White Paper: Leveraging Lotus Notes for Better Project Collaboration

image by: Alen Lepofsky

If only everyone understood the power of Lotus Notes. Neil clearly does and outlines it very well in this white paper:


Project Management Duly Noted: Leveraging Lotus Notes for Better Project Collaboration

By: Neil Stolovitsky


For many knowledge workers, Lotus Notes is the lifeline to their team members, supervisors and clients. Unfortunately, in many cases Lotus notes is not utilized to its fullest potential beyond the use of email and calendaring. For those working in a Lotus Notes environment, the powerful collaboration capabilities, the sharing of documents and the simple extension of composite applications are never fully realized. In addition, the online and offline capabilities unique to Lotus Notes are not fully benefited by its users.

For the project management professional, when effectively implemented, the Lotus Notes platform can be the ideal environment to roll out an effective project management governance framework that will drive better results, increase visibility and provide a more collaborative environment among its project stakeholders.

In this paper, I will be highlighting how project management organizations can get the most out of their Lotus Notes investment.

To download the white paper:


Mac and Linux update on the Attachment Viewer 2.0 for Lotus Notes

After getting some feedback from the prior post (thanks everyone), I will need to move the Microsoft Office Viewer code into an Eclipse fragment. This will allow me (and maybe others) to write a Mac and Linux (good luck there) version for the Office files by creating additional fragments. If you haven’t seen the video please watch it and if you like it then make sure you give me a thumbs up on YouTube!

Kick ass Group Calendar for Lotus Notes

I personally have not played with this but it looks fantastic. And as Mikkel describes, this is an Eclipse based UI – looks nothing like a traditional Lotus Notes application. I also agree that while Eclipse does add a level of overhead to Lotus Notes, if more applications were designed like this you would clearly see the benefit of the application platform at your fingertips.

Why choosing Eclipse for Notes 8 was the right choice – lekkimworld.com.



IdeaJam – Lotus Notes should support BlueTooth import

Vote now!

IdeaJam – Lotus Notes should support BlueTooth import.




inwidth = 500;inheight = 320;id = “B20F40C09C4F3783CA25788D00644573”;

Eclipse survey, make sure you participate!

Ian posted a blog entry on the up and coming Eclipse survey. This is an annual survey that everyone in the Eclipse community should participate in. So anyone using or writing to Eclipse IDE, Domino Designer, Lotus Notes, Lotus Sametime, Lotus Symphony, IBM Sales Center, Lotus Expeditor (you get the point) should participate in.

A draft of the survey is available. Feel free to fill-out the survey but your answers will be deleted before we launch the official survey.  If you have any suggestions for new questions, missing options or general editorial comments, please let me know via comments here or e-mail (ian at eclipse dot org) — link


Securing your local servlets in Lotus Notes

At this point, everyone knows about the Lotus Notes client and the embedded HTTP stack, or at least most know. If you do not know, here is a little primer: there is an embedded HTTP stack in the Lotus Notes client. 🙂

Just kidding!

The http stack allows for developers to create servlets, host HTML or even run pre-compiled JSP’s. You can learn more about the stack on the Lotus Expeditor Wiki.

Ok, so how can I prevent “other” operating system applications from calling into my servlet?

First off, the Lotus Notes client does a good job in not making it easy to figure out the port number of the embedded server. So the first layer of security is a random port number on each launch of the client. So you might see URL’s that look similar to this:


The port 1436 is dynamic and switches every time the Notes client starts. But that really is not good enough. A good hacker can most likely figure this out as the number is stored in memory. You may have also read how I can attach any browser on my machine to my servlet to help debug the Attachment Viewer sidebar plugin by enabling the debug option. This allows me to use the debug tools in Chrome and FireFox to assist with debugging my JavaScript and Dojo code.

The problem is, any application outside of Notes can do this if they figure out the port! That means anything your servlet “serves” up can be subjected to attack. So here is what I did to prevent this in the next version of the Attachment Viewer.

I used cookies to protect the servlet so only embedded browsers in the Notes Client can interact with the proxy servlet. While this is not 100% secure yet (stay tuned for the next post), it is a good way to prevent other operating system applications from getting into the Notes client. I simply generated both a unique key and value and set the cookie using the SWT browser API. Here is the code to create the key and value:

static String getNewKey(Object obj){
   return "AT" + (System.currentTimeMillis() * 3) + obj.hashCode();
static String getNewValue(Object obj){
   return "AT" + (System.currentTimeMillis() * 2) + obj.hashCode();

The object is the Attachment Viewer ViewPart and you can see we get the current time in milliseconds and multiply them by different values. This insures the name and value will be random every time the Notes client launches. Next we have to set the cookie in the browser before we launch the URL:

private void initURL(int port, String host) {
     currentCookieKey = Security.getNewKey(this);
     currentCookieValue = Security.getNewValue(this);
     String url = "http://" + host + ":" + port + "/proxy";
     Browser.setCookie(currentCookieKey + "=" + currentCookieValue, url);

     browser.setUrl(url + "/viewer.html");

So you can see we get a new key and value, store them into some memory where the proxy servlet can do a check against it when a request comes in. You will also notice that the setCookie is a static method, meaning all browser instances will inherit this cookie and can potentially access the servlet. We could even go further and assign an expiration to the cookie if we wanted.

Now in the servlet code, in our doGet() method, we verify the cookie and error out if it is not what we expect:

if (isValidRequest(req) == false){
     OutputStream os = resp.getOutputStream();
     StringBuffer buffer = new StringBuffer();

     buffer.append("<h1>Invalid security token, access to proxy not granted.</h1>");

In the end, when you attempt to connect to the servlet using FireFox or Chrome you would see something like this:

Click image to see full the image

As a Notes developer the iPad simply rocks

I start my day by going through emails, check my schedule on the calendar, and then jump right into work. My work is spread out through Eclipse, Designer, the Composite Application editor and test is in Lotus Notes. This doesn’t set well for the project manager side of my job where I attend meetings, demo stuff, or hold my own meetings because I am constantly going in and out of Lotus Notes and launching and shutting down Lotus Notes. I would have two laptops pretty much open all of the time, one with my production Lotus Notes email, calendar, etc open and possibly even my iPhone if I was upgrading the Notes client, and another laptop to develop and test on.

Well, then came along the iPad. I now have one developer laptop open and my iPad sitting on its cover stand at the viewing angle. Bye bye second laptop! What really rocks is how fast I can get the device out of sleep mode and straight to my calendar. With Traveler synchronizing my email, contacts and calendar it all simply “works”. At Lotusphere, for the sessions I could attend, I just brought the iPad. A small notebook like device that is extremely light and easy to carry. I had heard a crazy number like 1600 iPads were brought to the Opening General Session(OGS) on Monday, wow!

I am convinced tablets are the way of the future, no more laptops! With the introduction of Orion, I will be able to do almost everything from a touch screen device. Maybe in the near future.

The Dojo Toolbar dijit

One of the best things about using a JavaScript framework like Dojo is getting something up and running very quickly. The dijit.Toolbar is no exception. You can get a very quick toolbar by just using the declarative method right in  your HTML. If you are using the declarative method then you need to make sure you parse the DOM on load, this is how you tell Dojo to parse on load:


To get some cool look and feel you should then include one of the base Dojo style-sheets in your code. The easiest way to do this is just make the entire <body> use the style sheet so all sub-elements will inherit it:

<body style="margin:0px; padding:0px;">

You will also have to define in your CSS the images you want to use for the buttons (if they are icon buttons). Make sure you specify a height and width!

.iconfilm {
   background-image:url(icons/filmstrip.png) !important;
   width: 22px;
   height: 22px;
.iconthumb {
   background-image:url(icons/thumbnail.png) !important;
   width: 22px;
   height: 22px;
.iconslides {
   background-image:url(icons/slides.png) !important;
   width: 22px;
   height: 22px;

Lastly, you just put the code directly in your HTML. Declaring the toolbar as the outer

and then each button individually. You could also include this inside of an XPage, JSP, or PHP file and conditionally show or not each button. Notice I use a and a connectId to attach a Dojo tooltip to each icon.

iconfilm" showLabel="false">
<span id="fs_tip" dojoType="dijit.Tooltip" connectId="toolbar1.filmstrip">Film Strip</span>
iconthumb" showLabel="false">
<span id="slides_tip" dojoType="dijit.Tooltip" connectId="toolbar1.slides">Slides</span>
iconslides" showLabel="false">
<span id="thumb_tip" dojoType="dijit.Tooltip" connectId="toolbar1.thumbnail">Thumbnail</span> </div </div>

This code was taken from the Attachment Viewer project on OpenNTF. You can download the project and see how the code works. Here is a screen shot of the toolbar in the Lotus Notes client:

Make sure you check out the awesome online documentation for the dijit.Toolbar!

As for a jQuery version of Toolbar, I couldn’t find one. I did find a really nice article that shows how to create a CSS based toolbar with some cool jQuery effects. Check that out and if you find an actual toolbar plugin for jQuery let me know.

Deploying trusted plugins to your enterprise

This is a pretty hot topic for enterprises deploying the now many plug-ins available in the Lotus community. Do you want to deploy trusted plug-ins? Do you want to control what plug-ins can be installed? Then you may want to consider reading these resources:

First thing you need to know is how to sign your plugin, check out this great article for how to do that: Explore Eclipse’s plug-in signature mechanism.

Next, you will need to setup the Domino policies to restrict what certificates can be accepted by your clients. Check out the Domino wki for that: Pushing trusted certificates to Lotus Notes clients.