Chapter 34. Nuxeo HTTP client

Table of Contents

34.1. HTTP Client Library
34.2. HTTP client authentication

Nuxeo HTTP client is a simple helper library to encapsulate restlets calls to Nuxeo platform

Even if you can easily use restlet by directly manipulating HTTP Request (this is one of the purpous of REST), if you use Java on the client side, you may choose to use Nuxeo HTTP client.

The client lib provides two main features:

34.1. HTTP Client Library

The library mainly encapsulate the Restlet Client API.

The main service object is a NuxeoServer that provides attribute configuration and call methods:

NuxeoServer nxServer = new NuxeoServer("http://127.0.0.1:8080/nuxeo");

nxServer.setAuthType(NuxeoServer.AUTH_TYPE_BASIC);
nxServer.setBasicAuthentication("Administrator", "Administrator");

List<String> pathParams = Arrays.asList("vocabulary", "country");

Representation res = nxServer.doRestletGetCall(pathParams, null);

34.2. HTTP client authentication

For authentication, the HTTO client library proposes 2 implementations:

  • Basic Authentication

    Classic Web Authentication

  • Shared Secret Authentication

    Designed to be able to impersonate calls

The shared Secret Authentication depends on an additionnal authentication plugin that needs to be deployed on Nuxeo side: nuxeo-platform-login-portal-sso.

This authentication system is based on a shared secret between the client and Nuxeo server: you need to configure this shared secret in the configuration file of the server side module, and also to pass this secret to the client http lib. Thanks to this shared secret the client will send the login name and a digest token that will be used to execute the request on the behalf of the login user

A typical use case is a JSR 168 portlet that fetches data from Nuxeo EP. The data retrieval must be done on behalf of the connected user (request.getPrincipal()). This allows a portlet to display user's workspaces list, or last documents without the portlet having to know the password of the user.

The authentication token sent between the client is based on the shared secret, the user login, a random data and a timestamp. Althought this should be secure enought for most needs, this trusted communication between a client application and a Nuxeo server should not be done on a HTTP connection that uses public Internet.

Here is a sample call:

NuxeoServer nxServer = new NuxeoServer("http://127.0.0.1:8080/nuxeo");

nxServer.setAuthType(NuxeoServer.AUTH_TYPE_SECRET);
nxServer.setSharedSecretAuthentication("JDoe","nuxeo5secretkey");

List<String> pathParams = Arrays.asList("execQueryModel","USER_DOCUMENTS");

Map<String, String> queryParams = new HashMap<String, String>();

queryParams.put("QP1", "$USER");
queryParams.put("format", "JSON");
Representation res = nxServer.doRestletGetCall(pathParams, queryParams);