I'm trying to build a custom portal that will allow users view reports through OpenDocument. This seems straightforward, but I think I'm misunderstanding how tokens work. Basically, I have a web service that provides login functionality. That services returns a token. Pretty straightforward:
ISessionMgr sessionMgr = CrystalEnterprise.getSessionMgr(); IEnterpriseSession enterpriseSession = sessionMgr.logon(userName, password, "myserver", "secEnterprise"); ILogonTokenMgr logonTokenMgr = enterpriseSession.getLogonTokenMgr(); String tokenValue = logonTokenMgr.createWCAToken("", 60, 100);
So a customer comes to the portal. The portal logins into BO under the covers and gets a token. The reports page of the portal gets instance ID's (through another service) and builds urls to opendoc. These urls contain the token parameter and the iDocID parameter. The intent is that when a user clicks these links, the report will be retrieved through openDoc and displayed in a frame, or new window. However, what is actually happening when the URL's are clicked is that openDoc redirects to InfoView and I get an error"
Report Linking Error There was an error retrieving data from the server: The object was not found.
If I test manually in a browser (calling my login webservice, then manually building the opendoc link and pasting into the same browser) it works. I haven't tested this thoroughly yet, but it looks like if I add the jsessionID (from the login service) to the end of the URLS my custom app builds, then that works too. I don't understand this. The OpenDocument docs don't say anything about a session ID. It says to use CE_ENTERPRISESESSION, or token. I read some documentation that suggested high concurrency systems are best served using the token method and that's what I'm interesting it doing.
Am I missing something with how openDocument security works?
Thanks in advance.