From do-not-reply at jboss.org Tue Jan 29 11:07:59 2013 Content-Type: multipart/mixed; boundary="===============1076357038731076035==" MIME-Version: 1.0 From: do-not-reply at jboss.org To: gatein-commits at lists.jboss.org Subject: [gatein-commits] gatein SVN: r9088 - in epp/docs/branches/6.0/Reference_Guide/en-US: modules and 5 other directories. Date: Mon, 28 Jan 2013 00:14:13 -0500 Message-ID: <201301280514.r0S5EDS0032151@svn01.web.mwc.hst.phx2.redhat.com> --===============1076357038731076035== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Author: jaredmorgs Date: 2013-01-28 00:14:12 -0500 (Mon, 28 Jan 2013) New Revision: 9088 Modified: epp/docs/branches/6.0/Reference_Guide/en-US/Reference_Guide.xml epp/docs/branches/6.0/Reference_Guide/en-US/modules/Advanced/Foundations= /Config_Retrieval.xml epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIde= ntity/AuthenticationAuthorizationOverview.xml epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIde= ntity/SSO.xml epp/docs/branches/6.0/Reference_Guide/en-US/modules/PortletDevelopment/P= ortletBridge.xml epp/docs/branches/6.0/Reference_Guide/en-US/modules/WSRP.xml epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr-with-gtn/= managed-datasources-under-jboss-as.xml epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr/cluster-c= onfig.xml Log: Changes to date for WSRP section pushing back in. Modified: epp/docs/branches/6.0/Reference_Guide/en-US/Reference_Guide.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- epp/docs/branches/6.0/Reference_Guide/en-US/Reference_Guide.xml 2013-01= -26 18:34:09 UTC (rev 9087) +++ epp/docs/branches/6.0/Reference_Guide/en-US/Reference_Guide.xml 2013-01= -28 05:14:12 UTC (rev 9088) @@ -30,8 +30,8 @@ - -Server Integration - - + + Server Integration + + Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/Advanced/Foun= dations/Config_Retrieval.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- epp/docs/branches/6.0/Reference_Guide/en-US/modules/Advanced/Foundation= s/Config_Retrieval.xml 2013-01-26 18:34:09 UTC (rev 9087) +++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/Advanced/Foundation= s/Config_Retrieval.xml 2013-01-28 05:14:12 UTC (rev 9088) @@ -11,33 +11,22 @@ The container is initialized by looking into different locations. This c= ontainer is used by portal applications. Configurations are overloaded in t= he following lookup sequence: - NEEDINFO - FILE PATHS - the file before was configuration.xml, b= ut I'm pretty sure all this is defined in standalone.xml now, correct?= - Services default RootContainer configurations from JAR = files JPP_HOME//standalone/configurati= on/standalone.xml. + Services default RootContainer configurations from JAR = files /conf/configuration.xml. - External RootContainer configuration can be found at JPP_HOME//standalone/configuration/stand= alone.xml. + Services default PortalContainer configurations from JA= R files /conf/portal/configuration.xml. - Services default PortalContainer configurations from JA= R files JPP_HOME//standalone/configura= tion/standalone.xml. - - - - Web applications configurations from WAR files /WEB-INF/conf= /configuration.xml - - - External configuration for services of named portal can be found at JPP_HOME/standalone/configuration/standa= lone.xml. - - Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/Authenticatio= nAndIdentity/AuthenticationAuthorizationOverview.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndId= entity/AuthenticationAuthorizationOverview.xml 2013-01-26 18:34:09 UTC (rev= 9087) +++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndId= entity/AuthenticationAuthorizationOverview.xml 2013-01-28 05:14:12 UTC (rev= 9088) @@ -52,29 +52,23 @@ Authentication workflow consists of HTTP requests and redirect= s which include handshakes. Currently only Servlet 3.0 containers are suppo= rted, so authentication is triggered programmatically from Servlet API. - NEEDINFO - FILE PATHS - in this file, the /dologin blocks seem= to be in <servlet-mapping> directives. Is it OK for me to update to = this format in this respect? - - First you can see in JPP_DIST/gatein/gatein.ear/portal.war/WEB-INF/web.xml that authentic= ation is triggered by accessing a secured URL _/dologin_: + In JPP_DIST/gatein/gatein.e= ar/portal.war/WEB-INF/web.xml, authentication is triggered by ac= cessing a secured URL _/dologin_: - - - - user authentication - /dologin - POST - GET - - - users - - - NONE - - - -]]> - + <security-constraint> + <web-resource-collection> + <web-resource-name>user authentication</web-resource-name> + <url-pattern>/dologin</url-pattern> + <http-method>POST</http-method> + <http-method>GET</http-method> + </web-resource-collection> + <auth-constraint> + <role-name>users</role-name> + </auth-constraint> + <user-data-constraint> + <transport-guarantee>NONE</transport-guarantee> + </user-data-constraint> + </web-resource-collection> +</security-constraint> This means that access to URLs (such as http://localhost:8080/portal/do= login) will directly trigger J2EE authentication in the case that t= he user is not already logged in. @@ -84,18 +78,14 @@ In the next part of the file we can see that authentication is= FORM based and it starts by redirection to /login URL= , which is mapped to LoginServlet. - - - FORM - gatein-domain - - /login - /login - - -]]> - + <login-config> + <auth-method>FORM</auth-method> + <realm-name>gatein-domain</realm-name> + <form-login-config> + <form-login-page>/login</form-login-page> + <form-error-page>/login</form-error-page> + </form-login-config> +</login-config> LoginServlet redirects the user to the logi= n page placed in JPP_DIST/gatein/gatei= n.ear/portal.war/login/jsp/login.jsp. = Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/Authenticatio= nAndIdentity/SSO.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndId= entity/SSO.xml 2013-01-26 18:34:09 UTC (rev 9087) +++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndId= entity/SSO.xml 2013-01-28 05:14:12 UTC (rev 9088) @@ -60,7 +60,7 @@ -->
- <remark>BZ#856430</remark>Central Authentication Service (CAS)<= /title> + <title><remark>BZ#856430 </remark>Central Authentication Service (CAS)= The CAS single sign-on (SSO) plug-in enables seamless integrat= ion between the platform and the CAS SSO framework. General information abo= ut CAS can be found on the Jasig we= bsite. @@ -922,7 +922,7 @@ - Assuming again that you have JBoss Portal Platform= running on JBoss Enterprise Platform 6, you need to change some of the pro= perties in the SSO sections of JBOSS_HOME/standalone/configuratio= n/gatein/configuration.properties to match those below: + Assuming again that you have JBoss Portal Platform= running on JBoss Enterprise Application Platform 6, you need to change som= e of the properties in the SSO sections of JBOSS_HOME/standalone/= configuration/gatein/configuration.properties to match those bel= ow: Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/PortletDevelo= pment/PortletBridge.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- epp/docs/branches/6.0/Reference_Guide/en-US/modules/PortletDevelopment/= PortletBridge.xml 2013-01-26 18:34:09 UTC (rev 9087) +++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/PortletDevelopment/= PortletBridge.xml 2013-01-28 05:14:12 UTC (rev 9088) @@ -26,50 +26,49 @@ The other part of this implementation is provided by implementing = a variety of (standard) Faces extensions.
-
- File Locations - BZ#856417 - NEEDINFO - will we be packaging the portletbridge = binaries in this folder for JBoss Portal Platform 6? - The binaries required for Portlet Bridge applications, and exam= ple applications that can be used to learn and understand JSF applications = are located in in JPP_DIST/portletbridge. - Configuration files for Portlet Bridge are located in the follow= ing locations: - - - JPP_DIST/standalone/portlet_name.war/WEB-INF/portlet.xml - - - JPP_DIST/standalone/portlet_name.war/WEB-INF/faces-config.xml - - - JPP_DIST/standalone/portlet_name.war/WEB-INF/web.xml - - - - - - portlet.xml - - - Contains the primary configuration information for the p= ortlet. Information such as the GenericFacesPortlet location, and which Jav= a Server Faces (JSF) pages to render are stored in this file. - - - - - faces-config.xml - - - Contains configuration directives that are specific to J= SF applications. The specific directives will be covered as needed througho= ut this guide. - - - - - web.xml - - - Contains configuration directives that apply to the web = application in general. - - - -
-
+
Portlet application</= title> <para>A portlet application is defined as a single web archive (WAR). = </para> <para>All portlets that are part of the same WAR are considered to for= m part of the same portlet application.</para> @@ -77,7 +76,6 @@ <section> <title id=3D"Portlet_Bridge_Extensions">Extensions Portlet extensions sit atop the portlet bridge framework. They e= xtend the functionality of other JBoss portlet applications, and are critic= al in JSF portlet development. - Extensions are made available in the impl development binary, lo= cated in JPP_DIST/portletbridge.
<remark>BZ#856417</remark>Examples Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/WSRP.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- epp/docs/branches/6.0/Reference_Guide/en-US/modules/WSRP.xml 2013-01-26= 18:34:09 UTC (rev 9087) +++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/WSRP.xml 2013-01-28= 05:14:12 UTC (rev 9088) @@ -5,8 +5,9 @@ ]> Web Services for Remote Portlets (WSRP) -
+
Introduction + https://docs.jboss.org/author/display/GTNPORTAL35/Web+Services= +for+Remote+Portlets+%28WSRP%29 The Web Services for Remote Portlets specification defines a web= service interface for accessing and interacting with interactive presentation-oriented web services. = It has been produced through the efforts of the Web Services for Remote Portlets (WSRP) OASIS Technical Commi= ttee. It is based on the requirements @@ -35,6 +36,7 @@
Level of support in JBoss Portal Platform + Source: https://docs.jboss.org/author/display/GTNPORTAL35/Leve= l+of+support The WSRP Technical Committee defined WSRP Use Profiles to help with WSRP interoperability. This section will refer to te= rms defined in that document. @@ -44,7 +46,7 @@ defined at the Complex level) are supported. On the Consumer side, JBoss Portal Platform provides a Medium le= vel of support for WSRP, except that the consumer only handles - HTML markup (as JBoss Portal Platform itself does not handle othe= r markup types). It does support explicit portlet + HTML markup (because JBoss Portal Platform itself does not handle= other markup types). The platform does support explicit portlet cloning and it fully supports the PortletManagement interface. As far as caching goes, the component has Level 1 Producer and C= onsumer. Cookie handling is supported properly on the @@ -65,25 +67,24 @@ Note As of version &VZ; of JBoss Portal Platform, WSRP is only acti= vated and supported - when JBoss Portal Platform is deployed on JBoss Application Se= rver. +using JBoss Portal Platform deployed on JBoss Enterprise Application Platf= orm 6.
-
+
<remark>BZ#839355</remark>Deploying JBoss Portal Platform'= s WSRP services + Source: https://docs.jboss.org/author/display/GTNPORTAL35/Depl= oying+GateIn%27s+WSRP+services JBoss Portal Platform provides complete support for WSRP 1.0 and 2.0 stand= ard interfaces, and offers both consumer and producer services. Starting with version 2.1.0-GA of the componen= t, WSRP is packaged as a JBoss Portal Platform extension, and is self-contained in a package named - JPP_DIST/gatein/extensions/g= atein-wsrp-integration.ear + JPP_HOME/gatein/extensions/g= atein-wsrp-integration.ear . - NEEDINFO - FILE PATHS - there don't seem to be any config= files that I can see in the directory below. The only files of interest from a user perspective are located in the = - JPP_DIST/standalone= /configuration/gatein/wsrp + JPP_HOME/standalone= /configuration/gatein/wsrp directory. - NEEDINFO - FILE PATHS - the wsse files are not present in the = directory structure. Where do these live now? gatein-wsse-consumer.xml, = which allows you to configure WS-Security support for the consumer. @@ -156,7 +157,7 @@
Considerations to use WSRP when running JBoss Portal Platform= on a non-default port or hostname - The web service stack that JBoss Portal Platform uses is based on= JBoss WS. It updates the port and host name used in WSDL (for further deta= ils refer to the Web Services chapter in the JBoss Enterprise Application Platform Administration and Configuration = User Guide). + The web service stack that JBoss Portal Platform uses is based on= JBoss WS. It updates the port and host name used in WSDL (for further deta= ils refer to the Web Services chapter in the JBoss Enterprise Application Platform 6 Administration and Configuratio= n User Guide). Of course, if you have modified the host name and port on whic= h your server runs, you will @@ -164,8 +165,9 @@ update the configuration for the consumer used to consume JBos= s Portal Platform's 'self' producer.
-
- <remark>BZ#856432</remark>Securing WSRP +
+ <remark>BZ#856432 </remark>Securing WSRP + Source: https://docs.jboss.org/author/display/GTNPORTAL35/Secu= ring+WSRP#SecuringWSRP-SecuringWSRP There are two main ways to secure the communication between a pr= oducer and consumer: @@ -184,15 +186,15 @@ Depending on requirements, an HTTPs endpoint or/and ws-security = can be used. -
+
WSRP over SSL with HTTPS endpoints + Source: https://docs.jboss.org/author/display/GTNPORTAL35/Se= curing+WSRP#SecuringWSRP-WSRPoverSSLwithHTTPSendpoints - It is possible to use WSRP over SSL for a secure exchange of data. S= ince GateIn Portal does not come initially configured for HTTPS connectors,= we will need to configure the producer's server for this first. This = is a global configuration change to JBoss AS and will affect more than just= GateIn Portal and WSRP. Please see the - JBoss AS documentat= ion - for how to configure HTTPS connectors for the server. + It is possible to use WSRP over SSL for a secure exchange of data. S= ince JBoss Portal Platform does not come initially configured for HTTPS con= nectors, we will need to configure the producer's server for this firs= t. This is a global configuration change, and will affect more than just t= he portal and WSRP. Refer to the +JBoss Enterprise Application Platform 6 Administration and Conf= iguration Guide for instructions about how to configure H= TTPS connectors for the server. - Once the producer is configured for HTTPS connections, on the consum= er you will just need to modify the URL for the WSRP endpoint to point to t= he new https based url. This will require either manually updating the valu= e in the WSRP admin application, or by specifying it using the + Once the producer is configured for HTTPS connections, on the consum= er you will just need to modify the URL for the WSRP endpoint to point to t= he new https based URL. This will require either manually updating the valu= e in the WSRP administration application, or by specifying it using the wsrp-consumers-config.xml configuration file before the server is first started. @@ -200,31 +202,24 @@ Sample Configuration For Enabling SSL With WSRP - This is just a simple, test configuration to be used as an examp= le as to how its possible to setup the https/ssl with wsrp. It is not meant= to show best practices for configuring https with JBoss AS and does things= which should not be used in a production server (such as self-signed certi= ficates). Please see the - JBoss AS docume= ntation - for full configuration options. + The following procedures are provided as an example of configuri= ng HTTPS/SSL with WSRP. + It is not meant to show best practices for configuring HTT= PS with the platform, and does things which should not be used in a product= ion server (such as self-signed certificates). Refer to the JBoss Enterpris= e Application Platform 6 product documentation for detailed, best practice = configuration guidelines. -
+ Configure the Producer to Use HTTPS - First we will need to configure the producer's server= to use https. This is handled in the same manner that you would configure = any JBoss AS server for HTTPS. - - - Generate the keystore for the producer - - keytool -genkey -alias tomcat -keyalg RSA = -keystore producerhttps.keystore -dname "cn=3Dlocalhost" -keypass= changeme -storepass changeme - - - - + Configure the producer's server to use HTTPS. This is= handled in the same manner that you would configure any JBoss AS server fo= r HTTPS. + + Generate the keystore for the producer by executing the = following command. + keytool -genkey -alias tomcat -keyalg RSA -key= store producerhttps.keystore -dname "cn=3Dlocalhost" -keypass cha= ngeme -storepass changeme + + + Configure the server to add an https connection. This requir= es modifying the standalone/configuration/standalo= ne.xml file with the following content in bold: - - - ... - = + = <subsystem xmlns=3D"urn:jboss:domain:web:1.1"= default-virtual-server=3D"default-host" native=3D"false&quo= t;> = <connector name=3D"http" protocol=3D"HTT= P/1.1" scheme=3D"http" socket-binding=3D"http"/> @@ -243,104 +238,89 @@ = </virtual-server> = - ... - - - - - + ... + + + Start the server and verify that is accessible. Note that since you are using a self-signed c= ertificate that your browser will give a warning that the certificate canno= t be trusted. - - In this example case we are accessing the portal usi= ng 'localhost' hence why we are using "cn=3Dlocalhost" = in the keytool command. If you are using this across another domain, you wi= ll need to make the necessary change. - - - -
-
+ + In this example case we are accessing the portal using= 'localhost' hence why we are using "cn=3Dlocalhost" in= the keytool command. If you are using this across another domain, you will= need to make the necessary changes. + + + + Configure the Consumer to Access the WSRP Endpoint over H= TTPS - Ideally we should be able to just change the URL for the p= roducer in the wsrp admin to use https, but we need to tell the consumer&ap= os;s server to trust our self-signed certificate first. - - - Export the producer's public key from the produce= r's keystore - - keytool -export -alias tomcat -file produc= erkey.rsa -keystore producerhttps.keystore -storepass changeme - - - - Import the producer's public key into a new keyst= ore for the consumer - - keytool -import -alias tomcat -file produc= erkey.rsa -keystore consumerhttps.keystore -storepass changeme -noprompt - - - - + + Export the producer's public key from the producer&= apos;s keystore + keytool -export -alias tomcat -file producerke= y.rsa -keystore producerhttps.keystore -storepass changeme + + + Import the producer's public key into a new keystor= e for the consumer + keytool -import -alias tomcat -file producerke= y.rsa -keystore consumerhttps.keystore -storepass changeme -noprompt + + + Configure the bin/standalone.conf file to add the following line at the end of the file: - - JAVA_OPTS=3D"$JAVA_OPTS -Djavax.net.s= sl.trustStore=3D/path/to/consumerhttps.keystore -Djavax.net.ssl.trustStoreP= assword=3Dchangeme" - - - - + JAVA_OPTS=3D"$JAVA_OPTS -Djavax.net.ssl.t= rustStore=3D/path/to/consumerhttps.keystore -Djavax.net.ssl.trustStorePassw= ord=3Dchangeme" + + + Start the consumer and change the selfv2 producer url to and verify that the consumer can access the producer. - - - - - It is also possible to modify the + + + + + It is possible to modify the wsrp-consumers-config.xml - configuration file to change the URL instead of modifying it i= n the admin gui + configuration file to change the URL instead of modifying it i= n the administration GUI. - - - It is possible to use WSRP over SSL for secure exchange of data. Con= figure your server appriopriately as described in the HTTPS Conf= iguration section of the Installation Guide. + + + It is possible to use WSRP over SSL for secure exchange of data. Con= figure your server appropriately as described in the HTTPS Confi= guration section of the Installation Guide. -
-
+
WSRP and WS-Security Portlets may present different data or options depending on th= e currently authenticated user. For remote portlets, this means having to propagate the user credential= s from the consumer back to the producer in a safe and secure manner. The WSRP specification does not di= rectly specify how this should be accomplished, but delegates this work to the existing WS-Sec= urity standards. The WS-Security standards can also be used to secure the s= oap message, such as encryption and signing the message. - - Web Container Compatibility - WSRP and WS-Security is currently only supported on JBoss Po= rtal Platform when running on top of JBoss - AS 5. - - - Encryption - You will want to encrypt the credentials being sent between = the consumer and producer, otherwise they - will be sent in plain text and could be easily intercepted= . You can either configure WS-Security to - encrypt and sign the SOAP messages being sent, or secure t= he transport layer by using an https endpoint. + Encryption is strongly recommended + Encrypt the credentials being sent between the consumer and = producer, otherwise they + will be sent in plain text and could be easily intercepted= . Configure WS-Security to + encrypt and sign the SOAP messages being sent, or secure t= he transport layer by using an HTTPS endpoint. Failure to encrypt the soap message or transport layer wil= l result in the username and password being - sent in plain text. Use of encrypt= ion is strongly recommended. + sent in plain text. = + + Web Container Compatibility + WSRP and WS-Security is only supported on JBoss Portal Plat= form when running on JBoss Enterprise Application Platform 6. + +
-
+
Credentials When the consumer sends the user credentials to the producer, = it is sending the credentials for the currently authenticated user in the consumer. This makes s= igning in to remote portlets transparent to end users, but also requires that the producer and cons= umer use the same credentials. This means that the username and password must be the same and valid = on both servers. - The recommended approach for this situation would be to use a = common LDAP configuration. Please - see the user guide on how to configure LDAP for use with JB= oss Portal Platform - + The recommended approach for this situation would be to use a = common LDAP configuration. Refer to to correctly configure LDAP on JBoss Portal Platform.
- <remark>BZ#839355</remark>WS-Security Configuration + <remark>BZ#839355 </remark>WS-Security Configuration
Introduction JBoss AS7 uses a different web service implementation than= the previous versions: it is now uses the JBossWS CXF Stack instead of the= JBossWS Native Stack. Due to these changes, the way we configure WS-Securi= ty for WSRP with GateIn Portal on JBossAS 7 has changed. @@ -351,21 +331,17 @@
Overview - CXF uses interceptors to extend and configure its behaviou= r. There are two main types of interceptors: inInterceptors and outIntercep= tors. InInterceptors are invoked for communication coming into the client o= r server, while outInterceptors are invoked when the client or server sends= a message. + CXF uses interceptors to extend and configure its behavior= . There are two main types of interceptors: inInterceptors and outInterceptors. InInterceptors are invok= ed for communication coming into the client or server, while outInterceptor= s are invoked when the client or server sends a message. So for the WSRP case, the communication from the consumer = to the producer is governed by the consumer's OutInterceptor and the p= roducer's InIntereceptor. The communication from the producer to the c= onsumer is governed by the producer's OutInterceptor and the consumer&= apos;s InInterceptor. This may mean having to configure 4 Interceptors. - - When dealing with WS-Security, there are some things to = consider here: - - - When dealing with user propagation, only the consume= r sends the user credentials to the producer. So Username Tokens only need = to be configured for the consumer's OutInterceptor and the producer&ap= os;s InInterceptor. - - - - - When dealing with things like encryption, you will m= ost likely want to encrypt the message from the consumer to the producer an= d also the message from the producer to the consumer. This means that encry= ption properties must be configured for all 4 interceptors. - - - + When dealing with WS-Security, there are some things to co= nsider here: + + + When dealing with user propagation, only the consumer = sends the user credentials to the producer. So Username Tokens only need to= be configured for the consumer's OutInterceptor and the producer&apos= ;s InInterceptor. + + + When dealing with things like encryption, you will mos= t likely want to encrypt the message from the consumer to the producer and = also the message from the producer to the consumer. This means that encrypt= ion properties must be configured for all 4 interceptors. + + Please see the CXF Documentation for more details on interceptor= s and their types: @@ -376,7 +352,7 @@
-
+
WSS4J Interceptors and WSRP The WSS4J Interceptors are configured using using simple pr= operty files. = @@ -1166,15 +1142,13 @@ Note - NEEDINFO - FILE PATH - while this path is valid, there is = no XSD here any more. Should I just remove the note? Where is the XSD conta= ined now? An XML Schema defining which elements are available to confi= gure Consumers via XML can be found in - JPP_DIST/gatein/ext= ensions/gatein-wsrp-integration.ear/lib/jboss7integration.jar/ + JPP_DIST/modules/or= g/gatein/wsrp/main/wsrp-integration-api-&WSRP_VERSION;.jar/xsd/gatein_wsrp_= consumer_1_0.xsd - - It is important to note that once the XML configuration = file for consumers has been read upon + Once the XML configuration file for consumers has been read = upon the WSRP service first start, the associated information= is put under control of JCR (Java Content Repository). Subsequent launches of the WSRP service wil= l use the JCR-stored information and ignore the content of the XML configuration file. Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr/cl= uster-config.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr/cluster-= config.xml 2013-01-26 18:34:09 UTC (rev 9087) +++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr/cluster-= config.xml 2013-01-28 05:14:12 UTC (rev 9088) @@ -7,79 +7,6 @@ Configuring Cluster
Launching Cluster -
- Deploying eXo JCR to JBoss Application Server - - To deploy eXo JCR to the JBoss AS, do the following: - - NEEDINFO - FILE PATHS - do we need to do this for JPP 6. JCR= is embedded isn't it? - - - <step> - <para> - Download the latest version of eXo JCR <filename>.= ear</filename> file distribution. - </para> - </step> - <step> - <para> - Copy the file into <filename><replaceable>JPP_HOME= </replaceable>/standalone/deployments</filename> directory. - </para> - </step> - <step> - <para> - Drop <filename>exo-configuration.xml</filename> in= to your root <filename><replaceable>JPP_DIST</replaceable>/jboss-as/</filen= ame> directory. - </para> - </step> - <step> - <para> - Configure JAAS by inserting the XML fragment shown= below into <filename><replaceable>JPP_DIST</replaceable>/jboss-as/server/<= replaceable>PROFILE</replaceable>/conf/login-config.xml</filename> - </para> - <programlisting language=3D"XML" role=3D"XML"><application-po= licy name=3D"exo-domain"> - <authentication> - <login-module code=3D"org.exoplatform.services.security.j2ee= .JbossLoginModule" flag=3D"required"></login-module> - </authentication> -</application-policy></programlisting> - </step> - <step> - <para> - To ensure that <emphasis>JBossTS</emphasis> and <e= mphasis>JBossCache</emphasis> are used, your <filename>configuration.xml</f= ilename> file must contain: - </para> - <programlisting language=3D"XML" role=3D"XML"><component> - <key>org.jboss.cache.transaction.TransactionManagerLookup</key= > - <type>org.jboss.cache.GenericTransactionManagerLookup</type>= ;^ -</component> - -<component> - <key>org.exoplatform.services.transaction.TransactionService</= key> - <type>org.exoplatform.services.transaction.jbosscache.JBossTransa= ctionsService</type> - <init-params> - <value-param> - <name>timeout</name> - <value>300</value> - </value-param> - </init-params> -</component></programlisting> - </step> - <step> - <para> - Start server: - </para> - <para> - In Linux systems: - </para> - <programlisting><command>sh bin/run.sh</command></programlisting> - <para> - In Windows systems: - </para> - <programlisting><command>bin/run.bat</command></programlisting> - </step> - <step> - <para> - Navigate to <ulink url=3D"http://localhostu:8080/b= rowser" type=3D"http"/> ans use the credentials <emphasis role=3D"bold">roo= t</emphasis>/<emphasis role=3D"bold">exo</emphasis> (login/password). - </para> - </step> - </procedure> - </section> <section id=3D"sect-Reference_Guide-Launching_Cluster-Configuring_JCR_= to_use_external_configuration"> <title>Configuring JCR to use external configuration Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr-wi= th-gtn/managed-datasources-under-jboss-as.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr-with-gtn= /managed-datasources-under-jboss-as.xml 2013-01-26 18:34:09 UTC (rev 9087) +++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/eXoJCR/jcr-with-gtn= /managed-datasources-under-jboss-as.xml 2013-01-28 05:14:12 UTC (rev 9088) @@ -4,11 +4,11 @@ %BOOK_ENTITIES; ]>
- How to use AS Managed DataSource under JBoss AS + How to use a Managed DataSource under JBoss AS
Configurations Steps
- Declaring the datasources in the AS + Declaring the Datasources in the AS NEEDINFO - FILE PATHS - I know this isn't right. Where = do these get deployed again? To declare the datasources using a JBoss application server, deploy a = ds file (XXX-ds.xml= ) into the deploy directory of the appropri= ate server profile (/server/PROFILE/de= ploy, for example). @@ -61,7 +61,7 @@ Do not bind datasources explicitly Do not let the portal explicitly bind datasources. - NEEDINFO - FILE PATHS - I think some of the values have chan= ged here when I look at the new file below. New info required? + NEEDINFO - FILE PATHS - I think some of the values have chan= ged in the referenced file when I look at the new file below. New info requ= ired? Edit the JPP_HOME/standal= one/configuration/gatein/configuration.properties and comment ou= t the following rows in the JCR section: #gatein.jcr.datasource.driver=3Dorg.hsqldb.jdbcDriver --===============1076357038731076035==--