CMIS Alfresco Connector

  Written by The Jahia Team
 
Developers
Sysadmins
   Estimated reading time:

1 prerequisities

The current version of the connector works with Alfresco version 4.2 and 5.0.

Alfresco and DX must share the same users. This can be achieved by connecting both DX and Alfresco to the same user directory (LDAP for example)

2 installation

2.1 ALFRESCO SERVER

2.1.1 DX Plugin on Alfresco Server

To make the impersonification work, we need an Alfresco plugin to generate session for the connected DX user. This plugin will be call by DX each time a user needs to authenticate.

Get the pluging file alfresco-auth-amp.amp from <Add here the location of the plugin>

Use the following command to install the plugin on your Alfresco server:

java -jar bin/alfresco-mmt.jar install alfresco-auth-amp.amp tomcat/webapps/alfresco –nobackup

2.1.2 Alfresco Configuration

If the Alfresco has more than 1000 authenticated users, set the cache size of the ticket cache to a value above the number of users with access to Alfresco. In the configuration file WEB-INF/classes/cache.properties, set the property cache.ticketsCache.maxItems to the maximum number of authentified user that will log on DX to access Alfresco content.

2.2 CMIS provider module in DX

2.2.1 Module installation

Install and configure the CMIS provider module in DX. If the jar file is not already available, this module can be found on the Jahia AppStore, with a search on the Module Administration user interface or on the customer extranet section of Jahia.com.

Deploy the module through the Module Administration user interface, or copy the jar file in the digital-factory-data/modules folder.

2.2.2 Module Configuration

You can set your custom configuration in the jahia.properties file.

2.2.2.1 CMIS properties

Here is the list of all available CMIS properties:

https://chemistry.apache.org/java/developing/dev-session-parameters.html

2.2.2.2 Cmis Session Cache

  • Tuning cache value
    org.jahia.cmis.session.cache.concurrencyLevel=4
  • number of sessions cached
    org.jahia.cmis.session.cache.maximumSize=128
  • time (in minutes) the session are stored
    org.jahia.cmis.session.cache.expireAfterAccess=30

2.2.2.3 Other

Maximum number of children returned on a node, if set to 0, return all the children (default is 0)
org.jahia.cmis.max.child.nodes=0

3 Connection setup

Open the DX Server Administration and go to System Components / Mount points.

Capture%20d’écran%202016-03-23%20à%2015.38.24.png

Add a new point, select CMIS mount point

./Desktop/Screen%20Shot%202016-03-17%20at%205.

Two type of CMIS Connector to the remote server are available:

  • Standard CMIS Connector: This is the default CMIS connector to any CMIS server (including Alfresco). All users will share the same connection.
  • Alfresco impersonification connector: this connector is only for Alfresco, allowing the connection to the remote server as the current user.

Select “Alfresco impersonification connector“

./Desktop/Screen%20Shot%202016-03-17%20at%205.

Fill the form to set up the mount point

./Desktop/Screen%20Shot%202016-03-17%20at%205.

  • Name: is the folder name of the mount point. This name will be part of the path of the external content.
  • User: Alfresco admin user used to generate ticket and browse the repository as system.
  • Password: password of the admin user
  • Alfresco server URL: Address of the Alfresco server, it points to the alfresco servlet on Alfresco server. Example: http://my.host/alfresco
  • Alfresco user name used to access public content: as CMIS endpoints cannot be accessed by guest user, a user must be set to browse contents as guest. This user can be any user that have no right sets on Alfresco.
  • Remote root path: Root path on the remote server where to connect.
  • Use slow connection: When activated, most of the queries that ask for child nodes are disabled (see limitations)
  • Local mount point: Use the picker to set where the provider has to be mounted locally.

4 User Rights management

The alfresco connector uses the current connected user on DX to log on Alfresco.

As Alfresco defines the rights on its resources it is not possible to change them from DX.

Even if the action is displayed to a user on DX side, if the user does not have rights on Alfresco, the operation will fail (see action menu in known issues).

Even if the user has write access to Alfresco content, in order to access managers, a user has to get the required edit role on a content of the site that set the needed permission to display it, like editor or contributor.

5 LIMITATIONS

5.1 Number of child nodes

When Alfresco contains a lot of files or folders under a folder, it takes time to display the tree: for each parent folder, the system needs to read the content of each of its children folders. To decrease the time to display, there are 2 options available and one suggestion/good practice:

  • Use the Slow connection setting. With this option, the manager will not iterate other children’s children when displayed. This option can be set from the administration / system components / mount points, in the settings of the mountpoint.
  • Use the parameter org.jahia.cmis.max.child.nodes in jahia.properties that limits the number of returned child nodes. If the folder contains more items than the limit defined by this parameter, several files or folders might not be visible in the content trees, in manager or edit mode. It is always possible to query these contents, but some content might not be visible, as the number of returned items will be limited by this parameter.

Avoid to mount directly the /root folder (as it contains the /users directory which may contains lot of data and therefore might be long to load) and prefer a remote mount point like /Sites. Or create several mount points targeting the different directories you users will need to access specificaly.

5.2 Guest user

Alfresco does not allow guest user to use CMIS endpoint. To be able to browse content as “guest” on DX, you have to define the Alfresco user that will be used to browse Alfresco’s content as guest. This user will be used only to browse public content. As guest is not allowed by Alfresco, it must be set to another user than guest.

5.3 Action menu

In DX edit mode or managers, actions allowed on Alfresco content should reflect the rights given to the current user.

There is an issue in the following context: if the mount point is set in a site, and a user that has no write access on Alfresco server but has a role that give write access set on the site node on DX, he will be able to execute all edit actions (delete / upload etc.) on Alfresco content, but the actions will fail, upload file will fail silently, other actions return an error to the UI.

5.4 Encoding of file names

DX parse and converts ASCII codes when saving a node name while Alfresco does not and just store the string literally.

Example:

If the file is named myFile%20.docx in Alfresco

It will be displayed as myFile%20.docx in DX File Manager when the file appears.

If the file is renamed directly through DX interfaces, the %20 will be encoded by DX and resolved as a white space.

Let’s assume that an athor renames the file myFile%20encoded.docx when saved the name will be saved in DX File manager as myFile encoded.docx but in Alfresco this will result into …….

This behavior cannot be fixed right now to match at the same time the way both systems work.

Consequently, we strongly recommend to train the authors and let them know that they should not rename mounted files when the name contains a %something in it, to avoid any confusion in the Alfresco repository.