gatein SVN: r8281 - epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity.
by do-not-reply@jboss.org
Author: smumford
Date: 2012-01-08 20:32:31 -0500 (Sun, 08 Jan 2012)
New Revision: 8281
Modified:
epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml
Log:
JBEPP-1468: Perfunctory edit of new Authorization content
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml 2012-01-08 23:46:25 UTC (rev 8280)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml 2012-01-09 01:32:31 UTC (rev 8281)
@@ -143,7 +143,7 @@
<title>Login modules</title>
<para>
- JBoss Enterprise Portal Platform uses its own security domain (<emphasis role="bold">gatein-domain</emphasis>) with a set of predefined login modules. Login module configuration for <emphasis>gatein-domain</emphasis> is contained in the <file >deploy/gatein.ear/META-INF/gatein-jboss-beans.xml</file> file.
+ JBoss Enterprise Portal Platform uses its own security domain (<emphasis role="bold">gatein-domain</emphasis>) with a set of predefined login modules. Login module configuration for <emphasis>gatein-domain</emphasis> is contained in the <filename>deploy/gatein.ear/META-INF/gatein-jboss-beans.xml</filename> file.
</para>
<para>
Below is the default login modules stack:
@@ -187,7 +187,7 @@
<itemizedlist>
<listitem>
<para>
- It is possible to log a user in through existing login modules with their credentials (username: <literal>root</literal>/ password: <literal>gtn</literal>, for example) but also with a WCI ticket (username: <emphasis>root</literal>/password: <literal>wci-ticket-458791</literal>). The login modules stack supports both of these methods of authentication.
+ It is possible to log a user in through existing login modules with their credentials (username: <literal>root</literal>/ password: <literal>gtn</literal>, for example) but also with a WCI ticket (username: <literal>root</literal>/password: <literal>wci-ticket-458791</literal>). The login modules stack supports both of these methods of authentication.
</para>
</listitem>
@@ -272,7 +272,10 @@
<term>CustomMembershipLoginModule</term>
<listitem>
<para>
- Special login module, which is disabled (commented) by default. It can be used to add user to some existing group during successful login of this user. Name of group is configurable and by default it's <emphasis>/platform/users</emphasis> group. Login module is commented because in normal environment, users are already in <emphasis>/platform/users</emphasis> group. It's useful only for some special setups like read-only LDAP, where groups of ldap user are taken from ldap tree and so that users may not be in /platform/users group, which is needed for successful authorization.
+ Special login module, which is disabled (commented) by default. It can be used to add user to some existing group during successful login of this user. Name of group is configurable, by default it is <emphasis>/platform/users</emphasis> group.
+ </para>
+ <para>
+ This login module is commented because in normal environment, users are already in <emphasis>/platform/users</emphasis> group. It is useful only for some special setups like read-only LDAP, where groups of ldap user are taken from ldap tree and so that users may not be in <emphasis>/platform/users</emphasis> group, which is needed for successful authorization.
</para>
</listitem>
</varlistentry>
@@ -336,7 +339,7 @@
<title>Authentication on application server level</title>
<para>
- Application server needs to properly recognize that user is successfuly logged and it has assigned his JAAS roles. Unfortunately this part is not standardized and is specific for each AS. For example in JBoss AS, you need to ensure that JAAS Subject has assigned principal with username (UserPrincipal) and also RolesPrincipal, which has name "Roles" and it contains list of JAAS roles. This part is actually done in <emphasis>JbossLoginModule.commit()</emphasis>. In Tomcat, this flow is little different, which means Tomcat has it's own <emphasis>TomcatLoginModule</emphasis>.
+ Application server needs to properly recognize that user is successfuly logged and it has assigned his JAAS roles. Unfortunately this part is not standardized and is specific for each AS. For example in JBoss AS, you need to ensure that JAAS Subject has assigned principal with username (UserPrincipal) and also RolesPrincipal, which has name "Roles" and it contains list of JAAS roles. This part is actually done in <code>JbossLoginModule.commit()</code>. In Tomcat, this flow is little different, which means Tomcat has it is own <literal>TomcatLoginModule</literal>.
</para>
</formalpara>
@@ -349,7 +352,7 @@
<title>Authentication on JBoss Enterprise Portal Platform level</title>
<para>
- Login process needs to create special object <emphasis role="bold">org.exoplatform.services.security.Identity</emphasis> and register this object into JBoss Enterprise Portal Platform component <emphasis role="bold">IdentityRegistry</emphasis>. This Identity object should encapsulate username of authenticated user, Memberships of this user and also JAAS roles. Identity object can be easily created with interface <emphasis role="bold">Authenticator</emphasis> as can be seen below.
+ Login process needs to create special object <literal>org.exoplatform.services.security.Identity</literal> and register this object into JBoss Enterprise Portal Platform component <literal>IdentityRegistry</literal>. This Identity object should encapsulate username of authenticated user, Memberships of this user and also JAAS roles. Identity object can be easily created with interface <literal>Authenticator</literal> as can be seen below.
</para>
</formalpara>
@@ -410,7 +413,7 @@
<listitem>
<para>
- set of Strings with JAAS roles of given user. JAAS roles are simple Strings, which are mapped from MembershipEntry objects. There is another special component <emphasis>org.exoplatform.services.security.RolesExtractor</emphasis>, which is used to map JAAS roles from MembershipEntry objects. RolesExtractor interface looks like this:
+ Set of Strings with JAAS roles of given user. JAAS roles are simple Strings, which are mapped from MembershipEntry objects. There is another special component <emphasis>org.exoplatform.services.security.RolesExtractor</emphasis>, which is used to map JAAS roles from MembershipEntry objects. RolesExtractor interface looks like this:
</para>
</listitem>
</itemizedlist>
@@ -456,7 +459,7 @@
<title>RememberMe authentication</title>
<para>
- In default login dialog, you can notice that there is "Remember my login" checkbox, which users can use to persist their login on his workstation. Default validity period of RememberMe cookie is 1 day (it is configurable), and so user can be logged for whole day before he need to reauthenticate again with his credentials.
+ In default login dialog, you can notice that there is "Remember my login" checkbox, which users can use to persist their login on his workstation. Default validity period of RememberMe cookie is one day (it is configurable), and so user can be logged for whole day before he need to reauthenticate again with his credentials.
</para>
<section id="sect-Authentication_Authorization_Intro-RememberMeAuthentication-howDoesItWork">
@@ -465,13 +468,13 @@
<itemizedlist>
<listitem>
<para>
- User checks the checkbox "Remember my login" on login screen of JBoss Enterprise Portal Platform . Then he submit the form.
+ User checks the checkbox "Remember my login" on login screen of JBoss Enterprise Portal Platform . Then submits the form.
</para>
</listitem>
<listitem>
<para>
- HTTP request like <emphasis>http://localhost:8080/portal/login?initialURI=/portal/classic&usernam...</emphasis> is send to server
+ HTTP request like <uri>http://localhost:8080/portal/login?initialURI=/portal/classic&usernam...</uri> is sent to server.
</para>
</listitem>
@@ -495,7 +498,7 @@
<listitem>
<para>
- User send HTTP request to some portal page (ie. <emphasis>http://localhost:8080/portal/classic</emphasis> ).
+ User send HTTP request to some portal page (ie. <filename>http://localhost:8080/portal/classic</filename> ).
</para>
</listitem>
@@ -511,7 +514,7 @@
<title>RemindPasswordTokenService</title>
<para>
- This is special service used during RememberMe authentication workflow. It's configurable in file <emphasis>deploy/gatein.ear/02portal.war/WEB-INF/conf/common/remindpwd-configuration.xml</emphasis> . For more info, look at section <xref linkend="sect-Reference_Guide-Authentication_Token_Configuration" />
+ This is special service used during RememberMe authentication workflow. It is configurable in file <filename>deploy/gatein.ear/02portal.war/WEB-INF/conf/common/remindpwd-configuration.xml</filename> . For more info, look at section <xref linkend="sect-Reference_Guide-Authentication_Token_Configuration" />
</para>
<para>
@@ -524,7 +527,7 @@
<title>BASIC authentication</title>
<para>
- JBoss Enterprise Portal Platform is using FORM based authentication by default but it's not a problem with switch to different authentication type like BASIC. Only needed thing is to configure it properly in <emphasis>deploy/gatein.ear/02portal.war/WEB-INF/web.xml</emphasis> like this:
+ JBoss Enterprise Portal Platform is using FORM based authentication by default but it is not a problem with switch to different authentication type like BASIC. Only needed thing is to configure it properly in <filename>deploy/gatein.ear/02portal.war/WEB-INF/web.xml</filename> like this:
</para>
<programlisting language="XML" role="XML">
<![CDATA[
@@ -565,13 +568,13 @@
<step>
<para>
- User will send request to loadbalancer and he will be redirected to node1. All his requests will be then processed on node1 (sticky session).
+ User will send request to loadbalancer and he will be redirected to <emphasis>node1</emphasis>. All his requests will be then processed on <emphasis>node1</emphasis> (sticky session).
</para>
</step>
<step>
<para>
- User login on loadbalancer (which is redirected to node1)
+ User login on loadbalancer (which is redirected to <emphasis>node1</emphasis>)
</para>
</step>
@@ -583,19 +586,19 @@
<step>
<para>
- User will send another HTTP request. He will now be redirected to node2 because node1 is killed. Now user will be automatically logged on node2 as well thanks to session replication, because he still has same HTTP session, which was replicated from node1 to node2. So end user shouldn't recognize any change even if his work is now done on different node of cluster.
+ User will send another HTTP request. He will now be redirected to <emphasis>node2</emphasis> because <emphasis>node1</emphasis> is killed. Now user will be automatically logged on <emphasis>node2</emphasis> as well thanks to session replication, because he still has same HTTP session, which was replicated from <emphasis>node1</emphasis> to <emphasis>node2</emphasis>. So end user shouldn't recognize any change even if his work is now done on different node of cluster.
</para>
</step>
</procedure>
<para>
- This login workflow works thanks to <emphasis>PortalLoginModule</emphasis>, which is able to save special attribute into HTTP session as flag that user is already logged. Then reauthentication on node2 is working thanks to servlet filter <emphasis>ClusteredSSOFilter</emphasis>, which is able to automatically trigger programmatic authentication.
+ This login workflow works thanks to <emphasis>PortalLoginModule</emphasis>, which is able to save special attribute into HTTP session as flag that user is already logged. Then reauthentication on <emphasis>node2</emphasis> is working thanks to servlet filter <emphasis>ClusteredSSOFilter</emphasis>, which is able to automatically trigger programmatic authentication.
</para>
<note>
<title>Note</title>
<para>
- ClusteredSSOFilter is using proprietary JBossWeb API for trigger programmatic authentication and so it's working only on JBoss AS. It is not working on other servers like Tomcat or Jetty.
+ <literal>ClusteredSSOFilter</literal> is using proprietary JBossWeb API for trigger programmatic authentication and so it is working only on JBoss AS. It is not working on other servers like Tomcat or Jetty.
</para>
</note>
@@ -650,18 +653,18 @@
<title>Servlet container authorization</title>
<para>
- First round of authorization is servlet container authorization based on secured URL from <emphasis>web.xml</emphasis>. We saw above in web.xml snippet that secured URL are accessible only for users from role <emphasis>users</emphasis>:
+ First round of authorization is servlet container authorization based on secured URL from <filename>web.xml</filename>. We saw above in web.xml snippet that secured URL are accessible only for users from role <emphasis>users</emphasis>:
</para>
<programlisting language="XML" role="XML"><![CDATA[
<auth-constraint>
<role-name>users</role-name>
</auth-constraint>]]></programlisting>
<para>
- This actually means that our user needs to be in JBoss Enterprise Portal Platform role <emphasis>/platform/users</emphasis> (For details see <xref linkend="sect-Authentication_Authorization_Intro-authenticatorAndRolesExtractor" />). In other words, if we successfuly authenticate but our user is not in group /platform/users, then it means that he is not in JAAS role <emphasis>users</emphasis>, which in next turn means that he will have authorization error <emphasis role="bold">403 Forbidden</emphasis> thrown by servlet container.
+ This actually means that our user needs to be in JBoss Enterprise Portal Platform role <emphasis>/platform/users</emphasis> (For details see <xref linkend="sect-Authentication_Authorization_Intro-authenticatorAndRolesExtractor" />). In other words, if we successfuly authenticate but our user is not in group <emphasis>/platform/users</emphasis>, then it means that he is not in JAAS role <emphasis>users</emphasis>, which in next turn means that he will have authorization error <emphasis role="bold">403 Forbidden</emphasis> thrown by servlet container.
</para>
<para>
- You can change the behaviour and possibly add some more <emphasis>auth-constraint</emphasis> elements into web.xml. However this protection of resources based on web.xml is not standard JBoss Enterprise Portal Platform way and it's mentioned here mainly for illustration purposes.
+ You can change the behaviour and possibly add some more <emphasis>auth-constraint</emphasis> elements into <filename>web.xml</filename>. However this protection of resources based on web.xml is not standard JBoss Enterprise Portal Platform way and it is mentioned here mainly for illustration purposes.
</para>
</section>
@@ -685,7 +688,7 @@
<listitem>
<para>
- HTTP request is processed through <emphasis role="bold">SetCurrentIdentityFilter</emphasis>, which is declared in <emphasis>deploy/gatein.ear/02portal.war/WEB-INF/web.xml</emphasis>.
+ HTTP request is processed through <literal>SetCurrentIdentityFilter</literal>, which is declared in <filename>deploy/gatein.ear/02portal.war/WEB-INF/web.xml</filename>.
</para>
</listitem>
12 years, 11 months
gatein SVN: r8280 - in epp/docs/branches/5.2: Developer_Guide/en-US and 5 other directories.
by do-not-reply@jboss.org
Author: smumford
Date: 2012-01-08 18:46:25 -0500 (Sun, 08 Jan 2012)
New Revision: 8280
Added:
epp/docs/branches/5.2/Reference_Guide/en-US/images/AuthenticationAndIdentity/Overview/
epp/docs/branches/5.2/Reference_Guide/en-US/images/AuthenticationAndIdentity/Overview/loginScreen.png
Modified:
epp/docs/branches/5.2/Admin_Guide/en-US/Book_Info.xml
epp/docs/branches/5.2/Admin_Guide/en-US/Revision_History.xml
epp/docs/branches/5.2/Admin_Guide/en-US/chapter-3-Command_Line_Interface.xml
epp/docs/branches/5.2/Developer_Guide/en-US/Book_Info.xml
epp/docs/branches/5.2/Developer_Guide/en-US/Revision_History.xml
epp/docs/branches/5.2/Migration_Guide/en-US/Book_Info.xml
epp/docs/branches/5.2/Migration_Guide/en-US/Revision_History.xml
epp/docs/branches/5.2/Migration_Guide/en-US/chapter-3-Portal_URLs.xml
epp/docs/branches/5.2/Migration_Guide/en-US/chapter-5-User_interface.xml
epp/docs/branches/5.2/Site_Publisher/Installation_Guide/en-US/Book_Info.xml
epp/docs/branches/5.2/Site_Publisher/Installation_Guide/en-US/Revision_History.xml
epp/docs/branches/5.2/Site_Publisher/Installation_Guide/publican.cfg
Log:
Removed 5.2.0 dev cycle 'remark' tags
Modified: epp/docs/branches/5.2/Admin_Guide/en-US/Book_Info.xml
===================================================================
--- epp/docs/branches/5.2/Admin_Guide/en-US/Book_Info.xml 2012-01-08 23:45:52 UTC (rev 8279)
+++ epp/docs/branches/5.2/Admin_Guide/en-US/Book_Info.xml 2012-01-08 23:46:25 UTC (rev 8280)
@@ -9,7 +9,7 @@
<productname>JBoss Enterprise Portal Platform</productname>
<productnumber>5.2</productnumber>
<edition>5.2.0</edition>
- <pubsnumber>7</pubsnumber>
+ <pubsnumber>100</pubsnumber>
<abstract>
<para>
This document is a guide to administering an implementation of JBoss Enterprise Portal Platform. It is intended for System Administrators and assumes a high level of technical knowledge.
Modified: epp/docs/branches/5.2/Admin_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/5.2/Admin_Guide/en-US/Revision_History.xml 2012-01-08 23:45:52 UTC (rev 8279)
+++ epp/docs/branches/5.2/Admin_Guide/en-US/Revision_History.xml 2012-01-08 23:46:25 UTC (rev 8280)
@@ -8,6 +8,34 @@
<simpara>
<revhistory>
<revision>
+ <revnumber>5.2.0-100</revnumber>
+ <date>Wed Dec 14 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email></email>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Publication build.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-8</revnumber>
+ <date>Mon Dec 12 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email></email>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>JBEPP-1450: Changed gatein-management-cli deploy instructions for production docs.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
<revnumber>5.2.0-7</revnumber>
<date>Wed Dec 7 2011</date>
<author>
Modified: epp/docs/branches/5.2/Admin_Guide/en-US/chapter-3-Command_Line_Interface.xml
===================================================================
--- epp/docs/branches/5.2/Admin_Guide/en-US/chapter-3-Command_Line_Interface.xml 2012-01-08 23:45:52 UTC (rev 8279)
+++ epp/docs/branches/5.2/Admin_Guide/en-US/chapter-3-Command_Line_Interface.xml 2012-01-08 23:46:25 UTC (rev 8280)
@@ -16,7 +16,7 @@
<title>Deploying the CLI</title>
<para>
- The JBoss Enterprise Portal Platform distribution includes a war archive of the gatein-management-cli application.
+ The JBoss Enterprise Portal Platform distribution includes an archive of the gatein-management-cli application.
</para>
<para>
To deploy the application, copy the <filename><replaceable><JBOSS_HOME></replaceable>/gatein-management/gatein-management-cli.war</filename> to the <filename>deploy</filename> directory of your portal profile (<filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable>default</replaceable>/deploy/</filename>, for example).
Modified: epp/docs/branches/5.2/Developer_Guide/en-US/Book_Info.xml
===================================================================
--- epp/docs/branches/5.2/Developer_Guide/en-US/Book_Info.xml 2012-01-08 23:45:52 UTC (rev 8279)
+++ epp/docs/branches/5.2/Developer_Guide/en-US/Book_Info.xml 2012-01-08 23:46:25 UTC (rev 8280)
@@ -6,7 +6,7 @@
<productname>JBoss Enterprise Portal Platform</productname>
<productnumber>5.2</productnumber>
<edition>5.2.0</edition>
- <pubsnumber>6</pubsnumber>
+ <pubsnumber>100</pubsnumber>
<abstract>
<para>
This guide is intended to assist developers working with JBoss Enterprise Portal Platform. It assumes a high level of technical knowledge.
Modified: epp/docs/branches/5.2/Developer_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/5.2/Developer_Guide/en-US/Revision_History.xml 2012-01-08 23:45:52 UTC (rev 8279)
+++ epp/docs/branches/5.2/Developer_Guide/en-US/Revision_History.xml 2012-01-08 23:46:25 UTC (rev 8280)
@@ -6,6 +6,20 @@
<simpara>
<revhistory>
<revision>
+ <revnumber>5.2.0-100</revnumber>
+ <date>Wed Dec 14 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email></email>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Publication build.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
<revnumber>5.2.0-6</revnumber>
<date>Fri Dec 9 2011</date>
<author>
Modified: epp/docs/branches/5.2/Migration_Guide/en-US/Book_Info.xml
===================================================================
--- epp/docs/branches/5.2/Migration_Guide/en-US/Book_Info.xml 2012-01-08 23:45:52 UTC (rev 8279)
+++ epp/docs/branches/5.2/Migration_Guide/en-US/Book_Info.xml 2012-01-08 23:46:25 UTC (rev 8280)
@@ -6,7 +6,7 @@
<productname>JBoss Enterprise Portal Platform</productname>
<productnumber>5.2</productnumber>
<edition>5.2.0</edition>
- <pubsnumber>4</pubsnumber>
+ <pubsnumber>100</pubsnumber>
<abstract>
<para>
This guide will assist Portal administrators to migrate from an installation of JBoss Enterprise Portal Platform 5.1 to the 5.2 version.
Modified: epp/docs/branches/5.2/Migration_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/5.2/Migration_Guide/en-US/Revision_History.xml 2012-01-08 23:45:52 UTC (rev 8279)
+++ epp/docs/branches/5.2/Migration_Guide/en-US/Revision_History.xml 2012-01-08 23:46:25 UTC (rev 8280)
@@ -5,7 +5,21 @@
<simpara>
<revhistory>
<revision>
- <revnumber>5.2.0-4</revnumber>
+ <revnumber>5.2.0-100</revnumber>
+ <date>Wed Dec 14 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email></email>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Publication build.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-6</revnumber>
<date>Wed Dec 7 2011</date>
<author>
<firstname>Scott</firstname>
Modified: epp/docs/branches/5.2/Migration_Guide/en-US/chapter-3-Portal_URLs.xml
===================================================================
--- epp/docs/branches/5.2/Migration_Guide/en-US/chapter-3-Portal_URLs.xml 2012-01-08 23:45:52 UTC (rev 8279)
+++ epp/docs/branches/5.2/Migration_Guide/en-US/chapter-3-Portal_URLs.xml 2012-01-08 23:46:25 UTC (rev 8280)
@@ -222,7 +222,7 @@
<URL-pattern>/dologin</URL-pattern>
</servlet-mapping></programlisting>
</example>
- <para>Delare portal servlet as default Servlet</para>
+ <para>Declare portal servlet as default Servlet</para>
<example>
<title>Example</title>
<programlisting><servlet-mapping>
Modified: epp/docs/branches/5.2/Migration_Guide/en-US/chapter-5-User_interface.xml
===================================================================
--- epp/docs/branches/5.2/Migration_Guide/en-US/chapter-5-User_interface.xml 2012-01-08 23:45:52 UTC (rev 8279)
+++ epp/docs/branches/5.2/Migration_Guide/en-US/chapter-5-User_interface.xml 2012-01-08 23:46:25 UTC (rev 8280)
@@ -7,12 +7,12 @@
<section id="sid-13467777_Userinterface-Cleanthewebbrowsercache">
<title>Clean the web browser cache</title>
- <para>This has not been changed and, while performing the migration, your web browser may still have the content of previous portal in cache. You will need to empty your web browser cache if you see that the UI is malfored or if overlay menus are not appearing. With most browsers you can refresh the cache by clicking on Ctrl+F5 while being on the problematic page.</para>
+ <para>This has not been changed and, while performing the migration, your web browser may still have the content of previous portal in cache. You will need to empty your web browser cache if you see that the UI is malformed or if overlay menus are not appearing. With most browsers you can refresh the cache by clicking on Ctrl+F5 while being on the problematic page.</para>
</section>
<section id="sid-13467777_Userinterface-Cleanthecookies">
<title>Clean the cookies</title>
- <para>On some rare occasions after using JBoss Enterprise Portal Platform 5.1 and 5.2 alternatively during migration phase, the portal may not answer and, during login, errors such as the folowing may appear:</para>
+ <para>On some rare occasions after using JBoss Enterprise Portal Platform 5.1 and 5.2 alternatively during migration phase, the portal may not answer and, during login, errors such as the following may appear:</para>
<para>11:33:07,011 ERROR [SetCurrentIdentityFilter] Not found identity in IdentityRegistry for user root, check Login Module.</para>
<example>
<title>Example</title>
Added: epp/docs/branches/5.2/Reference_Guide/en-US/images/AuthenticationAndIdentity/Overview/loginScreen.png
===================================================================
(Binary files differ)
Property changes on: epp/docs/branches/5.2/Reference_Guide/en-US/images/AuthenticationAndIdentity/Overview/loginScreen.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Modified: epp/docs/branches/5.2/Site_Publisher/Installation_Guide/en-US/Book_Info.xml
===================================================================
--- epp/docs/branches/5.2/Site_Publisher/Installation_Guide/en-US/Book_Info.xml 2012-01-08 23:45:52 UTC (rev 8279)
+++ epp/docs/branches/5.2/Site_Publisher/Installation_Guide/en-US/Book_Info.xml 2012-01-08 23:46:25 UTC (rev 8280)
@@ -9,7 +9,7 @@
<productname>JBoss Enterprise Portal Platform</productname>
<productnumber>5.2</productnumber>
<edition>5.2.0</edition>
- <pubsnumber>5</pubsnumber>
+ <pubsnumber>100</pubsnumber>
<abstract>
<para>
This book provides information about obtaining, installing and running the JBoss Enterprise Portal Platform Site Publisher extension. It forms the documentation suite along with the Site Publisher User Guide available at <ulink type="http" url="http://docs.redhat.com/docs/en-US/JBoss_Site_Publisher/index.html" />
Modified: epp/docs/branches/5.2/Site_Publisher/Installation_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/5.2/Site_Publisher/Installation_Guide/en-US/Revision_History.xml 2012-01-08 23:45:52 UTC (rev 8279)
+++ epp/docs/branches/5.2/Site_Publisher/Installation_Guide/en-US/Revision_History.xml 2012-01-08 23:46:25 UTC (rev 8280)
@@ -8,6 +8,34 @@
<simpara>
<revhistory>
<revision>
+ <revnumber>5.2.0-100</revnumber>
+ <date>Wed Dec 14 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email></email>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Publication build.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>2.5.0-6</revnumber>
+ <date>Wed Dec 7 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email></email>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>JBEPP-1433: Incorporating QE feedback.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
<revnumber>5.2.0-5</revnumber>
<date>Tue Nov 15 2011</date>
<author>
Modified: epp/docs/branches/5.2/Site_Publisher/Installation_Guide/publican.cfg
===================================================================
--- epp/docs/branches/5.2/Site_Publisher/Installation_Guide/publican.cfg 2012-01-08 23:45:52 UTC (rev 8279)
+++ epp/docs/branches/5.2/Site_Publisher/Installation_Guide/publican.cfg 2012-01-08 23:46:25 UTC (rev 8280)
@@ -4,7 +4,7 @@
xml_lang: en-US
type: Book
brand: JBoss
-show_remarks: 1
+#show_remarks: 1
cvs_branch: DOCS-RHEL-6
cvs_root: :ext:cvs.devel.redhat.com:/cvs/dist
cvs_pkg: JBoss_Enterprise_Portal_Platform-Site_Publisher_Installation_Guide-5.2-web-__LANG__
12 years, 11 months
gatein SVN: r8279 - epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity.
by do-not-reply@jboss.org
Author: smumford
Date: 2012-01-08 18:45:52 -0500 (Sun, 08 Jan 2012)
New Revision: 8279
Added:
epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml
epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/PasswordEncryption.xml
Log:
JBEPP-1468: Adding new content files
Added: epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml (rev 0)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml 2012-01-08 23:45:52 UTC (rev 8279)
@@ -0,0 +1,707 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+ <!ENTITY % BOOK_ENTITIES SYSTEM "../../Reference_Guide.ent">
+ %BOOK_ENTITIES;
+ ]>
+ <section id="sect-Reference_Guide-Authentication_Authorization_Intro">
+ <title>Authentication and Authorization intro</title>
+
+ <section id="sect-Reference_Guide-Authentication_Authorization_Intro-Authentication">
+ <title>Authentication Overview</title>
+
+ <para>
+ Authentication in JBoss Enterprise Portal Platform is based on <ulink type="http" url="http://docs.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASR...">JAAS</ulink> and by default it is a standard J2EE FORM based authentication.
+ </para>
+
+ <para>
+ JBoss Enterprise Portal Platform supports the following authentication methods:
+ </para>
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ J2EE FORM based authentication
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ The <literal>RememberMe</literal> authentication method (wherein the user checks the <guilabel>Remember my login</guilabel> checkbox on the log in form).
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ SSO server integration (CAS, JOSSO, OpenSSO). Refer to <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On" /> for more information.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ SPNEGO authentication with a Kerberos ticket. Refer to <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On_-SPNEGO_Simple_and_Protected_GSSAPI_Negotiation_Mechanism" /> for more information.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Cluster authentication with loadbalancer or with JBoss SSO valve. Refer to <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On_-Enabling_SSO_using_JBoss_SSO_Valve" /> for more information.
+ </para>
+ </listitem>
+ </itemizedlist>
+
+ <para>
+ Authentication workflow consists of HTTP requests and redirects which include handshakes. Source code related to authentication is partially included in the WCI module, as the authentication process differs on <ulink type="http" url="http://www.jcp.org/en/jsr/detail?id=154">Servlet 2.5</ulink> containers and <ulink type="http" url="http://www.jcp.org/en/jsr/detail?id=315">Servlet 3.0</ulink> containers.
+ </para>
+
+ <para>
+ First you can see in <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/WEB-INF/web.xml</filename> that authentication is triggered by accessing a secured URL:
+ </para>
+<programlisting language="XML" role="XML">
+<![CDATA[
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>user authentication</web-resource-name>
+ <url-pattern>/dologin</url-pattern>
+ <url-pattern>/private/*</url-pattern>
+ <url-pattern>/g/*</url-pattern>
+ <url-pattern>/u/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>users</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+]]>
+ </programlisting>
+ <para>
+ This means that access to some URLs (such as <ulink type="http" url="http://localhost:8080/portal/dologin">http://localhost:8080/portal/dologin</ulink>) will directly trigger J2EE authentication in the case that the user is not already logged in.
+ </para>
+ <para>
+ Access to this URL also means that the user needs to be in the JAAS group <emphasis>users</emphasis>, otherwise they can authenticate but will recieve an HTTP error; <emphasis>403 Forbidden</emphasis>, for example.
+ </para>
+
+ <para>
+ In the next part of the file we can see that authentication is FORM based and it starts by redirection to <emphasis>/initiatelogin</emphasis> URL, which is actually mapped to <literal>InitiateLoginServlet</literal>.
+ </para>
+<programlisting language="XML" role="XML">
+<![CDATA[
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <realm-name>gatein-domain</realm-name>
+ <form-login-config>
+ <form-login-page>/initiatelogin</form-login-page>
+ <form-error-page>/errorlogin</form-error-page>
+ </form-login-config>
+ </login-config>
+]]>
+ </programlisting>
+ <para>
+ <literal>InitiateLoginServlet</literal> simply redirects user to login page placed in <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/login/jsp/login.jsp</filename>.
+ <mediaobject>
+ <imageobject role="html">
+ <imagedata fileref="images/AuthenticationAndIdentity/Overview/loginScreen.png" format="PNG" align="center"/>
+ </imageobject>
+
+ <imageobject role="fo">
+ <imagedata fileref="images/AuthenticationAndIdentity/Overview/loginScreen.png" scalefit="1" format="PNG" align="center"/>
+ </imageobject>
+ </mediaobject>
+ </para>
+
+ <para>
+ Changes to the appearance of this login page can be made in this JSP file. You can also change image or CSS placed in <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/login/skin</filename> .
+ </para>
+
+ <para>
+ After a user submits the login form, they are redirected to the login URL; <ulink type="http" url="http://localhost:8080/portal/login?username=root&password=gtn&ini...">http://localhost:8080/portal/login?username=root&password=gtn&ini...</ulink>.
+ </para>
+ <para>
+ This URL is mapped to <literal>PortalLoginController</literal> servlet, which stores credentials and redirects again to <literal>InitiateLoginServlet</literal>, which performs a WCI login.
+ </para>
+ <para>
+ The WCI layer can recognize the current servlet container to determine if it is the old container with Servlet API 2.5 (JBoss 5, Tomcat 6) or the newer container with Servlet API 3.0 (JBoss 6, JBoss 7, Tomcat 7).
+ </para>
+
+ <formalpara>
+ <title>Servlet 3.0</title>
+ <para>
+ The newer servlet API supports programmatic authentication by calling method <literal>HttpServletRequest.login(String username, String password)</literal>. This will directly call JAAS authentication without needing to perform any redirects.
+ </para>
+ </formalpara>
+
+ <formalpara>
+ <title>Servlet 2.5</title>
+ <para>
+ The older API does not support programmatic authentication, so a redirection to a URL which will trigger JAAS authentication (such as; <ulink type="http" url="http://localhost:8080/portal/j_security_check?j_username=root&j_passw..."></ulink>) is required. In this case, JAAS authentication is not triggered with a user password but with a WCI ticket which is created by <literal>InitiateLoginServlet</literal> during WCI login and saved into WCI <emphasis>TicketService</emphasis>. The purpose of this ticket is to avoid using a password during the URL redirection.
+ </para>
+ </formalpara>
+ </section>
+
+ <section id="sect-Reference_Guide-Authentication_Authorization_Intro-LoginModules">
+ <title>Login modules</title>
+
+ <para>
+ JBoss Enterprise Portal Platform uses its own security domain (<emphasis role="bold">gatein-domain</emphasis>) with a set of predefined login modules. Login module configuration for <emphasis>gatein-domain</emphasis> is contained in the <file >deploy/gatein.ear/META-INF/gatein-jboss-beans.xml</file> file.
+ </para>
+ <para>
+ Below is the default login modules stack:
+ </para>
+<programlisting language="XML" role="XML"><![CDATA[
+ <login-module code="org.gatein.wci.security.WCILoginModule" flag="optional">
+ <module-option name="portalContainerName">portal</module-option>
+ <module-option name="realmName">gatein-domain</module-option>
+ </login-module>
+ <login-module code="org.exoplatform.web.security.PortalLoginModule" flag="required">
+ <module-option name="portalContainerName">portal</module-option>
+ <module-option name="realmName">gatein-domain</module-option>
+ </login-module>
+ <login-module code="org.exoplatform.services.security.jaas.SharedStateLoginModule" flag="required">
+ <module-option name="portalContainerName">portal</module-option>
+ <module-option name="realmName">gatein-domain</module-option>
+ </login-module>
+
+ <!-- Uncomment this part to check on each login if user is member of "/platform/users" group and if not
+ create such membership -->
+ <!--
+ <login-module code="org.exoplatform.services.organization.idm.CustomMembershipLoginModule" flag="required">
+ <module-option name="portalContainerName">portal</module-option>
+ <module-option name="realmName">gatein-domain</module-option>
+ <module-option name="membershipType">member</module-option>
+ <module-option name="groupId">/platform/users</module-option>
+ </login-module>
+ -->
+
+ <login-module code="org.exoplatform.services.security.j2ee.JbossLoginModule" flag="required">
+ <module-option name="portalContainerName">portal</module-option>
+ <module-option name="realmName">gatein-domain</module-option>
+ </login-module>]]></programlisting>
+ <para>
+ New login modules can be added or the stack completely replaced with custom modules.
+ </para>
+ <para>
+ Some points to consider are:
+ </para>
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ It is possible to log a user in through existing login modules with their credentials (username: <literal>root</literal>/ password: <literal>gtn</literal>, for example) but also with a WCI ticket (username: <emphasis>root</literal>/password: <literal>wci-ticket-458791</literal>). The login modules stack supports both of these methods of authentication.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Authentication through a WCI ticket is used for FORM based authentication in Servlet 2.5 containers (JBoss 5 or Tomcat 6). The majority of other cases (Servlet 3.0 login, JBoss SSO valve login, login through <ulink type="http" url="http://code.google.com/p/crsh/">Crash</ulink>, BASIC authentication) are using an actual password.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Authentication starts with the invocation of the <emphasis>login</emphasis> method on each login module. Once all <emphasis>login</emphasis> methods are invoked, then authentication continues by invoking the <emphasis>commit</emphasis> method on each login module.
+ </para>
+ <para>
+ Either method (<emphasis>login</emphasis> or <emphasis>commit</emphasis>) can throw <literal>LoginException</literal>. If this happens, the whole authentication process ends unsuccessfully, which in turn, invokes the <emphasis>abort</emphasis> method on each login module.
+ </para>
+ <para>
+ By returning "false" from the login method ensures that login module is ignored. This is not specific to JBoss Enterprise Portal Platform but generic to JAAS. More info about login modules in general can be found at <ulink type="http" url="http://docs.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASR..."></ulink>.
+ </para>
+ </listitem>
+ </itemizedlist>
+
+ <section id="sect-Authentication_Authorization_Intro-existingLM">
+ <title>Existing login modules</title>
+
+ <para>
+ Here is a brief description of existing login modules:
+ </para>
+ <variablelist>
+ <title>Modules</title>
+ <varlistentry>
+ <term>WCILoginModule</term>
+ <listitem>
+ <para>
+ This login module validates WCI login tickets and then finds the actual username and password of the user from WCI <emphasis>TicketService</emphasis>. It saves these details into <literal>sharedState</literal> map. The username is saved under the key <literal>javax.security.auth.login.name</literal> and the password is saved under the key <literal>javax.security.auth.login.password</literal>.
+ </para>
+ <note>
+ <title>Note</title>
+ <para>
+ If you trigger JAAS authentication with a literal username and password and not with a WCI ticket credential, the <literal>WCILoginModule</literal> throws a <literal>LoginException</literal>. However <literal>WCILoginModule</literal> is declared as "<emphasis>optional</emphasis>", meaning that a login failure in <literal>WCILoginModule</literal> is not a critical error to the full login process.
+ </para>
+ </note>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PortalLoginModule</term>
+ <listitem>
+ <para>
+ This login module is actually used mainly in cluster environments. It uses session replication between cluster nodes. After a successful authentication on cluster <emphasis>node1</emphasis> the <emphasis>commit</emphasis> method adds a flag (with the attribute <emphasis>AUTHENTICATED_CREDENTIALS</emphasis>) to the HTTP session and this flag can then be used to reauthenticate on <emphasis>node2</emphasis> when it executes method <emphasis>login</emphasis>. Refer to <xref linkend="sect-Authentication_Authorization_Intro-ClusterLogin" /> for more information.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>SharedStateLoginModule</term>
+ <listitem>
+ <para>
+ This login module triggers authentication using the <emphasis>Authenticator</emphasis> interface. It takes the username and password from the <literal>javax.security.auth.login.name</literal> and <literal>javax.security.auth.login.password</literal> attributes of the <literal>sharedState</literal> map.
+ </para>
+ <para>
+ Then it calls <literal>Authenticator.validateUser(Credential[] credentials)</literal>, which performs real authentication of username and password against OrganizationService and portal identity database. Result of successful authentication is object <emphasis>Identity</emphasis>, which is saved to sharedState map under key <literal>exo.security.identity</literal>. More info in <xref linkend="sect-Authentication_Authorization_Intro-authenticatorAndRolesExtractor" />.
+ </para>
+ <para>
+ SharedStateLoginModule assumes that mentioned attributes for username and password are already placed in sharedState map, which was actually done by WCILoginModule. If attributes are not in sharedState map, SharedStateLoginModule is simply ignored (method "login" returns false).
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>JbossLoginModule</term>
+ <listitem>
+ <para>
+ Previous login modules (like <literal>WCILoginModule</literal> and <literal>SharedStateLoginModule</literal>) are useful for authentication flow with WCI ticket. <literal>DefaultLoginModule</literal> (superclass of <literal>JbossLoginModule</literal>) is used for second case (authentication with real password instead of WCI ticket).
+ </para>
+ <para>
+ First it checks if Identity object has been already created and saved into <literal>sharedState</literal> map by <literal>SharedStateLoginModule</literal>. If not, then it means that WCI ticket authentication was not successful and so it tries to login with real password of user. It also uses <literal>Authentication.validateUser(Credential[] credentials)</literal> for authentication check.
+ </para>
+ <para>
+ In method <literal>JbossLoginModule.commit</literal>, we need to assign our Identity object to <literal>IdentityRegistry</literal>, which will be used later for authorization. We also need to create JAAS principals (<literal>UserPrincipal</literal> and <literal>RolesPrincipal</literal>) and assign them to our authenticated Subject. This is needed for JBoss AS server, so that it can properly recognize name of logged user and their role on JBoss AS level.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>CustomMembershipLoginModule</term>
+ <listitem>
+ <para>
+ Special login module, which is disabled (commented) by default. It can be used to add user to some existing group during successful login of this user. Name of group is configurable and by default it's <emphasis>/platform/users</emphasis> group. Login module is commented because in normal environment, users are already in <emphasis>/platform/users</emphasis> group. It's useful only for some special setups like read-only LDAP, where groups of ldap user are taken from ldap tree and so that users may not be in /platform/users group, which is needed for successful authorization.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <section id="sect-Authentication_Authorization_Intro-LoginModuleLocations">
+ <title>SVN location of login modules</title>
+
+ <para>
+ Some modules are specific for portal, but some are used also by eXo JCR and so they are part of eXo core module.
+ </para>
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ <emphasis>PortalLoginModule</emphasis> - is located in JBoss Enterprise Portal Platform sources in <ulink type="http" url="http://anonsvn.jboss.org/repos/gatein/portal/trunk/component/web/security/">http://anonsvn.jboss.org/repos/gatein/portal/trunk/component/web/security/</ulink>
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <emphasis>SharedStateLoginModule, JbossLoginModule</emphasis> - these are located in eXo core sources in <ulink type="http" url="http://anonsvn.jboss.org/repos/exo-jcr/core/trunk/exo.core.component.secu...">http://anonsvn.jboss.org/repos/exo-jcr/core/trunk/exo.core.component.secu...</ulink>
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <emphasis>CustomMembershipLoginModule</emphasis> - located in JBoss Enterprise Portal Platform sources in module for identity integration - <ulink type="http" url="http://anonsvn.jboss.org/repos/gatein/portal/trunk/component/identity/">http://anonsvn.jboss.org/repos/gatein/portal/trunk/component/identity/</ulink>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </section>
+ </section>
+<!-- Ending section with existing login modules -->
+ <section id="sect-Authentication_Authorization_Intro-createNewLM">
+ <title>Creating your own login module</title>
+
+ <para>
+ Before creating your own login module, it is recommended that you study the source code of existing login modules to better understand the JAAS authentication process. You need to have good knowledge so that you can properly decide where your login module should be placed and if you need to replace some existing login modules or simply attach your own module to existing chain.
+ </para>
+
+ <para>
+ We have actually two levels of authentication and overall result of JAAS authentication should properly handle both these cases:
+ </para>
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ Authentication on application server level
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Authentication on JBoss Enterprise Portal Platform level
+ </para>
+ </listitem>
+ </itemizedlist>
+
+ <formalpara id="form-Authentication_Authorization_Intro-authenticationAppServerLevel">
+ <title>Authentication on application server level</title>
+
+ <para>
+ Application server needs to properly recognize that user is successfuly logged and it has assigned his JAAS roles. Unfortunately this part is not standardized and is specific for each AS. For example in JBoss AS, you need to ensure that JAAS Subject has assigned principal with username (UserPrincipal) and also RolesPrincipal, which has name "Roles" and it contains list of JAAS roles. This part is actually done in <emphasis>JbossLoginModule.commit()</emphasis>. In Tomcat, this flow is little different, which means Tomcat has it's own <emphasis>TomcatLoginModule</emphasis>.
+ </para>
+ </formalpara>
+
+ <para>
+ After successful authentication, user needs to be at least in JAAS role "users" because this role is declared in web.xml as you saw above. JAAS roles are extracted by special algorithm from JBoss Enterprise Portal Platform memberships. See below in section with RolesExtractor.
+ </para>
+
+
+ <formalpara id="form-Authentication_Authorization_Intro-authenticationGateInServerLevel">
+ <title>Authentication on JBoss Enterprise Portal Platform level</title>
+
+ <para>
+ Login process needs to create special object <emphasis role="bold">org.exoplatform.services.security.Identity</emphasis> and register this object into JBoss Enterprise Portal Platform component <emphasis role="bold">IdentityRegistry</emphasis>. This Identity object should encapsulate username of authenticated user, Memberships of this user and also JAAS roles. Identity object can be easily created with interface <emphasis role="bold">Authenticator</emphasis> as can be seen below.
+ </para>
+ </formalpara>
+
+ <para>
+ So have this in mind, if you will extend or replace existing login modules.
+ </para>
+ </section>
+<!-- Ending section with your own login module -->
+ <section id="sect-Authentication_Authorization_Intro-authenticatorAndRolesExtractor">
+ <title>Authenticator and RolesExtractor</title>
+
+ <para>
+ Authenticator is important component in authentication process. Actually interface <emphasis>org.exoplatform.services.security.Authenticator</emphasis> looks like this:
+ </para>
+<programlisting language="Java" role="Java">
+<![CDATA[
+public interface Authenticator
+{
+
+ /**
+ * Authenticate user and return userId.
+ *
+ * @param credentials - list of users credentials (such as name/password, X509
+ * certificate etc)
+ * @return userId
+ */
+ String validateUser(Credential[] credentials) throws LoginException, Exception;
+
+ /**
+ * @param userId.
+ * @return Identity
+ */
+ Identity createIdentity(String userId) throws Exception;
+
+}
+ ]]>
+ </programlisting>
+ <para>
+ Method <emphasis>validateUser</emphasis> is used to check whether given credentials (username and password) are really valid. So it performs real authentication. It returns back username if credentials are correct. Otherwise LoginException is thrown.
+ </para>
+
+ <para>
+ Method <emphasis>createIdentity</emphasis> is used to create instance of object <emphasis>org.exoplatform.services.security.Identity</emphasis>, which encapsulates all important informations about single user like:
+ </para>
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ username
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ set of Memberships (MembershipEntry objects) which user belongs to. <emphasis>Membership</emphasis> is object, which contains informations about <emphasis>membershipType</emphasis> (manager, member, validator, ... ) and about <emphasis>group</emphasis> (/platform/users, /platform/administrators, /partners, /organization/management/executiveBoard, ... ).
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ set of Strings with JAAS roles of given user. JAAS roles are simple Strings, which are mapped from MembershipEntry objects. There is another special component <emphasis>org.exoplatform.services.security.RolesExtractor</emphasis>, which is used to map JAAS roles from MembershipEntry objects. RolesExtractor interface looks like this:
+ </para>
+ </listitem>
+ </itemizedlist>
+<programlisting language="Java" role="Java">
+ <![CDATA[
+public interface RolesExtractor
+{
+
+ /**
+ * Extracts J2EE roles from userId and|or groups the user belongs to both
+ * parameters may be null
+ *
+ * @param userId
+ * @param memberships
+ */
+ Set<String> extractRoles(String userId, Set<MembershipEntry> memberships);
+}
+ ]]>
+ </programlisting>
+ <para>
+ Default implementation <emphasis>DefaultRolesExtractorImpl</emphasis> is based on special algorithm, which uses name of role from the root of the group (for example for role "/organization/management/something" we have JAAS role "organization"). Only exception is group "platform" where we use 2nd level as name of group. For example from group "/platform/users" we have JAAS role "users".
+ </para>
+
+ <para>
+ <emphasis role="bold">Example: </emphasis> We have user <emphasis>root</emphasis>, which has memberships <emphasis>member:/platform/users</emphasis>, <emphasis>manager:/platform/administrators</emphasis>, <emphasis>validator:/platform/managers</emphasis>, <emphasis>member:/partners</emphasis>, <emphasis>member:/customers/acme</emphasis>, <emphasis>member:/organization/management/board</emphasis>. In this case we will have JAAS roles: <emphasis>users</emphasis>, <emphasis>administrators</emphasis>, <emphasis>managers</emphasis>, <emphasis>partners</emphasis>, <emphasis>customers</emphasis>, <emphasis>organization</emphasis>.
+ </para>
+
+ <para>
+ Default implementation of Authenticator is <emphasis>OrganizationAuthenticatorImpl</emphasis>, which is implementation based on <emphasis>OrganizationService</emphasis>. See <xref linkend="sect-Reference_Guide-Organization_API"/> .
+ </para>
+
+ <para>
+ You can override default implementation of mentioned interfaces Authenticator and RolesExtractor if default behaviour is not suitable for your needs. Consult documentation of <emphasis>eXo kernel</emphasis> for more info.
+ </para>
+ </section>
+<!-- Ending section Authenticator and RolesExtractor -->
+ </section>
+<!-- Ending section with login modules -->
+ <section id="sect-Authentication_Authorization_Intro-differentAuthWorkflows">
+ <title>Different authentication workflows</title>
+
+ <section id="sect-Authentication_Authorization_Intro-RememberMeAuthentication">
+ <title>RememberMe authentication</title>
+
+ <para>
+ In default login dialog, you can notice that there is "Remember my login" checkbox, which users can use to persist their login on his workstation. Default validity period of RememberMe cookie is 1 day (it is configurable), and so user can be logged for whole day before he need to reauthenticate again with his credentials.
+ </para>
+
+ <section id="sect-Authentication_Authorization_Intro-RememberMeAuthentication-howDoesItWork">
+ <title>How does it work</title>
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ User checks the checkbox "Remember my login" on login screen of JBoss Enterprise Portal Platform . Then he submit the form.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ HTTP request like <emphasis>http://localhost:8080/portal/login?initialURI=/portal/classic&usernam...</emphasis> is send to server
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Request is processed by PortalLoginController servlet. Servlet obtains instance of <emphasis>RemindPasswordTokenService</emphasis> and save user credentials into JCR. It generates and returns special token (key) for later use. Then it creates cookie called <emphasis>rememberme</emphasis> and use returned token as value of cookie.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </section>
+
+ <section id="sect-Authentication_Authorization_Intro-RememberMeAuthentication-reauthentication">
+ <title>Reauthentication</title>
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ After some time, user wants to reauthenticate. Let's assume that his HTTP Session is already expired but his RememberMe cookie is still active.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ User send HTTP request to some portal page (ie. <emphasis>http://localhost:8080/portal/classic</emphasis> ).
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ There is special HTTP Filter <emphasis role="bold">RememberMeFilter</emphasis> configured in web.xml, which checks rememberme cookie and then it retrieves credentials of user from RemindPasswordTokenService. Now filter redirects request to PortalLoginController and authentication process goes in same way as for normal FORM based authentication.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </section>
+
+ <section id="sect-Authentication_Authorization_Intro-RememberMeAuthentication-RemindPasswordTokenService">
+ <title>RemindPasswordTokenService</title>
+
+ <para>
+ This is special service used during RememberMe authentication workflow. It's configurable in file <emphasis>deploy/gatein.ear/02portal.war/WEB-INF/conf/common/remindpwd-configuration.xml</emphasis> . For more info, look at section <xref linkend="sect-Reference_Guide-Authentication_Token_Configuration" />
+ </para>
+
+ <para>
+ Another thing is that you can encrypt passwords before store them into JCR. More info is in section <xref linkend="sect-Reference_Guide-Authentication_and_Identity-Password_Encryption" />.
+ </para>
+ </section>
+ </section>
+
+ <section id="sect-Authentication_Authorization_Intro-BASICAuthentication">
+ <title>BASIC authentication</title>
+
+ <para>
+ JBoss Enterprise Portal Platform is using FORM based authentication by default but it's not a problem with switch to different authentication type like BASIC. Only needed thing is to configure it properly in <emphasis>deploy/gatein.ear/02portal.war/WEB-INF/web.xml</emphasis> like this:
+ </para>
+<programlisting language="XML" role="XML">
+ <![CDATA[
+<!--
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <realm-name>gatein-domain</realm-name>
+ <form-login-config>
+ <form-login-page>/initiatelogin</form-login-page>
+ <form-error-page>/errorlogin</form-error-page>
+ </form-login-config>
+ </login-config>
+-->
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>gatein-domain</realm-name>
+ </login-config
+ ]]>
+ </programlisting>
+ <para>
+ In this case user will see login dialog from browser instead of JBoss Enterprise Portal Platform login.jsp page. JAAS authentication will be performed with real credentials of user (ie. <emphasis>root</emphasis>/<emphasis>gtn</emphasis>). WCI ticket is not used with BASIC authentication.
+ </para>
+ </section>
+
+ <section id="sect-Authentication_Authorization_Intro-ClusterLogin">
+ <title>Cluster login</title>
+
+ <para>
+ JBoss Enterprise Portal Platform supports automatic login propagation in cluster environment. Cluster login relies on HTTP session replication. It's useful for situations like this:
+ </para>
+
+ <procedure>
+ <step>
+ <para>
+ You have Apache loadbalancer and two portal nodes <emphasis>node1</emphasis> and <emphasis>node2</emphasis>
+ </para>
+ </step>
+
+ <step>
+ <para>
+ User will send request to loadbalancer and he will be redirected to node1. All his requests will be then processed on node1 (sticky session).
+ </para>
+ </step>
+
+ <step>
+ <para>
+ User login on loadbalancer (which is redirected to node1)
+ </para>
+ </step>
+
+ <step>
+ <para>
+ node1 is killed
+ </para>
+ </step>
+
+ <step>
+ <para>
+ User will send another HTTP request. He will now be redirected to node2 because node1 is killed. Now user will be automatically logged on node2 as well thanks to session replication, because he still has same HTTP session, which was replicated from node1 to node2. So end user shouldn't recognize any change even if his work is now done on different node of cluster.
+ </para>
+ </step>
+ </procedure>
+
+ <para>
+ This login workflow works thanks to <emphasis>PortalLoginModule</emphasis>, which is able to save special attribute into HTTP session as flag that user is already logged. Then reauthentication on node2 is working thanks to servlet filter <emphasis>ClusteredSSOFilter</emphasis>, which is able to automatically trigger programmatic authentication.
+ </para>
+
+ <note>
+ <title>Note</title>
+ <para>
+ ClusteredSSOFilter is using proprietary JBossWeb API for trigger programmatic authentication and so it's working only on JBoss AS. It is not working on other servers like Tomcat or Jetty.
+ </para>
+ </note>
+
+ <para>
+ There is also possibility for integration with JBoss clustered SSO valve (See <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On_-Enabling_SSO_using_JBoss_SSO_Valve" />).
+ </para>
+ </section>
+
+ <section id="sect-Authentication_Authorization_Intro-SSOLogin">
+ <title>SSO login</title>
+
+ <para>
+ JBoss Enterprise Portal Platform also supports integration with couple of well-known SSO frameworks (CAS, JOSSO, OpenSSO). When user wants login, he is not redirected to portal login form but to SSO server login form. After successful login with SSO server, he gains ticket represented by special cookie (name of cookie differs for each SSO server). Then user is redirected back to JBoss Enterprise Portal Platform, where we need to perform agent validation of SSO ticket against SSO server. We still need to create Identity object and bind it to IdentityRegistry (this is same as in default authentication), which is done thanks to Authenticator component.
+ </para>
+
+ <para>
+ In other words, you need to ensure that users, which are logged successfuly through SSO, needs to be also in JBoss Enterprise Portal Platform identity database because SSO server is used only for authentication, but authorization is handled completely by JBoss Enterprise Portal Platform, which assumes that user exists in portal DB. If users are not in DB, Identity object won't be created and you will have 403 Forbidden errors even if you authenticate successfuly. For details about SSO integration, see <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On" />.
+ </para>
+
+ <para>
+ Same applies for SPNEGO authentication (See <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On_-SPNEGO_Simple_and_Protected_GSSAPI_Negotiation_Mechanism"/>). In this case, you need to ensure that your Kerberos users are also created in JBoss Enterprise Portal Platform database.
+ </para>
+ </section>
+ </section>
+<!-- Ending section different authentication workflows -->
+ <section id="sect-Authentication_Authorization_Intro-authorization">
+ <title>Authorization overview</title>
+
+ <para>
+ In previous section, we learned about JAAS authentication and about login modules. So we know that result of authentication are:
+ </para>
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ JAAS Subject with principals for username (UserPrincipal) and for JAAS roles (RolesPrincipal).
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Identity object, which encapsulates username, all memberships and all JAAS roles. This Identity object is bound to IdentityRegistry component.
+ </para>
+ </listitem>
+ </itemizedlist>
+
+ <para>
+ Authorization in JBoss Enterprise Portal Platform actually happens on two levels:
+ </para>
+
+ <section id="sect-Authentication_Authorization_Intro-servletContainerAuthorization">
+ <title>Servlet container authorization</title>
+
+ <para>
+ First round of authorization is servlet container authorization based on secured URL from <emphasis>web.xml</emphasis>. We saw above in web.xml snippet that secured URL are accessible only for users from role <emphasis>users</emphasis>:
+ </para>
+<programlisting language="XML" role="XML"><![CDATA[
+<auth-constraint>
+ <role-name>users</role-name>
+</auth-constraint>]]></programlisting>
+ <para>
+ This actually means that our user needs to be in JBoss Enterprise Portal Platform role <emphasis>/platform/users</emphasis> (For details see <xref linkend="sect-Authentication_Authorization_Intro-authenticatorAndRolesExtractor" />). In other words, if we successfuly authenticate but our user is not in group /platform/users, then it means that he is not in JAAS role <emphasis>users</emphasis>, which in next turn means that he will have authorization error <emphasis role="bold">403 Forbidden</emphasis> thrown by servlet container.
+ </para>
+
+ <para>
+ You can change the behaviour and possibly add some more <emphasis>auth-constraint</emphasis> elements into web.xml. However this protection of resources based on web.xml is not standard JBoss Enterprise Portal Platform way and it's mentioned here mainly for illustration purposes.
+ </para>
+ </section>
+
+ <section id="sect-Authentication_Authorization_Intro-gateInAuthorization">
+ <title>Portal level authorization</title>
+
+ <para>
+ Second round of authorization is based on component <emphasis role="bold">UserACL</emphasis> (See <xref linkend="chap-Reference_Guide-Portal_Default_Permission_Configuration" />). We can declare access and edit permissions for portals, pages and/or portlets. UserACL is then used to check if our user has particular permissions to access or edit specified resource. Important object with informations about roles of our user is mentioned <emphasis>Identity</emphasis> object created during JAAS authentication.
+ </para>
+
+ <para>
+ Authorization on portal level looks like this:
+ </para>
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ user send HTTP request to some URL in portal
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ HTTP request is processed through <emphasis role="bold">SetCurrentIdentityFilter</emphasis>, which is declared in <emphasis>deploy/gatein.ear/02portal.war/WEB-INF/web.xml</emphasis>.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ SetCurrentIdentityFilter reads username of current user from <emphasis>HttpServletRequest.getRemoteUser()</emphasis>. Then it looks for Identity of this user in IdentityRegistry, where Identity has been saved during authentication. Found Identity is then encapsulated into <emphasis role="bold">ConversationState</emphasis> object and bound into ThreadLocal variable.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ UserACL is able to obtain Identity of current user from method <emphasis>UserACL.getIdentity()</emphasis>, which simply calls <emphasis>ConversationState.getCurrent().getIdentity()</emphasis> for find current Identity bound to ThreadLocal. Now UserACL has identity of user and so that it can performs any security checks.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </section>
+ </section>
+<!-- Ending section Authorization overview -->
+ </section>
Added: epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/PasswordEncryption.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/PasswordEncryption.xml (rev 0)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/PasswordEncryption.xml 2012-01-08 23:45:52 UTC (rev 8279)
@@ -0,0 +1,77 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "Book_Name.ent">
+%BOOK_ENTITIES;
+]>
+
+ <section id="sect-Reference_Guide-Authentication_and_Identity-Password_Encryption">
+ <title>Password Encryption</title>
+ <!-- The warning and first listitem below were relocated from sect-Reference_Guide-Authentication_Token_Configuration as security and plain-text password issues were being expanded on (from JBEPP-610) --> <warning>
+ <title>Username and passwords stored in clear text</title>
+ <para>
+ The <emphasis>Remember Me</emphasis> feature of JBoss Enterprise Portal Platform uses a token mechanism to be able to authenticate returning users without requiring an explicit login. However, to be able to authenticate these users, the token needs to store the username and password in clear text in the JCR.
+ </para>
+
+ </warning>
+ <para>
+ Administrators have two options available to ameliorate this risk:
+ </para>
+ <orderedlist>
+ <listitem>
+ <para>
+ The <emphasis>Remember Me</emphasis> feature can be disabled by removing the corresponding checkbox in: <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/login/jsp/login.jsp</filename> and <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/groovy/portal/webui/UILoginForm.gtmpl</filename>.
+ </para>
+
+ </listitem>
+ <listitem>
+ <para>
+ Passwords can be encoded prior to being saved to the JCR. This option requires administrators to provide a custom subclass of <parameter>org.exoplatform.web.security.security.AbstractCodec</parameter> and set up a codec implementation with <parameter>CookieTokenService</parameter>:
+ </para>
+ <procedure id="proc-Reference_Guide-Password_Encryption-Encrypt_Password_in_JCR">
+ <title>Encrypt Password in JCR</title>
+ <step>
+ <para>
+ Create a javaclass similar to:
+ </para>
+
+<programlisting language="Java" role="Java"><xi:include href="../../extras/Authentication_Identity/ExampleCodec.java" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
+
+ </step>
+ <step>
+ <para>
+ Compile the class and package it into a jar file. For this example we will call the jar file <filename>codec-example.jar</filename>.
+ </para>
+
+ </step>
+ <step>
+ <para>
+ Create a <filename>conf/portal/configuration.xml</filename> file within the <filename>codec-example.jar</filename> similar to the example below. This allows the portal kernel to find and use the new codec implementation.
+ </para>
+
+<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity/configuration.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
+
+ </step>
+ <step>
+ <para>
+ Deploy the <filename>codec-example.jar</filename> into your <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/lib/</filename> directory.
+ </para>
+
+ </step>
+ <step>
+ <para>
+ Start (or restart) your JBoss Enterprise Portal Platform.
+ </para>
+ <para>
+ Any passwords written to the JCR will now be encoded and not plain text.
+ </para>
+
+ </step>
+
+ </procedure>
+
+
+ </listitem>
+
+ </orderedlist>
+
+</section>
\ No newline at end of file
12 years, 11 months
gatein SVN: r8278 - in epp/docs/branches/5.2/User_Guide: en-US and 4 other directories.
by do-not-reply@jboss.org
Author: smumford
Date: 2012-01-08 18:42:09 -0500 (Sun, 08 Jan 2012)
New Revision: 8278
Modified:
epp/docs/branches/5.2/User_Guide/en-US/Book_Info.xml
epp/docs/branches/5.2/User_Guide/en-US/Revision_History.xml
epp/docs/branches/5.2/User_Guide/en-US/modules/account/Register_New_Accounts.xml
epp/docs/branches/5.2/User_Guide/en-US/modules/account/Sign_in_and_Sign_out.xml
epp/docs/branches/5.2/User_Guide/en-US/modules/gadgetsAdmin/Manage_Portlets_and_Gadgets.xml
epp/docs/branches/5.2/User_Guide/en-US/modules/language/Multi-Language_Navigation_Nodes.xml
epp/docs/branches/5.2/User_Guide/en-US/modules/portal/Manage_Navigation_Nodes.xml
epp/docs/branches/5.2/User_Guide/en-US/modules/portal/Manage_Pages.xml
epp/docs/branches/5.2/User_Guide/en-US/modules/portal/Manage_Portals.xml
epp/docs/branches/5.2/User_Guide/publican.cfg
Log:
Removed 5.2.0 dev cycle 'remark' tags
Modified: epp/docs/branches/5.2/User_Guide/en-US/Book_Info.xml
===================================================================
--- epp/docs/branches/5.2/User_Guide/en-US/Book_Info.xml 2012-01-08 23:40:42 UTC (rev 8277)
+++ epp/docs/branches/5.2/User_Guide/en-US/Book_Info.xml 2012-01-08 23:42:09 UTC (rev 8278)
@@ -6,8 +6,8 @@
<subtitle>A User Guide for Enterprise Portal Platform &VZ;</subtitle>
<productname>JBoss Enterprise Portal Platform</productname>
<productnumber>5.2</productnumber>
- <edition>5.2.0</edition>
- <pubsnumber>12</pubsnumber>
+ <edition>5.2.1</edition>
+ <pubsnumber>1</pubsnumber>
<abstract>
<para>
This document provides an easy to follow guide to the functions and
Modified: epp/docs/branches/5.2/User_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/5.2/User_Guide/en-US/Revision_History.xml 2012-01-08 23:40:42 UTC (rev 8277)
+++ epp/docs/branches/5.2/User_Guide/en-US/Revision_History.xml 2012-01-08 23:42:09 UTC (rev 8278)
@@ -8,6 +8,34 @@
<simpara>
<revhistory>
<revision>
+ <revnumber>5.2.1-1</revnumber>
+ <date>Mon Jan 09 2012</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email></email>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Removing inappropriate videos link from Introduction.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-100</revnumber>
+ <date>Wed Dec 14 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email></email>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Publication build.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
<revnumber>5.2.0-12</revnumber>
<date>Tue Dec 13 2011</date>
<author>
@@ -21,7 +49,7 @@
</simplelist>
</revdescription>
</revision>
- <revision>
+ <!--<revision>
<revnumber>5.2.0-11</revnumber>
<date>Mon Dec 12 2011</date>
<author>
@@ -62,7 +90,7 @@
<member>Action QA feedback.</member>
</simplelist>
</revdescription>
- </revision>
+ </revision> -->
<revision>
<revnumber>5.2.0-6</revnumber>
<date>Tue Nov 15 2011</date>
Modified: epp/docs/branches/5.2/User_Guide/en-US/modules/account/Register_New_Accounts.xml
===================================================================
--- epp/docs/branches/5.2/User_Guide/en-US/modules/account/Register_New_Accounts.xml 2012-01-08 23:40:42 UTC (rev 8277)
+++ epp/docs/branches/5.2/User_Guide/en-US/modules/account/Register_New_Accounts.xml 2012-01-08 23:42:09 UTC (rev 8278)
@@ -4,7 +4,7 @@
%BOOK_ENTITIES;
]>
<section id="sect-User_Guide-Register_New_Accounts">
- <title><remark>Register New Accounts</remark></title>
+ <title>Register New Accounts</title>
<para>
Unregistered users visiting a portal in public mode are limited in the content they can see.
</para>
Modified: epp/docs/branches/5.2/User_Guide/en-US/modules/account/Sign_in_and_Sign_out.xml
===================================================================
--- epp/docs/branches/5.2/User_Guide/en-US/modules/account/Sign_in_and_Sign_out.xml 2012-01-08 23:40:42 UTC (rev 8277)
+++ epp/docs/branches/5.2/User_Guide/en-US/modules/account/Sign_in_and_Sign_out.xml 2012-01-08 23:42:09 UTC (rev 8278)
@@ -4,7 +4,7 @@
%BOOK_ENTITIES;
]>
<section id="sect-User_Guide-Sign_In_and_Sign_Out">
- <title><remark>Sign In and Sign Out</remark></title>
+ <title>Sign In and Sign Out</title>
<para>
In order to enter the portal in private mode, you should use the account previously registered.
Modified: epp/docs/branches/5.2/User_Guide/en-US/modules/gadgetsAdmin/Manage_Portlets_and_Gadgets.xml
===================================================================
--- epp/docs/branches/5.2/User_Guide/en-US/modules/gadgetsAdmin/Manage_Portlets_and_Gadgets.xml 2012-01-08 23:40:42 UTC (rev 8277)
+++ epp/docs/branches/5.2/User_Guide/en-US/modules/gadgetsAdmin/Manage_Portlets_and_Gadgets.xml 2012-01-08 23:42:09 UTC (rev 8278)
@@ -18,7 +18,7 @@
</para>
</important>
<section id="sect-User_Guide-Dashboard_Portlet-Display_Gadgets">
- <title><remark>Display Gadgets</remark></title>
+ <title>Display Gadgets</title>
<para>
You can change the number of columns available in the Dashboard.
</para>
Modified: epp/docs/branches/5.2/User_Guide/en-US/modules/language/Multi-Language_Navigation_Nodes.xml
===================================================================
--- epp/docs/branches/5.2/User_Guide/en-US/modules/language/Multi-Language_Navigation_Nodes.xml 2012-01-08 23:40:42 UTC (rev 8277)
+++ epp/docs/branches/5.2/User_Guide/en-US/modules/language/Multi-Language_Navigation_Nodes.xml 2012-01-08 23:42:09 UTC (rev 8278)
@@ -4,7 +4,7 @@
%BOOK_ENTITIES;
]>
<section id="sect-User_Guide-Multi_Language_Navigation_Nodes">
- <title><remark>Multi-Language Navigation Nodes</remark></title>
+ <title>Multi-Language Navigation Nodes</title>
<para>
JBoss Enterprise Portal Platform supports a multi-language environment for your portal allowing you to internationalize any menu entry on the navigation.
</para>
Modified: epp/docs/branches/5.2/User_Guide/en-US/modules/portal/Manage_Navigation_Nodes.xml
===================================================================
--- epp/docs/branches/5.2/User_Guide/en-US/modules/portal/Manage_Navigation_Nodes.xml 2012-01-08 23:40:42 UTC (rev 8277)
+++ epp/docs/branches/5.2/User_Guide/en-US/modules/portal/Manage_Navigation_Nodes.xml 2012-01-08 23:42:09 UTC (rev 8278)
@@ -4,7 +4,7 @@
%BOOK_ENTITIES;
]>
<section id="sect-User_Guide-Manage_Navigation_Nodes">
- <title><remark>Manage Navigation Nodes</remark></title>
+ <title>Manage Navigation Nodes</title>
<para>
If you are the portal administrator (or the administrator has granted you the appropriate permission privileges) you can execute all actions related to portal nodes. These actions include adding new nodes or editing, copying, moving, deleting or cloning existing nodes.
</para>
@@ -257,7 +257,7 @@
</section>
<section id="sect-User_Guide-Manage_Navigation_Nodes-Edit_a_node">
- <title><remark>Edit a node</remark></title>
+ <title>Edit a node</title>
<procedure>
<step>
<para>
Modified: epp/docs/branches/5.2/User_Guide/en-US/modules/portal/Manage_Pages.xml
===================================================================
--- epp/docs/branches/5.2/User_Guide/en-US/modules/portal/Manage_Pages.xml 2012-01-08 23:40:42 UTC (rev 8277)
+++ epp/docs/branches/5.2/User_Guide/en-US/modules/portal/Manage_Pages.xml 2012-01-08 23:42:09 UTC (rev 8278)
@@ -9,7 +9,7 @@
<title>Adding a new Page</title>
<section id="sect-User_Guide-Page_Creation_Wizard">
- <title><remark>Adding a new Page using Page Creation Wizard</remark></title>
+ <title>Adding a new Page using Page Creation Wizard</title>
<para>
A page creation wizard is available to administrators in order to create and publish portal pages quickly and easily.
</para>
@@ -240,7 +240,7 @@
<section id="sect-User_Guide-Manage_Pages-Add_a_new_Page_in_the_Page_List">
- <title><remark>Adding a new Page using Page Management</remark></title>
+ <title>Adding a new Page using Page Management</title>
<procedure>
<step>
<para>
@@ -386,7 +386,7 @@
</section>
<section id="sect-User_Guide-Manage_Pages-Edit_a_Page">
- <title><remark>Edit a Page</remark></title>
+ <title>Edit a Page</title>
<procedure>
<step>
<para>
Modified: epp/docs/branches/5.2/User_Guide/en-US/modules/portal/Manage_Portals.xml
===================================================================
--- epp/docs/branches/5.2/User_Guide/en-US/modules/portal/Manage_Portals.xml 2012-01-08 23:40:42 UTC (rev 8277)
+++ epp/docs/branches/5.2/User_Guide/en-US/modules/portal/Manage_Portals.xml 2012-01-08 23:42:09 UTC (rev 8278)
@@ -4,7 +4,7 @@
%BOOK_ENTITIES;
]>
<section id="sect-User_Guide-Manage_Portals">
- <title><remark>Manage Portals</remark></title>
+ <title>Manage Portals</title>
<section id="sect-User_Guide-Create_a_New_Portal">
@@ -308,7 +308,7 @@
</section>
<section id="sect-User_Guide-Change_Portal_Skins">
- <title><remark>Change Portal Skins</remark></title>
+ <title>Change Portal Skins</title>
<para>
Skins are graphic styles used to provide an attractive user interface. Each skin has its own characteristics with different backgrounds, icons, and other visual elements.
</para>
Modified: epp/docs/branches/5.2/User_Guide/publican.cfg
===================================================================
--- epp/docs/branches/5.2/User_Guide/publican.cfg 2012-01-08 23:40:42 UTC (rev 8277)
+++ epp/docs/branches/5.2/User_Guide/publican.cfg 2012-01-08 23:42:09 UTC (rev 8278)
@@ -5,7 +5,7 @@
type: Book
brand: JBoss
debug:1
-show_remarks: 1
+#show_remarks: 1
cvs_branch: DOCS-RHEL-6
cvs_root: :ext:cvs.devel.redhat.com:/cvs/dist
cvs_pkg: JBoss_Enterprise_Portal_Platform-User_Guide-5.2-web-__LANG__
\ No newline at end of file
12 years, 11 months
gatein SVN: r8277 - epp/docs/branches/5.2/User_Guide/en-US/modules.
by do-not-reply@jboss.org
Author: smumford
Date: 2012-01-08 18:40:42 -0500 (Sun, 08 Jan 2012)
New Revision: 8277
Modified:
epp/docs/branches/5.2/User_Guide/en-US/modules/Introduction.xml
Log:
JBEPP-1471: Removed Videos link from Related Links section
Modified: epp/docs/branches/5.2/User_Guide/en-US/modules/Introduction.xml
===================================================================
--- epp/docs/branches/5.2/User_Guide/en-US/modules/Introduction.xml 2012-01-05 20:05:23 UTC (rev 8276)
+++ epp/docs/branches/5.2/User_Guide/en-US/modules/Introduction.xml 2012-01-08 23:40:42 UTC (rev 8277)
@@ -5,65 +5,66 @@
]>
<chapter id="chap-User_Guide-Introduction">
<title>Introduction</title>
- <para>
- JBoss Enterprise Portal Platform is the merge of two mature Java projects; JBoss Portal and eXo Portal. This new community project takes the best of both offerings and incorporates them into a single J2EE deployment archive. The aim is to provide an intuitive user-friendly portal and a framework to address the needs of today's Web 2.0 applications.
- </para>
- <mediaobject>
- <imageobject role="html">
- <imagedata fileref="images/Frontpage.png" format="PNG" align="center" scale="130" />
- </imageobject>
- <imageobject role="fo">
- <imagedata fileref="images/Frontpage.png" format="PNG" align="center" contentwidth="150mm" />
- </imageobject>
- </mediaobject>
- <para>
- This book introduces and provides detailed information about most features and capabilities of JBoss Enterprise Portal Platform such as user/group management and access permissions, using portlets and changing basic interface objects such as skins, language and page orientation.
- </para>
+ <para>
+ JBoss Enterprise Portal Platform is the merge of two mature Java projects; JBoss Portal and eXo Portal. This new community project takes the best of both offerings and incorporates them into a single J2EE deployment archive. The aim is to provide an intuitive user-friendly portal and a framework to address the needs of today's Web 2.0 applications.
+ </para>
+ <mediaobject>
+ <imageobject role="html">
+ <imagedata fileref="images/Frontpage.png" format="PNG" align="center" scale="130" />
+ </imageobject>
+ <imageobject role="fo">
+ <imagedata fileref="images/Frontpage.png" format="PNG" align="center" contentwidth="150mm" />
+ </imageobject>
+ </mediaobject>
+ <para>
+ This book introduces and provides detailed information about most features and capabilities of JBoss Enterprise Portal Platform such as user/group management and access permissions, using portlets and changing basic interface objects such as skins, language and page orientation.
+ </para>
- <section id="sect-Install_Guide-Introduction-Related_Links">
- <title>Related Links</title>
- <variablelist>
- <varlistentry>
- <term>Technical documentation</term>
- <listitem>
- <para>
- Other technical documentation, including an <emphasis role="bold">Installation Guide</emphasis>, a <emphasis role="bold">Reference Guide</emphasis> and component specific documentation, can be found at <ulink type="http" url="http://www.redhat.com/docs">www.redhat.com/docs</ulink>
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>Non-technical documentation</term>
- <listitem>
- <para>
- Links to non-technical documents are included on the front page of the portal:
- </para>
- <mediaobject>
- <imageobject role="html">
- <imagedata fileref="images/Non-tech-docs.png" format="PNG" align="center" scale="90" />
- </imageobject>
- <imageobject role="fo">
- <imagedata fileref="images/Non-tech-docs.png" format="PNG" align="center" contentwidth="120mm" />
- </imageobject>
- </mediaobject>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>Videos</term>
- <listitem>
- <para>
- A link to <ulink type="http" url="http://vimeo.com/channels/gatein">videos</ulink> related to the JBoss Enterprise Portal Platform is also included on the front page:
- </para>
- <mediaobject>
- <imageobject role="html">
- <imagedata fileref="images/Videos.png" format="PNG" align="center" scale="90" />
- </imageobject>
- <imageobject role="fo">
- <imagedata fileref="images/Videos.png" format="PNG" align="center" contentwidth="120mm" />
- </imageobject>
- </mediaobject>
- </listitem>
- </varlistentry>
- </variablelist>
- </section>
+ <section id="sect-Install_Guide-Introduction-Related_Links">
+ <title>Related Links</title>
+ <variablelist>
+ <varlistentry>
+ <term>Technical documentation</term>
+ <listitem>
+ <para>
+ Other technical documentation, including an <emphasis role="bold">Installation Guide</emphasis>, a <emphasis role="bold">Reference Guide</emphasis> and component specific documentation, can be found at <ulink type="http" url="http://www.redhat.com/docs">www.redhat.com/docs</ulink>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Non-technical documentation</term>
+ <listitem>
+ <para>
+ Links to non-technical documents are included on the front page of the portal:
+ </para>
+ <mediaobject>
+ <imageobject role="html">
+ <imagedata fileref="images/Non-tech-docs.png" format="PNG" align="center" scale="90" />
+ </imageobject>
+ <imageobject role="fo">
+ <imagedata fileref="images/Non-tech-docs.png" format="PNG" align="center" contentwidth="120mm" />
+ </imageobject>
+ </mediaobject>
+ </listitem>
+ </varlistentry>
+ <!-- Text below removed as the videos page linked to is inappropriate for EPP. Note that as at 9 Jan 2012, the link is still present in the product itself.
+ <varlistentry>
+ <term>Videos</term>
+ <listitem>
+ <para>
+ A link to <ulink type="http" url="http://vimeo.com/channels/gatein">videos</ulink> related to the JBoss Enterprise Portal Platform is also included on the front page:
+ </para>
+ <mediaobject>
+ <imageobject role="html">
+ <imagedata fileref="images/Videos.png" format="PNG" align="center" scale="90" />
+ </imageobject>
+ <imageobject role="fo">
+ <imagedata fileref="images/Videos.png" format="PNG" align="center" contentwidth="120mm" />
+ </imageobject>
+ </mediaobject>
+ </listitem>
+ </varlistentry> -->
+ </variablelist>
+ </section>
</chapter>
12 years, 11 months
gatein SVN: r8276 - portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm.
by do-not-reply@jboss.org
Author: bdaw
Date: 2012-01-05 15:05:23 -0500 (Thu, 05 Jan 2012)
New Revision: 8276
Modified:
portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/MembershipDAOImpl.java
Log:
GTNPORTAL-2321 Membership type 'JBOSS_IDENTITY_MEMBERSHIP' instead of 'member'
Modified: portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/MembershipDAOImpl.java
===================================================================
--- portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/MembershipDAOImpl.java 2012-01-05 20:01:24 UTC (rev 8275)
+++ portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/MembershipDAOImpl.java 2012-01-05 20:05:23 UTC (rev 8276)
@@ -715,7 +715,17 @@
Group g = ((GroupDAOImpl)orgService.getGroupHandler()).convertGroup(role.getGroup());
m.setGroupId(g.getId());
m.setUserName(role.getUser().getId());
- m.setMembershipType(role.getRoleType().getName());
+
+ // LDAP store may return raw membership type as role type
+ if(role.getRoleType().getName().equals("JBOSS_IDENTITY_MEMBERSHIP"))
+ {
+ m.setMembershipType(orgService.getConfiguration().getAssociationMembershipType());
+ }
+ else
+ {
+ m.setMembershipType(role.getRoleType().getName());
+ }
+
memberships.add(m);
}
}
12 years, 11 months
gatein SVN: r8275 - epp/portal/branches/EPP_5_2_Branch/component/identity/src/main/java/org/exoplatform/services/organization/idm.
by do-not-reply@jboss.org
Author: bdaw
Date: 2012-01-05 15:01:24 -0500 (Thu, 05 Jan 2012)
New Revision: 8275
Modified:
epp/portal/branches/EPP_5_2_Branch/component/identity/src/main/java/org/exoplatform/services/organization/idm/MembershipDAOImpl.java
Log:
JBEPP-1470 Membership type 'JBOSS_IDENTITY_MEMBERSHIP' instead of 'member'
Modified: epp/portal/branches/EPP_5_2_Branch/component/identity/src/main/java/org/exoplatform/services/organization/idm/MembershipDAOImpl.java
===================================================================
--- epp/portal/branches/EPP_5_2_Branch/component/identity/src/main/java/org/exoplatform/services/organization/idm/MembershipDAOImpl.java 2012-01-03 03:42:16 UTC (rev 8274)
+++ epp/portal/branches/EPP_5_2_Branch/component/identity/src/main/java/org/exoplatform/services/organization/idm/MembershipDAOImpl.java 2012-01-05 20:01:24 UTC (rev 8275)
@@ -715,7 +715,17 @@
Group g = ((GroupDAOImpl)orgService.getGroupHandler()).convertGroup(role.getGroup());
m.setGroupId(g.getId());
m.setUserName(role.getUser().getId());
- m.setMembershipType(role.getRoleType().getName());
+
+ // LDAP store may return raw membership type as role type
+ if(role.getRoleType().getName().equals("JBOSS_IDENTITY_MEMBERSHIP"))
+ {
+ m.setMembershipType(orgService.getConfiguration().getAssociationMembershipType());
+ }
+ else
+ {
+ m.setMembershipType(role.getRoleType().getName());
+ }
+
memberships.add(m);
}
}
12 years, 11 months
gatein SVN: r8274 - in epp/docs/branches/5.2/Reference_Guide: en-US and 6 other directories.
by do-not-reply@jboss.org
Author: smumford
Date: 2012-01-02 22:42:16 -0500 (Mon, 02 Jan 2012)
New Revision: 8274
Modified:
epp/docs/branches/5.2/Reference_Guide/en-US/Book_Info.xml
epp/docs/branches/5.2/Reference_Guide/en-US/Revision_History.xml
epp/docs/branches/5.2/Reference_Guide/en-US/extras/PortalDevelopment_DefaultPortalNavigationConfiguration/navigation.xml
epp/docs/branches/5.2/Reference_Guide/en-US/images/DataImportStrategy/navigation1.png
epp/docs/branches/5.2/Reference_Guide/en-US/images/DataImportStrategy/navigation2.png
epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity.xml
epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/BackendConfiguration.xml
epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/DataImportStrategy.xml
epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/Skinning.xml
epp/docs/branches/5.2/Reference_Guide/en-US/modules/RH-WSRP.xml
epp/docs/branches/5.2/Reference_Guide/en-US/modules/WSRP.xml
epp/docs/branches/5.2/Reference_Guide/en-US/modules/eXoJCR.xml
epp/docs/branches/5.2/Reference_Guide/en-US/modules/eXoJCR/jcr/configuration/exo-jcr-configuration.xml
epp/docs/branches/5.2/Reference_Guide/en-US/modules/eXoJCR/jcr/configuration/jdbc-data-container-config.xml
epp/docs/branches/5.2/Reference_Guide/en-US/modules/eXoJCR/jcr/configuration/search-configuration.xml
epp/docs/branches/5.2/Reference_Guide/publican.cfg
Log:
JBEPP-1468: Port GTNPORTAL-2315 to EPP
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/Book_Info.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/Book_Info.xml 2012-01-03 01:03:48 UTC (rev 8273)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/Book_Info.xml 2012-01-03 03:42:16 UTC (rev 8274)
@@ -9,7 +9,7 @@
<productname>JBoss Enterprise Portal Platform</productname>
<productnumber>5.2</productnumber>
<edition>5.2.0</edition>
- <pubsnumber>18</pubsnumber>
+ <pubsnumber>100</pubsnumber>
<abstract>
<para>
This Reference Guide is a high-level usage document. It deals with more advanced topics than the Installation and User Guides, adding new content or taking concepts discussed in the earlier documents further. It aims to provide supporting documentation for advanced users of the JBoss Enterprise Portal Platform product. Its primary focus is on advanced use of the product and it assumes an intermediate or advanced knowledge of the technology and terms.
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/Revision_History.xml 2012-01-03 01:03:48 UTC (rev 8273)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/Revision_History.xml 2012-01-03 03:42:16 UTC (rev 8274)
@@ -8,7 +8,21 @@
<simpara>
<revhistory>
<revision>
- <revnumber>5.2.0-18</revnumber>
+ <revnumber>5.2.0-100</revnumber>
+ <date>Wed Dec 14 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email></email>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Publication build.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-19</revnumber>
<date>Fri Dec 9 2011</date>
<author>
<firstname>Scott</firstname>
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/extras/PortalDevelopment_DefaultPortalNavigationConfiguration/navigation.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/extras/PortalDevelopment_DefaultPortalNavigationConfiguration/navigation.xml 2012-01-03 01:03:48 UTC (rev 8273)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/extras/PortalDevelopment_DefaultPortalNavigationConfiguration/navigation.xml 2012-01-03 03:42:16 UTC (rev 8274)
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
+<?xml version="1.0" encoding="UTF-8"?>
<node-navigation
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.gatein.org/xml/ns/gatein_objects_1_2 http://www.gatein.org/xml/ns/gatein_objects_1_2"
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/images/DataImportStrategy/navigation1.png
===================================================================
(Binary files differ)
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/images/DataImportStrategy/navigation2.png
===================================================================
(Binary files differ)
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/BackendConfiguration.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/BackendConfiguration.xml 2012-01-03 01:03:48 UTC (rev 8273)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/BackendConfiguration.xml 2012-01-03 03:42:16 UTC (rev 8274)
@@ -4,7 +4,7 @@
%BOOK_ENTITIES;
]>
<section id="sect-Reference_Guide-PicketLink_IDM_integration">
- <title><remark>PicketLink IDM integration</remark></title>
+ <title>PicketLink IDM integration</title>
<para>
JBoss Enterprise Portal Platform uses the <literal>PicketLink IDM</literal> component to store necessary identity information about users, groups and memberships. While legacy interfaces are still used (<literal>org.exoplatform.services.organization</literal>) for identity management, there is a wrapper implementation that delegates to PicketLink IDM framework.
</para>
@@ -26,10 +26,11 @@
<para>
Additionally, <literal>org.exoplatform.services.organization</literal> <emphasis>membership</emphasis> concept needs to be translated into the IDM <emphasis>Role</emphasis> concept. Therefore <literal>PicketLink IDM</literal> model is used in a limited way. All these translations are applied by the integration layer.
</para>
- <remark>The "Configuration Files" section has been commented out as the configuration parameters require more work than time allows before the 5.2.0 release.</remark>
- <!--
- DOCS NOTE: The content of this section are entirely wrong and needs to be rewritten. The config file in the first programlisting has been updated to the version in EPP 5.2.0, however time constraints prevented this from being actioned before the 5.2.0 GA release.
+
+ <!-- DOCS NOTE: The "Configuration Files" section has been commented out as the configuration parameters require more work than time allows before the 5.2.0 release.
+ The content of this section are entirely wrong and needs to be rewritten. The config file in the first programlisting has been updated to the version in EPP 5.2.0, however time constraints prevented this from being actioned before the 5.2.0 GA release.
+
The section above notes that this document does not go into Picketlink IDM Config, so perhaps this section can remain hidden...
<section id="sect-Reference_Guide-PicketLink_IDM_integration-Configuration_Files">
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2012-01-03 01:03:48 UTC (rev 8273)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2012-01-03 03:42:16 UTC (rev 8274)
@@ -3,8 +3,8 @@
<!ENTITY % BOOK_ENTITIES SYSTEM "Reference_Guide.ent">
%BOOK_ENTITIES;
]>
-<section id="sect-Reference_Guide-SSO_Single_Sign_On_">
- <title><remark>SSO - Single Sign On</remark></title>
+<section id="sect-Reference_Guide-SSO_Single_Sign_On">
+ <title>SSO - Single Sign On</title>
<section id="sect-Reference_Guide-SSO_Single_Sign_On_-Overview">
<title>Overview</title>
<para>
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity.xml 2012-01-03 01:03:48 UTC (rev 8273)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity.xml 2012-01-03 03:42:16 UTC (rev 8274)
@@ -4,85 +4,15 @@
%BOOK_ENTITIES;
]>
<chapter id="chap-Reference_Guide-Authentication_and_Identity">
- <title>Authentication and Identity</title>
- <section id="sect-Reference_Guide-Authentication_and_Identity-Password_Encryption">
- <title>Password Encryption</title>
- <!-- The warning and first listitem below were relocated from sect-Reference_Guide-Authentication_Token_Configuration as security and plain-text password issues were being expanded on (from JBEPP-610) --> <warning>
- <title>Username and passwords stored in clear text</title>
- <para>
- The <emphasis>Remember Me</emphasis> feature of JBoss Enterprise Portal Platform uses a token mechanism to be able to authenticate returning users without requiring an explicit login. However, to be able to authenticate these users, the token needs to store the username and password in clear text in the JCR.
- </para>
-
- </warning>
- <para>
- Administrators have two options available to ameliorate this risk:
- </para>
- <orderedlist>
- <listitem>
- <para>
- The <emphasis>Remember Me</emphasis> feature can be disabled by removing the corresponding checkbox in: <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/login/jsp/login.jsp</filename> and <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/groovy/portal/webui/UILoginForm.gtmpl</filename>.
- </para>
-
- </listitem>
- <listitem>
- <para>
- Passwords can be encoded prior to being saved to the JCR. This option requires administrators to provide a custom subclass of <parameter>org.exoplatform.web.security.security.AbstractCodec</parameter> and set up a codec implementation with <parameter>CookieTokenService</parameter>:
- </para>
- <procedure id="proc-Reference_Guide-Password_Encryption-Encrypt_Password_in_JCR">
- <title>Encrypt Password in JCR</title>
- <step>
- <para>
- Create a javaclass similar to:
- </para>
-
-<programlisting language="Java" role="Java"><xi:include href="../extras/Authentication_Identity/ExampleCodec.java" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
- <step>
- <para>
- Compile the class and package it into a jar file. For this example we will call the jar file <filename>codec-example.jar</filename>.
- </para>
-
- </step>
- <step>
- <para>
- Create a <filename>conf/portal/configuration.xml</filename> file within the <filename>codec-example.jar</filename> similar to the example below. This allows the portal kernel to find and use the new codec implementation.
- </para>
-
-<programlisting language="XML" role="XML"><xi:include href="../extras/Authentication_Identity/configuration.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
- <step>
- <para>
- Deploy the <filename>codec-example.jar</filename> into your <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/lib/</filename> directory.
- </para>
-
- </step>
- <step>
- <para>
- Start (or restart) your JBoss Enterprise Portal Platform.
- </para>
- <para>
- Any passwords written to the JCR will now be encoded and not plain text.
- </para>
-
- </step>
-
- </procedure>
-
-
- </listitem>
-
- </orderedlist>
-
- </section>
-
- <xi:include href="AuthenticationAndIdentity/PredefinedUserConfiguration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
- <xi:include href="AuthenticationAndIdentity/AuthenticationTokenConfiguration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
- <xi:include href="AuthenticationAndIdentity/BackendConfiguration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
- <xi:include href="AuthenticationAndIdentity/OrganizationAPI.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
- <xi:include href="AuthenticationAndIdentity/AccessingUserProfile.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
- <xi:include href="AuthenticationAndIdentity/SSO.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
- <xi:include href="AuthenticationAndIdentity/LDAP.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <title>Authentication and Identity</title>
+ <xi:include href="AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="AuthenticationAndIdentity/PasswordEncryption.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="AuthenticationAndIdentity/PredefinedUserConfiguration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="AuthenticationAndIdentity/AuthenticationTokenConfiguration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="AuthenticationAndIdentity/BackendConfiguration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="AuthenticationAndIdentity/OrganizationAPI.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="AuthenticationAndIdentity/AccessingUserProfile.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="AuthenticationAndIdentity/SSO.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="AuthenticationAndIdentity/LDAP.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
</chapter>
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/DataImportStrategy.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/DataImportStrategy.xml 2012-01-03 01:03:48 UTC (rev 8273)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/DataImportStrategy.xml 2012-01-03 03:42:16 UTC (rev 8274)
@@ -4,54 +4,54 @@
%BOOK_ENTITIES;
]>
<chapter id="chap-Reference_Guide-Data_Import_Strategy">
- <title>Data Import Strategy</title>
- <section id="sect-Reference_Guide-Data_Import_Strategy-Introduction">
- <title>Introduction</title>
- <para>
- In the Portal extension mechanism, developers can define an extension that Portal data can be customized by configurations in the extension. There are several cases which an extension developer wants to define how to customize the Portal data, for example modifying, overwriting or just inserting a bit into the data defined by the portal. Therefore, GateIn also defines several modes for each case and the only thing which a developer has to do is to clarify the usecase and reasonably configure extensions.
- </para>
- <para>
- This section shows you how data are changes in each mode.
- </para>
+ <title>Data Import Strategy</title>
+ <section id="sect-Reference_Guide-Data_Import_Strategy-Introduction">
+ <title>Introduction</title>
+ <para>
+ In the Portal extension mechanism, developers can define an extension that Portal data can be customized by configurations in the extension. There are several cases which an extension developer wants to define how to customize the Portal data, for example modifying, overwriting or just inserting a bit into the data defined by the portal. Therefore, GateIn also defines several modes for each case and the only thing which a developer has to do is to clarify the usecase and reasonably configure extensions.
+ </para>
+ <para>
+ This section shows you how data are changes in each mode.
+ </para>
- </section>
-
- <section id="sect-Reference_Guide-Data_Import_Strategy-Import_Mode">
- <title>Import Mode</title>
- <para>
- In this section, the following modes for the import strategy are introduced:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- <literal>CONSERVE</literal>
- </para>
+ </section>
+
+ <section id="sect-Reference_Guide-Data_Import_Strategy-Import_Mode">
+ <title>Import Mode</title>
+ <para>
+ In this section, the following modes for the import strategy are introduced:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <literal>CONSERVE</literal>
+ </para>
- </listitem>
- <listitem>
- <para>
- <literal>MERGE</literal>
- </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>MERGE</literal>
+ </para>
- </listitem>
- <listitem>
- <para>
- <literal>INSERT</literal>
- </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>INSERT</literal>
+ </para>
- </listitem>
- <listitem>
- <para>
- <literal>OVERWRITE</literal>
- </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>OVERWRITE</literal>
+ </para>
- </listitem>
+ </listitem>
- </itemizedlist>
- <para>
- Each mode indicates how the Portal data are imported. The import mode value is set whenever <literal>NewPortalConfigListener</literal> is initiated. If the mode is not set, the default value will be used in this case. The default value is configurable as a UserPortalConfigService initial param. For example, the bellow configuration means that default value is <literal>MERGE</literal>.
- </para>
-
+ </itemizedlist>
+ <para>
+ Each mode indicates how the Portal data are imported. The import mode value is set whenever <literal>NewPortalConfigListener</literal> is initiated. If the mode is not set, the default value will be used in this case. The default value is configurable as a UserPortalConfigService initial param. For example, the bellow configuration means that default value is <literal>MERGE</literal>.
+ </para>
+
<programlisting language="XML" role="XML">
<component>
<key>org.exoplatform.portal.config.UserPortalConfigService</key>
@@ -68,81 +68,81 @@
</component>
</programlisting>
- <para>
- The way that the import strategy works with the import mode will be clearly demonstrated in next sections for each type of data.
- </para>
+ <para>
+ The way that the import strategy works with the import mode will be clearly demonstrated in next sections for each type of data.
+ </para>
- </section>
-
- <section id="sect-Reference_Guide-Data_Import_Strategy-Data_Import_Strategy">
- <title>Data Import Strategy</title>
- <para>
- The 'Portal Data' term which has been referred in the previous sections can be classified into three types of object data: Portal Config, Page Data and Navigation Data; each of which has some differences in the import strategy.
- </para>
- <section id="sect-Reference_Guide-Data_Import_Strategy-Navigation_Data">
- <title>Navigation Data</title>
- <para>
- The navigation data import strategy will be processed to the import mode level as the followings:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- <literal>CONSERVE</literal>: If the navigation exists, leave it untouched. Otherwise, import data.
- </para>
+ </section>
+
+ <section id="sect-Reference_Guide-Data_Import_Strategy-Data_Import_Strategy">
+ <title>Data Import Strategy</title>
+ <para>
+ The 'Portal Data' term which has been referred in the previous sections can be classified into three types of object data: Portal Config, Page Data and Navigation Data; each of which has some differences in the import strategy.
+ </para>
+ <section id="sect-Reference_Guide-Data_Import_Strategy-Navigation_Data">
+ <title>Navigation Data</title>
+ <para>
+ The navigation data import strategy will be processed to the import mode level as the followings:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <literal>CONSERVE</literal>: If the navigation exists, leave it untouched. Otherwise, import data.
+ </para>
- </listitem>
- <listitem>
- <para>
- <literal>INSERT</literal>: Insert the missing description data, but add only new nodes. Other modifications remains untouched.
- </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>INSERT</literal>: Insert the missing description data, but add only new nodes. Other modifications remains untouched.
+ </para>
- </listitem>
- <listitem>
- <para>
- <literal>MERGE</literal>: Merge the description data, add missing nodes and update same name nodes.
- </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>MERGE</literal>: Merge the description data, add missing nodes and update same name nodes.
+ </para>
- </listitem>
- <listitem>
- <para>
- <literal>OVERWRITE</literal>: Always destroy the previous data and recreate it.
- </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>OVERWRITE</literal>: Always destroy the previous data and recreate it.
+ </para>
- </listitem>
+ </listitem>
- </itemizedlist>
- <para>
- In the GateIn navigation structure, each navigation can be referred to a tree which each node links to a page content. Each node contains some description data, such as label, icon, page reference, and more. Therefore, GateIn provides a way to insert or merge new data to the initiated navigation tree or a sub-tree.
- </para>
- <para>
- The merge strategy performs the recursive comparison of child nodes between the existing persistent nodes of a navigation and the transient nodes provided by a descriptor:
- </para>
- <procedure>
- <step>
- <para>
- Start with the root nodes (which is the effective root node or another node if the parent URI is specified).
- </para>
+ </itemizedlist>
+ <para>
+ In the GateIn navigation structure, each navigation can be referred to a tree which each node links to a page content. Each node contains some description data, such as label, icon, page reference, and more. Therefore, GateIn provides a way to insert or merge new data to the initiated navigation tree or a sub-tree.
+ </para>
+ <para>
+ The merge strategy performs the recursive comparison of child nodes between the existing persistent nodes of a navigation and the transient nodes provided by a descriptor:
+ </para>
+ <procedure>
+ <step>
+ <para>
+ Start with the root nodes (which is the effective root node or another node if the parent URI is specified).
+ </para>
- </step>
- <step>
- <para>
- Compare the set of child nodes and insert the missing nodes in the persistent nodes.
- </para>
+ </step>
+ <step>
+ <para>
+ Compare the set of child nodes and insert the missing nodes in the persistent nodes.
+ </para>
- </step>
- <step>
- <para>
- Proceed recursively for each child having the same name.
- </para>
+ </step>
+ <step>
+ <para>
+ Proceed recursively for each child having the same name.
+ </para>
- </step>
+ </step>
- </procedure>
-
- <para>
- Let's see the example with two navigation nodes in each import mode. In this case, there are 2 navigation definitions:
- </para>
-
+ </procedure>
+
+ <para>
+ Let's see the example with two navigation nodes in each import mode. In this case, there are 2 navigation definitions:
+ </para>
+
<programlisting language="XML" role="XML"><node-navigation>
<page-nodes>
<node>
@@ -159,13 +159,13 @@
</node>
</page-nodes>
</node-navigation></programlisting>
- <mediaobject>
- <imageobject>
- <imagedata align="center" fileref="images/DataImportStrategy/navigation1.png" format="PNG" width="444" />
- </imageobject>
+ <mediaobject>
+ <imageobject>
+ <imagedata align="center" fileref="images/DataImportStrategy/navigation1.png" format="PNG" width="444" />
+ </imageobject>
- </mediaobject>
-
+ </mediaobject>
+
<programlisting language="XML" role="XML"><node-navigation>
<page-nodes>
<node>
@@ -178,135 +178,137 @@
</node>
</page-nodes>
</node-navigation></programlisting>
- <mediaobject>
- <imageobject>
- <imagedata align="center" fileref="images/DataImportStrategy/navigation2.png" format="PNG" width="444" />
- </imageobject>
+ <mediaobject>
+ <imageobject>
+ <imagedata align="center" fileref="images/DataImportStrategy/navigation2.png" format="PNG" width="444" />
+ </imageobject>
- </mediaobject>
- <para>
- For example, the <emphasis>navigation1</emphasis> is loaded before <emphasis>navigation2</emphasis>. The Navigation Importer processes on two navigation definitions, depending on the Import Mode defined in portal configuration.
- </para>
- <variablelist id="vari-Reference_Guide-Navigation_Data-Import_Mode_Cases">
- <title>Import Mode Cases</title>
- <varlistentry>
- <term>Case 1: <literal>CONSERVE</literal></term>
- <listitem>
- <para>
- With the <literal>CONSERVE</literal> mode, data are only imported when they do not exist. So, if the navigation has been created by the <emphasis>navigation1</emphasis> definition, the <emphasis>navigation2</emphasis> definition does not affect anything on it. We have the result as following
- </para>
- <mediaobject>
- <imageobject>
- <imagedata align="center" fileref="images/DataImportStrategy/navigation1.png" format="PNG" width="444" />
- </imageobject>
+ </mediaobject>
+ <para>
+ For example, the <emphasis>navigation1</emphasis> is loaded before <emphasis>navigation2</emphasis>. The Navigation Importer processes on two navigation definitions, depending on the Import Mode defined in portal configuration.
+ </para>
+ <variablelist id="vari-Reference_Guide-Navigation_Data-Import_Mode_Cases">
+ <title>Import Mode Cases</title>
+ <varlistentry>
+ <term>Case 1: <literal>CONSERVE</literal></term>
+ <listitem>
+ <para>
+ With the <literal>CONSERVE</literal> mode, data are only imported when they do not exist. So, if the navigation has been created by the <emphasis>navigation1</emphasis> definition, the <emphasis>navigation2</emphasis> definition does not affect anything on it. We have the result as following
+ </para>
+ <mediaobject>
+ <imageobject role="html">
+ <imagedata fileref="images/DataImportStrategy/navigation1.png" format="PNG" align="center"/>
+ </imageobject>
+ <imageobject role="fo">
+ <imagedata fileref="images/DataImportStrategy/navigation1.png" format="PNG" align="center" width="100mm"/>
+ </imageobject>
+ </mediaobject>
- </mediaobject>
+ </listitem>
- </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Case 2: <literal>INSERT</literal></term>
+ <listitem>
+ <para>
+ If a node does not exist, the importer will add new nodes to the navigation tree. You will see the following result:
+ </para>
+ <mediaobject>
+ <imageobject>
+ <imagedata align="center" fileref="images/DataImportStrategy/navigation_insert.png" format="PNG" width="444" />
+ </imageobject>
- </varlistentry>
- <varlistentry>
- <term>Case 2: <literal>INSERT</literal></term>
- <listitem>
- <para>
- If a node does not exist, the importer will add new nodes to the navigation tree. You will see the following result:
- </para>
- <mediaobject>
- <imageobject>
- <imagedata align="center" fileref="images/DataImportStrategy/navigation_insert.png" format="PNG" width="444" />
- </imageobject>
+ </mediaobject>
+ <para>
+ Hereafter, the node 'bar' is added to the navigation tree, because it does not exist in the initiated data. Other nodes are kept in the import process.
+ </para>
- </mediaobject>
- <para>
- Hereafter, the node 'bar' is added to the navigation tree, because it does not exist in the initiated data. Other nodes are kept in the import process.
- </para>
+ </listitem>
- </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Case 3: <literal>MERGE</literal></term>
+ <listitem>
+ <para>
+ The <literal>MERGE</literal> mode indicates that a new node is added to the navigation tree, and updates the node data (such node label and node icon in the example) if it exists.
+ </para>
+ <mediaobject>
+ <imageobject>
+ <imagedata align="center" fileref="images/DataImportStrategy/navigation_merge.png" format="PNG" width="444" />
+ </imageobject>
- </varlistentry>
- <varlistentry>
- <term>Case 3: <literal>MERGE</literal></term>
- <listitem>
- <para>
- The <literal>MERGE</literal> mode indicates that a new node is added to the navigation tree, and updates the node data (such node label and node icon in the example) if it exists.
- </para>
- <mediaobject>
- <imageobject>
- <imagedata align="center" fileref="images/DataImportStrategy/navigation_merge.png" format="PNG" width="444" />
- </imageobject>
+ </mediaobject>
- </mediaobject>
+ </listitem>
- </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Case 4: <literal>OVERWRITE</literal></term>
+ <listitem>
+ <para>
+ Everything will be destroyed and replaced with new data if the <literal>OVERWRITE</literal> mode is used.
+ </para>
+ <mediaobject>
+ <imageobject>
+ <imagedata align="center" fileref="images/DataImportStrategy/navigation2.png" format="PNG" width="444" />
+ </imageobject>
- </varlistentry>
- <varlistentry>
- <term>Case 4: <literal>OVERWRITE</literal></term>
- <listitem>
- <para>
- Everything will be destroyed and replaced with new data if the <literal>OVERWRITE</literal> mode is used.
- </para>
- <mediaobject>
- <imageobject>
- <imagedata align="center" fileref="images/DataImportStrategy/navigation2.png" format="PNG" width="444" />
- </imageobject>
+ </mediaobject>
- </mediaobject>
+ </listitem>
- </listitem>
+ </varlistentry>
- </varlistentry>
+ </variablelist>
- </variablelist>
+ </section>
+
+ <section id="sect-Reference_Guide-Data_Import_Strategy-Portal_Config">
+ <title>Portal Config</title>
+ <para>
+ PortalConfig defines the portal name, permission, layout and some properties of a site. These information are configured in the <emphasis>portal.xml</emphasis>, <emphasis>group.xml</emphasis> or <emphasis>user.xml</emphasis>, depending on the site type. The PortalConfig importer performs a strategy that is based on the mode defined in NewPortalConfigListener, including <literal>CONSERVE</literal>, <literal>INSERT</literal>, <literal>MERGE</literal> or <literal>OVERWRITE</literal>. Let's see how the import mode affects in the process of portal data performance:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <literal>CONSERVE</literal>: There is nothing to be imported. The existing data will be kept without any changes.
+ </para>
- </section>
-
- <section id="sect-Reference_Guide-Data_Import_Strategy-Portal_Config">
- <title>Portal Config</title>
- <para>
- PortalConfig defines the portal name, permission, layout and some properties of a site. These information are configured in the <emphasis>portal.xml</emphasis>, <emphasis>group.xml</emphasis> or <emphasis>user.xml</emphasis>, depending on the site type. The PortalConfig importer performs a strategy that is based on the mode defined in NewPortalConfigListener, including <literal>CONSERVE</literal>, <literal>INSERT</literal>, <literal>MERGE</literal> or <literal>OVERWRITE</literal>. Let's see how the import mode affects in the process of portal data performance:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- <literal>CONSERVE</literal>: There is nothing to be imported. The existing data will be kept without any changes.
- </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>INSERT</literal>: When the portal config does not exist, create the new portal defined by the portal config definition. Otherwise, do nothing.
+ </para>
- </listitem>
- <listitem>
- <para>
- <literal>INSERT</literal>: When the portal config does not exist, create the new portal defined by the portal config definition. Otherwise, do nothing.
- </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>MERGE</literal> and <literal>OVERWRITE</literal> have the same behavior. The new portal config will be created if it does not exist or update portal properties defined by the portal config definition.
+ </para>
- </listitem>
- <listitem>
- <para>
- <literal>MERGE</literal> and <literal>OVERWRITE</literal> have the same behavior. The new portal config will be created if it does not exist or update portal properties defined by the portal config definition.
- </para>
+ </listitem>
- </listitem>
+ </itemizedlist>
- </itemizedlist>
+ </section>
+
+ <section id="sect-Reference_Guide-Data_Import_Strategy-Page_Data">
+ <title>Page Data</title>
+ <para>
+ The import mode affects the page data import as the same as Portal Config.
+ </para>
+ <note>
+ <para>
+ If the Import mode is <literal>CONSERVE</literal> or <literal>INSERT</literal>, the data import strategy always performs as the <literal>MERGE</literal> mode in the first data initialization of the Portal.
+ </para>
- </section>
-
- <section id="sect-Reference_Guide-Data_Import_Strategy-Page_Data">
- <title>Page Data</title>
- <para>
- The import mode affects the page data import as the same as Portal Config.
- </para>
- <note>
- <para>
- If the Import mode is <literal>CONSERVE</literal> or <literal>INSERT</literal>, the data import strategy always performs as the <literal>MERGE</literal> mode in the first data initialization of the Portal.
- </para>
+ </note>
- </note>
+ </section>
+
- </section>
-
+ </section>
+
- </section>
-
-
</chapter>
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/Skinning.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/Skinning.xml 2012-01-03 01:03:48 UTC (rev 8273)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/Skinning.xml 2012-01-03 03:42:16 UTC (rev 8274)
@@ -462,7 +462,7 @@
</section>
<section id="sect-Reference_Guide-Creating_New_Skins-How_to_Create_New_Portlet_Skins">
- <title><remark>How to Create New Portlet Skins</remark></title>
+ <title>How to Create New Portlet Skins</title>
<para>
Portlets often require additional styles that may not be defined by the portal skin. JBoss Enterprise Portal Platform allows portlets to define additional stylesheets for each portlet and will append the corresponding <literal>link</literal> tags to the <literal>head</literal>.
@@ -493,7 +493,7 @@
</note>
<section id="sect-Reference_Guide-How_to_Create_New_Portlet_Skins-Define_a_Custom_CSS_File">
- <title><remark>Define a Custom CSS File</remark></title>
+ <title>Define a Custom CSS File</title>
<para>
JBoss Enterprise Portal Platform &VX; does not serve CSS files directly, but uses a filter as well as a skin service in order to:
@@ -538,7 +538,7 @@
<term><filename>WEB-INF/gatein-resources.xml</filename>:</term>
<listitem>
-<programlisting><![CDATA[<portlet-skin>
+<programlisting language="XML" role="XML"><![CDATA[<portlet-skin>
<application-name>custom</application-name>
<portlet-name>test</portlet-name>
<skin-name>Default</skin-name>
@@ -569,7 +569,7 @@
<term><filename>WEB-INF/web.xml</filename>:</term>
<listitem>
-<programlisting><![CDATA[<display-name>custom</display-name>
+<programlisting language="XML" role="XML"><![CDATA[<display-name>custom</display-name>
<filter>
<filter-name>ResourceRequestFilter</filter-name>
@@ -605,7 +605,7 @@
<term><filename>WEB-INF/portlet.xml</filename>:</term>
<listitem>
-<programlisting><![CDATA[<portlet-name>test</portlet-name>
+<programlisting language="XML" role="XML"><![CDATA[<portlet-name>test</portlet-name>
]]></programlisting>
<note>
<title>Note:</title>
@@ -751,12 +751,14 @@
<para>
Left margin left pattern is a technique to create two blocks side by side. The left block will have a fixed size and the right block will take the rest of the available space. When the user resizes the browser the added or removed space will be taken from the right block.
</para>
-
- <mediaobject>
- <imageobject>
- <imagedata fileref="images/PortalDevelopment/Skinning/leftMarginPattern.png" format="PNG" width="303" />
- </imageobject>
- </mediaobject>
+ <mediaobject>
+ <imageobject role="html">
+ <imagedata fileref="images/PortalDevelopment/Skinning/leftMarginPattern.png" format="PNG" align="center"/>
+ </imageobject>
+ <imageobject role="fo">
+ <imagedata fileref="images/PortalDevelopment/Skinning/leftMarginPattern.png" format="PNG" align="center" width="100mm"/>
+ </imageobject>
+ </mediaobject>
<programlisting language="XML" role="XML"><xi:include href="../../extras/PortalDevelopment_Skinning/default194.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
</section>
</section>
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/modules/RH-WSRP.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/RH-WSRP.xml 2012-01-03 01:03:48 UTC (rev 8273)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/RH-WSRP.xml 2012-01-03 03:42:16 UTC (rev 8274)
@@ -4,7 +4,7 @@
%BOOK_ENTITIES;
]>
<chapter id="chap-Reference_Guide-Web_Services_for_Remote_Portlets_WSRP">
- <title><remark>Web Services for Remote Portlets (WSRP)</remark></title>
+ <title>Web Services for Remote Portlets (WSRP)</title>
<section id="sect-Reference_Guide-Web_Services_for_Remote_Portlets_WSRP-Introduction">
<title>Introduction</title>
<para>
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/modules/WSRP.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/WSRP.xml 2012-01-03 01:03:48 UTC (rev 8273)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/WSRP.xml 2012-01-03 03:42:16 UTC (rev 8274)
@@ -4,7 +4,7 @@
%BOOK_ENTITIES;
]>
<chapter id="wsrp">
- <title><remark>Web Services for Remote Portlets (WSRP)</remark></title>
+ <title>Web Services for Remote Portlets (WSRP)</title>
<section>
<title>Introduction</title>
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/modules/eXoJCR/jcr/configuration/exo-jcr-configuration.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/eXoJCR/jcr/configuration/exo-jcr-configuration.xml 2012-01-03 01:03:48 UTC (rev 8273)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/eXoJCR/jcr/configuration/exo-jcr-configuration.xml 2012-01-03 03:42:16 UTC (rev 8274)
@@ -4,7 +4,7 @@
%BOOK_ENTITIES;
]>
<chapter id="chap-Reference_Guide-JCR_configuration">
- <title><remark>JCR configuration</remark></title>
+ <title>JCR configuration</title>
<para>
The JCR configuration is defined in an XML file which is constructed as per the DTD below:
</para>
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/modules/eXoJCR/jcr/configuration/jdbc-data-container-config.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/eXoJCR/jcr/configuration/jdbc-data-container-config.xml 2012-01-03 01:03:48 UTC (rev 8273)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/eXoJCR/jcr/configuration/jdbc-data-container-config.xml 2012-01-03 03:42:16 UTC (rev 8274)
@@ -342,7 +342,7 @@
</section>
<section id="sect-Reference_Guide-JDBC_Data_Container_Config-Multi_database_Configuration">
- <title><remark>Multi-database Configuration</remark></title>
+ <title>Multi-database Configuration</title>
<para>
You need to configure each workspace in a repository as part of multi-database configuration. Databases may reside on remote servers as required.
</para>
@@ -366,7 +366,7 @@
<itemizedlist>
<listitem>
<para>
- <parameter><remark>driverClassName</remark></parameter>, e.g. "org.hsqldb.jdbcDriver", "com.mysql.jdbc.Driver", "org.postgresql.Driver"
+ <parameter>driverClassName</parameter>, e.g. "org.hsqldb.jdbcDriver", "com.mysql.jdbc.Driver", "org.postgresql.Driver"
</para>
</listitem>
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/modules/eXoJCR/jcr/configuration/search-configuration.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/eXoJCR/jcr/configuration/search-configuration.xml 2012-01-03 01:03:48 UTC (rev 8273)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/eXoJCR/jcr/configuration/search-configuration.xml 2012-01-03 03:42:16 UTC (rev 8274)
@@ -4,7 +4,7 @@
%BOOK_ENTITIES;
]>
<chapter id="chap-Reference_Guide-Search_Configuration">
- <title><remark>Search Configuration</remark></title>
+ <title>Search Configuration</title>
<para>
The search function in JCR can be configured to perform in specific ways. This section will discuss configuring the search function to improve search performance and results.
</para>
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/modules/eXoJCR.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/eXoJCR.xml 2012-01-03 01:03:48 UTC (rev 8273)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/eXoJCR.xml 2012-01-03 03:42:16 UTC (rev 8274)
@@ -4,7 +4,7 @@
%BOOK_ENTITIES;
]>
<part id="part-Reference_Guide-The_Java_Content_Repository_">
- <title><remark>The Java Content Repository</remark></title>
+ <title>The Java Content Repository</title>
<!-- <xi:include href="eXoJCR/eXoJCR/jcr.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> -->
<xi:include href="eXoJCR/jcr/intro.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<!--concepts -->
Modified: epp/docs/branches/5.2/Reference_Guide/publican.cfg
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/publican.cfg 2012-01-03 01:03:48 UTC (rev 8273)
+++ epp/docs/branches/5.2/Reference_Guide/publican.cfg 2012-01-03 03:42:16 UTC (rev 8274)
@@ -3,7 +3,7 @@
cvs_root: ":ext:cvs.devel.redhat.com:/cvs/dist"
cvs_branch: "DOCS-RHEL-6"
-show_remarks: 1
+#show_remarks: 1
cvs_pkg: "JBoss_Enterprise_Portal_Platform-Reference_Guide-5.2-web-__LANG__"
xml_lang: "en-US"
brand: JBoss
12 years, 11 months
gatein SVN: r8273 - epp/docs/branches/5.2/Installation_Guide/en-US.
by do-not-reply@jboss.org
Author: smumford
Date: 2012-01-02 20:03:48 -0500 (Mon, 02 Jan 2012)
New Revision: 8273
Modified:
epp/docs/branches/5.2/Installation_Guide/en-US/DatabaseConfiguration.xml
Log:
JBEPP-1460: Corrected datasource code
Modified: epp/docs/branches/5.2/Installation_Guide/en-US/DatabaseConfiguration.xml
===================================================================
--- epp/docs/branches/5.2/Installation_Guide/en-US/DatabaseConfiguration.xml 2012-01-02 12:26:42 UTC (rev 8272)
+++ epp/docs/branches/5.2/Installation_Guide/en-US/DatabaseConfiguration.xml 2012-01-03 01:03:48 UTC (rev 8273)
@@ -41,7 +41,7 @@
datasource descriptor located at
<filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein-ds.xml</filename>:
<programlisting language="XML" role="XML">
-<no-tx-datasource>
+<local-tx-datasource>
<jndi-name>gatein-jcr</jndi-name>
<connection-url>
jdbc:hsqldb:${jboss.server.data.dir}${/}gatein${/}hypersonic${/}gatein-jcr-localDB
@@ -54,7 +54,7 @@
<max-pool-size>20</max-pool-size>
<idle-timeout-minutes>0</idle-timeout-minutes>
<prepared-statement-cache-size>32</prepared-statement-cache-size>
-</no-tx-datasource>
+</local-tx-datasource>
</programlisting>
</para>
12 years, 11 months
gatein SVN: r8272 - portal/trunk/docs/reference-guide/en-US/modules/AuthenticationAndIdentity.
by do-not-reply@jboss.org
Author: mposolda
Date: 2012-01-02 07:26:42 -0500 (Mon, 02 Jan 2012)
New Revision: 8272
Modified:
portal/trunk/docs/reference-guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml
Log:
GTNPORTAL-2315 Added info about CustomMembershipLoginModule and SVN location of existing login modules
Modified: portal/trunk/docs/reference-guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml
===================================================================
--- portal/trunk/docs/reference-guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml 2012-01-02 12:25:37 UTC (rev 8271)
+++ portal/trunk/docs/reference-guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml 2012-01-02 12:26:42 UTC (rev 8272)
@@ -264,7 +264,41 @@
on JBoss AS level.
</para>
</listitem>
+ <listitem>
+ <para>
+ <emphasis role="bold">CustomMembershipLoginModule</emphasis> - special login module, which is disabled (commented) by default.
+ It can be used to add user to some existing group during successful login of this user. Name of group is configurable and by default it's <emphasis>/platform/users</emphasis>
+ group. Login module is commented because in normal environment, users are already in /platform/users group.
+ It's useful only for some special setups like read-only LDAP, where groups of ldap user are taken from ldap tree and so that users may not be in /platform/users
+ group, which is needed for successful authorization.
+ </para>
+ </listitem>
</itemizedlist>
+ <section id="sect-Authentication_Authorization_Intro-LoginModuleLocations">
+ <title>SVN location of login modules</title>
+ <para>
+ Some modules are specific for portal, but some are used also by eXo JCR and so they are part of eXo core module.
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <emphasis>PortalLoginModule</emphasis> - is located in &PRODUCT; sources in <ulink type="http" url="http://anonsvn.jboss.org/repos/gatein/portal/trunk/component/web/security/">http://anonsvn.jboss.org/repos/gatein/portal/trunk/component/web/security/</ulink>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <emphasis>SharedStateLoginModule, JbossLoginModule</emphasis> - these are located in eXo core sources in
+ <ulink type="http" url="http://anonsvn.jboss.org/repos/exo-jcr/core/trunk/exo.core.component.secu...">http://anonsvn.jboss.org/repos/exo-jcr/core/trunk/exo.core.component.secu...</ulink>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <emphasis>CustomMembershipLoginModule</emphasis> - located in &PRODUCT; sources in module for identity integration -
+ <ulink type="http" url="http://anonsvn.jboss.org/repos/gatein/portal/trunk/component/identity/">http://anonsvn.jboss.org/repos/gatein/portal/trunk/component/identity/</ulink>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </section>
</section><!-- Ending section with existing login modules -->
<section id="sect-Authentication_Authorization_Intro-createNewLM">
<title>Creating your own login module</title>
12 years, 12 months