AnsweredAssumed Answered

Associating the auth ticket with a resource/ single use ?

Question asked by shikarishambu on Nov 24, 2009
Latest reply on Nov 24, 2009 by shikarishambu
I have a custom application that is calling into Alfresco to retrieve the documents from Alfresco. The custom client manages all the user authentication and authorization and interfaces with Alfresco using a single login. We are using webscripts to do the login and search. I would like to ensure that users cannot access Alfresco documents that are not presented to them via the application by trying to pass a different filename in the GET.

I noticed that the authentication-services-context.xml has a few properties under ticketComponent for ticketsExpire, oneOff, and expiryMode. I tried setting ticketsExpire to true and oneOff to true, too. Setting oneOff to true seems to cause issues on the web UI. In some cases I keep prompted for the login on every click. Is there a way to specify expiryMode etc… as part of the webscript call so that the user cannot use the same ticket to get a different document? Or, is there a different way to achieve this?

TIA

Outcomes