1

I have code in the afterRenderReponse event in an xpage (xagent) to establish a connection with the Domino Data Service and return the result (json) to a scoped variable.

Anonymous access to the database containing the xpage is No Access, so the user will have to log in.

Problem is that when calling url.openConnection() in the code, the login form is returned. Meaning I have to authenticate again even if the requested url is at the same server/domain as the xpage calling it.

I know I can authenticate using basic authentication using: conn.setRequestProperty("Authorization", "Basic " + authStringEnc) , but then I would have to know the username and password + base64 encode this.

My question is : Since the user is allready authenticated, is it possible to "pass along" these credentials to the java.net.HttpURLConnection object ? Is it possible to get a handle to the ltpatoken cookie and provide this ? Any other way ?

    <?xml version="1.0" encoding="UTF-8"?>
    <xp:view xmlns:xp="http://www.ibm.com/xsp/core" rendered="false">

        <xp:this.afterRenderResponse><![CDATA[#{javascript:// Establish connection with Domino database collection resource

try{
    var url = new java.net.URL("http://server/mydb.nsf/api/data");

    var conn:java.net.HttpURLConnection = url.openConnection();

    conn.setRequestProperty("Accept", "application/json");

    if (conn.getResponseCode() == "200") {



        // Get the response

        var reader = new java.io.BufferedReader(new java.io.InputStreamReader(conn.getInputStream()));

        var buffer = new java.lang.StringBuffer();

        var line = "";

        while ((line = reader.readLine()) != null) {

            buffer.append(line);

        }

        reader.close();



        // Create array from response

        var jsonarray = eval('(' + buffer + ')');



        // Get filenames and titles from Domino database collection resource

        // On XPage, requestScope.status is bound to a multi-line text control

        for (var i = 0; i < jsonarray.length; i++) {

            requestScope.status += jsonarray [i].@filepath + " - " + jsonarray [i].@title + "\n";

        }



    } else { // if connection fails

        requestScope.status = conn.getResponseCode() + " " + conn.getResponseMessage();

    }  
    } catch(e){
  _dump(e);
}
    }]]></xp:this.afterRenderResponse>
    </xp:view>

Any information would be greatly appreciated ! Thanks !

Best regards, Petter Kjeilen

user1674918
  • 31
  • 6

2 Answers2

2

If the user is authenticated and you're using session authentication on the server, you can read the session cookies from the users and pass the same cookies along with subsequent (GET) requests.

Depending on how session authentication is configured on the Domino server, you're looking for the DomAuthSessionId or LTPAToken cookie. Have a look at the answer on this page for a sample on how to read the cookies and send them along with additional requests ("maintaining the session" section).

Community
  • 1
  • 1
Mark Leusink
  • 3,567
  • 12
  • 21
0

Don't use an HTTP URL Connection! Too much headache. Use the Apache HTTP Client. The classes are on the Domino server. Use this as a reference point how to use it.

stwissel
  • 19,390
  • 6
  • 44
  • 90