Is there a way to programmatically sign the agents in a database? I'd like to use a run on server agent to sign the agents of a database that I pass it. I'd like to do this using LotusScript or an XPage.
MJ
in Lotusscript run this code with the Signer ID preferable in an agent
Dim session As New Notessession
Dim db As Notesdatabase
Set db = session.Currentdatabase
Call db.sign(DBSIGN_DOC_ALL)
in SSJS
var DB:NotesDatabase=sessionAsSigner.getDatabase(database.getServer(),database.getFilePath());
DB.sign(NotesDatabase.DBSIGN_DOC_ALL)
=================
Update
lotusscript
dim AdminPNotesId
dim AdminP as NotesAdministrationProcess
Set AdminP = notesSession.CreateAdministrationProcess(Server)
AdminpNoteId=AdminP.SignDatabaseWithServerID(Server,Database)
SSJS
var AdminP=sessionAsSigner.CreateAdministrationProcess(Server)
var AdminPNoteID=AdminP.SignDatabaseWithServerID(Server,Database)
Methods in both answers are correct. But they will work on notes client...
Signing any document needs a private key which exists in your ID file. Therefore, normally, you cannot sign an agent with a code that doesn't run on Notes client.
However, there are products (e.g. Ytria SignEZ) using C-API to sign design elements but they cache necessary ID file in a secure storage (with recent versions ID Vault can be used for this but I don't know how much portion of API is open for us).
UPDATE: As Fredrik said, signing with server id is always possible via Admin request.
I've done this several years ago using a LS agent. I remember it went like this:
get a NotesNoteCollection containing all agents
loop through the collection accessing all its noteIds
access each design doc using those noteIds and check if it points to the wanted agent
sign the agent's design doc using
NotesDocument.Sign
I never tried to do that using SSJS though. But it works at least using an agent signed with an appropriate ID (see updates below)
edit 1:
#Sven: of course, I forgot to mention that you need to save your design doc after signing...
edit 2:
#Serdar: you're right: to sign an agent I need the signer's Notes ID, so Fred's updated solution is the one
Related
I m working with xpages for following scenario.
I have one agent that will update the value to one of the field of datasource from notesview. sometimes, while one user is opening the datasource via xpage and other user run the agent in the same time. at that time, agent can run and update the field of datasource. but from the xpages side, we can catch the exception for the document is modified by other user and cannot save the xpages.
i would like to prevent this from agent side. i would like to know whether there is a way to know that document is opened by one of the user from agent side, so that agent wont update the value to that datasource.
thank for your help.
First of all: mixing agent and XPages is more trouble than it is worth, you are better off converting your agent code into a Java class (and pay the technical debt accumulated over time in the agent).
One BIG reason: an agent and XPages do not share anything other than the document in memory (if handed over) on that one user's session.
If you launch the agent from an XPage: you can use an ApplicationScope variable (e.g. a java.util.HashMap) that you fill with the unid and username when a user opens a document. Before you launch that agent, you check the scope if the unid is inside with a different username. If yes, don't run the agent.
You need to build a mechanism to expire and renew these locks otherwise you end up with dead lock entries.
If the agent is launched directly or on schedule things get a little more complicated. You could implement a web service servlet that handles the locks since both XPages and agents can talk to a web service.
Is there any way to check if a database replica is "out of service" on a particular server without using the admin client (using either the Notes client or designer)?
Yes there's a property called IsInService in the NotesDatabase Lotus Script object.
NotesDatabase.IsInService documentation
I'm currently implementing the OpenNTF Multiple File Uploader by Mark Leusink.
This very nice custom control uses an xAgent to embed the selected file attachment into the target Notes document. Everything was working fine until I added Authors and Readers fields to the Notes documents. Now I'm getting a security error (402) when uploading the file.
My thought is the Upload xAgent can't edit the target document to attach the file. If I remove the security fields, everything works again.
My question is, do xAgents run with the same security as the current user? If not, can I set a "run as" user for the xAgent like I can for a Lotus Script agent?
I'd suggest that you look at the xAgent's code and rewrite it to use sessionAsSigner to access the database/document to upload the file. This will cause it to run as the signer of the application and bypass the security issues that your running into.
Both Tom's and Declan's answers are correct, but this doesn't count for the file uploader.
It uses a Flash component to do the actual uploading (called SWFUpload). Since browser cookies aren't shared with Flash, it can't send along the user's session cookie with the file and therefore to the Domino server the user performing the upload is nog logged in (aka Anonymous). That's why the uploader requires anonymous users to be allowed to read/write public documents in the ACL and the XPage/ XAgent handling the uploaded files (aUpload.xsp) is set to allow "public access users". It uses the sessionAsSigner object to access the database's content
Normally, the above settings would allow everyone to anonymously upload files. That's why I implemented a custom authentication solution based on an idea by Mark Barton: before every file is uploaded, a request is made to an XPage to retrieve a unique key. That XPage (aGetAuth.xsp) does run under the user's credentials and stores the key in a document in the database. This key is send along with the uploaded file and compared with the stored key. The upload is only allowed if the keys match.
First thing I'd check in your case if the code in the aUpload.xsp XAgent can read and write the target document using the sessionAsSigner call.
Mark, Declan, and Tim, thanks for jumping in.
I modified the xAgent **aGetAuth.xsp** to use sessionAsSigner to get the current database. At first I got the error "sessionAsSigner not found".
Google showed a quick answer was to re-sign the template before testing. After re-signing the template, twice, and preforming a "clean" everything works brilliantly.
Is it possible to have a field in the current item be changed by clicking a URL? The field would be a choice field with predefined choices.
Such as if the item field is currently:
Status: 2
If a user clicks the link, the field would now be:
Status: 3
If not, is there any other way for a user to easily change a field in the current item without actually haveing to visit the item?
Thanks!
Not Out Of The Box (OOTB) - but you've a few options.
Write an ASPX page to do what you want
Use something like SPServices and javascript to update the list item via the web services.
Use the Client Object Model (2010 only)
By the way - changing stuff on a 'get' can be dangerous as you can do malicious things - for example imagine you have a page that deletes the users account without any prompting (exact example doesn't matter) - what if someone clicks on that link by mistake or even worse what about an email sent with an image with that page as source URL - simply viewing the email could delete the users account.
It's not possible by using a GET request, but SharePoint 2010 is offering a RESTful API to manage ListItems from any client
The REST API is located within the virtual WebServices folgder under each SharePoint Site.
http://YourSharePointSite/_vti_bin/ListData.svc.
To perform an update on SharePoint ListItems you have to create a PUT Request. For more information on SharePoints REST API you should have a look at this MSDN site, there are also a lot of samples linked from this article.
Thorsten
Is there a way to check new mail on a Lotus Notes/Domino server in ASP.NET 3.5+, for multiple users. Users are logged in with there Windows Domain account into the ASPx application.
Given, that the Domino servers are also on Windows and they have SPNEGO activated for SSO, you have several options, depending on what you mean by "check new mail".
If you want to include the Inbox in your ASP.Net app eg. as an iframe, you can use iNotes portal mode to accomplish that.
If you are on Domino 8.5.3, you can use the REST services of the new extension library to access the Inbox contents via a few REST calls and Json. See the link for more infos.
If you want to access the "new mail" in the backend of your ASP.Net app, you are problably out of luck, as the information about "new/unread" mail is stored per user and you would need the ID-File/password or http password of the user to access that information.
But maybe you could provide more info, so we can give better advice.
Well, yes you can, but it's not a straight up webservice call. I'm not aware of any turn key configuration that would enable this. So, you will need to "roll your own" service. If so, then you'll be interested in "Unread marks" or "Unread email". This is a unique function to Lotus Notes and is not exposed as service in Java or .Net. But you can get around it by using the "GetAllUnreadEntries" method in the Lotus Notes object API.
Using this method, you can programmatically emulate it without too much complexity. Is it possible for you to try this:
Can you implement in an ASP.Net application a "last Checked" date/time value that is set when you traverse the inbox of Domino mail account ?
Now whilst looping through the inbox, get the created date of each document.
In the case of email in a Lotus Notes database, this is the date the email hit the account. So it should be a fairly reliable means of determining the arrival date of the email.
The created date property is under the NotesDocument object as "created". This should return a date/time value that you can use. Any document that is newer than the "last checked" value would therefore be new mail.
If you have a particularly large inbox to loop through, you can get the inbox object (which can be treated like a view), and also use "GetAllUnreadEntries" method on the NotesView object.
Links to example code are in the links above.