You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@chemistry.apache.org by Aaron Korver <aa...@gmail.com> on 2010/06/11 17:21:59 UTC
Re: User Session and Authentication Strategies
>
> Hi everyone,
> I was just wondering this list's thoughts about Session management and user
> authentication.
>
> I'm doing a Proof of Concept with Alfresco and have decided to got down the
> CMIS route. So far, everything has been going well, thanks you your work
> with Chemistry. Now I'm to the point where I get to start messing around
> with different users and I'm realizing that I've hit a roadblock.
>
> The Session requires a password for the user to connect via CMIS. Most
> applications that I've used don't actually store a user's password. They
> either have the hash of the password, or they use a third party
> authentication system such as LDAP. So I can't send a password over, and I
> don't see any other way to authenticate with Alfresco via the CMIS
> Specification.
>
> So....my next thought is to use the old system user to authenticate once
> with the CMIS provider and then set the CREATED_BY and MODIFIED_BY
> property. The downside of this is that I loose the ACL mechanisms because
> the provider sees all requests as one person. The other downside that I'm
> seeing with Alfresco is that it ignores these properties and uses the
> authenticated user as the values for the CREATED/MODIFIED_BY properties.
>
> At this point I'm stuck, I cannot see a way to use CMIS to manage multiple
> Sessions with different users. If I can't get past this, I'm going to have
> to drop down to Alfresco specific APIs, which is a bummer. Can anyone
> provide any guidance for me?
>
> Thank you,
> Aaron Korver
>
>
>