Alfresco linking

Alfresco linking

by Louise Bennett -
Number of replies: 14

Hi all,

As I understand it, when I link to a file in Alfresco, it appends a ticket to the url to authenticate in to Alfresco so that my users don't have to. My question is: are those tickets permanent?

I linked up a whole bunch of files the other day, only to discover this morning that the links no longer work: it wants me to authenticate in again. As I understand it, that shouldn't be happening (because if so, that kind of makes the whole process useless).

Is there something I need to set up so that that ticket doesn't expire/get replaced? Has anyone run into a similar problem?

Thanks in advance!

Average of ratings: -
In reply to Louise Bennett

Re: Alfresco linking

by Jens Jahnke -
If it is ok for the files you want to link to be accessible by everyone you could just give the guest account in alfresco the consumer right on the files and use the download link from alfresco directly.
Average of ratings: -
In reply to Louise Bennett

Re: Alfresco linking

by Geoffrey Rowland -
Picture of Plugin developers

Hi Louise

Yes, I and have noticed that if you have to restart the Alfresco service all the tickets expire and links from Moodle 2 no longer work. Not much use for a long-term system sad

Also, I'm not entirely sure (the Alfresco documentation is rather spartan) if Alfresco tickets expire after a time limit anyway. Though, for our implementation of Alfresco 3.4.d Community, it seems as if the default is for tickets not to expire.

Ticket expiry is configured in  authentication-services-context.xml

eg. in /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/authentication-services-context.xml

So need either:

1 A way or restarting Alfresco without breaking the tickets/links - Anyone?

2 An alternative. Probably managing (public, guest) access permissions at the Alfresco-end-of-things - as suggested by Jens

Average of ratings: -
In reply to Geoffrey Rowland

Re: Alfresco linking

by Louise Bennett -

No, it's not much use at all!

I've gone down the path of allowing guest access to alfresco, just so that I don't have to worry about updating all my links each time, but I'm not thrilled about it: I'd rather NOT have my readings/documents available for the taking by anyone who can figure out how to get to them. 

I suppose it's worth asking on the Alfresco forums, but I haven't found people there nearly as helpful as the people here generally are.

Average of ratings: -
In reply to Louise Bennett

Re: Alfresco linking

by Geoffrey Rowland -
Picture of Plugin developers

I have recently posted about this on the Alfresco forum. So, perhaps we'll get an answer,

However, my last posting on the Alfresco forum was only answered by, er,  me - and that was with information gleaned from this Moodle forum!

All rather frustrating as, in virtually all respects, Alfresco looks to be a really good repository 'solution' for Moodle 2.

I'm also eagerly awaiting the new release of Edu-Sharing which, as far as I can make out, will be based on an up-to-date Alfresco version. From hints, elswehere in this forum, Edu-Sharing may have useful coordination/management of ownership/access between Moodle 2 and Alfresco.

Average of ratings: -
In reply to Geoffrey Rowland

Re: Alfresco linking

by Geoffrey Rowland -
Picture of Plugin developers

Just had some pointers, on the Alfresco forum, on setting up a permanent cache for tickets.

http://forums.alfresco.com/en/viewtopic.php?f=7&t=40905&p=119252#p119204

No idea how viable this option is, but just in case it helps someone...

...and here is more info that may be relevant:

http://wiki.alfresco.com/wiki/Repository_Cache_Configuration

Average of ratings: -
In reply to Geoffrey Rowland

Re: Alfresco linking - Persistent?

by Geoffrey Rowland -
Picture of Plugin developers

The following appears to make Alfresco URL tickets persistent. I have, so far, cycled through a handful of Alfresco restarts and the URL ticket still works for different users. smile

In Alfresco, copy and rename

/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/ehcache-default.xml

to

/opt/alfresco/tomcat/shared/classes/alfresco/extension/ehcache-custom.xml

Then edit ehcache-custom.xml as follows

Find

    <cache  
        name="org.alfresco.cache.ticketsCache"  
        maxElementsInMemory="1000"
        eternal="true"
        overflowToDisk="true"
        statistics="false"
        />

and change to

    <cache  
        name="org.alfresco.cache.ticketsCache"  
        maxElementsInMemory="1000"
        eternal="true"
        overflowToDisk="true"
        diskPersistent="true"
        statistics="false"
        />

I'm not completely sure how robust or secure this solution is, but so far it seems to be working.

Also, the default maxElementsInMemory setting looks to be a little on the low side at 1000, though I have not yet changed it. Perhaps it should be 10000 ? or 50000 ? more ?

Average of ratings: -
In reply to Geoffrey Rowland

Re: Alfresco linking - Persistent?

by Louise Bennett -

Oh, brilliant! I'll give it some testing and see how it goes. 

I've upped the maxElements to 50000. Fingers crossed that'll do it.

Average of ratings: -
In reply to Louise Bennett

Re: Alfresco linking - Persistent?

by Geoffrey Rowland -
Picture of Plugin developers

Looks as if I was being overly paranoid about maxElementsInMemory. If this gets exceeded, it just gets written to disk anyway.

http://forums.alfresco.com/en/viewtopic.php?f=7&t=40905&p=119252#p119319

The default of 1000 should be fine.

That said, increasing it may improve performance.

Average of ratings: -
In reply to Geoffrey Rowland

Re: Alfresco linking - Persistent?

by Geoffrey Rowland -
Picture of Plugin developers

Just alerting folks to concerns about the security of Alfresco URLs with tickets raised by Ryan Herring.

http://tracker.moodle.org/browse/MDL-26451

I think URLs with tickets are still appropriate for our own institutional scenario as we will be using Alfresco *only* for resources we wish students to access. However, it is important that folks are fully aware of potential security issues.

Average of ratings: -
In reply to Geoffrey Rowland

Re: Alfresco linking - Persistent?

by Andreas Stoeffer -

Hi Geoff,

actually MDL-26451 isn't longer available. I get a permission violation. Was it a security patch?

Tracker 

 
Average of ratings: -
In reply to Andreas Stoeffer

Re: Alfresco linking - Persistent?

by Geoffrey Rowland -
Picture of Plugin developers

Yes, I'm guessing that as a (potential) security issue. it is hidden whilst under review and until a solution is arrived at.

Average of ratings: -
In reply to Geoffrey Rowland

Re: Alfresco linking - Persistent?

by Sam Stegers -

Hello Geoff,

I have followed your instructions but somehow the tickets still are invalid after an Alfresco server reboot. Is there anything else (which might seem so obvious for you that you didn't mention it in you post) which I need to do/configure on the Alfresco side to get this to work. My file on the Alfresco side has been configured to accept the group EVERYONE in the Consumer role.

Highest regards,

 

Sam Stegers

Average of ratings: -
In reply to Sam Stegers

Re: Alfresco linking - Persistent?

by Geoffrey Rowland -
Picture of Plugin developers

Hi Sam

It does seem to be working for us. That said, we have only tried this once. We have done little to configure the Alfresco side of things.

As I am sure you are aware, it can be fiddly configuring Alfresco, as there is often more than one configuration (.xml) file and it is not always obvious which takes precedence.

Also, for security reasons, it does now seem that URLs + Tickets may not be the best way forward and we may need to wait for an alternative framework for Alfresco-Moodle links.

Average of ratings: -
In reply to Geoffrey Rowland

Re: Alfresco linking - Persistent?

by Atul A -

Hi All,

How to disable download option for guest user.

 

thanks

Average of ratings: -