Download from Wow! eBook <www.wowebook.com> Leveraging Alfresco Framework for WCM Alfresco is the leading provider of open source Enterprise Content Management and provides Enterprise grade, scalable, robust, portable, and reliable solutions for managing any type of content, including documents, digital assets, and web content. Alfresco has different modules to manage different kinds of content. Document Management (DM) and Web Content Management (WCM) are the two main and widely used modules of Alfresco. Alfresco Document Management captures, shares, and retains content, enabling users to version, search, and simply build their own content applications. The Alfresco Web Content Management allows organizations to rapidly create and more effectively maintain dynamic Internet, intranet, and extranet sites, enabling a shortened web development cycle, providing high return on investment and low cost of ownership. Alfresco framework is built on state-of-the-art open source frameworks such as Spring, Hibernate, Lucene, and JSF. DM and WCM are two different feature sets that are built on the common infrastructure framework of Alfresco and also have services such as security, workow, library, search, and so on, which can be used across the application for any module. In this chapter, we will discuss how you can leverage the Alfresco DM features for the WCM and cover the following topics for WCM: • Membership and Security Mechanisms • FFMPEG Integration • DM content in WCM • Image Transformation • Advance Search • Metadata Extractor Download from Wow! eBook <www.wowebook.com> Leveraging Alfresco Framework for WCM [ 354 ] Membership and Security Mechanism The Alfresco security model is exible and allows you to choose either its built- in security or an external security model dened by your organization, by using systems such as LDAP and Active Directory. You will understand various security models and learn to choose the one that is most suited to your enterprise's requirements. The Alfresco membership system is highly scalable and can cater to a number of users and content managers. The Alfresco WCM can also leverage the security mechanism provided by Alfresco DM. Consider a case where we have people from different departments for any company who need to access the Alfresco WCM system. These companies already have their own directory-based Central Authentication System. Here you can have two possibilities: • Use Alfresco's out-of-the-box membership system and create the user accounts for all those users in Alfresco. • Congure Alfresco with LDAP for centralized Identity Management where all the users from existing directory LDAP will be imported in Alfresco if they need to access Alfresco and will be authenticated via Central Authentication System-LDAP. As the company is already having their own directory, the second approach would be proffered. We can congure Alfresco with LDAP and import the users in Alfresco. Once the users are available in Alfresco, we can easily associate the users to the web project in Alfresco WCM. This is already described in Chapter 3, Getting Started with Alfresco WCM. You can refer to this chapter for further details. Conguring LDAP for centralized identity management LDAP evolved from X.500 OSI Directory Access Protocol. LDAP directory is the central authentication engine for the enterprise, and serves as the yellow pages for user access and prole information. The biggest advantage of LDAP is that your enterprise can access the LDAP directory from almost any computing platform, using any one of the increasing number of readily available LDAP-aware applications. In fact, LDAP is nding much wider industrial acceptance because of its status as an Internet standard. Download from Wow! eBook <www.wowebook.com> Chapter 11 [ 355 ] You can use LDAP with any directory server, such as iPlanet, Novell's eDirectory, Microsoft's Active Directory, or OpenLDAP. If you are planning to implement an LDAP directory in your organization, you may consider OpenLDAP, Active Directory, or eDirectory. OpenLDAP is a stable and widely accepted open source directory server. LDAP conguration with Active Directory Active Directory supports LDAP-based authentication. It can also support authentication using JAAS+Kerberos and NTLM authentication. Only NTLM will give you a Single-Sign-On solution. It is possible to use any authentication methods against an Active Directory server and extract user and group information via LDAP. For the LDAP to work with Alfresco, you have to make some changes in the conguration les. Follow the steps given below to congure LDAP-based authentication with Active Directory. 1. Open the <alfresco>/tomcat/webapps/alfresco/WEBINF/classes/ alfresco/subsystems/Authentication/ldap/ldap-authentication. properties le and modify the properties to your required value as follows. All other properties can be kept as it is in the le. ° ldap.authentication.active=true (this ag enables the LDAP as authentication mechanism; if set to false, LDAP will be used only for synchronization) ° ldap.authentication.userNameFormat=CN=%s,DC=company, DC=com (this maps the user ID entered by the user to pass through LDAP; the %s is replaced with whatever the user types in as their user ID on the login screen) ° ldap.authentication.java.naming.provider.url=ldap:// openldap.domain.com:389 (the name and port of your LDAP server; the standard port for LDAP is 389) ° ldap.authentication.java.naming.security. authentication=simple (the authentication mechanism you want to use) ° ldap.authentication.defaultAdministratorUserNames=a dmin,User1 (LDAP users' names who should be considered as administrators, separated by a comma) Download from Wow! eBook <www.wowebook.com> Leveraging Alfresco Framework for WCM [ 356 ] 2. Open the <alfresco>/tomcat/shared/classes/alfresco-global. properties le and uncomment the following line: authentication.chain=alfrescoNtlm1:alfrescoNtlm To congure LDAP as an authentication mechanism, you need to change this property. Provide ldap:ldap for LDAP Authentication as follows: authentication.chain=ldap:ldap 3. Open the file-server-custom.xml le. Add the following code: <config evaluator="string-compare" condition="CIFS Server" replace="true"> <serverEnable enabled="false"/> <host name="${cifs.localname}A" domain="${cifs.domain}"/> <comment>Alfresco CIFS Server</comment> <! Set to the broadcast mask for the subnet > <broadcast>${cifs.broadcast}</broadcast> <! Use Java socket based NetBIOS over TCP/IP and native SMB on linux > <tcpipSMB platforms="linux,solaris,macosx"/> <netBIOSSMB platforms="linux,solaris,macosx"/> <! Can be mapped to non-privileged ports, then use firewall rules to forward requests from the standard ports > <! <tcpipSMB port="1445" platforms="linux,solaris,macosx"/> <netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/> > <hostAnnounce interval="5"/> <! Use Win32 NetBIOS interface on Windows > <Win32NetBIOS/> <Win32Announce interval="5"/> <! CIFS authentication > <authenticator type="passthru"> <LocalDomain/> </authenticator> <! <WINS> <primary>1.2.3.4</primary> Download from Wow! eBook <www.wowebook.com> Chapter 11 [ 357 ] <secondary>5.6.7.8</secondary> </WINS> > <sessionDebug flags="Negotiate,Socket"/> </config> <config evaluator="string-compare" condition="FTP Server" replace="true"> <serverEnable enabled="false"/> <! Run on a non-privileged port > <! <port>1121</port> > <! FTP authentication > <authenticator type="alfresco"/> <! <debug flags="File,Search,Error,Directory,Info,DataPort"/> > </config> <config evaluator="string-compare" condition="Filesystem Security" replace="true"> <authenticator type=" passthru "> <! the name of your ldap server > <Server>openldap.domain.com</Server> </authenticator> </config> This authentication mechanism sends usernames and passwords in plain text. It is the most simple to set up. This is supported by both Active Directory and OpenLDAP. LDAP synchronization As you have already congured LDAP with Active Directory, the next step will be to extract information from Active Directory. This synchronization of people and groups between the Alfresco repository and LDAP is supported by scheduled jobs. These jobs extract the user or group information from the LDAP repository and create the appropriate information as an Alfresco import XML le. This le is then imported into the repository. Download from Wow! eBook <www.wowebook.com> Leveraging Alfresco Framework for WCM [ 358 ] Follow these steps to export users and groups from Active Directory: 1. Open the <alfresco>/tomcat/webapps/alfresco/WEB-INF/classes/ alfresco/subsystems/Authentication/ldap/ldap-authentication. properties le. Modify the properties to the required value as follows. All other properties can be kept as is in the le: ° ldap.synchronization.java.naming.security. principal=admin (the user that has read access to the group and people information to be extracted from Active Directory server) ° ldap. synchronization.java.naming.security. credentials=secret (the password for the user dened above) ° ldap.synchronization.personQuery=(objectclass= inetOrgPerson) ° ldap.synchronization.userSearchBase=dc=company,dc=com (these two options combine to make the query to nd people. In the previous example, you will nd all objects of type inetOrgPerson anywhere in the directory) ° ldap.synchronization.groupQuery=(objectclass= groupOfNames) ° ldap.synchronization.groupSearchBase=dc=example,dc=com (these two options combine to make the query to nd groups. In the previous example, you will nd all objects of type groupOfNames anywhere in the directory) 2. Ensure that your earlier changes are saved. Start Alfresco. On restarting, you will be able to log into the Alfresco repository with LDAP users only. Daisy Chaining If you want to log into the Alfresco repository with Alfresco users also, then you have to make some more changes in the conguration les. This concept is called Daisy Chaining, allowing the users to congure multiple authentication components for Authentication. With version 3.2, Alfresco has introduced the concept of sub-systems. A sub-system is a congurable module responsible for a subpart of Alfresco functionality. Authentication is one of such sub-systems available in 3.2, which is a stack of multiple components responsible for Authentication in Alfresco. Download from Wow! eBook <www.wowebook.com> Chapter 11 [ 359 ] For more information on Alfresco Authentication sub-systems, you can refer to the Wiki link: http://wiki.alfresco.com/wiki/Alfresco_Authentication_ Subsystems . With this approach, Authentication sub-systems are easily chained. So, now it's very easy to congure the Chaining authentication. The steps to congure Chaining are as follows: 1. Open the <alfresco>/tomcat/shared/classes/alfresco-global. properties le and uncomment the following line: authentication.chain=alfrescoNtlm1:alfrescoNtlm 2. To congure more than one authentication component for chaining, you can add as many authenticators as you want separated by a comma as mentioned below: authentication.chain=ldap1:ldap,ldap2:ldap, alfrescoNtlm:alfrescoNtlm Here we have three different authenticators for Chaining Authentication; ldap1 and ldap2 are for LDAP Authentication and alfrescoNtlm is for Default Alfresco Authentication. For authenticating the users, when a user logs into the system, Alfresco checks for authentication in the sequence as dened above. 3. Conguration les for ldap1 and ldap2 are created as follows: Copy <alfresco>/tomcat/webapps/alfresco/WEB-INF/classes/ alfresco/subsystems/Authentication/ldap/ldap-authentication. properties to <alfresco>/tomcat/shared/classes/alfresco/ subsystems/Authentication/ldap1/ldap-authentication.properties . Copy <alfresco>/tomcat/webapps/alfresco/WEB-INF/classes/ alfresco/subsystems/Authentication/ldap/ldap-authentication. properties to <alfresco>/tomcat/shared/classes/alfresco/ subsystems/Authentication/ldap2/ldap-authentication.properties . 4. Now, modify this property le for ldap1 and ldap2 accordingly to provide the LDAP conguration details in both the les. Conguring LDAP is already explained in the previous section. 5. Restart the server and you can verify the chaining by logging in with an Alfresco local user and the LDAP user as well. Download the sample code from the Packt website. Download from Wow! eBook <www.wowebook.com> Leveraging Alfresco Framework for WCM [ 360 ] User roles In the previous section, we discussed the different Authentication mechanisms for users in Alfresco. Once the user is part of Alfresco, either created in Alfresco or imported from LDAP or any other system, you can assign different roles to the user for providing specic permissions. The users and default roles to these users are controlled globally in Alfresco, which also affects the WCM. By default, only the admin user has permission to create a web project in the Company Home | Web Projects folder. All the users of the system will have Consumer role by default for this folder. That means those users can have just "read" permission for the Web Projects folder; they really cannot create a web project. If you want to allow any other user to create a web project other than admin, then an admin can assign a Contributor or higher role to that user and then that user can get rights to create a new web project. There are different roles available in Alfresco, which users can be assigned to. Following are the ve basic roles: • Consumer: Read only permission • Contributor: Consumer + Permission to add/create new content • Editor: Consumer + Permission to edit the existing content • Collaborator: Contributor + Editor • Coordinator: Collaborator + Permission to delete the content As mentioned here, to create a web project, a user at least needs the Contributor role. Another scenario is if you remove the default consumer roles available to all the users for the Company Home | Web Projects space, then even if the user is a member of some web project, he will not be able to see the Web Project folder. Therefore, the user will not have access to that web project of which he is also a member. So, in this way you are controlling the users from outside the Web Content Management. Download from Wow! eBook <www.wowebook.com> Chapter 11 [ 361 ] Common repository As a Content Management Product, Alfresco has two different modules, DM and WCM. In this section, we will see how we can use Alfresco with the combination of DM and WCM both as a single repository. Consider a use case of a company where they are using Alfresco WCM for managing their website but at the same time they have an Intranet application, which is more for managing documents and other assets. For this Intranet, they are using the Alfresco DM. Now suppose some of the documents/ assets need to be managed in DM but are basically part of the website and need to be deployed. In this scenario, we can get the advantage of both the DM and WCM in the same repository. Let's take the example of the Cignex company. As we have already seen in the earlier chapter, the website for Cignex is managed by Alfresco WCM. But in this website, some of the images, videos, and so on are being used, which are managed in DM. There are some departments such as Marketing, Sales, HR, IT, and many more available that are using this Intranet application. Now if a Marketing person is uploading a video, then he or she may have some requirements such as it should be transformed into different formats like 3GP (for cell phones), MPEG4 (for iPod), and Flash (the default format for the website). Alfresco can be integrated with FFMPEG, using which we can easily transform the videos to other formats. Integrating Alfresco with the FFMPEG Video Transcoder FFMPEG is a very popular high performance video and audio transcoder. It has various widely used commercial tools to convert audio and video les from one format to another. It is basically a command-line interface. We can easily integrate any such command-line applications with Alfresco. You need to download the FFMPEG binary version for Microsoft Windows and put it into the <alfresco_install>/bin directory. The command used for transformation is: ffmpeg.exe -i [input_file.extension] [options] [output_file.extension] Download from Wow! eBook <www.wowebook.com> . <alfresco>/tomcat/shared/classes/alfresco/ subsystems/Authentication/ldap1/ldap-authentication.properties . Copy <alfresco>/tomcat/webapps/alfresco /WEB- INF/classes/ alfresco/subsystems/Authentication/ldap/ldap-authentication. properties . <www.wowebook.com> Leveraging Alfresco Framework for WCM [ 358 ] Follow these steps to export users and groups from Active Directory: 1. Open the <alfresco>/tomcat/webapps/alfresco /WEB- INF/classes/ alfresco/subsystems/Authentication/ldap/ldap-authentication. properties . introduced the concept of sub-systems. A sub-system is a congurable module responsible for a subpart of Alfresco functionality. Authentication is one of such sub-systems available in 3.2, which