D2-Config without ActiveX

If somehow you find yourself working for a customer with very strict security policies that don’t allow ActiveX components, you can still work with D2-Config even if you cannot install the activex component.

You can access /D2-Config/ConnectDialog.html, ignore the popups and login as usual, then you’ll be redirected to /D2-Config/interface.html?interfaceId=null# which is the page with D2-Config matrix.

Every time you click somewhere you’ll get a popup stating the C6 ActiveX is not loaded but you can simply ignore it, as most of the application will work.

If you need to perform a full import of a configuration, you can do so with the following code (note that this will reset D2-Config configurations):

getSManager();
session=sm.getSession("repository");

D2Session.initTBOEx(session,false);
D2Config config=new D2Config(session);

config.importZip(new File("full path to Zip file with configuration"),
true, null, null, true, true, null);

Map arguments = new HashMap();
arguments.put("-callerUrl", "http://server/D2/");
arguments.put("-all", Boolean.TRUE);
D2Method.start(session, D2RefreshCacheMethod.class, arguments);

sm.release(session);

You’ll need to add to your project d2-api.jar and c6-common.jar, mark as approved the dfc instance used by the program’s dfc, and set the java.security parameter as explained in D2 4.7/16.4 configuration in eclipse

D2 4.7/16.4 configuration in eclipse

This post is quite similar to the Debugging D2 4.5/4.6 previously posted, explaining how to set up D2 without lockbox, but much more simple due to the missing lockbox.

Extract all files from D2/D2-Config to a local folder in your computer, configure a new (tomcat) server in Eclipse, and configure the following parameters:

  • JVM arguments:
    • -Djava.io.tmpdir=”<absolute path to some temp folder>\d2″ (make sure this folder exists)
    • -Djava.security.policy=file:///<absolute path to java.policy file> (the documentation states to change java.policy in your JRE, but I rather use this cleaner solution: create a local java.policy file with a single line:

      grant { permission com.documentum.fc.client.impl.bof.security.RolePermission “*”, “propagate”;}; and reference it with the java.security.policy parameter)

    • Additional memory/custom parameters

Now, start the server, take note of the dfc.keystore id, mark it as approved privilege client in DA and you are good to go.

How to read environment variables

By the talented team way:

 String os = System.getProperty("os.name").toLowerCase();
if (os.indexOf("win") >= 0) {
p = r.exec("cmd.exe /c set");
} else {
p = r.exec("env");
}
BufferedReader br = new BufferedReader(new InputStreamReader(p.getInputStream()));
String line;
while ((line = br.readLine()) != null)
{
String[] inputs = line.split("=");
if ("DOCUMENTUM".equalsIgnoreCase(inputs[0])) {
retCode = inputs[1];
}
}
if (br != null) {
br.close();
}

I guess System.getenv was way too complex…

Oh, and they use the same method to read a properties file:

while ((record = dis.readLine()) != null)
{
recCount++;
if ((!record.startsWith("#")) && (!record.trim().equalsIgnoreCase("")))
{
String[] inputs = record.split("=");
params.put(inputs[0], inputs[1]);
}
}

OTEW 2018 fun

I’m not attending the event being held in Toronto, but I found through twitter this nice url:

http://hol-host05.eastus.cloudapp.azure.com:81/d2-unity-web/ui/app.html -> This is the new D2 UI (and yes, you can use the you-know-which-default-user(s) to log in and check it by yourself) deployed on Azure (which is weird, considering Opentext has its own cloud…)

But, the really funny thing here, are these urls:

http://hol-host05.eastus.cloudapp.azure.com:81/da -> da 7.3 (but with CS 16.4/SQL Server)

http://hol-host05.eastus.cloudapp.azure.com:81/D2 -> hello old D2 vulnerabilities ๐Ÿ™‚

http://hol-host05.eastus.cloudapp.azure.com:81/d2-unity-web/repositories -> and you can log in with you-know-which-default-user(s), and you have a nice DQL tool provided by REST services ๐Ÿ™‚

Documentum D2 Cache

Usually when working with D2 one common problem is the cache and how/when to refresh it in order to see changes (attribute labels, dictionary values, etc.).

The common solution for every problem suggested by support is usually to delete “Tomcat’s temp folder”, where you’ll find the following files:

  • c2file-cache.data
  • folder-cache.data
  • o2attrconfig-cache.data
  • taxonomy_level-cache.data
  • skin-cache.data
  • dictionary_dql-cache.data
  • xml-cache.index
  • xml-cache.data
  • D2FileCleaningTracker_D2.ser
  • X3Image<random numbers>.png (multiple files)

This is most often a workaround for “refresh cache” option from D2-Config, which most of the times won’t work because it works by appending a /Servlet/refreshCache to the URL configured in the setting. Why does this not work? Well, it (mostly) does if you run a single server, however, if you’re running a cluster of multiple application server, which one is receiving the call and cleaning its cache? well, good luck guessing ๐Ÿ˜€

Besides, JMS also has these cached files (well, not all those files), and this cache is placed on /tmp. Is this a problem? No if you have a single Content Server on your server or if you are not running an application server (not Tomcat) with the different credentials from Documentum.

But, what happens if you happen to run, let’s say, several Content Servers on the same host, with different D2 versions in each one, and you run different application servers on your server, with different D2 versions? Well, what happens is havoc.

You’ll found the cache files on /tmp, but those will be “locked” by the user that created those files on the first place. Why this behaviour? Well, if we check support page, we’ll find KB6269196:

Summary
Because D2 does not contain any ehcache.xml configuration files, the default behavior of the ehcache library is to store the cache data files in the path specified by java.io.tmpdir.

Resolution
Append the -Djava.io.tmpdir option
Modify and change to default run time JAVA_OPTS
usage: -Djava.io.tmpdir=/home/dmadmin/temp”

So, we can get some conclusions from this support note:

1. D2 cache is stored in java.io.tmpdir, which in Tomcat is its temp folder, and in Linux is /tmp.

2. Support likes using sledgehammers to crack nuts (changing the default temporary folder of the application server for a couple of files???, really???)

3. Support/engineering/talented team just don’t bother or they can’t read

Why do I say that? Because D2 has indeed a configuration file (actually has three configuration files in JMS and two in D2/D2-Config) and the default behaviour of ehcache is not storing cache on java.io.tmpdir. Let’s take a look to the documentation of the (obsolete, as usual) version bundled in D2:

<!–
DiskStore configuration
=======================
The diskStore element is optional. To turn off disk store path creation, comment out the diskStore element below.
Configure it if you have overflowToDisk or diskPersistent enabled for any cache.
If it is not configured, and a cache is created which requires a disk store, a warning will be issued and java.io.tmpdir will automatically be used.
diskStore has only one attribute – “path”. It is the path to the directory where.data and .index files will be created.
If the path is one of the following Java System Property it is replaced by its value in the running VM. For backward compatibility these are not specified without being enclosed in the ${token} replacement syntax.

The following properties are translated:
* user.home – Userโ€™s home directory
* user.dir – Userโ€™s current working directory
* java.io.tmpdir – Default temp file path
* ehcache.disk.store.dir – A system property you would normally specify on the command line e.g. java -Dehcache.disk.store.dir=/u01/myapp/diskdir …

Subdirectories can be specified below the property e.g. java.io.tmpdir/one
–>

<diskStore path=”java.io.tmpdir”/>

So, if “nothing” is specified, ehcache will fallback to java.io.tmpdir or the value specified in the ecache-failsafe.xml (located in ehcache.jar), which happens to be pointing to java.io.tmpdir too.

So we’ve already found one configuration file in ehcache.jar, where’s the second one? Well, look into WEB-INF/lib/C6-Common.jar/com/emc/common/java/cache/d2-cache.xml in D2.war/D2-Config.war or in $JMS_DEPLOYMENT_DIR/ServerApps.ear/lib/C6-Common.jar/com/emc/common/java/cache/d2-cache.xml:

<diskStore path=”java.io.tmpdir”/>

Second configuration file (and the one actually being picked up, you can check the D2/D2-Config/JMS logs on DEBUG for confirmation) which contains a value… Actually you can change this to a hardcoded value or to a more suitable solution by setting ehcache.disk.store.dir as value and changing JAVA_OPTS in order to include -Dehcache.disk.store.dir=<your temp path for ehcache files>, which is way less aggresive than changing java.io.tmpdir.

And the third one? Take a look to your JMS ServerApps.ear/APP-INF/classes/d2-ehcache.xml, but note that this file is useless as it not picked by the classpath.

Opentext iHub integration with Documentum

One of the new features of Documentum 16.4 is the integration with Opentext’s iHub analytics software. If you don’t know what iHub is, it’s something like a preconfigured set of reports (if you’ve used Jasper Reports, it’s quite similar) which now comes with a bundled OOTB reports for Documentum.

I’ve been trying to set it up in a test environment just to check it out but I’ve been having some problems.

Even though the installation is quite straightforward for some reason it refused to work, and it was impossible to login into the application. After discarding me as the problem, I pinpoint the error to the login info sent to Documentum.ย  This information is configured in the dctm_ihub_user_map.json file, which the documentation states, has the following format:

If you want to have a separate user mapping between Documentum and iHub user, then add a new entry (in bold) as in the following example:
{
“DEFAULT VOLUME”: {
“name”: “Default Volume”,
“users”: {
“DEFAULT_USER”: {
“name”: “Administrator”,
“password”: “”
381
Documentum Administrator
},
“dmadmin”: {
“name”: “dmadmin”,
“password”: “”
},
“dctm_testuser”: {
“name”: “ihub_testuser”,
“password”: “testpassword”
}
}
}
}

I was sure something was wrong there, so I decompiled the classes that read that file and, oh surprise:

DvrIPSE.IPSEUser localIPSEUser = (DvrIPSE.IPSEUser)localMap.get(paramString2.toUpperCase());

I guess I’ll be filling a “documentation bug”…