Yeah, I saw posts around the problems with NTLM. The environment I'm using doesn't support Basic authentication so for now I'm stuck with NTLM. I'll see if I can get Basic authentication to work... For now we're not doing any content upload so I hope that NTLM will be ok. We've done a fair amount of testing and we've seen some issues with NTLM - the OpenCMIS code isn't always sending authentication creds and since it's not honoring the cookie requests sent by SP I suspect we may have some issues down the road.
thx, g --- George Florentine VP, Engineering +1 (303) 542-2173 | Office +1 (303) 669-8628 | Cell +1 (303) 544-0522 | Fax [email protected] http://www.flatironssolutions.com -----Original Message----- From: Florian Müller [mailto:[email protected]] Sent: Friday, July 08, 2011 9:52 AM To: Florentine, George Cc: [email protected] Subject: Re: cookie support in 0.4.0 George, First of all, run away from NTLM if you can! Sooner or later you will encounter intermittent problems with content upload (createDocument and setContentStream). NTLM and content streaming are not quite compatible. Your modification could be the reason for your cookie issue. You are setting up the WebLogic CookieManager and then forcing the usage of a Sun HttpURLConnection. I have no idea if those two work together. I would expect some class loading issues. - Florian On 08/07/2011 16:02, Florentine, George wrote: > Florian, thx for the quick reply! Yeah, I saw an e-mail thread where you > chatted about per-session cookie management coming in 0.5.0. For my > particular app, the existing cookie management would be sufficient. I'm > familiar with the HttpUtils class and it's interesting that you mentioned > that because it gives me another clue to look at. I was going to post this in > a separate thread but I'll mention it here since it relates to this > discussion. > > We're deploying our mid-tier code under WebLogic 10.3 and in that > environment, the default OpenCMIS code in HttpUtils has problems when we try > to use NTLM authentication. The code works ok under Tomcat but under WL some > class provided by WL overrides the NTLM authentication class and it doesn't > get loaded (the standard authenticator class ends up getting loaded even > though we specify to use the NTLM authenticator in the parameters we set when > we create the CMIS session). To get around that we made a modification to the > OpenCMIS code in HttpUtils to use a Sun provided HttpHandler. I wonder if > this change may be breaking cookie support in some way? > > Specifically, in the HttpUtils class, the 0.4.0 code base has this line of > code (line 89): > > HttpURLConnection conn = (HttpURLConnection) (new > URL(url.toString())).openConnection(); > > I changed this to use a specific Http handler: > > HttpURLConnection conn = (HttpURLConnection) (new > URL(null,url.toString(),new > sun.net.www.protocol.http.Handler())).openConnection(); > > Perhaps the sun http handler is causing the behavior I'm seeing? > > Thought? > > thx, > > g > --- > > > George Florentine > > VP, Engineering > > +1 (303) 542-2173 | Office > +1 (303) 669-8628 | Cell > +1 (303) 544-0522 | Fax > > [email protected] > > http://www.flatironssolutions.com > > > > > > > > > > > -----Original Message----- > From: Florian Müller [mailto:[email protected]] > Sent: Friday, July 08, 2011 8:29 AM > To: Florentine, George > Cc: [email protected] > Subject: Re: cookie support in 0.4.0 > > George, > > OpenCMIS relies on the cookie handling that is provided by Java. There is no > specific OpenCMIS code that deals with cookies. > HttpURLConnections should get hold of the CookieManager from the > CookieHandler and then use it. > > There are some disadvantages to this approach. For example, all sessions > share the same set of cookies and the CookieManager is shared across all > connections in the JVM. > A smarter, session based cookie handling is on the list for 0.5.0 (and I have > a good chunk of the code already done). > > The best place for debugging is probably > org.apache.chemistry.opencmis.client.bindings.spi.atompub.HttpUtils in the > chemistry-opencmis-client-bindings package. > The invoke() method handles the HTTP connections for the AtomPub binding. > > > - Florian > > > On 08/07/2011 14:51, Florentine, George wrote: >> Florian, the HTTP Set-Cookie message coming back from SP looks like this: >> >> Set-Cookie: >> WSS_KeepSessionAuthenticated={e5a6caaf-581c-4c26-aa12-0489087b7ec1}; path=/ >> >> Looks ok to me... Can you point me at the place in OpenCMIS where cookies >> are set? I can look at that code in the debugger and see what's going on. >> Maybe I've got some setup in my environment that is preventing the >> CookieManager class and the OpenCMIS code from playing nice with each >> other... >> >> thx, >> >> g >> --- >> >> >> George Florentine >> >> VP, Engineering >> >> +1 (303) 542-2173 | Office >> +1 (303) 669-8628 | Cell >> +1 (303) 544-0522 | Fax >> >> [email protected] >> >> http://www.flatironssolutions.com >> >> >> >> >> >> >> >> >> >> >> -----Original Message----- >> From: Florian Müller [mailto:[email protected]] >> Sent: Friday, July 08, 2011 2:47 AM >> To: Florentine, George >> Cc: [email protected] >> Subject: Re: cookie support in 0.4.0 >> >> Hi George, >> >> I haven't tested SharePoint but it works fine with other repositories. >> The path might be the cause the problem. What is the value of the path >> attribute? >> >> - Florian >> >> >> >> On 06/07/2011 18:55, Florentine, George wrote: >>> I'm building an application that uses the OpenCMIS client to talk to >>> SharePoint 2010. I'd like to turn on cookie support so I inserted code >>> to create a CookieManager as described in >>> http://chemistry.apache.org/java/how-to/how-to-connect.html. When I use >>> Wireshark to look at traffic between my app and SharePoint I see SP >>> setting what looks like a reasonable cookie (it does have a path >>> attribute set) but in subsequent calls, the OpenCMIS code does not send >>> the cookie back. >>> >>> I see a post (https://issues.apache.org/jira/browse/CMIS-366) that >>> indicates that this works in 0.4.0 but it doesn't seem to be working for >>> me. >>> >>> Any insights? >>> >>> thx, >>> >>> g >>> >>> --- >>> >>> email_Graphic_noTag >>> >>> >>> >>> *George Florentine*** >>> >>> >>> >>> /VP, Engineering/// >>> >>> >>> >>> *+1 (303) 542-2173 | Office*** >>> >>> *+1 (303) 669-8628 | Cell *** >>> >>> *+1 (303) 544-0522 | Fax*** >>> >>> >>> >>> [email protected] >>> <mailto:[email protected]> >>> >>> >>> >>> http://www.flatironssolutions.com<http://www.flatironssolutions.com/> >>> >>> >>> >>> >>> >> >
