AnsweredAssumed Answered

Problem with passing alf_ticket to webscript

Question asked by barbara on Jan 26, 2011
Latest reply on Feb 8, 2011 by zie
Hi!

I have a problem with authorization whilte trying to create site in share.

This is my web script:
function main()
{
   // Get clients json request as a "normal" js object literal
   var clientRequest = json.toString();
   var clientJSON = eval('(' + clientRequest + ')');

   // Call the repo to create the site
   var scriptRemoteConnector = remote.connect("alfresco");
   var repoResponse;
   if (clientJSON.ticket)
   {
   repoResponse=scriptRemoteConnector.post("/api/sites?alf_ticket="+clientJSON.ticket, clientRequest, "application/json");
   }
   else
   {
      repoResponse=scriptRemoteConnector.post("/api/sites", clientRequest, "application/json");
   }

   if (repoResponse.status == 401)
   {
      status.setCode(repoResponse.status, "error.loggedOut");
      return;
   }
   else
   {
   
      var repoJSON = eval('(' + repoResponse + ')');

      // Check if we got a positive result
      if (repoJSON.shortName)
      {
         // Yes we did, now create the site in the webtier
         var tokens = new Array();
         tokens["siteid"] = repoJSON.shortName;
         sitedata.newPreset(clientJSON.sitePreset, tokens);

         model.success = true;
      }
      else if (repoJSON.status.code)
      {
         status.setCode(repoJSON.status.code, repoJSON.message);
         return;
      }
   }
}

main();

I am calling this web script with alf_ticket as url parameter.
First part (call to /api/sites) works fine, but I am having trouble to pass authorization to subseqent web script call which are triggered with this part of code:

var tokens = new Array();
         tokens["siteid"] = repoJSON.shortName;
         sitedata.newPreset(clientJSON.sitePreset, tokens);

I tried to put alf_ticket in authorization header, as advised here http://forums.alfresco.com/en/viewtopic.php?t=7760 , but this also doesn't work.

The only way to make it work  was to call my web script with credentials. Is there any way to go around this?
Is this expected behaviour?

Outcomes