Alfresco discussion and collaboration. Stick around a few hours after asking a question.
Official support for Enterprise subscribers: support.alfresco.com.
Join in the conversation by getting an IRC client and connecting to #alfresco at Freenode. Our you can use the IRC web chat.
More information about the channel is in the wiki.
More help is available in this list of resources.
2020-02-14 11:12:07 GMT <alfresco-discord> <dgradecak> still surprised how the guys on gitter ignore questions
2020-02-14 12:10:48 GMT <AFaust> dgradecak: you actually piqued my interest in the recent activity on that channel. It used to be quite pointless, people asking about stuff that did not belong there.
2020-02-14 12:11:18 GMT <AFaust> Good to see they finally upgraded to 8.0.1 - just upgraded my own from 8.0.1 to 8.0.2
2020-02-14 12:11:48 GMT <angelborroy> 8.0.1???
2020-02-14 12:11:55 GMT <AFaust> Keycloak
2020-02-14 12:12:00 GMT <angelborroy> Ah, ok
2020-02-14 12:14:29 GMT <AFaust> But still, it is only a minor realm template and mostly (looks like 80% of commits) deals with k8s stuff.
2020-02-14 12:19:52 GMT <AFaust> dgradecak: Count yourself lucky that your simple JWT token validation use case works with the default identity service subsystem. Today I am finally working on adapting my Share-tier to the recent Repository tier enhancements, and have to deal with a lot of the Share background requests which might need custom exemptions from SSO handling on Repository-tier (have seen similar issues before with Kerberos/NTLM, e.g. edition info
2020-02-14 12:19:53 GMT <AFaust> not being able to be loaded until the first user successfully logs in)
2020-02-14 12:21:52 GMT <angelborroy> AFaust interested to hear your opinion on moving to ElasticSearch
2020-02-14 12:22:07 GMT <angelborroy> Some thoughts to share?
2020-02-14 12:22:34 GMT <AFaust> Honestly, for some reason, ElasticSearch never came up in any of my work before, so it is kind of a large blind spot for me
2020-02-14 12:23:09 GMT <AFaust> I mean, I know what it is, but haven't really come close to using it even once...
2020-02-14 12:25:13 GMT <AFaust> I am immediately put off by all the marketing-only results that flood Google results - and the fact that their crappy corporate web site tries to force-feed me the German version when all I want is the English one
2020-02-14 12:25:28 GMT <angelborroy> I guess SolrCloud is a better option
2020-02-14 12:25:43 GMT <angelborroy> But there are many people pushing us to move to Elastic
2020-02-14 12:31:11 GMT <AFaust> I can imagine how NA markets are pushing in that direction. Same as they did with the cloud first-like and specialised apps strategies...
2020-02-14 12:31:27 GMT <angelborroy> You’re right
2020-02-14 12:33:19 GMT <AFaust> Not sure what specific problems people think they'd solve with a move that could not be solved with SOLR (or just some bit of better engineering)
2020-02-14 12:33:44 GMT <angelborroy> Deployment at scale
2020-02-14 12:33:56 GMT <angelborroy> We planned moving to SolrCloud because of this
2020-02-14 12:33:58 GMT <AFaust> I mean, the benefits of a move must somehow more than make up for the effort / support cost of the move / implementation ...
2020-02-14 12:34:27 GMT <angelborroy> But some people think that moving to Elastic will solve “magically” deploying large indexes
2020-02-14 12:34:49 GMT <angelborroy> Both Elastic and SolrCore are more or less the same for that kind of deployments
2020-02-14 12:34:59 GMT <angelborroy> But Amazon is supporting Elastic better
2020-02-14 12:35:11 GMT <AFaust> Isn't it the case that ElasticSearch does not support splitting of Shards?
2020-02-14 12:35:23 GMT <AFaust> Ahh... yes. The Amazon argument...
2020-02-14 14:27:45 GMT <alfresco-discord> <dgradecak> AFaust: actually it is not a simple use case, but it is a simple usage of it inside alfresco, where just reusing all the stuff that is there
2020-02-14 14:28:22 GMT <alfresco-discord> <dgradecak> however, on gitter nothing, I am sure we will have more info here in the next days 😉
2020-02-14 14:29:09 GMT <alfresco-discord> <dgradecak> I guess the KC adapter 4.5 would not work on 8 ?
2020-02-14 14:48:27 GMT <AFaust> it would work, but not support some of the newer/changed features
2020-02-14 14:49:28 GMT <AFaust> basic token handling should be largely unaffected by version discrepancies
2020-02-14 14:53:54 GMT <alfresco-discord> <digcat> @angel.borroy just to add to the idea of 'moving' to elasticsearch, it would be good if alfresco supported both solr and elastic, imo, but focusing just on elastic I would think would be a bad idea, particularly considering the case with elastic, and amazon being accused of strip mining it. Not sure when that case hits the courts, but i would think alfresco should be mindful it doesn't happen to them,
2020-02-14 14:53:55 GMT <alfresco-discord> https://www.itpro.co.uk/cloud/amazon-web-services-aws/354364/open-source-rivals-considered-suing-amazon-over-strip-mining
2020-02-14 14:55:23 GMT <angelborroy> Yep, I knew already that
2020-02-14 14:55:24 GMT <angelborroy> Thanks
2020-02-14 14:57:15 GMT <alfresco-discord> <digcat> would there be no chance of supporting both solr and elastic and the next bright shiny search tool that comes along ?
2020-02-14 15:13:47 GMT <angelborroy> I don’t think so
2020-02-14 15:13:52 GMT <angelborroy> That would require 2 teams
2020-02-14 15:28:20 GMT <AFaust> Or one team that is capable of learning multiple technologies...
2020-02-14 15:31:10 GMT <alfresco-discord> <LuisColorado> There are two new properties that are affecting some existing code, see https://github.com/Alfresco/alfresco-repository/blob/master/src/main/resources/alfresco/repository.properties: # If enabled doesn't allow to set content properties via NodeService contentPropertyRestrictions.enabled=true contentPropertyRestrictions.white.list=
2020-02-14 15:33:11 GMT <alfresco-discord> <LuisColorado> It seems to be related to an internal Jira, REPO-4619. I don't have access to it, but I see lots of changes related to it: https://github.com/Alfresco/alfresco-repository/pull/595
2020-02-14 15:33:14 GMT <alfbot> Title:REPO-4619 Add content property restrictions via interceptor by killerboot · Pull Request #595 · Alfresco/alfresco-repository · GitHub (at github.com)
2020-02-14 15:34:20 GMT <alfresco-discord> <LuisColorado> Does anybody know what was the rationale for this change? It looks like it fixes a possible security weakness (changing the content property), but it's not documented
2020-02-14 15:39:45 GMT <alfresco-discord> <LuisColorado> This can break the bulk importer add-on and other tools.
2020-02-14 15:40:07 GMT <alfresco-discord> <LuisColorado> What are the risks of disabling this?
2020-02-14 15:43:27 GMT <alfresco-discord> <PJ> just pushed a new improvement of APS SDK
2020-02-14 15:43:29 GMT <alfresco-discord> <PJ> https://github.com/OpenPj/alfresco-process-services-project-sdk
2020-02-14 15:43:30 GMT <alfbot> Title:GitHub - OpenPj/alfresco-process-services-project-sdk: Alfresco Process Services Project Module SDK (at github.com)
2020-02-14 15:43:47 GMT <alfresco-discord> <PJ> now we can run: mvn clean install docker:build docker:start
2020-02-14 15:44:08 GMT <alfresco-discord> <PJ> the APS SDK will generate the extensions JAR, then the overlayed WAR and then the related Docker container
2020-02-14 15:44:19 GMT <alfresco-discord> <PJ> for stopping the container just run: mvn docker:stop
2020-02-14 15:44:24 GMT <alfresco-discord> <PJ> hope this helps 🙂
2020-02-14 16:00:30 GMT <alfresco-discord> <dgradecak> any of you using ADF enterprise apps? no idea how it is called now anymore 😄
2020-02-14 16:00:55 GMT <alfresco-discord> <dgradecak> @PJ did you ever try ADF components for APS ?
2020-02-14 19:12:30 GMT <alfresco-discord> <PJ> @dgradecak not yet, but consider that we (as TAI Solutions) are more focused on middleware and backend systems
2020-02-14 21:59:04 GMT <AFaust> LuisColorado: I believe it was discussed in this channel a few days/weeks ago. I ran into it and complained about the stupidity of the change.
2020-02-14 21:59:50 GMT <AFaust> Check history of January 15th (provided the IRC / Discord sync was not broken that day)
2020-02-14 22:00:34 GMT <AFaust> angelborroy provided some details from the internal JIRA...
2020-02-14 22:00:41 GMT <AFaust> "The investigation showed that this issue is applicable to any APIs as it is how NodeService <-> ContentService interaction is handled. Unfortunately there is no embedded functionality in Alfresco which can control permissions on individual properties. As a midterm fix (until permission model is rearchitected) I tried to apply restrictions on setting a content type property on a node. The approach is to throw an exception..."
2020-02-14 22:00:51 GMT <AFaust> "what code is trying to set a node property of content type directly through NodeService instead of using a ContentWriter from ContentService. The ContentService (or any other trusted service) can use an unrestricted method to set the content property."
2020-02-14 22:01:57 GMT <AFaust> and so on... not going to repeat everything now, since he copied the entire description with some opinions / discussions about potential approaches
2020-02-14 22:02:31 GMT <AFaust> I have disabled that feature immediately after realising how stupid it is...
2020-02-14 22:03:08 GMT <AFaust> My reason: "Too bad that the only way to copy content without doing a full copy or duplicating content on disk is by setting the content properties selectively..." - which this "feature" now prevents.
2020-02-14 22:05:07 GMT <AFaust> Though there is a valid reason for this change by Alfresco: the ability to copy / set "d:content" properties via NodeService circumvents the check on the WriteContent permission done on the ContentService (the node service cannot make such a permission check since the AOP handling does not "know" what properties are changed and there are no property-specific permissions)
2020-02-14 22:06:20 GMT <AFaust> One huge problem with the change: The white list property does not work at all - "This is especially bad because the typo (missing $) in https://github.com/Alfresco/alfresco-repository/blob/master/src/main/resources/alfresco/public-services-context.xml#L95 means I cannot white list my caller, so have to disable the entire interceptor or override its XML..."
2020-02-14 22:06:21 GMT <alfbot> Title:alfresco-repository/public-services-context.xml at master · Alfresco/alfresco-repository · GitHub (at github.com)
The other logs are at http://esplins.org/hash_alfresco