You are viewing limited content. For full access, please sign in.

Question

Question

CMIS Gateway Log Out

SDK Integrations
Updated June 1, 2022
asked on August 16, 2017 Show version history

I'm trying to use the CMIS Gateway for something, and a script that opens a Laserfiche session through the gateway is being run multiple times in a short period of time. Of course, the sessions last 5 minutes of inactivity by default, so we hit the limit for concurrent sessions. I know that the expiration time limit can be edited, but I also noticed the following passage in the CMIS Gateway documentation:

 

To log out

The log out URL is ~/browser/{repositoryid}/cmislogout . Logging out is only supported with Browser Binding. Atom Binding does not support this feature.

 

We are using Browser Binding, so we should be able to use this, but I can't figure out how. I tried simply changing the BrowserUrl parameter, I tried changing the parameter then trying to update the running session, and I tried changing the parameter then using it to open a new session. I also wasn't sure if {repositoryid} refers to the actual repository name or the ID variable used in CMIS, so I tried both to no avail.

If I understand correctly, I'm simply taking the BrowserUrl used to connect to Laserfiche (which ends with "browser") and adding /{repositoryid}/cmislogout to it, but I can't figure out how to do it.

 

 

0 0

Answer

SELECTED ANSWER
replied on August 23, 2017 Show version history

A case was opened with Laserfiche Support.

The question was specifically how to implement cmisLogout functionality while using a third-party CMIS library such as PortCMIS for .NET. Otherwise, as per the documentation, a GET request to /browser/{repo-id}/cmisLogout does indeed release the session. PortCMIS does not have a built-in analogue to this, but this can be achieved by accessing the session's authentication provider and invoking the GET request "manually".

Here is annotated sample code using C# with the PortCMIS .NET library:

using PortCMIS;
using PortCMIS.Binding;
using PortCMIS.Client;
using PortCMIS.Client.Impl;
using System;
using System.Collections.Generic;
using System.Net;

namespace CMIS
{
    class Program
    {
        static void Main(string[] args)
        {
            /*  
             *  Create the PortCMIS session object.
             *  For secure practice, do not hard-code credentials; this is only an example.
             */
            ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
            SessionFactory factory = SessionFactory.NewInstance();
            Dictionary<string, string> parameters = new Dictionary<string, string>
            {
                [SessionParameter.User] = "username",
                [SessionParameter.Password] = "passwords_should_never_be_stored_in_plaintext",
                [SessionParameter.BrowserUrl] = "http://servername/LFCMIS/browser",
                [SessionParameter.BindingType] = BindingType.Browser,
                [SessionParameter.RepositoryId] = "id1"
            };
            ISession session = factory.CreateSession(parameters);

            /*
             *  The following represents actions related to the session which will authenticate to Laserfiche.
             *  During this time, you can check that there is an active session for the authenticated user.
             */
            IFolder folder = session.GetRootFolder();
            Console.WriteLine("Press any key to resume");
            Console.ReadLine();

            /*
             *  The following implements the cmisLogout functionality.
             *  When the application terminates, you can check that the user session is released.
             */
            UrlBuilder cmisLogoutUri = new UrlBuilder(
                string.Format("{0}/{1}/cmisLogout",
                    parameters[SessionParameter.BrowserUrl],
                    parameters[SessionParameter.RepositoryId]
                )
            );
            IBindingSession bindingSession = session.Binding.GetAuthenticationProvider().Session;
            bindingSession.GetHttpInvoker().InvokeGET(cmisLogoutUri,bindingSession);
        }
    }
}

Hope this helps!

3 0
View 7 previous replies
replied on September 6, 2017

Thank you for your help, James. Although your method of manually logging out of the sessions does work, it turns out we can't just write a script. It has to be done using a gem in a Ruby script.

 

The gem being used is https://rubygems.org/gems/cmis-ruby/versions/0.5.31.

Would you happen to know anything about manually logging out using that gem?

0 0
replied on September 8, 2017

Hi Brian, I'd have to look into it as I've not used this Ruby gem before so I'm not sure what it supports.

0 0
replied on September 11, 2017

James, have you had a chance to look into it all? This is a critical item for us that should be figured out by the end of the week. Obviously I'll look into it as well.

0 0
replied on September 13, 2017 Show version history

I have not been able to experiment with the gem, but here's the crux of the issue / the route to take to find a solution:

  1. As you noted in a previous comment, logging out of the Laserfiche session is itself a Laserfiche-specific feature. There is no place in the CMIS standards for such a concept.
  2. As such, there isn't going to be an out-of-the-box function in a CMIS client library such as PortCMIS or cmis-ruby which will be able to accomplish that.
  3. Outside of using a CMIS client library, making the /cmisLogout request using the browser binding works because Laserfiche session identification is included in the browser session cookies. The Laserfiche CMIS gateway can then interpret the request correctly to tell Laserfiche server to end the user session.

In the case of PortCMIS, an analogue to (3) above was achievable because there is a way to use the IBindingSession class to access the authentication information from the CMIS session, and use that to send the cmisLogout request "manually" to the Laserfiche CMIS gateway.

I don't know if a similar mechanism exists for the cmis-ruby gem, but that's what you'd need to look for. If it doesn't exist, then it wasn't implemented in the gem and you'd need to find an alternate method to implement the CMIS client functionality.

0 0
replied on September 20, 2017

Hi James, I've been unsuccessful so far trying to get it to work with a gem, but in the meantime I was trying to convert your C# script to Java.

Everything appears to convert over except for these two lines:

IBindingSession bindingSession = session.Binding.GetAuthenticationProvider().Session;
bindingSession.GetHttpInvoker().InvokeGET(cmisLogoutUri,bindingSession);

For the first line, I can get as far as the authentication provider but can't access the session that way.

For the second line, I can't access the HttpInvoker.

I've been trying unsuccessfully to convert those two lines to OpenCMIS, but is it possible there is no OpenCMIS version of those lines?

Thanks

0 0
replied on September 25, 2017

I haven't tried it myself, but you might try experimenting with getHTTPHeaders() method for the authentication provider. This returns a key-value map of HTTP headers that you can add to a web request to the gateway logout URI. In place of the HttpInvoker that PortCMIS exposes, you could try using a general HttpClient with the headers returned from this method.

0 0
replied on September 26, 2017

I'm trying to implement that now, but getHTTPHeaders returns Map<String, List<String>> and the HttpClient method setDefaultHeaders takes a Collection<? extends Header>. I think that's the only roadblock.

0 0
replied on May 25, 2022

Hi,

I know this is an old thread but I was wondering if you ever got this to work in Java as we are having the exact same issue here. We're trying to implement CMIS and closing sessions is the main problem we are facing. 

Thank you for updating if you ever found a solution to this.

0 0
replied on June 1, 2022

Hi André,

Apologies, but I don't remember if this was implemented as originally planned. I don't believe it was.

1 0
replied on June 1, 2022

Hi Brian,

 

Thank you for the follow-up! I will do my own digging trough this.

 

Much appreciated that you take time to update such an old thread!

0 0

Replies

replied on August 18, 2017

To clarify, logging out of the session is a Laserfiche-specific feature, as I don't believe CMIS itself gives you a manual way to end sessions. They simply expire due to inactivity after an editable amount of seconds.

0 0
replied on August 20, 2017

Hi Brian,

You are right, the logging out of the session is a Laserfiche-specific feature, and the URL seems correct. The {repositoryid} is the ID variable used in CMIS, not the repository name. It works as below, when people login the CMIS, it returns a session cookie to the client that can be used in subsequent requests. The session cookie will expire after several minutes if they are not renewed via a request that passes the cookie over. When you want to log out the session, the session cookie should be passed to CMIS in order to clear the session. Another thing to note is that, you'd better use any other request after logging out, or the authentication may be performed again.

0 0
replied on August 21, 2017

Is the logging out only for Form authentication? Because all of the script code was built using Basic authentication, and it seems as though the "log in" / "log out" URL thing is for Form authentication.

 

How can I pass that session cookie over to CMIS? I tried using the CMIS session clear function, but that didn't end the Laserfiche session.

0 0
replied on August 21, 2017

Hi Brian,

It should work for all kinds of authentication. The session cookie is usually passed with every request so that the requests can reuse the same Laserfiche Session previously created. If you cannot get it work, please file a support case, we can help you out.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...