Wednesday, 23 March 2016

Get to know the technology stack used by Alfresco...

While working on Alfresco, Have you ever wondered what are the different open source modules or underlying technologies used in Alfresco?

Everyone of us must be knowing about the technologies at a high-level such as spring, acitiviti, solr and so on. However, that is not the complete list of technology stack. There is more to it.

For your knowledge and reference, If you are interested to know the details on the underlying technologies and open source modules used by Alfresco then you can easily find about it from your Alfresco installation. Just navigate to the file called notice.txt at the location {Alfresco_installed_directory}\licenses folder and it lists out everything you should know. 

In my view, it seems to be the best place where all the information about technology stack used in Alfresco is collectively available at a single place. Hope you find this information useful.

Note : I used Alfresco Community 5.0.d as reference Alfresco version for this post as I am having it installed presently on my machine.

Thursday, 10 March 2016

2 Quick & Easy ways to know your Alfresco version details...

With each new release of Alfresco, there are many new features getting added to Alfresco which are really useful and makes Alfresco product really cool. The most recent release was Alfresco 5.1. Hope you have checked about the new features of the latest release Alfresco 5.1 Community Edition and Alfresco One 5.1 (Enterprise Edition)

Now, while working on Alfresco and especially if you are new to Alfresco, it may sometimes happen that you want to know the details about the exact version of your Alfresco in order to refer to the appropriate documentation link and even to ask the question in Alfresco forum with specific Alfresco version details.

I am sure you must also have had figured it out as well. However, here are the two quick and easy ways you can easily find your Alfresco version detail when your Alfresco is up and running and even when your Alfresco is not running.

Know Alfresco version details when Alfresco is NOT running

You need not to wait for your Alfresco to be up and running in order to know the Alfresco version details. You can get to know the details even when Alfresco is not running. Following is how you can know it. Inside your Alfresco installed directory, you can find at the location \tomcat\webapps\alfresco\WEB-INF\classes\alfresco.This file contains all the required details about the alfresco version as shown in the following screen-print. It contains all the details you should know about your Alfresco.
Alfresco version details

Know Alfresco version details when Alfresco is up and running

When Alfresco is up and running, it is even simpler to know the version details. Simply hit the url http://localhost:8080/alfresco (modify the host and port as per your installation) and you will be shown with the following screen. You get to know Alfresco version details such as label, edition and version build number as highlighted below.
Alfresco version details

These are the 2 quick and easy ways to find your Alfresco version details.

Saturday, 5 March 2016

Behind the scenes of Alfresco Share Login page...

Alfresco Share Login page is the first screen you get to see when you access the Alfresco Share URL. As soon as you provide valid credentials, you are logged into the Alfresco Share, having access to the alfresco repository. Entering wrong credentials on login page displays an error message and doesn't allow you to login.

While working on the projects, you may have come across the scenarios wherein you need to modify the login page look and feel as per the client requirements. You may sometimes want to perform some logic on completion of successful login and so on...

Here is alfresco documentation link about how you can override the default login page in Alfresco Share. It's an excellent resource and provides step by step instructions to get the job done easily. If you are interested to understand how this happened so easily then you may be interested to find out how it works out-of-the-box. As a developer my viewpoint is always that, In order to do any customization,  it is essential to understand how it is working out-of-the-box. This will help you have a good understanding about how to easily customize it.

Let's have a quick look and get to know about behind the scenes working of Alfresco Share login page.

How Alfresco Share Login page gets displayed?

Alfresco Share is a web application. Once successfully deployed on Tomcat server, As soon as you hit http://localhost:8080/Share, it looks for the entries defined under <welcome-file-list> in  web.xml.It is the core file for any web application.

It defines index.jsp as the welcome file as shown in the code snippet here in the right side. Hence, this is the first page which should get rendered.

Note: The code snippets I have taken from my local alfresco installation. C:\Alfresco is the alfresco installed directory.

If we take a look at the code inside index.jsp, it simply does a redirection to the URL "page/".


Now, in order to process the request, the appropriate servlet needs to be invoked. Servlet mapping for above URL can be found in web.xml file as shown
in the code snippet here.

The corresponding servlet is org.springframework.web.servlet.DispatcherServlet and it's entry is defined in web.xml.

During the request processing, when there is no page included in the request, such as we saw above like page/, Spring MVC request dispatcher by default tries to render the default configured landing page for the site.

Default site configuration is specified in surf.xml as highlighted in the code snippet below. surf.xml is a key file which contains the default configurations for the surf application.


You should be able to find the above mentioned site configuration file at the location \tomcat\webapps\share\WEB-INF\classes\alfresco\site-data\configurations inside your alfresco installed directory.

Now, here starts the interesting stuff. If you go through the above configuration file code, it specifies the <root-page>site-index</root-page>.That is basically the surf page-definition name. Inside the location \tomcat\webapps\share\WEB-INF\classes\alfresco\site-data\pages, You should be able to locate site-index.xml file.
As highlighted in the code-snippet above, it specifies the authentication as user. This is the point where Share application identifies that in order to access the default landing page, user must be authenticated. Hence, now it tries to redirect the user to the login page. Now, let's understand how it does this.

The default configuration for login page is specified in the surf.xml as shown in the code snippet. Here, basically the login page-type mapping is specified for surf page instance id
Now, there are corresponding surf components for this page instance id such as related page definition, template instance, template type and related presentation tier web script. Following is the details about it.

Login page related Surf Components
  1. The corresponding page definition slingshot-login.xml for login page type mentioned above can be located at tomcat\webapps\share\WEB-INF\classes\alfresco\site-data\pages.It  basically specifies the corresponding template-instance as simple-guest and also it specifies the corresponding presentation web script at share tier.
  2. Template instance simple-guest.xml is located at \tomcat\webapps\share\WEB-INF\classes\alfresco\site-data\template-instances. It refers to the template-type org/alfresco/simple-guest
  3. Template type simple-guest.ftl is located at \tomcat\webapps\share\WEB-INF\classes\alfresco\templates\org\alfresco
Presentation-Tier web script

Nicely looking login page of out-of-the-box Alfresco Share is displayed using the presentation tier web script residing at the location tomcat\webapps\share\WEB-INF\classes\alfresco\site-webscripts\org\alfresco\components\guest inside of your Alfresco installed directory. Following are the web script documents for this web script.
  • Web script description document - login.get.desc.xml
  • Server side JavaScript controller - login.get.js
  • Response template - login.get.html.ftl
  • CSS dependency - login.css 
  • Client side JavaScript - login.js
The last two files above can be located at tomcat\webapps\share\components\guest in Alfresco installed directory.

The controller of this web script primarily sets up the essential details for the login form such as form submit action URL, url to redirect to on successful login and also for failure on login.

Response template login.get.html.ftl specifies the complete Login form that gets rendered on the screen.

This is how the login page gets displayed on the screen. Now what next? 

What happens when you submit the Login button?

When login page is submitted, POST request gets triggered to the url /page/dologin. If you take a look at login.get.html.ftl,you should be able to easily find it. This basically references a SpringSurf controller whose id would be dologin.There will be a corresponding bean which would be having the implementation to handle the login request,which we will see in the next section.
Inside share-security-config.xml located at tomcat\webapps\share\WEB-INF\classes\alfresco, a rule is setup as a part of CSRF filter config to not require any token for the request.

Login Form Submission URL Mapping

As we discussed above, Inside slingshot-application-context.xml located at tomcat\webapps\share\WEB-INF\classes\alfresco, url mapping has been specified for /dologin url pattern which maps to a bean id loginController in order to get the authentication done.

Login Class

loginController bean id is mapped to the back-end class which extends
In SlingshotLoginController class, once user authentication is successful then corresponding group memberships for the authenticated user are retrieved. Actual authentication is performed inside the handleRequestInternal() method of 
class,which is a parent class of

Okay, that is good enough, we got to know that which method performs the actual authentication, 
But how the actual login happens? How Share connects to Alfresco repository and authenticates the 
given user?

How user is authenticated actually?

The controller defined above uses the user factory. Default user factory is specified in surf.xml.


It uses the user factory bean id specified in surf.xml as shown in the code snippet.

The corresponding bean definition for above mentioned id is and is specified in 

To connect to alfresco repository and authenticate the user, it uses the alfresco endpoint 
which is bind to use the alfresco-ticket authenticator. The relevant class for this authenticator is 
which basically invokes api/login web script and authenticates the user. 

The above mentioned endpoint configurations can be found in the file spring-webscript-config.xml 
that can be located at org\springframework\extensions\webscripts inside 
spring-webscripts-*.jar in tomcat\webapps\share\WEB-INF\lib.
This is how it does the authentication against the alfresco repository. 
We went too much technical...isn't it?

Now, if the authentication is successful then based on the success url we specified in our presentation
tier web scripts controller implementation, it navigates to the default landing page.
If user credentials are invalid then using the failure URL, user will be redirected back to the login 
page itself.

That's it...! We have just deep dived into the technical details about understanding the out-of-the-box
login page internals. Hope you find this information useful for your reference.