Daily Log for #alfresco IRC Channel

Alfresco discussion and collaboration. Stick around a few hours after asking a question.

Official support for Enterprise subscribers: support.alfresco.com.

Joining the Channel:

Join in the conversation by getting an IRC client and connecting to #alfresco at Freenode. Our you can use the IRC web chat.

More information about the channel is in the wiki.

Getting Help

More help is available in this list of resources.

Daily Log for #alfresco

2016-12-01 08:36:19 GMT <maria_> hi all. we are having troubles with our database installations, it stops and restarts (db admins are looking it). On alfresco, someone started a workflow, that sents notification e-mails mail.execute(bpm_package) on the same time that db failed. That to caused to re-sending all the time notification mails.

2016-12-01 08:37:01 GMT <maria_> how could we stop this resending?

2016-12-01 08:53:12 GMT <maria_> if we set ignore_send_failure to true .. would it be a temporal fix, so as not to keep resending e-mail cause of the db failure?

2016-12-01 09:17:22 GMT <maria_> no.. ignore_send_failure just do not throw the exeption, i just read the MailActionExecuter

2016-12-01 09:17:59 GMT <maria_> so, how can we avoid those emails when db falls down?

2016-12-01 09:31:01 GMT <qwebirc93980> Hello, I have a questions regarding the alfresco-ng2-components. There is no hint if the activiti components are also working with the Activiti Community edition. Anyone has some information about this topic?

2016-12-01 09:33:55 GMT *** qwebirc93980 is now known as maljac

2016-12-01 09:53:09 GMT *** yreg_ is now known as yreg

2016-12-01 09:56:12 GMT <iwkse> hi, if I want to configure the invite page and enable it only for admins, is it enough to add in share-config-custom.xml <authentication>admin</authentication> or I have to override it?

2016-12-01 10:02:19 GMT <AFaust> iwkse: Where in share-config-custom.xml would you put the authentication tag? I am not aware that there is any such support

2016-12-01 10:02:38 GMT <AFaust> You would typically put the authentication section on the page descriptor itself

2016-12-01 10:03:26 GMT <iwkse> AFaust: you're right, it's not on share-config-custom.xml but there's <additional-pages><add-users>add-users></add-users>...

2016-12-01 10:03:29 GMT <iwkse> should be that

2016-12-01 10:04:13 GMT *** IanW2 is now known as IanW1

2016-12-01 10:04:15 GMT <AFaust> Thos are just for site pages not displayed in navigation

2016-12-01 10:04:17 GMT <iwkse> you mean like creating a new page with the same id but the different authentication?

2016-12-01 10:05:02 GMT <iwkse> I see..I saw it has the same url as the invite, I thought it's that

2016-12-01 10:05:28 GMT <AFaust> I mean creating a new Surf page model object and set the authentication there. share-config-custom.xml can be used to configure that new page as the default login page

2016-12-01 10:05:42 GMT <iwkse> AFaust: yes I Think I understood

2016-12-01 10:05:57 GMT <AFaust> ehm - forget the last about the login page

2016-12-01 10:06:01 GMT <iwkse> yeah

2016-12-01 10:06:11 GMT <iwkse> I saw there's this doc, guess it's the same

2016-12-01 10:06:19 GMT <iwkse> http://docs.alfresco.com/5.0/tasks/dev-extensions-share-tutorials-override-login-page.html

2016-12-01 10:06:21 GMT <alfbot> Title: Override Alfresco Share login page | Alfresco Documentation (at docs.alfresco.com)

2016-12-01 10:06:28 GMT <AFaust> but you can override the Surf page model XML of default Share for invite with your custom one that includes the authentication section

2016-12-01 10:06:48 GMT <iwkse> I thought I can just configure it, without creating a new one

2016-12-01 11:06:06 GMT *** angelborroy_ is now known as angelborroy

2016-12-01 11:28:37 GMT <variuss> hi, is it possible to customize share login page to use aikau page instead of surf page?

2016-12-01 11:47:24 GMT <AFaust> variuss: An Aikau page is still a Surf page technically, so yes

2016-12-01 11:48:13 GMT <AFaust> You'd only need to create an actual Surf page object for the Aikau page instead of using the /dp/ws/ pseudo page construct

2016-12-01 11:49:02 GMT <AFaust> https://github.com/aviriel/wrap-aikau-into-surf

2016-12-01 11:49:03 GMT <alfbot> Title: GitHub - aviriel/wrap-aikau-into-surf: Wrapping Aikau pages into Surf pages in Alfresco Share (at github.com)

2016-12-01 11:53:03 GMT <variuss> thank you, that is exatcly what i was looking for :D

2016-12-01 12:04:33 GMT <maria_> is there a way to limit the number of retries, after email sent failed?

2016-12-01 12:05:23 GMT <maria_> RetryingTransactionHelper and maxRetries is connected with this?

2016-12-01 12:10:11 GMT <yreg> guys how can I override this bean ? https://github.com/Alfresco/community-edition/blob/2c1eff9953d3105e738f7b06ba9ba8a079ca4c24/projects/repository/config/alfresco/policy-context.xml#L7

2016-12-01 12:10:12 GMT <alfbot> Title: community-edition/policy-context.xml at 2c1eff9953d3105e738f7b06ba9ba8a079ca4c24 · Alfresco/community-edition · GitHub (at github.com)

2016-12-01 12:10:46 GMT <yreg> I tried module-context and it does not seem to override it !!

2016-12-01 12:24:23 GMT <maria_> server.transaction.max-retries is related to how many times the server will try to resent an email

2016-12-01 12:24:25 GMT <maria_> ?

2016-12-01 12:24:34 GMT <maria_> in transaction.properties

2016-12-01 12:24:44 GMT <maria_> is this customizable?

2016-12-01 12:25:13 GMT <maria_> (sorry for keep asking.. last try.. promise..)

2016-12-01 12:37:07 GMT <AFaust> maria_: RetryingTransactionHelper is only related to actual transaction issues, not email repetitions

2016-12-01 12:37:54 GMT <AFaust> yreg: module-context.xml of a module should be able to override that

2016-12-01 12:38:33 GMT <yreg> Oddly that did not work !

2016-12-01 12:39:11 GMT <AFaust> How did you try to override it? By hard XML or post-processor (got to ask nowadays, since my examples catch on)?

2016-12-01 12:40:25 GMT <AFaust> Looking at the bean class itself there is nothing special about it that should pose a problem either way...

2016-12-01 12:43:30 GMT <AFaust> And looking at the Spring file load order via application-context.xml the module-context.xml files are loaded AFTER the original file, so you should not encounter an issue with incorrect precedence

2016-12-01 12:50:26 GMT <AFaust> Oh boy - I hope some day Alfresco will use a better + consistent JSON library other than org.json or org.json.simple...

2016-12-01 12:52:49 GMT <AFaust> When querying large result sets from SOLR when most (if not all) of data/query results have already been cached, it becomes apparent how inefficient org.json really is. About 40% of time parsing SOLR JSON result is just wasted trial&error-ing the conversion of numerical values...

2016-12-01 12:58:03 GMT <maria_> AFaust thanks. will keep looking..

2016-12-01 12:58:12 GMT <maria_> ..for the email.

2016-12-01 13:01:57 GMT <AFaust> Phew - overhead of this inefficient type handling is about twice as big as the actual construction of the result set object (and all the parsing/handling that involves)

2016-12-01 13:08:28 GMT <bhagyas> AFaust: fix it

2016-12-01 13:08:29 GMT <bhagyas> :P

2016-12-01 13:11:15 GMT <AFaust> I don't think I need to. Looks like most of the issue could be solved by simply updating that library to something newer than from 2009

2016-12-01 13:11:22 GMT <mikel_asla> maria: have you checked that is not your smtp server how is doing the repetitions?

2016-12-01 13:12:01 GMT <mikel_asla> smtp servers do that when the receive a temporary error sending a email

2016-12-01 13:16:45 GMT <yreg> AFaust, it was correctly overridden

2016-12-01 13:26:59 GMT <yreg_> the issue was that my overriding bean has a private reference of the old implementation to which it was forwarding some commands

2016-12-01 13:27:40 GMT <yreg_> one of them was registering the wrong bean somewhere and thus I got the wrong impression that the bean was not overridden

2016-12-01 13:27:46 GMT *** yreg_ is now known as yreg

2016-12-01 13:55:21 GMT <IanW1> this Authentication/SSO code is such a mess - still trying to work out why just my user can't login...

2016-12-01 13:57:39 GMT <IanW1> The SimpleCredentialVault in the session with key _alfwsf_vaults_credential.vault.provider knows who I am but AuthenticationUtil.getUserId doesn't

2016-12-01 14:05:07 GMT <AFaust> IanW1: Any SSO filter is supposed to se the user ID in the session for the AuthenticationUtil to pick up

2016-12-01 14:05:44 GMT <AFaust> At least that is what the default SSOAuthenticationFilter does in its "onSuccess" handler

2016-12-01 14:06:47 GMT <IanW1> I know, roughly, how it's supposed to work, just having difficultly tracking down why it doesn't work for one particular user - me!

2016-12-01 14:06:50 GMT <AFaust> But I bet you are talking about the lines 534 - 552 (or somewhere in that area) where the userId is checked before the onSuccess

2016-12-01 14:10:04 GMT <IanW1> I think I'm having more of a problem around the call to touch at 850 ish - userId is null but the call to touch is returning with 200

2016-12-01 14:10:55 GMT <AFaust> I just checked that method as well to see if something broken popped up on casual glance

2016-12-01 14:14:23 GMT <AFaust> I am somewhat missing an external auth header to be set on the connector context in that method

2016-12-01 14:14:45 GMT <IanW1> For this one particular user something knows it's logged in but getRemoteUser doesn't

2016-12-01 14:15:40 GMT <AFaust> Well - then the problem must be earlier in the processing chain since that sort-of is a prerequisite for all...

2016-12-01 14:17:37 GMT <IanW1> yes - I think part of the problem is because the call to remote is returning OK when userId is null which I suspect means that it's not getting to the part where the remoteuser is set

2016-12-01 14:18:29 GMT <IanW1> the really odd thing is why it works for all the users I've tried except me

2016-12-01 14:20:18 GMT <IanW1> It would help if there was a consistent way of checking if somebody was logged in...

2016-12-01 14:26:19 GMT <iblanco> Good afternoon everyone

2016-12-01 14:27:59 GMT <iblanco> Does anyone know which one is the cleanest/safest way of checking with the Java API if a group is a special Site group?

2016-12-01 14:33:49 GMT <iblanco> I'm looking for something like authorityService.isSiteService or something like that, but it doesn't seem to exist.

2016-12-01 14:39:21 GMT <iblanco> Do you think this might be reasonable:

2016-12-01 14:39:28 GMT <iblanco> private boolean isSiteAuthority(String authority)

2016-12-01 14:39:28 GMT <iblanco> {

2016-12-01 14:39:29 GMT <iblanco> AuthorityService authorityService = serviceRegistry.getAuthorityService();

2016-12-01 14:39:29 GMT <iblanco> Set<String> zones = authorityService.getAuthorityZones(authority);

2016-12-01 14:39:29 GMT <iblanco> return zones.contains(AuthorityService.ZONE_APP_SHARE);

2016-12-01 14:39:29 GMT <iblanco> }

2016-12-01 14:46:42 GMT <AFaust> Nope

2016-12-01 14:47:28 GMT <AFaust> ZONE_APP_SHARE may be used by other constructs as well - you can't rely on only site groups to be contained in that zone

2016-12-01 14:49:07 GMT <AFaust> Best option is a combination of name pattern match and verification (of extracted fragments regarding site short name and role) via SiteService.getSiteGroup

2016-12-01 14:54:03 GMT <iblanco> Ummm, ok right, I'll do it that way, thanks.

2016-12-01 15:04:12 GMT <iwkse> AFaust: so actually when the user is not a site Manager, just the link is hidden? That page has user access, but as I can see the code just add/hide the menu (there's also the link button on the members page)

2016-12-01 15:05:21 GMT <iwkse> /link/user add link/

2016-12-01 15:05:55 GMT <AFaust> iwkse: The <authentication> element in Surf model objects does not work that way - it only allows differentiation of who is allowed to access the page on user group level, i.e. admin vs. user vs. guest vs none

2016-12-01 15:06:08 GMT <AFaust> It is not used at all to generate navigation items / links

2016-12-01 15:06:42 GMT <AFaust> So even if a page were to be restricted to admin it could still show up anywhere unless the code that generates the navigation links takes care of performing necessary checks

2016-12-01 15:07:34 GMT <iwkse> I see

2016-12-01 15:07:56 GMT <AFaust> In default Alfresco header, no checks are performed against the <authentication> element as the header is only checking the additional pages section in share-config which cannot contain authentication information

2016-12-01 15:08:35 GMT <iwkse> AFaust: I mean in the imports/share-header.lib.js

2016-12-01 15:08:54 GMT <AFaust> there is no check there - that is what I meant

2016-12-01 15:08:56 GMT <iwkse> there's a check for the using being site Manager, so that it adds the link

2016-12-01 15:09:10 GMT <AFaust> the only thing you can do is add groupMembership conditions to the Aikau widgets yourself

2016-12-01 15:09:26 GMT <AFaust> ah - yes, that is one of those special checks

2016-12-01 15:09:44 GMT <iwkse> but as I said..it's just the link

2016-12-01 15:09:48 GMT <iwkse> if you know the url you can access

2016-12-01 15:09:50 GMT <AFaust> But that does not relate to any definition for the page at all - it is just hard-coded that way

2016-12-01 15:09:56 GMT <AFaust> correct

2016-12-01 15:10:17 GMT <AFaust> because the page security model does not provide for any means to configure such a check

2016-12-01 15:10:24 GMT <iwkse> I see

2016-12-01 15:10:55 GMT <iwkse> but setting the page authentication to admin, should work I suppose

2016-12-01 15:11:09 GMT <iwkse> from the page definition

2016-12-01 15:11:33 GMT <AFaust> When I had such requirements in past projects I have always created a construct for generic access checking myself, i.e. introduced a property for the page <properties> section and used that in a generic *.js file to check if the current page could be accessed by the current user and redirect if not

2016-12-01 15:11:50 GMT <iwkse> ah I see

2016-12-01 15:11:57 GMT <AFaust> Yes - that would restrict the page to admin only but would mean that SiteManager that are not admin cannot access the page

2016-12-01 15:12:15 GMT <iwkse> yes actually it's fine that way in this case

2016-12-01 15:12:25 GMT <iwkse> but I'm interested to look at better ways

2016-12-01 15:12:29 GMT <iwkse> more flexible

2016-12-01 15:13:00 GMT <iwkse> I think I got what you mean

2016-12-01 15:13:03 GMT <iwkse> :)

2016-12-01 17:25:24 GMT <yreg> QQ: what's the difference between /s and /wcs endpoints in alfresco

2016-12-01 17:48:11 GMT <AFaust> yreg: /s is always BASIC authentication, /wcs is secured by SSO handlers (if enabled)

2016-12-01 17:49:25 GMT <AFaust> both are shortcuts for /service and /wcservice respectively (this is where one question of the certification exam is plain wrong, because you are asked to choose from those /s, /wcs, /wcservice and /service which endpoint provides ReST services - and all are actually correct)

End of Daily Log

The other logs are at http://esplins.org/hash_alfresco