IMPERSONATE api alfresco

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Active Member

IMPERSONATE api alfresco

Hello,
I'm trying to do the impersonation through the alfresco API in java.
I found a guide that makes this example:

public String impersonate(String username) {
 String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
 
 if (currentUser == null || !currentUser.equals(username)) {
 AuthenticationUtil.setRunAsUser(username);
 AuthenticationUtil.setFullyAuthenticatedUser(username);
 }
 
 return currentUser;
}

from maven I don't find the library that has the class and methods described in the code above.

can you help me?

ps: maybe they are old API? I must use spring API?

if you have alternative methods you can post the code and also the link to download the API please


7 Replies
Highlighted
Moderator
Moderator

Re: IMPERSONATE api alfresco

The AuthenticationUtil class is part of "alfresco-data-model" jar file. It should be available. Can you check if this jar file is part of your classpath ?

There is another class having same name (org.springframework.extensions.surf.site.AuthenticationUtil) in spring-surf jar file and would be part of classpath. Can you also check if you have imported this class by any chance. 

You need to import this class : org.alfresco.repo.security.authentication.AuthenticationUtil after making sure that alfresco-data-model jar file is part of the classpath.

~Abhinav
(ACSCE, AWS SAA-C02, GAIQ)
Highlighted
Active Member

Re: IMPERSONATE api alfresco

hello,

I did as you told me, now it gives me a compilation error on eclipse:

"The type net.sf.acegisecurity.Authentication cannot be resolved. It is indirectly referenced from required .class files "

line :  AuthenticationUtil.setRunAsUser (username);

and "The method setFullyAuthenticatedUser(String) from the type AuthenticationUtil refers to the missing type Authentication"

line: AuthenticationUtil.setFullyAuthenticatedUser(username);

but i don't know why.

maybe there is a conflict whit the dependencies between spring and alfresco?

Highlighted
Active Member

Re: IMPERSONATE api alfresco

however the problem is to "impersonate",
can you post me a working code and also the related dependencies to be downloaded from maven?
will be 10 lines of code more or less
i don't find a smart and complete guide on alfresco and on the web,
thank you so much
Highlighted
Moderator
Moderator

Re: IMPERSONATE api alfresco

Hi Valerio,

take a look at the following great post written by Angel Borroy, it describes how to implement your own runAs method:

https://angelborroy.wordpress.com/2015/07/24/alfresco-run-as-system-admin-user-without-credentials/

Please note that you have to incapsulate the logic of your method inside an atomic unit of work that you will pass to the runAs component. In this way you can use it inside any component of Alfresco such as an action, ECMAScript, WebScripts, Scheduled Jobs and so on.

Hope this helps

Highlighted
Moderator
Moderator

Re: IMPERSONATE api alfresco

This code works for me:

import org.alfresco.repo.security.authentication.AuthenticationUtil;


public final class Impersonate {

private Impersonate(){
super();
}

public static String runAsUser(final String userName) {
final String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
if (!currentUser.equals(userName)) {
AuthenticationUtil.setRunAsUser(userName);
AuthenticationUtil.setFullyAuthenticatedUser(userName);
}
return currentUser;
}
}

However, if you are looking to perform some piece of code/operations which requires admin level permissions or write permissions, then its better to use AuthenticationUtil.RunAsWork method.

Example:

final Object result = AuthenticationUtil.runAs(
new AuthenticationUtil.RunAsWork<Object>() {
public Set<String> doWork() throws Exception {
.....
}

}, AuthenticationUtil.getSystemUserName()
);

Or simply run your whole operation by setting the authentication as system user based on your use case. 

AuthenticationUtil.setRunAsUserSystem();

~Abhinav
(ACSCE, AWS SAA-C02, GAIQ)
Highlighted
Active Member

Re: IMPERSONATE api alfresco

hello,

I tried to run all the examples he gave me but an exception is thrown:

Exception in thread "main" org.apache.chemistry.opencmis.commons.exceptions.CmisUnauthorizedException: Unauthorized

this is the code:

public static void impersonateFour() {


final Object result = AuthenticationUtil.runAs( new AuthenticationUtil.RunAsWork<Object>() {
public ArrayList<String> doWork() throws Exception {
      ArrayList<String> a = new ArrayList<String>();

//WITH THIS

      AuthenticationUtil.setRunAsUserSystem();

//OR WITH THIS
// final String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
// if (!currentUser.equals("test")) {
//     AuthenticationUtil.setRunAsUser("test");
//     AuthenticationUtil.setFullyAuthenticatedUser("test");
// }

SessionFactory sessionFactory = SessionFactoryImpl.newInstance();
Map<String, String> parameter = new HashMap<String, String>();

// I'm BOUND  PUT AN USER NAME AND PASSWORD? 

/////////parameter.put(SessionParameter.USER, "userTest");
/////////parameter.put(SessionParameter.PASSWORD, "password"); 


parameter.put(SessionParameter.ATOMPUB_URL, ALFRSCO_ATOMPUB_URL);
parameter.put(SessionParameter.BINDING_TYPE,BindingType.ATOMPUB.value());

//  WHEN CALL getRepositories(parameter)  THROW EXCEPTION Unauthorized


List<Repository> repositories=sessionFactory.getRepositories(parameter);   //  <<-- ?
session=repositories.get(0).createSession();

return a;
}

}, AuthenticationUtil.getSystemUserName()
);
}

CAN YOU SAY WHY?

THANK YOU SO MUCH

Highlighted
Active Member

Re: IMPERSONATE api alfresco

Hi Piergiorgio,

this is my exception and i don't know why:

Exception in thread "main" org.apache.chemistry.opencmis.commons.exceptions.CmisPermissionDeniedException: Permission denied: 0605370828 Accesso Negato.  Non si dispone di permessi appropriati per eseguire questa operazione.

i tried this code:

public static void impersonateFive()throws Exception {


SessionFactory sessionFactory = SessionFactoryImpl.newInstance();
Map<String, String> parameter = new HashMap<String, String>();
parameter.put(SessionParameter.USER, "testProfilazione");
parameter.put(SessionParameter.PASSWORD, "testProfilazione");
parameter.put(SessionParameter.ATOMPUB_URL, ALFRSCO_ATOMPUB_URL);
parameter.put(SessionParameter.BINDING_TYPE,BindingType.ATOMPUB.value());

List<Repository> repositories=sessionFactory.getRepositories(parameter);

session=repositories.get(0).createSession();
AuthenticationUtil lu = new AuthenticationUtil();
lu.afterPropertiesSet();
AuthenticationUtil.runAsSystem(
new AuthenticationUtil.RunAsWork<Object>() {

      public Object doWork() throws Exception {
               Folder root =session.getRootFolder();

               //AT THIS POINT WHEN GET DOCUMENT THROW EXCEPTION
               Document newDocument = (Document)session.getObjectByPath("/xxx/xx/documentLibrary/test");


               return null;

      }
   }
);
}

inside the RunAsWork method can I do all the operations with any user? right?

thank you