If we want to access Domino’s Environment, it is the ContextInfo class which gives us all we need. Everything you need to do to use the class is described in an earlier blog post.
The class gives mainly access to the following methods:
| Method | Description |
| getDataDirectory() | Path to notes data directory |
| getEnvironmentString(String envName) | Returns the environment variable |
| getServerDatabase() | The actual database as NAPI object, if any |
| getServerVariable(String varName) | Variables from the Request, i.e. „QUERY_STRING“ |
| getUserDatabase() | The actual database as Domino Java object, if any |
| getUserSession() | The session of the actual user performing the request ( |
| isAnonymous() | true if the current user is Anonymous |
Keep in mind that the incoming request is independently of any underlying Notes database. In our example, the URI http://your.server/dominorestservlet/helloworld/ does not run inside of a NSF, that’s why the getServerDatabase() and the getUserDatabase() methods returns null.
As a consequence, our servlet does not have any access restriction and is reachable as anonymous. If you want to access a database programatically, the „normal“ Domino access control is intervening again, but we can do the access check by ourself.
To prevent the access to the servlet, I have added a „checkAuthentication“ method to the RestApiServlet class. This method checks if the current user is a) not anonymous and b) a member of the group RESTAPIAccessAllowed. The method throws a NotAuthenticatedException which let’s the servlet return a HTTP 403.
There’s a project called „waffle“ (https://github.com/Waffle/waffle) that contains a servlet filter to handle single sign on for Active Directory users, e.g. via NTLM tokens.
Can be useful in this context, maybe combined with LtpaToken computation via Domino C API functions (=>Domino JNA project).
Looks very interesting.Maybe I will give it a try… Thanks for the tip.
Pingback: Domino & Spring Boot: How does it work | blog@hasselba.ch