User Information class

For a project I needed to check which rights a user has in a database and on documents. The UserBean in the Extension Library did not seem to match my needs since that the rights of the current effective user against the database from which the code is called. In my case the documents reside in different databases than the one serving the Xpages.

Second stop was the UserBean class written by Oliver Busse. This allows me to change the effective username againt a given name.

Name name = session.createName(“a string here”);

The same principle goes for the database.

this.aclLevel = session.getDatabase(“a string here”,”a string here”).queryAccess(this.userNameCanonical);

The aclPriviliges are no part of the original code so I added something as followed:

public final List<String> aclPriviliges = new ArrayList<String>();

if ((accPriv & db.DBACL_CREATE_DOCS) > 0){
if (!aclPriviliges.contains(“DBACL_CREATE_DOCS”)){
if ((accPriv & db.DBACL_DELETE_DOCS) > 0){
if (!aclPriviliges.contains(“DBACL_DELETE_DOCS”)){

I registered my class as a Managed Bean and I invoke it from the beforepageload event:

<xp:this.beforePageLoad><![CDATA[#{javascript:UserInfo.init(“location of my nsf”,”Ja user name here”);}]]></xp:this.beforePageLoad>

With this I can use it in the same way Oliver demonstrated in his snippet. But I can also check the acl Priviliges:

<xp:label value=”ACL Priviliges:”></xp:label> 
<xp:label value=”#{javascript:UserInfo.aclPriviliges}”></xp:label>

Next I wanted to check if a user can edit a document or not. This is not that easy as it might seem. This code is what I took as starting-point. It became this piece of code:

public boolean canEdit(String docId){
boolean canEdit = false;
NotesContext ctx = new NotesContext(null).getCurrent();
Session session = null;
session = getCurrentSession();
try {
Database db = session.getDatabase(“”, this.activeDb);
Document doc = db.getDocumentByUNID(docId);
if(null != doc){
canEdit = ctx.isDocEditable(doc);
} catch (NotesException e) {
// TODO Auto-generated catch block
return canEdit;

Unfortunately I cannot set the username, so it runs against against the effective username ūüė¶

I tried to achieve the same functionality with the lock function for documents (which you have to enable on database level) but it fails. Even a given user with Reader access was able to lock a document (name added to $Writers field)

public boolean canWriteDocument(String docId, String userName) {
boolean canWrite = false;
Session session = null;
session = getCurrentSession();
try {
Database db = session.getDatabase(“”, this.activeDb);
if (db.isDocumentLockingEnabled()) {
//Document locking is enabled
Document doc = db.getDocumentByUNID(docId);
if (null != doc){
if (doc.lock(userName)) {
canWrite = true;

} else {
//Document locking is NOT enabled

} catch (NotesException e) {
// fail silently
return canWrite;

I assume I am doing something wrong but I am not sure what. If you happen to know what then drop a comment.

Happy development ūüôā

Add 20 years of experience to your workforce

You can 20 years of experience within IBM Notes and Web development to your workforce by hiring me.

Interested? Read my curriculum vitae on LinkedIn: and get in contact.

I am happy to work WITH you !

Presentations from EntwicklerCamp 2014 – Track 2

Track Session Subject Download Presentation
Track2 Session1 IBM Connections$FILE/T2S1-IBM%20Connections.pdf
Track2 Session2 XPages und Connections$FILE/T2S2-Xpages%20und%20Connections.pdf
Track2 Session3 iNotes deep dive$FILE/T2S3-iNotesDevPres.pdf
Track2 Session4 Notes Database Security – Analyse, Konzept und Techniken$FILE/T2S4%20Notes%20Database%20Security.pdf
Track2 Session5 XPages und Java$FILE/T2S5-XPages_und_Java_2014.pdf
Track2 Session6 Einsatz von Resource-Bundles am Beispiel der Realisierung von Mehrsprachigkeit und flexibler Men√ľstrukturen der XPage-Applikation. Managed Beans$FILE/T2S6-ResourceBundles.pdf
Track2 Session7 iNotes$FILE/T2S7-iNotesXPagesDevPres.pdf
Track2 Session8 WebServices und REST$FILE/T2S8-XPages_WebServices_und_REST.pdf

Presentations from EntwicklerCamp 2014 – Track 1

Track Session Subject Download Presentation
Track1 Session1 XPages – 1 – Notes-Daten auf das Smartphone oder Tablet – Datenaustausch zwischen nativen mobilen Anwendungen und Domino mit Hilfe von XPage$FILE/T1S1-Notes-Daten-1.pdf
Track1 Session2 XPages – 1 – Notes-Daten auf das Smartphone oder Tablet – Datenaustausch zwischen nativen mobilen Anwendungen und Domino mit Hilfe von XPage$FILE/T1S2-Fehlerbehandlung%20in%20Notes.pdf
Track1 Session3 XPages – 3 – Schick mit Grid – DataGrids in XPages$FILE/T1S3-SchickMitGrid.pdf
Track1 Session4 Notes-Daten auf das Smartphone oder Tablet – konkrete Code-Beispiele und Erfahrungen aus echten Projekten$FILE/T1S4-Notes-Daten-2.pdf
Track1 Session5 Domino Designer – Tips, Tricks and Enhancements for Maximum Productivity!$FILE/T1S5-Designer%20EntwicklerCamp%202014.pdf
Track1 Session6 Composit apps – Fange ich noch an?$FILE/T1S6-CompositApps-fange-ich-noch-an-Anleitung.pdf$FILE/T1S6-CompositApps-fange-ich-noch-an.pdf$FILE/T1S6-CompositApps-fange-ich-noch-an-Beispiel2.pdf$FILE/T1S6-CompositApps-fange-ich-noch-an-Beispiel1.pdf
Track1 Session7 Sicherheit in Notes (Anwendungen)$FILE/T1S7-Sicherheit%20in%20der%20Notes%20Entwicklung.pdf
Track1 Session8 dynamisches Maskendesign$FILE/T1S8-DynamischesMaskendesign-V2.pdf

Presentations from EntwicklerCamp 2012 available

I have experienced that IBM has some problems linking to their material that lies out in the open, but I hope this post does not cause the same kind of trouble. I also know the solution in case needed: contact the content publisher to remove the files…

Nevertheless Entwicklercamp sounds like a excellent technical conference and for those of you who have no problems with reading a bit of German (not all presentations are in German, by the way) here are some interesting presentations:

Track 0 – Session 1 –¬†Er√∂ffnungssession¬†– Rudi Knegt (link)

Track 0 – Session 2 –¬†Opening Session – Phil Riand (link)

Track 0 – Session 3 –¬†Speeddemoing – Diverse (link)

Track 0 – Session 5 –¬†Closing Session: Ein (grausamer Selbstversuch) – 5 Monate ohne Lotus Notes – Werner Motzet

“Ein (Arbeits-)Leben ohne Lotus Notes” / “Ein (grausamer Selbstversuch) – 4 Monate ohne Lotus Notes” (link)

Track 1 – Session 1 –¬†XPages – 1 – Grundlagen – Ulrich Krause (link)

Track 1 – Session 2 –¬†XPages: Practical Ideas for Converting Existing Notes Applications – Matthew Fyleman (link)

Track 1 – Session 3 –¬†XPages – 3 – eXtension Library – Viagra f√ľr die XPages – Ulrich Krause (link)

Track 1 – Session 4 –¬†XPages – 4 – IBM oneUI + MyTheme = myUI – Manfred Meise (link)

Track 1 – Session 5 –¬†XPages – 5 – Wie mache ich meine XPages Applikationen ‘social’? – Niklas Heidloff (link)

Track 1 – Session 6 –¬†XPages – 6 – XPages Extensibility API – going deep – Ren√© Winkelmeyer (link)

Track 1 – Session 7 –¬†Z√§hme den Tiger – Java-Entwicklung in Notes und Domino – Bernd Hort (link)

Track 1 – Session 8 –¬†XPages – 8 – Nutzung des Dojo Toolkits zur Optimierung bestehender Notes-Web-Anwendungen – Matthias Bierl (link)

Track 2 – Session 1 – Extending Lotus Notes – Widgets, Livetext, Plugins – Detlev Poettgen (link)

Track 2 – Session 3 –¬†Agile Softwareentwicklung mit LotusNotes – Werner Motzet (link)

Track 2 – Session 4 –¬†Ich wei√ü was du diesen Sommer tun wirst – Gregory Engels (link)

Track 2 – Session 5 –¬†Erfolgreiches Projektmanagement mit agilen Methoden – Christian Habermueller (link)

Track 2 – Session 6 –¬†Make the impossible possible with XPages – Frank van der Linden (link)

Track 2 – Session 7 –¬†Connect your Lotus Notes app to the Activity Stream with XPages – Frank van der Linden (link)

Track 2 – Session 8 –¬†Keine Angst vor gro√üen Tieren – Peter Klett (link)

Track 3 – Session 1 –¬†Rediscover the Power of LotusScript in Notes/Domino 8.5 – Rocky Oliver (link)

Track 3 – Session 2 –¬†Die besten Open Source Projekte von OpenNTF – Niklas Heidloff (link)

Track 3 – Session 3 –¬†Richtig(er) Kommunizieren! – Wie bringe ich meine Botschaft r√ľber? – J√ľrgen Kunert (link)

Track 3 – Session 4 –¬†XPages und Domino App Dev Erweiterungen – Phil Riand und Niklas Heidloff (link)

Track 3 – Session 5 –¬†Turbocharge Development in Notes/Domino 8.5 – with @Formulas! – Rocky Oliver (link)

Track 3 – Session 6 –¬†Mobiler Zugriff auf Notes Daten – Matthias Schneider (link)

Track 3 – Session 7 –¬†Es gibt keine Ausreden mehr ‚Äď eGit im DDE : Versionskontrolle leicht gemacht – Holger Chudek (link)

Track 3 – Session 8 –¬†Using the XPages Mobile Controls… and looking at alternatives – Rich Sharpe (link)

Track 4 – Session 1 –¬†Security in Notes – Manfred Meise (link)

Track 4 – Session 2 –¬†Workflow – Richtig analysieren, dokumentieren und schl√ľssig hinterfragen – Christian Habermueller (link)

Track 4 – Session 3 –¬†Lotus Protector programmieren – Matthias Schneider (link)

Track 4 – Session 4 –¬†WebServices unter Notes/Domino – Tim Pistor (link)

Track 4 – Session 5 –¬†Hilfe, ich habe geerbt! – Bernhard K√∂hler (link)

Track 4 – Session 6 –¬†NoSQL-Datenbanken – ein √úberblick – Karsten Lehmann (link)

Track 4 – Session 7 –¬†Notes und die Zeit – Bernhard K√∂hler (link)

Track 4 – Session 8 –¬†Schnittstellendesign mit dem Tivoli Directory Integrator – Am Beispiel SAP – Andreas Artner (link)

In case you are a bit lazy or dont care about bandwidth: <here> you can find the presentations archived together by track…

There are also some hands-on sessions available:

Hands-On 1 –¬†Javascript – die ersten Schritten – Manuel Nientit (link)

Hands-On 3 –¬†XPages – the first Steps 1 – Howard Greenberg (link)

Hands-On 4 –¬†XPages – the second steps 2 – Howard Greenberg (link)

Hands-On 5 –¬†Signierung und Verteilung von Plugins f√ľr den Notes Client – Detlev Poettgen (link)

Hands-On 6 –¬†LotusScript – so einfach geht es los – Peter Klett (link)

Hands-On 7 –¬†Mobiler Zugriff auf Notes Daten – Matthias Schneider (link)

Hands-On 8 –¬†XPages Extensibility API – first steps – Ren√© Winkelmeyer (link)

Btw, all links were collected from this source.

Link: Securing Your Notes Application

Today we discussed to provide a checklist for developers that can help them with auditing the security of their applications.

In the Notes/Domino Best Practices: Security checklist there is a reference to:

Lotus Education On Demand: Securing Your Notes Application

Overview Introduction Controlling Access to Notes/Domino Data Tools The Access Control List Setting Up and Refining the ACL Access to Database Elements Participants Partners in Securing an Application Web Users Anonymous Users Case Studies Problems … 28 Apr 2005.

However the link is dead. Does anyone know if this tutorial is available under a different address?

Lotusphere – Jumpstart day

Here is a summary of my experiences on Jumpstart day:

JMP301 Masterclass: Defence against the dark arts

Although an administrator session I thought it would be good to hear a bit more on Notes security. On the other hand the jumpstart sessions for application development sounded too simple to me.

The session was great (and fun listening) and it was good to hear about the measurements available Notes to secure the system.

What I took out of the session was more to create more security awareness among our developers. I guess this will result in some kind of workshop we have to setup.

Anyway, when I told my admin that I visited an admin session he was proud but I did not get a reply when I stated that he should now at least attend one developer’s session =)

Rated: 10


JMP 304 Masterclass Deep Dive into Calendaring and Scheduling

Again an admin session. The purpose of this attendance was to understand Calendaring and Scheduling and hear of opportunities how to embed calendaring and scheduling in other Notes applications.

To my opinion the session went much into problem tracking so that was a bit disappointed.

Anyway, again I made my admin proud but still no answer on my question which developer session he will attend.

Rated: 6


Lotus stuff store and Bookstore

‘Vikings’ never return home without treasures so I paid a visit to the stuff store/bookstore to check if there was something of my taste. Any way I succeeded. I also noticed that the ‘Mastering XPages’ book is amazingly thick and this will truly become the bible in the new age of Domino development.

Some great other titles in the bookstore but at my next visit I will bring my axe and slayer and go a little berserk on some free shopping ūüėČ

Rated: 10



JMP303 Masterclass LeveragingJSON in both Client and Server Side JavaScript

The description sounded interesting ( I even skipped an admin session for this one!) but when they started with adding a Notes View on a Notes Page surrounding with brackets and adding an empty entry at the end I was thinking:

Does IBM allow the promotion of such approaches while XPages is the preferred technology to be used?

Anyway, in the second part the speakers came with some XPages examples but they never recovered from the weak start.

I believed the description also talked about JSON in the client but that turned out to be running XPages in the Notes client.

Rated: 5


Welcome reception

Free drinks & food, some entertainment on the background, a nice evening temperature and a lot of Notes geeks!

Rated: 10