I'm currently implementing the OpenNTF Multiple File Uploader by Mark Leusink.
This very nice custom control uses an xAgent to embed the selected file attachment into the target Notes document. Everything was working fine until I added Authors and Readers fields to the Notes documents. Now I'm getting a security error (402) when uploading the file.
My thought is the Upload xAgent can't edit the target document to attach the file. If I remove the security fields, everything works again.
My question is, do xAgents run with the same security as the current user? If not, can I set a "run as" user for the xAgent like I can for a Lotus Script agent?
I'd suggest that you look at the xAgent's code and rewrite it to use sessionAsSigner to access the database/document to upload the file. This will cause it to run as the signer of the application and bypass the security issues that your running into.
Both Tom's and Declan's answers are correct, but this doesn't count for the file uploader.
It uses a Flash component to do the actual uploading (called SWFUpload). Since browser cookies aren't shared with Flash, it can't send along the user's session cookie with the file and therefore to the Domino server the user performing the upload is nog logged in (aka Anonymous). That's why the uploader requires anonymous users to be allowed to read/write public documents in the ACL and the XPage/ XAgent handling the uploaded files (aUpload.xsp) is set to allow "public access users". It uses the sessionAsSigner object to access the database's content
Normally, the above settings would allow everyone to anonymously upload files. That's why I implemented a custom authentication solution based on an idea by Mark Barton: before every file is uploaded, a request is made to an XPage to retrieve a unique key. That XPage (aGetAuth.xsp) does run under the user's credentials and stores the key in a document in the database. This key is send along with the uploaded file and compared with the stored key. The upload is only allowed if the keys match.
First thing I'd check in your case if the code in the aUpload.xsp XAgent can read and write the target document using the sessionAsSigner call.
Mark, Declan, and Tim, thanks for jumping in.
I modified the xAgent **aGetAuth.xsp** to use sessionAsSigner to get the current database. At first I got the error "sessionAsSigner not found".
Google showed a quick answer was to re-sign the template before testing. After re-signing the template, twice, and preforming a "clean" everything works brilliantly.
Related
I have a standard custom connect setup that has been working really well for us. We now want to store the signed document in our app. So I go and edit the settings and click on Document PDFs in the include section. However, there is no change in the XML that is in the callback. I would have assumed that the base64 encoded document would be there just like when I send it.
Is it somewhere else? Ho do I get a copy of the document once ALL recipients have signed?
Thank You.
Sorry you're having this problem. I suggest creating a new Connect subscription/config and sending it to https://www.webhookapp.com/ as a test.
If the payload is as you expect, then update the url to be your webhook listener.
It could also be that you're not parsing the xml fully. The documents are included at an initial object level within the xml.
I do know that if you request the Certificate of Completion without asking for the Document PDFs themselves, it won't work. I haven't seen your problem as described though.
Does IBM Domino track the last login date for web users(UserName/Password and internet certificate)? I know the access logs contains this information but wanted to know if there may be something built into Domino (maybe in Address Book). Trying to come up with a method to disable web accounts that have not accessed a domino server in a specified time period.
Thanks,
Kev
The User Activity area in the Database Properties picks up from the log.nsf, which is where this information is stored. But, typically, the log.nsf will only have a few days' worth of information. When I've had this requirement before, I've manually captured it via a custom login page or an initUser function I've had in applications.
One of the easiest solutions is to trigger an action from a live web page that generates a database.nsf?openagent event.
like:
or
Ideally you've use the openagent to print a content type and a response, but if you don't browsers do pretty well with invalid responses from servers.
inside your "myagent" you will have the users name available to you to write it to a document.
Your next challenge will be in getting the agent to trigger, but, not too often, ideally only on login.
When a user uses a custom login form it submits the username/password and redirection url in POST method. You could change that to ...?openagent&nexturl=/blablabla.nsf
Your tiny little agent would run one and only one time upon login and update a document in a your custom logging database.
That's a developer's solution.
There are also admin solutions. The server does keep track of active web sessions, but, it does not drop them into the log.nsf like it does upon session ending for a notes session. I don't think it would be too much work from an admin standpoint to get that information there are a lot of event triggers available to you. It's just been way too long since I worked on any server that anyone cared about statistics.
The context here is that, in a CMS type of app, the users that create content like to reproduce Notes' way of having attachments anywhere in the text, not just a list of attachments at the bottom of the page. When creating a page, they want to be able to create links to the attachments right away, using a link and an img tag, not saving the document first and then edit it again.
I have found the YouAtNotes HTML5 Multi File Upload control, which enables the users to upload the attachments before the document is actually saved. The URL for attachment uploaded befor ethe doc is saved is then:
http://myserver/myDB.nsf/xsp/.ibmmodres/persistence/DominoDoc-NEW_569-Body/indifference.jpg
I use this URL in the CKEditor to create an image and it looks OK: the image shows up in the editor and has this URL:
/myDB.nsf/xsp/.ibmmodres/persistence/DominoDoc-NEW_569-Body/insanity.jpg
I then save the document, and it still looks good. The image is showing up and the URL is still:
http://myserver/mydb.nsf/xsp/.ibmmodres/persistence/DominoDoc-NEW_569-Body/indifference.jpg
I close my browser, and open up the page again, and now I see that my image is not showing up, but the URL is still:
/Belair/xBiblio.nsf/xsp/.ibmmodres/persistence/DominoDoc-NEW_569-Body/indifference.jpg
But if I look at the URL that is used by the download control, this is what is has:
http://myserver/mydb.nsf/xsp/.ibmmodres/domino/OpenAttachment/belair/xbiblio.nsf/E4E384094564EE9E85257F33005953AE/Body/indifference.jpg
Why did it change?
Is there documentation on how that whole attachmentprocess works, so I can understand it and give proper indications to the users so they can create valid links.
We also have a particularity in our publishing code: we need to keep the UNID of the published document so links that were made using UNIDs are still working. It is an app with a lot of content and many external apps link to it. So when we publish, we actually copy all the content of the draft into the already published document, so the UNID is different from the draft document, and we have issues with attachment links because of that. But that is something else...
The URL "/Belair/xBiblio.nsf/xsp/.ibmmodres/persistence/DominoDoc-NEW_569-Body/indifference.jpg" relates to a temporary location before the docment has been saved. This is standard functionality because
For SSJS / Java to save an file into an NSF, it's got to have been uploaded to the server prior to the commit.
The user has not chosen to save the file yet, so it shouldn't be added to the NSF.
The document hasn't been saved yet, so even if it should be saved to the NSF, no document yet exists to save it to.
The components of the URL are:
"/Belair/xBiblio.nsf", the URL of the database it will finally need to be committed to.
"xsp/.ibmmodres/persistence", a URL that corresponds to a physical folder location where temporary files for this NSF are stored, based on xsp.properties of the NSF; if nothing is defined in xsp.properties of the NSF, xsp.properties of the server is used; if nothing is defined there, a default location is used.
"DominoDoc-NEW_569", a temporary reference to the new, unsaved dominoDocument datasource. If you close the browser and re-open it, you'll be getting a different temporary dominoDocument datasource reference, so I wouldn't expect the image to show up. Otherwise, different users could get one another's attachments.
"-Body", the field the file needs saving into.
"/indifference.jpg" the file name.
Once the document is saved, the file is stored into the Body field of the relevant document, and the file system cleaned up. The URL has to change, because otherwise the attachment would not be available on other replicas, because only the database gets replicated, and it could not be managed by DAOS.
The new URL "http://myserver/mydb.nsf/xsp/.ibmmodres/domino/OpenAttachment/belair/xbiblio.nsf/E4E384094564EE9E85257F33005953AE/Body/indifference.jpg" corresponds to:
"myserver/mydb.nsf/xsp/.ibmmodres/domino/OpenAttachment", shorthand URL to open the relevant attachment.
"/belair/xbiblio.nsf/E4E384094564EE9E85257F33005953AE", the location of the document the attachment is stored in.
"/Body", the field name.
"/indifference.jpg", the attachment name (the field could have multiple attachments, of course).
The information above is based on what has been documented in XPages Portable Command Guide (for xsp.properties settings for changing the default temporary locations) and Mastering XPages 2nd Edition.
I'm not sure what the YouAtNotes uploader does, so I can't say whether it should be changing the URL or not on save. But in more recent versions of Domino, attachments can be uploaded without a full refresh, which may be of use as an alternative.
When you're copying documents, if you're storing HTML that references images by their URLs, including UNIDs, you'll need to modify those references.
If you want to keep UNIDs, remember that they are read-write - you can set them as well as get them. However, bear in mind that you'll have problems if you change the URL to the same URL of an existing document. Bear in mind this is also XPages, so the data accessed via the XPages applications don't have to be in the same database.
I want to rewrite the lotus notes workspace using xpages.
So far i am successful but one feature is giving me quit a headache.
How can i access the database icon of a lotus notes application.
I tried to access: http://notespath.mydomain.com/$icon. That problem with that is that
it is not using the login from the current session to access the database and
retrieve the icon. Instead it tries to get it using the anonymous id. If the
anonymous id has no access to the database i get a popup to login.
My question is: Is possible to do this with the user that is logged in to the xpage
or is there is a way to export the database icon into a notes document.
Try following instructions here:
How to extract Lotus Notes database icon?
This should give you a method to get to the DXLExporter, and it looks like the icon is in the IconBitmap object. You're still going to get .ico files out though, which aren't ideal, but could be a good starting point for what you're trying to do here.
As Aaron Brake commented, XPages engine cannot access old Domino URL format for icon. Also see this: Image URL when previewed in Notes and in Web Browser
In our applications we use dedicated 32x32 PNG image resource (img_DBIcon) which is used in XPages. Developers need to maintain this image resource.
What´s about if you change your URL to a database icon??
Don´t use http://notespath.mydomain.com/$icon
Try http://notespath.mydomain.com/DB.nsf/$icon
What can we do about connection reset error that domino sends back to our application after submiting attachment which size exceeds limit of request size? We use standard upload control.
Is there anything that will allow us to handle this error? At this moment this is a very serious problem because it can lead to data loss.
You can check if your browser supports the html5 files API. When yes - checking the file size before upload is possible (there is an example on so somewhere). Other than that I second Ferry's suggestion
I don't use Xpage actualy, but i ve got a similar problem in domino 6.
To correct this limit, i use a temporary document in a pop-up. The attachement is saved in the temporary document, and an agent copy the attachement from the temporary document to the final document when the user save is document.
Another agent delete temp documents each night.
I hope that will hep you.
The upload limit could be set in Application Properties in the tab Xpages and there is a 'Maximum Post Data' setting on your website document on tab 'Domino Web Engine'.
I wrote a free async file upload control for Xpages, where you can prevent the user to upload too big files before the upload starts. You can download it here