Author: smumford
Date: 2011-05-12 21:23:40 -0400 (Thu, 12 May 2011)
New Revision: 6470
Added:
epp/docs/branches/5.1/Reference_Guide/en-US/extras/Authentication_Identity/
epp/docs/branches/5.1/Reference_Guide/en-US/extras/Authentication_Identity/ExampleCodec.java
epp/docs/branches/5.1/Reference_Guide/en-US/extras/Authentication_Identity/configuration.xml
Modified:
epp/docs/branches/5.1/Reference_Guide/en-US/Book_Info.xml
epp/docs/branches/5.1/Reference_Guide/en-US/Reference_Guide.ent
epp/docs/branches/5.1/Reference_Guide/en-US/Revision_History.xml
epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity.xml
epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AccessingUserProfile.xml
epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationTokenConfiguration.xml
epp/docs/branches/5.1/Reference_Guide/en-US/modules/WSRP.xml
Log:
JBEPP-610: Added new example encrytopin codec java file and actioned feedback
Modified: epp/docs/branches/5.1/Reference_Guide/en-US/Book_Info.xml
===================================================================
--- epp/docs/branches/5.1/Reference_Guide/en-US/Book_Info.xml 2011-05-12 11:24:49 UTC (rev
6469)
+++ epp/docs/branches/5.1/Reference_Guide/en-US/Book_Info.xml 2011-05-13 01:23:40 UTC (rev
6470)
@@ -9,7 +9,7 @@
<productname>JBoss Enterprise Portal Platform</productname>
<productnumber>5.1</productnumber>
<edition>1</edition>
- <pubsnumber>5.3</pubsnumber>
+ <pubsnumber>5.5</pubsnumber>
<abstract>
<para>
This Reference Guide is a high-level usage document. It deals with more advanced
topics than the Installation and User Guides, adding new content or taking concepts
discussed in the earlier documents further. It aims to provide supporting documentation
for advanced users of the JBoss Enterprise Portal Platform product. Its primary focus is
on advanced use of the product and it assumes an intermediate or advanced knowledge of the
technology and terms.
Modified: epp/docs/branches/5.1/Reference_Guide/en-US/Reference_Guide.ent
===================================================================
--- epp/docs/branches/5.1/Reference_Guide/en-US/Reference_Guide.ent 2011-05-12 11:24:49
UTC (rev 6469)
+++ epp/docs/branches/5.1/Reference_Guide/en-US/Reference_Guide.ent 2011-05-13 01:23:40
UTC (rev 6470)
@@ -7,3 +7,8 @@
<!-- Corporate Specifics: -->
<!ENTITY YEAR "2010">
<!ENTITY HOLDER "Red Hat, Inc">
+
+<!-- Version Specifcs: -->
+<!ENTITY VX "5">
+<!ENTITY VY "5.1">
+<!ENTITY VZ "5.1.1">
\ No newline at end of file
Modified: epp/docs/branches/5.1/Reference_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/5.1/Reference_Guide/en-US/Revision_History.xml 2011-05-12 11:24:49
UTC (rev 6469)
+++ epp/docs/branches/5.1/Reference_Guide/en-US/Revision_History.xml 2011-05-13 01:23:40
UTC (rev 6470)
@@ -8,8 +8,8 @@
<simpara>
<revhistory>
<revision>
- <revnumber>1-5.3</revnumber>
- <date>Tue Apr 5 2011</date>
+ <revnumber>1-5.5</revnumber>
+ <date>Thu May 12 2011</date>
<author>
<firstname>Scott</firstname>
<surname>Mumford</surname>
@@ -17,6 +17,20 @@
</author>
<revdescription>
<simplelist>
+ <member>Added 'Password Encryption'
Draft.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>1-5.4</revnumber>
+ <date>Wed Apr 27 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email>smumford(a)redhat.com</email>
+ </author>
+ <revdescription>
+ <simplelist>
<member>Completed first draft of new LDAP
section.</member>
</simplelist>
</revdescription>
@@ -35,7 +49,7 @@
</simplelist>
</revdescription>
</revision>
- <revision>
+ <!-- <revision>
<revnumber>1-5.1</revnumber>
<date>Tue Dec 21 2010</date>
<author>
@@ -77,7 +91,7 @@
</simplelist>
</revdescription>
</revision>
- <!-- <revision>
+ <revision>
<revnumber>1-4.2</revnumber>
<date>Mon Dec 13 2010</date>
<author>
Added:
epp/docs/branches/5.1/Reference_Guide/en-US/extras/Authentication_Identity/ExampleCodec.java
===================================================================
---
epp/docs/branches/5.1/Reference_Guide/en-US/extras/Authentication_Identity/ExampleCodec.java
(rev 0)
+++
epp/docs/branches/5.1/Reference_Guide/en-US/extras/Authentication_Identity/ExampleCodec.java 2011-05-13
01:23:40 UTC (rev 6470)
@@ -0,0 +1,43 @@
+package org.example.codec;
+
+import org.exoplatform.container.xml.InitParams;
+import org.exoplatform.web.security.security.AbstractCodec;
+import org.exoplatform.web.security.security.CookieTokenService;
+import org.picocontainer.Startable;
+
+public class ExampleCodec extends AbstractCodec implements Startable
+{
+ private String simpleParam;
+ private CookieTokenService cookieTokenService;
+
+ public ExampleCodec(InitParams params, CookieTokenService cookieTokenService)
+ {
+ simpleParam = params.getValueParam("encodingParam").getValue();
+ this.cookieTokenService = cookieTokenService;
+ }
+
+ public void start()
+ {
+ cookieTokenService.setupCodec(this);
+ }
+
+ public void stop()
+ {
+ }
+
+ /**
+ * Very simple encoding algorithm used only for demonstration purposes.
+ * You should use stronger algorithm in real production environment.
+ */
+ public String encode(String plainInput)
+ {
+ return plainInput + simpleParam;
+ }
+
+ public String decode(String encodedInput)
+ {
+ return encodedInput.substring(0, encodedInput.length() - simpleParam.length());
+ }
+
+}
+
Added:
epp/docs/branches/5.1/Reference_Guide/en-US/extras/Authentication_Identity/configuration.xml
===================================================================
---
epp/docs/branches/5.1/Reference_Guide/en-US/extras/Authentication_Identity/configuration.xml
(rev 0)
+++
epp/docs/branches/5.1/Reference_Guide/en-US/extras/Authentication_Identity/configuration.xml 2011-05-13
01:23:40 UTC (rev 6470)
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+
+<configuration
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+xsi:schemaLocation="http://www.exoplaform.org/xml/ns/kernel_1_0.xsd
http://www.exoplaform.org/xml/ns/kernel_1_0.xsd"
+xmlns="http://www.exoplaform.org/xml/ns/kernel_1_0.xsd">
+
+<component>
+ <key>org.example.codec.ExampleCodec</key>
+ <type>org.example.codec.ExampleCodec</type>
+ <init-params>
+ <value-param>
+ <name>encodingParam</name>
+ <value>aaa</value>
+ </value-param>
+ </init-params>
+</component>
+
+</configuration>
\ No newline at end of file
Modified:
epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AccessingUserProfile.xml
===================================================================
---
epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AccessingUserProfile.xml 2011-05-12
11:24:49 UTC (rev 6469)
+++
epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AccessingUserProfile.xml 2011-05-13
01:23:40 UTC (rev 6470)
@@ -10,23 +10,7 @@
</para>
<programlisting language="Java" role="Java"><xi:include
href="../../extras/Authentication_Identity_AccessingUserProfile/default91.java"
parse="text"
xmlns:xi="http://www.w3.org/2001/XInclude"
/></programlisting>
- <!-- <programlisting language="Java" role="JAVA">//
Alternative context: WebuiRequestContext context =
WebuiRequestContext.getCurrentInstance() ;
-PortalRequestContext context = PortalRequestContext.getCurrentInstance() ;
-// Get the id of the user logged
-String userId = context.getRemoteUser();
-// Request the information from OrganizationService:
-OrganizationService orgService = getApplicationComponent(OrganizationService.class) ;
-if (userId != null)
-{
-User user = orgService.getUserHandler().findUserByName(userId) ;
-if (user != null)
-{
-String firstName = user.getFirstName();
-String lastName = user.getLastName();
-String email = user.getEmail();
-}
-}
-</programlisting> -->
+
<para>
Below are two alternatives for retrieving the Organization Service:
</para>
@@ -34,16 +18,12 @@
<listitem>
<programlisting language="Java" role="Java"><xi:include
href="../../extras/Authentication_Identity_AccessingUserProfile/default92.java"
parse="text"
xmlns:xi="http://www.w3.org/2001/XInclude"
/></programlisting>
- <!-- <programlisting language="Java"
role="JAVA">OrganizationService service = (OrganizationService)
-ExoContainerContext.getCurrentContainer().getComponentInstanceOfType(OrganizationService.class);
-</programlisting> -->
+
</listitem>
<listitem>
<programlisting language="Java" role="Java"><xi:include
href="../../extras/Authentication_Identity_AccessingUserProfile/default93.java"
parse="text"
xmlns:xi="http://www.w3.org/2001/XInclude"
/></programlisting>
- <!-- <programlisting language="Java"
role="JAVA">OrganizationService service = (OrganizationService)
-PortalContainer.getInstance().getComponentInstanceOfType(OrganizationService.class);
-</programlisting> -->
+
</listitem>
</orderedlist>
</section>
Modified:
epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationTokenConfiguration.xml
===================================================================
---
epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationTokenConfiguration.xml 2011-05-12
11:24:49 UTC (rev 6469)
+++
epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationTokenConfiguration.xml 2011-05-13
01:23:40 UTC (rev 6470)
@@ -16,15 +16,6 @@
<para>
The token service allows administrators to create, delete, retrieve and clean tokens
as required. The service also defines a validity period of any given token. The token
becomes invalid once this period expires.
</para>
- <warning>
- <title>Username and passwords stored in clear text</title>
- <para>
- The remember-me feature uses the token mechanism to be able to authenticate
returning users without requiring an explicit login. To be able to authenticate, the token
needs to store the username and password in clear text in the JCR.
- </para>
- <para>
- The remember-me feature can be disabled by removing the corresponding
checkbox in:
<filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/login/jsp/login.jsp</filename>
and
<filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/groovy/portal/webui/UILoginForm.gtmpl</filename>
- </para>
- </warning>
</section>
Modified:
epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity.xml
===================================================================
---
epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity.xml 2011-05-12
11:24:49 UTC (rev 6469)
+++
epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity.xml 2011-05-13
01:23:40 UTC (rev 6470)
@@ -4,7 +4,66 @@
%BOOK_ENTITIES;
]>
<chapter id="chap-Reference_Guide-Authentication_and_Identity">
- <title>Authentication and Identity</title>
+ <title>Authentication and Identity</title>
+ <section
id="sect-Reference_Guide-Authentication_and_Identity-Password_Encryption" >
+ <title><remark>Password Encryption</remark></title>
+ <!--The warning and first listitem below were relocated from
sect-Reference_Guide-Authentication_Token_Configuration as security and plain-text
password issues were being expanded on (from JBEPP-610)-->
+ <warning>
+ <title>Username and passwords stored in clear text</title>
+ <para>
+ The <emphasis>Remember Me</emphasis> feature of JBoss Enterprise
Portal Platform uses a token mechanism to be able to authenticate returning users without
requiring an explicit login. However, to be able to authenticate these users, the token
needs to store the username and password in clear text in the JCR.
+ </para>
+ </warning>
+ <para>
+ Administrators have two options available to ameliorate this risk:
+ </para>
+ <orderedlist>
+ <listitem>
+ <para>
+ The <emphasis>Remember Me</emphasis> feature can be disabled by
removing the corresponding checkbox in:
<filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/login/jsp/login.jsp</filename>
and
<filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/groovy/portal/webui/UILoginForm.gtmpl</filename>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Passwords can be encoded prior to being saved to the JCR. This option
requires administrators to provide a custom subclass of
<parameter>org.exoplatform.web.security.security.AbstractCodec</parameter> and
set up a codec implementation with <parameter>CookieTokenService</parameter>:
+ </para>
+ <procedure>
+ <title>Encrypt Password in JCR</title>
+ <step>
+ <para>
+ Create a javaclass similar to:
+ </para>
+<programlisting language="Java" role="Java"><xi:include
href="../extras/Authentication_Identity/ExampleCodec.java"
parse="text"
xmlns:xi="http://www.w3.org/2001/XInclude"
/></programlisting>
+ </step>
+ <step>
+ <para>
+ Compile the class and package it into a jar file. For this example
we will call the jar file <filename>codec-example.jar</filename>.
+ </para>
+ </step>
+ <step>
+ <para>
+ Create a
<filename>conf/portal/configuration.xml</filename> file within the
<filename>codec-example.jar</filename> similar to the example below. This
allows the portal kernel to find and use the new codec implementation.
+ </para>
+<programlisting language="XML" role="XML"><xi:include
href="../extras/Authentication_Identity/configuration.xml"
parse="text"
xmlns:xi="http://www.w3.org/2001/XInclude"
/></programlisting>
+ </step>
+ <step>
+ <para>
+ Deploy the <filename>codec-example.jar</filename> into
your
<filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/lib/</filename>
directory.
+ </para>
+ </step>
+ <step>
+ <para>
+ Start (or restart) your JBoss Enterprise Portal Platform.
+ </para>
+ <para>
+ Any passwords written to the JCR will now be encoded and not
plain-text.
+ </para>
+ </step>
+ </procedure>
+ </listitem>
+ </orderedlist>
+ </section>
+
<xi:include
href="AuthenticationAndIdentity/PredefinedUserConfiguration.xml"
xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include
href="AuthenticationAndIdentity/AuthenticationTokenConfiguration.xml"
xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="AuthenticationAndIdentity/BackendConfiguration.xml"
xmlns:xi="http://www.w3.org/2001/XInclude" />
Modified: epp/docs/branches/5.1/Reference_Guide/en-US/modules/WSRP.xml
===================================================================
--- epp/docs/branches/5.1/Reference_Guide/en-US/modules/WSRP.xml 2011-05-12 11:24:49 UTC
(rev 6469)
+++ epp/docs/branches/5.1/Reference_Guide/en-US/modules/WSRP.xml 2011-05-13 01:23:40 UTC
(rev 6470)
@@ -797,7 +797,7 @@
</imageobject>
</mediaobject>
<note>
- <title><emphasis role="bold">JBoss Enterprise Portal
Platform 5.0 and WSRP 1 Exceptions</emphasis></title>
+ <title><emphasis role="bold">JBoss Enterprise Portal
Platform 5.1 and WSRP 1 Exceptions</emphasis></title>
<para>
In WSRP 1, it can be difficult to ascertain what caused an
<exceptionname>OperationFailedFault</exceptionname> as it is a generic
exception returned by producers during a failed method invocation.
</para>