Skip to main content
G
Greg754-Participant
4-Participant
November 5, 2024
Question

New Basic Auth for Thumbnail Content URL

  • November 5, 2024
  • 2 replies
  • 1137 views

Version: Windchill 11.2

 

Use Case: Before we were able fetch Thumnails of EPM documents by getting the URL using a call as follows /Windchill/servlet/odata/v3/CADDocumentMgmt/$metadata#CADDocuments('OR:wt.epm.EPMDocument:')/Thumbnails and then using this URL (/Windchill/servlet/WindchillGW/wt.fv.master.StandardMasterService/doDirectDownload/...) as a image scr in a Webapp to display the Thumbnail


Description:

With the newest CPS Update 17 the Thumbnail-URL changed to <Windchill-Server>/Windchill/servlet/WindchillAuthGW/wt.fv.master.RedirectDownload/redirectDownload/... which expects a Basci Authentication.

 

This situation makes the integration of the Thumbnail a lot more complicated and thats why I'm wondering if there is another option like having (configuring to have) a temporarly valid URL to fetch the Thumbnail as before like a lot of other Content Providers do.

 

As to retrieve the URL needs authentication already such a temporary url should not be a security issue.

 

I am lokking forward to read from anybody concerning my issue.

 

Best, Gregor

2 replies

HelesicPetr
22-Sapphire II
HelesicPetr22-Sapphire II
22-Sapphire II
November 6, 2024

Hi @Greg75 

I always used the basic authentication if I call any download from Windchill so it should not be so big deal.

PetrH 

 

G
Greg754-ParticipantAuthor
4-Participant
November 6, 2024

You do this from the front- or the backend? Of course - technically this is not a issue - but the credentials should not be available in the FE and handling this through the BE is producing quite a overhead.

HelesicPetr
22-Sapphire II
HelesicPetr22-Sapphire II
22-Sapphire II
November 6, 2024

Hi @Greg75 

Backend always backend. Users can not see any credentials used background. 

PetrH

D
DmitryC14-Alexandrite
14-Alexandrite
November 6, 2024

After this change I've added an additional httpRequest on my backend to fetch preauthorized thumbnail as it was before:

			if (latestReleasedPart != null && latestReleasedPart.size() > 0) {
				String thumbnailUrl = getThumbUrl(latestReleasedPart.get(0));
				
				//////
			 HttpClient client = HttpClient.newHttpClient();

			 // Create initial request with authentication header
			 HttpRequest httpRequest = HttpRequest.newBuilder()
			 .uri(URI.create(thumbnailUrl))
			 .header("Authorization", auth.getAuthHeader())
			 .build();
				
			 // Send initial request
			 try {
					HttpResponse<String> resp = client.send(httpRequest, HttpResponse.BodyHandlers.ofString());
					 if (resp.statusCode() == HttpURLConnection.HTTP_MOVED_TEMP) {
					 String redirectUrl = resp.headers().firstValue("Location").orElse(null);
					 if (redirectUrl != null) {
					 	System.out.println(redirectUrl);
					 	respUrl.thumbURL = redirectUrl;
					 }
					 }
				} catch (IOException e) {
					// TODO Auto-generated catch block
					e.printStackTrace();
				} catch (InterruptedException e) {
					// TODO Auto-generated catch block
					e.printStackTrace();
				}
				/////

 

    Terms & ConditionsAccessibility statement