Downloading content from alfresco repository via custom Download Webscript
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Alfresco Hub
- :
- ACS - Blog
- :
- Downloading content from alfresco repository via c...
Downloading content from alfresco repository via custom Download Webscript
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
9 Jul 2019
5:55 PM
Alfresco provides Content REST API for downloading the content from repository as given below.
GET /alfresco/service/api/node/content/{store_type}/{store_id}/{id}?a=false&alf_ticket={TICKET}
Example:
Where:
a: attach. if true, force download of content as attachment. Possible values are true/false
store_type: workspace
store_id: SpacesStore
id: nodeRefId (UUID of the node)
A StoreRef is comprised of:Store Protocol - that is, the type of store
Store Identifier - the id of the storeExample storeRefs are:workspace://SpacesStore (store_type://store_id)
version://versionStore (store_type://store_id)
archive://SpacesStore (store_type://store_id)
Store Identifier - the id of the storeExample storeRefs are:workspace://SpacesStore (store_type://store_id)
version://versionStore (store_type://store_id)
archive://SpacesStore (store_type://store_id)
Any external system or client can use this API to download content from Alfresco repository via an authenticated user which would be registered in Alfresco.
If you want to know how to get auth ticket (alf_ticket) then visit: Alfresco Login REST API (https://docs.alfresco.com/5.0/references/RESTful-RepositoryLoginPost.html)
If you want to know how to get auth ticket (alf_ticket) then visit: Alfresco Login REST API (https://docs.alfresco.com/5.0/references/RESTful-RepositoryLoginPost.html)
OOTB Download REST API will allow to download the content to any user who is registered in alfresco, since every user has consumer access to every site by default via "EVERYONE" group. But let's suppose you want to put some kind of restrictions to the Download API. Let's say for example:
1- Allow download if requesting user is authorized to download the content.
2- Want to validate the site level user role e.g. only Managers/Collaborators/Contributors can download, Consumers should not be allowed to download.
3- Want to check if user is part of DOWNLOADERS groups then allow them to download
.....
and so on.
There could be many such cases which we can not achieve via OOTB REST API provided by alfresco. If your contents has copyrights you will definitely not allow users to download the content who are unauthorized.
To handle such scenarios you need to write a custom Download webscript.
Alfresco provides a Webscript called "org.alfresco.repo.web.scripts.content.StreamContent" (http://dev.alfresco.com/resource/docs/java/org/alfresco/repo/web/scripts/content/StreamContent.html).
By extending this class we can add our custom user validation logic and leave the streaming and download handling part to this OOTB Webscript.
By extending this class we can add our custom user validation logic and leave the streaming and download handling part to this OOTB Webscript.
So, let's take a use case where you don't want a consumer user to download the content from a site. To achieve this use case a custom webscript will be written as given below:
DownloadContentWebscript.java
WebScript Description:
alfresco/extension/templates/webscripts/com/github/abhinavmishra14/downloadContent.get.desc.xml
webscript-context.xml
package com.github.abhinavmishra14.webscript;
import java.io.IOException;
import java.util.Locale;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.repo.web.scripts.content.StreamContent;
import org.alfresco.service.cmr.repository.ContentService;
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.site.SiteInfo;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.service.namespace.QName;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
import org.springframework.extensions.webscripts.WebScriptResponse;
/**
* The Class DownloadContentWebscript.
*
*/
public class DownloadContentWebscript extends StreamContent {
/** The Constant LOGGER. */
private static final Logger LOGGER = LoggerFactory.getLogger(DownloadContentWebscript.class);
/** The content service. */
private ContentService contentService;
/** The authentication service. */
private AuthenticationService authenticationService;
/** The site service. */
private SiteService siteService;
/** The authority service. */
private AuthorityService authorityService;
/* (non-Javadoc)
* @see org.springframework.extensions.webscripts.WebScript#execute(org.springframework.extensions.webscripts.WebScriptRequest, org.springframework.extensions.webscripts.WebScriptResponse)
*/
@Override
public void execute(final WebScriptRequest request,
final WebScriptResponse response) throws IOException {
LOGGER.info("Started executing DownloadContentWebscript...");
try {
final NodeRef nodeRef = getParameterAsNodeRef(request, "nodeRef");
final String userName = authenticationService.getCurrentUserName();
if(isNotAuthorised(nodeRef, userName, siteService, permissionService, authorityService)) {
response.setStatus(401);
response.getWriter().write("User is unauthorised to download the requested content!");
} else {
if(LOGGER.isDebugEnabled()) {
LOGGER.debug("Processing the download requested by: {}", userName);
}
final boolean attach = Boolean.valueOf(request.getParameter("attach"));
processDownload(request, response, nodeRef, attach, ContentModel.PROP_CONTENT);
}
} catch (AccessDeniedException accessDenied) {
LOGGER.error("Access denied while downloading content", accessDenied);
throw new WebScriptException(Status.STATUS_UNAUTHORIZED,
accessDenied.getMessage(), accessDenied);
} catch (IOException | AlfrescoRuntimeException
| InvalidNodeRefException excp) {
LOGGER.error("Exception occurred while downloading content", excp);
throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR,
excp.getMessage(), excp);
}
LOGGER.info("Existing from DownloadContentWebscript...");
}
/**
* Process download.
*
* @param request the request
* @param response the response
* @param nodeRef the node ref
* @param attach the attach
* @param propertyQName the property q name
* @throws IOException the IO exception
*/
private void processDownload(final WebScriptRequest request,
final WebScriptResponse response, final NodeRef nodeRef, final boolean attach,
final QName propertyQName) throws IOException {
String userAgent = request.getHeader("User-Agent");
userAgent = StringUtils.isNotBlank(userAgent) ? userAgent.toLowerCase(Locale.ENGLISH) : StringUtils.EMPTY;
final boolean isClientSupported= userAgent.contains("msie")
|| userAgent.contains(" trident/")
|| userAgent.contains(" chrome/")
|| userAgent.contains(" firefox/");
if (attach && isClientSupported) {
String fileName = (String) this.nodeService.getProperty(nodeRef, ContentModel.PROP_NAME);
if (userAgent.contains("msie") || userAgent.contains(" trident/")) {
final String mimeType = contentService.getReader(nodeRef, propertyQName).getMimetype();
if (!(this.mimetypeService.getMimetypes(FilenameUtils.getExtension(fileName)).contains(mimeType))) {
fileName = FilenameUtils.removeExtension(fileName)+ FilenameUtils.EXTENSION_SEPARATOR_STR
+ this.mimetypeService.getExtension(mimeType);
}
}
streamContent(request, response, nodeRef, propertyQName, attach, fileName, null);
} else {
streamContent(request, response, nodeRef, propertyQName, attach, null, null);
}
}
/**
* Create NodeRef instance from a WebScriptRequest parameter.
*
* @param req the req
* @param paramName the param name
* @return the parameter as node ref
*/
private NodeRef getParameterAsNodeRef(final WebScriptRequest req, final String paramName) {
final String nodeRefStr = StringUtils.trimToNull(req.getParameter(paramName));
if (StringUtils.isBlank(nodeRefStr)) {
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Missing " + paramName + " parameter");
}
if (!NodeRef.isNodeRef(nodeRefStr)) {
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Incorrect format for " + paramName + " paramater");
}
final NodeRef nodeRef = new NodeRef(nodeRefStr);
if (!nodeService.exists(nodeRef)) {
throw new WebScriptException(Status.STATUS_BAD_REQUEST, paramName + " not found");
}
return nodeRef;
}
/**
* Checks if is not authorised.
*
* @param nodeRef the node ref
* @param userName the user name
* @param siteService the site service
* @param permissionService the permission service
* @param authorityService the authority service
* @return true, if checks if is not authorised
*/
private boolean isNotAuthorised(final NodeRef nodeRef,
final String userName, final SiteService siteService,
final PermissionService permissionService,
final AuthorityService authorityService) {
boolean isNotAuthorised = false;
final SiteInfo siteInfo = siteService.getSite(nodeRef);
// Checking siteInfo, If it is null that means user is not a member of site and
// hence isNotAuthorised is default to false.
if (null != siteInfo) {
if (siteService.isMember(siteInfo.getShortName(), userName)) {
final Set<AccessPermission> permissions = permissionService.getAllSetPermissions(nodeRef);
if(LOGGER.isDebugEnabled()) {
LOGGER.debug("Checking isNotAuthorised, Available access permissions are: {}", permissions);
}
for (final AccessPermission permission : permissions) {
if (permission.getPermission().equals("SiteConsumer")
|| permission.getPermission().equals("Consumer")) {
if (permission.getAuthorityType().equals("USER")
&& permission.getAuthority().equals(userName)) {
isNotAuthorised = true;
break;
} else if (permission.getAuthorityType().toString().equals("GROUP")) {
//Set run as system user since other users including consumers can not fetch authorities
AuthenticationUtil.setRunAsUserSystem();
final Set<String> authorities = authorityService.getAuthoritiesForUser(userName);
//Clear system user context and set original user context
AuthenticationUtil.clearCurrentSecurityContext();
AuthenticationUtil.setFullyAuthenticatedUser(userName);
if(LOGGER.isDebugEnabled()) {
LOGGER.debug("Checking permissions at GROUP level, user has following authorities: {}", authorities);
}
for (final String authority : authorities) {
if (authority.equals(permission.getAuthority())) {
isNotAuthorised = true;
break;
}
}
}
}
}
} else {
isNotAuthorised = true;//Not a member in the site.
}
}
return isNotAuthorised;
}
/**
* Sets the content service.
*
* @param contentService the content service
*/
public void setContentService(final ContentService contentService) {
this.contentService = contentService;
}
/**
* Sets the authentication service.
*
* @param authenticationService the authentication service
*/
public void setAuthenticationService(final AuthenticationService authenticationService) {
this.authenticationService = authenticationService;
}
/**
* Sets the site service.
*
* @param siteService the site service
*/
public void setSiteService(final SiteService siteService) {
this.siteService = siteService;
}
/**
* Sets the authority service.
*
* @param authorityService the authority service
*/
public void setAuthorityService(final AuthorityService authorityService) {
this.authorityService = authorityService;
}
}WebScript Description:
alfresco/extension/templates/webscripts/com/github/abhinavmishra14/downloadContent.get.desc.xml
<webscript>
<shortname>Download Content</shortname>
<description>
<![CDATA[
Download Content based on role and permissions check.
Where:
nodeRef- NodeRef of the content e.g. workspace://SpacesStore/5cee9f74-eb2a-43a4-965d-6e4fcde4fb9e
attach (Optional)- if true, force download of content as attachment (Possible values are true/false)
Sample URL:
http://127.0.0.1:8080/alfresco/service/abhinavmishra14/downloadContent?nodeRef=workspace://SpacesStore/5cee9f74-eb2a-43a4-965d-6e4fcde4fb9e&attach=true
]]>
</description>
<url>/abhinavmishra14/downloadContent?nodeRef={nodeRef}&attach={attach?}</url>
<format default="">argument</format>
<authentication>user</authentication>
<transaction allow="readonly" />
<family>common</family>
</webscript>webscript-context.xml
<bean id="webscript.com.github.abhinavmishra14.downloadContent.get" class="com.github.abhinavmishra14.webscript.DownloadContentWebscript" parent="webscript">
<property name="permissionService" ref="PermissionService" />
<property name="nodeService" ref="NodeService" />
<property name="mimetypeService" ref="MimetypeService" />
<property name="delegate" ref="webscript.content.streamer" />
<property name="repository" ref="repositoryHelper" />
<property name="contentService" ref="ContentService" />
<property name="authenticationService" ref="AuthenticationService" />
<property name="siteService" ref="SiteService" />
<property name="authorityService" ref="AuthorityService"/>
</bean>
To test the above web-script it is assumed that you have a site where there are users with SiteConsumer/Consumer role.
Test URL:GET http://127.0.0.1:8080/alfresco/service/abhinavmishra14/downloadContent?nodeRef=workspace://SpacesStore/5cee9f74-eb2a-43a4-965d-6e4fcde4fb9e&attach=trueORGET http://127.0.0.1:8080/alfresco/service/abhinavmishra14/downloadContent?nodeRef=workspace://SpacesStore/5cee9f74-eb2a-43a4-965d-6e4fcde4fb9e&attach=true&alf_ticket=TICKET_4e3c094e886a54893a267cd3cac402c1cc5b4fd9
Test URL:GET http://127.0.0.1:8080/alfresco/service/abhinavmishra14/downloadContent?nodeRef=workspace://SpacesStore/5cee9f74-eb2a-43a4-965d-6e4fcde4fb9e&attach=trueORGET http://127.0.0.1:8080/alfresco/service/abhinavmishra14/downloadContent?nodeRef=workspace://SpacesStore/5cee9f74-eb2a-43a4-965d-6e4fcde4fb9e&attach=true&alf_ticket=TICKET_4e3c094e886a54893a267cd3cac402c1cc5b4fd9
About the Author
A tech freak, Architect and Consultant (Alfresco Content Services Certified Engineer, Java/J2EE, Webservices, Microservices, AWS CSA, 2x Azure, Docker, MarkLogic). Writes about Alfresco and Java stuffs at Blog (https://javaworld-abhinav.blogspot.com). Visit My Linkedin Profile (https://www.linkedin.com/in/abhinav-kumar-m-2402621b) for more details.
1 Comment
Alfresco Content Services Blog
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
Latest Articles
- How to use Testcontainers with Alfresco Out-of-Pro...
- Installing Alfresco 23.2 in Ubuntu 24.04 using ZIP...
- Join the Alfresco TechQuest Hack-a-thon 2024: Inno...
- History of Alfresco Versions
- Alfresco in the OpenSearchCon Europe 2024
- Alfresco Community Edition 23.2 Release Notes
- Decommissioning of Alfresco SVN Instances
- Summarization of textual content in Alfresco repos...
- ACS containers and cgroup v2 in ACS up to 7.2
- Migrating from Search Services to Search Enterpris...
- Alfresco Community Edition 23.1 Release Notes
- Integrating Alfresco with GenAI Stack
- Achieving Higher Metadata Indexing Speed with Elas...
- ACA Extension Development Javascript-Console & Nod...
- Hyland participation in DockerCon 2023
We use cookies on this site to enhance your user experience
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.