This deck includes a description of the Transform Service available for Alfresco 7.4.0.
Secure configuration sample, relying on mTLS, is also discussed.
2. Transform Services & Repository
Components
• Transform Core (AIO)
• Single-step transformations via HTTP
• Individual T-Engines can be also deployed independently
• Transform Router
• Multi-step transformations with pipelines and failover mechanism
via Messaging (ActiveMQ)
• Shared File Store
• Filesystem repository via HTTP
3. Transform Services & Repository
Community
Transform Core AIO
LibreOffice
ImageMagick
PDF Renderer
Tika Misc
Alfresco
Repository
Transform Service
SYNC
Custom
local.transform.service.enabled=true
4. Transform Services & Repository
Transform Core AIO (Community)
• Spring Boot App
• HTTP services
• Configuration GET transform/config
• Transform POST /
• Test Page GET /
• Log GET /log
• Live GET /live
• Ready GET /ready
• Synchronous
• Unique option for Alfresco Community deployments
Transform Core AIO
5. Transform Services & Repository
Enterprise
Shared File Store
Transform Router
Transform Core AIO
ActiveMQ
Alfresco
Repository
Transform Service
SYNC
ASYNC
ASYNC LibreOffice
ImageMagick
PDF Renderer
Tika Misc
Custom DTE AIS
SYNC
(config)
SYNC
ASYNC
SYNC
transform.service.enabled=true
7. Transform Services & Repository
Transform Engines
• LibreOffice Office Documents including Microsoft formats
• ImageMagick Images and thumbnails
• PDF Renderer Generate PNG of first page from a PDF document
• Tika Compressed files and metadata extraction
• Misc HTML, iWorks, EML, XML, Markdown, source code…
• DTE (Document Transformation Engine): Word, Excel and PowerPoint
• AIS (Alfresco Intelligence Services): Enrichment of content metadata
• Custom Transformation and enrichment for additional formats
Transform Core AIO
Out of
the Box
Paid
Modules
Dev
8. Transform Router
Transform Services & Repository
Transform Router
• Spring Boot App
• Retrying policy
• Max retries (3 by default)
• Timeout (10 secs by default)
• Types of Transformers
• Single-step
• Pipeline
• Error handling
• 400 BAD REQUEST
• Invalid JSON
• Invalid values
• Unsupported transformation
• 403 FORBIDDEN
• mTLS fails due to wrong client certificate
• 500 INTERNAL SERVER ERROR
9. Shared File Store
Transform Services & Repository
Shared File Store
• Spring Boot App
• HTTP service wrapping a shared filesystem
• A place to store and retrieve files from different services (like ACS and ATS)
• Configuration
• scheduler.content.age.millis 86400000 Content retention period
• scheduler.cleanup.interval 86400000 Cleanup Scheduler interval
12. Transform Services & Repository
Creating a new T-Engine
• Maven
<parent>
<groupId>org.alfresco</groupId>
<artifactId>alfresco-transform-core</artifactId>
<version>3.0.0</version>
</parent>
<dependencies>
<dependency>
<groupId>org.alfresco</groupId>
<artifactId>alfresco-base-t-engine</artifactId>
<version>3.0.0</version>
</dependency>
</dependencies>
• Java
• org.alfresco.transform.base.TransformEngine to provide basic information about the Engine
and the Transform pipelines
• org.alfresco.transform.base.CustomTransformer to implement the transformation operation
https://github.com/aborroy/alfresco-transform-service-3.0.0/tree/main/pandoc-t-engine
19. Secure Communications & Settings
• From ACS 7.4, mTLS communication between Transform Service
and Repository is supported
• Alfresco SSL Generator tool has been updated to produce required
keystore and truststore files
• Generate a self-signed CA*
• Generate certificates, keystores and truststores for Repository & Transform
$ ./run_additional.sh -servicename transform-core-aio -rootcapass kT9X6oe68t -keysize 2048
-keystoretype PKCS12 -keystorepass kT9X6oe68t -truststoretype PKCS12 -truststorepass kT9X6oe68t
-certdname "/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./OU=Unknown/CN=Transform Core AIO"
-servername transform-core-aio -alfrescoformat current
• Apply configuration settings for properties and keystores
* You may use your own software or PKI infrastructure to create CA and certificates, but configuration
related to keystore type and certificate alias should be followed as described by Alfresco SSL Generator
20. Secure Communications & Settings
https://github.com/aborroy/alfresco-secure-connection
Community
29. Tips & Tricks
TLS
• Use TLSv1.3 where available
• When using TLSv1.2, restrict accepted algorithms to
• AES-128 with SHA-256
• AES-256 with SHA-384
• The use of SSL, TLSv1.0 and TLSv1.1 is severely discouraged
Keystores
• Use PKCS#12 keystore and truststore types
• P#12 keystores built with OpenSSL don’t work with Java, using keytool is required *
Keys
• Use at least 2048 bits for RSA keys
* https://angelborroy.wordpress.com/2022/08/12/building-a-custom-pkcs12-truststore-for-java/