I have made custom webapp using CMIS with which I am able to get the document from repository of alfresco and also able to upload document from my webapp into the repository of alfresco. But it is not checking for user authentication, if I try to login with random user who doesn't have access to the alfresco repository he/she is also able to login.
I am using below code:
public Session getSession() {
Properties prop = new Properties();
try {
prop.load(getClass().getClassLoader().getResourceAsStream("config.properties"));
ALFRSCO_ATOMPUB_URL = "http://" + prop.getProperty("url") + ":"
+ prop.getProperty("port") + "/alfresco/service/cmis";
System.out.println(ALFRSCO_ATOMPUB_URL);
parameter.put(SessionParameter.USER, prop.getProperty("USER"));
parameter.put(SessionParameter.PASSWORD,
prop.getProperty("PASSWORD"));
// Specify the connection settings
parameter.put(SessionParameter.ATOMPUB_URL, ALFRSCO_ATOMPUB_URL);
parameter.put(SessionParameter.BINDING_TYPE,
BindingType.ATOMPUB.value());
parameter.put(SessionParameter.REPOSITORY_ID,
prop.getProperty("REPOSITORY_ID"));
SessionFactory factory = SessionFactoryImpl.newInstance();
session = factory.getRepositories(parameter).get(0).createSession();
return session;
} catch (CmisUnauthorizedException ex) {
System.out.println("you are unauthorized ");
} catch (IOException ex) {
ex.printStackTrace();
} catch (Exception ex) {
ex.printStackTrace();
}
return session;
}
public boolean validateUser() {
Session session = getSession();
System.out.println("session " + session);
if (session != null) {
FolderBean.cmisSession = session;
return true;
}
return false;
}
Any advice would be appreciated!!!
You are reading username and password from
config.propertiesfile.You should change that with the username and password which are entered in your webapp.Below line in your code reads property file.
Below is reading username and password from property file.
Instead of that put here username and password of webapp which you are entering.