Daily Log for #alfresco IRC Channel

Alfresco discussion and collaboration. Stick around a few hours after asking a question.

Official support for Enterprise subscribers: support.alfresco.com.

Joining the Channel:

Join in the conversation by getting an IRC client and connecting to #alfresco at Freenode. Our you can use the IRC web chat.

More information about the channel is in the wiki.

Getting Help

More help is available in this list of resources.

Daily Log for #alfresco

2020-02-14 11:12:07 GMT <alfresco-discord> <dgradecak> still surprised how the guys on gitter ignore questions

2020-02-14 12:10:48 GMT <AFaust> dgradecak: you actually piqued my interest in the recent activity on that channel. It used to be quite pointless, people asking about stuff that did not belong there.

2020-02-14 12:11:18 GMT <AFaust> Good to see they finally upgraded to 8.0.1 - just upgraded my own from 8.0.1 to 8.0.2

2020-02-14 12:11:48 GMT <angelborroy> 8.0.1???

2020-02-14 12:11:55 GMT <AFaust> Keycloak

2020-02-14 12:12:00 GMT <angelborroy> Ah, ok

2020-02-14 12:14:29 GMT <AFaust> But still, it is only a minor realm template and mostly (looks like 80% of commits) deals with k8s stuff.

2020-02-14 12:19:52 GMT <AFaust> dgradecak: Count yourself lucky that your simple JWT token validation use case works with the default identity service subsystem. Today I am finally working on adapting my Share-tier to the recent Repository tier enhancements, and have to deal with a lot of the Share background requests which might need custom exemptions from SSO handling on Repository-tier (have seen similar issues before with Kerberos/NTLM, e.g. edition info

2020-02-14 12:19:53 GMT <AFaust> not being able to be loaded until the first user successfully logs in)

2020-02-14 12:21:52 GMT <angelborroy> AFaust interested to hear your opinion on moving to ElasticSearch

2020-02-14 12:22:07 GMT <angelborroy> Some thoughts to share?

2020-02-14 12:22:34 GMT <AFaust> Honestly, for some reason, ElasticSearch never came up in any of my work before, so it is kind of a large blind spot for me

2020-02-14 12:23:09 GMT <AFaust> I mean, I know what it is, but haven't really come close to using it even once...

2020-02-14 12:25:13 GMT <AFaust> I am immediately put off by all the marketing-only results that flood Google results - and the fact that their crappy corporate web site tries to force-feed me the German version when all I want is the English one

2020-02-14 12:25:28 GMT <angelborroy> I guess SolrCloud is a better option

2020-02-14 12:25:43 GMT <angelborroy> But there are many people pushing us to move to Elastic

2020-02-14 12:31:11 GMT <AFaust> I can imagine how NA markets are pushing in that direction. Same as they did with the cloud first-like and specialised apps strategies...

2020-02-14 12:31:27 GMT <angelborroy> You’re right

2020-02-14 12:33:19 GMT <AFaust> Not sure what specific problems people think they'd solve with a move that could not be solved with SOLR (or just some bit of better engineering)

2020-02-14 12:33:44 GMT <angelborroy> Deployment at scale

2020-02-14 12:33:56 GMT <angelborroy> We planned moving to SolrCloud because of this

2020-02-14 12:33:58 GMT <AFaust> I mean, the benefits of a move must somehow more than make up for the effort / support cost of the move / implementation ...

2020-02-14 12:34:27 GMT <angelborroy> But some people think that moving to Elastic will solve “magically” deploying large indexes

2020-02-14 12:34:49 GMT <angelborroy> Both Elastic and SolrCore are more or less the same for that kind of deployments

2020-02-14 12:34:59 GMT <angelborroy> But Amazon is supporting Elastic better

2020-02-14 12:35:11 GMT <AFaust> Isn't it the case that ElasticSearch does not support splitting of Shards?

2020-02-14 12:35:23 GMT <AFaust> Ahh... yes. The Amazon argument...

2020-02-14 14:27:45 GMT <alfresco-discord> <dgradecak> AFaust: actually it is not a simple use case, but it is a simple usage of it inside alfresco, where just reusing all the stuff that is there

2020-02-14 14:28:22 GMT <alfresco-discord> <dgradecak> however, on gitter nothing, I am sure we will have more info here in the next days 😉

2020-02-14 14:29:09 GMT <alfresco-discord> <dgradecak> I guess the KC adapter 4.5 would not work on 8 ?

2020-02-14 14:48:27 GMT <AFaust> it would work, but not support some of the newer/changed features

2020-02-14 14:49:28 GMT <AFaust> basic token handling should be largely unaffected by version discrepancies

2020-02-14 14:53:54 GMT <alfresco-discord> <digcat> @angel.borroy just to add to the idea of 'moving' to elasticsearch, it would be good if alfresco supported both solr and elastic, imo, but focusing just on elastic I would think would be a bad idea, particularly considering the case with elastic, and amazon being accused of strip mining it. Not sure when that case hits the courts, but i would think alfresco should be mindful it doesn't happen to them,

2020-02-14 14:53:55 GMT <alfresco-discord> https://www.itpro.co.uk/cloud/amazon-web-services-aws/354364/open-source-rivals-considered-suing-amazon-over-strip-mining

2020-02-14 14:55:23 GMT <angelborroy> Yep, I knew already that

2020-02-14 14:55:24 GMT <angelborroy> Thanks

2020-02-14 14:57:15 GMT <alfresco-discord> <digcat> would there be no chance of supporting both solr and elastic and the next bright shiny search tool that comes along ?

2020-02-14 15:13:47 GMT <angelborroy> I don’t think so

2020-02-14 15:13:52 GMT <angelborroy> That would require 2 teams

2020-02-14 15:28:20 GMT <AFaust> Or one team that is capable of learning multiple technologies...

2020-02-14 15:31:10 GMT <alfresco-discord> <LuisColorado> There are two new properties that are affecting some existing code, see https://github.com/Alfresco/alfresco-repository/blob/master/src/main/resources/alfresco/repository.properties: # If enabled doesn't allow to set content properties via NodeService contentPropertyRestrictions.enabled=true contentPropertyRestrictions.white.list=

2020-02-14 15:33:11 GMT <alfresco-discord> <LuisColorado> It seems to be related to an internal Jira, REPO-4619. I don't have access to it, but I see lots of changes related to it: https://github.com/Alfresco/alfresco-repository/pull/595

2020-02-14 15:33:14 GMT <alfbot> Title:REPO-4619 Add content property restrictions via interceptor by killerboot · Pull Request #595 · Alfresco/alfresco-repository · GitHub (at github.com)

2020-02-14 15:34:20 GMT <alfresco-discord> <LuisColorado> Does anybody know what was the rationale for this change? It looks like it fixes a possible security weakness (changing the content property), but it's not documented

2020-02-14 15:39:45 GMT <alfresco-discord> <LuisColorado> This can break the bulk importer add-on and other tools.

2020-02-14 15:40:07 GMT <alfresco-discord> <LuisColorado> What are the risks of disabling this?

2020-02-14 15:43:27 GMT <alfresco-discord> <PJ> just pushed a new improvement of APS SDK

2020-02-14 15:43:29 GMT <alfresco-discord> <PJ> https://github.com/OpenPj/alfresco-process-services-project-sdk

2020-02-14 15:43:30 GMT <alfbot> Title:GitHub - OpenPj/alfresco-process-services-project-sdk: Alfresco Process Services Project Module SDK (at github.com)

2020-02-14 15:43:47 GMT <alfresco-discord> <PJ> now we can run: mvn clean install docker:build docker:start

2020-02-14 15:44:08 GMT <alfresco-discord> <PJ> the APS SDK will generate the extensions JAR, then the overlayed WAR and then the related Docker container

2020-02-14 15:44:19 GMT <alfresco-discord> <PJ> for stopping the container just run: mvn docker:stop

2020-02-14 15:44:24 GMT <alfresco-discord> <PJ> hope this helps 🙂

2020-02-14 16:00:30 GMT <alfresco-discord> <dgradecak> any of you using ADF enterprise apps? no idea how it is called now anymore 😄

2020-02-14 16:00:55 GMT <alfresco-discord> <dgradecak> @PJ did you ever try ADF components for APS ?

2020-02-14 19:12:30 GMT <alfresco-discord> <PJ> @dgradecak not yet, but consider that we (as TAI Solutions) are more focused on middleware and backend systems

2020-02-14 21:59:04 GMT <AFaust> LuisColorado: I believe it was discussed in this channel a few days/weeks ago. I ran into it and complained about the stupidity of the change.

2020-02-14 21:59:50 GMT <AFaust> Check history of January 15th (provided the IRC / Discord sync was not broken that day)

2020-02-14 22:00:34 GMT <AFaust> angelborroy provided some details from the internal JIRA...

2020-02-14 22:00:41 GMT <AFaust> "The investigation showed that this issue is applicable to any APIs as it is how NodeService <-> ContentService interaction is handled. Unfortunately there is no embedded functionality in Alfresco which can control permissions on individual properties. As a midterm fix (until permission model is rearchitected) I tried to apply restrictions on setting a content type property on a node. The approach is to throw an exception..."

2020-02-14 22:00:51 GMT <AFaust> "what code is trying to set a node property of content type directly through NodeService instead of using a ContentWriter from ContentService. The ContentService (or any other trusted service) can use an unrestricted method to set the content property."

2020-02-14 22:01:57 GMT <AFaust> and so on... not going to repeat everything now, since he copied the entire description with some opinions / discussions about potential approaches

2020-02-14 22:02:31 GMT <AFaust> I have disabled that feature immediately after realising how stupid it is...

2020-02-14 22:03:08 GMT <AFaust> My reason: "Too bad that the only way to copy content without doing a full copy or duplicating content on disk is by setting the content properties selectively..." - which this "feature" now prevents.

2020-02-14 22:05:07 GMT <AFaust> Though there is a valid reason for this change by Alfresco: the ability to copy / set "d:content" properties via NodeService circumvents the check on the WriteContent permission done on the ContentService (the node service cannot make such a permission check since the AOP handling does not "know" what properties are changed and there are no property-specific permissions)

2020-02-14 22:06:20 GMT <AFaust> One huge problem with the change: The white list property does not work at all - "This is especially bad because the typo (missing $) in https://github.com/Alfresco/alfresco-repository/blob/master/src/main/resources/alfresco/public-services-context.xml#L95 means I cannot white list my caller, so have to disable the entire interceptor or override its XML..."

2020-02-14 22:06:21 GMT <alfbot> Title:alfresco-repository/public-services-context.xml at master · Alfresco/alfresco-repository · GitHub (at github.com)

End of Daily Log

The other logs are at http://esplins.org/hash_alfresco