Daily Log for #alfresco IRC Channel

Alfresco discussion and collaboration. Stick around a few hours after asking a question.

Official support for Enterprise subscribers: support.alfresco.com.

Joining the Channel:

Join in the conversation by getting an IRC client and connecting to #alfresco at Freenode. Our you can use the IRC web chat.

More information about the channel is in the wiki.

Getting Help

More help is available in this list of resources.

Daily Log for #alfresco

2018-03-05 06:44:43 GMT <manisha_> I am trying to scan the files for the presence of virus using clamAV

2018-03-05 06:45:01 GMT <manisha_> so,I am exploring the addon https://github.com/fegorama/alfviral

2018-03-05 06:45:02 GMT <alfbot> Title: GitHub - fegorama/alfviral: Alfresco Virus Alert (at github.com)

2018-03-05 06:45:37 GMT <manisha_> the action is working perfectly

2018-03-05 06:46:20 GMT <manisha_> that is through the action,we are able to detect the files for the presence of virus

2018-03-05 06:47:26 GMT <manisha_> but,when the scheduler is running,it is giving 2018-03-05 12:09:01,696 ERROR [quartz.core.JobRunShell] [DefaultScheduler_Worker-5] Job jobGroupScanFolder.jobScanFolder threw an unhandled Exception: org.alfresco.scripts.ScriptException: 02050024 Failed to execute script 'workspace://SpacesStore/4b1ebc0f-4e96-4cf5-952b-04282f1aed09': null

2018-03-05 06:48:53 GMT <manisha_> that is it is not able to execute the ScriptScanFolder.js file

2018-03-05 06:49:16 GMT <manisha_> the ScriptScanFolder.js file is https://pastebin.com/DF13HJNA

2018-03-05 06:49:17 GMT <alfbot> Title: <import resource="classpath:alfresco/module/alfviral/templates/scripts/ScanFolde - Pastebin.com (at pastebin.com)

2018-03-05 06:49:41 GMT <manisha_> can anyone help me why it is giving null in this script

2018-03-05 07:05:08 GMT <manisha_> I am trying to scan the files for the presence of virus using clamAV

2018-03-05 07:05:14 GMT <manisha_> so,I am exploring the addon https://github.com/fegorama/alfviral

2018-03-05 07:05:15 GMT <alfbot> Title: GitHub - fegorama/alfviral: Alfresco Virus Alert (at github.com)

2018-03-05 07:05:22 GMT <manisha_> the action is working perfectly

2018-03-05 07:05:35 GMT <manisha_> that is through the action,we are able to detect the files for the presence of virus

2018-03-05 07:05:44 GMT <manisha_> but,when the scheduler is running,it is giving 2018-03-05 12:09:01,696 ERROR [quartz.core.JobRunShell] [DefaultScheduler_Worker-5] Job jobGroupScanFolder.jobScanFolder threw an unhandled Exception: org.alfresco.scripts.ScriptException: 02050024 Failed to execute script 'workspace://SpacesStore/4b1ebc0f-4e96-4cf5-952b-04282f1aed09': null

2018-03-05 07:05:52 GMT <manisha_> that is it is not able to execute the ScriptScanFolder.js file

2018-03-05 07:06:01 GMT <manisha_> the ScriptScanFolder.js file is https://pastebin.com/DF13HJNA

2018-03-05 07:06:02 GMT <alfbot> Title: <import resource="classpath:alfresco/module/alfviral/templates/scripts/ScanFolde - Pastebin.com (at pastebin.com)

2018-03-05 07:06:14 GMT <manisha_> can anyone help me why it is giving null in this script

2018-03-05 08:03:28 GMT <yreg> Morning

2018-03-05 09:39:49 GMT <owerfelli> Morning all !

2018-03-05 09:41:09 GMT <owerfelli> can anyone help me on this https://stackoverflow.com/questions/49067844/alfresco-custom-url-access-authorization

2018-03-05 09:41:10 GMT <alfbot> Title: java - Alfresco custom url access authorization - Stack Overflow (at stackoverflow.com)

2018-03-05 09:48:19 GMT <yreg> owerfelli, You are more likely to get more interaction if you use community.alfresco.com ...

2018-03-05 09:48:29 GMT <yreg> just a note for the future

2018-03-05 09:48:36 GMT <yreg> Morning everyone

2018-03-05 09:50:18 GMT <yreg> owerfelli, as for your question, I think that WGhribi had actually implemented this feature in Averroes while I was still working by your current employer ...

2018-03-05 09:51:25 GMT <yreg> It's possibly (probably) that the associated code is currently collecting dust in some forgotten feature branch

2018-03-05 09:54:23 GMT <owerfelli> yreg, he integrated BECPG extension to manage permissions, it manage node permission not for urls

2018-03-05 10:04:01 GMT <owerfelli> I will post it in community.alfresco..

2018-03-05 10:09:07 GMT <yreg> owerfelli, my memory might be a bit dusty, but the assignment looked like he was doing some role based filtering on the URL... and that he was relying on group membership based roles for either fall through to the next filter or redirect to an access denied page... He also had some license based checking as well over there if I recall right...

2018-03-05 10:13:08 GMT <DarkStar1> A good (snowy) morning to everyone

2018-03-05 10:14:13 GMT <Tichodroma> Spring is coming :)

2018-03-05 10:36:07 GMT <yreg> DarkStar1, I don't know about you, but all snow has already melt away over here <grin>

2018-03-05 10:36:32 GMT <yreg> Guys, is there any addon out there to hide the quick share link in Alfresco Share ?

2018-03-05 10:38:47 GMT <yreg> well it seems like system.quickshare.enabled=false would be enough according to a dusty thread on the community platfor dating from 2013

2018-03-05 10:38:54 GMT <yreg> will try it out later

2018-03-05 10:44:41 GMT <owerfelli> yreg, I checked it now, it works fine in its context, it manage permission in nodes, but we want to implement a generic mechanism like spring security config for example

2018-03-05 10:47:39 GMT <Tichodroma> A Share web script with <authentication>none</authentication> should not require any authentication. Including such a web script already in th login screen /share/page/ should return 200 OK.

2018-03-05 10:48:35 GMT <Tichodroma> This works as expected in a non-SSO setup. But with SSO/Kerberos enabled, the request for such a Share web script has the status code 401 which looks ugly for a auser without a SSO ticket:

2018-03-05 10:49:02 GMT <Tichodroma> He will see the login form in the browser *plus* the login dialog of the browser triggered by the 401 response.

2018-03-05 10:49:44 GMT <Tichodroma> Has anybody come across this behaviour? Any hints what can be done to not have the 401 code for a user with no SSO ticket in a SSO/Kerberos setup?

2018-03-05 10:56:31 GMT <yreg> Tichodroma, I have came across this since 5.1.3 on multiple instances, and even though clients complained a bit about it initially, they did not want to invest effort in it since it only affected test/acceptance (where people could actually access Alfresco directly without the reverse proxy that handles authentication being in front)

2018-03-05 10:57:31 GMT <Tichodroma> so your users usually have a valid Kerberos ticket and don't see this behaviour?

2018-03-05 10:58:50 GMT <yreg> Tichodroma, they never see this behaviour as if they wouldn't have the valid authentication they would be prompted on the level of the reverse proxy for SSO login

2018-03-05 10:58:59 GMT <yreg> at least not on prod

2018-03-05 10:59:13 GMT <Tichodroma> OK

2018-03-05 11:01:21 GMT <Tichodroma> I wonder at which level the 401 together with the header WWW-Authenticate:Negotiate is added. The web script itself should happily return 200 so this must happen earlier.

2018-03-05 11:01:51 GMT <yreg> Tichodroma, the SSO filter possibly ?

2018-03-05 11:02:14 GMT <Tichodroma> perhaps. There probalby is no way to exclude certain paths from authentication in the SSO filter.

2018-03-05 11:18:28 GMT <AFaust> Tichodroma, yreg: The SSO filter already checks for the authentication of a page, provided it can be properly resolved...

2018-03-05 11:19:22 GMT <AFaust> There is a check against "none" in there where it would then simply continue without putting in the WWW-Authenticate header

2018-03-05 11:20:16 GMT <AFaust> Does your page controller JS or any of the component JS (web scripts) perform any call against the repository using the default "alfresco" endpoint?

2018-03-05 11:20:42 GMT <AFaust> That would trigger SSO in the backend and likely cause Share to send the WWW-Authenticate forward to the client.

2018-03-05 11:20:58 GMT <AFaust> There is a special "alfresco-noauth" endpoint to use for such cases...

2018-03-05 11:23:51 GMT <Tichodroma> AFaust: yes, that could be the reason. I am trying to use a different endpoint.

2018-03-05 11:24:13 GMT <popochon2> hi

2018-03-05 11:25:12 GMT <DarkStar1> yreg: Was snowing until a few minutes ago here

2018-03-05 11:25:23 GMT <Tichodroma> AFaust: in the repository I can use /wcservice instead of /service. Is there something similar in Share?

2018-03-05 11:26:42 GMT <AFaust> No, there is nothing like that on Share since the SSO filter is already suppossed to only apply SSO on URLs with required authentication != none

2018-03-05 11:27:11 GMT <Tichodroma> strange

2018-03-05 11:28:08 GMT <AFaust> The only other reason (other than the backend endpoint stuff) that I could think of breaking this is the mapping of single web scripts to the "page" object in the Spring MVC / Surf integration...

2018-03-05 11:29:21 GMT <Tichodroma> the path is /share/service/foo/bar

2018-03-05 11:29:35 GMT <AFaust> The SSO filter can only handle non-SSO correctly if the "page" object could be resolved and the required authentication it provides is "none". So far I could only find the web scripts view resolver, but not yet how that maps to a "page" object...

2018-03-05 11:30:22 GMT <AFaust> The URL does not really matter. /share/service... and /share/page... are virtually the same...

2018-03-05 11:30:36 GMT <Tichodroma> !

2018-03-05 11:32:00 GMT <popochon2> I need some advice about workflows. I have an activiti workflow deployed and in use. In one instance of the WF I must change a execution variable (a collection where actores are listed). I think best aproach is an JS executed through console, but i cant find correct API to get variables from execution of an ongoing WF. Any tip about this? thanks a lot.

2018-03-05 11:32:01 GMT <AFaust> They were different in Alfresco 4.x and below, but now /service/ is only an alias for /page/

2018-03-05 11:32:09 GMT <Tichodroma> I see.

2018-03-05 11:34:16 GMT <AFaust> popochon2: Do you mean JavaScript console? The Alfresco Script API for workflows does not provide any access to execution variables unless they are mapped via the workflow / task models. You'd have to circumvent the abstraction and go directly to the Activiti service layer to deal with any low-level stuff if you have not exposed the variable you need to handle.

2018-03-05 11:34:57 GMT <AFaust> Also keep in mind that Alfresco Script API for workflows only supports updating of task variables - there is no way to update execution variables from outside of a workflow after it has been started.

2018-03-05 11:35:59 GMT <AFaust> Though you can technically use the Workflow Console to do variable updates - but that would have to be by hand and one-by-one, since the Workflow Console is an interpreter and does not support execution of JS

2018-03-05 11:43:56 GMT <popochon2> In Alfresco console I have seen a command "VAR" but seems . I Did not find a way to change workflow custom variables. I will try it again and if I can not find a solution I will bother you again :P thank you a lot

2018-03-05 11:44:19 GMT <popochon2> (Alfresco workflow console I mean)

2018-03-05 12:03:06 GMT <hi-ko> I also have an issue in 5.2 with sso enabled kerberos config: In 5.0 there was a work around to disable the global auth filter to allow basic auth on webdav. In 5.2. this work around doesn't work any more. Any hints/experience?

2018-03-05 12:03:18 GMT <hi-ko> ALF-21521

2018-03-05 13:01:47 GMT <hi-ko> ~later tell angelborroy alf-21757-repo

2018-03-05 13:01:47 GMT <alfbot> hi-ko: The operation succeeded.

2018-03-05 13:01:47 GMT <hi-ko> patch not working in 5.2. Did you observe the same? https://issues.alfresco.com/jira/browse/ALF-21757

2018-03-05 13:13:03 GMT <Tichodroma> A Share customization like this https://bpaste.net/show/032d240254ff will be applied on all pages due to <targetPackageRoot>org.alfresco</targetPackageRoot>

2018-03-05 13:13:04 GMT <alfbot> Title: show at bpaste (at bpaste.net)

2018-03-05 13:13:16 GMT <Tichodroma> How do you only apply it on pages that are *not* the login page?

2018-03-05 13:48:14 GMT <qwebirc9475> how to get user belong groups with java api

2018-03-05 13:56:44 GMT <Tichodroma> Do you want to get all groups a user belongs to or do you want to test if a user belongs to a specific group?

2018-03-05 14:04:05 GMT <qwebirc9475> want to check whether user belongs to group or not ?

2018-03-05 14:10:19 GMT <qwebirc9475> got it authorityService.getAuthoritiesForUser(userName).contains("GROUP_EVERYONE")

2018-03-05 14:58:09 GMT *** mmccarthy1 is now known as mmccarthy

2018-03-05 16:02:30 GMT <AFaust> Tichodroma: That Share customization of yours only applies to the login page if you provide a post-processor for that page in the sourcePackageRoot...

2018-03-05 16:03:09 GMT <AFaust> If you don't want it to apply to the login page, do not include a post processor - or use an evaluator for your Surf extension module that filters on the request URL to exclude the login page

End of Daily Log

The other logs are at http://esplins.org/hash_alfresco