Hi Guys, I am working on integrating RT with Alfresco and I am having some difficulties with authentication. Essentially my requirement is that we can get something very similar to the saved search dashlet from RT into an Alfresco Share dashlet. As the two services are not hosted on the same box I am using the REST API to do this.
In my original testing, using a REST client rather than a browser, I was able to follow the wiki instructions to download a cookie for my user, save it and pass it in the request, this works fine. When I came to trying to implement this in code I hit two problems, one is figuring out how I can send the cookie with xmlhttprequest (this is not the normal javascript xmlHttpRequest, rather Nathan McMinn's contributed class from http://www.unorganizedmachines.com/site/software-and-technology/34-software-development/97-calling-web-services-from-alfresco-web-scripts). The second issue is that to get the cookie in the first place I need the plaintext password of the user. For now I have developed my dashlet using a newly created user: RESTuser, who has very restricted rights to actually affect tickets but can see them from all queue's. I pass the user and pass values for this user with the request (which I know is entirely insecure, however at least in this case the javascript is server side). This is OK for the time being as RT and Alfresco still see very restricted use within the company, however before we go production I need this to be set up in such a way that the tickets someone views in their dashlet are ticket's that their user account has rights to view. Both Alfresco and RT authenticate off the same AD so the usernames will always be the same. I see a few possible ways to implement this. First to mind is that I could attempt to make a change to the REST interface allowing me to add a get parameter like restrictUser=JohnDoe and have RT do the rights calculation. Or I could attempt to build in some logic into the Share dashlet to at least filter by queue based on Alfresco security groups, but keeping the non-AD groups synced between RT and Alf feels like a nightmare waiting to happen. So does anyone see an easier way to figure this out? I am leaning towards the former of the two options above but I am just getting my foot into the perl pool so I am not sure how successful I'll be. Regards Chris O'Kelly Web Administrator Minecorp Australia 37 Murdoch Circuit Acacia Ridge QLD 4110 minecorp.com.au<http://www.minecorp.com.au> P: 07 3723 1000 M: 0450 586 190 E: [email protected]<mailto:[email protected]> S: chris.okelly.mvs<http://skype.com> [http://oi46.tinypic.com/mw8nbd.jpg]
-------- Final RT training for 2012 in Atlanta, GA - October 23 & 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
