You might be able to use the OAuth accessToken in a cookie with the HTTP GET request to servlet/rtaImage
depending on the scope you requested when getting it.
I believe you will need to use the full
or web
scopes to then make web requests or use frontdoor.jsp.
See:
The cookie will have the name sid and the domain ".salesforce.com".
You basically want to use the OAuth accessToken in place of the Session Id.
Note that the accessToken takes the same form as a session Id, but can't always be used to authenticate with the website. Your mileage may vary.
Where did you get your accessToken from? If you used OAuth to establish the session then you will need to have the web
OAuth scope to use the sessionid for what is essentially a screen scraping web request. Having the api
scope would be sufficient for the Partner API, but for for mocking UI requests.
Other than that, as you have found, you need to put the sessionId/accessToken into a sid
cookie along with the request.
You can check your OAuth Scopes under
Setup > App Setup > Create > Apps > [App Name].
It should appear next to Selected OAuth Scopes.
When calling /services/oauth2/authorize
I'm using response_type=Token
. I'm also passing a scope query string parameter that includes web
. So I've specified the web scope on both the App and when initiating the OAuth process.
It appears you are using the Web Server OAuth Authentication Flow (based on the response_type=code). The scope parameter is applicable here as well.
scope
Specifies what data your application can access. See “Scope Parameter Values” in the online help for more information.
So you try modifying the authUrl line:
authUrl = environment + "/services/oauth2/authorize?response_type=code&client_id=" + clientId +
"&redirect_uri=" + URLEncoder.encode(redirectUri, "UTF-8") +
"&scope=full%20web";
Once you have a sessionId/accessToken, you can verify that it is valid for a web session in a browser using
https://<instanceUrl>/secur/frontdoor.jsp?sid=<accessToken>"
This should bounce you into a browser session with the sid cookie set. If it doesn't work, the session isn't valid for the web, which you will need to screenscrape an image via servlet/rtaImage
.
Final solution (By @GoldenAxe), that is only an example to check that the image fetching is working correctly, of-course it can be done much neatly.
In the WelcomeServlet.doGet:
String accessToken = (String) request.getSession().getAttribute(ACCESS_TOKEN);
String apiEndPoint = (String) request.getSession().getAttribute(INSTANCE_URL);
CookieManager cookieManager = new CookieManager();
cookieManager.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
CookieHandler.setDefault(cookieManager);
URL url = null;
try
{
url = new URL(apiEndPoint + "/secur/frontdoor.jsp?sid=" + accessToken);
// open's a connection with the url specified and returns URLConnection object
URLConnection urlConnection = url.openConnection();
// get's the contents from this url specifies
urlConnection.getContent();
}
catch (MalformedURLException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
catch (IOException e)
{
e.printStackTrace();
}
String sid = "";
// returns the cookie store(bunch of cookies)
CookieStore cookieStore = cookieManager.getCookieStore();
// getting cookies which returns in the form of List of type HttpCookie
List<HttpCookie> listOfcookies = cookieStore.getCookies();
for (HttpCookie httpCookie : listOfcookies)
{
System.out.println("Cookie Name : " + httpCookie.getName() + " Cookie Value : " + httpCookie.getValue());
if (httpCookie.getName().compareTo("sid") == 0)
{
sid = httpCookie.getValue();
}
}
String urlString = "https://c.eu0.content.force.com/servlet/rtaImage?eid=ka3200000004MwH&feoid=00N20000008fSIK&refid=0EM20000000TzfR";
HttpClient client = new HttpClient();
GetMethod method = new GetMethod();
method.setRequestHeader("Cookie", "sid=" + sid);
method.setURI(new URI(urlString, true));
int returnCode = client.executeMethod(method);
if (returnCode != HttpStatus.SC_OK)
{
System.err.println("Unable to fetch image, status code: " + returnCode);
}
InputStream imageData = method.getResponseBodyAsStream();
OutputStream out = new BufferedOutputStream(new FileOutputStream("test-image.jpg"));
for (int i; (i = imageData.read()) != -1;)
{
out.write(i);
}
imageData.close();
out.close();
method.releaseConnection();
Best Answer
eid
is a custom object, the "entity ID". Presumably, you could use this to view an instance of your record.feoid
is the "field entity ID". This describes the field that the content is stored in. You can see this value when you're looking at the field in the Setup screen.refid
is an ID of the typeContentReference
. We're not able to describe this object, so it's safe to assume that it is also unqueryable from any code we could write.Execute Anonymous:
Output:
Execute Anonymous:
Output:
In conclusion, it may be necessary, but it is not something that we are subject to viewing. It's also undocumented, so I wouldn't try messing with it.