If we remove the exception, a document would be created without content.
Wouldn't that be confusing? It wouldn't really "work".
- Florian
On 22/11/2010 15:32, Florent Guillaume wrote:
I understand the security implications in implementing this and I
agree it shouldn't be done at least by default.
My question was more along the lines of: is it ok if I remove the
thrown exception so that OpenCMIS-based servers can work with AD2?
Florent
On Mon, Nov 22, 2010 at 3:44 PM, Florian Müller
<florian.muel...@alfresco.com> wrote:
Hi Florent,
I intentionally didn't implement that features because there are too many
difficult questions.
What basically happens here is that the CMIS repository connects to a HTTP
server to get the content.
- In many enterprise environments that's not possible because of firewalls. The
server can't talk to an arbitrary host for security reasons.
- If the content is hosted on a client machine, it is even more unlikely since
desktop firewalls will prevent that.
- Should the CMIS repository forward the given credentials to the HTTP server?
Hell, no, that would be a security hole. But, yes, it has to authenticate in
order to get access to the content...
- If we forward the credentials, we really, really should use HTTPS. Do we
accept self-signed certificates? Probably not. Does the HTTP server running on
a users laptop has a real certificate installed? Probably not.
- What if the credentials for the CMIS repository and the HTTP server are
different? A very likely scenario...
- What if the credentials are not user/password based and we can't forward them
because we don't know them?
I don't know how to provide a generic external content implementation, but I'm
open for ideas...
- Florian
On 22/11/2010 10:44, Florent Guillaume wrote:
Hi,
Adobe Drive 2 does the following when you request a checkout:
POST /.../repo/checkedout
Content-Type: application/atom+xml;type=entry
<atom:entry xmlns:atom="http://www.w3.org/2005/Atom";>
...
<atom:content
src="http://localhost.../.../repo/content?id=5f8a7a2e-6175-4111-84a3-f70e2d83702e";
type="image/jpeg" />
<cmisra:object
xmlns:cmisra="http://docs.oasis-open.org/ns/cmis/restatom/200908/";>
...
</cmisra:object>
...
</atom:entry>
In particular it provides a content src (the one from the entry
itself), which OpenCMIS doesn't like:
HTTP/1.1 405 Method Not Allowed
This is due to code in AtomEntryParser.parseAtomContent:
} else if (ATTR_SRC.equals(attrName.getLocalPart())) {
throw new CmisNotSupportedException("External content
not supported!");
}
I'm not sure this is the right thing to do here, can we just ignore
this external content?
Florent
