Re: [xwiki-users] Using HTML5 File Upload Widget for non-XWiki files
On 11/14/2014 11:24 PM, Bryn Jeffries wrote: > I asked: >>> I'd like to upload files through a custom File Upload servlet that runs >>> from the >>> same Tomcat server but is not part of XWiki. > [...] >>> Is it possible to make use of the supplied XWiki UI widgets to upload to >>> this >>> servlet? Any guidance on how to do this would be greatly appreciated. > > Marius said: >> See http://platform.xwiki.org/xwiki/bin/view/DevGuide/HTML5Upload for >> how to use the file upload widget inside XWiki. > > This has been helpful, thanks. Is it possible for me to get hold of any xwiki > session information within my external servlet? I'd like to know the XWiki > name of the user that's uploading the file. > I guess it is possible to do that, but you would have to write a component that is: - a custom XWiki authenticator http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HCustomAuthentication to store the session id on login (and remove it at logout) - and maybe a Session listener: https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpSessionListener.html to handle session timeout - finally has an API to communicate that information to the external servlet, without leaking the session-ids to other "interested" parties Somehow that does not look like a good idea to me. > Presumably one way would be to include the user name in the form request, > though browsing through some of the code > (https://github.com/xwiki/xwiki-platform/blob/stable-6.2.x/xwiki-platform-core/xwiki-platform-web/src/main/webapp/resources/uicomponents/widgets/upload.js) > it looks at first glance that there's no way to add this unless I paste them > as GET variables in the action URL. > The alternative to fiddeling with form action is to use hidden form fields; these should be send to the target in the same way as the form action. To do this you are back in server-side template-land (instead of JavaScript), where you should be able to say something like (cobbled together with the help of http://platform.xwiki.org/xwiki/bin/view/SRD/Navigation?xpage=embed , untested ...) This data then should be send to the upload servlet. Admittedly this is not spoof-proof (anyone e.g. can use a brwoser-dev tool like firebug and edit the values before uploading the file). If you want "safe and secure" method, you might consider "container authentication" (i.e. users come from the servlet container) http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HContainerAuthentication then the upload servlet has the same user as XWiki (except for "XWiki-only users, for which the widget will just not work). Oh, and if the servlet really moves to a different server ... well, maybe it works to set up a distributed user authentication like CAS. just a few thoughts as I came along, use at own risk ;) > Alternatively if the file submission has corresponding session data (not sure > whether this is the case) would it be possible for my servlet to request the > user name from XWIki in some way? > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Using HTML5 File Upload Widget for non-XWiki files
I asked: >> I'd like to upload files through a custom File Upload servlet that runs from >> the >> same Tomcat server but is not part of XWiki. [...] >> Is it possible to make use of the supplied XWiki UI widgets to upload to this >> servlet? Any guidance on how to do this would be greatly appreciated. Marius said: > See http://platform.xwiki.org/xwiki/bin/view/DevGuide/HTML5Upload for > how to use the file upload widget inside XWiki. This has been helpful, thanks. Is it possible for me to get hold of any xwiki session information within my external servlet? I'd like to know the XWiki name of the user that's uploading the file. Presumably one way would be to include the user name in the form request, though browsing through some of the code (https://github.com/xwiki/xwiki-platform/blob/stable-6.2.x/xwiki-platform-core/xwiki-platform-web/src/main/webapp/resources/uicomponents/widgets/upload.js) it looks at first glance that there's no way to add this unless I paste them as GET variables in the action URL. Alternatively if the file submission has corresponding session data (not sure whether this is the case) would it be possible for my servlet to request the user name from XWIki in some way? ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Using HTML5 File Upload Widget for non-XWiki files
Thanks. I'd looked at the DevGuide document before and been none the wiser, but it's just dawned on me that the example code is JavaScript (I'd assumed Groovy or Velocity), so XWiki.File Upload must be a JS library function. Sometimes it's hard to know what things are XWiki magic and what's basic website programming. Thanks for the single origin link. Looks like I can set the origin to the common suffix of my two servers. - Reply message - From: "Marius Dumitru Florea" To: "XWiki Users" Subject: Re: [xwiki-users] Using HTML5 File Upload Widget for non-XWiki files Date: Thu, Nov 13, 2014 20:56 See http://platform.xwiki.org/xwiki/bin/view/DevGuide/HTML5Upload for how to use the file upload widget inside XWiki. Note that if you want to submit the file to a different server you will hit the https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy problem. Also note that the file upload widget uses the native File Upload API provided by the browser. Read more about it here https://developer.mozilla.org/en-US/docs/Using_files_from_web_applications . Hope this helps, Marius On Wed, Nov 12, 2014 at 10:28 PM, Bryn Jeffries wrote: > I'd like to upload files through a custom File Upload servlet that runs from > the same Tomcat server but is not part of XWiki. This servlet does some file > processing and stores the file in a separate area away from the XWiki > attachments, and it's possible that eventually this servlet might be moved to > another server as processing demands change. > > Is it possible to make use of the supplied XWiki UI widgets to upload to this > servlet? Any guidance on how to do this would be greatly appreciated. > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Using HTML5 File Upload Widget for non-XWiki files
See http://platform.xwiki.org/xwiki/bin/view/DevGuide/HTML5Upload for how to use the file upload widget inside XWiki. Note that if you want to submit the file to a different server you will hit the https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy problem. Also note that the file upload widget uses the native File Upload API provided by the browser. Read more about it here https://developer.mozilla.org/en-US/docs/Using_files_from_web_applications . Hope this helps, Marius On Wed, Nov 12, 2014 at 10:28 PM, Bryn Jeffries wrote: > I'd like to upload files through a custom File Upload servlet that runs from > the same Tomcat server but is not part of XWiki. This servlet does some file > processing and stores the file in a separate area away from the XWiki > attachments, and it's possible that eventually this servlet might be moved to > another server as processing demands change. > > Is it possible to make use of the supplied XWiki UI widgets to upload to this > servlet? Any guidance on how to do this would be greatly appreciated. > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
[xwiki-users] Using HTML5 File Upload Widget for non-XWiki files
I'd like to upload files through a custom File Upload servlet that runs from the same Tomcat server but is not part of XWiki. This servlet does some file processing and stores the file in a separate area away from the XWiki attachments, and it's possible that eventually this servlet might be moved to another server as processing demands change. Is it possible to make use of the supplied XWiki UI widgets to upload to this servlet? Any guidance on how to do this would be greatly appreciated. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users