Alfresco Summit 2013 Presentation by Jared Ottley and Will Abson. Discuss how the Alfresco for Salesforce Integration works; How to get and install the integration; Challenges; ideas for for future releases.
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Alfresco for Salesforce
1. Alfresco for Salesforce
5 November 2013 / 13 November 2013
Will Abson (wabson@alfresco.com)
Jared Ottley (jottley@alfresco.com)
Gregory Melahn (greg.melahn@alfresco.com)
#SummitNow
2. Agenda
• Part One (Business)
o Overview and Demonstration
• Part Two (Technical)
o How it Works
o Building on Salesforce
o Building on Alfresco
#SummitNow
4. What does the App do?
• Allows Salesforce Users to attach Documents
to Salesforce Objects and have them stored in
Alfresco
o
Four Specific Salesforce Object Types supported
▪ Accounts
▪ Cases
▪ Contracts
▪ Opportunities
• Allows Salesforce Users to Edit, View and
•
Delete the attached Alfresco Documents#SummitNow
Creates Chatter about the Alfresco Documents
5. Finding the App
• Go to the Salesforce App Exchange
•
https://appexchange.salesforce.com/
Enter some search criteria (e.g. ‘Alfresco’)
o
#SummitNow
11. Alfresco and SF Components
Properties Config
Adv. Search Form
Alfresco Share
Apex Classes
VisualForce Pages
Security Profiles
Salesforce Model
Alfresco Repository
Sample Layouts
Salesforce
#SummitNow
12. Salesforce Model
Salesforce Record
1
Stored in <site>/Salesforce Records
0..N
Salesforce
Attachment
Assoc
Stored in
<site>/documentLibrary/Salesforce
Attachments
Additional Aspects
CRM Account
Document Type
CRM Contract
CRM Case
CRM Opportunity
#SummitNow
13. Application Packaging
On the Salesforce side
o
o
(??)
Deployed on the AppExchange
On the Alfresco side (MyAlfresco only)
o
o
Repo AMP
▪ salesforce-repo-1.0.0.amp
Share AMP
▪ salesforce-share-1.0.0.amp
#SummitNow
14. How it Works
Web browser
A
O PI:
C Au
M th
IS +
Salesforce Users
#SummitNow
15. How it Works
Web browser
Upload:
OAuth +
CORS +
CMIS
A
O PI:
C Au
M th
IS +
Salesforce Users
#SummitNow
16. How it Works - Downloading a File
Web browser
O
CM Au
t
IS h +
Salesforce Users
1. User clicks Download link for
a file
2. Salesforce-side code checks
the user’s access token is
still valid
o If not valid, the token is
refreshed
3. Salesforce-side code checks
the document is present in
Alfresco, providing nodeRef
o If not present, the user
is forwarded to a ‘page
not found’ page
4. Salesforce-side code access
the content of the file from
Alfresco Cloud via CMIS and
#SummitNow
streams it back to the user
17. How it Works - Uploading a File
Web browser
OAuth +
CORS +
CMIS
O
CM Au
t
IS h +
Salesforce Users
1. User clicks Attach File button
in their browser, taken to New
Document page
2. User selects file, enters
Document Name and
Document Type (drop-down)
and hits Save
3. Page fires off POST request
to trigger Apex remote action
in Salesforce-side code,
which creates empty content
item in the Document Library
4. Browser does a CMIS PUT
directly against Alfresco
Cloud to upload the content
itself
o This works around
Salesforce request body
#SummitNow
size restrictions
o Access token from
18. Cloud Sync
OAuth +
CORS +
CMIS
Corporate Users
O
CM Au
t
IS h +
Web browser
Sync
Salesforce Users
Firewall
Remote Office
#SummitNow
21. CMIS API Challenges - No CMIS Client
• Force.com has no concept of libraries
• Install packages from appexchange
• Limited to what to is exposed by developer
• Add classes from other projects
• Count against you code total
• No one has written a CMIS appexchange package
• No one has written CMIS classses that could be added
• Apex Web Callouts to CMIS endpoints
#SummitNow
• Governance Limits
• Installer must approve connecting endpoints
22. CMIS API Challenges - Tenant Id
• Calls to Cloud CMIS API need tenant id
• CMIS provides no way to discover tenant id
• Two options:
• User provides
• Use REST API
• https://api.alfresco.com
• Apex JSON parser (requires new classes)
• JSON objects: Reserved words
• Limit to home network or ask user input #SummitNow
23. CMIS API Challenges - Verbosity
• CMIS is Verbose!
• Can reduce a little using filters
• Governance Limits
Example: Alfresco.com
• Alfresco.com site list is 400+ (and growing)
• Document size is 2.5 MB
Options:
• Paging
• CMIS Browser Bindings
#SummitNow
25. CMIS API Challenges - Child Objects
• Lacks support for including child objects
If it did….
Governance Limit Heap Size
Since it doesn’t…
Governance Limit Callout Requests
#SummitNow
26. CMIS API Challenge - Delete
CMIS API allows delete of relationship using objectId
using:
https://api.alfresco.com/alfresco.com/public/cmis/versions
/1.0/atom/entry?id=assoc:4240216&allVersions=true
Relationship MAY be deleted when the target is removed
in a peer relationship (according to the spec).
Any code should allow for a 404.
Previously the relationship remained and target pointed to
#SummitNow
the archiveStore.
27. CMIS API Challenges – Secondary
Types
•Lack of support of secondary types
makes the the integration dependent on
Alfresco extensions.
•Secondary type support would allow
client to fallback to base type.
#SummitNow
28. CMIS API Challenges - Sites folder
Listing documents is achieved using a CMIS getObjectByPath call
•We
know the path of the Salesforce Record item - /Sites/<network-
id>/Salesforce Records/<record-id>
But, the Sites folder may not always be named 'Sites', e.g. 'Sitios'!
•CMIS does not provide a way to specify a QName path, rather than a
name path.
So, we must find out what the sites folder is called, and store this
•This is done when the user selects the site to be used for document
storage.
#SummitNow
29. CMIS Workbench as Node Browser
org.apache.chemistry.opencmis.binding.spi.type=atompub
org.apache.chemistry.opencmis.binding.atompub.url=https:/
/api.alfresco.com/cmis/versions/1.0/atom
org.apache.chemistry.opencmis.binding.auth.http.basic=fals
e
org.apache.chemistry.opencmis.binding.header.0=Authorizat
ion:Bearer <oauth token>
org.apache.chemistry.opencmis.binding.compression=true
cmis.workbench.folder.includeAcls=false
cmis.workbench.object.includeAcls=false
cmis.workbench.version.includeAcls=false
#SummitNow
30. Salesforce Governance
10
Total number of callouts (HTTP
requests or Web services calls) in a
transaction
6 MB
Total heap size
10,000
Maximum CPU time on the
milliseconds Salesforce servers
5 MB
File size limit
#SummitNow
http://www.salesforce.com/us/developer/docs/apexcode/
31. Security Considerations
Salesforce apply strict criteria to apps before they can be
publicly listed on the AppExchange
Partnership with Checkmarx to allow developers to check
for common vulnerabilities in their Apex / Visualforce apps
The AppExchange team are responsible for performing a
final check across your app and any supporting services
For Alfresco this covered the MyAlfresco service
Developers do not have access to the tools used
This feedback process takes (up to) 8 weeks
#SummitNow
33. Add permission set to multiple users
Every user must have the ‘Alfresco Cloud
Document Management User’ permission
set applied to their account.
This can be scripted through the Salesforce
Developer Console.
#SummitNow
34. Example
User u = [select id from User where <logic here>];
PermissionSet ps = [Select p.Id From PermissionSet p
where p.label = 'Alfresco Cloud Document Management
User'];
PermissionSetAssignment psa = new
PermissionSetAssignment(AssigneeId = u.id,
PermissionSetId = ps.id);
insert psa;
#SummitNow
37. Known Issues and Limits
•
•
•
•
•
•
•
We don’t support IE versions prior to IE 10
Maximum of number of documents that can be attached to a single
Salesforce item is 100
Documents start out as V1.1, not 1.0
If you attach a document with the same name as an existing attachment
to the same Salesforce Object, we name the attachment with a ‘-<n>’
suffix (up to three such attachments)
Uploading a document that exceeds the Alfresco quota will fail, but a
Salesforce Chatter entry will still be created (transactional integrity)
The app uses the name of the Salesforce object to create the name of the
folder in Alfresco where the files are uploaded. If you create two
Salesforce objects with the same name, files attached to either object will
be stored in the same folder
Moderated sites that the Salesforce Admin is not yet a member of will still
appear in the Sites dropdown
#SummitNow
38. Force.com Limitations
No local deployment process, deploy
process is via an external API with only an
Ant task to integrate this into your
workflow
Namespacing
Formats not well documented
The process of certifying an app is opaque
and non-trivial
#SummitNow