FILENET : Filenet : FileNet is an Enterprise Content Management (ECM) solution product suite from IBM. Enterprises uses FileNet to manage their content and business processes. Example: An insurance company receies address change re!uests from it policy holders though a signed form mailed to one central location. "he re!uirement is to digitali#e the re!uest came though paper form$ process it !uic%ly$ send the response to customer and %eep the digital images (for say & years) for regulatory reasons. FileNet technology proides a platform and out of bo' products hich help aut omating this %ind of processes !uic%ly. After After manual prepping of mails receied in mailroom$ FileNet Capture allos scanning paper documents. *nce scanned$ digital images (documents) can be stored in FileNet Content Engine (CE) and a or%flo is launched in FileNet +rocess Engine (+E). "he or% of address change is no assigned to an employee located in different part of the orld. "he employee gets the or% re!uest in FileNet Business +rocess Frameor% (B+F) eb applications user in,bas%et. "he employee chec%s the re!uest assign to him and performs the address change actiity on the customer policy. After performing the address change or%$ communication is sent bac% to customer and digital documents are moed to FileNet -ecord Manager for archial.
Which protocol is used by FileNet P8 Process Engine (PE to connect to !ontent Engine (!E or "pplication Engine ("E : II*+ is used by +E to communicate ith CE and AE. II*+ means Internet Inter,*-B +rotocol *-B means *bect -e!uest Bro%er As CE is installed on AE$ AE$ it uses direct A+I calls to communicate ith AE. AE.
Process Engine : !onnection Point : Connection +oint is used to connect to the specific Isolated -egion in +E /atabase. In FEM$ hile creating Connection +oint e hae to specify +E -egion id$ to associate ith the particular region. In 0or%place general 1ite preferences$ you specify the name of the connection point hich sets the isolated region for all 0or%place applications$ such as +rocess /esigner and +rocess Administrator. Connection points are stored in 2lobal Configuration /ata (2C/) on the Content Engine. Note : 3. : 3. *ne Connection +oint can refer to one Isolated region. 4. Multiple Connection +oint also can refer to one isolated -egion. 5. Multiple isolated region cannot refer to single Connection +oint.
+E 1erer /N1$ Communication +ort$ Isolated -egion Number.
Isolated #egion : An isolated region is a logical subdiision of the or%flo database that contains the !ueues for the or% items$ eent logs$ rosters$ and other configuration information. 3. In FEM$ hile creating e hae to 1pecify a 3. 1ite 4. +E 1erer /N1 Name 5. Communication +ort 6. -egion Number and 7. -egion id +assord 4. 0e hae to initiali#e the Isolated -egion in +CC. 5. And hae to gie the same information8s in +"M also li%e CE9-I$ Communication +ort$ -egion id +assord (that has gien in FEM). 6. A or%flo or%flo database can contain up to 3::: isolated region s$ although a FileNet +; system can access only one at a time. 0ithin a or%flo database$ each isolated region is identified by a uni!ue number ranging from : to <<<. Isolated
region : contains system data and is resered for system softare use.
9sers can define region s 3 = <<<. >ou can create only 7 isolated region s. Enterprise Manager is configured ith a 9-?$ such as.
/ifferent units in an organi#ation ho do not ant to share or%flo data can create different isolated region. Example : "he research department and the finance department in an organi#ation hae to all together logically different processes. It is recommended to hae to different isolated regions for these to departments. Multiple isolated regions also ma%e it easy to maintain the systems. Changes made into one region don8t affect the users of another region.
In ho$ many databases does FileNet Process Engine (PE stores data : FileNet +rocess Engine (+E) stores data in to one database named @0/B.
E%ent log : A database table that contains information about certain system,leel eents related to or% item processing.
#oster : -oster is a database table that contains information on all the or% items currently being processed in the Isolated -egion. 0e can create the -oster using +CC. 0hen you initiali#e an Isolated -egion in +CC$ a /efault-oster and /efault Eentlog ill automatically created for that Isolated -egion.
&ueue : A ueue is a database table that stores and route 0I8s in the or%flo. "here are four types of !ueues 9ser ueues$ 0or% ueues$ Component ueues$ and 1ystem ueues. ' )ser &ueues : 3. Inbo' , Inbo' is the !ueue that holds 0I8s aiting to be process by an indiidual user. 0e cannot create an additional inbo'es. 4. "rac%er , "rac%er is the !ueue for trac%ing items assigned to a specific user. "he Inbo' and "rac%er ueues are created automatically during initiali#ation of the Isolated -egion. *
Wor+ &ueues :
A 0or% ueue holds 0I8s that can be completed by one of number of users rather than by a specific participant or the 0I8s can be completed by an automated process. In the 0or%flo$ e can assign the step to a specific 0or% ueue. ,
-ystem &ueues : 3. Delay Queue , 0I8s hich are at delay step can be found here. As soon as the /elay period elapses$ 4.
0I8s ill moe from this !ueue to the ne't step as defined in the or%flo map. Instruction Sheet Interpreter - Its used by the system and you dont touch it. 0hen or% moes
from system to system or hen the process engine detects a race condition the or% item is put into the instruction sheet interpreter !ueue so the +E can forget about it for a hile (race
.
condition) and come bac% to it. 3. Conductor Queue – olds 0I8s$ hen e'ception occurs. !omponent &ueues : "o process a or%flo step using an e'ternal entity. -efer belo.
!omponent &ueue : A !ueue holding or% items that can be completed by an e'ternal entity that interacts ith the or%flo. 9sing the Component !ueue (E'ternal Daa Code) e can process the or%flo step. 9sing +CC$ e can configure the Component ueue using Daa Adaptor. 3. 4. 5.
0rite the Daa code and ma%e it as ar file. In +CC$ Create the Ne Component ueue In +CC$ Configure the Component ueue by gie the DA- file. It ill sho the classes and methods
6. 7. . &.
aailable inside the DA- file. 1elect the appropriate class from the drop don. +lace the ar file in FilenetAE-outerlib folder. In +"M$ Add the ar files in the -e!uired libraries tab. And -e1tart the +"M. In 0or%flo$ *peration tab$ "he list of components ill get displayed. 1elect the component !ueue. *nce Component ueue selected$ *perations parameter tab ill get displayed$ there here e hae to gie the parameters as Name$ "ype and e'pressions.
/o$ to delete a 0ueue in Process Engine : FileNet doesnt proide any mechanism to delete a !ueueG hether it is a or% !ueue or a component !ueue. "he only or%around is to initiali#e the isolated region in folloing ay 3.
E'port isolated region configuration data to HM? , 9se +rocess Configuration Console (+CC) to e'port
4.
all components of selected isolated region. Initiali#e a isolated region.
5.
"a%e a bac%up of HM? file from the e'port in step 3 and carefully edit the HM? file to remoe the nodes
6. 7.
of unanted !ueue. Import the HM? file in recently initiali#ed isolated region ith the option oerrite. @alidate the configuration.
Note: 0hen an isolated region is initiali#ed$ it ma%es changes to the or%flo database structure and the data in or%flo database is deleted. FileNet deeloper should design and configure the !ueues ery carefully to aoid a situation here they ill hae to delete a !ueue.
What happens to the $or+ items $hen a $or+ 0ueue is deleted 1rom PE : 3.
+rocess Engine or% !ueue holds the or% items. FileNet +; doesnt proide any easier ay to delete
4.
a !ueue. ueues can be deleted by initiali#ing the isolated region. 0hen a !ueue is deleted all the or% items in it are also deleted.
Where to 1ind in1ormation about the $or+1lo$s or $ or+ items $hich are terminated : "he FileNet +rocess Administrator allos administrator to search for eents in eent logs. "he information about the terminated or% items can be found though +rocess Administrator by search f or eents. +lease note that +E !ueues only hold the information about actie or% items or%flos.
Palettes : 2P3 Palette : Component$ 2eneral$ 1ystem$ 1ubmap !hec+Point Palette : Begin Chec% point$ End Chec% +oint$ -ollbac% Chec% point 4eneral -ystem Palette : Assign$ Create$ /elay$ -eturn$ 0ait for Condition$ "erminate Branch$ "erminate +rocess$ ?og. Timer Palette : Begin "imer$ End "imer$ 1uspend "imer$ -esume "imer$ End All "imer. Web-er%ices Palette : Ino%e$ -eceie$ -eply.
5eadline : An optional$ time,based scheduling constraint that re!uires a step or or%flo to be completed ithin a certain amount of time. For a step$ the deadline is relatie to the time the step as routed to the participant. For a or%flo$ the deadline is relatie to the time the or%flo as launched. A alue of : indicates the absence of a deadline.
3ilestone : A designated point in a or%flo$ used to trac% the progress of the or%flo. Each milestone is defined to occur before or after a specified step. 0hen the running or%flo reaches a milestone$ the message defined for that milestone is ritten to a log file. Milestone history can be ieed in the step processor or +rocess "rac%er application.
Launch -tep : "he first step in a or%flo. In +rocess /esigner$ the launch step is automatically placed on the main or%flo map and cannot be deleted or copied.
Inbox : A folder that contains 0I8s assigned to a specific user.
Participant : A user or group assigned to process or% at one or more steps in a or%flo.
-tored -earch : A file created in 1earch /esigner that is run from the 0or%place Brose page. 9sing the stored search displays a list of the documents that meet the search criteria.
-ub3ap : A or%flo map that is called from another map in the same or%flo definition.
6WLog : A +rocess Engine,based administration utility used to perform maintenance tas%s related to the logging and statistics subsystem. 0e can use @0?og to delete log records ithin a specified interal$ transfer log records from the database to a comma,separated (.C1@) file$ or coalesce statistics records ithin a specified interal. -tep Processor : 0hen a participant opens a or% item at run time$ the step processor displays the necessary instructions$ attachments$ current field alues$ response options$ or other resources.
-ite Pre1erences : Configuration settings that affect 0or%place appearance$ behaior$ and connectiity. Administrators set site preferences using the 1ite +references application. Non,administratie users can set personal preferences$ hich oerride some site preferences.
Process !on1iguration !onsole : "his is here e ill create the ueues$ -oster$ Eentlog etc.
!ontent Engine : 4lobal !on1iguration 5atabase (4!5: "he Content Engine component that stores global data that defines the FileNet +; domain. /ata stored in a 2C/ includes information about obect stores$ file storage areas$ content cache areas$ inde' areas$ and other
domain resources. "he 2C/ also stores and manages the security descriptors for all accounts proided by the authentication proider .
4lobal )ni0ue Identi1ier (4)I5: Content Engine assigns a uni!ue 29I/ to eery obect in the s ystem. "ypically$ no other obect in the orld can hae the same 29I/.
!ontent -torage "reas : A physical storage area for content. 3. 4. 5. 6.
File 1torage Area Fi'ed 1torage Area /ata Base 1torage Area Content Cache Area. File -torage "rea: A file storage area is an area that contains document content in a directory tree on a local or shared netor% drie.A file storage area retains document content in a /istributed File 1ystem (/F1) or a 0indos N"F1 file system. 0e can manage a file storage area through Enterpr ise Manager. Fixed -torage "rea : A fi'ed storage area stores the contents in Fi'ed content deice. "he Fi'ed content deice that runs independently of the netor% file system to hich the deice is connected. E'. of Fi'ed Content /eice IBM Content Manager$ EMC Centera$ IBM "ioli 1torage Manager$ IBM FileNet Image 1erices. 5atabase -torage "rea: A database storage area is the database used for the obect store. "hat is$ Content Engine stores both the obects and the content for those obects in the same database. A database storage area conerts document content in to Binary ?arge *bects (B?*Bs) for storage in the database specified as *bect 1tore /ata Base. For each *bect 1tore has only one /ata Base 1torage Area. !ontent !ache "rea: It8s a 1torage area that holds temporary copies of files retrieed from remote file storage areas$ as ell as content retrieed from local or remote database storage areas.
Index "rea : A storage area that contains one or more inde'es$ hich are used to perform full,te't searches against documents in an obect store.
In ho$ many databases does FileNet !ontent Engine (!E stores data : FileNet Content Engine (CE) has to or more databases 3. 2lobal Configuration /atabase (2C/) database (FN2C//B) 4. *bect 1tore databases (one or more)
A FileNet +; domain can contain one or many obect stores. Each obect store has its on database hich could be e'isting database or can be created by obect store creation i#ard in FEM.
-ite : -epresents a geographical location here resources are ell,connected by a fast$ r eliable ?AN. *bect stores$ storage areas$ content cache areas$ inde' areas$ and irtual serers are all associated ith an indiidual site.
#ealm : "he collection of all user accounts and group memberships aailable to the FileNet +; domain. -ealms are created$ maintained$ and authenticated by the authentication proider and are thereafter read and used by a FileNet +; domain. 5omain : A logical grouping of physical resources (obect store databases$ full te't inde' areas$ file storage areas$ and content cache areas) and Content Engine serers that proide access to those resources. Each resource$ and each Content Engine serer$ belongs to only one domain. A Content Engine serer can access any resource in its domain$ but cannot access any resource that lies outside of its domain. Note: "he CE 2lobal Configuration /ata (2C/) database stores information about the resources and serices for the FileNet +; /omain.
7bect -tore : *bect store is a database repository for storing obects such as /ocuments$ folders$ Custom obects$ metadatas.
!ustom 7bect : 3. "he custom obect is a general puspose obect that can be customi#ed by subclassing and adding properties to perform a ide ariety of tas%s. 4. Custom *bects cannot be ersioned. 5. Custom obects dont hae any content. 5ocument !lass : Before e are adding any documents to Content Engine$ e must define custom document classes in the obect store. "here is a predefined document class in the FEM that e can use to create custom subclasses for our application. 0e can assign the custom properties to these subclasses. Eery document belongs to a document class. "he document class determines the document ersioning$ properties$ storage location$ security$ and lifecycle. Folders : Folders are used to group other obects including documents and custom obects. Folders helps in organi#ing the documents and other items.
A document can be filed to multiple folders. FileNet does create copies of document in this case. It actually creates a logical association beteen then f older and the document. Fe$ important 1acts about 1olders 3. 4. 5. 6.
Folders are not ersionableG only documents are. Folders are based on CE folder class. Content of a folders can be copied to another folder e'ist in same obect store. It is not mandatory that each document or obects should be filed under a folder. /ocuments hich are
7.
not part of any folder remain 9nfile. A -oot Folder is created along ith a ne *bect 1tore. "his folder is parent folder for all other folders
. &.
in the *bect 1tore. Each Folder has its on custom security. Folders can generate serer eents hen they are created$ modified$ or deleted.
!hoice list : 3. A choice list is a collection of predefined property alues hich can be used to present users ith a list of alues from hich to choose. 4. A choice list is an obect that contains a list of choices.
E%ent : In FileNet +;$ an eent is a change in the metadata that$ hen specified in an eent subscription$ initiates an eent action. For e'ample$ an eent could be the addition of a document to a folder. "he eent action might be to declare that document as a record.
E%ent action 9 E%ent -ubscription: 1uppose if I am implementing an any action using e'ternal Daa Code or or%flo is an Eent Action. 0e can initiate the Eent Action on hich one or more eents can be triggered using 1ubscribtion. 1ay For E'ample$ e can code an eent action that sends an email notification to the administrator hen a /ocument of a certain class is deleted. 3.
Assign the eent action to a subscription created for a document class.
4.
1elect Chec% in Chec%out 9pdate /elete Eents as one of the trigger eents in the subscription.
Wor+1lo$ -ubscription: A 0or%flo 1ubscription launches a or%flo$ as ell as Eent Action$ in response to an eent triggered on an instance of /ocument Custom *bect Folder on Content Engine. 0e can create a 0 or%flo 1ubscription through FEM or 0or%place. 0hen e create the or%flo subscription$ e must select a or%flo definition that e'ists in the or%flo database on +E.
!ustom Property : A user,defined property. 0e can assign custom properties to a class.
Property Template : A template for creating one or more custom properties that can be assigned to one or more classes.
#oot !lass : 3.
A root class is a class ithout a parent. FileNet obect store has multiple root classes including /ocument Class$ Annotation$ Choice ?ist$ Eent etc. "he +arent Class8 property of these root classes
4.
is None8 (as shon in belo screen shot). "he root classes are created automatically during obect store creation. *nce the root class is created$ subclasses and properties can be added to the obect store.
For e'ample$ a document subclass can be added under root class (/ocument Class) by running the Create a Class i#ard from Enterpr ise Manager. E'cept the /ocument Class8$ all other root classes are places under *ther Classes8 in FEM.
#oot Folder : "he top,most node in a naigation tree. In FEM$ an obect store Root Folder holds content$ hich consists of folders$ documents$ and custom obects.
-earch Template : A file created in 1earch /esigner that is run from either the 0or%place 1earch or Brose page. 9sing the search template typically prompts the 0or%place user to enter or change alues and then displays a list of the documents that meet the search criteria.
-ecurity : "he rules that allo and limit access to /ocuments$ Custom *bect$ Folder.
-ecurity Template : A set of security settings that can be applied to a /ocument$ Folder$ or Custom *bect. 1ecurity templates are components of 1ecurity +olicy.
3ar+ing -ets: FileNet Content Engine (CE) Mar%ings or Mar%ing 1ets proides a ay to define a leel of security on obects (i.e. documents) in addition to the normal FileNet +; obect security model. By using mar%ings$ access to obects can be controlled based on specific property alue. Mar%ing sets are collection of CE obects %non as mar%ing obects. Mar%ing sets allos setting up security on an obect ith means of property template. 0hen a mar%ing is applied to an obect$ the resulting access permissions for the obect are a combination of the settings of its original access permissions (through AC?) and the settings of the mar%ings Constraint Mas% for each mar%ing that is applied to it. "he result of this combination is the effectie security mas%. 2elo$ are 1e$ +ey 1eatures o1 mar+ing sets in FileNet P8: 3. Mar%ings holds set of access permission that can be applied to any FileNet +; obects through property template. 4. Mar%ing sets can be assigned to property template only at creation time and not later.
5. 6. 7. .
A property template can either be pointed to a choice list or to a mar%ing set and neer to both. Mar%ing sets do not oerride the AC? (Access Control ?ist). Content Engine resoles the obects AC? first and then it loo%s into mar%ing set. FileNet recommends a ma'imum of 3:: mar%ings per mar%ing set. 1ince mar%ing sets are at domain leel$ they cannot be e'ported.
-ecurity Policy : A set of security templates$ hich proide a ay to apply default security settings as e add obects.
-torage Policy : +roides mapping to specific physical storage areas and is used to specify here content is stored for a gien class or obect ith content (for e'ample$ a document).
"ccess !ontrol List ("!L : A list of access control entries (ACEs) applied to an obect (class$ document$ folder$ eent$ or any other securable obect). AC?s are displayed on the Security tab of an obects property sheet.
"uthentication : "he process of erifying a user name and passord at login time.
"uthoriation : "he process of determining and enforcing the access rights for an authenticated user.
!lassi1ication: A process for automatically ac!uiring document properties from the document content (or another source).
!ompound 5ocument : A collection of files that are used together to create a group of lin%ed documents.
!ontent 2ased #etrie%al (!2# : "he process of searching for documents based on their content in addition to or instead of searching on properties.
!ontent Less 5ocument : A document ith properties but no content that is t ypically used to trac% a physical item such as a ideo tape.
5e1ault -ecurity : "he security assigned to an obect by predefined settings.
5irectly "pplied "!Es :
"he access rights ac!uired from a document class and subse!uent edits made by a user or application. /irectly applied access rights hae precedence oer indirectly applied access rights.
5ocument !lassi1ication "ction: A root class that allos deelopers to create classifiers to e'amine and automatically map the contents of documents of a specific MIME type to a target document class.
5ocument Policy: A specification that indicates hich form template and form data entry template are used for the policy$ ho mapping is configured beteen form template fields and document class properties$ and any s pecial property settings or security features. /ocument policies are aailable if FileNet +; eForms integration has been configured.
4eneric class: A class ith no special behaior built in. "he administrator can customi#e$ sae$ and !uery a generic class.
-uper !lass: A class hose properties are inherited by its subclasses. For e'ample$ custom document classes inherit properties from their superclass (the supplied document class).
)n1iled 5ocument: A document that is not contained in any folder. 9sers can search for unfiled documents and file them in folders.
6ersion: "he properties and content associated ith an instance of a document in an obect. A ersion is created each time a document is chec%ed out$ edited$ and chec%ed in. A document ersion can be designated as a maor ersion or a minor ersion.
6ersion -tatus: "he state of a ersion. Minor ersions hae the status In Process$ Reservation$ or Superseded. Maor ersions hae the status Released$ Reservation$ or Superseded.
-uperseded %ersion status: It is not the most recent.
Promote 6ersion: An action that changes a minor ersion into a maor ersion and sets its status to Released. +romotion sets the status of the preious maor ersion to Superseded.
/o$ to determine i1 FileNet !ontent Engine (!E is running 1ine : Folloing are fe things one can chec% to find out if FileNet CE is running fine 3. 4.
Chec% 0eb1phere console for FileNetEngine eb application status. It should be in running state. "ry connecting to CE using FEM. If connection is fine CE is running. If CE is not running user ill get
5.
message 9nable to logon to +; domain. "ry logon to FileNet 0or%place. If user is able to sign in$ CE J directory serices are running fine. If not
6.
user ill get credential e'ception. "ry folloing 9-? httpmachineKnameportKnumberFileNetEngine ie. httph!demo3<:;:FileNetEngine
If 1tartup Conte't page is displayed$ CE is running fine. If CE is not running$ user ill get message "he page cannot be found.
Why use custom obects $hen $e ha%e content;less document : 3.
9nli%e a /ocument obect$ a Custom*bect obect does not carry content$ is not ersionable$ and does
4.
not support lifecycle functionality. Custom obects are for creating composite obects. It can contain content,less document$ i.e. only metadata as ell as other document classes andor custom obects as its properties.
"pplication Engine: *ne of the FileNet +; components. Application Engine hosts the 0 eb sites that interact ith obect s tores and +rocess Engine.
bootstrap properties: Initiali#ation alues for the Application Engine softare.
L5"P : 1ee ?ighteight /irectory Access +rotocol.
3ultipurpose Internet 3ail Extension (3I3E : An industry standard format for content$ especially Internet mail. Content Engine proides a document property called LMIME type.L "he alue for MIME type identifies a document type (such as te't$ HM?$ or application).
Process "nalyer: It supports monitoring and analy#ing the business processes.
Process -imulator: It simulates or%flos by performing Lhat,ifL scenar ios$ proiding business analysts ith important information that helps streamline business processes.
Fetch %s 4etInstance :
Whenman ypeo pl et hi nkab ou ti nt er ac t i ngwi t hanobj ec tf r om t hes er v er ,t he yfi r s tt hi nkabo utd oi n ga r oundt r i pt of et c ht heobj ec t .Thati sanec es si t yf ormanyt hi ngs ,butt her ear es ev er al c as eswher ey ou donotneedt hati ni t i al f et c h.Fore xampl e,i fy ouar eonl ygoi ngt ous eanobj ec ts oy ouc ans ett hev al ue ofanobj ec t v al uedpr op er t yonano t hero bj ec t ,y our e al l yonl yneedar ef er enc e.I fy ousomeho wk now t hatt heobj ec tal r eadyex i s t s ,y ouc ans ki pt her oundt r i pt of et c hi t .( I fi tt ur nsoutt haty ouwer ewr ong andi tdi dnotal r eadye xi s t ,t her ef er ent i al i nt egr i t ymec hani s msi nCont entEngi newi l l t hr owane x cept i on wh eny out r yt os av et h er e f e r e nc i n go bj e ct . )Th eAPI sh av eame ch ani s mc a l l e d fetchless ear et hr eefl av or sofFactory me t h odsf o rc r e at i n gp r o gr a mmi n gl a ng uag eo bj e ct s instantiation.Ther t hatr ef er enc eCont entEngi neobj ec t s ,andy ou c a nt e l l t h em ap ar tb yt h ewo r du s edast h e beginning o ft h eme t h odn ame :
ndi c at est h atane w Cont e ntEngi neobj ec ti st ob ec r e at ed.Nor oundt r i pi sdo neast he create i r es ul toft hi sFactory met hodc al l ;al t hough,asave c al l mus te ve nt u al l ybedo ne . ndi c at est hatar oundt r i pwi l l bei mmedi at el ymadet ot heCont entEngi net ov er i f yt hatt he fetch i obj ec tex i s t sandt or et ur nani ni t i al s etofpr oper t i es .Fi net uni ngoft hepr oper t i esr et ur nedc anbe c ont r ol l edv i aanopt i onalPropertyFilter get i ndi c at est hatnor oundt r i pwi l l bemade.Thi si saf et c hl es si ns t ant i at i on.TheAPIi st ak i ng y ourwor df ori tt hatt heobj ec ta ct ual l yex i s t s .Ther ei snoi ni t i al s etofpr oper t yv al uesav ai l abl e, s oy ouwi l l ne edt or eques tan ypr op er t yv al uest h aty o uneed.I fy ouk nowt haty ouwi l l al wa y s needsomepr oper t yv al uesi mmedi at el y , t her ei snoadv ant aget of et c hl es si ns t ant i at i on.
VERSIONING : Objectives : • Review the concept ofVersioning, including: • Versioning levels • Frozen versions • Reservation object • hec! In and hec! "ut • Pro#oting and $e#oting a $ocu#ent • Version%eries object Versioning concepts : & levels of versioning : '( )o versioning enabled an not chec!ing the docu#ent into and out of an object store *( %ingle+level versioning ll docu#ents are released -#ajor. docu#ents &( /wo+level versioning %upports both #inor and #ajor docu#ent versions If versioning is enabled for a class, then both one+and two+level versioning are also enabled Versioning concepts (cont.) • 0ajor version Released: generally #ade available to all users "nly one version of a docu#ent in a given version series can be in the Released state at a ti#e
• 0inor version $raft: generally #ade available to a restricted set of authors and reviewers • Versioning states Released: #ajor version In Process: chec!ed in #inor version Reservation: docu#ent whose content is currently being edited %uperseded: #ajor or #inor version that is no longer the #ost recent version Frozen Versions • Versionable(freeze #ethod prevents changes to the custo# properties of a versionable object • 1ou can freeze any chec!ed+in docu#ent version, but you cannot freeze a reservation object( • %yste#+#aintained properties of a frozen docu#ent version are updated by the syste# as needed • IsFrozenVersion property is set to true for the Versionable object • "nce a docu#ent version has been frozen, it cannot be unfrozen( new version has to be created • Freeze state does not prevent hec!out Further versioning of any new unfrozen versions Pro#ote and de#ote a frozen version Reservation Object • reated when a new docu#ent is created or an e2isting docu#ent is chec! out • $eleted when a docu#ent is chec!ed in or cancelled chec! out • Is not a separate class, 3is3 the unchec!ed+in version of docu#ent • )ot #ore than one Reservation in a version series • Reservations are always 0inor versions • If a docu#ent is a reservation object, the value of its Version%tatus property is Versionable( R4%4RV/I") hec!in a "oc#$ent 0ajor Version $ocu#ent(chec!in -autolassify, chec!in/ype. )otes : chec!in/ype5 hec!in/ype(06"R7V4R%I")
0ust have ccess rights: -ccess8evel( 06"R7V4R%I")7$"904)/. 0inor Version $ocu#ent(chec!in-autolassify, chec!in/ype. )otes: chec!in/ype5 hec!in/ype(0I)"R7V4R%I") 0ust have ccess rights: -ccess8evel( 0I)"R7V4R%I")7$"904)/. hec!o#t a "oc#$ent
• /o chec! out successfully $ocu#ent lass of the object #ust be version enabled -IsVersioning4nabled is true. • 9ser #ust have the appropriate access rights • hec! for the current version of the docu#ent and also it should not be already reserved if--obj$oc(get7IsurrentVersion-. 55 true. -obj$oc(get7IsReserved-. 55 false.. ;;lso can be done as ;;obj$oc(get7Version%eries-.(get7IsReserved-. • reates a reservation object obj$oc(chec!out-.< %ro$oting a "oc#$ent • /o successfully pro#ote a docu#ent 9ser #ust have the appropriate access rights • obj$oc is the docu#ent to be pro#oted( hec! to be sure that the docu#ent is the latest #inor version and current version if--obj$oc(get7IsurrentVersion-. 55 true. if-obj$oc(get7Version%tatus(getValue-. 55 Version%tatus(I)7PR"4%%7%7I)/.. = obj$oc(pro#oteVersion-.< > "e$oting a "oc#$ent • obj$oc is the docu#ent to be de#oted( hec! to be sure that the docu#ent is the current version, latest #ajor version and does not currently have a reservation on it if--obj$oc(get7IsurrentVersion-. 55 true. if-obj$oc(get7Version%tatus(getValue-. 55 Version%tatus(R484%4$7%7I)/. obj$oc(get7IsReserved-. 55 false. = obj$oc(de#oteVersion-.< > Retrieving a Reservation Object • 9sing get7Reservation on anyVersionable object docu#ent(get7Reservation-. • 1ou can get the reservation type by using docu#ent(get7Reservation/ype-. • Possible values of Reservation/ype property "88?"R/IV4 4@89%IV4 "?64/7%/"R47$4F98/ Retrieving a VersionSeries Object • Fro# the $ocu#ent object $ocu#ent a$oc 5 Factory($ocue#ent(fetchInstance-os,docId,null.< Version%eries objVersion%eries 5 a$oc(get7Version%eries-.<
• Fro# the Factory(Version%eries( fetchInstance #ethod Version%eries aV% 5 Factory(Version%eries(fetchInstance-os,vsid,null.< Retrieving &'' Objects in a Version Series Versionable%et all$ocs 5 objVersion%eries(get7Versions-.< /hen, Iterate through theVersionable%et object to get all the docu#ents in a version series( Retrieving an Objects #rrent or Re'ease Version
Retrieves the current version, then chec!s it out of the object%tore $ocu#ent cur$oc 5 -$ocu#ent. objVersion%eries(get7urrentVersion-.< cur$oc(chec!out-.< Retrieves the current released version, then de#otes it to a #inor version $ocu#ent obj$oc 5 -$ocu#ent. objVersion%eries(get7ReleasedVersion-.< obj$oc(de#oteVersion-.<
******EN" OF VERSIONING******* SE+IR,-: Objectives • Review %ecurity concepts, including: • 6%uthentication • %ecurity Policy • %ecurity/e#plate • Per#issions;ccess Rights • reate security policy using enterprise #anager • pply security policy to a folder • %et security inheritance fro# a folder to a docu#ent Sec#rit I$p'e$entation • %ecurity #odel leverages third+party directory service products urrently 0icrosoft ctive $irectory, %un ")4 $irectory %erver, )ovell e$irectory, I?0 $irectory %erver, 0% $0 • onAgured directory service on ontent 4ngine authenticates the user na#e and password against a proprietary database • %ingle PB 8$P conAguration in ontent 4ngine &#thentication • /he ontent 4ngine server accepts inco#ing reCuests over two transport protocols: 46? and ontent 4ngine web service -4D%. transports( • 4 uses 6% as the basis for authentication • uthentication occurs between a 6*44 client application, a 6*44 application server, and one or #ore 6% 8ogin0odules(
• File)et code is not involved in the authentication process for 46? transport as it is handled through 6% fra#ewor!( allers are authenticated by the 6*44 application server before they can access the 46? layer( • File)et code is involved in the authentication process of a web service based client -for 4D% transport.(Dhen a web service reCuest arrives in the File)et PB ontent 4ngine server, the ontent 4ngine web service listener e2tracts theD%+%ecurity header and, based on its contents, perfor#s a 6% login( /ogin 0o#'es • %peciAed in a 6% conAguration Ale( • /he conAguration Ale contains one 6% conAguration for various needs of the 4 itself or clients using the 4 • 4ach 6% conAguration -stanza. in the conAguration Ale is a list of 8ogin0odules • 4ach entry in the list speciAes the fully CualiAed na#e of a 6ava 8ogin0odule class, a Eag -3reCuired3, 3optional3, 3sucient3, or 3reCuisite3., and options for that 8ogin0odule(
• /he File)et+supplied stanzas are the following: '( File)etPB +used by 6ava thic! clients to perfor# authorizations before using the 46? transport( *( File)etPB4ngine +used by the ontent 4ngine server -theD%I 8istener. when authenticatingD%I transport calls( 9sers can #odify this stanza but only if usingD%+4F( &( File)etPB%erver +used by server+side applications -such as servlets, applets, 46?s, and File)et PBDor!place. to perfor# authentication over the 46? transport( lients that are running within an application server container should use this stanza for userna#e;password logins( G( File)etPBD%I +used by a 6ava thic! client to force the use of theD%I transport( H( File)etPBerberos%ervice +used internally and should not be #odiAed by users( J( 48"gin +IdentiAes and locates the progra# #odule or #odules that are used for logins by the 47"perations co#ponent( /oginonte1t
Perfor#ing and using a 6% login consists of three steps: • "btaining a 8oginonte2t object • alling the 8oginonte2t(login-. #ethod • I#personating the logged+in user to perfor# the actual wor! 8oginonte2t lc 5 new 8oginonte2t-3#ysyste#3, new 9serPasswordKandler -3userna#eLtestdo#(local3, 3password3..< ;; 8oginonte2t lc 5 new 8oginonte2t-3#ysyste#3, new $ialogallbac!Kandler-..< lc(login-.< ;; ssociate the 6% %ubject with the 9seronte2t
9seronte2t uc 5 9seronte2t(get-.< uc(push%ubject-lc(get%ubject-..< &#thorization • "bject 8evel %ecurity • 9ser, Mroup Read;Drite • Per#issions "bjectNs ccess ontrol 8ist • %ecurity Mrantee 9ser;Mroup %er$issions 'ass2Interfaces %er$ission * Represents the full set of access control entries -4s. associated with an object &ccessRight * Provides a set of constants that identify individual per#issions -access rights. that can be applied to an object( &ccess/eve' * Provides a set of co##only+used co#binations of access rights for use when setting per#issions &ccess%er$ission 2&ccess%er$ission/ist $eAnes access per#issions through a bit#as! of access rights( &ccess,pe * %ecurity access -allow or deny. that a user has for a given ccessPer#ission object %er$issionSo#rce * %peciAes the source of a given access per#ission( reate Object %er$issions : • reate a new access per#ission object ccessPer#ission ap 5 Factory(ccessPer#ission(createInstance-.< • reate a new per#issions list ccessPer#ission8ist apl 5 Factory(ccessPer#ission(create8ist-.< • %et access per#issions ap(set7Mrantee)a#e-3test'3.< ap(set7ccess/ype-ccess/ype(88"D.< ap(set7ccess0as!-new Integer -ccess8evel(F9887")/R"87$"904)/7%7I)/..< • dd the per#issions to the per#issions list apl(add-ap.< • %et the Per#issions list to the object #y$ocu#ent(set7Per#issions-apl.< +pate20oif Object %er$issions • Met the object per#issions ccessPer#ission8ist apl 5 objusto#(get7Per#issions-.<
• reate a new access per#ission object ccessPer#ission ap 5 Factory(ccessPer#ission(createInstance-.< • %et access per#issions ap(set7Mrantee)a#e-3test'3.< ap(set7ccess/ype-ccess/ype(88"D.< ap(set7ccess0as!-new Integer -ccess8evel(F9887")/R"87$"904)/7%7I)/..< • pply Per#issions to the object apl(add-ap.< objusto#(set7Per#issions-apl.< &ccess Rights: Rights R4$ DRI/4 06"R7V4R%I") 8I) 9)8I)
0I)"R7V4R%I") VI4D7")/4)/ R4/47I)%/) 4 R4/47KI8$ K)M47%//4 P9?8I%K $484/4 R4$78 DRI/478 DRI/47"D)4R "))4/ %/"R47"?64/% 0"$IF17"?64/ % R40"V47"?64 /% DRI/47)17"D )4R
Va'#e ' * G 'J &*
"escription 9ser can read the properties of this object( 9ser can #odify the properties of this object( 9ser can pro#ote or de#ote this docu#ent 9ser can lin! to this object 9ser can unlin! fro# this object 9ser can create a new version of this JG docu#ent '*B 9ser can view the content of this docu#ent
*HJ H'* 'O*G *OGB JHH&J '&'O * *J*'G G H*G*B B 'OGBH J *OQ' H* G'QG& OG B&BBJ OB 'J *'
9ser can create a new instance of this object 9ser can create a child object of this object( 9ser can change the docu#ent state 9ser can publish this docu#ent object( 9ser can delete this object( 9ser can read the security of this object( 9ser can #odify the security of this object( 9ser can assu#e ownership of this object( 9ser can connect to this object store( 9se can create and store new objects in this "bject %tore 9ser can #odify objects in this object store 9ser can re#ove objects in this object store 9ser can change the ownership of this object
Retrieve &ccess Rights : 3 &ccess Rights Read,Drite,publish, version or $elete
3 &ccess,pe llow or $eny the access right 3 #rrent +ser Rights ccess rights granted to the user reCuesting this object( getccessllowed - . on any IndependentlyPersistable"bject object 3 Speci4c +ser Rights $ocu#ent doc 5 (((< int doc0as! 5 doc(getccessllowed -.< if --doc0as! ccessRight(R4$. 55 O. = ;; 9ser does not have the right to read > Retrieve +ser Infor$ation • Met Real# Factory(Real#(fetchurrent-. 4ntire)etwor!(get70yReal#-. • Met Mroup Real#(AndMroups - . • Met 9ser Mroup(get79sers - . Real#(And9sers - . • Met 9ser Infor#ation fro# 9ser object get7)a#e-., get7$isplay)a#e-., get74#ail-., get70e#ber"fMroups-., get7$istinguished)a#e-., get7%hort)a#e-. +ser2Gro#p Na$e • $istinguished )a#e onsists of a group or userNs short na#e and the na#e of its do#ain( For e2a#ple, for a group with the short na#e 3$o#ain o#puters3, the distinguished na#e #ight be 3)5$o#ain o#puters, )59sers,$5westcoast,$5local3 • %hort )a#e Is the si#ple, non+uniCue portion of the distinguished na#e that does not indicate its location relative to a do#ain or directory( For e2a#ple, the short na#e portion of the distinguished na#e 3)5%eattle, )59sers,$5westcoast,$5local3 is 3%eattle3 Sec#rit Inheritance • n object can inherit per#issions fro# the following sources: S n object designated as the security parent -%ecurityParent property. For e2a#ple, a $ocu#ent object can inherit the per#issions of the Folder in which it is Aled( S security policy ( S co#bination of security parent and security policy int type 5 ap(get7Per#ission%ource(getValue-.< if-type 55 Per#ission%ource(%"9R47/40P8/47%7I)/. = ;; inherited fro# security policy > • annot #odify an in+place inherited per#ission
Sec#rit %arent • 42a#ple: Folder is a security parent for a $ocu#ent • %ecurity parent #ust be enabled to allow per#issions inheritance • Per#ission(set7Inheritable$epth-. Inheritable$epth Property O +)o inheritance ' +I##ediate children only( +' +ll children -inAnite levels deep.( • /o set the security parent of an object, use set7%ecurityParent-. Sec#rit %o'ic • 4nables state+based object security ontrols access to an object as itNs state changes 42a#ple:ll users can view docu#ent when its version state is NreleasedN • %erver+#anaged versioning state changes pplies to versionable objects InProcess, Released, Reservation, and %uperseded • pplication+#anaged object state changes pplies to versionable and non+versionable objects ccess rights based on application deAned states • ontains collection of per#issions called security te#plates • "bjectNs %ecurityPolicy property • policy can #anage objects of diTerent classes • n object can have #ultiple policies • /he %ecurityPolicy contains one or #ore %ecurity/e#plate objects that deAne the per#issions to assign to a given object( Sec#rit ,e$p'ate • PredeAned set of object per#issions that are applied to an object as the objectNs state changes • "ne te#plate for each object state • /ypes S pplication %ecurity/e#plate pplication #anaged object security )ever applied auto#atically S Versioning %ecurity/e#plate pplied auto#atically Sec#rit ,e$p'ate • ontainable(get7%ecurityPolicy-. • %ecurityPolicy(get7%ecurity/e#plates-. • %ecurity/e#plate(get7pply%tateId-. • %ecurityPolicy(set7%ecurity/e#plates-.
***************EN" OF Sec#rities*********************
