The Event Gateway is a brand new Alfresco Component, introduced to improve the security of the event mechanism. The Event Gateway relies on existing components that produces internal events flagged for external consumption. Those events are then consumed by the Event Gateway Service and routed to various destinations such as the queryable Event Store, Global Public Event Topic, subscription triggers, and the Event Archive.
The following picture illustrates how the Event Gateway fits into the big picture:
The Event Gateway provides the following:
- More security and store and forward of events
- Choice of what ActiveMQ instance you want to use. Extensions don’t need to use the Repository instance.
- You can create different subscriptions for different extensions.
- Events can be filtered, for example: consume only created or updated files of content type
pub:article
orpub:book
- The gateway also provide metrics: Event produced, event consumed, current subscriptions etc.
- (Enterprise Edition) Events are filtered by ACL, so users can only receive events of nodes they have permission to read.
Note: The Event Gateway is an optional component, but very useful if you want more security.
Developer deployment
The Event Gateway can be deployed in a developer environment with Docker Compose.
Set the property keycloak.auth-server-url
pointing to your local IP address to avoid security issues validating the
domain of the access tokens generated by the Alfresco Identity Service.
Use export HOST_IP=xxx
for specifying the host ip address before starting docker compose.
The following line will produce the result using ifconfig
:
export HOST_IP=$(ifconfig | grep -E "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -v 127.0.0.1 | awk '{ print $2 }' | cut -f2 -d: | head -n1)
The following lines will produce the result using ip address show
:
export HOST_IP=$(ip address show | grep -E "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -v 127.0.0.1 | awk '{ print $2 }' | head -n 1 )
export HOST_IP=$(echo ${HOST_IP%/*})
Here is the docker-compose.yml
file:
# Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose
version: "2"
services:
alfresco-event-gateway:
image: alfresco/alfresco-event-gateway-app:development
environment:
JAVA_TOOL_OPTIONS: "
-agentlib:jdwp=transport=dt_socket,address=*:8888,server=y,suspend=n
"
JAVA_OPTS: "
-Dspring.activemq.brokerUrl=tcp://activemq:61616
-Dspring.datasource.url=jdbc:postgresql://postgres-event-gateway:5432/alfresco-event-gateway
-Dspring.datasource.driverClassName=org.postgresql.Driver
-Dspring.datasource.username=alfresco-event-gateway
-Dspring.datasource.password=alfresco-event-gateway
-Dspring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect
-Dspring.jpa.hibernate.ddl-auto=update
-Dalfresco.event.gateway.publication.jms.broker.my-broker.broker-url=tcp://activemq:61616
-Dkeycloak.auth-server-url=http://${HOST_IP}:8999/auth
-Dcontent.service.url=http://alfresco:8080
-Dmanagement.metrics.export.simple.enabled=true
-Dmanagement.endpoint.metrics.enabled=true
"
depends_on:
- alfresco
- alfresco-identity-service
ports:
- 7070:8080
- 8888:8888
postgres-event-gateway:
image: postgres:13.1
mem_limit: 512m
environment:
- POSTGRES_PASSWORD=alfresco-event-gateway
- POSTGRES_USER=alfresco-event-gateway
- POSTGRES_DB=alfresco-event-gateway
command: postgres -c max_connections=300 -c log_min_messages=LOG
ports:
- 5433:5432
alfresco:
image: alfresco/alfresco-content-repository-community:7.1.0
mem_limit: 1500m
environment:
HOST_IP: ${HOST_IP}
JAVA_TOOL_OPTIONS: "
-Dencryption.keystore.type=JCEKS
-Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding
-Dencryption.keyAlgorithm=DESede
-Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore
-Dmetadata-keystore.password=mp6yc0UD9e
-Dmetadata-keystore.aliases=metadata
-Dmetadata-keystore.metadata.password=oKIWzVdEdA
-Dmetadata-keystore.metadata.algorithm=DESede
"
JAVA_OPTS: "
-Ddb.driver=org.postgresql.Driver
-Ddb.username=alfresco
-Ddb.password=alfresco
-Ddb.url=jdbc:postgresql://postgres:5432/alfresco
-Dsolr.host=solr6
-Dsolr.port=8983
-Dsolr.http.connection.timeout=1000
-Dsolr.secureComms=none
-Dsolr.base.url=/solr
-Dindex.subsystem.name=solr6
-Dshare.host=127.0.0.1
-Dshare.port=8080
-Dalfresco.host=localhost
-Dalfresco.port=8080
-Daos.baseUrlOverwrite=http://localhost:8080/alfresco/aos
-Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
-Ddeployment.method=DOCKER_COMPOSE
-DlocalTransform.core-aio.url=http://transform-core-aio:8090/
-Dcsrf.filter.enabled=false
-Dauthentication.chain=identity-service1:identity-service,alfrescoNtlm1:alfrescoNtlm
-Dalfresco.restApi.basicAuthScheme=true
-Didentity-service.enable-basic-auth=true
-Didentity-service.authentication.validation.failure.silent=false
-Didentity-service.auth-server-url=http://${HOST_IP}:8999/auth
-Didentity-service.realm=alfresco
-Didentity-service.resource=alfresco
-XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80
"
transform-core-aio:
image: alfresco/alfresco-transform-core-aio:2.5.2
mem_limit: 1536m
environment:
JAVA_OPTS: " -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80"
ports:
- 8090:8090
share:
image: alfresco/alfresco-share:7.1.0
mem_limit: 1g
environment:
REPO_HOST: "alfresco"
REPO_PORT: "8080"
JAVA_OPTS: "
-XX:MinRAMPercentage=50
-XX:MaxRAMPercentage=80
-Dalfresco.host=localhost
-Dalfresco.port=8080
-Dalfresco.context=alfresco
-Dalfresco.protocol=http
"
postgres:
image: postgres:13.1
mem_limit: 512m
environment:
- POSTGRES_PASSWORD=alfresco
- POSTGRES_USER=alfresco
- POSTGRES_DB=alfresco
command: postgres -c max_connections=300 -c log_min_messages=LOG
ports:
- 5432:5432
solr6:
image: alfresco/alfresco-search-services:2.0.2
mem_limit: 2g
environment:
#Solr needs to know how to register itself with Alfresco
- SOLR_ALFRESCO_HOST=alfresco
- SOLR_ALFRESCO_PORT=8080
#Alfresco needs to know how to call solr
- SOLR_SOLR_HOST=solr6
- SOLR_SOLR_PORT=8983
#Create the default alfresco and archive cores
- SOLR_CREATE_ALFRESCO_DEFAULTS=alfresco,archive
#HTTP by default
- ALFRESCO_SECURE_COMMS=none
ports:
- 8083:8983 #Browser port
activemq:
image: alfresco/alfresco-activemq:5.16.1
mem_limit: 1g
ports:
- 8161:8161 # Web Console
- 5672:5672 # AMQP
- 61616:61616 # OpenWire
- 61613:61613 # STOMP
proxy:
image: alfresco/alfresco-acs-nginx:3.1.1
mem_limit: 128m
environment:
DISABLE_PROMETHEUS: "true"
DISABLE_SYNCSERVICE: "true"
DISABLE_ADW: "true"
depends_on:
- alfresco
ports:
- 8080:8080
links:
- alfresco
- share
alfresco-identity-service:
image: quay.io/alfresco/alfresco-identity-service:1.5.0
environment:
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=admin
- KEYCLOAK_IMPORT=/tmp/alfresco-realm.json
- DB_VENDOR=h2
volumes:
- ./realms/alfresco-realm.json:/tmp/alfresco-realm.json
ports:
- 8999:8080
Gateway API
The Event Gateway provides a ReST API with the following features:
- Creating a subscription -
POST /subscriptions
- Getting a subscription -
GET /subscriptions/{id}
- Update a subscription -
PATCH /subscriptions/{id}
An out-of-process extension may create a subscription to receive certain types of events in a specific topic of an ActiveMQ broker.
For more information on how to use the subscription API, see the Event Gateway documentation.