Use persistent cookie for webdav authentication

Creating a macro - Writing a Script - Using the API (OpenOffice Basic, Python, BeanShell, JavaScript)
Post Reply
CJoannes
Posts: 2
Joined: Tue Aug 10, 2010 8:22 am

Use persistent cookie for webdav authentication

Post by CJoannes »

Hello,

I am currently developing a document management apllication based on the Alfresco platform.
This application provides a Webdav server to edit document online. The user authentication is form based and uses persistent cookies.

As Windows automatically shares persistent cookies between Internet Explorer and Microsoft Office, a user authenticated in our application via IE does not have to authenticate when MS Office opens a document via webdav.
But the same mechanism does not seem to apply to Open Office, meaning the webdav edition is not possible with OO on our application.

Is there any way to force Open Office to use an authentication cookie stored by IE when accessing the webdav server (so without prompting a username-password box) ?

Thanks in advance,
Open Office 3.0 on Windows XP
rudolfo
Volunteer
Posts: 1488
Joined: Wed Mar 19, 2008 11:34 am
Location: Germany

Re: Use persistent cookie for webdav authentication

Post by rudolfo »

Though I don't know anthing about the Alfresco platform the beauty about webdav is that is all http and plain text. If you don't use SSL (which is recommended in the OOo Help on webdav, but not required) you can capture the tcp pakets. The whole point in my opinion is to bring your server to the point to send a 200 OK back to the client (OpenOffice) and not a 401 Authorization Required. When OOo sees the 401 response code it pops up the user/password box.
Surely, one way to get around the 401 is to send the cookie with the initial request. This would follow the "Change the client" guideline. But sometimes the "Change the server side" is the better approach, because you have to change it only once and not for each client.
OpenOffice 3.1.1 (2.4.3 until October 2009) and LibreOffice 3.3.2 on Windows 2000, AOO 3.4.1 on Windows 7
There are several macro languages in OOo, but none of them is called Visual Basic or VB(A)! Please call it OOo Basic, Star Basic or simply Basic.
CJoannes
Posts: 2
Joined: Tue Aug 10, 2010 8:22 am

Re: Use persistent cookie for webdav authentication

Post by CJoannes »

Hello,

Thanks for you answer.

Forcing the application to send back response code 200 would imply lowering the security level, which is an option we unfortunatly cannot afford. So the only satisfying solution seems to be retrieving the authentication cookie and sending it with the original webdav request...

As we don't have any experience in OOo programming, do you have any clue on how to do so ?
What would be a good start point ? Macros ? Or is there any other "plugin" api that would be more suitable ?
Open Office 3.0 on Windows XP
rudolfo
Volunteer
Posts: 1488
Joined: Wed Mar 19, 2008 11:34 am
Location: Germany

Re: Use persistent cookie for webdav authentication

Post by rudolfo »

I guess this would be generally difficult. In the options you can configure proxy settings, but I haven't found anything in the UNO API that looks like an Interface for this functionality. So I doubt that there is an interface for setting specific http headers if this is not available in the GUI.
I think there are also only small chances that an extension does something like this.

So there is either the "patching the source" hardway or a "man in the middle" approach for the http protocol. Using a proxy that modifies the request headers to include the cookie. But I haven't thought through this. It will surely be difficult to tell the proxy where it can retrieve the cookie data.
OpenOffice 3.1.1 (2.4.3 until October 2009) and LibreOffice 3.3.2 on Windows 2000, AOO 3.4.1 on Windows 7
There are several macro languages in OOo, but none of them is called Visual Basic or VB(A)! Please call it OOo Basic, Star Basic or simply Basic.
hanya
Volunteer
Posts: 885
Joined: Fri Nov 23, 2007 9:27 am
Location: Japan

Re: Use persistent cookie for webdav authentication

Post by hanya »

All file or other file like resources opened through OOo, are processed by css.ucb.ContentProvider services. They are listed in the /org.openoffice.ucb.Configuration/ContentProviders/Local/SecondaryKeys/Office/ProviderData, and you can see pairs of ServiceName and protocol processed by the provider.
In the case of webdav, http, vnd.sun.star.webdav, webdav, dav, davs and https are used to access its contents, are processed by the com.sun.star.ucb.WebDAVContentProvider service. You can overwrite the entry with your own UNO component to work you want.
Please, edit this thread's initial post and add "[Solved]" to the subject line if your problem has been solved.
Apache OpenOffice 4-dev on Xubuntu 14.04
rudolfo
Volunteer
Posts: 1488
Joined: Wed Mar 19, 2008 11:34 am
Location: Germany

Re: Use persistent cookie for webdav authentication

Post by rudolfo »

Just in case this is still an issue: There is an extension from Oracle Connector for Alfresco CMS that claims that it can integrate OpenOffice into Alfresco.
But as you know from my previous post I am not familiar with Alfresco, so I can't say if this extension has a solution for your cookie approach or not ....
OpenOffice 3.1.1 (2.4.3 until October 2009) and LibreOffice 3.3.2 on Windows 2000, AOO 3.4.1 on Windows 7
There are several macro languages in OOo, but none of them is called Visual Basic or VB(A)! Please call it OOo Basic, Star Basic or simply Basic.
Post Reply