Sametime 8.0.1 Connect Web API Toolkit Hint and Tip.
Category None
Sametime 8.0.1 now includes the Connect Web API Toolkit. This allows you to put Sametime Awareness on a web page using the Sametime 8.0.1 client as the engine to resolve users and do the chat etc. What's actually happening is that the Sametime 8.0.1 client is loading a mini web server, which in turn is loading a servlet (stwebapi), which is then communicating with the Sametime Connect Client. So something like this.
The webpage, loads the stylesheet and the JavaScript file from the mini Sametime web server from port 59449. Which returns information and events, and receives requests from the web page.
I have to be honest here, I am a little disturbed that 3rd party webpages now have the opportunity to interact with my Sametime connect client, for example, I could have code on this page that tries to communicate with your Sametime Connect WEB Api servlet, and I won't get any authentication request etc. I really hope no buffer overrun type things are discovered here. I am worried that this is potentially a huge hole in the Sametime client, and into your organization. So for me personally, I'm wary of using it in environments where users can access external websites (which is almost everywhere).
You can be logged in on a web page as Fred Smith, and the Sametime Client could be logged in as Joanne Blogs, and when Fred clicks on a user to chat in the web page, the chat window that appears will be for user Joanne chatting with the other person. So different to the behaviour you may be use to from Sametime Links and something to be aware of.
If you do have a firewall installed on your machine, you're also likely to receive a firewall warning when you hit a page which is trying to hit your Sametime Client, so you will have to accept that to see the awareness in a page.
Anyway back on to my hint/tip. Using the Connect client for awareness is all well and good, but what if you're on a webpage in an internet cafe, or you're on a machine that has an old Sametime Connect client. Well if you're using the Connect Web API toolkit, then you'll get nothing, no awareness. So what you really want is someway of identifying that Connect Web API is available, and if it isn't use STLinks instead. I couldn't find an example that shows how to do this, and I'm not sure IBM have thought about it too much.
Anyway this is what I came up with.
These few lines are the standard lines to load/initialize the ConnectWebAPI :
<!-- Step #1: Import the ST Connect Web API Stylesheet -->
<link rel="stylesheet" href="http://localhost:59449/stwebapi/main.css" type="text/css" />
<!-- Step #2: Import the ST Connect Web API getStatus JavaScript include file -->
<script type="text/javascript" src="http://localhost:59449/stwebapi/getStatus.js"></script>
So now before we decide if we want to use Sametime Links or the Connect Web API, we need to check to see if ConnectWebAPI is available. We do this by checking for a variable that is declared in the getStatus.js file. I make that easier to reference by wrapping it in a Javascritp function.
<Script>
function IsWebConnectAvailable(){
if (self.getstatus) {
//The Sametime Connect Client is available
return true;
} else {
//The Sametime Connect Client is available
return false;
}
}
</script>
We can now reference that function when we want to see if we want to use STLinks code or ConnectWebAPI code.
<script>
if ( IsWebConnectAvailable()) {
//Use the ConnectWeb API code here as it's available
alert('Connect Web API is available');
} else {
//Use STLinks code here as Connect Web API is not available
alert('Connect Web API is available');
}
</script>
So if you want to intelligently use the right client that should get you started.
I noticed yesterday that IBM's API documentation now includes this great paragraph.
So I should now include, the following:
© Epilio 2008. Portions of this code are derived from IBM Corp. Sample Programs. © Copyright IBM Corp. 2008. All rights reserved.
I would also like to include the following, if IBM uses any of my sample code, please do the following:
This only applies to IBM, other companies and individuals can use my sample code without this copyright notice.
Sametime 8.0.1 now includes the Connect Web API Toolkit. This allows you to put Sametime Awareness on a web page using the Sametime 8.0.1 client as the engine to resolve users and do the chat etc. What's actually happening is that the Sametime 8.0.1 client is loading a mini web server, which in turn is loading a servlet (stwebapi), which is then communicating with the Sametime Connect Client. So something like this.
The webpage, loads the stylesheet and the JavaScript file from the mini Sametime web server from port 59449. Which returns information and events, and receives requests from the web page.
I have to be honest here, I am a little disturbed that 3rd party webpages now have the opportunity to interact with my Sametime connect client, for example, I could have code on this page that tries to communicate with your Sametime Connect WEB Api servlet, and I won't get any authentication request etc. I really hope no buffer overrun type things are discovered here. I am worried that this is potentially a huge hole in the Sametime client, and into your organization. So for me personally, I'm wary of using it in environments where users can access external websites (which is almost everywhere).
You can be logged in on a web page as Fred Smith, and the Sametime Client could be logged in as Joanne Blogs, and when Fred clicks on a user to chat in the web page, the chat window that appears will be for user Joanne chatting with the other person. So different to the behaviour you may be use to from Sametime Links and something to be aware of.
If you do have a firewall installed on your machine, you're also likely to receive a firewall warning when you hit a page which is trying to hit your Sametime Client, so you will have to accept that to see the awareness in a page.
Anyway back on to my hint/tip. Using the Connect client for awareness is all well and good, but what if you're on a webpage in an internet cafe, or you're on a machine that has an old Sametime Connect client. Well if you're using the Connect Web API toolkit, then you'll get nothing, no awareness. So what you really want is someway of identifying that Connect Web API is available, and if it isn't use STLinks instead. I couldn't find an example that shows how to do this, and I'm not sure IBM have thought about it too much.
Anyway this is what I came up with.
These few lines are the standard lines to load/initialize the ConnectWebAPI :
<!-- Step #1: Import the ST Connect Web API Stylesheet -->
<link rel="stylesheet" href="http://localhost:59449/stwebapi/main.css" type="text/css" />
<!-- Step #2: Import the ST Connect Web API getStatus JavaScript include file -->
<script type="text/javascript" src="http://localhost:59449/stwebapi/getStatus.js"></script>
So now before we decide if we want to use Sametime Links or the Connect Web API, we need to check to see if ConnectWebAPI is available. We do this by checking for a variable that is declared in the getStatus.js file. I make that easier to reference by wrapping it in a Javascritp function.
<Script>
function IsWebConnectAvailable(){
if (self.getstatus) {
//The Sametime Connect Client is available
return true;
} else {
//The Sametime Connect Client is available
return false;
}
}
</script>
We can now reference that function when we want to see if we want to use STLinks code or ConnectWebAPI code.
<script>
if ( IsWebConnectAvailable()) {
//Use the ConnectWeb API code here as it's available
alert('Connect Web API is available');
} else {
//Use STLinks code here as Connect Web API is not available
alert('Connect Web API is available');
}
</script>
So if you want to intelligently use the right client that should get you started.
I noticed yesterday that IBM's API documentation now includes this great paragraph.
This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written.
These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs.
Each copy or any portion of these sample programs or any derivative work, must include a copyright notice as follows: © (your company name) (year). Portions of this code are derived from IBM Corp. Sample Programs. © Copyright IBM Corp. _enter the year or years_. All rights reserved.
So I should now include, the following:
© Epilio 2008. Portions of this code are derived from IBM Corp. Sample Programs. © Copyright IBM Corp. 2008. All rights reserved.
I would also like to include the following, if IBM uses any of my sample code, please do the following:
Each copy or any portion of these sample programs or any derivative work, must include a copyright notice as follows: © (your company name) (year). Portions of this code are derived from Epilio. Sample Programs. © Copyright Epilio _enter the year or years_. All rights reserved.
This only applies to IBM, other companies and individuals can use my sample code without this copyright notice.
| Permalink | 
Comments
As part of our normal design process, we did do a formal security risk assessment before launching the web api feature in Sametime 8.0.1. We believe that the risks are low relative to the value, especially when used with intranet based enterprise web apps where user identity is tightly controlled. The resulting actions from the feature, we believe, are limited and generally not harmful - eg: launching a blank chat window.
We will continue to closely monitor feedback on this feature.
Rob Ingram
Product Manager, IBM Lotus Sametime
Posted by Rob Ingram At 05:45:10 PM On 05/01/2008 | - Website - |
we would like to implemnt this in our lotus Sametime limited version 8.0 Environemnt.
can u put some light on it ? would be a great help !!
Posted by Rushi/Urvashi At 03:09:56 AM On 11/10/2008 | - Website - |
{ Link }
Dan
Posted by Dan At 12:16:32 PM On 03/03/2009 | - Website - |
Posted by Dan At 12:17:12 PM On 03/03/2009 | - Website - |
Posted by kiran At 08:09:35 PM On 09/25/2010 | - Website - |
<script>
if ( IsWebConnectAvailable()) {
//Use the ConnectWeb API code here as it's available
alert('Connect Web API is available');
} else {
//Use STLinks code here as Connect Web API is not available
alert('Connect Web API is available');
}
</script>
Posted by Carl Tyler At 08:10:57 PM On 09/25/2010 | - Website - |
Posted by kiran At 10:01:42 AM On 09/26/2010 | - Website - |
Posted by Carl tyler At 10:05:08 AM On 09/26/2010 | - Website - |
Thank you for the attention
Posted by Rodrigo Ibraim At 09:03:34 AM On 11/08/2011 | - Website - |
Posted by Carl Tyler At 09:06:20 AM On 11/08/2011 | - Website - |
Thank you for the attention
Posted by Rodrigo Ibraim At 09:14:20 AM On 11/08/2011 | - Website - |
Posted by Carl Tyler At 09:22:02 AM On 11/08/2011 | - Website - |
Thank you again for your attention
Posted by Rodrigo Ibraim At 03:58:45 PM On 11/08/2011 | - Website - |
1. The administrator will need to enable announcements, it is a policy I believe.
2. If you are using embedded Sametime inside Notes, you need to make sure you have a full Sametime license, and not the free entitlement. As I don't think you can do it with the free version. Mind you, you also aren't licensed to write API integration with the free Sametime entitlement either.
Posted by Carl Tyler At 04:50:56 PM On 11/08/2011 | - Website - |
Thanks,
Omkar
Posted by Omkar At 06:05:10 PM On 02/28/2012 | - Website - |