Topic
7 replies Latest Post - ‏2013-02-25T15:21:27Z by SystemAdmin
SystemAdmin
SystemAdmin
197 Posts
ACCEPTED ANSWER

Pinned topic No access to Secure Documents on REST API

‏2013-02-22T17:48:00Z |
Hi @ all!

What we got / tested:

Testcase1: Windows 2008 + WAS 7 (fixed) + ICA 3.0.0.1 (German environment) ->Login Security -> Domino-LDAP
Testcase2: Windows 2008 + (Jetty) + ICA 3.0.01 (German env.) -> Login Security -> Active Directory

Collections: Security Enabled
Post filter disabled
Index Security enabled

Doc Source = Windows FS + Domino DBs (Entrys and Docs (e.g. pdf))

Both tested with Firefox (de and us) and Java test app and Websphere Portlet.

The folling only occures in Secure context!!!!!!

Final Error:

<error><code>FFQEP0002E</code><message>FFQEP0002E An error occurred when processing a remote API. The reason is : FFQQ0119E The requested document file:
////domino02.ebusiness.local/ICAWinFS/Text-Test.txt was not found in collection ebizsec.</message><detail>com.ibm.siapi.SiapiException: Message0: SEVERITY_ERROR: Message ID: [FFQQ0119E] Resource Bundle: [com.ibm.es.oss.message.FFQUserMsgs] Message Text: [] Message Arguments: Arg0: String: [ebizsec] Arg1: String: [file:////domino02.ebusiness.local/ICAWinFS/Text-Test.txt] at com.ibm.es.oze.api.provider.document.ContentProvider.checkDocument(ContentProvider.java:149) at com.ibm.es.api.srv.provider.document.ESContentProvider.process(ESContentProvider.java:81) at com.ibm.es.api.srv.provider.document.ESContentProvider.process(ESContentProvider.java:38) at com.ibm.es.oze.api.rest.APIProviderBase.action(APIProviderBase.java:121) at com.ibm.es.api.srv.rest.ESRestServlet.processRequest(ESRestServlet.java:240) at com.ibm.es.api.srv.rest.ESRestServlet.doGet(ESRestServlet.java:456) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230) at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:547) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582) </detail></error>


This is the step by step browser walkthrough to the error:

1. Request the IMC Context from the testuser: (tested with json and xml)


http:
//FQDN/api/v10/imc/context?id=esadmin&output=application/json


Responce:


<es:apiResponse><es:securityContext> +italics+ <identities id=
"QW50b24gQWRsZXI="><cookies><cookie name=
"THRwYVRva2VuMg==">RS9qa3BRU1VQcWR6aTdHUlBSOTd3MmptMkF0QnFaMEtrR3g4NGpaMzlLN1FjOWljRVNyY0c0dUNsem5ZWDB1b0o0eWFkdDJwTm5EbGV2dG5NVUJvazhrWFdxWjJwWEhyVUR4c0FiUDVmNldSMWZVZklFWTVHWUlXOTZqNXdXb0Nxemo1Mzg0eUNPTWxXT0J5dzlxRGNYYmptRGlHbjV1OTcwNEJ1ckZ3SG1lTU4wWkpJa3NuS2NqVUZjMk1MUEVwU2ZyOG1URUVodFRTdnhvSzVLUFFpS1B4QXpJbjRTUEpvWVJ0akRwYklMMzhLaTdzOCtCcS90VFdlTVJUQ1U2TVBvMmwrRW1ZTGNHU3k5ZWpOL3VMUW1SaWl3V1FYM0E5M1JLVktvMU81OVRzTmlJejBiMWhjMXRINGJZYWF3ZnhEVlRkQ21jT1JlSktqdmhLUXQ0dE1SbGdNam5CM0FrYVFRN2N5ZEZsMks4PQ==</cookie><cookie name=
"THRwYVRva2Vu">RmxpYXNpNy9lNjE0aWluek8xTzd1YzZXbUF2bTRacXZiYTQ4N2s1VlA5YWg1Qmcrb1VKMzhyT0VJUUVEbHNaeFhSOWdKSk8rYWd5QStqWVRwMGxUQzhSeC9kckJEblI1eUhVWTh6ZGJMT3htMXdSYlJNaTByYnFNZ1E2RFkwdWdyWVdNZS9jYm1tTHZYNkFSYnZWYzVLU0JGdUVweTZCRkwzOW04SXJCSk9rNU8xVkdSbmRsLzExOFV4TS8yeEdRYS9xMFhCNldLRTlxTXppT2YzVUZWbytFUzdtb2JBZExlTVd4TVdWWVd6WmVBcmxYU0Jma25NUUhJRGJJVkJvT0dRNmRnUEhvVlNhTXprS3N3cTlRWUpFQnhiQVAzSWQ3T3hMNExnbFVrRVZEWXdLb2d3U2VTYndBQWkrVWxPbW9OR0d1M2x6ckFxMD0=</cookie><cookie name=
"SUNBU0VTU0lPTklE">MWExbDVjYWRkdXgwYw==</cookie><cookie name=
"Y29tLmlibS5pY2Eud2VsY29tZS5zZWFyY2guZG9Ob3RTaG93">dHJ1ZQ==</cookie></cookies><identity id=
"ZWJ1c2luZXNzLmxvY2Fs"><username>QW50b24gQWRsZXI=</username><type>winfs</type><password encrypt=
"yes">yTN20BAz2josXd4j1QyHYQ==</password><groups><group id=
"RG9tw6RuZW4tQmVudXR6ZXI="/><group id=
"SmVkZXI="/><group id=
"QmVudXR6ZXI="/><group id=
"UmVtb3RlZGVza3RvcGJlbnV0emVy"/><group id=
"SU5URVJBS1RJVg=="/><group id=
"S09OU09MRU5BTk1FTERVTkc="/><group id=
"QXV0aGVudGlmaXppZXJ0ZSBCZW51dHplcg=="/><group id=
"RGllc2UgT3JnYW5pc2F0aW9u"/><group id=
"TlRMTS1BdXRoZW50aWZpemllcnVuZw=="/></groups><properties><property name=
"valid">dHJ1ZQ==</property><property name=
"connectionid">MTM1NDYzMTcxNDQ1NTAyMDExMzQ2ODc2ODg=</property><property name=
"username">QW50b24gQWRsZXI=</property><property name=
"creationDate">MTM2MTU1Mjc4MDYxOQ==</property><property name=
"enable">dHJ1ZQ==</property><property name=
"aclvl">Mg==</property><property name=
"crwid">ZWJpenNlYy5XSU5fNjc1Nzg=</property><property name=
"spaceid">dDEzNTQ2MzIxMTQyODg=</property><property name=
"ssoenabled">ZmFsc2U=</property></properties></identity><identity id=
"RE9NSU5PISFkb21pbm8wMi5lYnVzaW5lc3MubG9jYWwhIU5PVEVT"><username>Q049QW50b24gQWRsZXIvTz1lYnVzaW5lc3M=</username><type>notes</type><password encrypt=
"yes">yTN20BAz2josXd4j1QyHYQ==</password><groups><group id=
"LURlZmF1bHQt"/><group id=
"QWxsIFVzZXI="/><group id=
"QXVuZEg="/><group id=
"R2VvSW5mbw=="/><group id=
"TGVzZXJHZW8="/><group id=
"TXlBbGwgVXNlci9lYnVzaW5lc3M="/></groups><properties><property name=
"valid">dHJ1ZQ==</property><property name=
"connectionid">MTM0ODEyNTY2MjYxNjAwMzcxMjg3NTA1Nzc=</property><property name=
"username">QW50b24gQWRsZXI=</property><property name=
"creationDate">MTM2MTU1Mjc4MTA4OA==</property><property name=
"enable">dHJ1ZQ==</property><property name=
"aclvl">Mw==</property><property name=
"canonicalusername">Q049QW50b24gQWRsZXIvTz1lYnVzaW5lc3M=</property><property name=
"crwid">ZWJpenNlYy5OT1RFU181MDc0MQ==</property><property name=
"spaceid">Q3Jhd2xlck5vdGVzVmlld0ZvbGRlckRvYzEzNTQ2MzQzMTUyODk=</property><property name=
"ssoenabled">ZmFsc2U=</property><property name=
"protocol">Mg==</property></properties></identity></identities> +italics+ </es:securityContext></es:apiResponse>


2. Run the Search (this works on unsec collections and secure collections)


http:
//kaw8ica3.ebusiness.local/api/v10/search?collection=ebizsec&query=watson&output=application/json&api_username=esadmin&api_password=XXXXX&securityConstraint=%3Cidentities%20id=%22ZXNhZG1pbg==%22%3E%3Ccookies%3E%3Ccookie%20name=%22THRwYVRva2VuMg==%22%3Ec2VmaG1VK0VGNnhsZlEzcFo3STBWbmtWcTM1L1VxZkxXb3NPK2V4RXhqYUlFMVB6NkNFZXVnQUVzZEordGlXM25YYURNWW5wUm1tcVB6OVFNYmpVd1BFYit3ejFMZE1zSmVZbVFWVnZ0b3FNS2hjejZ4bFFIVUpxT2plYVF3UXhrd0JDczZjTFRiUW9PT2pPRm9vK2VJNWI2SHdYenYxYWVvNE1Ua2ZRSFUyT3FKTDZJbkdzUkEvM0hMbkdrOUxtTGtKQXFqenhGSkdTbGVuNzlDMTZiNmV2eHhHNDVRYzVEVFN0L0QvZFB0WDZpSVNLS25zd3I4b3Y1ZnZaekpNVkZDVmhBdXR4SVlZUFJJTEhTOTFCU25tTUZ5eEk5eGF3dmZaUUtLanJxYjkyV2xLcC9OZ3FTKzE3Smh4RlFVRDVuYisvdE9xVUdnL0lmVks1aE9PL2NLZmZOeGx0cXVnOUhSd1N1MHVOclNmekhCcmcyRDFpZU5EUE1wZXVkWmRoMHZiang0c3IzbzhOV0ZXaUtBbUQ5cDJOS0pCWFRtc29wY2dhV2pUdy83QWh1MEluUU5JQ3pVbXZUODlxbXlnNVFKeTN5Vndpbk1TL1ZUUWl3OGMxak5QOFBFencvbUxVdmczUnZRa0lIV09oQmNvd2tHa1JpdGZlK2xNeFQ3bTAxRU1abUJ4ZHZoenJxd09STFViSFNsWDhBMnpiTjgwc05CcUNBam5jeS9abGFHbU51cHNPbkNnVUZKcnU2Wnd3ZTRkUkJQRzZoMXVNWlIzMzNwaFA0cENKcnF3NUNxYVk3S1piLzVOMWlvdE1wWkRuRU9vK2p3cU5ZaWtPbkNCUUlsWTBUZWNXM3FvSkZFYnJtWWhEVUlOeGYzbVEvK3BnVExXcEdzU3RVc0xqV0I4a0Q5MThTbnFzTHRVemVSUTNhblA4dlRxR2JwUnJZZk4xbkZWM2ZBPT0=%3C/cookie%3E%3Ccookie%20name=%22SlNFU1NJT05JRA==%22%3EMDAwMGJVWVVoZjVEU1E2dGhuU1JjaVpRaDlzOi0x%3C/cookie%3E%3Ccookie%20name=%22Y29tLmlibS5pY2Eud2VsY29tZS5zZWFyY2guZG9Ob3RTaG93%22%3EdHJ1ZQ==%3C/cookie%3E%3C/cookies%3E%3Cidentity%20id=%22ZWJ1c2luZXNzLmxvY2Fs%22%3E%3Cusername%3EQ2hyaXMgQ2VsbGU=%3C/username%3E%3Ctype%3Ewinfs%3C/type%3E%3Cpassword%20encrypt=%22yes%22%3EyTN20BAz2josXd4j1QyHYQ==%3C/password%3E%3Cgroups%3E%3Cgroup%20id=%22RG9tw6RuZW4tQmVudXR6ZXI=%22/%3E%3Cgroup%20id=%22RXZlcnlvbmU=%22/%3E%3Cgroup%20id=%22VXNlcnM=%22/%3E%3Cgroup%20id=%22SU5URVJBQ1RJVkU=%22/%3E%3Cgroup%20id=%22Q09OU09MRSBMT0dPTg==%22/%3E%3Cgroup%20id=%22QXV0aGVudGljYXRlZCBVc2Vycw==%22/%3E%3Cgroup%20id=%22VGhpcyBPcmdhbml6YXRpb24=%22/%3E%3Cgroup%20id=%22TlRMTSBBdXRoZW50aWNhdGlvbg==%22/%3E%3C/groups%3E%3Cproperties%3E%3Cproperty%20name=%22valid%22%3EdHJ1ZQ==%3C/property%3E%3Cproperty%20name=%22connectionid%22%3EMTM1NDYzMTcxNDQ1NTAyMDExMzQ2ODc2ODg=%3C/property%3E%3Cproperty%20name=%22username%22%3EQ2hyaXMgQ2VsbGU=%3C/property%3E%3Cproperty%20name=%22creationDate%22%3EMTM2MTUyOTEwMzIzNQ==%3C/property%3E%3Cproperty%20name=%22enable%22%3EdHJ1ZQ==%3C/property%3E%3Cproperty%20name=%22aclvl%22%3EMg==%3C/property%3E%3Cproperty%20name=%22crwid%22%3EZUJpelVuU2VjLldJTl82NzMxMw==%3C/property%3E%3Cproperty%20name=%22spaceid%22%3EQ3Jhd2xlclVuaXhGU1N1YmRpcmVjdG9yeTEzNTc4MTM2MjEyNzA=%3C/property%3E%3Cproperty%20name=%22ssoenabled%22%3EZmFsc2U=%3C/property%3E%3C/properties%3E%3C/identity%3E%3Cidentity%20id=%22RE9NSU5PISFkb21pbm8wMi5lYnVzaW5lc3MubG9jYWwhIU5PVEVT%22%3E%3Cusername%3EQ049ZXNhZG1pbi9PPWVidXNpbmVzcw==%3C/username%3E%3Ctype%3Enotes%3C/type%3E%3Cpassword%20encrypt=%22yes%22%3EmQ2I0oPo4Oy3KlYqGuv4EQ==%3C/password%3E%3Cgroups%3E%3Cgroup%20id=%22LURlZmF1bHQt%22/%3E%3Cgroup%20id=%22TG9jYWxEb21haW5BZG1pbnM=%22/%3E%3C/groups%3E%3Cproperties%3E%3Cproperty%20name=%22valid%22%3EdHJ1ZQ==%3C/property%3E%3Cproperty%20name=%22connectionid%22%3EMTM0ODEyNTY2MjYxNjAwMzcxMjg3NTA1Nzc=%3C/property%3E%3Cproperty%20name=%22username%22%3EZXNhZG1pbg==%3C/property%3E%3Cproperty%20name=%22creationDate%22%3EMTM2MTUyOTEwMzU2Mw==%3C/property%3E%3Cproperty%20name=%22enable%22%3EdHJ1ZQ==%3C/property%3E%3Cproperty%20name=%22aclvl%22%3EMw==%3C/property%3E%3Cproperty%20name=%22canonicalusername%22%3EQ049ZXNhZG1pbi9PPWVidXNpbmVzcw==%3C/property%3E%3Cproperty%20name=%22crwid%22%3EZUJpelVuU2VjLk5PVEVTXzY1ODQ4%3C/property%3E%3Cproperty%20name=%22spaceid%22%3EQ3Jhd2xlck5vdGVzVmlld0ZvbGRlckRvYzEzNTc4MTQzNTc1MjI=%3C/property%3E%3Cproperty%20name=%22ssoenabled%22%3EZmFsc2U=%3C/property%3E%3Cproperty%20name=%22protocol%22%3EMg==%3C/property%3E%3C/properties%3E%3C/identity%3E%3C/identities%3E


Responce:



{   
"es_apiResponse": 
{ 
"es_evaluationTruncation": false, 
"es_queryEvaluationTime": 6647, 
"es_totalResults": 3, 
"es_query": [ 
{ 
"role": 
"request", 
"searchTerms": 
"watson" 
}, 
{ 
"role": 
"full", 
"searchTerms": 
"watson" 
} ], 
"es_startIndex": 0, 
"es_itemsPerPage": 3, 
"es_result": [ 
{ 
"es_title": 
"IBM Forschungsprojekt <SPAN class="\
"OFHighlightTerm1\"">Watson</SPAN> geht in den Praxiseinsatz
", 
"es_link": [ 
{ 
"rel": 
"alternate", 
"href": 
"http://kaw8ica3.ebusiness.local/api/v10/document/content?collection=ebizsec&uri=file:////domino02.ebusiness.local/ICAWinFS/WatsonIBM.pdf", 
"type": 
"application/pdf", 
"hreflang": 
"de" 
}, 
{ 
"rel": 
"via", 
"href": 
"http://kaw8ica3.ebusiness.local/api/v10/search/preview?query=watson&securityConstraint=%3Cidentities%20id=%22ZXNhZG1pbg==%22%3E%3Ccookies%3E%3Ccookie%20name=%22THRwYVRva2VuMg==%22%3Ec2VmaG1VK0VGNnhsZlEzcFo3STBWbmtWcTM1L1VxZkxXb3NPK2V4RXhqYUlFMVB6NkNFZXVnQUVzZEordGlXM25YYURNWW5wUm1tcVB6OVFNYmpVd1BFYit3ejFMZE1zSmVZbVFWVnZ0b3FNS2hjejZ4bFFIVUpxT2plYVF3UXhrd0JDczZjTFRiUW9PT2pPRm9vK2VJNWI2SHdYenYxYWVvNE1Ua2ZRSFUyT3FKTDZJbkdzUkEvM0hMbkdrOUxtTGtKQXFqenhGSkdTbGVuNzlDMTZiNmV2eHhHNDVRYzVEVFN0L0QvZFB0WDZpSVNLS25zd3I4b3Y1ZnZaekpNVkZDVmhBdXR4SVlZUFJJTEhTOTFCU25tTUZ5eEk5eGF3dmZaUUtLanJxYjkyV2xLcC9OZ3FTKzE3Smh4RlFVRDVuYisvdE9xVUdnL0lmVks1aE9PL2NLZmZOeGx0cXVnOUhSd1N1MHVOclNmekhCcmcyRDFpZU5EUE1wZXVkWmRoMHZiang0c3IzbzhOV0ZXaUtBbUQ5cDJOS0pCWFRtc29wY2dhV2pUdy83QWh1MEluUU5JQ3pVbXZUODlxbXlnNVFKeTN5Vndpbk1TL1ZUUWl3OGMxak5QOFBFencvbUxVdmczUnZRa0lIV09oQmNvd2tHa1JpdGZlK2xNeFQ3bTAxRU1abUJ4ZHZoenJxd09STFViSFNsWDhBMnpiTjgwc05CcUNBam5jeS9abGFHbU51cHNPbkNnVUZKcnU2Wnd3ZTRkUkJQRzZoMXVNWlIzMzNwaFA0cENKcnF3NUNxYVk3S1piLzVOMWlvdE1wWkRuRU9vK2p3cU5ZaWtPbkNCUUlsWTBUZWNXM3FvSkZFYnJtWWhEVUlOeGYzbVEvK3BnVExXcEdzU3RVc0xqV0I4a0Q5MThTbnFzTHRVemVSUTNhblA4dlRxR2JwUnJZZk4xbkZWM2ZBPT0=%3C/cookie%3E%3Ccookie%20name=%22SlNFU1NJT05JRA==%22%3EMDAwMGJVWVVoZjVEU1E2dGhuU1JjaVpRaDlzOi0x%3C/cookie%3E%3Ccookie%20name=%22Y29tLmlibS5pY2Eud2VsY29tZS5zZWFyY2guZG9Ob3RTaG93%22%3EdHJ1ZQ==%3C/cookie%3E%3C/cookies%3E%3Cidentity%20id=%22ZWJ1c2luZXNzLmxvY2Fs%22%3E%3Cusername%3EQ2hyaXMgQ2VsbGU=%3C/username%3E%3Ctype%3Ewinfs%3C/type%3E%3Cpassword%20encrypt=%22yes%22%3EyTN20BAz2josXd4j1QyHYQ==%3C/password%3E%3Cgroups%3E%3Cgroup%20id=%22RG9tw6RuZW4tQmVudXR6ZXI=%22/%3E%3Cgroup%20id=%22RXZlcnlvbmU=%22/%3E%3Cgroup%20id=%22VXNlcnM=%22/%3E%3Cgroup%20id=%22SU5URVJBQ1RJVkU=%22/%3E%3Cgroup%20id=%22Q09OU09MRSBMT0dPTg==%22/%3E%3Cgroup%20id=%22QXV0aGVudGljYXRlZCBVc2Vycw==%22/%3E%3Cgroup%20id=%22VGhpcyBPcmdhbml6YXRpb24=%22/%3E%3Cgroup%20id=%22TlRMTSBBdXRoZW50aWNhdGlvbg==%22/%3E%3C/groups%3E%3Cproperties%3E%3Cproperty%20name=%22valid%22%3EdHJ1ZQ==%3C/property%3E%3Cproperty%20name=%22connectionid%22%3EMTM1NDYzMTcxNDQ1NTAyMDExMzQ2ODc2ODg=%3C/property%3E%3Cproperty%20name=%22username%22%3EQ2hyaXMgQ2VsbGU=%3C/property%3E%3Cproperty%20name=%22creationDate%22%3EMTM2MTUyOTEwMzIzNQ==%3C/property%3E%3Cproperty%20name=%22enable%22%3EdHJ1ZQ==%3C/property%3E%3Cproperty%20name=%22aclvl%22%3EMg==%3C/property%3E%3Cproperty%20name=%22crwid%22%3EZUJpelVuU2VjLldJTl82NzMxMw==%3C/property%3E%3Cproperty%20name=%22spaceid%22%3EQ3Jhd2xlclVuaXhGU1N1YmRpcmVjdG9yeTEzNTc4MTM2MjEyNzA=%3C/property%3E%3Cproperty%20name=%22ssoenabled%22%3EZmFsc2U=%3C/property%3E%3C/properties%3E%3C/identity%3E%3Cidentity%20id=%22RE9NSU5PISFkb21pbm8wMi5lYnVzaW5lc3MubG9jYWwhIU5PVEVT%22%3E%3Cusername%3EQ049ZXNhZG1pbi9PPWVidXNpbmVzcw==%3C/username%3E%3Ctype%3Enotes%3C/type%3E%3Cpassword%20encrypt=%22yes%22%3EmQ2I0oPo4Oy3KlYqGuv4EQ==%3C/password%3E%3Cgroups%3E%3Cgroup%20id=%22LURlZmF1bHQt%22/%3E%3Cgroup%20id=%22TG9jYWxEb21haW5BZG1pbnM=%22/%3E%3C/groups%3E%3Cproperties%3E%3Cproperty%20name=%22valid%22%3EdHJ1ZQ==%3C/property%3E%3Cproperty%20name=%22connectionid%22%3EMTM0ODEyNTY2MjYxNjAwMzcxMjg3NTA1Nzc=%3C/property%3E%3Cproperty%20name=%22username%22%3EZXNhZG1pbg==%3C/property%3E%3Cproperty%20name=%22creationDate%22%3EMTM2MTUyOTEwMzU2Mw==%3C/property%3E%3Cproperty%20name=%22enable%22%3EdHJ1ZQ==%3C/property%3E%3Cproperty%20name=%22aclvl%22%3EMw==%3C/property%3E%3Cproperty%20name=%22canonicalusername%22%3EQ049ZXNhZG1pbi9PPWVidXNpbmVzcw==%3C/property%3E%3Cproperty%20name=%22crwid%22%3EZUJpelVuU2VjLk5PVEVTXzY1ODQ4%3C/property%3E%3Cproperty%20name=%22spaceid%22%3EQ3Jhd2xlck5vdGVzVmlld0ZvbGRlckRvYzEzNTc4MTQzNTc1MjI=%3C/property%3E%3Cproperty%20name=%22ssoenabled%22%3EZmFsc2U=%3C/property%3E%3Cproperty%20name=%22protocol%22%3EMg==%3C/property%3E%3C/properties%3E%3C/identity%3E%3C/identities%3E&collection=ebizsec&uri=file:////domino02.ebusiness.local/ICAWinFS/WatsonIBM.pdf", 
"hreflang": 
"de" 
} ], 
"es_relevance": 33.64722728729248, 
"es_updated": 
"2012-05-30T07:15:15Z", 
"es_id": 
"file:////domino02.ebusiness.local/ICAWinFS/WatsonIBM.pdf", 
"es_thumbnail": 
{ 
"href": 
"http://kaw8ica3.ebusiness.local/api/v10/document/thumbnail?collection=ebizsec&uri=file:////domino02.ebusiness.local/ICAWinFS/WatsonIBM.pdf", 
"rel": 
"via", 
"type": 
"image/jpeg" 
}, 
"es_documentSource": 
"winfs", 
"es_firstOfASite": true, 
"es_author": 
{ 
"es_name": null, 
"es_uri": null, 
"es_email": 

null 
}, 
"ibmsc_field": [ 
{ 
"id": 
"directory", 
"type": 
"string", 
"contentSearchable": false, 
"fieldSearchable": true, 
"parametric": false, 
"returnable": true, 
"sortable": false, 
"supportExactMatch": true, 
"#text": 
"\\\\domino02.ebusiness.local\\ICAWinFS" 
}, 
{ 
"id": 
"filename", 
"type": 
"string", 
"contentSearchable": false, 
"fieldSearchable": true, 
"parametric": false, 
"returnable": true, 
"sortable": false, 
"supportExactMatch": true, 
"#text": 
"WatsonIBM.pdf" 
}, 
{ 
"id": 
"date", 
"type": 
"date", 
"contentSearchable": false, 
"fieldSearchable": false, 
"parametric": true, 
"returnable": true, 
"sortable": false, 
"#text": 
"1338362115000" 
}, 
{ 
"id": 
"filesize", 
"type": 
"double", 
"contentSearchable": false, 
"fieldSearchable": false, 
"parametric": true, 
"returnable": true, 
"sortable": false, 
"#text": 
"106132" 
}, 
{ 
"id": 
"modifieddate", 
"type": 
"date", 
"contentSearchable": false, 
"fieldSearchable": false, 
"parametric": true, 
"returnable": true, 
"sortable": false, 
"#text": 
"1338362115000" 
}, 
{ 
"id": 
"title", 
"type": 
"string", 
"contentSearchable": true, 
"fieldSearchable": true, 
"parametric": false, 
"returnable": true, 
"sortable": false, 
"supportExactMatch": false, 
"#text": 
"IBM Forschungsprojekt <SPAN class="\
"OFHighlightTerm1\"">Watson</SPAN> geht in den Praxiseinsatz
" 
}, 
{ 
"id": 
"extension", 
"type": 
"string", 
"contentSearchable": false, 
"fieldSearchable": true, 
"parametric": false, 
"returnable": true, 
"sortable": false, 
"supportExactMatch": true, 
"#text": 
".pdf" 
} ...... and so on ...


If i open the Preview Link -> i get the preview from secure docs --> CHECKED
On the doclink (first href) it doesnt get any documents.

OK, but if you take a look at the API - Documentation , you'll notive it can't work, becouse the securityConstraint is missing ... (thanks btw)
so we added the securityConstraint to the FINAL request:


kaw8ica3.ebusiness.local/api/v10/document/content?collection=ebizsec&uri=file:
////domino02.ebusiness.local/ICAWinFS/WatsonIBM.pdf&securityContraint=<identities id="ZXNhZG1pbg=="><cookies><cookie name="THRwYVRva2VuMg==">VE5SaUt5YjRIb1lBdWdhVjVzc0lDT2ZoemFHUlpXNERieWh1bklneGRVU2VWRDNXRVBLZnhnek9vcEZVZXpuek9pcFluakViRGRMb0VWQTN6TWhWRDdKVUlVQ2xzSVo4WCtPdVRKZmpNLzhKVkNjRTZMWEhuelJ1RzZobHFTbEpSSk10eGVPeU12OHJoQXdIdXBOVWs0bUEyQmtHcVhZRjFZdWQwNS9hYXFaaUxDS0pMOVdPU0ZIQVpLQU1PNFkyNC9ZMDZwRUZEZmRaTWp4bWduWVR0bFJzTGFYTnI4cnVJcWxPYVZxd1ZraGdTUzJscHc5Y1JDa2R1MkxRNi9oU2Q0TlNtU1hObk5TeFBTNWxZaVZ6Z3M3NEhkQVAyMDk0L09aQUh1dWVGRUZoN3paUXJSNHBncVdaY0dEL1hmVmZRYWkvVkpvOWw1RjhBZXdpeFlYWFhIdkxSRVhIdXd5dGhJbmcvRkJSWFJLMVpWK3ArVWd6cHhOMy9RUjdkYU9hYmtxVHBPTGdPL2UxUk5JdGRpMVhPcVYwUGduNXpiL2VUQmxhMFh4VmM2bHRoc2ZIRm0yQWt3RUJKSElkN1BBMjNBOHVKMWN6U01USVNhZUliRnpxVFJ6VlZWelVYOWsyWnhnbGE5eHdQY1ozLzFzMUMxc2hoemV1Y0o5L0NZSXlBbXFNR24xUGRrcGlqcE1KdHdURVpiTlg3cExqN1cybmtHR0JJVG1sYmZhS3p1MFhMS0JmUXVnVzE1SWcxdVczaUtya2JSYklMeWJCUExMekEvZFphaC9mQ2psL3ZuZGpVK0ZObFVJSlVOYmM3SXc5N2d4MDdPWGdnQXI5cEJkMnp2UVdoV002UU5jS1BXRThIR1FCZ3N3UXpkREV4elNGQ3BHc2o1YlkrdjJHUUl6SldOcE9jbDdJek5FSWNtN1VRQTY1OFdURUJFblhEdWdMWEJqK1pnPT0=</cookie><cookie name="SlNFU1NJT05JRA==">MDAwME5YSnVFV0FoVzBQdUljemFSTEpvN0MwOi0x</cookie></cookies><identity id="ZWJ1c2luZXNzLmxvY2Fs"><username>ZXNhZG1pbg==</username><type>winfs</type><password encrypt="yes">mQ2I0oPo4Oy3KlYqGuv4EQ==</password><groups><group id="RXZlcnlvbmU="/><group id="QWRtaW5pc3RyYXRvcnM="/><group id="VXNlcnM="/><group id="SU5URVJBQ1RJVkU="/><group id="Q09OU09MRSBMT0dPTg=="/><group id="QXV0aGVudGljYXRlZCBVc2Vycw=="/><group id="VGhpcyBPcmdhbml6YXRpb24="/><group id="TlRMTSBBdXRoZW50aWNhdGlvbg=="/></groups><properties><property name="valid">dHJ1ZQ==</property><property name="connectionid">MTM1NDYzMTcxNDQ1NTAyMDExMzQ2ODc2ODg=</property><property name="username">ZXNhZG1pbg==</property><property name="creationDate">MTM2MTU1MTY4OTY3Mw==</property><property name="enable">dHJ1ZQ==</property><property name="aclvl">Mg==</property><property name="crwid">ZUJpelVuU2VjLldJTl82NzMxMw==</property><property name="spaceid">Q3Jhd2xlclVuaXhGU1N1YmRpcmVjdG9yeTEzNTc4MTM2MjEyNzA=</property><property name="ssoenabled">ZmFsc2U=</property></properties></identity><identity id="RE9NSU5PISFkb21pbm8wMi5lYnVzaW5lc3MubG9jYWwhIU5PVEVT"><username>Q049ZXNhZG1pbi9PPWVidXNpbmVzcw==</username><type>notes</type><password encrypt="yes">mQ2I0oPo4Oy3KlYqGuv4EQ==</password><groups><group id="LURlZmF1bHQt"/><group id="TG9jYWxEb21haW5BZG1pbnM="/></groups><properties><property name="valid">dHJ1ZQ==</property><property name="connectionid">MTM0ODEyNTY2MjYxNjAwMzcxMjg3NTA1Nzc=</property><property name="username">ZXNhZG1pbg==</property><property name="creationDate">MTM2MTU1MTY4OTkzOA==</property><property name="enable">dHJ1ZQ==</property><property name="aclvl">Mw==</property><property name="canonicalusername">Q049ZXNhZG1pbi9PPWVidXNpbmVzcw==</property><property name="crwid">ZUJpelVuU2VjLk5PVEVTXzY1ODQ4</property><property name="spaceid">Q3Jhd2xlck5vdGVzVmlld0ZvbGRlckRvYzEzNTc4MTQzNTc1MjI=</property><property name="ssoenabled">ZmFsc2U=</property><property name="protocol">Mg==</property></properties></identity></identities>


The RESULT is all at the top of the posting.
What i aleady tried:

Any possible kind of Codepage (currently UTF-8)
Any possilbe combination of URLEncoding / Decoding

Need still more informations/logs etc.:
You can have it, just ask for it. (please tell me from witch testcase)

Greez & have a nice weekend (because i won't)

Chris
Updated on 2013-02-25T15:21:27Z at 2013-02-25T15:21:27Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    197 Posts
    ACCEPTED ANSWER

    Re: No access to Secure Documents on REST API

    ‏2013-02-24T11:41:59Z  in response to SystemAdmin
    Hi Chris,
    I believe you are on the right track, even performing secure search is a bit complicated.
    I don't see any critical mistakes in your explanation.
    However I noticed one thing you have a typo in the last API request.

    kaw8ica3.ebusiness.local/api/v10/document/content?collection=ebizsec&uri=file:////domino02.ebusiness.local/ICAWinFS/WatsonIBM.pdf&securityContraint=<identities id="ZXNhZG1pbg=="><cookies><cookie name="THRwYVRva2VuMg==">VE5SaUt5YjRIb1lBdWdhVjVzc0lDT2ZoemFHUlpXNERieWh1bklneGRVU2VWRDNXRVBLZnhnek9vcEZVZXpuek9pcFluakViRGRMb0VWQTN6TWhWRDdKVUlVQ2xzSVo4WCtPdVRKZmpNLzhKVkNjRTZMWEhuelJ1RzZobHFTbEpSSk10eGVPeU12OHJoQXdIdXBOVWs0bUEyQmtHcVhZRjFZdWQwNS9hYXFaaUxDS0pMOVdPU0ZIQVpLQU1PNFkyNC9ZMDZwRUZEZmRaTWp4bWduWVR0bFJzTGFYTnI4cnVJcWxPYVZxd1ZraGdTUzJscHc5Y1JDa2R1MkxRNi9oU2Q0TlNtU1hObk5TeFBTNWxZaVZ6Z3M3NEhkQVAyMDk0L09aQUh1dWVGRUZoN3paUXJSNHBncVdaY0dEL1hmVmZRYWkvVkpvOWw1RjhBZXdpeFlYWFhIdkxSRVhIdXd5dGhJbmcvRkJSWFJLMVpWK3ArVWd6cHhOMy9RUjdkYU9hYmtxVHBPTGdPL2UxUk5JdGRpMVhPcVYwUGduNXpiL2VUQmxhMFh4VmM2bHRoc2ZIRm0yQWt3RUJKSElkN1BBMjNBOHVKMWN6U01USVNhZUliRnpxVFJ6VlZWelVYOWsyWnhnbGE5eHdQY1ozLzFzMUMxc2hoemV1Y0o5L0NZSXlBbXFNR24xUGRrcGlqcE1KdHdURVpiTlg3cExqN1cybmtHR0JJVG1sYmZhS3p1MFhMS0JmUXVnVzE1SWcxdVczaUtya2JSYklMeWJCUExMekEvZFphaC9mQ2psL3ZuZGpVK0ZObFVJSlVOYmM3SXc5N2d4MDdPWGdnQXI5cEJkMnp2UVdoV002UU5jS1BXRThIR1FCZ3N3UXpkREV4elNGQ3BHc2o1YlkrdjJHUUl6SldOcE9jbDdJek5FSWNtN1VRQTY1OFdURUJFblhEdWdMWEJqK1pnPT0=</cookie><cookie name="SlNFU1NJT05JRA==">MDAwME5YSnVFV0FoVzBQdUljemFSTEpvN0MwOi0x</cookie></cookies><identity id="ZWJ1c2luZXNzLmxvY2Fs"><username>ZXNhZG1pbg==</username><type>winfs</type><password encrypt="yes">mQ2I0oPo4Oy3KlYqGuv4EQ==</password><groups><group id="RXZlcnlvbmU="/><group id="QWRtaW5pc3RyYXRvcnM="/><group id="VXNlcnM="/><group id="SU5URVJBQ1RJVkU="/><group id="Q09OU09MRSBMT0dPTg=="/><group id="QXV0aGVudGljYXRlZCBVc2Vycw=="/><group id="VGhpcyBPcmdhbml6YXRpb24="/><group id="TlRMTSBBdXRoZW50aWNhdGlvbg=="/></groups><properties><property name="valid">dHJ1ZQ==</property><property name="connectionid">MTM1NDYzMTcxNDQ1NTAyMDExMzQ2ODc2ODg=</property><property name="username">ZXNhZG1pbg==</property><property name="creationDate">MTM2MTU1MTY4OTY3Mw==</property><property name="enable">dHJ1ZQ==</property><property name="aclvl">Mg==</property><property name="crwid">ZUJpelVuU2VjLldJTl82NzMxMw==</property><property name="spaceid">Q3Jhd2xlclVuaXhGU1N1YmRpcmVjdG9yeTEzNTc4MTM2MjEyNzA=</property><property name="ssoenabled">ZmFsc2U=</property></properties></identity><identity id="RE9NSU5PISFkb21pbm8wMi5lYnVzaW5lc3MubG9jYWwhIU5PVEVT"><username>Q049ZXNhZG1pbi9PPWVidXNpbmVzcw==</username><type>notes</type><password encrypt="yes">mQ2I0oPo4Oy3KlYqGuv4EQ==</password><groups><group id="LURlZmF1bHQt"/><group id="TG9jYWxEb21haW5BZG1pbnM="/></groups><properties><property name="valid">dHJ1ZQ==</property><property name="connectionid">MTM0ODEyNTY2MjYxNjAwMzcxMjg3NTA1Nzc=</property><property name="username">ZXNhZG1pbg==</property><property name="creationDate">MTM2MTU1MTY4OTkzOA==</property><property name="enable">dHJ1ZQ==</property><property name="aclvl">Mw==</property><property name="canonicalusername">Q049ZXNhZG1pbi9PPWVidXNpbmVzcw==</property><property name="crwid">ZUJpelVuU2VjLk5PVEVTXzY1ODQ4</property><property name="spaceid">Q3Jhd2xlck5vdGVzVmlld0ZvbGRlckRvYzEzNTc4MTQzNTc1MjI=</property><property name="ssoenabled">ZmFsc2U=</property><property name="protocol">Mg==</property></properties></identity>
    securityContraint should be securityCon*s*traint (missing "s").
    Could you confirm if this is just a mistake when you pasted the request or you indeed made this request?

    Thanks, Hirofumi
  • SystemAdmin
    SystemAdmin
    197 Posts
    ACCEPTED ANSWER

    Re: No access to Secure Documents on REST API

    ‏2013-02-25T08:59:23Z  in response to SystemAdmin
    Hi Hirofumi,

    thanks for your fast replay. I just double checked the spelling, and i figuared out, that the s is in the request (Just a typing mistake in the posting).

    When i saw your answer i was realy hoping that i realy made this mistake. But no, it still does't work.

    Greez Chris
  • SystemAdmin
    SystemAdmin
    197 Posts
    ACCEPTED ANSWER

    Re: No access to Secure Documents on REST API

    ‏2013-02-25T09:20:21Z  in response to SystemAdmin
    Hi Chris,
    I remembered that the security context string has to be surrounded by fixed prefix and single quotes.
    Could you prepend "@SecurityContext::'" in front of your USC string and prepend "'" (single quote) and try again?
    In other words, prepending "@SecurityContext::" and surround with single quotes.

    For example, the argument looks like this:
    &securityConstraint=@SecurityContext::'<identities id="ZXNhZG1pbg=="><cookies><cookie na http://...snip... </identities>'
    Note that the argument name is securityConstraint, and the prefix is @SecurityContext::. They are a bit similar, so please be careful.

    Another thing I noticed. The USC string on your last post doesn't seem well-formed. The last close tag </identities> is missing.
    I think this may be typo as well as the argument name. Please check it also.

    Thanks, Hirofumi
  • SystemAdmin
    SystemAdmin
    197 Posts
    ACCEPTED ANSWER

    Re: No access to Secure Documents on REST API

    ‏2013-02-25T09:36:43Z  in response to SystemAdmin
    Hi,

    i created a new sec collection with ACTIVE document cache and Thumbnails.

    I tried to search in this collection and i get results.

    The next step: Open the Thumbnail link, including the manually added securityConstraint:
    
    http:
    //kaw8ica3.ebusiness.local/api/v10/document/thumbnail?collection=sectest&uri=domino://domino02.ebusiness.local/C125772000423E92/ICA%255CKAinfo.nsf//FE53910868CB0F37C125788D0048DF21?AttNo%3D0%26AttName%3DNeue%2BPl%25C3%25A4ne%2Bf%25C3%25BCr%2BNutzung%2Bder%2BAcherner%2BIllenau.pdf&securityConstraint=%3Cidentities%20id=%22ZXNhZG1pbg==%22%3E%3Ccookies%3E%3Ccookie%20name=%22THRwYVRva2VuMg==%22%3EVE5SaUt5YjRIb1lBdWdhVjVzc0lDT2ZoemFHUlpXNERieWh1bklneGRVU2VWRDNXRVBLZnhnek9vcEZVZXpuek9pcFluakViRGRMb0VWQTN6TWhWRDdKVUlVQ2xzSVo4WCtPdVRKZmpNLzhKVkNjRTZMWEhuelJ1RzZobHFTbEpSSk10eGVPeU12OHJoQXdIdXBOVWs0bUEyQmtHcVhZRjFZdWQwNS9hYXFaaUxDS0pMOVdPU0ZIQVpLQU1PNFkyNC9ZMDZwRUZEZmRaTWp4bWduWVR0bFJzTGFYTnI4cnVJcWxPYVZxd1ZraGdTUzJscHc5Y1JDa2R1MkxRNi9oU2Q0TlNtU1hObk5TeFBTNWxZaVZ6Z3M3NEhkQVAyMDk0L09aQUh1dWVGRUZoN3paUXJSNHBncVdaY0dEL1hmVmZRYWkvVkpvOWw1RjhBZXdpeFlYWFhIdkxSRVhIdXd5dGhJbmcvRkJSWFJLMVpWK3ArVWd6cHhOMy9RUjdkYU9hYmtxVHBPTGdPL2UxUk5JdGRpMVhPcVYwUGduNXpiL2VUQmxhMFh4VmM2bHRoc2ZIRm0yQWt3RUJKSElkN1BBMjNBOHVKMWN6U01USVNhZUliRnpxVFJ6VlZWelVYOWsyWnhnbGE5eHdQY1ozLzFzMUMxc2hoemV1Y0o5L0NZSXlBbXFNR24xUGRrcGlqcE1KdHdURVpiTlg3cExqN1cybmtHR0JJVG1sYmZhS3p1MFhMS0JmUXVnVzE1SWcxdVczaUtya2JSYklMeWJCUExMekEvZFphaC9mQ2psL3ZuZGpVK0ZObFVJSlVOYmM3SXc5N2d4MDdPWGdnQXI5cEJkMnp2UVdoV002UU5jS1BXRThIR1FCZ3N3UXpkREV4elNGQ3BHc2o1YlkrdjJHUUl6SldOcE9jbDdJek5FSWNtN1VRQTY1OFdURUJFblhEdWdMWEJqK1pnPT0=%3C/cookie%3E%3Ccookie%20name=%22SlNFU1NJT05JRA==%22%3EMDAwME5YSnVFV0FoVzBQdUljemFSTEpvN0MwOi0x%3C/cookie%3E%3C/cookies%3E%3Cidentity%20id=%22ZWJ1c2luZXNzLmxvY2Fs%22%3E%3Cusername%3EZXNhZG1pbg==%3C/username%3E%3Ctype%3Ewinfs%3C/type%3E%3Cpassword%20encrypt=%22yes%22%3EmQ2I0oPo4Oy3KlYqGuv4EQ==%3C/password%3E%3Cgroups%3E%3Cgroup%20id=%22RXZlcnlvbmU=%22/%3E%3Cgroup%20id=%22QWRtaW5pc3RyYXRvcnM=%22/%3E%3Cgroup%20id=%22VXNlcnM=%22/%3E%3Cgroup%20id=%22SU5URVJBQ1RJVkU=%22/%3E%3Cgroup%20id=%22Q09OU09MRSBMT0dPTg==%22/%3E%3Cgroup%20id=%22QXV0aGVudGljYXRlZCBVc2Vycw==%22/%3E%3Cgroup%20id=%22VGhpcyBPcmdhbml6YXRpb24=%22/%3E%3Cgroup%20id=%22TlRMTSBBdXRoZW50aWNhdGlvbg==%22/%3E%3C/groups%3E%3Cproperties%3E%3Cproperty%20name=%22valid%22%3EdHJ1ZQ==%3C/property%3E%3Cproperty%20name=%22connectionid%22%3EMTM1NDYzMTcxNDQ1NTAyMDExMzQ2ODc2ODg=%3C/property%3E%3Cproperty%20name=%22username%22%3EZXNhZG1pbg==%3C/property%3E%3Cproperty%20name=%22creationDate%22%3EMTM2MTU1MTY4OTY3Mw==%3C/property%3E%3Cproperty%20name=%22enable%22%3EdHJ1ZQ==%3C/property%3E%3Cproperty%20name=%22aclvl%22%3EMg==%3C/property%3E%3Cproperty%20name=%22crwid%22%3EZUJpelVuU2VjLldJTl82NzMxMw==%3C/property%3E%3Cproperty%20name=%22spaceid%22%3EQ3Jhd2xlclVuaXhGU1N1YmRpcmVjdG9yeTEzNTc4MTM2MjEyNzA=%3C/property%3E%3Cproperty%20name=%22ssoenabled%22%3EZmFsc2U=%3C/property%3E%3C/properties%3E%3C/identity%3E%3Cidentity%20id=%22RE9NSU5PISFkb21pbm8wMi5lYnVzaW5lc3MubG9jYWwhIU5PVEVT%22%3E%3Cusername%3EQ049ZXNhZG1pbi9PPWVidXNpbmVzcw==%3C/username%3E%3Ctype%3Enotes%3C/type%3E%3Cpassword%20encrypt=%22yes%22%3EmQ2I0oPo4Oy3KlYqGuv4EQ==%3C/password%3E%3Cgroups%3E%3Cgroup%20id=%22LURlZmF1bHQt%22/%3E%3Cgroup%20id=%22TG9jYWxEb21haW5BZG1pbnM=%22/%3E%3C/groups%3E%3Cproperties%3E%3Cproperty%20name=%22valid%22%3EdHJ1ZQ==%3C/property%3E%3Cproperty%20name=%22connectionid%22%3EMTM0ODEyNTY2MjYxNjAwMzcxMjg3NTA1Nzc=%3C/property%3E%3Cproperty%20name=%22username%22%3EZXNhZG1pbg==%3C/property%3E%3Cproperty%20name=%22creationDate%22%3EMTM2MTU1MTY4OTkzOA==%3C/property%3E%3Cproperty%20name=%22enable%22%3EdHJ1ZQ==%3C/property%3E%3Cproperty%20name=%22aclvl%22%3EMw==%3C/property%3E%3Cproperty%20name=%22canonicalusername%22%3EQ049ZXNhZG1pbi9PPWVidXNpbmVzcw==%3C/property%3E%3Cproperty%20name=%22crwid%22%3EZUJpelVuU2VjLk5PVEVTXzY1ODQ4%3C/property%3E%3Cproperty%20name=%22spaceid%22%3EQ3Jhd2xlck5vdGVzVmlld0ZvbGRlckRvYzEzNTc4MTQzNTc1MjI=%3C/property%3E%3Cproperty%20name=%22ssoenabled%22%3EZmFsc2U=%3C/property%3E%3Cproperty%20name=%22protocol%22%3EMg==%3C/property%3E%3C/properties%3E%3C/identity%3E%3C/identities%3E
    


    But still the same error.

    Is there a secret flag you need to set when you do the search?? Because the "rel": "alternate", and the es_thumbnail": "href": don't include the security context, but the Preview does.
  • SystemAdmin
    SystemAdmin
    197 Posts
    ACCEPTED ANSWER

    Re: No access to Secure Documents on REST API

    ‏2013-02-25T11:03:30Z  in response to SystemAdmin
    Hi Chiris,
    Ok, the href value in REST result is quite questionable. Forget about it for now.
    I tried to reproduce the symptom and made it at least for preview API.
    http://ica.server.example.com:8393/api/v10/search/preview?query=*:*&collection=sec_01&uri=domino://domino.example.com%253A81/49256E40003405C4/hirofumi%252Fiicrawler00.nsf//B50855F23152B2AC49257580005E3FE5&securityConstraint=@SecurityContext::'<identities id="ZXNhZG1p http://...snip...</identities>'

    There are two parts to be considered. Specifying URI and attaching securityConstraint.
    As I introduced above, I'm pretty sure about how to specify securityConstraint. So you need to prepend and append required strings.

    Now, the most confusing point is URL encoding in uri argument.
    Here the actual URI for the document in my environment is:
    domino://domino.example.com%3A81/49256E40003405C4/hirofumi%2Fiicrawler00.nsf//B50855F23152B2AC49257580005E3FE5
    I specified on the browser's address bar as
    domino://domino.example.com%253A81/49256E40003405C4/hirofumi%252Fiicrawler00.nsf//B50855F23152B2AC49257580005E3FE5
    (doubled URL encoding)
    Because firefox automatically decode entire URI. If I don't apply doubled URL encoding, the specified URI can be recognized by the API as :
    domino://domino.example.com:81/49256E40003405C4/hirofumi/iicrawler00.nsf//B50855F23152B2AC49257580005E3FE5
    And this is incorrect, so the API could not find the document.

    I don't know how you are validating the REST API, but I think you can make sure if the URI itself is correctly recognized by the API or not by using non-secure collection.
    If it's confirmed, you can move onto securityConstraint stuff.

    In addition to it, the thumbnail and content API should be in the same situation. If you get success on either one of API, others should work.

    Thanks, Hirofumi
  • SystemAdmin
    SystemAdmin
    197 Posts
    ACCEPTED ANSWER

    Re: No access to Secure Documents on REST API

    ‏2013-02-25T15:02:51Z  in response to SystemAdmin
    Hi Hirofumi,

    thanks a lot for your help. The "@" Sequence was the answer. We can now access all data including the thumbnails.
    Just for fun i checked the REST-Dokumentation an @SecurityConstraint and found nothing about it.
    The only reference to it is in some deprecated siapi samples.

    I would have been lost without you!!

    Thanks again!!

    Chris
  • SystemAdmin
    SystemAdmin
    197 Posts
    ACCEPTED ANSWER

    Re: No access to Secure Documents on REST API

    ‏2013-02-25T15:21:27Z  in response to SystemAdmin
    I'm glad to hear that.

    You gave us some valuable information, for REST API response and documentation.
    I will pass those information to appropriate team to follow up. Thank you too.

    1. It would be great if you can mark the thread as answered.