gatein SVN: r9088 - in epp/docs/branches/6.0/Reference_Guide/en-US: modules and 5 other directories.
by do-not-reply@jboss.org
Author: jaredmorgs
Date: 2013-01-28 00:14:12 -0500 (Mon, 28 Jan 2013)
New Revision: 9088
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/Reference_Guide.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/Advanced/Foundations/Config_Retrieval.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/PortletDevelopment/PortletBridge.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/WSRP.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr-with-gtn/managed-datasources-under-jboss-as.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr/cluster-config.xml
Log:
Changes to date for WSRP section pushing back in.
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/Reference_Guide.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/Reference_Guide.xml 2013-01-26 18:34:09 UTC (rev 9087)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/Reference_Guide.xml 2013-01-28 05:14:12 UTC (rev 9088)
@@ -30,8 +30,8 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/Advanced.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/eXoJCR.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Revision_History.xml"/>
-<part>
-<title>Server Integration</title>
-<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/ServerIntegration.xml"/>
-</part>
+ <part>
+ <title>Server Integration</title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/ServerIntegration.xml"/>
+ </part>
</book>
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/Advanced/Foundations/Config_Retrieval.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/Advanced/Foundations/Config_Retrieval.xml 2013-01-26 18:34:09 UTC (rev 9087)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/Advanced/Foundations/Config_Retrieval.xml 2013-01-28 05:14:12 UTC (rev 9088)
@@ -11,33 +11,22 @@
<para>
The container is initialized by looking into different locations. This container is used by portal applications. Configurations are overloaded in the following lookup sequence:
</para>
- <remark>NEEDINFO - FILE PATHS - the file before was configuration.xml, but I'm pretty sure all this is defined in standalone.xml now, correct?</remark>
<procedure>
<step>
<para>
- Services default <envar>RootContainer</envar> configurations from JAR files <filename><replaceable>JPP_HOME/</replaceable>/standalone/configuration/standalone.xml</filename>.
+ Services default <envar>RootContainer</envar> configurations from JAR files <filename>/conf/configuration.xml</filename>.
</para>
</step>
<step>
<para>
- External <envar>RootContainer</envar> configuration can be found at <filename><replaceable>JPP_HOME/</replaceable>/standalone/configuration/standalone.xml</filename>.
+ Services default <envar>PortalContainer</envar> configurations from JAR files <filename>/conf/portal/configuration.xml</filename>.
</para>
</step>
<step>
<para>
- Services default <envar>PortalContainer</envar> configurations from JAR files <filename><replaceable>JPP_HOME/</replaceable>/standalone/configuration/standalone.xml</filename>.
- </para>
- </step>
- <step>
- <para>
Web applications configurations from WAR files <filename>/WEB-INF/conf/configuration.xml</filename>
</para>
</step>
- <step>
- <para>
- External configuration for services of named portal can be found at <filename><replaceable>JPP_HOME</replaceable>/standalone/configuration/standalone.xml</filename>.
- </para>
- </step>
</procedure>
<note>
<para>
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml 2013-01-26 18:34:09 UTC (rev 9087)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml 2013-01-28 05:14:12 UTC (rev 9088)
@@ -52,29 +52,23 @@
<para>
Authentication workflow consists of HTTP requests and redirects which include handshakes. Currently only Servlet 3.0 containers are supported, so authentication is triggered programmatically from Servlet API.
</para>
- <remark>NEEDINFO - FILE PATHS - in this file, the /dologin blocks seem to be in <servlet-mapping> directives. Is it OK for me to update to this format in this respect?</remark>
- <para>
- First you can see in <filename><replaceable>JPP_DIST</replaceable>/gatein/gatein.ear/portal.war/WEB-INF/web.xml</filename> that authentication is triggered by accessing a secured URL <systemitem>_/dologin_</systemitem>:
+ <para>In <filename><replaceable>JPP_DIST</replaceable>/gatein/gatein.ear/portal.war/WEB-INF/web.xml</filename>, authentication is triggered by accessing a secured URL <systemitem>_/dologin_</systemitem>:
</para>
- <programlisting language="XML" role="XML">
-<![CDATA[
- <security-constraint>
- <web-resource-collection>
- <web-resource-name>user authentication</web-resource-name>
- <url-pattern>/dologin</url-pattern>
- <http-method>POST</http-method>
- <http-method>GET</http-method>
- </web-resource-collection>
- <auth-constraint>
- <role-name>users</role-name>
- </auth-constraint>
- <user-data-constraint>
- <transport-guarantee>NONE</transport-guarantee>
- </user-data-constraint>
- </web-resource-collection>
- </security-constraint>
-]]>
- </programlisting>
+ <programlisting language="XML"><security-constraint>
+ <web-resource-collection>
+ <web-resource-name>user authentication</web-resource-name>
+ <url-pattern>/dologin</url-pattern>
+ <http-method>POST</http-method>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>users</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </web-resource-collection>
+</security-constraint> </programlisting>
<para>
This means that access to URLs (such as <ulink url="http://localhost:8080/portal/dologin" type="http">http://localhost:8080/portal/dologin</ulink>) will directly trigger J2EE authentication in the case that the user is not already logged in.
</para>
@@ -84,18 +78,14 @@
<para>
In the next part of the file we can see that authentication is FORM based and it starts by redirection to <emphasis>/login</emphasis> URL, which is mapped to <literal>LoginServlet</literal>.
</para>
- <programlisting language="XML" role="XML">
-<![CDATA[
- <login-config>
- <auth-method>FORM</auth-method>
- <realm-name>gatein-domain</realm-name>
- <form-login-config>
- <form-login-page>/login</form-login-page>
- <form-error-page>/login</form-error-page>
- </form-login-config>
- </login-config>
-]]>
- </programlisting>
+ <programlisting language="XML"><login-config>
+ <auth-method>FORM</auth-method>
+ <realm-name>gatein-domain</realm-name>
+ <form-login-config>
+ <form-login-page>/login</form-login-page>
+ <form-error-page>/login</form-error-page>
+ </form-login-config>
+</login-config> </programlisting>
<para>
<literal>LoginServlet</literal> redirects the user to the login page placed in <filename><replaceable>JPP_DIST</replaceable>/gatein/gatein.ear/portal.war/login/jsp/login.jsp</filename>.
<mediaobject>
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2013-01-26 18:34:09 UTC (rev 9087)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2013-01-28 05:14:12 UTC (rev 9088)
@@ -60,7 +60,7 @@
</para> --> </warning>
</section>
<section id="sect-SSO_Single_Sign_On_-Central_Authentication_Service">
- <title><remark>BZ#856430</remark>Central Authentication Service (CAS)</title>
+ <title><remark>BZ#856430 </remark>Central Authentication Service (CAS)</title>
<para>
The CAS single sign-on (SSO) plug-in enables seamless integration between the platform and the CAS SSO framework. General information about CAS can be found on the <ulink url="http://www.jasig.org/cas">Jasig website</ulink>.
</para>
@@ -922,7 +922,7 @@
<procedure>
<step>
<para>
- Assuming again that you have JBoss Portal Platform running on JBoss Enterprise Platform 6, you need to change some of the properties in the SSO sections of <filename>JBOSS_HOME/standalone/configuration/gatein/configuration.properties</filename> to match those below:
+ Assuming again that you have JBoss Portal Platform running on JBoss Enterprise Application Platform 6, you need to change some of the properties in the SSO sections of <filename>JBOSS_HOME/standalone/configuration/gatein/configuration.properties</filename> to match those below:
</para>
<informalexample>
<programlisting>
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/PortletDevelopment/PortletBridge.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/PortletDevelopment/PortletBridge.xml 2013-01-26 18:34:09 UTC (rev 9087)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/PortletDevelopment/PortletBridge.xml 2013-01-28 05:14:12 UTC (rev 9088)
@@ -26,50 +26,49 @@
The other part of this implementation is provided by implementing a variety of (standard) <literal>Faces</literal> extensions.
</para>
</section>
- <section id="Portlet_Bridge_File_Locations">
- <title>File Locations</title>
- <remark>BZ#856417 - NEEDINFO - will we be packaging the portletbridge binaries in this folder for JBoss Portal Platform 6? </remark>
- <para>The binaries required for Portlet Bridge applications, and example applications that can be used to learn and understand JSF applications are located in in <filename>JPP_DIST/portletbridge</filename>. </para>
- <para>Configuration files for Portlet Bridge are located in the following locations: </para>
- <itemizedlist>
- <listitem>
- <para><filename><replaceable>JPP_DIST</replaceable>/standalone/<replaceable>portlet_name</replaceable>.war/WEB-INF/portlet.xml</filename></para>
- </listitem>
- <listitem>
- <para><filename><replaceable>JPP_DIST</replaceable>/standalone/<replaceable>portlet_name</replaceable>.war/WEB-INF/faces-config.xml</filename></para>
- </listitem>
- <listitem>
- <para><filename><replaceable>JPP_DIST</replaceable>/standalone/<replaceable>portlet_name</replaceable>.war/WEB-INF/web.xml</filename></para>
- </listitem>
- </itemizedlist>
- <para><variablelist>
- <varlistentry>
- <term>
- <filename>portlet.xml</filename>
- </term>
- <listitem>
- <para>Contains the primary configuration information for the portlet. Information such as the GenericFacesPortlet location, and which Java Server Faces (JSF) pages to render are stored in this file.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <filename>faces-config.xml</filename>
- </term>
- <listitem>
- <para>Contains configuration directives that are specific to JSF applications. The specific directives will be covered as needed throughout this guide.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <filename>web.xml</filename>
- </term>
- <listitem>
- <para>Contains configuration directives that apply to the web application in general.</para>
- </listitem>
- </varlistentry>
- </variablelist></para>
- </section>
- <section id="What_is_a_portlet_application">
+<!--BZ#856417 - File Locations Section intentionally commented out because Portlet Bridge is packaged with JPP, therefore libraries are deployed as modules in JPP.--><!--<section id="Portlet_Bridge_File_Locations">
+ <title>File Locations</title>
+ <remark>BZ#856417 - NEEDINFO - will we be packaging the portletbridge binaries in this folder for JBoss Portal Platform 6? </remark>
+ <para>The binaries required for Portlet Bridge applications, and example applications that can be used to learn and understand JSF applications are located in in <filename>JPP_DIST/portletbridge</filename>. </para>
+ <para>Configuration files for Portlet Bridge are located in the following locations: </para>
+ <itemizedlist>
+ <listitem>
+ <para><filename><replaceable>JPP_DIST</replaceable>/standalone/<replaceable>portlet_name</replaceable>.war/WEB-INF/portlet.xml</filename></para>
+ </listitem>
+ <listitem>
+ <para><filename><replaceable>JPP_DIST</replaceable>/standalone/<replaceable>portlet_name</replaceable>.war/WEB-INF/faces-config.xml</filename></para>
+ </listitem>
+ <listitem>
+ <para><filename><replaceable>JPP_DIST</replaceable>/standalone/<replaceable>portlet_name</replaceable>.war/WEB-INF/web.xml</filename></para>
+ </listitem>
+ </itemizedlist>
+ <para><variablelist>
+ <varlistentry>
+ <term>
+ <filename>portlet.xml</filename>
+ </term>
+ <listitem>
+ <para>Contains the primary configuration information for the portlet. Information such as the GenericFacesPortlet location, and which Java Server Faces (JSF) pages to render are stored in this file.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <filename>faces-config.xml</filename>
+ </term>
+ <listitem>
+ <para>Contains configuration directives that are specific to JSF applications. The specific directives will be covered as needed throughout this guide.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <filename>web.xml</filename>
+ </term>
+ <listitem>
+ <para>Contains configuration directives that apply to the web application in general.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist></para>
+</section>--> <section id="What_is_a_portlet_application">
<title id="Portlet_Bridge_Portlet_Application">Portlet application</title>
<para>A portlet application is defined as a single web archive (WAR). </para>
<para>All portlets that are part of the same WAR are considered to form part of the same portlet application.</para>
@@ -77,7 +76,6 @@
<section>
<title id="Portlet_Bridge_Extensions">Extensions</title>
<para>Portlet extensions sit atop the portlet bridge framework. They extend the functionality of other JBoss portlet applications, and are critical in JSF portlet development. </para>
- <para>Extensions are made available in the impl development binary, located in <filename><replaceable>JPP_DIST</replaceable>/portletbridge</filename>. </para>
</section>
<section id="Portlet_Bridge_Examples">
<title><remark>BZ#856417</remark>Examples</title>
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/WSRP.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/WSRP.xml 2013-01-26 18:34:09 UTC (rev 9087)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/WSRP.xml 2013-01-28 05:14:12 UTC (rev 9088)
@@ -5,8 +5,9 @@
]>
<chapter id="wsrp">
<title>Web Services for Remote Portlets (WSRP)</title>
- <section>
+ <section id="wsrp-Introduction">
<title>Introduction</title>
+ <remark>https://docs.jboss.org/author/display/GTNPORTAL35/Web+Services+for+Remote...</remark>
<para>The Web Services for Remote Portlets specification defines a web service interface for accessing and
interacting with interactive presentation-oriented web services. It has been produced through the efforts of
the Web Services for Remote Portlets (WSRP) OASIS Technical Committee. It is based on the requirements
@@ -35,6 +36,7 @@
</section>
<section id="wsrp_support">
<title>Level of support in JBoss Portal Platform</title>
+ <remark>Source: https://docs.jboss.org/author/display/GTNPORTAL35/Level+of+support</remark>
<para>The WSRP Technical Committee defined
<ulink url="http://www.oasis-open.org/committees/download.php/3073">WSRP Use Profiles</ulink>
to help with WSRP interoperability. This section will refer to terms defined in that document.
@@ -44,7 +46,7 @@
defined at the Complex level) are supported.
</para>
<para>On the Consumer side, JBoss Portal Platform provides a Medium level of support for WSRP, except that the consumer only handles
- HTML markup (as JBoss Portal Platform itself does not handle other markup types). It does support explicit portlet
+ HTML markup (because JBoss Portal Platform itself does not handle other markup types). The platform does support explicit portlet
cloning and it fully supports the PortletManagement interface.
</para>
<para>As far as caching goes, the component has Level 1 Producer and Consumer. Cookie handling is supported properly on the
@@ -65,25 +67,24 @@
<note>
<title>Note</title>
<para>As of version &VZ; of JBoss Portal Platform, WSRP is only activated and supported
- when JBoss Portal Platform is deployed on JBoss Application Server.
+using JBoss Portal Platform deployed on JBoss Enterprise Application Platform 6.
</para>
</note>
</section>
- <section>
+ <section id="Deploying_JPP_WSRP_Services">
<title><remark>BZ#839355</remark>Deploying JBoss Portal Platform's WSRP services</title>
+ <remark>Source: https://docs.jboss.org/author/display/GTNPORTAL35/Deploying+GateIn%27s+WS...</remark>
<para>
JBoss Portal Platform provides complete support for WSRP 1.0 and 2.0 standard interfaces, and offers both consumer and
producer services. Starting with version 2.1.0-GA of the component, WSRP is packaged as a JBoss Portal Platform
extension, and is self-contained in a package named
- <filename><replaceable>JPP_DIST</replaceable>/gatein/extensions/gatein-wsrp-integration.ear</filename>
+ <filename><replaceable>JPP_HOME</replaceable>/gatein/extensions/gatein-wsrp-integration.ear</filename>
.
</para>
- <remark>NEEDINFO - FILE PATHS - there don't seem to be any config files that I can see in the directory below.</remark>
<para>The only files of interest from a user perspective
are located in the
- <filename><replaceable>JPP_DIST</replaceable>/standalone/configuration/gatein/wsrp</filename>
+ <filename><replaceable>JPP_HOME</replaceable>/standalone/configuration/gatein/wsrp</filename>
directory.</para>
- <remark>NEEDINFO - FILE PATHS - the wsse files are not present in the directory structure. Where do these live now?</remark>
<itemizedlist>
<listitem>
<para><filename>gatein-wsse-consumer.xml</filename>, which allows you to configure WS-Security support for the consumer.</para>
@@ -156,7 +157,7 @@
<section id="wsrp-ports">
<title>Considerations to use WSRP when running JBoss Portal Platform on a non-default port or hostname</title>
<para>
- The web service stack that JBoss Portal Platform uses is based on JBoss WS. It updates the port and host name used in WSDL (for further details refer to the <citetitle>Web Services</citetitle> chapter in the <citetitle>JBoss Enterprise Application Platform Administration and Configuration User Guide</citetitle>).
+ The web service stack that JBoss Portal Platform uses is based on JBoss WS. It updates the port and host name used in WSDL (for further details refer to the <citetitle>Web Services</citetitle> chapter in the <citetitle>JBoss Enterprise Application Platform 6 Administration and Configuration User Guide</citetitle>).
</para>
<para>
Of course, if you have modified the host name and port on which your server runs, you will
@@ -164,8 +165,9 @@
update the configuration for the consumer used to consume JBoss Portal Platform's 'self' producer. </para>
</section>
</section>
- <section>
- <title><remark>BZ#856432</remark>Securing WSRP</title>
+ <section id="Securing_WSRP">
+ <title><remark>BZ#856432 </remark>Securing WSRP</title>
+ <remark>Source: https://docs.jboss.org/author/display/GTNPORTAL35/Securing+WSRP#SecuringW...</remark>
<para>There are two main ways to secure the communication between a producer and consumer:</para>
<orderedlist>
<listitem>
@@ -184,15 +186,15 @@
</listitem>
</orderedlist>
<para>Depending on requirements, an HTTPs endpoint or/and ws-security can be used.</para>
- <section>
+ <section id="WSRP_over_SSL_HTTPS_Endpoints">
<title>WSRP over SSL with HTTPS endpoints</title>
+ <remark>Source: https://docs.jboss.org/author/display/GTNPORTAL35/Securing+WSRP#SecuringW...</remark>
<para>
- It is possible to use WSRP over SSL for a secure exchange of data. Since GateIn Portal does not come initially configured for HTTPS connectors, we will need to configure the producer's server for this first. This is a global configuration change to JBoss AS and will affect more than just GateIn Portal and WSRP. Please see the
- <ulink url="http://www.jboss.org/jbossas/docs">JBoss AS documentation</ulink>
- for how to configure HTTPS connectors for the server.
+ It is possible to use WSRP over SSL for a secure exchange of data. Since JBoss Portal Platform does not come initially configured for HTTPS connectors, we will need to configure the producer's server for this first. This is a global configuration change, and will affect more than just the portal and WSRP. Refer to the
+JBoss Enterprise Application Platform 6 <citetitle>Administration and Configuration Guide</citetitle> for instructions about how to configure HTTPS connectors for the server.
</para>
<para>
- Once the producer is configured for HTTPS connections, on the consumer you will just need to modify the URL for the WSRP endpoint to point to the new https based url. This will require either manually updating the value in the WSRP admin application, or by specifying it using the
+ Once the producer is configured for HTTPS connections, on the consumer you will just need to modify the URL for the WSRP endpoint to point to the new https based URL. This will require either manually updating the value in the WSRP administration application, or by specifying it using the
<emphasis role="italics">wsrp-consumers-config.xml</emphasis>
configuration file before the server is first started.
</para>
@@ -200,31 +202,24 @@
<title>Sample Configuration For Enabling SSL With WSRP</title>
<warning>
<para>
- This is just a simple, test configuration to be used as an example as to how its possible to setup the https/ssl with wsrp. It is not meant to show best practices for configuring https with JBoss AS and does things which should not be used in a production server (such as self-signed certificates). Please see the
- <ulink url="http://www.jboss.org/jbossas/docs">JBoss AS documentation</ulink>
- for full configuration options.
+ The following procedures are provided as an example of configuring HTTPS/SSL with WSRP. </para>
+ <para>It is not meant to show best practices for configuring HTTPS with the platform, and does things which should not be used in a production server (such as self-signed certificates). Refer to the JBoss Enterprise Application Platform 6 product documentation for detailed, best practice configuration guidelines.
</para>
</warning>
- <section id="sid-54264620_SecuringWSRP-ConfiguretheProducertoUseHTTPS">
+ <procedure>
<title>Configure the Producer to Use HTTPS</title>
- <para>First we will need to configure the producer's server to use https. This is handled in the same manner that you would configure any JBoss AS server for HTTPS.</para>
- <orderedlist>
- <listitem>
- <para>Generate the keystore for the producer</para>
- <informalexample>
- <programlisting>keytool -genkey -alias tomcat -keyalg RSA -keystore producerhttps.keystore -dname "cn=localhost" -keypass changeme -storepass changeme</programlisting>
- </informalexample>
- </listitem>
- <listitem>
- <para>
+ <para>Configure the producer's server to use HTTPS. This is handled in the same manner that you would configure any JBoss AS server for HTTPS.</para>
+ <step>
+ <para>Generate the keystore for the producer by executing the following command.</para>
+ <programlisting>keytool -genkey -alias tomcat -keyalg RSA -keystore producerhttps.keystore -dname "cn=localhost" -keypass changeme -storepass changeme</programlisting>
+ </step>
+ <step>
+ <para>
Configure the server to add an https connection. This requires modifying the
<emphasis role="italics">standalone/configuration/standalone.xml</emphasis>
file with the following content in bold:
</para>
- <sidebar>
- <para>
- ...
-
+ <programlisting>
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
@@ -243,104 +238,89 @@
</virtual-server>
- ...
- </para>
- </sidebar>
- </listitem>
- <listitem>
- <para>
+ ...</programlisting>
+ </step>
+ <step>
+ <para>
Start the server and verify that
<ulink url="https://localhost:8443/portal"/>
is accessible. Note that since you are using a self-signed certificate that your browser will give a warning that the certificate cannot be trusted.
</para>
- <note>
- <para>In this example case we are accessing the portal using 'localhost' hence why we are using "cn=localhost" in the keytool command. If you are using this across another domain, you will need to make the necessary change.</para>
- </note>
- </listitem>
- </orderedlist>
- </section>
- <section id="sid-54264620_SecuringWSRP-ConfiguretheConsumertoAccesstheWSRPEndpointoverHTTPS">
+ <note>
+ <para>In this example case we are accessing the portal using 'localhost' hence why we are using "cn=localhost" in the keytool command. If you are using this across another domain, you will need to make the necessary changes.</para>
+ </note>
+ </step>
+ </procedure>
+ <procedure>
<title>Configure the Consumer to Access the WSRP Endpoint over HTTPS</title>
- <para>Ideally we should be able to just change the URL for the producer in the wsrp admin to use https, but we need to tell the consumer's server to trust our self-signed certificate first.</para>
- <orderedlist>
- <listitem>
- <para>Export the producer's public key from the producer's keystore</para>
- <informalexample>
- <programlisting>keytool -export -alias tomcat -file producerkey.rsa -keystore producerhttps.keystore -storepass changeme</programlisting>
- </informalexample>
- </listitem>
- <listitem>
- <para>Import the producer's public key into a new keystore for the consumer</para>
- <informalexample>
- <programlisting>keytool -import -alias tomcat -file producerkey.rsa -keystore consumerhttps.keystore -storepass changeme -noprompt</programlisting>
- </informalexample>
- </listitem>
- <listitem>
- <para>
+ <step>
+ <para>Export the producer's public key from the producer's keystore</para>
+ <programlisting>keytool -export -alias tomcat -file producerkey.rsa -keystore producerhttps.keystore -storepass changeme</programlisting>
+ </step>
+ <step>
+ <para>Import the producer's public key into a new keystore for the consumer</para>
+ <programlisting>keytool -import -alias tomcat -file producerkey.rsa -keystore consumerhttps.keystore -storepass changeme -noprompt</programlisting>
+ </step>
+ <step>
+ <para>
Configure the
<emphasis role="italics">bin/standalone.conf</emphasis>
file to add the following line at the end of the file:
</para>
- <informalexample>
- <programlisting>JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/path/to/consumerhttps.keystore -Djavax.net.ssl.trustStorePassword=changeme"</programlisting>
- </informalexample>
- </listitem>
- <listitem>
- <para>
+ <programlisting>JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/path/to/consumerhttps.keystore -Djavax.net.ssl.trustStorePassword=changeme"</programlisting>
+ </step>
+ <step>
+ <para>
Start the consumer and change the selfv2 producer url to
<ulink url="https://localhost:8443/wsrp-producer/v2/MarkupService?wsdl"/>
and verify that the consumer can access the producer.
</para>
- </listitem>
- </orderedlist>
- <note>
- <para>
- It is also possible to modify the
+ </step>
+ </procedure>
+ <note>
+ <para>
+ It is possible to modify the
<emphasis role="italics">wsrp-consumers-config.xml</emphasis>
- configuration file to change the URL instead of modifying it in the admin gui
+ configuration file to change the URL instead of modifying it in the administration GUI.
</para>
- </note>
- <para>
- It is possible to use WSRP over SSL for secure exchange of data. Configure your server appriopriately as described in the <citetitle>HTTPS Configuration</citetitle> section of the <citetitle>Installation Guide</citetitle>.
+ </note>
+ <para>
+ It is possible to use WSRP over SSL for secure exchange of data. Configure your server appropriately as described in the <citetitle>HTTPS Configuration</citetitle> section of the <citetitle>Installation Guide</citetitle>.
</para>
- </section>
</section>
</section>
- <section>
+ <section id="WSRP_and_WS-Security">
<title>WSRP and WS-Security</title>
<para>Portlets may present different data or options depending on the currently authenticated user. For remote
portlets, this means having to propagate the user credentials from the consumer back to the producer in
a safe and secure manner. The WSRP specification does not directly specify how this should be
accomplished, but delegates this work to the existing WS-Security standards. The WS-Security standards can also be used to secure the soap message, such as encryption and signing the message.
</para>
- <note>
- <title>Web Container Compatibility</title>
- <para>WSRP and WS-Security is currently only supported on JBoss Portal Platform when running on top of JBoss
- AS 5.
- </para>
- </note>
<warning>
- <title>Encryption</title>
- <para>You will want to encrypt the credentials being sent between the consumer and producer, otherwise they
- will be sent in plain text and could be easily intercepted. You can either configure WS-Security to
- encrypt and sign the SOAP messages being sent, or secure the transport layer by using an https endpoint.
+ <title>Encryption is strongly recommended</title>
+ <para>Encrypt the credentials being sent between the consumer and producer, otherwise they
+ will be sent in plain text and could be easily intercepted. Configure WS-Security to
+ encrypt and sign the SOAP messages being sent, or secure the transport layer by using an HTTPS endpoint.
Failure to encrypt the soap message or transport layer will result in the username and password being
- sent in plain text. <emphasis role="bold">Use of encryption is strongly recommended.</emphasis>
+ sent in plain text.
</para>
</warning>
+ <note>
+ <title>Web Container Compatibility</title>
+ <para>WSRP and WS-Security is only supported on JBoss Portal Platform when running on JBoss Enterprise Application Platform 6.
+ </para>
+ </note>
</section>
- <section>
+ <section id="wsrp-Credentials">
<title>Credentials</title>
<para>When the consumer sends the user credentials to the producer, it is sending the credentials for the
currently authenticated user in the consumer. This makes signing in to remote portlets transparent
to end users, but also requires that the producer and consumer use the same credentials. This means
that the username and password must be the same and valid on both servers.
</para>
- <para>The recommended approach for this situation would be to use a common LDAP configuration. Please
- see the user guide on how to configure LDAP for use with JBoss Portal Platform
- </para>
+ <para>The recommended approach for this situation would be to use a common LDAP configuration. Refer to <xref linkend="chap-LDAP_Integration"/> to correctly configure LDAP on JBoss Portal Platform. </para>
<section id="wss_configuration">
- <title><remark>BZ#839355</remark>WS-Security Configuration</title>
+ <title><remark>BZ#839355 </remark>WS-Security Configuration</title>
<section id="sid-54264620_SecuringWSRP-Introduction">
<title>Introduction</title>
<para>JBoss AS7 uses a different web service implementation than the previous versions: it is now uses the JBossWS CXF Stack instead of the JBossWS Native Stack. Due to these changes, the way we configure WS-Security for WSRP with GateIn Portal on JBossAS 7 has changed.</para>
@@ -351,21 +331,17 @@
</section>
<section id="sid-54264620_SecuringWSRP-Overview">
<title>Overview</title>
- <para>CXF uses interceptors to extend and configure its behaviour. There are two main types of interceptors: inInterceptors and outInterceptors. InInterceptors are invoked for communication coming into the client or server, while outInterceptors are invoked when the client or server sends a message.</para>
+ <para>CXF uses interceptors to extend and configure its behavior. There are two main types of interceptors: <firstterm>inInterceptors</firstterm> and <firstterm>outInterceptors</firstterm>. InInterceptors are invoked for communication coming into the client or server, while outInterceptors are invoked when the client or server sends a message.</para>
<para>So for the WSRP case, the communication from the consumer to the producer is governed by the consumer's OutInterceptor and the producer's InIntereceptor. The communication from the producer to the consumer is governed by the producer's OutInterceptor and the consumer's InInterceptor. This may mean having to configure 4 Interceptors.</para>
- <note>
- <para>When dealing with WS-Security, there are some things to consider here:</para>
- <orderedlist>
- <listitem>
- <para>When dealing with user propagation, only the consumer sends the user credentials to the producer. So Username Tokens only need to be configured for the consumer's OutInterceptor and the producer's InInterceptor.</para>
- </listitem>
- </orderedlist>
- <orderedlist>
- <listitem>
- <para>When dealing with things like encryption, you will most likely want to encrypt the message from the consumer to the producer and also the message from the producer to the consumer. This means that encryption properties must be configured for all 4 interceptors.</para>
- </listitem>
- </orderedlist>
- </note>
+ <para>When dealing with WS-Security, there are some things to consider here:</para>
+ <orderedlist>
+ <listitem>
+ <para>When dealing with user propagation, only the consumer sends the user credentials to the producer. So Username Tokens only need to be configured for the consumer's OutInterceptor and the producer's InInterceptor.</para>
+ </listitem>
+ <listitem>
+ <para>When dealing with things like encryption, you will most likely want to encrypt the message from the consumer to the producer and also the message from the producer to the consumer. This means that encryption properties must be configured for all 4 interceptors.</para>
+ </listitem>
+ </orderedlist>
<para>
Please see the CXF Documentation for more details on interceptors and their types:
<ulink url="http://cxf.apache.org/docs/interceptors.html"/>
@@ -376,7 +352,7 @@
</para>
</section>
</section>
- <section>
+ <section id="WSS4J_Interceptors_and_WSRP">
<title>WSS4J Interceptors and WSRP</title>
<para>The WSS4J Interceptors are configured using using simple property files.
@@ -1166,15 +1142,13 @@
</para>
<note>
<title>Note</title>
- <remark>NEEDINFO - FILE PATH - while this path is valid, there is no XSD here any more. Should I just remove the note? Where is the XSD contained now?</remark>
<para>An XML Schema defining which elements are available to configure Consumers via XML can be found
in
- <filename><replaceable>JPP_DIST</replaceable>/gatein/extensions/gatein-wsrp-integration.ear/lib/jboss7integration.jar/ </filename>
+ <filename><replaceable>JPP_DIST</replaceable>/modules/org/gatein/wsrp/main/wsrp-integration-api-&WSRP_VERSION;.jar/xsd/gatein_wsrp_consumer_1_0.xsd </filename>
</para>
</note>
<important>
- <para>
- It is important to note that once the XML configuration file for consumers has been read upon
+ <para>Once the XML configuration file for consumers has been read upon
the WSRP service first start, the associated information is put under control of JCR (Java Content
Repository). Subsequent launches of the WSRP service will use the JCR-stored information and ignore
the content of the XML configuration file.
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr/cluster-config.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr/cluster-config.xml 2013-01-26 18:34:09 UTC (rev 9087)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr/cluster-config.xml 2013-01-28 05:14:12 UTC (rev 9088)
@@ -7,79 +7,6 @@
<title>Configuring Cluster</title>
<section id="sect-Reference_Guide-Cluster_Configuration-Launching_Cluster">
<title>Launching Cluster</title>
- <section id="sect-Reference_Guide-Launching_Cluster-Deploying_eXo_JCR_to_JBoss_Application_Server">
- <title>Deploying eXo JCR to JBoss Application Server</title>
- <para>
- To deploy eXo JCR to the JBoss AS, do the following:
- </para>
- <remark>NEEDINFO - FILE PATHS - do we need to do this for JPP 6. JCR is embedded isn't it?</remark>
- <procedure>
- <title/>
- <step>
- <para>
- Download the latest version of eXo JCR <filename>.ear</filename> file distribution.
- </para>
- </step>
- <step>
- <para>
- Copy the file into <filename><replaceable>JPP_HOME</replaceable>/standalone/deployments</filename> directory.
- </para>
- </step>
- <step>
- <para>
- Drop <filename>exo-configuration.xml</filename> into your root <filename><replaceable>JPP_DIST</replaceable>/jboss-as/</filename> directory.
- </para>
- </step>
- <step>
- <para>
- Configure JAAS by inserting the XML fragment shown below into <filename><replaceable>JPP_DIST</replaceable>/jboss-as/server/<replaceable>PROFILE</replaceable>/conf/login-config.xml</filename>
- </para>
- <programlisting language="XML" role="XML"><application-policy name="exo-domain">
- <authentication>
- <login-module code="org.exoplatform.services.security.j2ee.JbossLoginModule" flag="required"></login-module>
- </authentication>
-</application-policy></programlisting>
- </step>
- <step>
- <para>
- To ensure that <emphasis>JBossTS</emphasis> and <emphasis>JBossCache</emphasis> are used, your <filename>configuration.xml</filename> file must contain:
- </para>
- <programlisting language="XML" role="XML"><component>
- <key>org.jboss.cache.transaction.TransactionManagerLookup</key>
- <type>org.jboss.cache.GenericTransactionManagerLookup</type>^
-</component>
-
-<component>
- <key>org.exoplatform.services.transaction.TransactionService</key>
- <type>org.exoplatform.services.transaction.jbosscache.JBossTransactionsService</type>
- <init-params>
- <value-param>
- <name>timeout</name>
- <value>300</value>
- </value-param>
- </init-params>
-</component></programlisting>
- </step>
- <step>
- <para>
- Start server:
- </para>
- <para>
- In Linux systems:
- </para>
- <programlisting><command>sh bin/run.sh</command></programlisting>
- <para>
- In Windows systems:
- </para>
- <programlisting><command>bin/run.bat</command></programlisting>
- </step>
- <step>
- <para>
- Navigate to <ulink url="http://localhostu:8080/browser" type="http"/> ans use the credentials <emphasis role="bold">root</emphasis>/<emphasis role="bold">exo</emphasis> (login/password).
- </para>
- </step>
- </procedure>
- </section>
<section id="sect-Reference_Guide-Launching_Cluster-Configuring_JCR_to_use_external_configuration">
<title>Configuring JCR to use external configuration</title>
<itemizedlist>
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr-with-gtn/managed-datasources-under-jboss-as.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr-with-gtn/managed-datasources-under-jboss-as.xml 2013-01-26 18:34:09 UTC (rev 9087)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr-with-gtn/managed-datasources-under-jboss-as.xml 2013-01-28 05:14:12 UTC (rev 9088)
@@ -4,11 +4,11 @@
%BOOK_ENTITIES;
]>
<section id="sect-Reference_Guide-How_to_use_AS_Managed_DataSource_under_JBoss_AS">
- <title>How to use AS Managed DataSource under JBoss AS</title>
+ <title>How to use a Managed DataSource under JBoss AS</title>
<section id="sect-Reference_Guide-How_to_use_AS_Managed_DataSource_under_JBoss_AS-Configurations_Steps">
<title>Configurations Steps</title>
<section id="sect-Reference_Guide-Configurations_Steps-Declaring_the_datasources_in_the_AS">
- <title>Declaring the datasources in the AS</title>
+ <title>Declaring the Datasources in the AS</title>
<remark>NEEDINFO - FILE PATHS - I know this isn't right. Where do these get deployed again?</remark>
<para>
To declare the datasources using a JBoss application server, deploy a <literal>ds</literal> file (<filename><replaceable>XXX</replaceable>-ds.xml</filename>) into the <emphasis>deploy</emphasis> directory of the appropriate server profile (<filename>/server/<replaceable>PROFILE</replaceable>/deploy</filename>, for example).
@@ -61,7 +61,7 @@
<title>Do not bind datasources explicitly</title>
<para>
Do not let the portal explicitly bind datasources. </para>
- <remark>NEEDINFO - FILE PATHS - I think some of the values have changed here when I look at the new file below. New info required?</remark>
+ <remark>NEEDINFO - FILE PATHS - I think some of the values have changed in the referenced file when I look at the new file below. New info required?</remark>
<para>Edit the <filename><replaceable>JPP_HOME</replaceable>/standalone/configuration/gatein/configuration.properties</filename> and comment out the following rows in the JCR section:
</para>
<programlisting>#gatein.jcr.datasource.driver=org.hsqldb.jdbcDriver
11 years, 11 months
gatein SVN: r9087 - in epp/docs/branches/6.0/Reference_Guide/en-US: modules/AuthenticationAndIdentity and 1 other directory.
by do-not-reply@jboss.org
Author: aakanksha_writer
Date: 2013-01-26 13:34:09 -0500 (Sat, 26 Jan 2013)
New Revision: 9087
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/PredefinedUserConfiguration.xml
Log:
Updated chapters
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml 2013-01-26 18:06:09 UTC (rev 9086)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml 2013-01-26 18:34:09 UTC (rev 9087)
@@ -7,6 +7,20 @@
<title>Revision History</title>
<simpara>
<revhistory>
+ <revision>
+ <revnumber>6.0.0-39</revnumber>
+ <date>Sat Jan 26 2013</date>
+ <author>
+ <firstname>Aakanksha</firstname>
+ <surname>Singh</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Updated chapters WSRP, added section Server Integration</member>
+ </simplelist>
+ </revdescription>
+ </revision>
<revision>
<revnumber>6.0.0-38</revnumber>
<date>Fri Jan 25 2013</date>
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/PredefinedUserConfiguration.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/PredefinedUserConfiguration.xml 2013-01-26 18:06:09 UTC (rev 9086)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/PredefinedUserConfiguration.xml 2013-01-26 18:34:09 UTC (rev 9087)
@@ -1,16 +1,14 @@
<?xml version='1.0' encoding='UTF-8'?>
+<!-- This document was created with Syntext Serna Free. -->
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "../../Reference_Guide.ent">
%BOOK_ENTITIES;
]>
<chapter id="sect-Reference_Guide-Predefined_User_Configuration">
<title>Predefined User Configuration</title>
- <section id="sect-Reference_Guide-Predefined_User_Configuration-Overview">
- <title>Overview</title>
- <para>
+ <para>
The initial Organization configuration should be specified by editing the content of <filename><replaceable>JPP_DIST</replaceable>/gatein/gatein.ear/portal.war:/WEB-INF/conf/organization/organization-configuration.xml</filename>. This file uses the portal XML configuration schema. It lists several configuration plug-ins.
</para>
- </section>
<section id="sect-Reference_Guide-Predefined_User_Configuration-Plugin_for_adding_users_groups_and_membership_types">
<title>Plug-in for adding users, groups and membership types</title>
<para>
@@ -33,7 +31,7 @@
</para>
<note>
<para>
- See <literal><replaceable>JPP_HOME</replaceable>/gatein/gatein.ear/portal.war/WEB-INF/conf/organization/organization-configuration.xml</literal> for the full content.
+ See <literal>organization-configuration.xml</literal> for the full content.
</para>
</note>
<programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_PredefinedUserConfiguration/default98.xml" parse="text"/></programlisting>
@@ -43,11 +41,6 @@
<para>
The predefined groups are specified in the <emphasis role="bold">group</emphasis> field of the <emphasis role="bold">OrganizationConfig</emphasis> plug-in parameter.
</para>
- <note>
- <para>
- See <literal>JPP_HOME/gatein/gatein.ear/portal.war/WEB-INF/conf/organization/organization-configuration.xml</literal> for the full content.
- </para>
- </note>
<programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_PredefinedUserConfiguration/default99.xml" parse="text"/></programlisting>
</section>
<section id="sect-Reference_Guide-Predefined_User_Configuration-Users">
@@ -55,15 +48,10 @@
<para>
The predefined users are specified in the <emphasis role="bold">user</emphasis> field of the <emphasis role="bold">OrganizationConfig</emphasis> plug-in parameter.
</para>
- <note>
- <para>
- See <literal><replaceable>JPP_HOME</replaceable>/gatein/gatein.ear/portal.war/WEB-INF/conf/organization/organization-configuration.xml</literal> for the full content.
- </para>
- </note>
<programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_PredefinedUserConfiguration/default100.xml" parse="text"/></programlisting>
</section>
<section id="sect-Reference_Guide-Predefined_User_Configuration-Plugin_for_managing_user_creation">
- <title>Plug-in for managing user creation</title>
+ <title>Plug-in for monitoring user creation</title>
<para>
The plug-in type <literal>org.exoplatform.services.organization.impl.NewUserEventListener</literal> specifies which groups all newly created users should become members of.
</para>
@@ -71,7 +59,6 @@
It specifies the group memberships and the membership types to use (while a <emphasis>group</emphasis> is just a set of users, a membership <emphasis>type</emphasis> represents a user's role within a group). It also specifies a list of users that should not be processed (such as administrative users like '<literal>root</literal>').
</para>
<note>
- <title>Terminology</title>
<para>
The terms '<emphasis role="bold">membership</emphasis>' and '<emphasis role="bold">membership type</emphasis>' refer to the same thing, and are used interchangeably.
</para>
11 years, 11 months
gatein SVN: r9086 - in epp/docs/branches/6.0/Reference_Guide/en-US: modules and 1 other directory.
by do-not-reply@jboss.org
Author: aakanksha_writer
Date: 2013-01-26 13:06:09 -0500 (Sat, 26 Jan 2013)
New Revision: 9086
Added:
epp/docs/branches/6.0/Reference_Guide/en-US/modules/ServerIntegration.xml
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/Reference_Guide.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/WSRP.xml
Log:
Updated chapters WSRP Security and Server Integration
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/Reference_Guide.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/Reference_Guide.xml 2013-01-25 05:36:48 UTC (rev 9085)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/Reference_Guide.xml 2013-01-26 18:06:09 UTC (rev 9086)
@@ -30,4 +30,8 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/Advanced.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/eXoJCR.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Revision_History.xml"/>
+<part>
+<title>Server Integration</title>
+<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/ServerIntegration.xml"/>
+</part>
</book>
Added: epp/docs/branches/6.0/Reference_Guide/en-US/modules/ServerIntegration.xml
===================================================================
(Binary files differ)
Property changes on: epp/docs/branches/6.0/Reference_Guide/en-US/modules/ServerIntegration.xml
___________________________________________________________________
Added: svn:mime-type
+ application/xml
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/WSRP.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/WSRP.xml 2013-01-25 05:36:48 UTC (rev 9085)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/WSRP.xml 2013-01-26 18:06:09 UTC (rev 9086)
@@ -166,18 +166,152 @@
</section>
<section>
<title><remark>BZ#856432</remark>Securing WSRP</title>
+ <para>There are two main ways to secure the communication between a producer and consumer:</para>
+ <orderedlist>
+ <listitem>
+ <para>
+ <emphasis role="underline">Securing the Transport Layer</emphasis>
+
+ This requires using SSL and a HTTPS endpoint. By using this, the communication between the consumer and producer will be encrypted.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <emphasis role="underline">Securing the Contents of the SOAP message</emphasis>
+
+ This option requires using ws-security to handle parts of the SOAP message. With this option you can specify things like encryption, signing, timestamps, etc as well as passing across user credentials to perform a login on the producer side. WS-Security is more powerful and has more options, but is requires more complex configurations.
+ </para>
+ </listitem>
+ </orderedlist>
+ <para>Depending on requirements, an HTTPs endpoint or/and ws-security can be used.</para>
<section>
- <title>Considerations to use WSRP with SSL</title>
+ <title>WSRP over SSL with HTTPS endpoints</title>
<para>
+ It is possible to use WSRP over SSL for a secure exchange of data. Since GateIn Portal does not come initially configured for HTTPS connectors, we will need to configure the producer's server for this first. This is a global configuration change to JBoss AS and will affect more than just GateIn Portal and WSRP. Please see the
+ <ulink url="http://www.jboss.org/jbossas/docs">JBoss AS documentation</ulink>
+ for how to configure HTTPS connectors for the server.
+ </para>
+ <para>
+ Once the producer is configured for HTTPS connections, on the consumer you will just need to modify the URL for the WSRP endpoint to point to the new https based url. This will require either manually updating the value in the WSRP admin application, or by specifying it using the
+ <emphasis role="italics">wsrp-consumers-config.xml</emphasis>
+ configuration file before the server is first started.
+ </para>
+ <section id="sid-54264620_SecuringWSRP-SampleConfigurationForEnablingSSLWithWSRP">
+ <title>Sample Configuration For Enabling SSL With WSRP</title>
+ <warning>
+ <para>
+ This is just a simple, test configuration to be used as an example as to how its possible to setup the https/ssl with wsrp. It is not meant to show best practices for configuring https with JBoss AS and does things which should not be used in a production server (such as self-signed certificates). Please see the
+ <ulink url="http://www.jboss.org/jbossas/docs">JBoss AS documentation</ulink>
+ for full configuration options.
+ </para>
+ </warning>
+ <section id="sid-54264620_SecuringWSRP-ConfiguretheProducertoUseHTTPS">
+ <title>Configure the Producer to Use HTTPS</title>
+ <para>First we will need to configure the producer's server to use https. This is handled in the same manner that you would configure any JBoss AS server for HTTPS.</para>
+ <orderedlist>
+ <listitem>
+ <para>Generate the keystore for the producer</para>
+ <informalexample>
+ <programlisting>keytool -genkey -alias tomcat -keyalg RSA -keystore producerhttps.keystore -dname "cn=localhost" -keypass changeme -storepass changeme</programlisting>
+ </informalexample>
+ </listitem>
+ <listitem>
+ <para>
+ Configure the server to add an https connection. This requires modifying the
+ <emphasis role="italics">standalone/configuration/standalone.xml</emphasis>
+ file with the following content in bold:
+ </para>
+ <sidebar>
+ <para>
+ ...
+
+ <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
+
+ <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
+
+ <emphasis role="strong"><connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true"></emphasis>
+
+ <emphasis role="strong"><ssl certificate-key-file="/path/to/producerhttps.keystore" password="changeme"/></emphasis>
+
+ <emphasis role="strong"></connector></emphasis>
+
+ <virtual-server name="default-host" enable-welcome-root="true">
+
+ <alias name="localhost"/>
+
+ <alias name="example.com"/>
+
+ </virtual-server>
+
+ ...
+ </para>
+ </sidebar>
+ </listitem>
+ <listitem>
+ <para>
+ Start the server and verify that
+ <ulink url="https://localhost:8443/portal"/>
+ is accessible. Note that since you are using a self-signed certificate that your browser will give a warning that the certificate cannot be trusted.
+ </para>
+ <note>
+ <para>In this example case we are accessing the portal using 'localhost' hence why we are using "cn=localhost" in the keytool command. If you are using this across another domain, you will need to make the necessary change.</para>
+ </note>
+ </listitem>
+ </orderedlist>
+ </section>
+ <section id="sid-54264620_SecuringWSRP-ConfiguretheConsumertoAccesstheWSRPEndpointoverHTTPS">
+ <title>Configure the Consumer to Access the WSRP Endpoint over HTTPS</title>
+ <para>Ideally we should be able to just change the URL for the producer in the wsrp admin to use https, but we need to tell the consumer's server to trust our self-signed certificate first.</para>
+ <orderedlist>
+ <listitem>
+ <para>Export the producer's public key from the producer's keystore</para>
+ <informalexample>
+ <programlisting>keytool -export -alias tomcat -file producerkey.rsa -keystore producerhttps.keystore -storepass changeme</programlisting>
+ </informalexample>
+ </listitem>
+ <listitem>
+ <para>Import the producer's public key into a new keystore for the consumer</para>
+ <informalexample>
+ <programlisting>keytool -import -alias tomcat -file producerkey.rsa -keystore consumerhttps.keystore -storepass changeme -noprompt</programlisting>
+ </informalexample>
+ </listitem>
+ <listitem>
+ <para>
+ Configure the
+ <emphasis role="italics">bin/standalone.conf</emphasis>
+ file to add the following line at the end of the file:
+ </para>
+ <informalexample>
+ <programlisting>JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/path/to/consumerhttps.keystore -Djavax.net.ssl.trustStorePassword=changeme"</programlisting>
+ </informalexample>
+ </listitem>
+ <listitem>
+ <para>
+ Start the consumer and change the selfv2 producer url to
+ <ulink url="https://localhost:8443/wsrp-producer/v2/MarkupService?wsdl"/>
+ and verify that the consumer can access the producer.
+ </para>
+ </listitem>
+ </orderedlist>
+ <note>
+ <para>
+ It is also possible to modify the
+ <emphasis role="italics">wsrp-consumers-config.xml</emphasis>
+ configuration file to change the URL instead of modifying it in the admin gui
+ </para>
+ </note>
+ <para>
It is possible to use WSRP over SSL for secure exchange of data. Configure your server appriopriately as described in the <citetitle>HTTPS Configuration</citetitle> section of the <citetitle>Installation Guide</citetitle>.
</para>
+ </section>
+ </section>
</section>
<section>
<title>WSRP and WS-Security</title>
<para>Portlets may present different data or options depending on the currently authenticated user. For remote
portlets, this means having to propagate the user credentials from the consumer back to the producer in
a safe and secure manner. The WSRP specification does not directly specify how this should be
- accomplished, but delegates this work to the existing WS-Security standards.
+ accomplished, but delegates this work to the existing WS-Security standards. The WS-Security standards can also be used to secure the soap message, such as encryption and signing the message.
</para>
<note>
<title>Web Container Compatibility</title>
@@ -194,48 +328,53 @@
sent in plain text. <emphasis role="bold">Use of encryption is strongly recommended.</emphasis>
</para>
</warning>
- <important>
- <title>Credentials</title>
- <para>When the consumer sends the user credentials to the producer, it is sending the credentials for the
+ </section>
+ <section>
+ <title>Credentials</title>
+ <para>When the consumer sends the user credentials to the producer, it is sending the credentials for the
currently authenticated user in the consumer. This makes signing in to remote portlets transparent
to end users, but also requires that the producer and consumer use the same credentials. This means
that the username and password must be the same and valid on both servers.
</para>
- <para>The recommended approach for this situation would be to use a common LDAP configuration. Please
+ <para>The recommended approach for this situation would be to use a common LDAP configuration. Please
see the user guide on how to configure LDAP for use with JBoss Portal Platform
</para>
- </important>
- <para>The GateIn Wiki article, <ulink url="http://community.jboss.org/wiki/GateInWSRPAndWebServiceSecurity"> GateIn WSRP and Web Service Security</ulink>, also provides a step-by-step example on how to configure
- WSRP with WS-Security.
- </para>
<section id="wss_configuration">
<title><remark>BZ#839355</remark>WS-Security Configuration</title>
- <para>
-JBoss Portal Platform uses JBossWS CXF instead of the JBossWS Native to handle ws-security. Due to these changes, the configuration for WS-Security with JBoss Portal Platform on JBoss Enterprise Application Platform is changed. </para>
- <note>
- <para>We only support one ws-security configuration option for the producer. All consumers accessing the producer will have to conform to this security constraint. This means if the producer requires encryption, all consumers will be required to encrypt their messages when accessing the producer.
-</para>
+ <section id="sid-54264620_SecuringWSRP-Introduction">
+ <title>Introduction</title>
+ <para>JBoss AS7 uses a different web service implementation than the previous versions: it is now uses the JBossWS CXF Stack instead of the JBossWS Native Stack. Due to these changes, the way we configure WS-Security for WSRP with GateIn Portal on JBossAS 7 has changed.</para>
+ <note>
+ <para>We only support one ws-security configuration option for the producer. All consumers accessing the producer will have to conform to this security constraint. This means if the producer requires encryption, all consumers will be required to encrypt their messages when accessing the producer.</para>
+ <para>We only support one ws-security configuration option to be used by all the consumers. A consumer has the option to enable or disable ws-security, which allows for one or more consumers to use ws-security while the others do not.</para>
+ </note>
+ </section>
+ <section id="sid-54264620_SecuringWSRP-Overview">
+ <title>Overview</title>
+ <para>CXF uses interceptors to extend and configure its behaviour. There are two main types of interceptors: inInterceptors and outInterceptors. InInterceptors are invoked for communication coming into the client or server, while outInterceptors are invoked when the client or server sends a message.</para>
+ <para>So for the WSRP case, the communication from the consumer to the producer is governed by the consumer's OutInterceptor and the producer's InIntereceptor. The communication from the producer to the consumer is governed by the producer's OutInterceptor and the consumer's InInterceptor. This may mean having to configure 4 Interceptors.</para>
+ <note>
+ <para>When dealing with WS-Security, there are some things to consider here:</para>
+ <orderedlist>
+ <listitem>
+ <para>When dealing with user propagation, only the consumer sends the user credentials to the producer. So Username Tokens only need to be configured for the consumer's OutInterceptor and the producer's InInterceptor.</para>
+ </listitem>
+ </orderedlist>
+ <orderedlist>
+ <listitem>
+ <para>When dealing with things like encryption, you will most likely want to encrypt the message from the consumer to the producer and also the message from the producer to the consumer. This means that encryption properties must be configured for all 4 interceptors.</para>
+ </listitem>
+ </orderedlist>
+ </note>
<para>
-We only support one ws-security configuration option to be used by all the consumers. A consumer has the option to enable or disable ws-security, which allows for one or more consumers to use ws-security while the others do not.</para>
- </note>
- <para>Note that since the consumer passes its credentials to the producer, the consumer acts as the wss client and the producer acts as the wss server.
- </para>
- <para>CXF uses interceptors to extend and configure its behaviour. There are two main types of interceptors: inInterceptors and outInterceptors. </para>
- <para>InInterceptors are invoked for communication coming into the client or server, while outInterceptors are invoked when the client or server sends a message.
-
-So for the WSRP, the communication from the consumer to the producer is governed by the consumer's OutInterceptor and the producer's InIntereceptor. </para>
- <para>The communication from the producer to the consumer is governed by the producer's OutInterceptor and the consumer's InInterceptor. This means having to configure four Interceptors.</para>
- <para>Important points to be considered while dealing with WS-Security</para>
- <itemizedlist>
- <listitem>
- <para>In case of user propagation, only the consumer sends the user credentials to the producer. So Username Tokens only need to be configured for the consumer's OutInterceptor and the producer's InInterceptor.</para>
- <para>For encryption, you will most likely want to encrypt the message from the consumer to the producer and also the message from the producer to the consumer. This means that encryption properties must be configured for all four interceptors.</para>
- </listitem>
- </itemizedlist>
- <para>For more details on types of interceptors refer</para>
- <para><ulink url="http://cxf.apache.org/docs/interceptors.html"/></para>
- <para>To support ws-security, JBoss Portal Platform uses CXF's WSS4J Interceptors which handle all ws-security related tasks, for more details on CXF documentation refer</para>
- <para><ulink url="http://cxf.apache.org/docs/ws-security.html"/></para>
+ Please see the CXF Documentation for more details on interceptors and their types:
+ <ulink url="http://cxf.apache.org/docs/interceptors.html"/>
+ </para>
+ <para>
+ To support ws-security, GateIn Portal uses CXF's WSS4J Interceptors which handle all ws-security related tasks. Please see the CXF Documentation for more details:
+ <ulink url="http://cxf.apache.org/docs/ws-security.html"/>
+ </para>
+ </section>
</section>
<section>
<title>WSS4J Interceptors and WSRP</title>
@@ -295,12 +434,11 @@
</section>
<section>
<title><remark>BZ#839355</remark>WS-Security Consumer Configuration</title>
- <para>To configure ws-security on the consumer side, configure the WSS4JInInterceptor and/or WSS4JOutInterceptor.</para>
- <para>In the WSRP Configuration portlet <guilabel>Consumers Configuration</guilabel> options, check the 'Enable WS Security' checkbox if you want credentials to be sent to the producer.
- </para>
- <note>
- <para>You do not need to enable this option if you want to use ws-security to encrypt the communication between the producer and consumer only, and not use it for identity propagation.</para>
- </note>
+ <para>
+ In order to configure ws-security on the consumer side, you will have to configure the WSS4J Interceptors as seen above. This will require having to configure the WSS4JInInterceptor and/or WSS4JOutInterceptor.
+
+ You will also need to check the 'Enable WS-Security' checkbox on the WSRP Admin Portlet for the consumer configuration to take effect.
+ </para>
<mediaobject>
<imageobject>
<imagedata align="center" valign="middle" scalefit="1" fileref="images/WSRP/config_wss_selected.png" format="PNG"/>
@@ -335,11 +473,9 @@
</section>
</section>
</section>
- <section>
- <title>WS-Security Producer Configuration</title>
- <para>
-The configuration of the producer is similar to that of the consumer. It also requires having to configure the WSS4JInInterceptor and/or WSS4JOutInterceptor.
- </para>
+ <section id="sid-54264620_SecuringWSRP-ProducerConfiguration">
+ <title>Producer Configuration</title>
+ <para>The configuration of the producer is similar to that of the consumer. It also requires having to configure the WSS4JInInterceptor and/or WSS4JOutInterceptor.</para>
<section>
<title>Special GateIn Portal Configuration Options for User Propagation</title>
<para>
@@ -360,7 +496,7 @@
<para>When this option is activated, the interceptor will set the action to 'UsernameToken' when the received SOAP message contains ws-security headers. If no ws-security header is included in the message, then no action is taken and the interceptor is not run. This is useful for dealing with authenticated and unauthentcated users trying to access the producer.</para>
</section>
</section>
- <section>
+ <section id="sid-54264620_SecuringWSRP-SampleConfigurationusingtheUsernameTokenandUserPropagation">
<title>Sample Configuration using the UsernameToken and User Propagation</title>
<warning>
<para>This example configuration does not encrypt the message. This means the username and password will be sent between the producer and consumer in plain text. This is a security concern and is only being shown as a simple example. It is up to administrators to properly configure the WSS4J Interceptors to encrypt messages or to only use https communication between the producer and consumer.</para>
@@ -388,19 +524,6 @@
<para>start the producer server</para>
</listitem>
</orderedlist>
- <section>
- <title>Sample Configuration Securing the Endpoints using Encryption and Signing</title>
- <para>The following steps outline how to configure the producer and consumer to encrypt and sign SOAP messages passed between the producer and consumer. This example only deals with SOAP messages being sent between the producer and consumer, and not with user propagation.</para>
- <note>
- <para>
- Some of the configuration options specified here are based on the content at
- <ulink url="http://cxf.apache.org/docs/ws-security.html"/>
- and
- <ulink url="http://www.jroller.com/gmazza/entry/cxf_x509_profile"/>
- More information may be available at these sites.
- </para>
- </note>
- </section>
</section>
<section>
<title>Consumer Setup</title>
@@ -436,7 +559,7 @@
</orderedlist>
</section>
</section>
- <section>
+ <section id="sid-54264620_SecuringWSRP-SampleConfigurationSecuringtheEndpointsusingEncryptionandSigning">
<title>Sample Configuration Securing the Endpoints using Encryption and Signing</title>
<para>The following steps outline how to configure the producer and consumer to encrypt and sign SOAP messages passed between the producer and consumer. This example only deals with SOAP messages being sent between the producer and consumer, and not with user propagation.</para>
<note>
@@ -460,7 +583,6 @@
<programlisting>package test;
 
import java.io.IOException;
- 
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
@@ -690,7 +812,7 @@
<title>Configure the Producer</title>
<para>
Follow the steps outlined in the
- Sample Configuration Securing the Endpoints using Encryption and Signing
+ <link linkend="sid-54264620_SecuringWSRP-SampleConfigurationSecuringtheEndpointsusingEncryptionandSigning">Sample Configuration Securing the Endpoints using Encryption and Signing</link>
section but make the following changes:
</para>
<orderedlist>
@@ -724,11 +846,11 @@
</listitem>
</orderedlist>
</section>
- <section id="sid-54264620_SecuringWSRP-ConfiguretheConsumer">
+ <section>
<title>Configure the Consumer</title>
<para>
Follow the steps outlined in the
- Sample Configuration Securing the Endpoints using Encryption and Signing
+ <link linkend="sid-54264620_SecuringWSRP-SampleConfigurationSecuringtheEndpointsusingEncryptionandSigning">Sample Configuration Securing the Endpoints using Encryption and Signing</link>
section but make the following changes:
</para>
<orderedlist>
@@ -1864,7 +1986,7 @@
<para>If you deployed the example <literal>RegistrationPolicy</literal> provided from the github repository (<filename>registration-policy-example.wsrp.jar</filename>) to the <filename>JPP_HOME/gatein/extensions</filename> directory, it will appear in the list of available policies in the producer configuration screen.</para>
</section>
</section>
- <section id="strict-mode">
+ <section>
<title>WSRP validation mode</title>
<para>The lack of conformance kit, and the wording of the WSRP specification leaves room for differing
interpretations, resulting in interoperability issues. It is therefore possible to encounter issues when
@@ -1994,7 +2116,7 @@
</tbody>
</tgroup>
</informaltable>
- <section id="sid-55477864_WorkingwithWSRPextensions-Example">
+ <section>
<title>Example</title>
<informalexample>
<programlisting>./standalone.sh -Dorg.gatein.wsrp.consumer.handlers.delegate=com.example.FooInvocationHandlerDelegate</programlisting>
@@ -2008,7 +2130,7 @@
</para>
</section>
</section>
- <section id="sid-55477864_WorkingwithWSRPextensions-Accessingextensionsfromclientcode">
+ <section>
<title>Accessing extensions from client code</title>
<para>
You can access extensions from client code using
11 years, 11 months
gatein SVN: r9085 - epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity.
by do-not-reply@jboss.org
Author: smumford
Date: 2013-01-25 00:36:48 -0500 (Fri, 25 Jan 2013)
New Revision: 9085
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SAML2_Salesforce_and_Google_Integration.xml
Log:
First edit of new SAML2/Google-Salesforce content. Organized processes into discrete tasks.
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SAML2_Salesforce_and_Google_Integration.xml
===================================================================
(Binary files differ)
11 years, 11 months
gatein SVN: r9084 - epp/docs/branches/6.0/Reference_Guide/en-US.
by do-not-reply@jboss.org
Author: jaredmorgs
Date: 2013-01-25 00:28:13 -0500 (Fri, 25 Jan 2013)
New Revision: 9084
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml
Log:
Bumped Rev History to publish changes for File Path Review.
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml 2013-01-25 05:28:08 UTC (rev 9083)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml 2013-01-25 05:28:13 UTC (rev 9084)
@@ -36,20 +36,6 @@
</revdescription>
</revision>
<revision>
- <revnumber>6.0.0-36</revnumber>
- <date>Fri Jan 25 2013</date>
- <author>
- <firstname>Jared</firstname>
- <surname>Morgan</surname>
- <email/>
- </author>
- <revdescription>
- <simplelist>
- <member>Sanitized all old file paths. NEEDINFO - FILE PATH used in remarks to flag areas where I need assistance with info for old file paths.</member>
- </simplelist>
- </revdescription>
- </revision>
- <revision>
<revnumber>6.0.0-35</revnumber>
<date>Fri Jan 25 2013</date>
<author>
11 years, 11 months
gatein SVN: r9083 - epp/portal/branches/EPP_5_2_2_GA_BZ851985_BZ861377_BZ891247_BZ895343/component/portal/src/test/java/org/exoplatform/portal/config.
by do-not-reply@jboss.org
Author: tkobayas(a)redhat.com
Date: 2013-01-25 00:28:08 -0500 (Fri, 25 Jan 2013)
New Revision: 9083
Modified:
epp/portal/branches/EPP_5_2_2_GA_BZ851985_BZ861377_BZ891247_BZ895343/component/portal/src/test/java/org/exoplatform/portal/config/TestUserPortalConfigService.java
Log:
BZ895343 fixing TestUserPortalConfigService by picking 03f0096877a355f9d6986b8fbf27f6255b3e166a commit
Modified: epp/portal/branches/EPP_5_2_2_GA_BZ851985_BZ861377_BZ891247_BZ895343/component/portal/src/test/java/org/exoplatform/portal/config/TestUserPortalConfigService.java
===================================================================
--- epp/portal/branches/EPP_5_2_2_GA_BZ851985_BZ861377_BZ891247_BZ895343/component/portal/src/test/java/org/exoplatform/portal/config/TestUserPortalConfigService.java 2013-01-25 04:39:38 UTC (rev 9082)
+++ epp/portal/branches/EPP_5_2_2_GA_BZ851985_BZ861377_BZ891247_BZ895343/component/portal/src/test/java/org/exoplatform/portal/config/TestUserPortalConfigService.java 2013-01-25 05:28:08 UTC (rev 9083)
@@ -196,11 +196,13 @@
UserPortal userPortal = userPortalCfg.getUserPortal();
assertNotNull(userPortal.getNavigations());
Map<String, UserNavigation> navigations = toMap(userPortal);
- assertEquals("expected to have 5 navigations instead of " + navigations, 5, navigations.size());
+ assertEquals("expected to have 7 navigations instead of " + navigations, 7, navigations.size());
assertTrue(navigations.containsKey("portal::classic"));
assertTrue(navigations.containsKey("group::/platform/administrators"));
assertTrue(navigations.containsKey("group::/platform/users"));
assertTrue(navigations.containsKey("group::/organization/management/executive-board"));
+ assertTrue(navigations.containsKey("group::/test/normalized"));
+ assertTrue(navigations.containsKey("group::/test/legacy"));
assertTrue(navigations.containsKey("user::root"));
}
}.execute("root");
@@ -283,12 +285,14 @@
UserPortalConfig userPortalCfg = userPortalConfigSer_.getUserPortalConfig("classic", "root");
UserPortal userPortal = userPortalCfg.getUserPortal();
List<UserNavigation> navigations = userPortal.getNavigations();
- assertEquals("expected to have 5 navigations instead of " + navigations, 5, navigations.size());
+ assertEquals("expected to have 7 navigations instead of " + navigations, 7, navigations.size());
assertEquals("classic", navigations.get(0).getKey().getName()); // 1
assertEquals("/platform/administrators", navigations.get(1).getKey().getName()); // 2
assertEquals("root", navigations.get(2).getKey().getName()); // 3
assertEquals("/organization/management/executive-board", navigations.get(3).getKey().getName()); // 5
assertEquals("/platform/users", navigations.get(4).getKey().getName()); // 8
+ assertEquals("/test/legacy", navigations.get(5).getKey().getName());
+ assertEquals("/test/normalized", navigations.get(6).getKey().getName());
}
}.execute("root");
}
@@ -309,12 +313,14 @@
UserPortal userPortal = userPortalCfg.getUserPortal();
assertNotNull(userPortal.getNavigations());
Map<String, UserNavigation> navigations = toMap(userPortal);
- assertEquals("expected to have 5 navigations instead of " + navigations, 5, navigations.size());
+ assertEquals("expected to have 7 navigations instead of " + navigations, 7, navigations.size());
assertTrue(navigations.containsKey("portal::jazz"));
assertTrue(navigations.containsKey("group::/platform/administrators"));
assertTrue(navigations.containsKey("group::/organization/management/executive-board"));
assertTrue(navigations.containsKey("group::/platform/users"));
assertTrue(navigations.containsKey("user::root"));
+ assertTrue(navigations.containsKey("group::/test/legacy"));
+ assertTrue(navigations.containsKey("group::/test/normalized"));
queryPage();
}
11 years, 11 months
gatein SVN: r9082 - epp/docs/branches/6.0/Reference_Guide/en-US.
by do-not-reply@jboss.org
Author: jaredmorgs
Date: 2013-01-24 23:39:38 -0500 (Thu, 24 Jan 2013)
New Revision: 9082
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml
Log:
Bumped Rev History to publish changes for File Path Review.
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml 2013-01-25 03:44:48 UTC (rev 9081)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml 2013-01-25 04:39:38 UTC (rev 9082)
@@ -7,8 +7,21 @@
<title>Revision History</title>
<simpara>
<revhistory>
-BZ#886298: Corrections as per feedback from Tomas
<revision>
+ <revnumber>6.0.0-38</revnumber>
+ <date>Fri Jan 25 2013</date>
+ <author>
+ <firstname>Jared</firstname>
+ <surname>Morgan</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Sanitized all old file paths. NEEDINFO - FILE PATH used in remarks to flag areas where I need assistance with info for old file paths.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
<revnumber>6.0.0-37</revnumber>
<date>Fri Jan 25 2013</date>
<author>
@@ -32,7 +45,7 @@
</author>
<revdescription>
<simplelist>
- <member>Sanitized all old file paths. NEEDINFO - FILE PATH used in remarks to flag areas where I need assistance with info.</member>
+ <member>Sanitized all old file paths. NEEDINFO - FILE PATH used in remarks to flag areas where I need assistance with info for old file paths.</member>
</simplelist>
</revdescription>
</revision>
11 years, 11 months
gatein SVN: r9081 - in epp/docs/branches/6.0/Reference_Guide/en-US: modules/AuthenticationAndIdentity and 1 other directory.
by do-not-reply@jboss.org
Author: smumford
Date: 2013-01-24 22:44:48 -0500 (Thu, 24 Jan 2013)
New Revision: 9081
Added:
epp/docs/branches/6.0/Reference_Guide/en-US/images/AuthenticationAndIdentity/SAML2/salesforce-idp.png
epp/docs/branches/6.0/Reference_Guide/en-US/images/AuthenticationAndIdentity/SAML2/salesforce-sp.png
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SAML2_Salesforce_and_Google_Integration.xml
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SAML2.xml
Log:
https://docs.jboss.org/author/display/GTNPORTAL35/SAML2#SAML2-Integration... Raw changes imported into doc
Added: epp/docs/branches/6.0/Reference_Guide/en-US/images/AuthenticationAndIdentity/SAML2/salesforce-idp.png
===================================================================
(Binary files differ)
Property changes on: epp/docs/branches/6.0/Reference_Guide/en-US/images/AuthenticationAndIdentity/SAML2/salesforce-idp.png
___________________________________________________________________
Added: svn:mime-type
+ image/png
Added: epp/docs/branches/6.0/Reference_Guide/en-US/images/AuthenticationAndIdentity/SAML2/salesforce-sp.png
===================================================================
(Binary files differ)
Property changes on: epp/docs/branches/6.0/Reference_Guide/en-US/images/AuthenticationAndIdentity/SAML2/salesforce-sp.png
___________________________________________________________________
Added: svn:mime-type
+ image/png
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SAML2.xml
===================================================================
(Binary files differ)
Added: epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SAML2_Salesforce_and_Google_Integration.xml
===================================================================
(Binary files differ)
Property changes on: epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SAML2_Salesforce_and_Google_Integration.xml
___________________________________________________________________
Added: svn:mime-type
+ application/xml
11 years, 11 months
gatein SVN: r9080 - epp/docs/branches/6.0/Reference_Guide/en-US.
by do-not-reply@jboss.org
Author: rdickens
Date: 2013-01-24 22:43:30 -0500 (Thu, 24 Jan 2013)
New Revision: 9080
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml
Log:
Bumped pubsnumber to have book re-Brew-ed
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml 2013-01-25 03:39:28 UTC (rev 9079)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml 2013-01-25 03:43:30 UTC (rev 9080)
@@ -7,7 +7,22 @@
<title>Revision History</title>
<simpara>
<revhistory>
+BZ#886298: Corrections as per feedback from Tomas
<revision>
+ <revnumber>6.0.0-37</revnumber>
+ <date>Fri Jan 25 2013</date>
+ <author>
+ <firstname>Russell</firstname>
+ <surname>Dickenson</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>BZ#886298: Corrections as per feedback from Tomas.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
<revnumber>6.0.0-36</revnumber>
<date>Fri Jan 25 2013</date>
<author>
11 years, 11 months
gatein SVN: r9079 - epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity.
by do-not-reply@jboss.org
Author: rdickens
Date: 2013-01-24 22:39:28 -0500 (Thu, 24 Jan 2013)
New Revision: 9079
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
Log:
BZ#886298: Corrections as per feedback from Tomas
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2013-01-25 03:37:08 UTC (rev 9078)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2013-01-25 03:39:28 UTC (rev 9079)
@@ -1523,11 +1523,6 @@
</listitem>
<listitem>
<para>
- Create the <filename>krb5kdc</filename> and <filename>krb5logs</filename> directories according to the paths used in the KDC configuration file.
- </para>
- </listitem>
- <listitem>
- <para>
Create a KDC database.
</para>
<programlisting>
@@ -1632,7 +1627,7 @@
</step>
<step>
<para>
- Search for the <literal>network.negotiate-auth</literal> preference and set its value as follows:
+ Search for the <literal>network.negotiate-auth</literal> preferences and set the values as follows:
</para>
<programlisting>
network.negotiate-auth.allow-proxies = true
11 years, 11 months