AnsweredAssumed Answered

How to invoke Alfresco webservics using Kerberos credential

Question asked by jparija on Mar 8, 2011
Latest reply on Apr 27, 2011 by kronzucker
Hi Everybody,
I am trying to call an Alfresco web service where I would like to use kerberos ticket (or kerberos related info)for authentication purpose. Before we call any web service in Alfresco we are creating a cmis session which contains a kerberos user name and password obtained from LDAP server and then making calls to different web services. I have given a code snippet below which is working fine in making alfresco web service calls. My question is instead of passing user name and password directly is it possible to pass any kerberos ticket or any secured information related to it to make web service calls. I am trying to avoid sending the user name and password. Please help me if anyone has any idea about it. The code below is. The code is in Groovy.
        def createSession = { event ->
   def repositoryID = "9b3f27ac-b7c1-4e96-887e-d7208b6e5d53"
   def afrescoHost =  "localhost"  //IP address is also fine here
   def afrescoPort = "8080"
   def alfrescoURL = "http://" + afrescoHost +":" + afrescoPort
   def ACL_SERVICE = alfrescoURL + "/alfresco/cmis/ACLService?wsdl"
   def DISCOVERY_SERVICE = alfrescoURL + "/alfresco/cmis/DiscoveryService?wsdl"

        SessionFactory sessionFactory = SessionFactoryImpl.newInstance();
   def parameterMap = [:]

        /*Here we are passing clear kerberos user name and password obtained from LDAP server. This part I would like to avoid by sending Kerberos ticket */
   parameterMap.put(SessionParameter.USER, event.authentication.principal.username) //Here we are passing username
   parameterMap.put(SessionParameter.PASSWORD, event.authentication.credentials) //Here we are passing password: We are getting a clear password here.

        //Session Creation - Web Services Binding
   // connection settings
   parameterMap.put(SessionParameter.BINDING_TYPE, BindingType.WEBSERVICES.value());
   parameterMap.put(SessionParameter.REPOSITORY_ID, repositoryID);
   parameterMap.put(SessionParameter.WEBSERVICES_ACL_SERVICE, ACL_SERVICE);
   def afsession = sessionFactory.createSession (parameterMap) //Here itself it authenticates and next line makes one web service call.
        afsession.getRootFolder()?.getChildren()  // This works fine as authentication is successful.

The above code works perfectly fine. It's just I would like to use some kerberos ticket obtained from KDC instead of  sending user name and password. Is there any way to achieve that. Please post here.