Wednesday, April 24, 2013

FileNet CE Service Client for Kerberos

Implementing Kerberos for FileNet CE service is complicated that what I thought. That's the reason I put together a set of rules for creating client to access CE Web Service. Scope of the blog is create .Net web app to access CE Web Service. It does not talk about server side Kerberos configuration



Application Pool setup:
·         Managed Pipeline Mode: Integrated
·         Identity: NetworkService

 Enable Windows Authentication on IIS App:
·         In IIS, double click on Authentication icon.
·         Enable Windows Authentication. Disable all other type of authentications.


Add below entries in web.config
·         authentication mode=”Windows”
·         identity impersonate=”true”


The server on which the ASP.NET app runs must have delegation enabled.
·         When using "Active Directory Users and Computers" tool, the steps are as follows:
o   Locate the server in the domain tree (or use Find) and open its Properties window.
o   Open Delegation tab
o   Enable "Trust this computer for delegation to any service (Kerberos only)" option, or be more specific and select "Trust this computer for delegation to specified services only > User Kerberos only" and then add some targets.
Note: The above operation must be performed by a domain admin.

 

IE browser settings:
·         Enable Windows Authentication:
o   Tools à Internet Options à Advanced
o   Under Security Section, check Enable Integrated Windows Authentication.

·         Add CE Server in trusted Sites:
o   Tools à Internet Options à Security à Local Intranet
o   Click on Sites. In popup window, click on Advanced button. Add CE Server name.  http:// CE Server Name


Code to Add Kerberos Token:
Along with every request, send Kerberos ticket. Below is the sample code for the same.
                SoapContext soapContext = Binding.RequestSoapContext;
                //Delete tokens if already exist
                if(soapContext.Security.Tokens.Count > 0){
                soapContext.Security.Tokens.Clear();
                }
                String spnName = "<>";
                SecurityToken token = new KerberosToken(spnName);
                soapContext.Security.Tokens.Add(token);

Monday, April 22, 2013

Run Eclipse project in command line




Steps to create a sample project in Eclipse and execute in command line;
  1. Create Eclipse project and compile it. It will create output in bin folder, which will have .class files.
  2. Create a batch file for classpath. In this batch file create set classpaths for all jar files which are used in Eclipse project. Also set classpath to bin folder of eclipse project.
  3. Copy all the required resources in bin folder. In my example, I had to copy "WcmApiConfig.properties" file in bin folder.
  4. Now you can execute Main class using Java Main Class.
  5. See sample batch file for setting classpath and executing the file.
   
Sample batch file for ClassPath
SET BaseFolder=C:\Users\Administrator\workspace\MyLearning01\
Set CLASSPATH=%CLASSPATH%;%BaseFolder%bin\;
Set CLASSPATH=%CLASSPATH%;%BaseFolder%lib\MyFirstJar.jar;
Set CLASSPATH=%CLASSPATH%;%BaseFolder%lib\MySecondjar.jar;

 
 

Sample batch file for the main class:
java eshu.learning01.MyMainClass