * Principal-mode authentication is a form of authentication in which the caller has already established the validity of the user and therefore an explicit |
034 | * password verification is not needed. |
037 | public class DfcPrincipalSupportLoginTest { |
040 | IDfSession idfSession = null; |
041 | IDfSessionManager sessMgr = null; |
043 | private static class MyPrincipalSupport implements IDfPrincipalSupport { |
045 | private final IDfTrustManager dfTrustManager; |
046 | private final IDfSessionManager dfSessionManager; |
048 | public MyPrincipalSupport(IDfTrustManager trustManager) throws DfException { |
049 | if (trustManager == null) { |
050 | throw new IllegalArgumentException("trustManager cannot be null"); |
052 | this.dfTrustManager = trustManager; |
053 | IDfClientX dfClientX = new DfClientX(); |
054 | IDfClient dfClient = dfClientX.getLocalClient(); |
055 | this.dfSessionManager = dfClient.newSessionManager(); |
059 | public IDfSession getSession(String docbaseName, String principalName) throws DfPrincipalException { |
061 | if (!dfSessionManager.hasIdentity(docbaseName)) { |
062 | synchronized (dfSessionManager) { |
063 | if (!dfSessionManager.hasIdentity(docbaseName)) { |
064 | dfSessionManager.setIdentity(docbaseName, dfTrustManager.getTrustCredential(docbaseName)); |
069 | IDfSession dfSession = dfSessionManager.getSession(docbaseName); |
071 | IDfClientX dfClientX = new DfClientX(); |
072 | IDfClient dfClient = dfClientX.getLocalClient(); |
073 | result = dfClient.newSession(docbaseName, new DfLoginInfo(principalName, dfSession.getLoginTicketForUser(principalName))); |
075 | dfSessionManager.release(dfSession); |
078 | } catch (DfPrincipalException e) { |
080 | } catch (Exception e) { |
081 | throw new DfPrincipalException(MessageFormat.format("Unable to retrieve IdfSession for user \"{0}\" and docbase {1}", principalName, docbaseName), e); |
090 | * Create a Session in "Identity Mode" OR "Principal Support Mode" |
094 | * @param principalName |
097 | public DfcPrincipalSupportLoginTest(String userAdmin, String passwdAdmin, String docbase, String principalName) throws Exception { |
099 | IDfLoginInfo login = new DfLoginInfo(); |
100 | login.setUser(userAdmin); |
101 | login.setPassword(passwdAdmin); |
102 | IDfClientX clientx = new DfClientX(); |
103 | IDfClient client = clientx.getLocalClient(); |
106 | if(principalName!=null){ |
107 | client.setPrincipalSupport(new MyPrincipalSupport(new DfSimpleTrustManager(new DfLoginInfo(userAdmin, passwdAdmin)))); |
108 | this.sessMgr = client.newSessionManager(); |
109 | this.sessMgr.setPrincipalName(principalName); |
113 | this.sessMgr = client.newSessionManager(); |
114 | this.sessMgr.setIdentity(docbase, login); |
117 | this.idfSession = sessMgr.getSession(docbase); |
118 | if (this.idfSession != null) |
119 | System.out.println("Session created successfully"); |
124 | public void releaseSession() throws Exception { |
125 | if(sessMgr!=null && idfSession!=null){ |
126 | sessMgr.release(idfSession); |
134 | public static void main(String[] args) throws Exception { |
137 | testWithSessionOfPrincipalNameViaPrincipalSupport(); |
140 | public static void testWithSession() throws Exception { |
144 | String userAdmin = "adminuser"; |
145 | String passwdAdmin = "pass_4adminuser"; |
146 | String docbase = "MY_DOCBASE"; |
148 | DfcPrincipalSupportLoginTest object = new DfcPrincipalSupportLoginTest(userAdmin, passwdAdmin, docbase, null); |
150 | boolean isTransactionalSession = false; |
151 | boolean noErrorWithCurrentDocument = false; |
153 | if (!object.idfSession.isTransactionActive()) { |
154 | object.idfSession.beginTrans(); |
155 | isTransactionalSession = true; |
158 | startTime = System.currentTimeMillis(); |
161 | IDfDocument dfDocument = (IDfDocument) object.idfSession.newObject("my_huo_document"); |
162 | dfDocument.setObjectName("Object's name"); |
163 | dfDocument.setTitle("Object's title"); |
164 | dfDocument.setString("owner_name", userAdmin); |
165 | dfDocument.setString("year", "2018"); |
166 | dfDocument.setString("status_label", "DRAFT"); |
167 | dfDocument.setContentType("excel12book"); |
170 | ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); |
171 | InputStream inputStream = null; |
173 | File contentFile = new File("C:\\Users\\principalName\\Desktop\\temp.pdf"); |
174 | inputStream = new FileInputStream(contentFile); |
175 | IOUtils.copy(inputStream, byteArrayOutputStream); |
176 | dfDocument.setContent(byteArrayOutputStream); |
179 | if(inputStream!=null){ |
183 | byteArrayOutputStream.close(); |
185 | System.out.println("New document created successfully : " + dfDocument.getObjectId().getId()); |
186 | System.out.println("---------------------- "); |
187 | System.out.println("object_name : " + dfDocument.getString("object_name")); |
188 | System.out.println("title : " + dfDocument.getString("title")); |
189 | System.out.println("owner_name : " + dfDocument.getString("owner_name")); |
190 | System.out.println("r_modifier : " + dfDocument.getString("r_modifier")); |
191 | System.out.println("r_creator_name : " + dfDocument.getString("r_creator_name")); |
192 | for(int i=0 ; i<dfDocument.getVersionLabelCount(); i++){ |
193 | System.out.println("r_version_label ["+i+"]: " + dfDocument.getVersionLabel(i)); |
196 | stopTime = System.currentTimeMillis(); |
198 | noErrorWithCurrentDocument = true; |
200 | } catch (Throwable e) { |
201 | StringBuilder sb = new StringBuilder(MessageFormat.format("ERROR : {0}", "java.lu")); |
202 | sb.append(IOUtils.LINE_SEPARATOR); |
203 | sb.append(MessageHelper.getStackTraceAsString(e)); |
204 | System.out.println(sb.toString()); |
207 | if (isTransactionalSession) { |
208 | if (noErrorWithCurrentDocument) { |
209 | object.idfSession.commitTrans(); |
211 | object.idfSession.abortTrans(); |
215 | object.releaseSession(); |
217 | long elapsedTime = stopTime - startTime; |
218 | System.out.println(MessageFormat.format("Execute() total execution time : {0} ms ", elapsedTime)); |
225 | public static void testWithSessionOfPrincipalNameViaPrincipalSupport() throws Exception { |
229 | String userAdmin = "adminuser"; |
230 | String passwdAdmin = "pass_4adminuser"; |
231 | String docbase = "MY_DOCBASE"; |
232 | String principalName = "principalName"; |
234 | DfcPrincipalSupportLoginTest object = new DfcPrincipalSupportLoginTest(userAdmin, passwdAdmin, docbase, principalName); |
236 | boolean isTransactionalSession = false; |
237 | boolean noErrorWithCurrentDocument = false; |
239 | if (!object.idfSession.isTransactionActive()) { |
240 | object.idfSession.beginTrans(); |
241 | isTransactionalSession = true; |
244 | startTime = System.currentTimeMillis(); |
247 | IDfDocument dfDocument = (IDfDocument) object.idfSession.newObject("my_huo_document"); |
248 | dfDocument.setObjectName("Object's name"); |
249 | dfDocument.setTitle("Object's title"); |
250 | dfDocument.setString("owner_name", principalName); |
251 | dfDocument.setString("year", "2018"); |
252 | dfDocument.setString("status_label", "DRAFT"); |
253 | dfDocument.setContentType("excel12book"); |
256 | ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); |
257 | InputStream inputStream = null; |
259 | File contentFile = new File("C:\\Users\\principalName\\Desktop\\temp.pdf"); |
260 | inputStream = new FileInputStream(contentFile); |
261 | IOUtils.copy(inputStream, byteArrayOutputStream); |
262 | dfDocument.setContent(byteArrayOutputStream); |
265 | if(inputStream!=null){ |
269 | byteArrayOutputStream.close(); |
272 | System.out.println("New document created successfully : " + dfDocument.getObjectId().getId()); |
274 | System.out.println("---------------------- "); |
275 | System.out.println("object_name : " + dfDocument.getString("object_name")); |
276 | System.out.println("title : " + dfDocument.getString("title")); |
277 | System.out.println("owner_name : " + dfDocument.getString("owner_name")); |
278 | System.out.println("r_modifier : " + dfDocument.getString("r_modifier")); |
279 | System.out.println("r_creator_name : " + dfDocument.getString("r_creator_name")); |
280 | for(int i=0 ; i<dfDocument.getVersionLabelCount(); i++){ |
281 | System.out.println("r_version_label ["+i+"]: " + dfDocument.getVersionLabel(i)); |
284 | stopTime = System.currentTimeMillis(); |
286 | noErrorWithCurrentDocument = true; |
288 | } catch (Throwable e) { |
289 | StringBuilder sb = new StringBuilder(MessageFormat.format("ERROR : {0}", "java.lu")); |
290 | sb.append(IOUtils.LINE_SEPARATOR); |
291 | sb.append(MessageHelper.getStackTraceAsString(e)); |
292 | System.out.println(sb.toString()); |
295 | if (isTransactionalSession) { |
296 | if (noErrorWithCurrentDocument) { |
297 | object.idfSession.commitTrans(); |
299 | object.idfSession.abortTrans(); |
303 | object.releaseSession(); |
305 | long elapsedTime = stopTime - startTime; |
306 | System.out.println(MessageFormat.format("Execute() total execution time : {0} ms ", elapsedTime)); |
… the outputs are:
01 | New document created successfully : 090xxxxxxxxxxxff4 |
03 | object_name : Object's name |
07 | r_creator_name : adminuser |
08 | r_version_label [0]: 1.0 |
09 | r_version_label [1]: CURRENT |
10 | Execute() total execution time : 8,327 ms |
15 | New document created successfully : 090xxxxxxxxxxxff5 |
17 | object_name : Object's name |
19 | owner_name : principalName |
20 | r_modifier : principalName |
21 | r_creator_name : principalName |
22 | r_version_label [0]: 1.0 |
23 | r_version_label [1]: CURRENT |
24 | Execute() total execution time : 600 ms |
Best regards,
Huseyin OZVEREN
Related
