The Sakai JSR-168 Portlet (Version 2) Charles Severance [email_address] December 17, 2005
New in Portlet Version 0.2 <ul><li>Tree View </li></ul><ul><li>Gallery View </li></ul><ul><li>Proxy portlets </li></ul><ul...
Use Case (getting closer) <ul><li>Goal: a bunch of Sakai Portlets that can be scattered through out a portal at the portal...
Sakai JSR-168 Portlet <ul><li>Web Services are used to login to Sakai establish a session and retrieve a list of Sakai Sit...
Three Variations <ul><li>Display the Sakai gallery - all of Sakai except for the login and branding. </li></ul><ul><li>Ret...
SakaiSite.getToolsDom <sites> <portal>http://localhost:8080/portal</portal> <server>http://localhost:8080</server> <galler...
Sakai Gallery View
How Gallery Works uPortal, Pluto, or GridSphere Sakai Web Svcs Charon Portal Sakai Portlet Login /portal/gallery
Sakai Tree View
How Tree View Works uPortal, Pluto, or GridSphere Sakai Web Svcs Charon Portal Sakai Portlet Login ToolList /portal/page/F...
Sakai Proxy Tool
Proxy Tool Selection
How Proxy Portlet Works uPortal, Pluto, or GridSphere Sakai Web Svcs Charon Portal Sakai Portlet Login SiteList /portal/pa...
Auto Login <ul><li>Automatic login (unchanged from previous version) </li></ul><ul><ul><li>The portlet can be configured s...
How Normal Login Works uPortal, Pluto, or GridSphere Sakai Web Svcs Charon Portal Sakai Portlet SakaiLogin (id,pw) 2 1 /po...
How Auto Login Works uPortal, Pluto, or GridSphere Sakai Web Svcs Charon Portal Sakai Portlet PortalLogin (id,secret) 2 1 ...
How Normal Login Works uPortal, Pluto, or GridSphere Sakai Web Svcs Charon Portal Sakai Portlet PortalLogin (id,secret) Co...
Sakai Portlet Preferences
Configuration <ul><li>Configured via both a properties file and portlet <init-parms> </li></ul><ul><ul><li>Default propert...
sakaiportlet.properties file # # This sets parameters for sakai portlets # # These values are overridden by any init-parms...
Notes <ul><li>If you don’t use auto-portal login, it is very painful to use the proxy portlets (sakai.calendar, etc) becau...
TODO List <ul><li>Create “group placed” versions of the proxy portlet - need to interoperate with the AUTHZ in the Portal ...
Outline of (TBD) AUTHZ <ul><li>It is pretty clear that it is dangerous to depend on the AuthZ of the Portal because all po...
Current AUTHZ Portlet Site User Role AB23 csev maintain AB23 hao access BC55 hao maintain BC55 marlon access Calendar port...
TBD AUTHZ - Maintain case Portlet Site User Role AB23 csev maintain AB23 hao access BC55 hao maintain BC55 marlon access C...
TBD AUTHZ - Access Case Portlet Site User Role AB23 csev maintain AB23 hao access BC55 hao maintain BC55 marlon access BC5...
TBD AUTHZ - Maintain case (more detail) Portlet Site User Role AB23 csev maintain AB23 hao access BC55 hao maintain BC55 m...
Summary <ul><li>This is a nice step forward for the Sakai JSR-168 portlet </li></ul><ul><li>There is another step needed t...
Upcoming SlideShare
Loading in...5
×

Sakai Portlet V03

1,031

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,031
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Sakai Portlet V03

  1. 1. The Sakai JSR-168 Portlet (Version 2) Charles Severance [email_address] December 17, 2005
  2. 2. New in Portlet Version 0.2 <ul><li>Tree View </li></ul><ul><li>Gallery View </li></ul><ul><li>Proxy portlets </li></ul><ul><li>Source in SVN </li></ul><ul><li>Configurable via properties file </li></ul>Announcements (sakai.announcements) Assignments (sakai.assignment) Chat Room (sakai.chat) Discussion (sakai.discussion) Gradebook (sakai.gradebook.tool) Email Archive (sakai.mailbox) Membership (sakai.membership) Message Forums (sakai.messageforums) Preferences Tool (sakai.preferences) Presentation (sakai.presentation) Profile (sakai.profile) Resources (sakai.resources) Wiki (sakai.rwiki) Tests & Quizzes (sakai.samigo) Roster (sakai.site.roster) Schedule (sakai.schedule) Site Info (sakai.siteinfo) Syllabus (sakai.syllabus)
  3. 3. Use Case (getting closer) <ul><li>Goal: a bunch of Sakai Portlets that can be scattered through out a portal at the portal administrator’s discretion - it is *almost* as if Sakai was in the portal. </li></ul><ul><li>Not quite there </li></ul><ul><ul><li>One weakness is the provisioning step - for the proxy portlets they need provisioning. </li></ul></ul><ul><ul><li>Another weakness is the need to synchronize AUTHZ between the portal and Sakai - give than none of the AUTHZ in portals is standard at all, this is a challenge </li></ul></ul><ul><li>Even though portals may not have the infrastructure to support a “group-scoped” calendar, we may have to build one anyways. </li></ul>
  4. 4. Sakai JSR-168 Portlet <ul><li>Web Services are used to login to Sakai establish a session and retrieve a list of Sakai Sites, Pages, and Tools </li></ul><ul><li>The portlet is 100% stock JSR-168 </li></ul><ul><ul><li>Works in Pluto, uPortal, and GridSphere </li></ul></ul>
  5. 5. Three Variations <ul><li>Display the Sakai gallery - all of Sakai except for the login and branding. </li></ul><ul><li>Retrieve the hierarchy of sites, pages and tools display in a tree view with the portlet and show selected tools/pages in an iframe within the portlet </li></ul><ul><li>Proxy tool placement for a particular Sakai tool such as sakai.preferences </li></ul>
  6. 6. SakaiSite.getToolsDom <sites> <portal>http://localhost:8080/portal</portal> <server>http://localhost:8080</server> <gallery>http://localhost:8080/gallery</gallery> <site> <title>My Workspace</title> <id>~csev</id> <url>http://localhost:8080/portal/worksite/~csev</url> <pages> <page> <id>af54f077-42d8-4922-80e3-59c158af2a9a</id> <title>Home</title> <url>http://localhost:8080/portal/page/af54f077-42d8-4922-80e3-59c158af2a9a</url> <tools> <tool> <id>b7b19ad1-9053-4826-00f0-3a964cd20f77</id> <title>Message of the Day</title> <toolid>sakai.motd</toolid> <url>http://localhost:8080/portal/tool/b7b19ad1-9053-4826-00f0-3a964cd20f77</url> </tool> <tool> <id>85971b6b-e74e-40eb-80cb-93058368813c</id> <title>My Workspace Information</title> <toolid>sakai.iframe.myworkspace</toolid> <url>http://localhost:8080/portal/tool/85971b6b-e74e-40eb-80cb-93058368813c</url> </tool> </tools> </page> </pages> </site> </sites> New WS method is upwards compatible with getSitesDom
  7. 7. Sakai Gallery View
  8. 8. How Gallery Works uPortal, Pluto, or GridSphere Sakai Web Svcs Charon Portal Sakai Portlet Login /portal/gallery
  9. 9. Sakai Tree View
  10. 10. How Tree View Works uPortal, Pluto, or GridSphere Sakai Web Svcs Charon Portal Sakai Portlet Login ToolList /portal/page/FF96
  11. 11. Sakai Proxy Tool
  12. 12. Proxy Tool Selection
  13. 13. How Proxy Portlet Works uPortal, Pluto, or GridSphere Sakai Web Svcs Charon Portal Sakai Portlet Login SiteList /portal/page/FF96 1 2
  14. 14. Auto Login <ul><li>Automatic login (unchanged from previous version) </li></ul><ul><ul><li>The portlet can be configured system-wide to have a designated Sakai host that people are to be automatically logged into. </li></ul></ul><ul><ul><li>A shared secret between the portlet and the Sakai system allows bypass of any Sakai log in. </li></ul></ul><ul><ul><li>There must be a Sakai account for each portal account. But if the account exists and the shared secrets match, integration is seamless </li></ul></ul><ul><ul><li>If the portal is fully provisioned and knows first name, last name, and e-Mail, SakaiPortalLogin can also auto-create users. </li></ul></ul>
  15. 15. How Normal Login Works uPortal, Pluto, or GridSphere Sakai Web Svcs Charon Portal Sakai Portlet SakaiLogin (id,pw) 2 1 /portal/gallery
  16. 16. How Auto Login Works uPortal, Pluto, or GridSphere Sakai Web Svcs Charon Portal Sakai Portlet PortalLogin (id,secret) 2 1 /portal/gallery Configuration: sakai.secret=abcdef sakai.host=http://… Request.getRemoteUser = “ csev” Configuration: sakai.secret=abcdeff
  17. 17. How Normal Login Works uPortal, Pluto, or GridSphere Sakai Web Svcs Charon Portal Sakai Portlet PortalLogin (id,secret) Configuration: sakai.secret=abcdef sakai.host=http://… Request.getRemoteUser = “ csev”
  18. 18. Sakai Portlet Preferences
  19. 19. Configuration <ul><li>Configured via both a properties file and portlet <init-parms> </li></ul><ul><ul><li>Default properties is in /WEB-INF/classes/org/sakaiproject/portlets/sakaiportlet.properties </li></ul></ul><ul><ul><li>This file can also be placed in the -Dsakai.home directory as well - this will override the default file </li></ul></ul><ul><ul><li>Portlet.xml <init-parms> override these properties but out of the box, the portlet.xml does not set these properties </li></ul></ul>
  20. 20. sakaiportlet.properties file # # This sets parameters for sakai portlets # # These values are overridden by any init-parms in the portlet.xml or # init-parms forced by the portal sakai.host = http://localhost:8080 # It is convenient for testing to have the secret set out of the box # But in production, if you do not want autologin, do not set this parameter # and autologin will be turned off sakai.secret = plug-xyzzy # This is used to deal with non-portable aspects across portals - such as how # to determine the current logged in user. Leaving it null assumes that it # is an Apache Pluto based portal. # portal.type=gridsphere # portal.type=uportal
  21. 21. Notes <ul><li>If you don’t use auto-portal login, it is very painful to use the proxy portlets (sakai.calendar, etc) because they need to establish login separately :( </li></ul><ul><li>There is a bug in 2.1 logging out from the gallery. Actually it might be best to hide the logout button as it is not really logical in a mode where some “higher level” portal is doing navigation. </li></ul><ul><li>Char does not work - need to figure out why. Probably an interaction with presence </li></ul>
  22. 22. TODO List <ul><li>Create “group placed” versions of the proxy portlet - need to interoperate with the AUTHZ in the Portal and in Sakai </li></ul><ul><ul><li>Need to look very closely at how AUTHZ is done in the portal and what APIs to call for each portal - this will likely be a “case statement” </li></ul></ul><ul><ul><li>Need to look closely at preferences in the portal, normally there are portlet-wide init parms and user-scoped preferences. Is there an intermediate level where an admin can set certain prefs that end-users cannot override? This will likely also be non portable. </li></ul></ul><ul><li>Make tool placements in tree view look like page placements - should this be in Charon or in the Portlet? Effectively this is snatching some Charon code to do the titles, etc. Would be better to do this in Charon. </li></ul>
  23. 23. Outline of (TBD) AUTHZ <ul><li>It is pretty clear that it is dangerous to depend on the AuthZ of the Portal because all portals will be different. </li></ul><ul><li>Build a service inside of Sakai which maps Portlet Placements to Sakai Sites </li></ul><ul><li>Allow users with site.upd to effectively grant a “role” to a portlet placement. </li></ul><ul><li>Another variant is to have folks “auto-join” sites and get a role in the site that way. </li></ul>
  24. 24. Current AUTHZ Portlet Site User Role AB23 csev maintain AB23 hao access BC55 hao maintain BC55 marlon access Calendar portlet executed by hao - no placement in pref - find placements Calendar portlet placed by admin with ID FF12 What calendars can hao see? AB23 BC55 hao picks BC55 and it becomes his personal pref. Calendar portlet executed by csev - no placement in pref - find placements What calendars can csev see? AB23 Since there is only one csev sees it and it becomes his pref
  25. 25. TBD AUTHZ - Maintain case Portlet Site User Role AB23 csev maintain AB23 hao access BC55 hao maintain BC55 marlon access Calendar portlet executed by hao - no placement in pref - find placements Calendar portlet placed by admin with ID FF12 What calendars can hao see? AB23 BC55 (site.upd) Does hao have site.upd in this site? Yes Portlet Site Role FF12 AB23 access hao picks BC55 and then is asked, would you like this to be a group placement? If so, what role do people get when they see this placement? Hao says “yes - access”. Grant Portlet FF12 access role in AB23. Sweet hao sees the AB23 calendar and it becomes his preference.
  26. 26. TBD AUTHZ - Access Case Portlet Site User Role AB23 csev maintain AB23 hao access BC55 hao maintain BC55 marlon access BC55 csev access Calendar portlet executed by csev - no placement in pref - find placements Calendar portlet placed by admin with ID FF12 What is the placement portlet FF12? AB23 Portlet Site Role FF12 AB23 access csev is sent to the AB23 calendar and it becomes his preference. Sakai notices the placement rule made by hao, and also that csev does not have access, and adds csev as access below.
  27. 27. TBD AUTHZ - Maintain case (more detail) Portlet Site User Role AB23 csev maintain AB23 hao access BC55 hao maintain BC55 marlon access Calendar portlet executed by hao - no placement in pref - find placements Calendar portlet placed by admin with ID FF12 What calendars can hao see? AB23 BC55 (site.upd) Since hao has site.upd, he picks BC55 and indicates that this placement gets the access role. Portlet Site Role Grant Portlet FF12 access role in AB23. Sweet hao sees the AB23 calendar and it becomes his preference. What is the placement portlet FF12? Null Since there are no placements, lets check to see if hao can see any calendars. Portlet Site Role FF12 AB23 access
  28. 28. Summary <ul><li>This is a nice step forward for the Sakai JSR-168 portlet </li></ul><ul><li>There is another step needed to truly meet the ideal use case </li></ul><ul><ul><li>This step needs some analysis by within-portal security folks (I.e. I need help from the uPortal and GridSphere experts to determine next steps) </li></ul></ul><ul><li>This will meet a set of needs much better than version 0.1 of the portlet. </li></ul><ul><ul><li>The gallery and tree should work well </li></ul></ul><ul><ul><li>Proxy portlets can be used in certain cases where AUTHZ is well considered. </li></ul></ul><ul><li>This version is “safe” from a security perspective - it only allows users to do what Sakai permits them to do. </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×