gatein SVN: r8976 - in epp/docs/branches: 6.0/Reference_Guide/en-US/modules/PortalDevelopment and 1 other directory.
by do-not-reply@jboss.org
Author: smumford
Date: 2012-11-29 23:15:42 -0500 (Thu, 29 Nov 2012)
New Revision: 8976
Modified:
epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/PortalLifecycle.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/PortalDevelopment/PortalLifecycle.xml
Log:
BZ#807499: Added content about WCI advanced registration features
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/PortalLifecycle.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/PortalLifecycle.xml 2012-11-30 03:20:53 UTC (rev 8975)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/PortalLifecycle.xml 2012-11-30 04:15:42 UTC (rev 8976)
@@ -33,11 +33,11 @@
<title>Advanced WCI Registration</title>
<para>
- JBoss Portal Platform integrates with the web container to perform tasks such as automatic detection and registration of web applications. This is used by the portal container to detect when portlets are deployed and is accomplished through the WCI (Web Container Integration) component.
+ JBoss Enterprise Portal Platform integrates with the web container to perform tasks such as automatic detection and registration of web applications. This is used by the portal container to detect when portlets are deployed and is accomplished through the WCI (Web Container Integration) component.
</para>
<para>
- Some applications, especially Spring based portlets, may have requirements that specific servlets be started before any portlets are initialized. Although portlets and servlet initialization order are meant to be independent of each other, JBoss Portal Platform does have a way to get around these limitations imposed by these specific third party applications.
+ Some applications, especially Spring based portlets, may have requirements that specific servlets be started before any portlets are initialized. Although portlets and servlet initialization order are meant to be independent of each other, JBoss Enterprise Portal Platform does have a way to get around these limitations imposed by these specific third party applications.
</para>
<para>
@@ -76,7 +76,7 @@
</para>
<para>
- Below is an example web.xml file configured to ensure the MyCustomServlet will be initialised before the webapp is registered by WCI:
+ Below is an example <filename>web.xml</filename> file configured to ensure the <systemitem>MyCustomServlet</systemitem> will be initialized before the webapp is registered by WCI:
</para>
<programlisting language="XML" role="XML"><![CDATA[<!-- Disable the Native Application Registration -->
<context-param>
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/PortalDevelopment/PortalLifecycle.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/PortalDevelopment/PortalLifecycle.xml 2012-11-30 03:20:53 UTC (rev 8975)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/PortalDevelopment/PortalLifecycle.xml 2012-11-30 04:15:42 UTC (rev 8976)
@@ -22,6 +22,86 @@
<para>
During deployment, JBoss Portal Platform will automatically and transparently inject a servlet into the portlet application to be able to interact with it. This feature is dependent on the underlying servlet container but will work out of the box on the proposed bundles.
</para>
+ <section>
+ <title>Advanced WCI Registration</title>
+
+ <para>
+ JBoss Portal Platform integrates with the web container to perform tasks such as automatic detection and registration of web applications. This is used by the portal container to detect when portlets are deployed and is accomplished through the WCI (Web Container Integration) component.
+ </para>
+
+ <para>
+ Some applications, especially Spring based portlets, may have requirements that specific servlets be started before any portlets are initialized. Although portlets and servlet initialization order are meant to be independent of each other, JBoss Portal Platform does have a way to get around these limitations imposed by these specific third party applications.
+ </para>
+
+ <para>
+ As a workaround to this issue, two new, advanced features have been integrated into the WCI component;
+ </para>
+
+ <variablelist>
+ <title></title>
+
+ <varlistentry>
+ <term>Disabling Automatic registration</term>
+
+ <listitem>
+ <para>
+ By default WCI will register all web applications and the portlet container will then analyse the registered applications and initialize any portlets contained. If you do not wish for your web application to be automatically registered by the WCI component you can disable this feature. By disabling this feature you can prevent the automatic initialization of the portlet and specify later when you want it to be initialized.
+ </para>
+
+ <para>
+ This is done by setting the <parameter>gatein.wci.native.DisableRegistration</parameter> context-param to <literal>true</literal> in the <filename>web.xml</filename> file of the application, as shown below:
+ </para>
+<programlisting language="XML" role="XML"><![CDATA[<!-- Disable the Native Application Registration -->
+ <context-param>
+ <param-name>gatein.wci.native.DisableRegistration</param-name>
+ <param-value>true</param-value>
+ </context-param>
+]]></programlisting>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Manual application deployment.</term>
+
+ <listitem>
+ <para>
+ If you have disabled the automatic registration of your application in the first step, the portal container will not know about any of the portlets contained and will not be able to initialize them. WCI does have a servlet which can be used to manually register the web application. Since servlets can specify when they are deployed with regards to other servlets, we can use this to specify that the web application gets registered by WCI after another servlet has already been started. This means that the a servlet, for example the Spring servlet, can be initialized before any of the portlets.
+ </para>
+
+ <para>
+ Below is an example <filename>web.xml</filename> file configured to ensure the <systemitem>MyCustomServlet</systemitem> will be initialized before the webapp is registered by WCI:
+ </para>
+<programlisting language="XML" role="XML"><![CDATA[<!-- Disable the Native Application Registration -->
+ <context-param>
+ <param-name>gatein.wci.native.DisableRegistration</param-name>
+ <param-value>true</param-value>
+ </context-param>
+]]></programlisting>
+<programlisting language="XML" role="XML"><![CDATA[<!-- Register the Web Application Manually -->
+ <servlet>
+ <servlet-name>GateInServlet</servlet-name>
+ <servlet-class>org.gatein.wci.api.GateInServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+]]></programlisting>
+<programlisting language="XML" role="XML"><![CDATA[<!-- Custom Servlet which will be initalised before the webapp is registered in WCI -->
+ <servlet>
+ <servlet-name>MyCustomServlet</servlet-name>
+ <servlet-class>my.custom.Servlet</servlet-class>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+]]></programlisting>
+<programlisting language="XML" role="XML"><![CDATA[<!-- Servlet Mapping for the Manual Registration -->
+ <servlet-mapping>
+ <servlet-name>GateInServlet</servlet-name>
+ <url-pattern>/gateinservlet</url-pattern>
+ </servlet-mapping>
+]]></programlisting>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </section>
+ </section>
</section>
<!--
TODO: Define the added listener
12 years
gatein SVN: r8975 - in epp/docs/branches/6.0/Reference_Guide/en-US: modules/Advanced/Foundations and 1 other directories.
by do-not-reply@jboss.org
Author: jaredmorgs
Date: 2012-11-29 22:20:53 -0500 (Thu, 29 Nov 2012)
New Revision: 8975
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/Preface.xml
epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/Advanced/Foundations/Requests.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/LDAP.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SAML2.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
Log:
BZ#856430 - Incorporated changes suggested by Marek to the CAS section.
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/Preface.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/Preface.xml 2012-11-30 02:05:39 UTC (rev 8974)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/Preface.xml 2012-11-30 03:20:53 UTC (rev 8975)
@@ -14,6 +14,31 @@
<variablelist id="vari-Reference_Guide-Introduction-Devices">
<varlistentry>
<term>
+ <replaceable>CAS_DIR</replaceable>
+ </term>
+ <listitem>
+ <para>The installation root of the Central Authentication Service (CAS) Single Sign-on Framework. This directory is an arbitrary location chosen when CAS is downloaded and installed.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <replaceable>HTTPD_DIST</replaceable>
+ </term>
+ <listitem>
+ <para>The installation root of the Apache httpd server. Apache httpd is a web server used to deploy non-java based applications such as CGI or PHP. This directory contains the main folders that comprise the server such as <filename>/conf</filename>, <filename>/webapps</filename>, and <filename>/bin</filename>. </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <replaceable>ID_HOME</replaceable>
+ </term>
+ <listitem>
+ <para>
+The <filename>JPP_SERVER/gatein/gatein.ear/portal.war/WEB-INF/conf/organization/</filename> directory, which contains identity-related configuration resources. This abbreviation is used primarily in <xref linkend="chap-LDAP_Integration"/>.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
<replaceable>JPP_DIST</replaceable>
</term>
<listitem>
@@ -44,20 +69,12 @@
</varlistentry>
<varlistentry>
<term>
- <replaceable>CAS_DIR</replaceable>
+ <replaceable>TOMCAT_DIST</replaceable>
</term>
<listitem>
- <para>The installation root of the Central Authentication Service (CAS) Single Sign-on Framework. This directory is an arbitrary location chosen when CAS is downloaded and installed.</para>
+ <para>The installation root of the Apache Tomcat server. Apache Tomcat is a simple Java-based web server that can host servlet or JSP applications. This directory contains the main folders that comprise the server such as <filename>/bin</filename>, <filename>/conf</filename>, <filename>/webapps</filename>, and <filename>/lib</filename>.</para>
</listitem>
</varlistentry>
- <varlistentry>
- <term>
- <replaceable>HTTPD_DIST</replaceable>
- </term>
- <listitem>
- <para>The installation root of the Apache httpd Server. This folder contains the main folders that comprise the server such as <filename>/conf</filename>, <filename>/webapps</filename>, and <filename>/bin</filename>.</para>
- </listitem>
- </varlistentry>
</variablelist>
</section>
<!-- FOR PUBLICAN --> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Common_Content/Conventions.xml">
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml 2012-11-30 02:05:39 UTC (rev 8974)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml 2012-11-30 03:20:53 UTC (rev 8975)
@@ -8,6 +8,34 @@
<simpara>
<revhistory>
<revision>
+ <revnumber>6.0.0-22</revnumber>
+ <date>Fri Nov 30 2012</date>
+ <author>
+ <firstname>Jared</firstname>
+ <surname>Morgan</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>BZ#856430 - Incorporated changes suggested by Marek to the CAS section.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>6.0.0-21</revnumber>
+ <date>Thu Nov 29 2012</date>
+ <author>
+ <firstname>Jared</firstname>
+ <surname>Morgan</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>BZ#856453 - Made the minor, required changes to the LDAP section as identified by Marek in the BS issue.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
<revnumber>6.0.0-20</revnumber>
<date>Wed Nov 28 2012</date>
<author>
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/Advanced/Foundations/Requests.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/Advanced/Foundations/Requests.xml 2012-11-30 02:05:39 UTC (rev 8974)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/Advanced/Foundations/Requests.xml 2012-11-30 03:20:53 UTC (rev 8975)
@@ -1,17 +1,16 @@
-<?xml version='1.0' encoding='utf-8' ?>
+<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "Reference_Guide.ent">
%BOOK_ENTITIES;
]>
<section id="sect-Reference_Guide-Component_request_life_cycle">
- <title>Component request life cycle</title>
- <section id="sect-Reference_Guide-Component_request_life_cycle-Component_request_life_cycle_contract">
- <title>Component request life cycle contract</title>
- <para>
- The component request life cycle is an interface that defines a contract for a component for being involved into a request:
- </para>
-
-<programlisting language="Java" role="Java">public interface ComponentRequestLifecycle
+ <title>Component request life cycle</title>
+ <section id="sect-Reference_Guide-Component_request_life_cycle-Component_request_life_cycle_contract">
+ <title>Component request life cycle contract</title>
+ <para>
+ The component request life cycle is an interface that defines a contract for a component for being involved into a request:
+ </para>
+ <programlisting language="Java" role="Java">public interface ComponentRequestLifecycle
{
/**
* Start a request.
@@ -25,24 +24,21 @@
*/
void endRequest(ExoContainer container);
}</programlisting>
- <para>
- The container passed is the container to which the component is related. This contract is often used to setup a thread local based context that will be demarcated by a request.
- </para>
- <para>
- For instance in the GateIn portal context, a component request life cycle is triggered for user requests. Another example is the initial data import in GateIn that demarcates using callbacks made to that interface.
- </para>
-
- </section>
-
- <section id="sect-Reference_Guide-Component_request_life_cycle-Request_life_cycle">
- <title>Request life cycle</title>
- <para>
- The <envar>RequestLifeCycle</envar> class has several statics methods that are used to schedule the component request life cycle of components. Its main responsibility is to perform scheduling while respecting the constraint to execute the request life cycle of a component only once even if it can be scheduled several times.
- </para>
- <section id="sect-Reference_Guide-Request_life_cycle-Scheduling_a_component_request_life_cycle">
- <title>Scheduling a component request life cycle</title>
-
-<programlisting language="Java" role="Java">RequestLifeCycle.begin(component);
+ <para>
+ The container passed is the container to which the component is related. This contract is often used to setup a thread local based context that will be demarcated by a request.
+ </para>
+ <para>
+ For instance in the portal context, a component request life cycle is triggered for user requests. Another example is the initial data import in GateIn that demarcates using callbacks made to that interface.
+ </para>
+ </section>
+ <section id="sect-Reference_Guide-Component_request_life_cycle-Request_life_cycle">
+ <title>Request life cycle</title>
+ <para>
+ The <envar>RequestLifeCycle</envar> class has several statics methods that are used to schedule the component request life cycle of components. Its main responsibility is to perform scheduling while respecting the constraint to execute the request life cycle of a component only once even if it can be scheduled several times.
+ </para>
+ <section id="sect-Reference_Guide-Request_life_cycle-Scheduling_a_component_request_life_cycle">
+ <title>Scheduling a component request life cycle</title>
+ <programlisting language="Java" role="Java">RequestLifeCycle.begin(component);
try
{
// Do something
@@ -51,16 +47,13 @@
{
RequestLifeCycle.end();
}</programlisting>
-
- </section>
-
- <section id="sect-Reference_Guide-Request_life_cycle-Scheduling_a_container_request_life_cycle">
- <title>Scheduling a container request life cycle</title>
- <para>
- Scheduling a container triggers the component request life cycle of all the components that implement the interface <envar>ComponentRequestLifeCycle</envar>. If one of the component has already been scheduled before and then that component will not be scheduled again. When the local value is true, then the looked components will be those of the container, when it is false then the scheduler will also look at the components in the ancestor containers.
- </para>
-
-<programlisting language="Java" role="Java">RequestLifeCycle.begin(container, local);
+ </section>
+ <section id="sect-Reference_Guide-Request_life_cycle-Scheduling_a_container_request_life_cycle">
+ <title>Scheduling a container request life cycle</title>
+ <para>
+ Scheduling a container triggers the component request life cycle of all the components that implement the interface <envar>ComponentRequestLifeCycle</envar>. If one of the component has already been scheduled before and then that component will not be scheduled again. When the local value is true, then the looked components will be those of the container, when it is false then the scheduler will also look at the components in the ancestor containers.
+ </para>
+ <programlisting language="Java" role="Java">RequestLifeCycle.begin(container, local);
try
{
// Do something
@@ -69,34 +62,21 @@
{
RequestLifeCycle.end();
}</programlisting>
-
- </section>
-
- <section id="sect-Reference_Guide-Request_life_cycle-When_request_life_cycle_is_triggered">
- <title>When request life cycle is triggered</title>
- <section id="sect-Reference_Guide-When_request_life_cycle_is_triggered-Portal_request_life_cycle">
- <title>Portal request life cycle</title>
- <para>
- Each portal request triggers the life cycle of the associated portal container.
- </para>
-
- </section>
-
- <section id="sect-Reference_Guide-When_request_life_cycle_is_triggered-JMX_request_Life_Cycle">
- <title>JMX request Life Cycle</title>
- <para>
- When a JMX bean is invoked, the request life cycle of the container to which it belongs it scheduled. Indeed JMX is an entry point of the system that may need component to have a request life cycle triggered.
- </para>
-
- </section>
-
-
- </section>
-
-
- </section>
-
-
+ </section>
+ <section id="sect-Reference_Guide-Request_life_cycle-When_request_life_cycle_is_triggered">
+ <title>When request life cycle is triggered</title>
+ <section id="sect-Reference_Guide-When_request_life_cycle_is_triggered-Portal_request_life_cycle">
+ <title>Portal request life cycle</title>
+ <para>
+ Each portal request triggers the life cycle of the associated portal container.
+ </para>
+ </section>
+ <section id="sect-Reference_Guide-When_request_life_cycle_is_triggered-JMX_request_Life_Cycle">
+ <title>JMX request Life Cycle</title>
+ <para>
+ When a JMX bean is invoked, the request life cycle of the container to which it belongs it scheduled. Indeed JMX is an entry point of the system that may need component to have a request life cycle triggered.
+ </para>
+ </section>
+ </section>
+ </section>
</section>
-
-
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/LDAP.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/LDAP.xml 2012-11-30 02:05:39 UTC (rev 8974)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/LDAP.xml 2012-11-30 03:20:53 UTC (rev 8975)
@@ -2,12 +2,13 @@
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "../../Reference_Guide.ent">
]>
-<chapter id="sect-Reference_Guide_eXo_JCR_1.14-LDAP_Integration">
- <title>LDAP Integration</title>
+<chapter id="chap-LDAP_Integration">
+ <title><remark>BZ#856453 </remark>LDAP Integration</title>
<note>
<title>Notational Device</title>
+ <remark>Docs Note - jmorgan - The file path relating to ID_HOME has changed in JPP6. I've made this change based on Marek's feedback. I've also added this to the File Name Conventions section in the Preface.</remark>
<para>
- For ease of readability the following section uses the notational device <replaceable>ID_HOME</replaceable> to represent the file path <filename><replaceable>JPP_DIST</replaceable>/jboss-as/server/<replaceable>PROFILE</replaceable>/deploy/gatein.ear/02portal.war/WEB-INF/conf/organization/</filename>, as this directory is the root of all JBoss Portal Platform's identity-related configuration.
+ For ease of readability the following section uses the notational device <replaceable>ID_HOME</replaceable> to represent the file path <filename>JPP_SERVER/gatein/gatein.ear/portal.war/WEB-INF/conf/organization/</filename>, as this directory is the root of all JBoss Portal Platform's identity-related configuration.
</para>
</note>
<para>
@@ -23,52 +24,10 @@
--> <para>
LDAP provides the protocols required to manage the data stored in a Directory Server. A Directory Server contains information about resources available (user accounts and printers for example) and their location on the network.
</para>
- <para>
- The following table is a list of Directory Servers that are supported and certified in JBoss Portal Platform.
- </para>
- <table>
- <title>Supported and Certified Directory Servers</title>
- <tgroup cols="2">
- <colspec colnum="1" colname="LDAP" colwidth="1*"/>
- <thead>
- <row>
- <entry>
- <emphasis>Directory Server</emphasis>
- </entry>
- <entry>
- <emphasis>Version</emphasis>
- </entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry> OpenDS </entry>
- <entry> 1.2, 2.0, 2.2 Update 1 </entry>
- </row>
- <row>
- <entry> OpenLDAP </entry>
- <entry> 2.4 </entry>
- </row>
- <row>
- <entry> Red Hat Directory Server </entry>
- <entry> 7.1, 8.1, 8.2, 9.0 </entry>
- </row>
- <row>
- <entry> Sun Java System Directory Server </entry>
- <entry> 6.1 </entry>
- </row>
- <row>
- <entry> Microsoft Active Directory </entry>
- <entry> Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 </entry>
- </row>
- </tbody>
- </tgroup>
- </table>
-<!-- Source Metadata
-URL: http://www.jboss.com/products/platforms/portals/testedconfigurations/
-Author [w/email]: Red Hat Inc
-License:
---> <note>
+ <remark>Docs Note - jmorgan - There used to be a table here with all the supported LDAP servers, however as decided in the PRD planning, all supported configuration will be captured in the KBase article. I have removed the table </remark>
+ <para>Refer to the <ulink url="https://access.redhat.com/knowledge/articles/119833">JBoss Portal Platform Supported Configurations</ulink>
+page for a list of supported directory servers. </para>
+ <note>
<title>Examples</title>
<para>
JBoss Portal Platform includes several example LDAP configuration <filename>.xml</filename> files and <filename>.ldif</filename> (LDAP Data Interchange Format) data files.
@@ -84,10 +43,10 @@
Install your <application>LDAP</application> server by following the installation instructions provided for the product you are using.
</para>
<para>
- If you are installing the <application>Red Hat Directory Server</application>, you should refer to the Installation Guide at <ulink url="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/index.html" type="http"/>.
+ If you are installing the <application>Red Hat Directory Server</application>, you should refer to the Installation Guide at <ulink url="https://access.redhat.com/knowledge/docs/Red_Hat_Directory_Server/" type="http"/>.
</para>
<para>
- If you are using a third party directory server (<application>OpenDS</application>, <application>OpenLDAP</application> or <application>Microsoft Active Directory</application>), refer the appropriate documentation for that product.
+ If you are using a third party directory server (<application>OpenDS</application>, <application>OpenLDAP</application> or <application>Microsoft Active Directory</application>), refer to the appropriate documentation for that product.
</para>
<para>
The following values provide an example of working configuration settings for the different Directory Servers:
@@ -192,16 +151,16 @@
<section id="sect-Reference_Guide_eXo_JCR_1.14-LDAP_Integration-LDAP_in_Read-only_Mode">
<title>LDAP in Read-only Mode</title>
<para>
- This section will show you how to add LDAP in read-only mode. This means that user data entries (both pre-existing, and newly added through the JBoss Portal Platform User Interface) will be consumed though the Directory Server and LDAP services, but written to the underlying database. The only exception is that passwords updated via the UI will also be propagated into the appropriate LDAP entry.
+ This section will show you how to add LDAP in read-only mode. This means that user data entries (both pre-existing, and newly added through the JBoss Portal Platform User Interface) will be consumed though the Directory Server and LDAP services, but written to the underlying database. The only exception is that passwords updated through the user interface will also be propagated into the appropriate LDAP entry.
</para>
- <procedure id="proc-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_mode-Set_up_LDAP_read-only_Mode">
+ <procedure id="proc-LDAP-LDAP_read-only_Mode">
<title>Set up LDAP read-only Mode</title>
<step>
<para>
Open the <filename><replaceable>ID_HOME</replaceable>/idm-configuration.xml</filename> file.
</para>
<para>
-JBoss Portal Platform uses the PicketLink IDM framework as the underlying identity storage system, hence all the configurations use dedicated Picketlink settings.
+JBoss Portal Platform uses the PicketLink IDM framework as the underlying identity storage system, therefore the configuration uses dedicated PicketLink settings.
</para>
</step>
<step>
@@ -232,21 +191,84 @@
</para>
</listitem>
</itemizedlist>
- <procedure id="proc-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-RHDS_or_OpenDS">
- <title>Red Hat Directory Server or OpenDS</title>
+ </step>
+ <step id="step-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-Step-4">
+ <para>
+ To use a different LDAP server or directory data, edit the DS-specific <filename>.xml</filename> file you uncommented in the relevant sub-procedure above, and change the values to suit your requirements.
+ </para>
+ <para>
+ Refer to the list in <xref linkend="exam-Reference_Guide-LDAP_Integration-Examples-LDAP_configuration_options"/> for some examples, or refer to the product-specific documentation for more information.
+ </para>
+ </step>
+ <step>
+ <para>
+ Start the server.
+ </para>
+ </step>
+ <step>
+ <para>
+ Navigate to the portal homepage (<ulink url="http://localhost:8080/portal" type="http"/>) and log in as an administrator.
+ </para>
+ </step>
+ <step>
+ <para>
+ Navigate to <menuchoice>
+ <guimenu>Group</guimenu>
+ <guimenuitem>Organization</guimenuitem>
+ <guimenuitem>Users and groups management</guimenuitem>
+ </menuchoice>.
+ </para>
+ <substeps>
<step>
<para>
+ Create a new group called <emphasis>acme</emphasis> under the root node.
+ </para>
+ </step>
+ <step>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <emphasis role="bold">For RHDS, OpenDS and OpenLDAP</emphasis>:
+ </para>
+ <para>
+ Create two sub-groups called <emphasis>roles</emphasis> and <emphasis>organization_units</emphasis>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <emphasis role="bold">For MSAD:</emphasis>
+ </para>
+ <para>
+ Create a subgroup called <emphasis>roles</emphasis>.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </step>
+ </substeps>
+ </step>
+ </procedure>
+ <para>
+ Users defined in LDAP should be visible in "<emphasis>Users and groups management</emphasis>" and groups from LDAP should be present as children of <emphasis>/acme/roles</emphasis> and <emphasis>/acme/organization_units</emphasis>.
+ </para>
+ <remark>Docs Note - jmorgan - After pinging asaldana, he began updating the IDM page on picketlink confluence. With this in mind, I changed this link to the new location. The old locatoin was to a SVN repo of static docs. </remark>
+ <para>
+ More information about configuration can be found in the <ulink url="https://docs.jboss.org/author/display/PLINK/PicketLink+IDM">PicketLink Community Documentation</ulink>.
+ </para>
+ <procedure id="proc-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-RHDS_or_OpenDS">
+ <title>Red Hat Directory Server or OpenDS</title>
+ <step>
+ <para>
Uncomment the line under "<emphasis>Read Only "ACME" LDAP Example</emphasis>":
</para>
- <programlisting language="XML" role="XML"><![CDATA[<!--Read Only "ACME" LDAP Example-->
+ <programlisting language="XML" role="XML"><![CDATA[<!--Read Only "ACME" LDAP Example-->
<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-LDAP-acme-config.xml</value>
]]></programlisting>
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Uncomment the <parameter>groupTypeMappings</parameter> under "<emphasis>Uncomment for ACME LDAP example</emphasis>":
</para>
- <programlisting language="XML" role="XML"><![CDATA[<!-- Uncomment for ACME LDAP example -->
+ <programlisting language="XML" role="XML"><![CDATA[<!-- Uncomment for ACME LDAP example -->
<entry>
<key><string>/acme/roles/*</string></key>
<value><string>acme_roles_type</string></value>
@@ -256,66 +278,64 @@
<value><string>acme_ou_type</string></value>
</entry>
]]></programlisting>
- <para>
+ <para>
Refer to <xref linkend="exam-Reference_Guide-LDAP_Integration-Examples-Read_Only_groupTypeMappings"/> for more information about how these <parameter>groupTypeMappings</parameter> operate.
</para>
- </step>
- <step>
- <para>
- Continue to <xref linkend="step-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-Step-4"/>.
+ </step>
+ <step>
+ <para>Return to <xref linkend="proc-LDAP-LDAP_read-only_Mode"/>.
</para>
- </step>
- </procedure>
- <procedure id="proc-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-MSAD">
- <title>Microsoft Active Directory</title>
- <step>
- <para>
+ </step>
+ </procedure>
+ <procedure id="proc-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-MSAD">
+ <title>Microsoft Active Directory</title>
+ <step>
+ <para>
Uncomment the line under "<emphasis>MSAD Read Only "ACME" LDAP Example</emphasis>":
</para>
- <programlisting language="XML" role="XML"><![CDATA[<!--MSAD Read Only "ACME" LDAP Example-->
+ <programlisting language="XML" role="XML"><![CDATA[<!--MSAD Read Only "ACME" LDAP Example-->
<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-msad-readonly-config.xml</value>
]]></programlisting>
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Uncomment the <parameter>groupTypeMappings</parameter> under "<emphasis>Uncomment for MSAD ReadOnly LDAP example</emphasis>":
</para>
- <programlisting language="XML" role="XML"><![CDATA[<!-- Uncomment for MSAD ReadOnly LDAP example -->
+ <programlisting language="XML" role="XML"><![CDATA[<!-- Uncomment for MSAD ReadOnly LDAP example -->
<entry>
<key><string>/acme/roles/*</string></key>
<value><string>msad_roles_type</string></value>
</entry>
]]></programlisting>
- <para>
+ <para>
Refer to <xref linkend="exam-Reference_Guide-LDAP_Integration-Examples-Read_Only_groupTypeMappings"/> for more information about how these <parameter>groupTypeMappings</parameter> operate.
</para>
- </step>
- <step>
- <para>
- Continue to <xref linkend="step-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-Step-4"/>.
+ </step>
+ <step>
+ <para>Return to <xref linkend="proc-LDAP-LDAP_read-only_Mode"/>.
</para>
- </step>
- </procedure>
- <procedure id="proc-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-OpenLDAP">
- <title>OpenLDAP</title>
- <step>
- <para>
+ </step>
+ </procedure>
+ <procedure id="proc-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-OpenLDAP">
+ <title>OpenLDAP</title>
+ <step>
+ <para>
If you have not done so already, install your LDAP server. Refer to <xref linkend="proc-Reference_Guide-LDAP_Integration-LDAP_Set_Up"/> for some assistance.
</para>
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Uncomment the line under "<emphasis>OpenLDAP ReadOnly "ACME" LDAP Example</emphasis>":
</para>
- <programlisting language="XML" role="XML"><![CDATA[<!--OpenLDAP ReadOnly "ACME" LDAP Example-->
+ <programlisting language="XML" role="XML"><![CDATA[<!--OpenLDAP ReadOnly "ACME" LDAP Example-->
<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-openLDAP-acme-config.xml</value>
]]></programlisting>
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Uncomment the <parameter>groupTypeMappings</parameter> under "<emphasis>Uncomment for ACME LDAP example</emphasis>":
</para>
- <programlisting language="XML" role="XML"><![CDATA[<!-- Uncomment for ACME LDAP example -->
+ <programlisting language="XML" role="XML"><![CDATA[<!-- Uncomment for ACME LDAP example -->
<entry>
<key><string>/acme/roles/*</string></key>
<value><string>acme_roles_type</string></value>
@@ -325,27 +345,85 @@
<value><string>acme_ou_type</string></value>
</entry>
]]></programlisting>
- <para>
+ <para>
Refer to <xref linkend="exam-Reference_Guide-LDAP_Integration-Examples-Read_Only_groupTypeMappings"/> for more information about how these <parameter>groupTypeMappings</parameter> operate.
</para>
- </step>
- <step>
- <para>
- Continue to <xref linkend="step-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-Step-4"/>.
+ </step>
+ <step>
+ <para>Return to <xref linkend="proc-LDAP-LDAP_read-only_Mode"/>
</para>
- </step>
- </procedure>
</step>
- <step id="step-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-Step-4">
+ </procedure>
+ </section>
+ <section id="sect-Reference_Guide_eXo_JCR_1.14-LDAP_Integration-LDAP_as_Default_Store">
+ <title>LDAP as Default Store</title>
+ <para>
+ Follow the procedure below to set LDAP up as the default identity store for JBoss Portal Platform. All default accounts and some of groups that comes with JBoss Portal Platform will be created in the LDAP store.
+ </para>
+ <para>
+ The LDAP server will be configured to store part of the JBoss Portal Platform group tree. This means that groups under specified part of the tree will be stored in directory server while all others will be stored in database.
+ </para>
+ <procedure id="proc-LDAP-Set_up_LDAP_as_Default_Indentity_Store">
+ <title>Set up LDAP as Default Identity Store</title>
+ <step>
+ <para>Install the LDAP server. Refer to <xref linkend="proc-Reference_Guide-LDAP_Integration-LDAP_Set_Up"/> for assistance with this step.
+ </para>
+ </step>
+ <step>
<para>
- To use a different LDAP server or directory data, edit the DS-specific <filename>.xml</filename> file you uncommented in <emphasis role="bold">Substep 3a</emphasis> above and change the values to suit your requirements.
+ Open the <filename><replaceable>ID_HOME</replaceable>/idm-configuration.xml</filename> file.
</para>
<para>
- Refer to the list in <xref linkend="exam-Reference_Guide-LDAP_Integration-Examples-LDAP_configuration_options"/> for some examples or refer to the product-specific documentation for more information.
+JBoss Portal Platform uses the PicketLink IDM framework as the underlying identity storage system, hence all the configurations use dedicated Picketlink settings.
</para>
</step>
<step>
<para>
+ Comment out the default Picketlink <literal>config</literal> value: <parameter>war:/conf/organization/picketlink-idm/picketlink-idm-config.xml</parameter>
+ </para>
+ </step>
+ <step>
+ <para>Complete the steps in the procedure that relate to the chosen LDAP server:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para><xref linkend="proc-LDAP-RHDS_and_OpenDS"/></para>
+ </listitem>
+ <listitem>
+ <para><xref linkend="proc-LDAP-MSAD"/></para>
+ </listitem>
+ <listitem>
+ <para><xref linkend="proc-LDAP-OpenLDAP"/></para>
+ </listitem>
+ </itemizedlist>
+ </step>
+ <step id="step-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-Step-5">
+ <para>
+ Uncomment the <parameter>groupTypeMappings</parameter> under "<emphasis>Uncomment for sample LDAP configuration</emphasis>":
+ </para>
+ <programlisting language="XML" role="XML"><![CDATA[<entry>
+ <key><string>/platform/*</string></key>
+ <value><string>platform_type</string></value>
+</entry>
+<entry>
+ <key><string>/organization/*</string></key>
+ <value><string>organization_type</string></value>
+</entry>
+]]></programlisting>
+ <para>
+ Refer to <xref linkend="exam-Reference_Guide-LDAP_Integration-Examples-Default_groupTypeMappings"/> for more information about how these <parameter>groupTypeMappings</parameter> operate.
+ </para>
+ </step>
+ <step>
+ <para>
+ To use a different LDAP server or directory data, edit the DS-specific <filename>.xml</filename> file you uncommented in <emphasis role="bold">Step 4</emphasis> above and change the values to suit your requirements.
+ </para>
+ <para>
+ Refer to the list in <xref linkend="exam-Reference_Guide-LDAP_Integration-Examples-LDAP_configuration_options"/> for some configuration examples, or refer to the LDAP server product-specific documentation for more information.
+ </para>
+ </step>
+ <step>
+ <para>
Start the server.
</para>
</step>
@@ -355,6 +433,7 @@
</para>
</step>
<step>
+ <remark>NEEDINFO - jmorgan - This step was missing from this procedure. I copied it directly from the LDAP in Read-only mode procedure, but I'm 100% certain the steps are not correct for setting up the default store. Does an admin need to do anything special in the portal interface to set the default store up? If so, what would be the correct steps to follow?</remark>
<para>
Navigate to <menuchoice>
<guimenu>Group</guimenu>
@@ -391,156 +470,79 @@
</substeps>
</step>
</procedure>
- <para>
- Users defined in LDAP should be visible in "<emphasis>Users and groups management</emphasis>" and groups from LDAP should be present as children of <emphasis>/acme/roles</emphasis> and <emphasis>/acme/organization_units</emphasis>.
- </para>
- <para>
- More information about configuration can be found in <xref linkend="sect-Reference_Guide-PicketLink_IDM_integration"/> and in the PicketLink project <ulink url="http://anonsvn.jboss.org/repos/picketlink/idm/downloads/docs/1.0.0.GA/Ref..." type="http">Reference Guide</ulink>.
- </para>
- </section>
- <section id="sect-Reference_Guide_eXo_JCR_1.14-LDAP_Integration-LDAP_as_Default_Store">
- <title>LDAP as Default Store</title>
- <para>
- Follow the procedure below to set LDAP up as the default identity store for JBoss Portal Platform. All default accounts and some of groups that comes with JBoss Portal Platform will be created in the LDAP store.
- </para>
- <para>
- The LDAP server will be configured to store part of the JBoss Portal Platform group tree. This means that groups under specified part of the tree will be stored in directory server while all others will be stored in database.
- </para>
- <procedure id="proc-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store">
- <title>Set up LDAP as Default Indentity Store</title>
+ <procedure id="proc-LDAP-RHDS_and_OpenDS">
+ <title>For RHDS and OpenDS</title>
<step>
<para>
- If you have not done so already, install your LDAP server. Refer to <xref linkend="proc-Reference_Guide-LDAP_Integration-LDAP_Set_Up"/> for some assistance.
- </para>
+ Expose the entry under "<emphasis>Sample LDAP config</emphasis>":
+ </para>
+ <programlisting language="XML" role="XML"><![CDATA[<!--Sample LDAP config-->
+<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-LDAP-config.xml</value>
+]]></programlisting>
</step>
<step>
- <para>
- Open the <filename><replaceable>ID_HOME</replaceable>/idm-configuration.xml</filename> file.
- </para>
- <para>
-JBoss Portal Platform uses the PicketLink IDM framework as the underlying identity storage system, hence all the configurations use dedicated Picketlink settings.
- </para>
+ <para>Return to <xref linkend="proc-LDAP-Set_up_LDAP_as_Default_Indentity_Store"/>
+ </para>
</step>
+ </procedure>
+ <procedure id="proc-LDAP-MSAD">
+ <title>For MSAD</title>
<step>
<para>
- Comment out the default Picketlink <literal>config</literal> value: <parameter>war:/conf/organization/picketlink-idm/picketlink-idm-config.xml</parameter>
- </para>
+ Expose the entry under "<emphasis>MSAD LDAP Example</emphasis>":
+ </para>
+ <programlisting language="XML" role="XML"><![CDATA[<!--MSAD LDAP Example-->
+<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-msad-config.xml</value>
+]]></programlisting>
</step>
<step>
- <para>
- Uncomment the appropriate LDAP configuration entry depending on your LDAP server:
- </para>
- <procedure>
- <title>For RHDS and OpenDS</title>
+ <para>To enable SSL encryption, perform the following sub-steps:</para>
+ <substeps>
<step>
<para>
- Expose the entry under "<emphasis>Sample LDAP config</emphasis>":
- </para>
- <programlisting language="XML" role="XML"><![CDATA[<!--Sample LDAP config-->
-<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-LDAP-config.xml</value>
-]]></programlisting>
+ Open the <filename><replaceable>ID_HOME</replaceable>/picketlink-idm/examples/picketlink-idm-msad-config.xml</filename>.
+ </para>
</step>
<step>
<para>
- Continue to <xref linkend="step-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-Step-5"/>
- </para>
- </step>
- </procedure>
- <procedure>
- <title>For MSAD</title>
- <step>
- <para>
- Expose the entry under "<emphasis>MSAD LDAP Example</emphasis>":
- </para>
- <programlisting language="XML" role="XML"><![CDATA[<!--MSAD LDAP Example-->
-<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-msad-config.xml</value>
-]]></programlisting>
- <procedure>
- <title>To use SSL encryption with MSAD:</title>
- <step>
- <para>
- Open the <filename><replaceable>ID_HOME</replaceable>/picketlink-idm/examples/picketlink-idm-msad-config.xml</filename>.
- </para>
- </step>
- <step>
- <para>
Ensure the following entries are uncommented and that the path to the <filename>truststore</filename> file and password are correct:
</para>
- <programlisting><option>
+ <programlisting><option>
<name>customSystemProperties</name>
<value>javax.net.ssl.trustStore=<replaceable>/path/to/truststore</replaceable></value>
<value>javax.net.ssl.trustStorePassword=<replaceable>password</replaceable></value>
</option>
</programlisting>
- <para>
+ <para>
You can import a custom certificate by replacing the <replaceable>certificate</replaceable> and <replaceable>truststore</replaceable> details in the following command:
</para>
- <programlisting><command>keytool -import -file <filename>
- <replaceable>certificate</replaceable>
- </filename> -keystore <filename>
- <replaceable>truststore</replaceable>
- </filename></command>
+ <programlisting><command>keytool -import -file <filename>
+ <replaceable>certificate</replaceable>
+ </filename> -keystore <filename>
+ <replaceable>truststore</replaceable>
+ </filename></command>
</programlisting>
- </step>
- </procedure>
</step>
- <step>
- <para>
- Continue to <xref linkend="step-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-Step-5"/>
- </para>
- </step>
- </procedure>
- <procedure>
- <title>For OpenLDAP</title>
- <step>
- <para>
- Expose the entry under "<emphasis>OpenLDAP LDAP config</emphasis>":
- </para>
- <programlisting language="XML" role="XML"><![CDATA[<!--OpenLDAP LDAP config-->
-<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-openLDAP-config.xml</value>
-]]></programlisting>
- </step>
- <step>
- <para>
- Continue to <xref linkend="step-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-Step-5"/>
- </para>
- </step>
- </procedure>
+ </substeps>
</step>
- <step id="step-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-Step-5">
- <para>
- Uncomment the <parameter>groupTypeMappings</parameter> under "<emphasis>Uncomment for sample LDAP configuration</emphasis>":
- </para>
- <programlisting language="XML" role="XML"><![CDATA[<entry>
- <key><string>/platform/*</string></key>
- <value><string>platform_type</string></value>
-</entry>
-<entry>
- <key><string>/organization/*</string></key>
- <value><string>organization_type</string></value>
-</entry>
-]]></programlisting>
- <para>
- Refer to <xref linkend="exam-Reference_Guide-LDAP_Integration-Examples-Default_groupTypeMappings"/> for more information about how these <parameter>groupTypeMappings</parameter> operate.
- </para>
- </step>
<step>
- <para>
- To use a different LDAP server or directory data, edit the DS-specific <filename>.xml</filename> file you uncommented in <emphasis role="bold">Step 4</emphasis> above and change the values to suit your requirements.
- </para>
- <para>
- Refer to the list in <xref linkend="exam-Reference_Guide-LDAP_Integration-Examples-LDAP_configuration_options"/> for some examples or refer to the product-specific documentation for more information.
- </para>
+ <para>Return to <xref linkend="proc-LDAP-Set_up_LDAP_as_Default_Indentity_Store"/>. </para>
</step>
+ </procedure>
+ <procedure id="proc-LDAP-OpenLDAP">
+ <title>For OpenLDAP</title>
<step>
<para>
- Start the server.
- </para>
+ Expose the entry under "<emphasis>OpenLDAP LDAP config</emphasis>":
+ </para>
+ <programlisting language="XML" role="XML"><![CDATA[<!--OpenLDAP LDAP config-->
+<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-openLDAP-config.xml</value>
+]]></programlisting>
</step>
<step>
<para>
- Navigate to the portal homepage (<ulink url="http://localhost:8080/portal" type="http"/>) and log in as an administrator.
- </para>
+Return to <xref linkend="proc-LDAP-Set_up_LDAP_as_Default_Indentity_Store"/>
+ </para>
</step>
</procedure>
</section>
@@ -562,7 +564,7 @@
</listitem>
<listitem>
<para>
- One of the three example configuration files discussed in <xref linkend="proc-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_mode-Set_up_LDAP_read-only_Mode"/>:
+ One of the three example configuration files discussed in <xref linkend="proc-LDAP-LDAP_read-only_Mode"/>:
</para>
<simplelist>
<member>
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SAML2.xml
===================================================================
(Binary files differ)
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2012-11-30 02:05:39 UTC (rev 8974)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2012-11-30 03:20:53 UTC (rev 8975)
@@ -350,13 +350,14 @@
<section id="sect-CAS-Authentication_Process">
<title>Authentication Process</title>
<para>The authentication process with CAS integration occurs in the following order:</para>
+ <remark>Docs Note - jmorgan - have taken the original process in https://docs.jboss.org/author/display/GTNPORTAL35/Central+Authentication+... and have tried to break up some of the steps for clarity. If you could please verify these changes are accurate, that would be awesome, Marek.</remark>
<orderedlist>
<listitem>
<para>A user visits the main portal page, and wishes to authenticate. The user clicks
<emphasis role="italics">Sign in</emphasis>. </para>
</listitem>
<listitem>
- <para>Normally this action would present the GateIn Portal login dialog, however with SSO integration enabled, the action redirects the user to a marker URL such as
+ <para>Normally this action would present the portal login dialog, however with SSO integration enabled, the action redirects the user to a marker URL such as
<ulink url="http://localhost:8080/portal/sso"/>.
</para>
<para>The portal handles this user action by calling the interceptor (Servlet filter)
@@ -371,7 +372,6 @@
. The user enters the correct authentication information, and submits the form.
</para>
<para>The CAS server retrieves the information from the identity store. The store could be an external database, a LDAP server, or from information obtained through an authentication plug-in such as the one shipped with JBoss Portal Platform. Refer to <xref linkend="sect-CAS_Authentication_Plug-in"/> for specific details about this technology.</para>
- <remark>Docs Note: Removed the large block of content here about the Authentication Plug-in into the Authentication Plug-in section. It just didn't fit in this work flow overview section, and sits much better in the plug-in section.</remark>
</listitem>
<listitem>
<para> Once CAS determines the user has the correct access privileges to access the portal server, CAS redirects the user back to the portal through another marker URL such as
@@ -427,6 +427,7 @@
<section id="sect-CAS-Logout_Workflow">
<title>Logout Process</title>
<para>The logout process with CAS integration occurs in the following order:</para>
+ <remark>Docs Note - jmorgan - The same with this one Marek. Taken from the confluence page and reworked to introduce some separation into the steps. Just check my wording of each step to ensure I haven't changed the overall technical meaning with my changes. Cheers, Marek!</remark>
<orderedlist>
<listitem>
<para>The authenticated user clicks the
@@ -473,23 +474,24 @@
</listitem>
</itemizedlist>
<section id="sect-CAS-Install_Tomcat_Server">
- <title>Install Tomcat Server</title>
- <para>Install and configure Apache Tomcat before proceeding with other configuration relating to CAS.
+ <title>Install Apache Tomcat Server</title>
+ <para>Install and configure Apache Tomcat 7 before proceeding with other configuration relating to CAS.
</para>
- <para>This procedure covers the Linux installation method for Apache Tomcat (httpd).
-Completing this task defines the file path abbreviation HTTPD_DIST, which is used in other CAS configuration procedures.</para>
<para>File name abbreviations in this section are described in <xref linkend="sect-File_Name_Conventions"/></para>
<procedure>
- <title>Configuring Tomcat for CAS</title>
+ <title>Configuring Apache Tomcat for CAS</title>
+ <remark>Docs Note - redid the procedure with a view to Apache Tomcat, not Apache httpd. If installed from the Zip binary, does Apache Tomcat start a service like httpd (Step 4)?</remark>
<step>
- <para>Install Tomcat by running <command>sudo yum install httpd</command> in a terminal.</para>
+ <para>Visit <ulink url="http://tomcat.apache.org/download-70.cgi"/> and download the Tomcat 7 binary distribution.</para>
</step>
<step>
- <para>Edit <filename>HTTPD_DIST/conf/httpd.conf</filename> and change the Listen 80 port to 8888 to avoid a conflict with the default JBoss Portal Platform listen port.</para>
- <remark>NEEDINFO - this used to be HTTPD_DIST/conf/server.xml, but if you install httpd using RPM, this file doesn't seem to exist. I assumed the .conf file was the correct place to change the listen port.</remark>
+ <para>Extract and install the binary on the server that is required to host CAS. This directory is now referred to as <replaceable>TOMCAT_DIST</replaceable>.</para>
</step>
<step>
- <para>Ensure port 8888 is open in the server firewall, and the httpd service is enabled and running so the platform can communicate with Apache on the same server.
+ <para>Edit <filename>TOMCAT_DIST/conf/server.xml</filename> and change port 8080 to 8888 to avoid a conflict with the default JBoss Portal Platform listen port.</para>
+ </step>
+ <step>
+ <para>Ensure port 8888 is open in the server firewall, and the service is enabled and running so the platform can communicate with Apache Tomcat on the same server.
</para>
</step>
</procedure>
@@ -516,7 +518,6 @@
<section id="sect-CAS_Authentication_Plug-in">
<title>Authentication Plug-in </title>
<para>While it is possible (and perfectly acceptable) for an administrator to configure CAS to retrieve user credentials from an external database, or from a LDAP server, it is also possible to use JBoss technology. </para>
- <remark>Docs Note: This section was originally in https://docs.jboss.org/author/display/GTNPORTAL35/Central+Authentication+... and has been reworked quite a bit to promote the authentication plug-in as the "best" solution.</remark>
<para>CAS can be configured to make secure authentication callbacks to a RESTful service installed on the remote portal instance using the supplied CAS <literal>AuthenticationPlugin</literal>. </para>
<para>Implementing the <literal>AuthenticationPlugin</literal> on the CAS server has the advantage of leveraging a single identity storage for portal user, group and role data. If a new user is added using the portal user management interface, the user information is instantly accessible to the CAS server through the technology implemented by the <literal>AuthenticationPlugin</literal>. </para>
<para>The plug-in verifies user credentials by connecting to an existing portal instance using REST over the HTTP protocol. The portal serves a REST authentication callback request, and verifies the user identity against the portal's own identity storage provided by the PicketLink IDM
@@ -536,7 +537,7 @@
<para>Replace the default configuration, which declares the Jasig <classname>SimpleTestUsernamePasswordAuthenticationHandler</classname> Authentication Handler with the following supported Authentication Handler. </para>
<note>
<para>This configuration is available in the
- <code><replaceable>SSO_HOME</replaceable>/cas.war/WEB-INF/deployerConfigContext.xml</code>. If you choose to take this configuration file, ensure the default host, port and context parameters are adjusted to match the values corresponding to the remote portal instance. </para>
+ <code><replaceable>PORTAL_SSO</replaceable>/cas.war/WEB-INF/deployerConfigContext.xml</code>. If you choose to take this configuration file, ensure the default host, port and context parameters are adjusted to match the values corresponding to the remote portal instance. </para>
</note>
<programlisting>
<!--
@@ -553,7 +554,7 @@
<step>
<para>
Copy all jars from
- <code>SSO_HOME/cas/plugin/WEB-INF/lib/ </code>to the
+ <code>PORTAL_SSO/cas/plugin/WEB-INF/lib/ </code>to the
<code>CAS_DIR/cas-server-webapp/src/main/webapp/WEB-INF/lib</code> directory.
</para>
</step>
@@ -621,10 +622,10 @@
<section id="sect-CAS_Portal_SSO_Primary_Configuration_File">
<title>Portal SSO Primary Configuration File</title>
<para>
- The main GateIn Portal configuration file for SSO integration is
+ The main portal configuration file for SSO integration is
<code>JPP_SERVER/gatein/gatein.ear/portal.war/WEB-INF/conf/sso/security-sso-configuration.xml</code>
. All required SSO components such as agents and SSO interceptors (servlet filters in v5.x of the product) are configured in this file. </para>
- <para>In most cases, it will never be necessary to edit <filename>security-sso-configuration.xml</filename> directly when using JBoss Portal Platform. The architecture in JBoss Enterprise Application Platform 6 means that users can override the base configuration described in this file using name/value pairs configured in one place: <filename>JPP_SERVER/standalone/configuration/gatein/configuration.properties</filename></para>
+ <para>In most cases, it will never be necessary to edit <filename>security-sso-configuration.xml</filename> directly when using JBoss Portal Platform. The portal architecture allows users to override the base configuration described in this file using name/value pairs configured in one place: <filename>JPP_SERVER/standalone/configuration/gatein/configuration.properties</filename></para>
<para>The exception to this rule is where configuration present in <filename>security-sso-configuration.xml</filename> is fundamentally unsuitable for the production environment the server will be deployed to, or when additional underlying functionality is required (for example, another custom interceptor). </para>
</section>
<section id="sect-CAS_Configuring_the_Platform">
@@ -637,7 +638,7 @@
<para>Open <filename>JPP_SERVER/standalone/configuration/gatein/configuration.properties</filename> and locate the SSO sections in the file.</para>
</step>
<step>
- <para>Make the following changes to the file to declare the correct login module, server and portal URLs, and the logout filter. Ensure <replaceable>[portal.container.name]</replaceable> is replaced with the name of the portal container used in production.</para>
+ <para>Make the following changes to the file to declare the correct login module, server and portal URLs, and the logout filter.</para>
<programlisting>
# SSO
gatein.sso.enabled=true
@@ -648,7 +649,7 @@
gatein.sso.portal.url=http://localhost:8080
gatein.sso.filter.logout.class=org.gatein.sso.agent.filter.CASLogoutFilter
gatein.sso.filter.logout.url=${gatein.sso.server.url}/logout
-gatein.sso.filter.login.sso.url=${gatein.sso.server.url}/login?service=${gatein.sso.portal.url}/@@<replaceable>[portal.container.name]</replaceable>@@/initiatessologin
+gatein.sso.filter.login.sso.url=${gatein.sso.server.url}/login?service=${gatein.sso.portal.url}/@@[portal.container.name]@(a)/initiatessologin
</programlisting>
</step>
</procedure>
@@ -738,6 +739,10 @@
<para>
Specifies the CAS server login URL, which is used by LoginRedirectFilter for redirection to the CAS server login page.
</para>
+ <remark>Docs Note - jmorgan - added this note about the p.c.n variable, and that it *shouldn't* be substituted for a hard-coded variable name.</remark>
+ <note>
+ <para>The string <literal>@@portal.container.name(a)@ </literal>is dynamically replaced when the URL is interpreted by the platform's SSO Component. It is recommended that this string is used over hard-coding the name of the portal for future maintenance and ease of configuration changes. </para>
+ </note>
</listitem>
</varlistentry>
</variablelist>
12 years
gatein SVN: r8974 - epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment.
by do-not-reply@jboss.org
Author: smumford
Date: 2012-11-29 21:05:39 -0500 (Thu, 29 Nov 2012)
New Revision: 8974
Modified:
epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/PortalLifecycle.xml
Log:
BZ#807499: Added SME approved content regarding advanced WCI features
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/PortalLifecycle.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/PortalLifecycle.xml 2012-11-28 20:39:30 UTC (rev 8973)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/PortalLifecycle.xml 2012-11-30 02:05:39 UTC (rev 8974)
@@ -28,6 +28,86 @@
<para>
During deployment, JBoss Enterprise Portal Platform will automatically and transparently inject a servlet into the portlet application to be able to interact with it. This feature is dependent on the underlying servlet container but will work out of the box on the proposed bundles.
</para>
+
+ <section>
+ <title>Advanced WCI Registration</title>
+
+ <para>
+ JBoss Portal Platform integrates with the web container to perform tasks such as automatic detection and registration of web applications. This is used by the portal container to detect when portlets are deployed and is accomplished through the WCI (Web Container Integration) component.
+ </para>
+
+ <para>
+ Some applications, especially Spring based portlets, may have requirements that specific servlets be started before any portlets are initialized. Although portlets and servlet initialization order are meant to be independent of each other, JBoss Portal Platform does have a way to get around these limitations imposed by these specific third party applications.
+ </para>
+
+ <para>
+ As a workaround to this issue, two new, advanced features have been integrated into the WCI component;
+ </para>
+
+ <variablelist>
+ <title></title>
+
+ <varlistentry>
+ <term>Disabling Automatic registration</term>
+
+ <listitem>
+ <para>
+ By default WCI will register all web applications and the portlet container will then analyse the registered applications and initialize any portlets contained. If you do not wish for your web application to be automatically registered by the WCI component you can disable this feature. By disabling this feature you can prevent the automatic initialization of the portlet and specify later when you want it to be initialized.
+ </para>
+
+ <para>
+ This is done by setting the <parameter>gatein.wci.native.DisableRegistration</parameter> context-param to <literal>true</literal> in the <filename>web.xml</filename> file of the application, as shown below:
+ </para>
+<programlisting language="XML" role="XML"><![CDATA[<!-- Disable the Native Application Registration -->
+ <context-param>
+ <param-name>gatein.wci.native.DisableRegistration</param-name>
+ <param-value>true</param-value>
+ </context-param>
+]]></programlisting>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Manual application deployment.</term>
+
+ <listitem>
+ <para>
+ If you have disabled the automatic registration of your application in the first step, the portal container will not know about any of the portlets contained and will not be able to initialize them. WCI does have a servlet which can be used to manually register the web application. Since servlets can specify when they are deployed with regards to other servlets, we can use this to specify that the web application gets registered by WCI after another servlet has already been started. This means that the a servlet, for example the Spring servlet, can be initialized before any of the portlets.
+ </para>
+
+ <para>
+ Below is an example web.xml file configured to ensure the MyCustomServlet will be initialised before the webapp is registered by WCI:
+ </para>
+<programlisting language="XML" role="XML"><![CDATA[<!-- Disable the Native Application Registration -->
+ <context-param>
+ <param-name>gatein.wci.native.DisableRegistration</param-name>
+ <param-value>true</param-value>
+ </context-param>
+]]></programlisting>
+<programlisting language="XML" role="XML"><![CDATA[<!-- Register the Web Application Manually -->
+ <servlet>
+ <servlet-name>GateInServlet</servlet-name>
+ <servlet-class>org.gatein.wci.api.GateInServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+]]></programlisting>
+<programlisting language="XML" role="XML"><![CDATA[<!-- Custom Servlet which will be initalised before the webapp is registered in WCI -->
+ <servlet>
+ <servlet-name>MyCustomServlet</servlet-name>
+ <servlet-class>my.custom.Servlet</servlet-class>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+]]></programlisting>
+<programlisting language="XML" role="XML"><![CDATA[<!-- Servlet Mapping for the Manual Registration -->
+ <servlet-mapping>
+ <servlet-name>GateInServlet</servlet-name>
+ <url-pattern>/gateinservlet</url-pattern>
+ </servlet-mapping>
+]]></programlisting>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </section>
</section>
<!--
TODO: Define the added listener
12 years
gatein SVN: r8973 - epp/docs/branches/6.0/Admin_Guide/en-US.
by do-not-reply@jboss.org
Author: jaredmorgs
Date: 2012-11-28 15:39:30 -0500 (Wed, 28 Nov 2012)
New Revision: 8973
Modified:
epp/docs/branches/6.0/Admin_Guide/en-US/Administration_Guide.xml
epp/docs/branches/6.0/Admin_Guide/en-US/Revision_History.xml
epp/docs/branches/6.0/Admin_Guide/en-US/chapter-3-Command_Line_Interface.xml
epp/docs/branches/6.0/Admin_Guide/en-US/chapter-5-Administration_and_Monitoring.xml
Log:
Refactored the Admin Guide to match the community guide, which was well organized into Management and Monitoring chapters
Modified: epp/docs/branches/6.0/Admin_Guide/en-US/Administration_Guide.xml
===================================================================
--- epp/docs/branches/6.0/Admin_Guide/en-US/Administration_Guide.xml 2012-11-28 06:23:17 UTC (rev 8972)
+++ epp/docs/branches/6.0/Admin_Guide/en-US/Administration_Guide.xml 2012-11-28 20:39:30 UTC (rev 8973)
@@ -6,10 +6,16 @@
<book status="draft">
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Book_Info.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Preface.xml"/>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="chapter-1-Introduction.xml"/>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="chapter-2-REST.xml"/>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="chapter-3-Command_Line_Interface.xml"/>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="chapter-4-Management_Extensions.xml"/>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="chapter-5-Administration_and_Monitoring.xml" encoding="UTF-8"/>
+ <part>
+ <title>Management</title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="chapter-1-Introduction.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="chapter-2-REST.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="chapter-3-Command_Line_Interface.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="chapter-4-Management_Extensions.xml"/>
+ </part>
+ <part>
+ <title>Administration and Monitoring</title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="chapter-5-Administration_and_Monitoring.xml" encoding="UTF-8"/>
+ </part>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Revision_History.xml"/>
</book>
Modified: epp/docs/branches/6.0/Admin_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/6.0/Admin_Guide/en-US/Revision_History.xml 2012-11-28 06:23:17 UTC (rev 8972)
+++ epp/docs/branches/6.0/Admin_Guide/en-US/Revision_History.xml 2012-11-28 20:39:30 UTC (rev 8973)
@@ -8,6 +8,20 @@
<simpara>
<revhistory>
<revision>
+ <revnumber>6.0.0-4</revnumber>
+ <date>Fri Nov 16 2012</date>
+ <author>
+ <firstname>Jared</firstname>
+ <surname>Morgan</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Fixed file paths in Command line section as per remarks in this section.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
<revnumber>6.0.0-3</revnumber>
<date>Wed Nov 14 2012</date>
<author>
Modified: epp/docs/branches/6.0/Admin_Guide/en-US/chapter-3-Command_Line_Interface.xml
===================================================================
--- epp/docs/branches/6.0/Admin_Guide/en-US/chapter-3-Command_Line_Interface.xml 2012-11-28 06:23:17 UTC (rev 8972)
+++ epp/docs/branches/6.0/Admin_Guide/en-US/chapter-3-Command_Line_Interface.xml 2012-11-28 20:39:30 UTC (rev 8973)
@@ -19,8 +19,9 @@
<para>
The JBoss Portal Platform distribution includes an archive of the gatein-management-cli application.
</para>
+ <remark>Changed path according to info in https://docs.jboss.org/author/display/GTNPORTAL35/GateIn+Management#GateI...</remark>
<para>
- To deploy the application, copy the <filename><replaceable><JBOSS_HOME></replaceable>/gatein-management/gatein-management-cli.war</filename> to the <filename>deploy</filename> directory of your portal profile (<filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable>default</replaceable>/deploy/</filename>, for example).
+ To deploy the application, copy <filename>JPP_DIST/gatein-management/gatein-management-cli.war</filename> to <filename>JPP_DIST/standalone/deployments/</filename>.
</para>
</section>
<section id="sid-8094332_GateInManagement-RunningtheCLI">
@@ -34,9 +35,10 @@
<title>SSH Example</title>
<programlisting>ssh -p 2000 root@localhost</programlisting>
</example>
+ <remark>Added full path for clarity.</remark>
<para>
You can change the default port that SSH listens on by changing the property crash.ssh.port in the
- <code>WEB-INF/crash/crash.properties</code>
+ <filename>JPP_DIST/standalone/deployments/gatein-management-cli.war/WEB-INF/crash/crash.properties</filename>
file.
</para>
<example>
@@ -49,7 +51,7 @@
</example>
<important>
<title>Important</title>
- <para>Make sure the configured port is open and not blocked by firewall settings.</para>
+ <para>Ensure the configured port is open, and not blocked by firewall settings.</para>
</important>
</section>
<section id="sid-8094332_GateInManagement-Commands">
Modified: epp/docs/branches/6.0/Admin_Guide/en-US/chapter-5-Administration_and_Monitoring.xml
===================================================================
--- epp/docs/branches/6.0/Admin_Guide/en-US/chapter-5-Administration_and_Monitoring.xml 2012-11-28 06:23:17 UTC (rev 8972)
+++ epp/docs/branches/6.0/Admin_Guide/en-US/chapter-5-Administration_and_Monitoring.xml 2012-11-28 20:39:30 UTC (rev 8973)
@@ -4,7 +4,7 @@
%BOOK_ENTITIES;
]>
<chapter id="Administration_and_Monitoring">
- <title><remark>BZ#856436</remark> Administration and Monitoring</title>
+ <title><remark>BZ#856436</remark>JBoss Operations Network GateIn JON Plug-in</title>
<para>JBoss Portal Platform provides a JBoss Operations Network plug-in (<firstterm>GateIn JON Plug-in</firstterm>) to assist with monitoring the platform.</para>
<para>The plug-in captures application/portlet and site statistics. A different set of statistics are collected depending on the context of each portlet. <xref linkend="fig-GateIn_JON_Plug-in_Interface"/> shows the basic JON interface.</para>
<para>Follow the download and installation instructions in the <citetitle>Installation Guide</citetitle> to activate Administration and Monitoring.</para>
12 years
gatein SVN: r8972 - epp/docs/branches/5.2/Reference_Guide/en-US.
by do-not-reply@jboss.org
Author: smumford
Date: 2012-11-28 01:23:17 -0500 (Wed, 28 Nov 2012)
New Revision: 8972
Modified:
epp/docs/branches/5.2/Reference_Guide/en-US/Revision_History.xml
Log:
Incrememented for staging
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/Revision_History.xml 2012-11-28 05:32:06 UTC (rev 8971)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/Revision_History.xml 2012-11-28 06:23:17 UTC (rev 8972)
@@ -7,6 +7,20 @@
<title>Revision History</title>
<simpara>
<revhistory>
+ <revision>
+ <revnumber>5.2.2-112</revnumber>
+ <date>Wed Nov 28 2012</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email></email>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>BZ#794416: Added content on disabling unused portals</member>
+ </simplelist>
+ </revdescription>
+ </revision>
<revision>
<revnumber>5.2.2-110</revnumber>
<date>Fri Nov 2 2012</date>
12 years, 1 month
gatein SVN: r8971 - in epp/docs/branches/6.0/Reference_Guide/en-US: modules and 3 other directories.
by do-not-reply@jboss.org
Author: jaredmorgs
Date: 2012-11-28 00:32:06 -0500 (Wed, 28 Nov 2012)
New Revision: 8971
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/Preface.xml
epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr-with-gatein.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr/configuration/external-value-storages.xml
Log:
BZ#856430 - Rebased the CAS section from the work done by Marek at https://docs.jboss.org/author/display/GTNPORTAL35/Central+Authentication+...
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/Preface.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/Preface.xml 2012-11-28 05:17:16 UTC (rev 8970)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/Preface.xml 2012-11-28 05:32:06 UTC (rev 8971)
@@ -17,44 +17,45 @@
<replaceable>JPP_DIST</replaceable>
</term>
<listitem>
- <para>The installation root of the JBoss Enterprise Application Platform instance. This folder contains the main folders that comprise the server such as <filename>/jboss-as</filename>.
+ <para>The installation root of the JBoss Enterprise Application Platform instance. This folder contains the application server directory, as well as supplemental folders containing resources necessary for gatein-management and gatein-sso. that comprise the server such as <filename>/bin</filename>, <filename>/standalone</filename>, and <filename>/gatein</filename>.
</para>
- <para>For example, if the JBoss Portal Platform instance is deployed into the <filename>/opt/jboss/jboss-epp-&VY;/</filename> directory, the <replaceable>JPP_DIST</replaceable> directory is <filename>/opt/jboss/jboss-epp-&VY;</filename>.
+ <para>For example, if the JBoss Portal Platform binary is extracted to <filename>/opt/jboss/JPP/</filename> directory, the <replaceable>JPP_DIST</replaceable> directory is <filename>/opt/jboss/JPP</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
- <replaceable>PORTAL_SSO</replaceable>
+ <replaceable>JPP_SERVER</replaceable>
</term>
<listitem>
- <para>The zip file located in the <filename><filename>JPP_DIST</filename>/gatein-sso</filename> directory of the JBoss Portal Platform binary package. Used throughout <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On"/>.</para>
+ <para>The directory containing the application server, and the configuration files necessary to run JBoss Portal Platform.</para>
+ <para>This directory contains directories such as <filename>/bin</filename>, <filename>/standalone</filename>, and <filename>/gatein</filename>.
+</para>
+ <para>Using the example in <replaceable>JPP_DIST</replaceable>, the <replaceable>JPP_SERVER</replaceable> directory is <filename>/opt/jboss/JPP/jboss-jpp-&VY;/</filename>. </para>
</listitem>
</varlistentry>
<varlistentry>
<term>
- <replaceable>CAS_DIR</replaceable>
+ <replaceable>PORTAL_SSO</replaceable>
</term>
<listitem>
- <para>The installation root of the Central Authentication Service (CAS) Single Sign-on Framework. This directory is an arbitrary location chosen when CAS is downloaded and installed.</para>
+ <para>The directories and files located in the <filename><filename>JPP_DIST</filename>/gatein-sso</filename> directory of the JBoss Portal Platform binary package. Used throughout <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On"/>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
- <replaceable>HTTPD_DIST</replaceable>
+ <replaceable>CAS_DIR</replaceable>
</term>
<listitem>
- <para>The installation root of the Apache httpd Server. This folder contains the main folders that comprise the server such as <filename>/conf</filename>, <filename>/webapps</filename>, and <filename>/bin</filename>.</para>
+ <para>The installation root of the Central Authentication Service (CAS) Single Sign-on Framework. This directory is an arbitrary location chosen when CAS is downloaded and installed.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
- <replaceable>PROFILE</replaceable>
+ <replaceable>HTTPD_DIST</replaceable>
</term>
<listitem>
- <para>The name of the server profile used as part of testing or production configuration. The server profiles reside in <filename>JPP_DIST/jboss-as/server</filename>.</para>
- <para>For example, to use the <literal>default</literal> profile, replace the <replaceable>PROFILE</replaceable> text in the file path to read <filename><replaceable>JPP_DIST</replaceable>/jboss-as/server/<replaceable>default</replaceable>/</filename>
- </para>
+ <para>The installation root of the Apache httpd Server. This folder contains the main folders that comprise the server such as <filename>/conf</filename>, <filename>/webapps</filename>, and <filename>/bin</filename>.</para>
</listitem>
</varlistentry>
</variablelist>
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml 2012-11-28 05:17:16 UTC (rev 8970)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml 2012-11-28 05:32:06 UTC (rev 8971)
@@ -8,6 +8,34 @@
<simpara>
<revhistory>
<revision>
+ <revnumber>6.0.0-20</revnumber>
+ <date>Wed Nov 28 2012</date>
+ <author>
+ <firstname>Jared</firstname>
+ <surname>Morgan</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>BZ#856430 - Rebased the CAS section from the work done by Marek at https://docs.jboss.org/author/display/GTNPORTAL35/Central+Authentication+... </member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>6.0.0-18</revnumber>
+ <date>Thu Nov 15 2012</date>
+ <author>
+ <firstname>Jared</firstname>
+ <surname>Morgan</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>BZ#876821 - Removed obsolete chapters and sections from the JCR part, according to the guidance in the ticket. </member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
<revnumber>6.0.0-17</revnumber>
<date>Mon Nov 5 2012</date>
<author>
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml 2012-11-28 05:17:16 UTC (rev 8970)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml 2012-11-28 05:32:06 UTC (rev 8971)
@@ -36,7 +36,7 @@
</listitem>
<listitem>
<para>
- Cluster authentication with loadbalancer or with JBoss SSO valve. Refer to <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On_-Enabling_SSO_using_JBoss_SSO_Valve"/> for more information.
+ Cluster authentication with load balancer or with JBoss SSO valve. Refer to <xref linkend="sect-SSO_Single_Sign_On_-Enabling_SSO_using_JBoss_SSO_Valve"/> for more information.
</para>
</listitem>
</itemizedlist>
@@ -527,7 +527,7 @@
</para>
</note>
<para>
- There is also possibility for integration with JBoss clustered SSO valve (See <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On_-Enabling_SSO_using_JBoss_SSO_Valve"/>).
+ There is also possibility for integration with JBoss clustered SSO valve (See <xref linkend="sect-SSO_Single_Sign_On_-Enabling_SSO_using_JBoss_SSO_Valve"/>).
</para>
</section>
<section id="sect-Authentication_Authorization_Intro-SSOLogin">
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2012-11-28 05:17:16 UTC (rev 8970)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2012-11-28 05:32:06 UTC (rev 8971)
@@ -5,13 +5,13 @@
]>
<chapter id="sect-Reference_Guide-SSO_Single_Sign_On">
<title>SSO - Single Sign On</title>
- <section id="sect-Reference_Guide-SSO_Single_Sign_On_-Overview">
+ <section id="sect-SSO_Single_Sign_On_-Overview">
<title>Overview and Configuration Assumptions</title>
<para>
JBoss Portal Platform provides an implementation of Single Sign On (<literal>SSO</literal>) as an integration and aggregation platform.
</para>
<para>
- When logging into the portal users can access many systems through portlets using a single identity. In many cases, however, the portal infrastructure must be integrated with other SSO enabled systems.
+ When logging into the portal, users can access many systems through portlets using a single identity. In many cases, however, the portal infrastructure must be integrated with other SSO enabled systems.
</para>
<para>
There are many different Identity Management solutions available. In most cases each SSO framework provides a unique way to plug into a Java EE application.
@@ -22,7 +22,7 @@
<itemizedlist>
<listitem>
<para>
- <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On_-Central_Authentication_Service"/>
+ <xref linkend="sect-SSO_Single_Sign_On_-Central_Authentication_Service"/>
</para>
</listitem>
<listitem>
@@ -48,7 +48,7 @@
</para>
</note>
<para>
- All the packages required for SSO setup can be found in a zip file located in the <filename><filename>JPP_DIST</filename>/gatein-sso</filename> directory of the JBoss Portal Platform binary package.
+ All the packages required for SSO setup can be found in the <filename><filename>JPP_DIST</filename>/gatein-sso</filename> directory of the JBoss Portal Platform binary package.
</para>
<para>
In the following scenarios this directory will be referred to as <replaceable>PORTAL_SSO</replaceable>.
@@ -62,8 +62,9 @@
Remove <filename>JBOSS_HOME/server/PROFILE/deploy/gatein-sample-extension.ear</filename> and <filename>JBOSS_HOME/server/PROFILE/deploy/gatein-sample-portal.ear</filename> which are packaged by default with JBoss Enterprise Portal Platform.
</para> --> </warning>
</section>
- <section id="sect-Reference_Guide-SSO_Single_Sign_On_-Enabling_SSO_using_JBoss_SSO_Valve">
- <title>Enabling SSO using JBoss SSO Valve</title>
+ <section id="sect-SSO_Single_Sign_On_-Enabling_SSO_using_JBoss_SSO_Valve">
+ <title><remark>NEEDINFO</remark>Enabling SSO using JBoss SSO Valve</title>
+ <remark>Is the SSO valve still valid for JPP 6?</remark>
<!-- Source Metadata
URL: https://issues.jboss.org/browse/JBQA-4530
Author [w/email]: Marek Posolda (mposolda(a)redhat.com)
@@ -102,6 +103,7 @@
</para>
<procedure id="proc-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-SSO_Integration">
<title>SSO Integration</title>
+ <remark>The file paths in this procedure need to be verified if this procedure is to remain for JPP 6</remark>
<step>
<para>
Open the <filename><replaceable>JPP_DIST</replaceable>/jboss-as/server/<replaceable>PROFILE</replaceable>/deploy/jbossweb.sar/server.xml</filename> file and uncomment one of the two <parameter>Valve</parameter> entries:
@@ -156,6 +158,7 @@
</formalpara>
<procedure id="proc-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-Testing_the_SSO_Valve">
<title>Testing the SSO Valve</title>
+ <remark>The file paths in this procedure need to be verified if this procedure is to remain for JPP 6</remark>
<step>
<para>
If you are using a Linux system, you can configure file <emphasis role="bold">/etc/hosts</emphasis> to contain these lines:
@@ -223,6 +226,7 @@
</para>
</step>
</procedure>
+ <remark>The file paths in this procedure need to be verified if this procedure is to remain for JPP 6</remark>
<formalpara id="form-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-Enabling_SSO_with_Other_Web_Applications">
<title>Enabling SSO with Other Web Applications</title>
<para>
@@ -268,6 +272,7 @@
</formalpara>
<procedure id="proc-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-Test_SSO_Between_Portal_and_JMX_Console">
<title>Test SSO Between Portal and JMX Console</title>
+ <remark>The file paths in this procedure need to be verified if this procedure is to remain for JPP 6</remark>
<step>
<para>
Start a portal instance on one node:
@@ -300,6 +305,7 @@
</para>
<procedure id="proc-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-Redirect_to_Use_SSO_Valve_Authentication">
<title>Redirect to Use SSO Valve Authentication</title>
+ <remark>The file paths in this procedure need to be verified if this procedure is to remain for JPP 6</remark>
<step>
<para>
Open the <filename><replaceable>JPP_DIST</replaceable>/jboss-as/server/<replaceable>PROFILE</replaceable>/deploy/gatein.ear/web.war/groovy/groovy/webui/component/UIBannerPortlet.gtml</filename> file and edit the line:
@@ -326,94 +332,314 @@
</step>
</procedure>
</section>
- <section id="sect-Reference_Guide-SSO_Single_Sign_On_-Central_Authentication_Service">
- <title>Central Authentication Service</title>
- <para>
- This Single Sign On plug-in enables seamless integration between JBoss Portal Platform and the Central Authentication Service (<emphasis role="bold">CAS</emphasis>) Single Sign On Framework. Details about CAS can be found <ulink url="http://www.ja-sig.org/cas/"> here </ulink> .
- </para>
- <para>
- The integration consists of two parts; the first part consists of installing or configuring a CAS server, the second part consists of setting up the portal to use the CAS server.
- </para>
- <section>
- <title>CAS_DIR</title>
- <procedure id="proc-Reference_Guide-Central_Authentication_Service-CAS_server">
- <title>Installing CAS server, and defining CAS_DIR</title>
- <step>
+ <section id="sect-SSO_Single_Sign_On_-Central_Authentication_Service">
+ <title><remark>BZ#856430</remark>Central Authentication Service (CAS)</title>
+ <para>The CAS Single Sign On (SSO) plug-in enables seamless integration between the platform and the CAS SSO framework. Further information about CAS can be found on the
+ <ulink url="http://www.jasig.org/cas">Jasig website</ulink>
+ .
+ </para>
+ <para>The integration consists of two parts:</para>
+ <itemizedlist>
+ <listitem>
+ <para>Installing and configuring a CAS server.</para>
+ </listitem>
+ <listitem>
+ <para>Setting up the portal to use the CAS server.</para>
+ </listitem>
+ </itemizedlist>
+ <section id="sect-CAS-Authentication_Process">
+ <title>Authentication Process</title>
+ <para>The authentication process with CAS integration occurs in the following order:</para>
+ <orderedlist>
+ <listitem>
+ <para>A user visits the main portal page, and wishes to authenticate. The user clicks
+ <emphasis role="italics">Sign in</emphasis>. </para>
+ </listitem>
+ <listitem>
+ <para>Normally this action would present the GateIn Portal login dialog, however with SSO integration enabled, the action redirects the user to a marker URL such as
+ <ulink url="http://localhost:8080/portal/sso"/>.
+ </para>
+ <para>The portal handles this user action by calling the interceptor (Servlet filter)
+ <emphasis role="strong">LoginRedirectFilter</emphasis>, which redirects the user seamlessly away from the
+ <emphasis role="italics">/portal/sso</emphasis>
+ URL to the CAS server page.
+ </para>
+ </listitem>
+ <listitem>
+ <para>The interceptor redirects the user to the CAS login page
+ <ulink url="http://localhost:8888/cas/login"/>
+ . The user enters the correct authentication information, and submits the form.
+</para>
+ <para>The CAS server retrieves the information from the identity store. The store could be an external database, a LDAP server, or from information obtained through an authentication plug-in such as the one shipped with JBoss Portal Platform. Refer to <xref linkend="sect-CAS_Authentication_Plug-in"/> for specific details about this technology.</para>
+ <remark>Docs Note: Removed the large block of content here about the Authentication Plug-in into the Authentication Plug-in section. It just didn't fit in this work flow overview section, and sits much better in the plug-in section.</remark>
+ </listitem>
+ <listitem>
+ <para> Once CAS determines the user has the correct access privileges to access the portal server, CAS redirects the user back to the portal through another marker URL such as
+ <ulink url="http://localhost:8080/portal/initiatelogin"/>
+ . </para>
+ <para>The <emphasis role="strong">InitiateLoginFilter</emphasis>
+interceptor acts on the user redirection to
+ <emphasis role="italics">/portal/initiatelogin</emphasis>
+by obtaining a CAS ticket attached in the HTTP request inside the
+ <emphasis role="italics">ticket</emphasis>
+parameter. The interceptor then delegates validation of this ticket to a configured
+ <emphasis role="strong">CASAgent</emphasis>
+ component. </para>
+ </listitem>
+ <listitem>
+ <para>The <emphasis>CASAgent</emphasis> validates the ticket by sending a validation request to the CAS server through a configured back channel. The CAS server validates the request, and ensures it contains the user name of the authenticated user in step 3.
+ </para>
+ </listitem>
+ <listitem>
<para>
- Set up the server to authenticate against the portal login module, as described in <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On_-Enabling_SSO_using_JBoss_SSO_Valve"/>.
- </para>
- </step>
- <step>
+ After SSO validation,
+ <emphasis role="italics">InitiateLoginFilter</emphasis>
+ redirects the user to the portal login URL
+ <ulink url="http://localhost:8080/portal/login"/>
+ , which initiates JAAS authentication.
+</para>
+ <para>The <emphasis role="strong">SSOLoginModule</emphasis> detects whether the user has been successfully validated by
+ <emphasis role="italics">CASAgent</emphasis>. If this is the case, the login module obtains data about user (groups, memberships) from
+ <emphasis role="italics">OrganizationService</emphasis>
+ and encapsulates the details into an
+ <emphasis role="strong">Identity</emphasis>
+ object. </para>
+ </listitem>
+ <listitem>
+ <para>The
+ <emphasis role="strong">JBossAS7LoginModule</emphasis> completes the authentication request by establishing the JAAS
+ <emphasis role="italics">Subject</emphasis>,
+ and saves the
+ <emphasis role="italics">Identity</emphasis>
+ object to the
+ <emphasis role="italics">IdentityRegistry</emphasis>
+ (See
+ <ulink url="https://docs.jboss.org/author/pages/viewpage.action?pageId=54264608_Authe...">Authentication and Authorization intro#Login modules</ulink>
+ for more details).
+</para>
+ </listitem>
+ <listitem>
+ <para>After successful JAAS authentication, the user is redirected to the portal in an authenticated state.</para>
+ </listitem>
+ </orderedlist>
+ <para>For more information about the available Login Modules shipped with the product, refer to the JBoss Enterprise Application Platform <citetitle>Security Guide</citetitle>. </para>
+ </section>
+ <section id="sect-CAS-Logout_Workflow">
+ <title>Logout Process</title>
+ <para>The logout process with CAS integration occurs in the following order:</para>
+ <orderedlist>
+ <listitem>
+ <para>The authenticated user clicks the
+ <emphasis role="italics">Sign out</emphasis>
+ link.
+ </para>
+ </listitem>
+ <listitem>
+ <para>The
+ <emphasis role="strong">CASLogoutFilter</emphasis>
+interceptor recognizes the logout request, and redirects the user to the CAS logout page
+ <ulink url="http://localhost:8888/cas/logout"/>
+. </para>
+ </listitem>
+ <listitem>
+ <para>The
+ CAS server logs out the user, and invalidate the CAS cookie
+ <emphasis role="italics">CASTGC</emphasis> . </para>
+ </listitem>
+ <listitem>
+ <para>CAS redirects the user back to the portal using the logout redirection configured in <xref linkend="sect-CAS_Logout_Redirection"/> .
+ </para>
+ <para>If the <emphasis role="italics">CASLogoutFilter</emphasis>
+ is enabled, the user is logged out from both the portal and CAS server.
+ </para>
+ </listitem>
+ <listitem>
<para>
- Download CAS v3.5 from <ulink url="http://www.jasig.org/cas/download" type="http"/> .
-This CAS version forms part of a supported configuration for &PRODUCT;. </para>
- </step>
- <step>
- <para>
- Extract the downloaded file into a suitable location. </para>
- <para>This location is referred to as <replaceable>CAS_DIR</replaceable> in the following procedures.
- </para>
- </step>
- </procedure>
+The logout redirection request completes the logout process on the CAS server's side, and the user is redirected to the portal's anonymous page. </para>
+ </listitem>
+ </orderedlist>
</section>
- <section id="sect-CAS_HTTPD_DIST">
- <title><remark>BZ#856430</remark>HTTPD_DIST</title>
- <task>
- <title>Install Tomcat and change default ports for CAS compatibility.</title>
- <tasksummary>
- <para>Tomcat hosts CAS on the portal instance. Install and configure Tomcat before proceeding with other configuration relating to CAS. </para>
- <para>This procedure covers the Linux installation method for Apache Tomcat (httpd). </para>
- <para>Completing this task defines the file path abbreviation <filename>HTTPD_DIST</filename>, which is used in other CAS configuration procedures.</para>
- </tasksummary>
+ <section id="sect-CAS-Configuration_Overview">
+ <title>CAS Configuration Overview</title>
+ <para>For scope purposes, the setup instructions assume the following configuration outcomes: </para>
+ <itemizedlist>
+ <listitem>
+ <para>CAS 3.5 will be deployed on Tomcat 7 server, which will listen on
+ <emphasis role="italics">localhost:8888</emphasis></para>
+ </listitem>
+ <listitem>
+ <para>The portal will listen on
+ <emphasis role="italics">localhost:8080</emphasis></para>
+ </listitem>
+ </itemizedlist>
+ <section id="sect-CAS-Install_Tomcat_Server">
+ <title>Install Tomcat Server</title>
+ <para>Install and configure Apache Tomcat before proceeding with other configuration relating to CAS.
+</para>
+ <para>This procedure covers the Linux installation method for Apache Tomcat (httpd).
+Completing this task defines the file path abbreviation HTTPD_DIST, which is used in other CAS configuration procedures.</para>
+ <para>File name abbreviations in this section are described in <xref linkend="sect-File_Name_Conventions"/></para>
<procedure>
+ <title>Configuring Tomcat for CAS</title>
<step>
- <para>Install Tomcat by running <command>sudo yum install httpd</command> in a terminal.
- </para>
+ <para>Install Tomcat by running <command>sudo yum install httpd</command> in a terminal.</para>
</step>
<step>
- <para> Edit <filename><replaceable>HTTPD_DIST</replaceable>/conf/httpd.conf</filename> and change the Listen 80 port to 8888 to avoid a conflict with the default JBoss Portal Platform.
-<remark>NEEDINFO - this used to be HTTPD_DIST/conf/server.xml, but if you install httpd using RPM, this file doesn't seem to exist. I assumed the .conf file was the correct place to change the listen port.</remark> </para>
+ <para>Edit <filename>HTTPD_DIST/conf/httpd.conf</filename> and change the Listen 80 port to 8888 to avoid a conflict with the default JBoss Portal Platform listen port.</para>
+ <remark>NEEDINFO - this used to be HTTPD_DIST/conf/server.xml, but if you install httpd using RPM, this file doesn't seem to exist. I assumed the .conf file was the correct place to change the listen port.</remark>
+ </step>
+ <step>
+ <para>Ensure port 8888 is open in the server firewall, and the httpd service is enabled and running so the platform can communicate with Apache on the same server.
+</para>
+ </step>
+ </procedure>
+ </section>
+ <section id="sect-CAS-Download_CAS">
+ <title>Download CAS</title>
+ <para>
+ CAS can be downloaded from
+ <ulink url="http://www.jasig.org/cas/download"/>
+ . The supported version is
+ <emphasis role="italics">CAS 3.5</emphasis>
+ . More recent CAS versions may also work, however have not been officially tested as part of this specific configuration exercise.
+ </para>
+ <para>
+ Extract the downloaded file into a suitable location on the Tomcat server. This location will be referred to as
+ <code>CAS_DIR</code>
+ in subsequent instructions.
+ </para>
+ </section>
+ </section>
+ <section id="sect-CAS-Modifying_CAS_Server">
+ <title>Modifying the CAS server</title>
+ <para>To configure the web archive as desired, the most effective way is to make the necessary changes directly in the CAS code base.</para>
+ <section id="sect-CAS_Authentication_Plug-in">
+ <title>Authentication Plug-in </title>
+ <para>While it is possible (and perfectly acceptable) for an administrator to configure CAS to retrieve user credentials from an external database, or from a LDAP server, it is also possible to use JBoss technology. </para>
+ <remark>Docs Note: This section was originally in https://docs.jboss.org/author/display/GTNPORTAL35/Central+Authentication+... and has been reworked quite a bit to promote the authentication plug-in as the "best" solution.</remark>
+ <para>CAS can be configured to make secure authentication callbacks to a RESTful service installed on the remote portal instance using the supplied CAS <literal>AuthenticationPlugin</literal>. </para>
+ <para>Implementing the <literal>AuthenticationPlugin</literal> on the CAS server has the advantage of leveraging a single identity storage for portal user, group and role data. If a new user is added using the portal user management interface, the user information is instantly accessible to the CAS server through the technology implemented by the <literal>AuthenticationPlugin</literal>. </para>
+ <para>The plug-in verifies user credentials by connecting to an existing portal instance using REST over the HTTP protocol. The portal serves a REST authentication callback request, and verifies the user identity against the portal's own identity storage provided by the PicketLink IDM
+ <emphasis role="italics">OrganizationService</emphasis>. The <literal>AuthenticationPlugin</literal> receives the portal's response to the CAS server, and continues with the authentication process based on user data in the response.
+</para>
+ <para>For the plug-in to function correctly, it must be properly configured on the CAS server to connect to this service. Set up the server to authenticate against the portal using the REST call-back.</para>
+ <procedure>
+ <title>Configuring the Authentication plug-in</title>
+ <step>
+ <para>
+ Open
+ <code>CAS_DIR/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml</code>
+ .
+ </para>
+ </step>
+ <step>
+ <para>Replace the default configuration, which declares the Jasig <classname>SimpleTestUsernamePasswordAuthenticationHandler</classname> Authentication Handler with the following supported Authentication Handler. </para>
<note>
- <para>
- If JBoss Portal Platform is running on the same machine as Apache Tomcat, other ports will need to be changed in addition to 8080 to avoid conflicts. They can be changed to any free port. For example; change the admin port from 8005 to 8805 and the AJP port from 8009 to 8809.
- </para>
+ <para>This configuration is available in the
+ <code><replaceable>SSO_HOME</replaceable>/cas.war/WEB-INF/deployerConfigContext.xml</code>. If you choose to take this configuration file, ensure the default host, port and context parameters are adjusted to match the values corresponding to the remote portal instance. </para>
</note>
+ <programlisting>
+<!--
+ XML comment used for configuration guidance removed for ease of readability+-->
+<bean class="org.gatein.sso.cas.plugin.AuthenticationPlugin">
+ <property name="gateInProtocol"><value>http</value></property>
+ <property name="gateInHost"><value>localhost</value></property>
+ <property name="gateInPort"><value>8080</value></property>
+ <property name="gateInContext"><value>portal</value></property>
+ <property name="httpMethod"><value>POST</value></property>
+</bean>
+</programlisting>
</step>
<step>
- <para>Ensure port 8888 is open in the server firewall, and the httpd service is enabled and running so the platform can communicate with Apache on the same server. </para>
+ <para>
+ Copy all jars from
+ <code>SSO_HOME/cas/plugin/WEB-INF/lib/ </code>to the
+ <code>CAS_DIR/cas-server-webapp/src/main/webapp/WEB-INF/lib</code> directory.
+ </para>
</step>
</procedure>
- </task>
- </section>
- <section>
- <title><remark>BZ#856430</remark>Configure the platform</title>
- <task>
- <title>Configuring SSO configuration.properties for CAS</title>
- <tasksummary>
- <para>To prepare the portal platform for CAS authentication, SSO filters and login modules need to be specified in global configuration files. The location of the CAS server, as configured in a locally-running Apache Tomcat server, also needs to be specified.</para>
- </tasksummary>
- <taskprerequisites>
- <itemizedlist>
+ </section>
+ <section id="sect-CAS_Logout_Redirection">
+ <title>Logout redirection setup</title>
+ <para>The CAS server displays the CAS logout page with a link to return to the portal by default. To make the CAS server redirect to the portal page after a logout, modify
+ <code>CAS_DIR/cas-server-webapp/src/main/webapp/</code>
+ <code>WEB-INF/cas-servlet.xml</code>
+ to include the
+ <code>followServiceRedirects="true"</code>
+ parameter:
+ </para>
+ <programlisting language=""><bean id="logoutController" class="org.jasig.cas.web.LogoutController"
+ p:centralAuthenticationService-ref="centralAuthenticationService"
+ p:logoutView="casLogoutView"
+ p:warnCookieGenerator-ref="warnCookieGenerator"
+ p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator"
+ p:followServiceRedirects="true"/>
+</programlisting>
+ </section>
+ <section id="sect-CAS_SSO_Cookie_Configuration">
+ <title>CAS SSO cookie configuration (CASTGC)</title>
+ <para>Jasic CAS uses a cookie named <firstterm>CAS Ticket Granting Cookie</firstterm>
+ (CASTGC)
+to control the authentication state within the browser session. The cookie contains a Ticket Granting Ticket (TGT), which preserves SSO authentication where more than one site is controlled by the same SSO profile. </para>
+ <example id="exam-CASTGC_Authentication">
+ <title>Basic CASTGC Portal Authentication Scenario </title>
+ <para>Two portal servers are provisioned that use a single CAS server to manage authentication. The portals are named <literal>accounts</literal> and <literal>services</literal>.</para>
+ <para>When a user initially accesses the <literal>accounts</literal> portal, they provide their SSO credentials, and CAS authenticates them as a registered user. The user then switches to the <literal>services</literal> portal, and is authenticated when she clicks the Sign in link. </para>
+ <para>This behavior is correct given this example because the browser instance stores the browser authentication state using the CASTCG cookie. The CASTCG cookie in this instance creates new ticket for the <literal>services</literal> portal automatically based on the authentication state present for the accounts portal.
+ </para>
+ </example>
+ <para>The behavior described in <xref linkend="exam-CASTGC_Authentication"/>exists through a secured connection only (https connection). To benefit from authentication across two or more portals, one of the options below must be implemented. Choose the correct option based on the deployment environment: </para>
+ <variablelist>
+ <varlistentry>
+ <term>Testing</term>
<listitem>
- <para>
- Set up the server to authenticate against the portal login module, as described in <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On_-Enabling_SSO_using_JBoss_SSO_Valve"/>.
-<remark><-- NEEDINFO - 20121024 - need to check that this process is still valid and correct based on EPP 6 changes. </remark> </para>
+ <para>Alter the CASTGC cookie to be non-secure. </para>
+ <para>The cookie can be accessed through http (insecure) connections. </para>
+ <para>To configure this test behavior, open
+ <code>CAS_DIR/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml</code>
+ and switch the attribute
+ <code>cookieSecure</code>
+ to false. </para>
+ <programlisting><bean id="ticketGrantingTicketCookieGenerator"
+ p:cookieSecure="false"
+ p:cookieMaxAge="-1"
+ p:cookieName="CASTGC"
+ p:cookiePath="/cas" /></programlisting>
</listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Production</term>
<listitem>
- <para>Complete the task in <xref linkend="sect-CAS_HTTPD_DIST"/></para>
+ <para>Correctly implement the https protocol for all production servers that rely on CAS. This configuration is the recommended method for any production server, and ensures greater security for CAS connections. Refer to the Jasig documentation about securing CAS <ulink url="https://wiki.jasig.org/display/CASUM/Securing+Your+New+CAS+Server "/> for information and resources.</para>
</listitem>
- <listitem>
- <para>The platform is configured to run on the default host and port (http://localhost:8080)</para>
- </listitem>
- </itemizedlist>
- </taskprerequisites>
+ </varlistentry>
+ </variablelist>
+ </section>
+ </section>
+ <section id="sect-CAS-Modifying_the_Portal">
+ <title>Modifying the Portal</title>
+ <section id="sect-CAS_Portal_SSO_Primary_Configuration_File">
+ <title>Portal SSO Primary Configuration File</title>
+ <para>
+ The main GateIn Portal configuration file for SSO integration is
+ <code>JPP_SERVER/gatein/gatein.ear/portal.war/WEB-INF/conf/sso/security-sso-configuration.xml</code>
+ . All required SSO components such as agents and SSO interceptors (servlet filters in v5.x of the product) are configured in this file. </para>
+ <para>In most cases, it will never be necessary to edit <filename>security-sso-configuration.xml</filename> directly when using JBoss Portal Platform. The architecture in JBoss Enterprise Application Platform 6 means that users can override the base configuration described in this file using name/value pairs configured in one place: <filename>JPP_SERVER/standalone/configuration/gatein/configuration.properties</filename></para>
+ <para>The exception to this rule is where configuration present in <filename>security-sso-configuration.xml</filename> is fundamentally unsuitable for the production environment the server will be deployed to, or when additional underlying functionality is required (for example, another custom interceptor). </para>
+ </section>
+ <section id="sect-CAS_Configuring_the_Platform">
+ <title>Portal configuration.properties for CAS SSO</title>
+ <para>To prepare the portal platform for CAS authentication, SSO filters and login modules need to be specified in global configuration files. The location of the CAS server, as configured in a locally-running Apache Tomcat server, also needs to be specified.
+</para>
<procedure>
+ <title>Configuring SSO configuration.properties for CAS</title>
<step>
- <para>Open <filename>JPP_DIST/standalone/configuration/gatein/configuration.properties</filename>, and locate the SSO sections in the file.</para>
+ <para>Open <filename>JPP_SERVER/standalone/configuration/gatein/configuration.properties</filename> and locate the SSO sections in the file.</para>
</step>
<step>
- <para>Make the following changes to the file to declare the correct login module, server and portal URLs, and the logout filter. Ensure <replaceable> [portal.container.name]</replaceable> is replaced with the name of the portal container used in production.</para>
- <programlisting># SSO
+ <para>Make the following changes to the file to declare the correct login module, server and portal URLs, and the logout filter. Ensure <replaceable>[portal.container.name]</replaceable> is replaced with the name of the portal container used in production.</para>
+ <programlisting>
+# SSO
gatein.sso.enabled=true
gatein.sso.callback.enabled=${gatein.sso.enabled}
gatein.sso.login.module.enabled=${gatein.sso.enabled}
@@ -422,187 +648,101 @@
gatein.sso.portal.url=http://localhost:8080
gatein.sso.filter.logout.class=org.gatein.sso.agent.filter.CASLogoutFilter
gatein.sso.filter.logout.url=${gatein.sso.server.url}/logout
-gatein.sso.filter.login.sso.url=${gatein.sso.server.url}/login?service=${gatein.sso.portal.url}/@@<replaceable>[portal.container.name]</replaceable>@@/initiatessologin</programlisting>
+gatein.sso.filter.login.sso.url=${gatein.sso.server.url}/login?service=${gatein.sso.portal.url}/@@<replaceable>[portal.container.name]</replaceable>@@/initiatessologin
+</programlisting>
</step>
</procedure>
- </task>
- </section>
- <section>
- <title>Modify CAS Server</title>
- <para>
- The CAS Server Plug-in makes secure callbacks to a RESTful service installed on the remote &PRODUCT; server to authenticate a user.
- </para>
- <para>
- In order for the plug-in to function correctly, it needs to be properly configured to connect to this service. This configuration is controlled by the <filename>cas.war/WEB-INF/deployerConfigContext.xml</filename> file.
- </para>
- <para>
- Change the default authentication handler with the one provided by &PRODUCT;.
- </para>
- <para>
-<remark>NEEDINFO - 20121024 - Will a customer need to use Maven to modify the CAS server, or are the files contained in GATEIN_SSO_HOME/cas/plugin/WEB-INF/lib/ </remark> To perform the final build step and complete these instructions you will need the Apache Maven 2. Download it from <ulink url="http://maven.apache.org/download.html" type="http"> here </ulink> .
+ <variablelist>
+ <varlistentry>
+ <term>gatein.sso.enabled</term>
+ <listitem>
+ <para>Specifies whether SSO integration is enabled on the portal. With this option set to "true" when a user clicks the
+ <emphasis role="italics">Sign in</emphasis>
+ link, the user is redirected to the
+ <emphasis role="italics">/portal/sso</emphasis>
+ URL rather than a standard Sign in dialog.
</para>
- <procedure id="proc-Reference_Guide-Central_Authentication_Service-Modifying_CAS_server">
- <title>Modifying CAS server</title>
- <step>
- <para>
- Open <filename><replaceable>CAS_DIR</replaceable>/webapps/cas/WEB-INF/deployerConfigContext.xml</filename>
- </para>
- </step>
- <step>
- <para>Make the following changes to the directives in <filename>deployerConfigContext.xml</filename>.</para>
- <programlisting><!--<bean
-class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
--->
-<bean class="org.gatein.sso.cas.plugin.AuthenticationPlugin">
-<property name="gateInProtocol"><value>http</value></property>
- <property name="gateInHost"><value>localhost</value></property>
- <property name="gateInPort"><value>8080</value></property>
- <property name="gateInContext"><value>portal</value></property>
-<property name="httpMethod"><value>POST</value></property>
-</bean></programlisting>
- </step>
-<!--BZ#856430 - Removed these steps because they contain info not required according to instructions provided my Marek P in attachment.--><!--<step>
- <para>
- Replace this code:
- </para>
- <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default102.xml" parse="text"/></programlisting>
- <para>
- with the following (ensure you set the host, port and context with the values corresponding to your portal). The code is available for direct copy in the <filename>PORTAL_SSO/cas/plugin/WEB-INF/deployerConfigContext.xml</filename> file:
- </para>
- <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default103.xml" parse="text"/></programlisting>
-</step>--><!--<step>
- <para>
- Copy the following files into the <filename><replaceable>CAS_DIR</replaceable>/cas-server-webapp/src/main/webapp/WEB-INF/lib</filename> directory:</para>
- <itemizedlist>
- <listitem>
- <para><filename><replaceable>PORTAL_SSO</replaceable>/cas/plugin/WEB-INF/lib/sso-cas-plugin-<replaceable>VERSION</replaceable>.jar</filename></para>
- </listitem>
- <listitem>
- <para><filename><replaceable>PORTAL_SSO</replaceable>/cas/plugin/WEB-INF/lib/commons-httpclient-<replaceable>VERSION</replaceable>.jar</filename></para>
- </listitem>
- </itemizedlist>
-</step>--><!--<step>
- <para>
- Navigate locally to the <filename><replaceable>CAS_DIR</replaceable>/cas-server-webapp</filename> directory and execute the following command:
- </para>
- <programlisting>mvn install
-</programlisting>
-</step>--><!--<step>
- <para>
- Copy the <filename><replaceable>CAS_DIR</replaceable>/cas-server-webapp/target/cas.war</filename> file into the <filename>HTTPD_DIST/webapps</filename> directory.
- </para>
- <para>
- Tomcat should start without issue and should be accessible at <ulink url="http://localhost:8888/cas" type="http"> http://localhost:8888/cas </ulink> .
- </para>
- <note>
- <para>
- At this stage the login functionality will not be available.
- </para>
- </note>
- <mediaobject>
- <imageobject>
- <imagedata width="444" scale="100" fileref="images/AuthenticationAndIdentity/SSO/cas.png" format="PNG"/>
- </imageobject>
- </mediaobject>
-</step>--> </procedure>
- <note>
- <para>
- On logout, the CAS server will display the CAS logout page with a link to return to the portal. To make the CAS server redirect to the portal page after a logout, modify the <filename>cas.war/WEB-INF/cas-servlet.xml</filename> to include the follow line :
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>gatein.sso.callback.enabled</term>
+ <listitem>
+ <para>
+Specifies whether the REST callback authentication handler is enabled. </para>
+ <para>The handler is required if the CAS server must use the SSO Authentication plug-in to handle portal authentication. See <xref linkend="sect-CAS_Logout_Redirection"/>
+for details. The callback handler is enabled by default. Set the parameter to false if the Authentication Plugin on the CAS server side is not required.
</para>
- <programlisting>
-<bean id="logoutController" class="org.jasig.cas.web.LogoutController"
- p:centralAuthenticationService-ref="centralAuthenticationService"
- p:logoutView="casLogoutView"
- p:warnCookieGenerator-ref="warnCookieGenerator"
- p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator"
- p:followServiceRedirects="true"/>
-</programlisting>
- </note>
- </section>
- <section>
- <title>Configure CAS client</title>
- <para><remark>NEEDINFO - this section will need to be reviewed to ensure it is still correct</remark></para>
- <procedure id="proc-Reference_Guide-Central_Authentication_Service-Setup_the_CAS_client">
- <title>Setup the CAS client</title>
- <step>
- <para>
- Copy all the libraries from the <filename><replaceable>PORTAL_SSO</replaceable>/cas/gatein.ear/lib</filename> directory into the <filename><replaceable>JPP_DIST</replaceable>/jboss-as/server/default/deploy/gatein.ear/lib</filename>) directory<remark><-- what are the new file paths?</remark>.
- </para>
- </step>
- <step>
- <para>
- Edit the <filename><replaceable>JPP_DIST</replaceable>/jboss-as/server/<replaceable>PROFILE</replaceable>/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml</filename> file. In the file, first comment out or remove all <login-module> entries. Then uncomment the following section <remark><-- what are the new file paths?</remark>:
- </para>
- <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default105.xml" parse="text"/></programlisting>
-<!-- Removing as per https://issues.jboss.org/browse/JBEPP-1350
- <para>
- In Tomcat, edit <filename>GATEIN_HOME/conf/jaas.conf</filename>, uncomment on this section and comment other parts:
- </para>
-<programlisting>org.gatein.sso.agent.login.SSOLoginModule required;
-org.exoplatform.services.security.j2ee.TomcatLoginModule required
-portalContainerName=portal
-realmName=gatein-domain;
-</programlisting>
- --> </step>
- <step>
- <para>
- The installation can be tested at this point (assuming the CAS server on Tomcat is running):
- </para>
- <procedure>
- <step>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>gatein.sso.login.module.enabled</term>
+ <listitem>
+ <para>Specifies whether a pre-defined SSO login module declared in <filename> JPP_SERVER/standalone/configuration/standalone.xml</filename> is used for authentication. When the property is set to "true", the SSODelegateLoginModule delegates work to another login module, as specified using the <property>gatein.sso.login.module.class</property> property. SSODelegateLoginModule will also resend all its options to its delegate.</para>
+ <para>This parameter removes the need to manually change any login module configuration in the standalone.xml file, which simplifies platform configuration. </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>gatein.sso.login.module.class</term>
+ <listitem>
+ <para>Specifies the classname of the login module SSODelegateLoginModule will delegate to. This parameter will work only if gatein.sso.login.module.enabled is specified.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>gatein.sso.server.url</term>
+ <listitem>
<para>
- Start (or restart) JBoss Portal Platform and direct your web browser to <ulink url="http://localhost:8888/cas" type="http"> http://localhost:8888/cas </ulink> .
- </para>
- </step>
- <step>
+ Specifies the URL from which the CAS server is accessible. </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>gatein.sso.portal.url</term>
+ <listitem>
<para>
- Login with the username <literal>root</literal> and the password <literal>gtn</literal> (or any other account created through the portal).
- </para>
- </step>
- </procedure>
- </step>
- </procedure>
+ Specifies the URL from which the JBoss Portal Platform is accessible.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>gatein.sso.filter.logout.class</term>
+ <listitem>
+ <para>
+ Specifies the class of the logout filter. In the example above
+ <code>org.gatein.sso.agent.filter.CASLogoutFilter</code>
+is the correct choice because this filter is able to redirect to the CAS server and perform logout on CAS side.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>gatein.sso.filter.logout.url</term>
+ <listitem>
+ <para>
+ Specifies the CAS server logout URL, which is used for redirection by the logout filter
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>gatein.sso.filter.logout.enabled</term>
+ <listitem>
+ <para>Optional parameter, which specifies whether the logout interceptor is enabled. To disable logout on CAS side, set the parameter value to "
+ false"
+ . This results in both options
+ <code>gatein.sso.filter.logout.class</code>
+ and
+ <code>gatein.sso.filter.logout.url</code> are ignored </para>
+ <para>When a user logs out of the portal, the CAS authentication ticket is still valid for other CAS authenticated sites. </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>gatein.sso.filter.login.sso.url</term>
+ <listitem>
+ <para>
+ Specifies the CAS server login URL, which is used by LoginRedirectFilter for redirection to the CAS server login page.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </section>
</section>
- <section>
- <title>Redirect to CAS</title>
- <para><remark>NEEDINFO - this section will need to be reviewed to ensure it is still correct according to the changes in EPP 6</remark></para>
- <para>
- To utilize the Central Authentication Service, &PRODUCT; needs to redirect all user authentication to the CAS server.
- </para>
- <para>
- Information about where the CAS is hosted must be properly configured within the &PRODUCT; instance. The required configuration is done by modifying three files.
- </para>
- <procedure id="proc-Reference_Guide-Central_Authentication_Service-Redirect_to_CAS">
- <title>Redirect to CAS</title>
- <step>
- <para>
- Modify the '<emphasis role="bold">Sign In</emphasis>' link in the <filename><replaceable>JPP_DIST</replaceable>/jboss-as/server/<replaceable>PROFILE</replaceable>/deploy/gatein.ear/web.war/groovy/groovy/webui/component/UIBannerPortlet.gtml</filename> file as follows <remark><-- what are the new file paths?</remark>:
- </para>
- <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default106.xml" parse="text"/></programlisting>
- </step>
- <step>
- <para>
- Modify the '<emphasis role="bold">Sign In</emphasis>' link in the <filename><replaceable>JPP_DIST</replaceable>/jboss-as/server/<replaceable>PROFILE</replaceable>/deploy/gatein.ear/web.war/groovy/portal/webui/component/UILogoPortlet.gtmpl</filename> file as follows <remark><-- what are the new file paths?</remark>:
- </para>
- <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default107.xml" parse="text"/></programlisting>
- </step>
- <step>
- <para>
- Replace the entire contents of <filename>gatein.ear/02portal.war/login/jsp/login.jsp</filename> with <remark><-- what are the new file paths?</remark>:
- </para>
- <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default108.xml" parse="text"/></programlisting>
- </step>
- <step>
- <para>
- Add the following Filters at the top of the filter chain in <filename>gatein.ear/02portal.war/WEB-INF/web.xml</filename> <remark><-- what are the new file paths?</remark>:
- </para>
- <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default109.xml" parse="text"/></programlisting>
- </step>
- </procedure>
- <para>
- Once these changes have been made, all links to the user authentication pages will redirect to the CAS centralized authentication form and CAS can be used as an SSO implementation in the portal.
- </para>
- </section>
</section>
<section id="sect-Reference_Guide-SSO_Single_Sign_On_-Java_Open_Single_Sign_On_Project">
<title>Java Open Single Sign-On Project</title>
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr/configuration/external-value-storages.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr/configuration/external-value-storages.xml 2012-11-28 05:17:16 UTC (rev 8970)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr/configuration/external-value-storages.xml 2012-11-28 05:32:06 UTC (rev 8971)
@@ -1,202 +1,76 @@
-<?xml version='1.0' encoding='utf-8' ?>
+<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "Reference_Guide.ent">
%BOOK_ENTITIES;
]>
<chapter id="chap-Reference_Guide-External_Value_Storages">
- <title>External Value Storages</title>
- <section id="sect-Reference_Guide-External_Value_Storages-Introduction">
- <title>Introduction</title>
- <para>
+ <title>External Value Storages</title>
+ <section id="sect-Reference_Guide-External_Value_Storages-Introduction">
+ <title>Introduction</title>
+ <para>
JCR values are stored in the Workspace Data container by default. The eXo JCR offers an additional option of storing JCR values separately from the Workspace Data container which can help keep Binary Large Objects (BLOBs) separate.
</para>
- <!-- <para>
+<!-- <para>
Value storage configuration is a part of the repository configuration. Refer to <xref linkend="sect-Reference_Guide-JCR_configuration-Example_of_the_portal_system_workspace" /> for more details.
- </para> --> <para>
+ </para> --> <para>
Tree-based storage is recommended in most cases.
</para>
- <!-- Not sure this is necessary
+<!-- Not sure this is necessary
<para>
If you run an application on Amazon EC2 - the S3 option may be interesting for architecture. Simple 'flat' storage is good in speed of creation/deletion of values, it might be a compromise for a small storages.
-</para> -->
- </section>
-
- <section id="sect-Reference_Guide-External_Value_Storages-Tree_File_Value_Storage">
- <title>Tree File Value Storage</title>
- <para>
+</para> --> </section>
+ <section id="sect-Reference_Guide-External_Value_Storages-Tree_File_Value_Storage">
+ <title>Tree File Value Storage</title>
+ <para>
Tree File Value Storage holds values in tree-like file system files. <property>Path</property> property points to the root directory to store the files.
</para>
- <para>
+ <para>
This is a recommended type of external storage because it can contain large amount of files limited only by disk/volume free space.
</para>
- <para>
+ <para>
However, using Tree File Value Storage can result in a higher time on value deletion, due to the removal of unused tree-nodes.
</para>
-<example>
-<title>Tree File Value Storage Configuration</title>
-<programlisting language="XML" role="XML"><xi:include href="../../../../extras/Advanced_Development_JCR_external-value-storages/default25.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
- <para>
+ <example>
+ <title>Tree File Value Storage Configuration</title>
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../../../extras/Advanced_Development_JCR_external-value-storages/default25.xml" parse="text"/></programlisting>
+ <para>
Comment #1: The <emphasis role="bold">id</emphasis> is the value storage unique identifier, used for linking with properties stored in a workspace container.
</para>
- <para>
+ <para>
Comment #2: the <emphasis role="bold">path</emphasis> is a location where value files will be stored.
</para>
-</example>
- <para>
+ </example>
+ <para>
Each file value storage can have the <function>filters</function> for incoming values. A filter can match values by <property>property-type</property>, <property>property-name</property>, <property>ancestor-path</property>. It can also match the size of values stored (<property>min-value-size</property>) in bytes.
</para>
- <para>
+ <para>
In the previous example a filter with <property>property-type</property> and <property>min-value-size</property> has been used. This results in storage for binary values with size greater of 1MB.
</para>
- <para>
+ <para>
It is recommended that properties with large values are stored in file value storage only.
</para>
- <para>
+ <para>
The example below shows a value storage with different locations for large files (<property>min-value-size</property> a 20Mb-sized filter).
</para>
- <para>
+ <para>
A value storage uses ORed logic in the process of filter selection. This means the first filter in the list will be called first and if it is not matched the next will be called, and so on.
</para>
- <para>
- In this example a value matches the 20MB filter <property>min-value-size</property> and will be stored in the path "<literal>data/20Mvalues</literal>". All other filters will be stored in "<literal>data/values</literal>".
+ <para>
+ In this example a value matches the 20MB filter <property>min-value-size</property> and will be stored in the path "<literal>data/20Mvalues</literal>". All other filters will be stored in "<literal>data/values</literal>".
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../../../extras/Advanced_Development_JCR_external-value-storages/default26.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </section>
-
- <!-- <section id="sect-Reference_Guide-External_Value_Storages-Simple_File_Value_Storage">
-<title>Simple File Value Storage</title>
-<note>
-<para>
-Not recommended to use in production due to low capacity capabilities on most file systems.
-</para>
-<para>
-But if you're sure in your file-system or data amount is small it may be useful for you as haves a faster speed of Value removal.
-</para>
-</note>
-<para>
-Holds Values in flat file system files. <property>path</property> property points to root directory in order to store files
-</para>
-<programlisting language="Java" role="Java"><xi:include parse="text" href="../../../../extras/Advanced_Development_JCR_external-value-storages/default27.java" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-<programlisting><value-storage id="Storage #1" class="org.exoplatform.services.jcr.impl.storage.value.fs.SimpleFileValueStorage">
-<properties>
-<property name="path" value="data/values"/>
-</properties>
-<filters>
-<filter property-type="Binary" min-value-size="1M"/>
-</filters>
-</programlisting>
-</section> --> <section id="sect-Reference_Guide-External_Value_Storages-Content_Addressable_Value_storage_CAS_support">
- <title>Content Addressable Value storage (CAS) support</title>
- <para>
- eXo JCR supports the <phrase>Content-addressable storage</phrase> feature for <phrase>values</phrase> storing.
- </para>
- <para>
- Content-addressable storage, also referred to as associative storage and abbreviated as <emphasis role="bold">CAS</emphasis>, is a mechanism for storing information that can be retrieved based on its content, not its storage location.
- </para>
- <para>
- It is typically used for high-speed storage and retrieval of fixed content, such as documents stored for compliance with government regulations.
- </para>
- <para>
- Content-addressable value storage stores unique content once. Different properties (values) with same content will be stored as one data file shared between those values. We can tell the value content will be shared across some values in storage and will be stored in one physical file.
- </para>
- <para>
- Storage size will be decreased for applications which govern potentially same data in the content.
- </para>
- <para>
- As an example; if 100 different properties contain the same data (mail attachments for example) the storage stores only one single file. The file will be shared with all referencing properties.
- </para>
- <para>
- If a property value changes it is stored in an additional file. Alternatively the file is shared with other values, pointing to the same content.
- </para>
- <para>
- The storage calculates value content address each time the property was changed. CAS write operations are more expensive compared to the non-CAS storages.
- </para>
- <para>
- Content address calculation is based on <literal>java.security.MessageDigest</literal> hash computation and has been tested with MD5 and SHA1 algorithms.
- </para>
- <note>
- <para>
- CAS storage works most efficiently on data that does not change often. For data that changes frequently CAS is not as efficient as location-based addressing.
- </para>
-
- </note>
- <para>
- CAS support can be enabled for <phrase>Tree</phrase> and <phrase>Simple File Value Storage</phrase> types.
- </para>
- <para>
- To enable CAS support just configure it in the JCR Repositories configuration with other Value Storages.
- </para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../../../extras/Advanced_Development_JCR_external-value-storages/default28.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
- <variablelist id="vari-Reference_Guide-Content_Addressable_Value_storage_CAS_support-CAS_Properties">
- <title>CAS Properties</title>
- <varlistentry>
- <term>digest-algo</term>
- <listitem>
- <para>
- Digest hash algorithm (MD5 and SHA1 were tested).
- </para>
-
- </listitem>
-
- </varlistentry>
- <varlistentry>
- <term>vcas-type</term>
- <listitem>
- <para>
- Value CAS internal data type, JDBC backed is currently implemented:
- </para>
- <para>
- <literal>org.exoplatform.services.jcr.impl.storage.value.cas.JDBCValueContentAddressStorageImpl</literal>
- </para>
-
- </listitem>
-
- </varlistentry>
- <varlistentry>
- <term>jdbc-source-name</term>
- <listitem>
- <para>
- A <literal>JDBCValueContentAddressStorageImpl</literal> specific parameter, a database will be used to save CAS metadata.
- </para>
-
- </listitem>
-
- </varlistentry>
- <varlistentry>
- <term>jdbc-dialect</term>
- <listitem>
- <para>
- A <literal>DBCValueContentAddressStorageImpl</literal> specific parameter defining database dialect.
- </para>
-
- </listitem>
-
- </varlistentry>
-
- </variablelist>
-
- </section>
-
- <section id="sect-Reference_Guide-External_Value_Storages-Disabling_value_storage">
- <title>Disabling value storage</title>
- <para>
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../../../extras/Advanced_Development_JCR_external-value-storages/default26.xml" parse="text"/></programlisting>
+ </section>
+ <section id="sect-Reference_Guide-External_Value_Storages-Disabling_value_storage">
+ <title>Disabling value storage</title>
+ <para>
The JCR allows you to disable value storage by adding the following property into its configuration.
</para>
-
-<programlisting language="XML"><property name="enabled" value="false" /></programlisting>
- <warning>
- <title>Warning</title>
- <para>
+ <programlisting language="XML"><property name="enabled" value="false" /></programlisting>
+ <warning>
+ <title>Warning</title>
+ <para>
It is recommended that this functionality be used for internal and testing purpose only, and with caution, as all stored values will be inaccessible.
</para>
-
- </warning>
-
- </section>
-
-
+ </warning>
+ </section>
</chapter>
-
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr-with-gatein.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr-with-gatein.xml 2012-11-28 05:17:16 UTC (rev 8970)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr-with-gatein.xml 2012-11-28 05:32:06 UTC (rev 8971)
@@ -1,10 +1,9 @@
-<?xml version='1.0' encoding='utf-8' ?>
+<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "Reference_Guide.ent">
%BOOK_ENTITIES;
]>
<chapter id="chap-Reference_Guide-eXo_JCR_with_GateIn">
- <title>eXo JCR with GateIn</title>
- <!-- <xi:include href="jcr-with-gtn/how-to-extend-my-gatein-instance.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> --> <xi:include href="jcr-with-gtn/managed-datasources-under-jboss-as.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <title>eXo JCR with GateIn</title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="jcr-with-gtn/managed-datasources-under-jboss-as.xml"/>
</chapter>
-
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR.xml 2012-11-28 05:17:16 UTC (rev 8970)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR.xml 2012-11-28 05:32:06 UTC (rev 8971)
@@ -13,15 +13,12 @@
<!-- <xi:include href="eXoJCR/jcr/configuration/configuration-persister.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />--> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/configuration/jdbc-data-container-config.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/configuration/external-value-storages.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/configuration/workspace-persistence-storage.xml"/>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/configuration/rest-services-on-groovy.xml"/>
<!-- cluster configs --> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/cluster-config.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/jbosscache-configuration-templates.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/lock-manager-config.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/query-handler-config.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/jbossts-transaction-service.xml"/>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/transaction-manager-lookup.xml"/>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/repository-creation-service.xml"/>
-<!-- search --> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/searching/jcr-query-usecases.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/searching/jcr-query-usecases.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/searching/searching-repository-content.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/searching/fulltext-search-and-settings.xml"/>
<!-- api extensions --><!--<xi:include href="eXoJCR/jcr/api-extensions.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />--><!-- protocols --> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/protocols/webdav.xml"/>
@@ -30,15 +27,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/backup/backup-client.xml"/>--> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/backup/use-external-backup-tool.xml"/>
<!-- other --> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/statistics.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/repository-check-controller.xml"/>
-<!--<xi:include href="eXoJCR/jcr/jta.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />--><!--<xi:include href="eXoJCR/jcr/jca.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />--><!--<xi:include href="eXoJCR/jcr/other/acl.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />--><!--<xi:include href="eXoJCR/jcr/other/acl-ext.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />--> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/other/link-producer.xml"/>
-<!--<xi:include href="eXoJCR/jcr/other/binary-values-processing.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />--> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/other/jcr-resources.xml"/>
-<!-- data container configs --> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/data-container.xml"/>
-<!-- <xi:include href="eXoJCR/jcr/data-container-howto.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> --> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/db-cleaner-service.xml"/>
<!-- tuning guide
DOC NOTE: Could possibly be moved to a specific Tuning Guide later --> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr/performance-tuning-guide.xml"/>
-<!-- JCR Core
- DOC NOTE: This section seems to include items covered elsewhere in this guide, or things that are not relevant to EPP
- <xi:include href="eXoJCR/core.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> --><!-- Web services
- DOC NOTE: Red Hat JBoss has two possible Web Services packages. No need to document the eXo offering:
- <xi:include href="eXoJCR/ws.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> --> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr-with-gatein.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="eXoJCR/jcr-with-gatein.xml"/>
</part>
12 years, 1 month
gatein SVN: r8970 - in epp/docs/branches: 6.0/Reference_Guide/en-US/modules/PortalDevelopment and 1 other directory.
by do-not-reply@jboss.org
Author: smumford
Date: 2012-11-28 00:17:16 -0500 (Wed, 28 Nov 2012)
New Revision: 8970
Modified:
epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/DefaultPortalConfiguration.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/PortalDevelopment/DefaultPortalConfiguration.xml
Log:
BZ-794416: Added content on disabling unused portals
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/DefaultPortalConfiguration.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/DefaultPortalConfiguration.xml 2012-11-26 08:55:09 UTC (rev 8969)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/DefaultPortalConfiguration.xml 2012-11-28 05:17:16 UTC (rev 8970)
@@ -37,7 +37,82 @@
</para>
</section>
-
+ <section id="sect-Reference_Guide-Default_Portal_Configuration-Disabling_a_Portal">
+ <!-- DOCS NOTE:
+ This content is mirrored in the JPP 6.0 Reference Guide.
+ Any changes here should be reflected there as well.
+ -->
+ <title><remark>BZ#794416</remark>Disabling a Portal</title>
+ <para>
+ Once you have created a custom portal that suits your needs, you may wish to disable a portal that is no longer required.
+ </para>
+
+ <task>
+ <title>Task: Disable a portal in EPP 5</title>
+ <tasksummary>
+ <para>
+ The procedure below will show you how to disable an unused portal in a JBoss Portal Platform instance.
+ </para>
+ </tasksummary>
+ <taskprerequisites>
+ <title>Prerequisites: </title>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <remark>Are there any pre-reqs for this task?</remark>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </taskprerequisites>
+ <procedure>
+ <title></title>
+ <step>
+ <para>
+ Add the following configuration to the <filename>configuration.xml</filename> of the custom extension in order to disable a portal:
+ </para>
+<programlisting language="XML" role="XML"><![CDATA[<?xml version="1.0" encoding="UTF-8"?>
+<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.exoplaform.org/xml/ns/kernel_1_0.xsd http://www.exoplaform.org/xml/ns/kernel_1_1.xsd"
+ xmlns="http://www.exoplaform.org/xml/ns/kernel_1_1.xsd">
+ <external-component-plugins>
+ <!-- The full qualified name of the PortalContainerConfig -->
+ <target-component>org.exoplatform.container.definition.PortalContainerConfig
+ </target-component>
+ <component-plugin>
+ <!-- The name of the plugin -->
+ <name>Add PortalContainer Definitions</name>
+ <!-- (existing configuration for new portal container) -->
+ </component-plugin>
+ <component-plugin>
+ <!-- The name of the plugin -->
+ <name>Disable a PortalContainer</name>
+ <!-- The name of the method to call on the PortalContainerConfig in order to register the changes on the PortalContainerDefinitions -->
+ <set-method>registerDisablePlugin</set-method>
+ <!-- The full qualified name of the PortalContainerDefinitionDisablePlugin -->
+ <type>org.exoplatform.container.definition.PortalContainerDefinitionDisablePlugin</type>
+ <init-params>
+ <!-- The list of the name of the portal containers to disable -->
+ <values-param>
+ <name>names</name>
+ <value>$PORTAL_NAME</value>
+ </values-param>
+ </init-params>
+ </component-plugin>
+ </external-component-plugins>
+</configuration>
+]]></programlisting>
+ </step>
+ </procedure>
+ <taskrelated>
+ <note>
+ <title></title>
+ <para>
+ Disabling the default <emphasis>portal</emphasis> container is possible as well, but some functions, such as WSRP, or Services Management, depend on the default portal container to be deployed, and will no longer work if this is disabled.
+ </para>
+ </note>
+ </taskrelated>
+ </task>
+ </section>
</chapter>
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/PortalDevelopment/DefaultPortalConfiguration.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/PortalDevelopment/DefaultPortalConfiguration.xml 2012-11-26 08:55:09 UTC (rev 8969)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/PortalDevelopment/DefaultPortalConfiguration.xml 2012-11-28 05:17:16 UTC (rev 8970)
@@ -33,4 +33,81 @@
<emphasis>Components</emphasis>, <emphasis>component-plugins</emphasis>, and <emphasis>init-params</emphasis> are explained in a later chapter of this document.
</para>
</section>
+ <section id="sect-Reference_Guide-Default_Portal_Configuration-Disabling_a_Portal">
+ <!--
+ This content is mirrored in the JPP 5.2 Reference Guide.
+ Any changes here should be reflected there as well.
+ -->
+ <title><remark>BZ#794416</remark>Disabling a Portal</title>
+ <para>
+ Once you have created a custom portal that suits your needs, you may wish to disable a portal that is no longer required.
+ </para>
+
+ <task>
+ <title>Task: Disable a portal in EPP 5</title>
+ <tasksummary>
+ <para>
+ The procedure below will show you how to disable an unused portal in a JBoss Portal Platform instance.
+ </para>
+ </tasksummary>
+ <taskprerequisites>
+ <title>Prerequisites: </title>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <remark>Are there any pre-reqs for this task?</remark>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </taskprerequisites>
+ <procedure>
+ <title></title>
+ <step>
+ <para>
+ Add the following configuration to the <filename>configuration.xml</filename> of the custom extension in order to disable a portal:
+ </para>
+<programlisting language="XML" role="XML"><![CDATA[<?xml version="1.0" encoding="UTF-8"?>
+<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.exoplaform.org/xml/ns/kernel_1_0.xsd http://www.exoplaform.org/xml/ns/kernel_1_1.xsd"
+ xmlns="http://www.exoplaform.org/xml/ns/kernel_1_1.xsd">
+ <external-component-plugins>
+ <!-- The full qualified name of the PortalContainerConfig -->
+ <target-component>org.exoplatform.container.definition.PortalContainerConfig
+ </target-component>
+ <component-plugin>
+ <!-- The name of the plugin -->
+ <name>Add PortalContainer Definitions</name>
+ <!-- (existing configuration for new portal container) -->
+ </component-plugin>
+ <component-plugin>
+ <!-- The name of the plugin -->
+ <name>Disable a PortalContainer</name>
+ <!-- The name of the method to call on the PortalContainerConfig in order to register the changes on the PortalContainerDefinitions -->
+ <set-method>registerDisablePlugin</set-method>
+ <!-- The full qualified name of the PortalContainerDefinitionDisablePlugin -->
+ <type>org.exoplatform.container.definition.PortalContainerDefinitionDisablePlugin</type>
+ <init-params>
+ <!-- The list of the name of the portal containers to disable -->
+ <values-param>
+ <name>names</name>
+ <value>$PORTAL_NAME</value>
+ </values-param>
+ </init-params>
+ </component-plugin>
+ </external-component-plugins>
+</configuration>
+]]></programlisting>
+ </step>
+ </procedure>
+ <taskrelated>
+ <note>
+ <title></title>
+ <para>
+ Disabling the default <emphasis>portal</emphasis> container is possible as well, but some functions, such as WSRP, or Services Management, depend on the default portal container to be deployed, and will no longer work if this is disabled.
+ </para>
+ </note>
+ </taskrelated>
+ </task>
+ </section>
+
</chapter>
12 years, 1 month
gatein SVN: r8968 - epp/portal/branches/EPP_5_2_1_GA_BZ879258/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/jcr.
by do-not-reply@jboss.org
Author: mputz
Date: 2012-11-22 12:06:12 -0500 (Thu, 22 Nov 2012)
New Revision: 8968
Modified:
epp/portal/branches/EPP_5_2_1_GA_BZ879258/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/jcr/JCRPersister.java
Log:
Bug 879341 - Backport of commit 8966 to fix JCRPersister
Modified: epp/portal/branches/EPP_5_2_1_GA_BZ879258/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/jcr/JCRPersister.java
===================================================================
--- epp/portal/branches/EPP_5_2_1_GA_BZ879258/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/jcr/JCRPersister.java 2012-11-22 16:10:39 UTC (rev 8967)
+++ epp/portal/branches/EPP_5_2_1_GA_BZ879258/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/jcr/JCRPersister.java 2012-11-22 17:06:12 UTC (rev 8968)
@@ -23,30 +23,20 @@
package org.gatein.integration.wsrp.jcr;
-import org.chromattic.api.Chromattic;
import org.chromattic.api.ChromatticBuilder;
-import org.chromattic.api.ChromatticSession;
import org.chromattic.api.format.FormatterContext;
import org.chromattic.api.format.ObjectFormatter;
import org.chromattic.spi.jcr.SessionLifeCycle;
import org.exoplatform.container.ExoContainer;
import org.exoplatform.container.ExoContainerContext;
-import org.exoplatform.container.component.ComponentRequestLifecycle;
import org.exoplatform.services.jcr.RepositoryService;
import org.exoplatform.services.jcr.core.ManageableRepository;
import org.exoplatform.services.jcr.ext.common.SessionProvider;
-import org.gatein.common.util.ParameterValidation;
import org.gatein.wsrp.jcr.BaseChromatticPersister;
-import org.gatein.wsrp.jcr.mapping.BaseMapping;
import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
-import java.lang.reflect.ParameterizedType;
-import java.lang.reflect.Type;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
/**
* @author <a href="mailto:chris.laprun@jboss.com">Chris Laprun</a>
@@ -76,12 +66,12 @@
}
}
- public static class WSRPSessionLifeCycle implements SessionLifeCycle
+ public static abstract class AbstractSessionLifeCycle implements SessionLifeCycle
{
private ManageableRepository repository;
- private SessionProvider provider;
+ private ThreadLocal<SessionProvider> provider = new ThreadLocal<SessionProvider>();
- public WSRPSessionLifeCycle()
+ public AbstractSessionLifeCycle()
{
try
{
@@ -93,15 +83,22 @@
{
throw new RuntimeException(e);
}
-
- provider = SessionProvider.createSystemProvider();
}
public Session login() throws RepositoryException
{
- return provider.getSession(WSRP_WORKSPACE_NAME, repository);
+ SessionProvider sessionProvider = provider.get();
+ if (sessionProvider == null)
+ {
+ sessionProvider = SessionProvider.createSystemProvider();
+ provider.set(sessionProvider);
+ }
+
+ return sessionProvider.getSession(getWorkspaceName(), repository);
}
+ protected abstract String getWorkspaceName();
+
public Session login(String s) throws RepositoryException
{
throw new UnsupportedOperationException();
@@ -128,56 +125,22 @@
}
}
- public static class PortletStatesSessionLifeCycle implements SessionLifeCycle
+ public static class WSRPSessionLifeCycle extends AbstractSessionLifeCycle
{
- private ManageableRepository repository;
- private SessionProvider provider;
-
- public PortletStatesSessionLifeCycle()
+ @Override
+ protected String getWorkspaceName()
{
- try
- {
- ExoContainer container = ExoContainerContext.getCurrentContainer();
- RepositoryService repoService = (RepositoryService)container.getComponentInstanceOfType(RepositoryService.class);
- repository = repoService.getRepository(REPOSITORY_NAME);
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
-
- provider = SessionProvider.createSystemProvider();
+ return WSRP_WORKSPACE_NAME;
}
+ }
- public Session login() throws RepositoryException
+ public static class PortletStatesSessionLifeCycle extends AbstractSessionLifeCycle
+ {
+ @Override
+ protected String getWorkspaceName()
{
- return provider.getSession(PORTLET_STATES_WORKSPACE_NAME, repository);
+ return PORTLET_STATES_WORKSPACE_NAME;
}
-
- public Session login(String s) throws RepositoryException
- {
- throw new UnsupportedOperationException();
- }
-
- public Session login(Credentials credentials, String s) throws RepositoryException
- {
- throw new UnsupportedOperationException();
- }
-
- public Session login(Credentials credentials) throws RepositoryException
- {
- throw new UnsupportedOperationException();
- }
-
- public void save(Session session) throws RepositoryException
- {
- session.save();
- }
-
- public void close(Session session)
- {
- session.logout();
- }
}
public static class QNameFormatter implements ObjectFormatter
@@ -245,4 +208,4 @@
return s.replace(SLASH, SLASH_REPLACEMENT);
}
}
-}
+}
\ No newline at end of file
12 years, 1 month
gatein SVN: r8967 - epp/portal/branches.
by do-not-reply@jboss.org
Author: mputz
Date: 2012-11-22 11:10:39 -0500 (Thu, 22 Nov 2012)
New Revision: 8967
Added:
epp/portal/branches/EPP_5_2_1_GA_BZ879258/
Log:
Creation of patch branch for BZ 879258
12 years, 1 month
gatein SVN: r8966 - epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/jcr.
by do-not-reply@jboss.org
Author: chris.laprun(a)jboss.com
Date: 2012-11-22 08:21:48 -0500 (Thu, 22 Nov 2012)
New Revision: 8966
Modified:
epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/jcr/JCRPersister.java
Log:
Bug 879258 - Failed to Retrieve Registration Information Exception during Load Testing
Modified: epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/jcr/JCRPersister.java
===================================================================
--- epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/jcr/JCRPersister.java 2012-11-19 00:47:09 UTC (rev 8965)
+++ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/jcr/JCRPersister.java 2012-11-22 13:21:48 UTC (rev 8966)
@@ -23,30 +23,20 @@
package org.gatein.integration.wsrp.jcr;
-import org.chromattic.api.Chromattic;
import org.chromattic.api.ChromatticBuilder;
-import org.chromattic.api.ChromatticSession;
import org.chromattic.api.format.FormatterContext;
import org.chromattic.api.format.ObjectFormatter;
import org.chromattic.spi.jcr.SessionLifeCycle;
import org.exoplatform.container.ExoContainer;
import org.exoplatform.container.ExoContainerContext;
-import org.exoplatform.container.component.ComponentRequestLifecycle;
import org.exoplatform.services.jcr.RepositoryService;
import org.exoplatform.services.jcr.core.ManageableRepository;
import org.exoplatform.services.jcr.ext.common.SessionProvider;
-import org.gatein.common.util.ParameterValidation;
import org.gatein.wsrp.jcr.BaseChromatticPersister;
-import org.gatein.wsrp.jcr.mapping.BaseMapping;
import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
-import java.lang.reflect.ParameterizedType;
-import java.lang.reflect.Type;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
/**
* @author <a href="mailto:chris.laprun@jboss.com">Chris Laprun</a>
@@ -76,12 +66,12 @@
}
}
- public static class WSRPSessionLifeCycle implements SessionLifeCycle
+ public static abstract class AbstractSessionLifeCycle implements SessionLifeCycle
{
private ManageableRepository repository;
- private SessionProvider provider;
+ private ThreadLocal<SessionProvider> provider = new ThreadLocal<SessionProvider>();
- public WSRPSessionLifeCycle()
+ public AbstractSessionLifeCycle()
{
try
{
@@ -93,15 +83,22 @@
{
throw new RuntimeException(e);
}
-
- provider = SessionProvider.createSystemProvider();
}
public Session login() throws RepositoryException
{
- return provider.getSession(WSRP_WORKSPACE_NAME, repository);
+ SessionProvider sessionProvider = provider.get();
+ if (sessionProvider == null)
+ {
+ sessionProvider = SessionProvider.createSystemProvider();
+ provider.set(sessionProvider);
+ }
+
+ return sessionProvider.getSession(getWorkspaceName(), repository);
}
+ protected abstract String getWorkspaceName();
+
public Session login(String s) throws RepositoryException
{
throw new UnsupportedOperationException();
@@ -128,56 +125,22 @@
}
}
- public static class PortletStatesSessionLifeCycle implements SessionLifeCycle
+ public static class WSRPSessionLifeCycle extends AbstractSessionLifeCycle
{
- private ManageableRepository repository;
- private SessionProvider provider;
-
- public PortletStatesSessionLifeCycle()
+ @Override
+ protected String getWorkspaceName()
{
- try
- {
- ExoContainer container = ExoContainerContext.getCurrentContainer();
- RepositoryService repoService = (RepositoryService)container.getComponentInstanceOfType(RepositoryService.class);
- repository = repoService.getRepository(REPOSITORY_NAME);
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
-
- provider = SessionProvider.createSystemProvider();
+ return WSRP_WORKSPACE_NAME;
}
+ }
- public Session login() throws RepositoryException
+ public static class PortletStatesSessionLifeCycle extends AbstractSessionLifeCycle
+ {
+ @Override
+ protected String getWorkspaceName()
{
- return provider.getSession(PORTLET_STATES_WORKSPACE_NAME, repository);
+ return PORTLET_STATES_WORKSPACE_NAME;
}
-
- public Session login(String s) throws RepositoryException
- {
- throw new UnsupportedOperationException();
- }
-
- public Session login(Credentials credentials, String s) throws RepositoryException
- {
- throw new UnsupportedOperationException();
- }
-
- public Session login(Credentials credentials) throws RepositoryException
- {
- throw new UnsupportedOperationException();
- }
-
- public void save(Session session) throws RepositoryException
- {
- session.save();
- }
-
- public void close(Session session)
- {
- session.logout();
- }
}
public static class QNameFormatter implements ObjectFormatter
@@ -245,4 +208,4 @@
return s.replace(SLASH, SLASH_REPLACEMENT);
}
}
-}
+}
\ No newline at end of file
12 years, 1 month