BPM, Workflow, and Case

Expand all | Collapse all

How to access BAW resouces externally without authorization

  • 1.  How to access BAW resouces externally without authorization

    Posted Tue October 19, 2021 05:42 AM

    Hi guys,

      Is there a way to access web file out of BAW workflow without authorization?  I try to access the image which is uploaded as a web file in BAW. But it always asks authorization in case try to access the web file directly.   Plz help to advise , tks!



    ------------------------------
    Eddie J
    ------------------------------


  • 2.  RE: How to access BAW resouces externally without authorization

    Posted Tue October 19, 2021 12:47 PM
    Technically yes.  As long as it is deployed in a separate J2EE Web app ( for BAW on WAS ND ).  That said, if this page is not part of the BAW use case, this is not supported.

    You can also store static content on a web server sitting in front of BAW.

    ------------------------------
    Mikhail Zilbergleyt
    ------------------------------



  • 3.  RE: How to access BAW resouces externally without authorization

    Posted Tue October 19, 2021 09:53 PM

    Hi Mihkhal,  tks for reply.   Actually the resource is used in the content  of email send from BAW and I try to make it be a part of the BAW exportation(.twx) . 

    Yep I just store it in an other online storage as static content for now that's why I try to make a change.



    ------------------------------
    Eddie J
    ------------------------------



  • 4.  RE: How to access BAW resouces externally without authorization

    Posted Thu October 21, 2021 01:25 PM
    Hi Eddie,
    I am not entirely sure about your use case, this is what I understand, you want to use a BAW uploaded web file to be accessed in an email as embedded content, that is the email sent will only have a link to the resource and not the actual file.

    I can think of 2 different approaches which may work for you, assuming my understanding of your use case is correct (Both approaches are tested for different use case, but may fit your needs):
    1. Try sending the resource as an attachment and then using the attachment to show in the email body. I have used something like this in one of my project, where we take a screenshot, upload it to BPM document store, use tw.system.findDocumentByID(ID).writeDataToFile(server temp location) to save it in temp directory, then use the OOTB email service to send this file as an attachment or as an embedded file. We can send multiple attachments also and as embedded images as needed. And then delete the file from temp directory [In our case we also delete from document store as we do not need it, but in your case you do not need to] - This has been tested in Outlook client with Microsoft exchange and in Gmail as recipient email ID account.
    2. The other way is to use TAI for this, in which case you can check the incoming request and see if the requested URI is of a Web file, in isTargetInterceptor method and if it, then invoke the negotiateValidateandEstablishTrust method to check if the file requested is indeed the one that you want to be available w/o authentication (This can be hard coded or can be stored in a Name Space binding under "Environment" -> "Naming" -> "name Space binding" in WAS Console). If it is then you can login the user with a new TAI specific ID (you can create a new one) to log the user in with that specific ID. You should also implement a logout logic in the same code to make sure if the request is coming for any other ID and the user is logged in with this specific ID, then logout the user.
    #2 may sound like an overkill for the purpose of sending an email, which it is. But technically it should work. Our use case was specific to logging user in automatically from outside of BPM​ under specific conditions (REST APIs JWT validations, External Portal using BPM Workflow and UI) and also log them out when those conditions are not met, if the user is still logged in and do nothing otherwise.

    Some of the design decisions would also depend upon whether the user you are sending the email to is Internal / External to organization and / or is supposed to have access to your BAW environment or not. But in any case the above 2 approaches should work.

    ------------------------------
    Shivam Verma
    BPM Consultant
    IBM BPM Architect
    UI Developer / UX Designer
    ------------------------------



  • 5.  RE: How to access BAW resouces externally without authorization

    Posted Wed October 27, 2021 05:15 AM
    Hi Shivam, Yep ur understanding is correct.  I think both ur solution are fine for external access, Tks a lot! @Shivam verma

    ------------------------------
    Eddie J
    ------------------------------



  • 6.  RE: How to access BAW resouces externally without authorization

    Posted Wed October 27, 2021 06:18 PM

    Hi Eddie,
    Thanks for confirming the use case, using Content ID should work for you.
    It still depends upon the email client used by email recipients. I am assuming that this would be used within a corporation and since most places use MS Outlook's desktop client, Content ID would work best, when sending using the OOTB email service.


    =========================================================================
    Embedding image (BAW Web Asset) in an email body, when email is sent from BAW
    Send the image file as an email attachment and in the email body, use below image tag in your HTML:
    <img src="cid:testfile.png"/>

    This should work in most Desktop clients and Web email clients including Outlook & Gmail
    Tested in Gmail Web, Outlook (2013 & 365) Web and Desktop client both.
    =========================================================================


    =========================================================================
    Brief about embedded images
    There are three broad ways to embed an image in an email body:

    1. Providing a URL to Image file location in image tag
      • If a link is internal to organization w/ no certificate issues and user is logged in this would work. If user is not logged in JWT can be used as mentioned in earlier post. External link also would have same criterion, depending upon organization security policies this can be affected.
    2. Providing a base 64 encoded value
      • The email size will increase and this does not work in Outlook Desktop and a few other desktop clients, will work fine in Outlook Web, since most organizations use Outlook desktop this may not be feasible. So depends upon the client used by email's target audience.
    3. CID (Content ID)
      • This works in Outlook both web and desktop and works with OOTB Mail External Service - Tested as mentioned above.
      • In Desktop Outlook the attachment would not be shown only embedded image will be shown. However in Outlook Web, attachment and embedded image both will be shown.
      • For a java client one has to send a multipart content header, but the OOTB Mail External service does all for us, by just using the cid in the src attribute of the img tag.
    Your organization policies and security measures along with email client would also be a deciding factor.
    =========================================================================

    ------------------------------
    Shivam Verma
    BPM Consultant
    IBM BPM Architect
    UI Developer / UX Designer
    ------------------------------



  • 7.  RE: How to access BAW resouces externally without authorization

    Posted Fri October 22, 2021 01:56 AM
    From what you describe, you are sending an email - maybe HTML that has a company logo embedded. The company logo was uploaded to a process app as web file.

    Web files require authentication. There is no reasonable way to avoid that (I consider a TAI for this use case overkill, too).

    In addition to Shivam's options, you may consider serving the static file from a static file server - such as the web server in front of BAW.

    ------------------------------
    Jens Engelke
    ------------------------------



  • 8.  RE: How to access BAW resouces externally without authorization

    Posted Fri October 22, 2021 02:03 AM
    The image can be embedded as a base64 static content as well in the HTML email body.

    ------------------------------
    Atanu Roy
    Solution Architect
    Salient Process
    ------------------------------



  • 9.  RE: How to access BAW resouces externally without authorization

    Posted Fri October 22, 2021 08:46 AM

    If all you are doing is trying to embed a static image in the email, you can do it using the approach described here:

    Displaying images in webpage without src URL

    Stack Overflow remove preview
    apple-touch-icon@2.png?v=73d79a89bded" width="200" height="200">
    Displaying images in webpage without src URL
    Thanks for contributing an answer to Stack Overflow! Please be sure to answer the question. Provide details and share your research! Asking for help, clarification, or responding to other answers. Making statements based on opinion; back them up with references or personal experience. To learn more, see our tips on writing great answers.
    View this on Stack Overflow >



    If you are trying to include a FORM with user to enter data and sent it back to BAW or URL pointing to a Human Service or Ajax, you do require authentication.



    ------------------------------
    Mikhail Zilbergleyt
    ------------------------------



  • 10.  RE: How to access BAW resouces externally without authorization

    Posted Wed October 27, 2021 05:26 AM
    Tks Atanu, this is the solution in use for now.  One bad is, the base64 image needs more time to load compare to linked image.  @ATANU ROY​​

    ------------------------------
    Eddie J
    ------------------------------



  • 11.  RE: How to access BAW resouces externally without authorization

    Posted Wed October 27, 2021 05:22 AM

    Hi Jens,  I think static file is easy way for a banner image.  Since we try to make it within the delivery(.twx), currently we using base64 image. Thanks for ur input anyway! @Jens Engelke



    ------------------------------
    Eddie J
    ------------------------------