Reputation: 952
Alfresco ticket validity
I am using alfresco default web script to get a ticket for a user but i am not sure till when this obtained ticket is valid.
Also i am extracting ticket is from obtained XML response of alfresco default login web script.
Does a ticket has any expiry date or once a ticket is obtained, it will not expire till session expiry?
Upvotes: 4
Views: 10746
Answers (2)
Reputation: 13514
The following property set on the Alfresco repository, along with its default value, configures the ticket life span to be one hour:
authentication.ticket.validDuration=P1H
You can override such property in the usual way. Meaningful values are described in the Duration class:
* The lexical representation of duration is
* PnYnMnDTnHnMnS.
*
* P is a literal value that starts the expression
* nY is an integer number of years followed by the literal Y
* nM is an integer number of months followed by the literal M
* nD is an integer number of days followed by the literal D
* T is the literal that separates the date and time
* nH is an integer number of hours followed by a literal H
* nM is an integer number of minutes followed by a literal M
* nS is a decimal number of seconds followed by a literal S
Please note that by default successful usages of a ticket will renew its validity, meaning that given a ticket validity of one hour, if you authenticate, say, a web script call using the ticket after 59m from its generation, its validity will be extended to another hour.
As the ticket lifecycle is completely configurable, have a look at the ticketComponent Spring bean defined in authentication-services-context.xml to see the available options (e.g. setting oneOff to true to only allow one single use of a given ticket).
Upvotes: 13
Reputation: 952
The best way to handle alfresco authentication tickets is to handle it manually. E.g. for getting a ticket, use OOTB web script.
http://localhost:8080/alfresco/service/api/login?u=admin&pw=admin
which return ticket such as TICKET_29ced6613a114294fa4bb9e67bf663112076f3d9 (needs to be extracted).
Now when using this ticket for any kind of operation, try to verify ticket validity using OOTB alfresco web script.Note that this is a HTTP GET method based web script
GET /alfresco/service/api/login/ticket/{ticket}
http://localhost:8080/alfresco/service/api/login/ticket/TICKET_29ced6613a114294fa4bb9e67bf663112076f3d9?alf_ticket=TICKET_29ced6613a114294fa4bb9e67b663112076f3d9
Thing to note here is that you need to authenticate this web script also by appending ?alf_ticket={ALFRESCO_TICKET} without which it will not work.
Finally when you are done with your things, always log out using OOTB alfresco logout web script. Note that this is a HTTP DELETE method based web script
DELETE /alfresco/service/api/login/ticket/{ticket}).
http://localhost:8080/alfresco/service/api/login/ticket/TICKET_29ced6613a114294fa4bb9e67bf663112076f3d9?alf_ticket=TICKET_29ced6613a114294fa4bb9e67bf663112076f3d9
Again you need to authenticate this web script also by appending ?alf_ticket={ALFRESCO_TICKET} without which it will not work.
This way you can ensure proper authentication as well as system will not be overburdened with stale tickets.
P.S. http://wiki.alfresco.com/wiki/Repository_RESTful_API_Reference#Logout
Upvotes: 6
Related Questions
- Setting the value of protection days for jobs 'ContentStoreCleanerTrigger' and 'NodeServiceCleanupTrigger' in Alfresco 5.1?
- Running an Alfresco Action after one week a rule is executed
- Alfresco Aikau Login with existing ticket
- explain alfresco config evaluator="xx" condition="yy"
- How to retrieve the alfresco ticket generated after Logging in using Rest API from Java?
- Is it possible to require checkout in Alfresco?
- How to find content older than a specific number of days in Alfresco
- Conditions in Alfresco policies binding
- How to keep original dates after uploading to Alfresco?
- How to get alf_ticket in Alfresco Share 3.4