Tuesday, February 26, 2013

ECM on Cloud


Table of Contents
Overview…………………………………………………………………………………...
What is CMIS………………………………………………………………………………
What is SaaS………………………………………………………………………………..
Architecture…………………………………………………………………………………
CMIS Documentum…………………………………………………………………………
Implementation Approach……………………………………………………………………
Advantage…………………………………………………………………………………...

Overview                                            
In my last article I had shown how documents can be retrieved from a mobile device from Documentum repository. Now I thought to discuss a cloud based ECM system which interacts with different ECM vendors. Yes, you are thinking correct; this cloud based ECM system is independent of ECM vendors like EMC Documentum, Alfresco Document Management, IBM Content Manager or Microsoft SharePoint.  Technologies are changing day by day, so it’s a time to move from web based application to cloud based application.  Your favorite cell phone or tablet can become effective way to communicate between different repositories.  One person can access documents from one repository to another repository seamlessly and for this we do not need to develop vendor specific application.  Well, this solution can be achieved using CMIS- Content Management Interpretability Service.


What is CMIS?
CMIS is a standard developed by OASIS to communicate between different Enterprise content management systems. CMIS uses Web services and Web 2.0 interfaces to enable rich information to be shared across Internet protocols in vendor-neutral formats, among document systems, publishers and repositories, within one enterprise and between companies. CMIS is vendor independent and it has its own APIs to talk to different repositories. Using CMIS one repository can communicate to another repository(Figure 1). CMIS comes with two different flavors : i) RestFul AtomPub binding ii) Webservice binding. In my application I’ve used AtomPub binding. Atom feed has many advantage over RSS feed like image or audio file can be handled by Atom feed but RSS feed deals with only plain text and html.
CMIS provides different services like Repository service, Object Service, Version service, Policy service.

  

                                                                          Figure 1


Below is one atom example which I used to create Folder called CloudTest –

<?xml version="1.0" encoding="utf-8"?>
<entry xmlns="http://www.w3.org/2005/Atom"
xmlns:cmisra="http://docs.oasis-open.org/ns/cmis/restatom/200908/"
xmlns:cmis="http://docs.oasis-open.org/ns/cmis/core/200908/">
<title>CloudTest</title>
<cmisra:object>
<cmis:properties>
<cmis:propertyId propertyDefinitionId="cmis:objectTypeId"><cmis:value>cmis:folder</cmis:value></cmis:propertyId>
</cmis:properties>
</cmisra:object>
</entry>

By executing the below crul command, we can create a sub folder under a folder called cmistest in Alfresco repository.


curl -X POST -uadmin:admin "http://localhost:8080/alfresco/s/cmis/s/workspace:SpacesStore/p/cmistest/children" -H "Content-Type:application/atom+xml" -d @C:/CMIS/testFolder.atom.xml

 Below is Atom example of creating document –


<?xml version="1.0" encoding="utf-8"?>
<entry xmlns="http://www.w3.org/2005/Atom"
xmlns:cmisra="http://docs.oasisopen.org/ns/cmis/restatom/200908/"  
xmlns:cmis="http://docs.oasisopen.org/ns/cmis/core/200908/">
<title>sample.doc</title>
<summary>A sample Doc</summary>
<content type="application/msword">
Cloud Test
</content>
<cmisra:object>
<cmis:properties>
<cmis:propertyId propertyDefinitionId="cmis:objectTypeId"><cmis:value>cmis:document</cmis:value></cmis:propertyId>
</cmis:properties>
</cmisra:object>
</entry>

Command –
curl -X POST -uadmin:admin "http://localhost:8080/alfresco/s/cmis/s/workspace:SpacesStore/p/cmistest/CloudTest/children" -H "Content-Type: application/atom+xml" -d @C:/CMIS/testDoc.atom.xml

Query language to fetch info from CMIS repository –
We do not need to use DQL to query Documentum repository, instead we you can use CMIS query. It looks like –
SELECT * FROM cmis:document

Here obvious question is where is the security? CMIS does not talk about security. There are many ways to implement security. One of the ways I followed is encode the content using Apache Base64 encoding. So before putting your message, content needs to be encoded.



What is SaaS

Cloud computing means you are not selling your product instead you are renting your product as a service.  There are 3 types of service available in market – i) Infrastructure as a service(IaaS) ii) Software as a service(SaaS) and iii) Platform as a service (PaaS). Again, Cloud service can be divided into 3 categories  i) Public Cloud ii) Private Cloud and iii)Hybrid Cloud



There is a big challenge In ECM market which cloud should be used. Considering the fact of security, an IT company can host Private cloud and configure ECM strategy.  ECM on cloud solution can be implemented as SaaS in private cloud to make it secure.


Architecture diagram - 



                                                                            Figure 3


CMIS Documentum
EMC has launched Documentum 6.7 which is CMIS compliant.  You can also use 6.6 version of CS.
Below Documentum object types are mapped with CMIS types –

Documentum Object Type
CMIS Object type
dm_folder
cmis:folder
dm_document
cmis:document
dm_relation
cmis:relation

                                                                 Document properties
CMIS property
 Documentum property Description
cmis:name
object_name
cmis:objected
 r_object_id
cmis:objectTypeId
 r_object_type
cmis:createdBy
r_creator_name
cmis:creationDate
 r_creation_date
cmis:lastModifiedBy
r_modifier
cmis:lastModificationDate
r_modification_date

ACL representation with only CMIS basic permissions
<cmis:acl>
<cmis:permission>
<cmis:principal>
<cmis:principalId>dm_world</cmis:principalId>
</cmis:principal>
<cmis:permission>cmis:read</cmis:permission>
<cmis:direct>true</cmis:direct>
</cmis:permission>
<cmis:permission>
<cmis:principal>
<cmis:principalId>dm_owner</cmis:principalId>
</cmis:principal>
<cmis:permission>cmis:write</cmis:permission>
<cmis:direct>true</cmis:direct>
</cmis:permission>
<cmis:permission>
<cmis:principal>
<cmis:principalId>docu</cmis:principalId>
</cmis:principal>
<cmis:permission>cmis:read</cmis:permission>
<cmis:direct>true</cmis:direct>
</cmis:permission>
</cmis:acl>



Below are the steps which you need to implement if you want to deploy any other app sever other than Content server –
1.     Download emc-cmis.war from EMC Download center
2.     Change the connection information in dfc.properties
3.     cmis-runtime.properties file defines application behavior at CMIS layer. You may need to modify as per requirement.
4.     RESTful AtomPub binding can be obtained from this address:

http://<host>:<port>/<contextPath>/resources/

Implementation Approach:
In my application I’ve used Android to communicate with CMIS repository.  As stated in the above diagram a user using mobile device first launch this application. Authentication can be done against LDAP directory through SOAP.  To make it more secure I used http basic authentication to successfully login to repository.
Here is code snippet –

String url ="http://192.168.1.109:8080/alfresco/cmisatom";
        HttpClient client = new HttpClient( );
        HttpState state = client.getState( );
       
        Credentials credentials =
            new UsernamePasswordCredentials( "admin", "***" );
       state.setCredentials( null, null, credentials );
       HttpMethod method = new GetMethod( url );
       client.executeMethod( method );
       String response = method.getResponseBodyAsString( );

Below are the two snapshots, figure 4 & 5 -

                                                                    
                                                                                         
                
                   Figure 4                                                                  Figure 5


After user login, application will display default folder structure which is present in Alfresco repository and each folder will display corresponding documents, figure 6 &7.


         
         
              Figure 6                                                                           Figure 7

Below screenshot describes how folder structure looks like in Alfresco repository when through Alfresco web application –



User has the ability to check-out and check-in a new version of a document. User can also read document directly from repository. I have introduced cache mechanishim to make the document available in less time. This application has the ability to take metadata input and store the same in Repository during Check-in operation. This metadata can be custom or default of repository. Figure 8, 9 and 10 describes this behavior –


     Figure 8                                                                               Figure 9


                                                                      Figure 10

I’ve seen people are too lazy to write some information because today’s technology is well advance. Instead of writing people generally prefer to take picture and use this information later as per requirement. This application is perfectly suitable to serve these purpose  Any user can take photo and upload it respective repository in cloud.  Figure 11 describes the same –

                                               





Advantage:
Considering the current trend in technology, I’ve found mobile application running on Android or Apple devices are emerging market. There are many advantages of this application –
1.     It is difficult for one user to fetch a information from different repository. For example, in an organization, HR related documents are stored in Alfresco repository and Documentum stores Finance related documents. In this scenario, its difficult to fetch or write information at the same time.  This application is well suited for this purpose.  
2.     There is scope to integrate BPM with this application.
3.     User can easily upload photo in any repository.


Please feel free to write to me at sumantapakira@gmail.com for any assistance or opportunity . 

Reference:
Link : https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cmis, http://developer.android.com/guide/components/fundamentals.html

Posted by at
Labels: , , , , , ,

9 comments:

  1. debajyotiFebruary 27, 2013 at 7:21 PM

    it's very good and useful , looking for more knowledge sharing from you.

    ReplyDelete
  2. UnknownMarch 20, 2013 at 5:44 PM

    Good one.

    ReplyDelete
  3. UnknownJune 15, 2013 at 3:38 PM

    First of all thanks for sharing this valuable knowledge. I was looking for this solution for our Organization.

    ReplyDelete
  4. UnknownJune 18, 2013 at 4:58 PM

    Great application! I'm sure this knowledge will open new era of ECM market! I'm planning to build for such application with the help of your tutorial!

    ReplyDelete
  5. UnknownJune 18, 2013 at 5:00 PM

    Thanks all! I'm glad to know that it's gonna help you!

    ReplyDelete
  6. UnknownJune 26, 2013 at 1:49 AM

    Thank you for this effective tutorial! Can you pls let me know how did you implement security to connect from mobile device to ECM system? Thanks! - Joe

    ReplyDelete
  7. UnknownJune 26, 2013 at 5:04 PM

    @Joe, I did it through LDAP authentication. I've written REST WS which will be invoked on login to validate against email id. This REST WS will give JSON output to calling application. Here is REST WS code to validate against LDAP-

    @GET
    @Path("/sample/{uname}/{pass}")//Rest path
    @Produces(MediaType.APPLICATION_JSON)
    public Person getSamplePerson(@PathParam("uname") String username,
    @PathParam("pass") String password) {
    String valid = isValiduser(username, password);
    Person person1 = new Person(1, username, password, "sumantapakira@gmail.com",valid);
    System.out.println("Returning sample person: " + person1.getFirstName() + " " + person1.getLastName());

    return person1;
    }

    private String isValiduser(String username, String password){
    Hashtable env = new Hashtable();
    env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(javax.naming.Context.PROVIDER_URL, "ldap://localhost:10389");
    env.put(javax.naming.Context.SECURITY_AUTHENTICATION, "simple");

    //String uid = "testuser1";//supplying userid manually
    //String password = "password";
    String isValid = "Invalid User Name or Password";
    DirContext ctx = null;
    try {
    ctx = new InitialDirContext(env);
    String base = "ou=users,ou=system";//base
    String filter = "(objectClass=*)";
    SearchControls ctls = new SearchControls();
    ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
    String dn = "uid="+username+",ou=users,ou=system";
    ctx.addToEnvironment(javax.naming.Context.SECURITY_PRINCIPAL, dn);
    ctx.addToEnvironment(javax.naming.Context.SECURITY_CREDENTIALS, password);
    ctx.lookup(dn);
    isValid = "Valid";
    System.out.println("Authentication successful");






    } catch (NamingException e) {
    isValid="Not Valid";
    e.printStackTrace();

    } finally {
    try {
    ctx.close();
    } catch (NamingException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
    }
    }
    return isValid;
    }
    Once you call from your calling application, you need tp parse JSON object like below -
    String url ="http://address:port#/Authintication/services/person/sample/"+mEmail+"/"+mPassword;
    HttpResponse response = doResponse(url);

    JSONObject jso = new JSONObject(success);
    String isValiduser = jso.getString("isValid");
    if("Valid".equals(isValiduser)){
    call your activity
    }
    Remember this has to be done from onPostExecute() method

    ReplyDelete
  8. UnknownJune 27, 2013 at 6:57 PM

    Thnak you very much for your help Sumanta, I appreciate

    ReplyDelete
  9. UnknownJuly 10, 2013 at 7:01 AM

    Thank you for sharing.

    ReplyDelete

Subscribe to: Post Comments (Atom)