Tuesday, July 23, 2013

CSRF Policy in Alfresco Share

Since Enterprise 4.1.4, a new CSRF (Cross Site Request Forgery) Policy has been introduced in Alfresco Share.
Should you want to learn more about this, this should be useful https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

Mostly, it does not affect you, but in some cases it does. Here are some of the scenarios.
  • You are making an XMLHttpRequest with method POST, PUT or DELETE without using the Alfresco.util.Ajax or alfresco/core/CoreXhr classes 
  • You are making a form upload with enctype multipart/form-data without using Alfresco.forms.Form 
  • You are using a flash movie inside Share to send http requests with method POST 
  • You are writing a non-browser client, i.e. a mobile app 
  • Another system is sending POST requests to your Alfresco Share server 
  • You are running Alfresco Share behind one or more proxy server(s) and I get errors… 
Of course, there are individual methods to handle these situations using CSRFPolicy configurations, however, sometimes you would want to disable this filter altogether.

For that, simply add the following code snippet in your share-config-custom.xml file.

<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
               <attribute name="_alf_USER_ID">.*</attribute>
         <action name="assertReferer">
            <param name="always">false</param>
         <action name="assertOrigin">
            <param name="always">false</param>

Thanks to Erik Winlof for the detailed information.

Sunday, September 30, 2012

Alfresco Share in IE Compatibility Mode

Alfresco Share is not supported in Internet Explorer Compatibility Views - for both IE8 Compat View and IE9 Compat View.

There are number of UI bugs crops up in these mode of the browser, where as these works even in IE6 (and of course these works in IE7, IE8 onwards).

For example, one of the functionalities that does not work in Compat View is inserting image in a Wiki page.

Thursday, September 6, 2012

Alfresco Certified Engineer (ACE)

Proud moment for me to announce, became an Alfresco Certified Engineer yesterday. It had been a good experience to review where am I after working on Alfresco for last 4 years since Alfresco 2.1

For whom, who are targeting for the certification, here are a few useful information.


These are areas where you will be tested.

  • The Alfresco architecture and Repository
  • Understand, design and create content models and custom object types and aspects
  • Package and deploy Alfresco extensions and modules
  • Develop extensions for the Alfresco Explorer Web Client
  • Develop applications and Services using the Alfresco APIs (Foundation Services, JCR, Web Services)
  • Understand, define, customize and deploy Advance Workflows and Task Models
  • Understand how workflows interact with content
  • Connect to external applications using Web Services and protocols like SOAP & CMIS


There are 80 questions and you have 60 minutes to answer these. You need to secure at least 75% to become an ACE.


These are courses that will help you to pass the certification

  • Alfresco Fundamentals Course
  • Alfresco Web Scripts Course
  • the Alfresco Share Configuration Course
  • API Development Training Course
  • Alfresco Workflow Training Course
However, there is no formal requirement or pre-requisite for these courses or training.


Here is the categories and divisions of areas the questions are structured in the certification.

Architectural Core 39%
Repository Customization 22%
Web Scripting 13%
UI Customization 14%
Web Services 12%


Types of questions.

  • Multiple Choice — you need to select one option that best answers the question or completes a statement.
  • Multiple Responses — select more than one option that best answers the question or completes a statement. The text states how many options are correct, such as Choose two.
  • Sample Directions — read the statement or question. From the response options, select the option(s) that represent the most correct or best answer(s) given the information provided.
  • True/False — select either true or false as the answer.
  • Hotspot — you have to click on the correct area within an image. There is only one correct answer to this type of question.

Wednesday, August 22, 2012

Hiding the Header bar of Alfresco Share portlets in Liferay

Recently I was creating a demo for one of our customers who wanted to use Share portlets in Liferay.

Environment: Alfresco 4.0.2, Liferay 6.1.0

The Share portlets were easily deployed and working in Liferay. However, the default Share header bar was not expected inside the portlet.

It was presented like there are two navigation bars in your screen - one is from Liferay navigation, another of Share Header.

Thus I needed to get rid of the header, but since the same page as of Share application is used in the portlet container as well, I couldn't simply get rid of the header.

Added a few lines in site-webscripts/org/alfresco/header.get.html.ftl file.

<#assign portlet = context.attributes.portletHost!false>
<#if portlet>
    <#assign todo="we are not displaying header in portlet context. so nothing to do">
    <#-- The original Header generator FTL code goes here -->

It made the header bar not rendered while in Portlet, but the bar was as usual displayed in the Share application.

Friday, May 18, 2012

Organizations, in order to implement and adapt Alfresco as the ECM solution for the enterprise, need to follow certain plan and path.

Here we will elaborate what should be the specific plan of action for implementing Alfresco as the ECM solution in the business.


Identify Content Sources

In an organization, Content can be produced from a variety of sources.
For example Email transactions, Business Document productions, Images, Media file generation processes etc. Identification and listing of all these sources are quite essential.
There should be particular life cycle of each of these contents in the business, capturing these is also equally required.


Identify Actors

Similarly as there are number of different content sources possible in an organization, there can be variety of people and system actors involved in the production and maintenance of the content.
It is important to list down all such actors who contribute and participate in any phase of the content life cycle, along with their roles and actions they usually perform. This will also help to structure the permission model of the system.


Create Organization Taxonomy

This is probably the most important thing to do while establishing an ECM system. This involves
  1. Creating standard and fixed set of content Tags for the business
  2. Creating content categorization hierarchy and structure
  3. Creating user folksonomy strategy
  4. Create business specific content metadata, content types etc


Design Content Storage Structure

This is all about how different types of contents will be stored in the repository.
Answer the questions such as how many Sites will be created, what will be the default space (folder) hierarchy in each of the sites, what are the standard folder templates that can be re-used in the system etc.


Identify Document Management features

There are several standard document management features available in Alfresco ECM. For example
  • Versioning
  • Check-In, Check-Out
  • Comments
  • Manage Permissions
  • Manage Content Types, Metadata
  • Copy, Move, Edit
  • etc
The business needs to identify which all features they need and how to use them.


Structure Content Business Process

In an organization, contents are not created without any processes behind them.
Identifying and structuring these business processes and workflows are one of the most important aspects of an ECM implementation.
Write and spec these workflows in flow chart format that can help developers to easily implement them.


Collaboration around Contents

Alfresco is not only a simple document management system, it offers rich set of Web 2.0 collaboration features.
In today's social media driven world, users work in a very collaborative and connected environment. Alfresco offers all standard collaboration stuff which organizations must evaluate and implement accordingly.


Implement the above standard features

Deploy the above standard ECM use cases, run for a period, evaluate the performance and functionalities of the system.


Finally, identify and implement Customizations

At this point of time, the business owners should be pretty clear about what they need from Alfresco, as the ECM solution of the business. Now you can write down the business specific customizations, additional features they want. Implement those functionalities and you have a stable ECM solution in the business that will last long.

Tuesday, May 15, 2012

Setting up your Browser to use Alfresco Search

In Alfresco 4, OpenSearch is by default enabled.
You, however, need to configure this in your browser.

  • Open URL [http://localhost:8080/alfresco/service/api/search/engines] (replace localhost and 8080 with your alfresco server url). If OpenSearch is enabled, the following screen should come up.

  • While this page is open, click on the browser search engine drop down on the right hand side of the address bar.

  • Click on "Add Alfresco Keyword Search" - Alfresco OpenSearch search engine has now configured in your browser. 
  • Choose this search engine, type something in the search box, press enter. 
  • Alfresco would ask you for user credentials (if not logged in in Alfresco Explorer in this browser session). And as per your user credentials, the content search output will be displayed.


  • Alfresco takes care of the user permission and scope automatically. There is no need to do any enhancements for this. 
  • The search executes onto across repository (as per the permission), this is not limited to only ''Sites''. 
  • The output is paginated. Also, the name of the document enables you to download this.

Thursday, August 4, 2011

Alfresco 3 Cookbook: what it covers?

Chapter 1, Getting Started
Chapter introducing alfresco with brief demonstration of the alfresco Explorer application. Get alfresco downloaded and installed in your machine, and finally be acquainted with the default distribution and architecture of alfresco.

Chapter 2, Creating and Organizing Contents
Understand how to use alfresco as the Content Management System, how to upload or create contents, how to apply tagging or categorization of content, understand content metadata, use the document versioning capability of alfresco.

Chapter 3, Securing and Searching Contents
Be familiar with another important aspect of the Content Management System – Security. Understand how to secure your contents and folders. How to create users and user groups – and assign permissions for who can do what. You will also know about the search capabilities offered by alfresco, how to search contents and how search works in alfresco.

Chapter 4, Rules – the Smart Spaces
Learn how to make your alfresco repository dynamic, how to implement your business requirements that works automatically in the repository. You will understand how to create and apply rules in the repository; you will also be familiar with different actions that can be performed via a rule.

Chapter 5, Administering Alfresco
Chapter with recipes for administering alfresco, demonstrating how to manage users, user groups, create taxonomies, manage content categories. You will also be aware of how to use the alfresco Node Browser to view and search contents stored in the repository. You will also know how to manage your alfresco explore r dashboard.

Chapter 6, Customizing Alfresco Web Client
Alfresco offers customization of the Web Client application via a number of XML configuration files. This chapter elaborates various recipes for changing the view and appearance of the web client, customizing the application as per your requirements etc.

Chapter 7, Alfresco Content Model
Designing and modelling the content properties and architecture is one of the important requirements in a Content Management System. Alfresco offers pretty much dynamic capabilities for designing the content models. Using these recipes you will be able to understand the core architecture of alfresco content models, create your own custom content models, use your custom models in the alfresco explorer application.

Chapter 8, Alfresco JavaScript API
Alfresco offers the repository functionalities in form of JavaScript APIs. In this chapter you will understand the API structure and available features offered. Several example recipes would help you implement various functionalities. You will also learn how to write and execute scripts, how to debug scripts written using the APIs.

Chapter 9, Freemarker Templates
Freemarker Template is the presentation layer technology used in alfresco applications. The recipes of this chapter would help you understand the technologies and model behind the Freemarker templates in alfresco. Several template examples are included for commonly used functions such as displaying folder contents, showing workflow tasks, showing contents recursively, displaying content properties and details etc.

Chapter 10, Web Scripts
Alfresco Web Scripts provide RESTful APIs of the repository services and functions. The chapter elaborates all related concepts, knowledge and how-to recipes that would help you writing, deploying, debugging, using web scripts. You will also know the usage of default web scripts library that come with alfresco. Several sample web scripts are included, for example sending emails using templates, searching and displaying documents etc.

Chapter 11, Working with Workflows
Workflow implementation is one of the major requirements in a Content Management System in a business. This chapter would help you understand alfresco business process engine in detail. You will understand how the workflows are implemented in alfresco repository along with various components of the workflow engine. Several detailed examples and recipes are included to guide you create custom workflows, custom task models, specific resource bundles, customizing the web client to render the custom tasks and workflows properly. You will also be able to use the alfresco workflow console interface which is useful for debugging the task execution within the BPM engine.

Chapter 12, Integrating with MS Outlook and MS Office
Alfresco can be used from several other applications and interfaces. Being a content management system it is quite important to have the alfresco repository accessibility from some popular content authoring applications such as Microsoft Office. This chapter helps you integrate the alfresco repository with MS Word, Excel and PowerPoint. Recipes are also included for communicating with repository directly from any standard email client application such as MS Outlook.

Chapter 13, Configuring Alfresco E-mail and File Servers
The alfresco repository can act has file servers as well and you can expose the repository using several other standard protocols such as FTP, CIFS, WebDAV etc. These recipes are step-by-step guide to configure these protocols and using the content repository from different systems. From this chapter you will also be able to use alfresco as email server, and emails sent to some specific address will be landed directly into the repository.

Chapter 14, Building Alfresco
Until now you have used Alfresco as the binary bundle provided and downloaded. Now you can compile and build alfresco source code also. Recipes in this chapter will guide you to get the source from alfresco source code repository, compile and build the source code. You can modify Alfresco source code as your will; of course as per Alfresco license, you should contribute your changes back to alfresco community.