Jetspeed-2 Overview


Published on

Contact David Sean Taylor for more information or training.

taylor at

Published in: Technology, Education
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Jetspeed-2 Overview

  1. 1. <ul><ul><li>Jetspeed-2 </li></ul></ul><ul><ul><li>David Sean Taylor </li></ul></ul>Jetspeed-2 Enterprise Portals
  2. 2. Portal Integration Framework <ul><li>Jetspeed is an OPEN SOURCE application-integration portal framework. If you already know Spring, you can easily get started customizing your portal to your own needs. Jetspeed is entirely constructed with Spring components based on interfaces: the Jetspeed API. All aspects of the portal are configurable, including security, registries, preferences, and the core aggregation engine. </li></ul><ul><li>Portal Integration is about customization on a solid, open framework. </li></ul><ul><li>Customization of the portal framework is a matter of putting in your implementation at the correct integration point. </li></ul><ul><li>Customization of the user experience is accomplished with a flexible portal personalization engine, and with deployable units of markup. </li></ul><ul><li>All access to the portal must be secured . </li></ul>
  3. 3. Jetspeed-2 Portal Framework Design Goals <ul><li>Standards and Specifications </li></ul><ul><ul><li>Fully Compliant with Java Portlet API Standard, pass TCK </li></ul></ul><ul><ul><li>WSRP-4J support (2.1) </li></ul></ul><ul><ul><li>Leverage Java Security, JAAS Security Components </li></ul></ul><ul><ul><li>LDAP </li></ul></ul><ul><li>Open Source and Portability </li></ul><ul><ul><li>Based on Open Source Libraries such as Jakarta Commons, Spring, OJB </li></ul></ul><ul><ul><li>Run on Open Source Application Servers </li></ul></ul><ul><li>Component, Container Based Architecture </li></ul><ul><ul><li>Integrators assembly components with Spring configurations </li></ul></ul><ul><ul><li>Light weight containers working on POJOs </li></ul></ul><ul><ul><li>Configurable Pipeline-based Request Processing </li></ul></ul><ul><li>Scalability, Portability and Performance </li></ul><ul><ul><li>Multi-threaded Portlet Aggregation Engine </li></ul></ul><ul><ul><li>Scalable Cluster Architecture (2.1) </li></ul></ul>
  4. 4. Framework Design Goals (continued) <ul><li>Portal Framework </li></ul><ul><ul><li>Separation of Portlet Applications from Portal </li></ul></ul><ul><ul><li>Live Deployment Model for Portlet Applications and Portal Layouts </li></ul></ul><ul><li>Interface Driven Integration </li></ul><ul><ul><li>Jetspeed API: component-based interface API </li></ul></ul><ul><ul><li>All parts of the portal can be wired together by Jetspeed API contract </li></ul></ul><ul><li>Security </li></ul><ul><ul><li>Authentication APIs </li></ul></ul><ul><ul><li>Authorization APIs </li></ul></ul><ul><ul><li>JAAS Policy Support </li></ul></ul><ul><ul><li>Security Constraints </li></ul></ul><ul><ul><li>SSO </li></ul></ul><ul><li>Easy to Use, Customizable </li></ul><ul><li>Localization Ready </li></ul>
  5. 5. Standards and Specifications <ul><li>Specifications – Jetspeed works with Java J2EE standards, Oasis, and WC3 standard specifications where applicable, most notably the Java Portlet API, along with providing its own specification essential for component interoperability. </li></ul><ul><li>The Portlet API – The Java Standard Portlet API is the specification dictating how Jetspeed runs portlets and portlet applications in the portal. It is the contract between portlets and the portlet container. </li></ul><ul><li>The Jetspeed Component API – Jetspeed provides a clear API for writing components that work inside the Jetspeed Component Portal Architectural. The Jetspeed Component API provides the contract between the portal and the component implementations. </li></ul><ul><li>WSRP (OASIS) – not supported until 2.1+ </li></ul><ul><li>JAAS Security – support Java Security policies, integrated support with Java Login Modules </li></ul>
  6. 6. JSR 168: The Java Standard Portlet Spec <ul><li>JSR168 is the Portlet specification enables interoperability between Portlets and Portals. The specification defines a set of APIs that addresses standardization of portlet aggregation, personalization, presentation and security. The current goals of JSR168 are to: </li></ul><ul><li>Define common Portal metaphor </li></ul><ul><li>Define a standard Portlet Java API </li></ul><ul><li>Ensure interoperability and portability </li></ul><ul><li>Enable multiple markups support </li></ul><ul><li>Ensure compatibility with other technologies </li></ul><ul><li>The Jetspeed-2 Portlet Server supports the JSR 168 standard. This is an important initiative, introducing true portlet portability. </li></ul><ul><li>Jetspeed-2 has passed the TCK (Test Compatibility Kit) suite and pending full CERTIFICATION to the Java Portlet Standard. </li></ul>
  7. 7. Software Architecture Design Concepts <ul><li>Jetspeed is founded on the following core Software Architectural Design concepts: </li></ul><ul><li>Interface Driven Development – the Jetspeed API </li></ul><ul><li>Lightweight Containers and Component Oriented Programming based on the Spring Framework </li></ul><ul><li>Inversion of Control with Spring Containers </li></ul><ul><li>Aspect-Oriented programming </li></ul><ul><li>POJO Assembly and Dependency Injection </li></ul><ul><li>Pipeline Driven Processing </li></ul><ul><li>Aspect Oriented Programming </li></ul><ul><li>Separation of Concerns: Portal vs Portlet Applications Frameworks </li></ul><ul><li>100% Open, Standardized Open Source Solutions </li></ul>
  8. 8. Jetspeed-2 Configurations <ul><li>Jetspeed-2 is built entirely of components. With these components, the entire portal is assembled together at runtime. Jetspeed is built upon a set of portal components, allowing the application assembler to use the standard Jetspeed components, or plug-in their own components. Of course Jetspeed-2 comes with a default assembly out of the box. As Jetspeed-2 progresses, several implementations of components will be available. </li></ul><ul><li>For version 2.1, we are working two configurations : </li></ul><ul><li>Jetspeed Light – a light weight implementation of Jetspeed with no container managed security. One self-contained web application running in Jetty. </li></ul><ul><li>Jetspeed Enterprise – the full portal </li></ul>
  9. 9. Component Programming <ul><li>As of this writing, there is a revolution, or perhaps a reaction, to the heavy-weight complexities of the J2EE world. This revolution is going on right here in open source communities. The common trend is lightweight component frameworks for wiring together and managing components. Two marginally successful lightweight component frameworks are Pico Container and GBeans. The real success story is the Spring Framework. Interestingly, these component frameworks impose little or no requirements upon the components, meaning that POJO (Plain Old Java Objects) can be components. This lack of imposing framework requirements, is simple, yet leads to powerful portability possibilities. For example, the Pico and Spring frameworks are now available for Microsoft's .Net. </li></ul>
  10. 10. Spring <ul><li>Spring is also an open source project; however it is not housed at Apache. Spring is a unique Java application framework meant to simplify develop applications. Where as Enterprise Java Beans are very complex to use, the Spring Framework is an easy to use and understand framework for business applications. Spring focuses on: </li></ul><ul><li>1. Providing a simple way to manage Business objects lifetime and relationships </li></ul><ul><li>2. A layered architecture. Spring is comprehensive yet modular. You only use what you need. For example, you may only make use of the JDBC support without linking in an entire framework. </li></ul><ul><li>3. Promoting best software development practices. For example, Spring is designed to always promote test-driven development and eliminate the need for factories and singletons. </li></ul><ul><li>4. Inversion of Control. Spring is an application container supporting interceptions and declarative aspect oriented programming. </li></ul>
  11. 11. Inversion of Control: Spring containers <ul><li>The Inversion of Control pattern is based on the concept that a Component is always externally managed.. Every stage in the life of a component is controlled by the component container. This pattern provides a secure method for components to interact with the container. This design pattern addresses a component's dependency resolution, configuration and life cycle. The most significant aspect to IoC is dependency resolution and most of the discussion surrounding IoC dwells solely on that. </li></ul><ul><li>“ Simply put, a component designed according to IoC does not go off and get other components that it needs in order to do its job. It instead declares these dependencies, and the container supplies them: thus the name IoC/DIP/Hollywood Principle. The control of the dependencies for a given component is inverted. It is no longer the component itself that establishes its own dependencies, but something on the outside. That something could be a container like Spring, but could easily be normal code instantiating the component in an embedded sense.” Paul Hammatt, PICO </li></ul>
  12. 12. Jetspeed + Spring <ul><li>Jetspeed currently works with one lightweight component container framework: Spring. The Jetspeed-2 team is also looking into running Jetspeed components inside of the Geronimo GBeans component framework. The importance is that both Geronimo and Spring are COP container frameworks, supporting component assembly, configuration, and component container features such as: </li></ul><ul><li>Decorators – or interceptors, for AOP-like chained method interception </li></ul><ul><li>Hot swapping – allows implementation hiding and swapping </li></ul><ul><li>Failover – failover to next component when a component fails </li></ul><ul><li>Multicasting – multicasting of method invocation to multiple components </li></ul><ul><li>Lifecycle management – starting, pausing and resuming components </li></ul>
  13. 13. Components run in a Spring Container <ul><li>Jetspeed is a collection of components, all assembled together to create a complete working portal. If you look at from this point of view, you can see the major portal components being managed by the container, which is really just a Spring container: </li></ul>
  14. 14. Jetspeed API <ul><li>The Jetspeed API – Separation of Interface from Implementation </li></ul><ul><li>Jetspeed provides the interfaces to all portal components with the Jetspeed Portal API. The implementations are separated in the component modules. All components introduced to Jetspeed should become a part of the API, allowing for pluggable component implementations. </li></ul><ul><li>Components always have their dependencies constructor (or getter) injected via interfaces, not implementation references. </li></ul>
  15. 15. Programming to the Jetspeed API <ul><li>Jetspeed Components always program to the Jetspeed API. </li></ul><ul><li>First, their dependencies upon other Jetspeed components are always injected . Dependencies are declaratively managed in the Spring configuration. In Jetspeed, we support both constructor and setter dependency injection. Here is an example of a component having its dependencies constructor-injected : </li></ul>
  16. 16. Dependency Injection (Constructor) <ul><li>Constructor Dependency Injection is a type of dependency injection where a component receives all dependencies in the component's constructor. The benefits of Constructor Injection are: </li></ul><ul><li>1. It makes a strong dependency contract </li></ul><ul><li>2. It makes testing easy, since dependencies can be passed in as Mock Objects. </li></ul><ul><li>3. It's very succinct in terms of lines of code </li></ul><ul><li>4. Classes that rely on Constructor Injection are generally Good Citizens </li></ul><ul><li>A dependency may be made immutable by making the dependency reference final </li></ul>
  17. 17. Wiring in XML to the Jetspeed API <ul><li>The Spring configuration, wiring, or injecting, dependencies in XML constructor. Note that referenced beans are by Jetspeed API interface, not implementation. </li></ul>
  18. 18. Pluggable Components and Jetspeed API LDAP User Manager Jetspeed API User Manager Role Manager Component Implementations RDBMS User Manager Custom User Manager
  19. 19. Component API Bus Jetspeed API User Manager Statistics Portlet Registry Page Manager SSO Aggregator Component Implementations
  20. 20. Spring XML Component Construction <ul><li><bean id =&quot;TemplateLocator&quot; class =&quot;org.apache.jetspeed.locator.JetspeedTemplateLocator&quot; </li></ul><ul><li>init-method =&quot;start&quot; destroy-method =&quot;stop&quot; > </li></ul><ul><li>< constructor-arg > </li></ul><ul><li>< list > </li></ul><ul><li>< value >${applicationRoot}/WEB-INF/templates</value> </li></ul><ul><li></ list > </li></ul><ul><li>… </li></ul><ul><li>Id = the interface or component (bean) name </li></ul><ul><li>Class = the implementation class </li></ul><ul><li>Init-method = a method on the class called during container’s init phase </li></ul><ul><li>Destroy-method = a method on the class called during container’s destroy phase </li></ul><ul><li>list = Spring XML supports wiring standard Java collections and data types such as lists, maps, sets, properties </li></ul>
  21. 21. Example of Injecting Dependencies <ul><li>Example of Injecting Dependencies during Assembly of Component: </li></ul><ul><li><!-- Aggregation: Portlet --> </li></ul><ul><li><bean id= &quot;org.apache.jetspeed.aggregator.AsyncPageAggregator&quot; </li></ul><ul><li>class= &quot;org.apache.jetspeed.aggregator.impl.AsyncPageAggregatorImpl&quot; > </li></ul><ul><li><constructor-arg index= '0' > </li></ul><ul><li><ref bean=&quot;org.apache.jetspeed.aggregator.PortletRenderer&quot; /> </li></ul><ul><li></constructor-arg> </li></ul><ul><li><constructor-arg index= '1' > </li></ul><ul><li><ref bean=&quot;org.apache.jetspeed.aggregator.ContentServerAdapter&quot; /> </li></ul><ul><li></constructor-arg> </li></ul><ul><li></bean> </li></ul>
  22. 22. The Constructor <ul><li>public class AsyncPageAggregatorImpl implements PageAggregator </li></ul><ul><li>{ </li></ul><ul><li>private final static Log log = LogFactory.getLog(AsyncPageAggregatorImpl.class); </li></ul><ul><li>private PortletRenderer renderer; </li></ul><ul><li>private ContentServerAdapter contentServer; </li></ul><ul><li>private List fallBackContentPathes; </li></ul><ul><li>public AsyncPageAggregatorImpl( PortletRenderer renderer , </li></ul><ul><li>ContentServerAdapter contentServer ) </li></ul><ul><li>{ </li></ul><ul><li>this.renderer = renderer; </li></ul><ul><li>this.contentServer = contentServer; </li></ul><ul><li>} </li></ul>
  23. 23. Transactions and Interception <ul><li>Interception begins and commits transaction: </li></ul>grantPermission User Registration Portlet Permission Manager storeUser Spring TX Proxy BEGINTX JOINTX User Manager COMMIT TX
  24. 24. Declarative Transaction via Interception
  25. 25. Failover and Recovery
  26. 26. Jetspeed Components <ul><li>All Jetspeed components are configured and wired together in a collection of XML files found under the Jetspeed web application directory: WEB-INF/assemblies. There are quite a few XML files there, as we like to break down the assembly of components by category, making it easier to override component assemblies by simply replacing the component-specific XML file. </li></ul><ul><li>Jetspeed runs with 2 Spring containers: </li></ul><ul><li>The boot container </li></ul><ul><li>The default container </li></ul><ul><li>The boot container holds all components that are required to be loaded before any other components. The data source component is loaded here. </li></ul>
  27. 27. Spring Configurations Files
  28. 28. The Jetspeed Engine <ul><li>The Jetspeed Engine starts up the Jetspeed portal. We usually embed the engine inside of a servlet, giving us the standard MVC model. We have also embedded the Jetspeed Engine into several other open and closed source solutions including: </li></ul><ul><li>Jetspeed Fusion – running Jetspeed-2 engine inside of Jetspeed 1.6 giving 1.6 JSR-168 support via a Jetspeed-2 engine </li></ul><ul><li>Jahia Portal </li></ul><ul><li>The real job of the engine is to: </li></ul><ul><li>Create an integration point for embedding Jetspeed into other technologies </li></ul><ul><li>Provide entry point for pipeline-based processing </li></ul><ul><li>Abstract the concept of a Spring light weight container with the Component Manager </li></ul><ul><li>Provide basic lifecycle management of the Jetspeed portal </li></ul>
  29. 29. Jetspeed Engine bootstrap <ul><li>The Jetspeed Servlet is configured in the portal application web.xml to load at startup. The engine bootstraps the Spring configuration. </li></ul><ul><li>engine = new JetspeedEngine(properties, applicationRoot, config, initializeComponentManager(config, applicationRoot, properties)); </li></ul>
  30. 30. Pipelines <ul><li>Jetspeed-2 Pipelines are based on the inversion of control pattern. The request processing pipeline is assembled to run in the Spring container. A portal is largely driven by a request/response processing data flow, much like the servlet or HTTP request/response paradigm. Requests are made by client agents such as HTML or WAP browsers, and the portal processes the request on the thread provided by the application server for which Jetspeed is running. Request processing is achieved in a workflow like pipeline, where valves are plugged into the request pipeline. The workflow of the valves is configurable just like any other Spring component. Pipelines reference (via Spring constructor based dependency) one or more valves. Valves are also Spring components. </li></ul>
  31. 31. Pipeline Driven Processing <ul><li>Requests to the portal always come in via a Portal URL. Jetspeed has URI entry points. The servlet context (/jetspeed) is also easily configurable. Additionally, the request URL can be mapped to a portlet pipeline. The default pipeline aggregates portlet pages. Portlet pages are usually defined with the extension .PSML. If a page is not supplied, default pages can be configured. </li></ul>Jetspeed Portal Request to: /jetspeed/portal/home.psml Page Pipeline Portlet App #1 Portlet App #2 Portlet 1A Portlet 2A Portlet 2B Portlet1A Client (browser) Page Dispatcher Portlet2A Portlet2B Portlet 1B Portlet1B
  32. 32. Pipeline Architecture <ul><li>In Jetspeed-2 request are processed through a series of Valve assembled together as a pipeline. </li></ul>
  33. 33. Jetspeed Render (Page) Pipeline <ul><li>1. Render Pipeline - The default Jetspeed request pipeline. This pipeline processes the render phase as defined in the Portlet API specification. It does the typical aggregation of content rendered by each portlet. </li></ul>
  34. 34. Action Pipeline <ul><li>2. Action Pipeline – This pipeline processes the Action phase as defined in the Portlet API specification. Only one portlet may execute the action phase. All other portlet rendering threads are blocked during the action phase. </li></ul>
  35. 35. Desktop Pipeline <ul><li>2. Desktop Pipeline – This pipeline processes the Action or Render phase for the Jetspeed Desktop. The Jetspeed Desktop is a AJAX based, client-rendering (Java-script) implementation of a JSR-168 portal. Portlets are rendered individually, as opposed to a full page rendering engine such as the Page Pipeline. If you have n portlets on a page, during the initial rendering of a desktop page, n desktop pipeline requests will be made. However, if you go to render just one portlet, other portlets will not be rendered unless their cache has expired. For actions, all one action request is made, and then n render requests are made for each portlet on the desktop. </li></ul><ul><li>This leads to a more distributed rendering engine. However, it may put higher load on your network. </li></ul>
  36. 36. Portlet Pipeline <ul><li>3. Portlet Pipeline – This pipeline is used to render the contents of a single portlet. This pipeline is used by several portal vendors to embed JSR-168 support in their portal via Jetspeed-2 technology. It is the foundation for the Desktop pipeline. The portlet pipeline is also embedded in Jetspeed 1.6 (Fusion) to give JSR168 support to Jetspeed 1.6 portals. </li></ul>
  37. 37. AJAX Pipeline <ul><li>The AJAX Pipeline processes AJAX requests. We are developing an AJAX XML API for Jetspeed-2, to process requests for AJAX customizers such as portlet layouts and portlet placement. (Note that security should be enabled) The AJAX pipeline hooks into an AJAX service, which can then delegate to AJAX actions. These action build XML response packets (with Velocity and Java Beans) which are sent back to the AJAX client. </li></ul>
  38. 38. File Server Pipeline <ul><li>Retrieves requests for a particular file, using portal security. Requests can be mapped here for non-PSML file types automatically such as /jetspeed/portal/content/story.html </li></ul>
  39. 39. Pipeline Mappings <ul><li>Pipelines mappings allow for prefixed mappings of /context path + servlet path to be mapped to a pipeline. For example: </li></ul><ul><li>/jetspeed/portal --> Jetspeed Pipeline </li></ul><ul><li>/jetspeed/ajax --> Ajax Pipeline </li></ul><ul><li>/jetspeed/portlet --> Portlet Pipeline </li></ul><ul><li>/jetspeed/fileserver/file.pdf --> File Servlet Pipeline </li></ul><ul><li>/jetspeed/fileserver.file.html --> File Servlet Pipeline </li></ul><ul><li>/jetspeed/desktop -  Desktop Pipeline </li></ul>
  40. 40. Pipeline Mapping Configuration
  41. 41. Pipeline Examples <ul><li>/jetspeed/portal /jetspeed/desktop </li></ul>
  42. 42. Pipeline Examples (continued) <ul><li>/jetspeed/portlet </li></ul>
  43. 43. Valves and the Request Context <ul><li>Valves are units of work along the pipeline workflow. Typically valves represent access to a Jetspeed feature or component, such as aggregation, security, action processing, or device capabilities. </li></ul><ul><li>The Jetspeed Pipeline has a request context associated with the entire request pipeline. Using the Request Context API, valves can add or retrieve bits of information to the pipeline request process. </li></ul>Pipeline Profiler Valve Request Context Set Page Aggregator Valve Get Page
  44. 44. Pipeline Valves <ul><li>Identifies the Capability Map, character encoding, media and Mime types for the browser to the Request Context, sets the content type in the response. </li></ul>Capabilities Valve Creates the internal Portal URL from the request URL and parameters using the Navigational State component Portal URL Valve Builds the Java Security subject for the request, and runs all remaining valves for this request under a privileged action, enabling Java Security checks against the default Jetspeed (JAAS) security policy, or, if configured, another standard JAAS policy. Security Valve Sets the Locale (java.util.Locale) into the request context for Java standard internationalization support Localization Valve
  45. 45. Pipeline Valves (continued) Uses the Profiler, Site Manager, and Page Manager components to locate the requested page and menu ‘site’ navigations Profiler Valve Determines the targeted action window in the request, if found, executes the action via the portlet container. This is the standard “ action phase ”, blocking all rendering. At completion of the action phase, the action valve redirects back to the portal to process the render phase. Action Valve Builds the actions available on the page and all portlet windows Decorator Valve Executes the standard “ render phase ”, where the actual rendering of all portlets and page decorations occurs. Aggregator Valve
  46. 46. Pipeline Valves (Desktop) Renders the skeleton of the Jetspeed Desktop. All desktop portlet rendering is controlled on the client side, with javascript and the portlet pipeline Desktop Valve Executes Jetspeed Desktop actions over the span of one request. The client-side desktop controls the execution of the action phase, and then the subsequent render phases, achieving parallel processing from the client-side. Desktop Action Valve
  47. 47. Jetspeed Components: Core Engine Wrapper around Pluto Container to enable Spring configuration of Pluto DesktopPortletContainer Wrapper around Pluto Container to enable Spring configuration of Pluto PortletContainer The Pluto portlet container for the desktop (requires different action handling) DesktopPluto The Pluto portlet container Pluto Handles all access to portlet windows. Portlet windows are temporary objects representing a portlet and its preferences for a particular window or fragment PortletWindowAccessor The Jetspeed Engine (not configured in Spring. The Jetspeed bootstrap servlet adds the engine to the Spring container) Engine
  48. 48. Jetspeed Components: Core Engine Handles caching of PSML files Page File Cache Generates Unique Ids for pages and fragment IdGenerator The Jetspeed Power Tool factory Powertools Handles algorithms for locating language, country, media-type specific decorations DecorationLocator Handles algorithms for locating language, country, media-type specific Jetspeed web application templates (JSP, Velocity) TemplateLocator Wire in the Servlet configuration from the Jetspeed servlet webapp javax.servlet.ServletConfig Wire in global properties configuration from a file portal_configuration
  49. 49. Jetspeed Components: Core Engine Alternative property configuration for production systems ProductionConfiguration Allows components to participate in the creation of the <HEAD> markup, supplying scripts and CSS into the header area. (NOTE: a header phase will be added to the Portlet API 2.0 spec) HeaderResourceFactory Request Context Factory RequestContextComponent
  50. 50. Administration Velocity engine for merging emails adminVelocityEngine Spring email component mailSender <ul><li>Provides general purpose portal administration functions: </li></ul><ul><li>Send emails </li></ul><ul><li>Find a user given an email </li></ul><ul><li>Register New Users </li></ul>PortalAdministration
  51. 51. Aggregation Handles the “ render phase ” of the Portlet API, aggregating content of all portlets and decorations on a page PageAggregator Renders single portlets from all pipelines PortletRenderer Handles aggregation processing of single portlet requests from the portlet pipeline PortletAggregator
  52. 52. Ajax Actions AjaxChangeWindow AjaxGetPages AjaxGetPage List is growing, under development AjaxGetPortlets AjaxRequestService AjaxRemovePortlet AjaxGetMenu AjaxAddPortlet AjaxGetMenus AjaxMove*
  53. 53. Jetspeed AJAX XML API <ul><li>The Jetspeed XML AJAX API – an XML-based API for AJAX clients to make asynchronous requests to Jetspeed-2 services. Typical usage: </li></ul><ul><li>Page Customization and Portlet Placement (move/add/remove Portlet) </li></ul><ul><li>Layout Selection (change layout for a page) </li></ul><ul><li>Decorations – select decorators for a portlet or page </li></ul><ul><li>Portlet Selectors </li></ul><ul><li>Security Configuration for a Portlet or Page </li></ul><ul><li>Menu Configuration </li></ul><ul><li>Page Ordering in a Folder </li></ul>
  54. 54. AJAX APIs and Security <ul><li>AJAX APIs are secured just like any other portal request. The security is the same Jetspeed security as used to protect your portal. For example, requests for page content use the same page security constraints as would be applied to rendering a page. Likewise for portlet security permissions. </li></ul>
  55. 55. Capabilities <ul><li>Jetspeed-2 capabilities provides a mechanism for mapping the client used to access Jetspeed-2 to media types for page rendering. </li></ul><ul><li>The Jetspeed-2 capability engine maps clients to media types to mime types. Here are some more detailed definitions: </li></ul><ul><li>Clients : The application that initiates a request to the Jetspeed-2 portal engine. Jetspeed-2 uses the User-Agent to determine the client that initiates a request. </li></ul><ul><li>Media Type : The type of media requesting the content (HTML, WML, etc.). Content in Jetspeed-2 can be requested by different type of devices through different media. </li></ul><ul><li>Mime Type : The type of content being requested. </li></ul><ul><li>Supported Media Types: HTML, XHTML-BASIC, XML, WML, VXML </li></ul>
  56. 56. Deployment <ul><li>Deploying custom portlets in Jetspeed-2 is simple. Portlets are very similar to servlets. They require a deployment descriptor, portlet.xml which goes in WEB-INF and need to be packaged in a war-like format. In order to deploy a portlet, Jetspeed-2 requires the user to follow those steps: </li></ul><ul><li>1. Build your portlets as a portlet application just as you would a web application. </li></ul><ul><li>2. Package your portlet application into a .war file. </li></ul><ul><li>3. Copy the .war file to Jetspeed's deployment directory, by default this is WEB-INF/deploy. Jetspeed will take care of automatically deploying the portlet application into the application server, and then registering the portlets into the portlet registry. </li></ul><ul><li>You can also copy over a portlet-application’s web.xml or portlet.xml to cause re-registration of the portlet application. </li></ul>
  57. 57. Deployment (continued) <ul><li>The Deployment Manager is configured with the properties specified </li></ul><ul><li> in WEB-INF/conf/ (this should probably change) </li></ul><ul><li>autodeployment.staging.dir: The directory scanned for autodeployment. </li></ul><ul><li>autodeployment.delay: The frequency of the deploy directory scanning. </li></ul>
  58. 58. Deployment (continued) <ul><li>The DeploymentManager is also configured with 2 types of listeners: </li></ul><ul><ul><li>The DeployPortletAppEventListener handles the hot deployment of portlet applications . </li></ul></ul><ul><ul><li>The DeployDecoratorEventListener: handles the hot deployment of decorators . </li></ul></ul>
  59. 59. Portlet Application Management <ul><li>Handles lifecycle of portlet application, including registration: </li></ul><ul><li>startPortletApplication </li></ul><ul><li>stopPortletApplication </li></ul><ul><li>registerPortletApplication </li></ul><ul><li>unregisterPortletApplication </li></ul>PortletApplicationManager (PAM) Currently only Tomcat 5.5.x and 5.0.x supported. (Working on Jetty support.) Provides hooks into the application server to help us deploy portlet applications as web application into that server. ApplicationServerManager
  60. 60. Other Application Servers and the Deploy Tool <ul><li>Websphere, JBoss, Weblogic requires App-server specific deployment. With Websphere for example, we have to package up the portlet applications into an EAR file, which takes specific deployment tools for Websphere (or using the Websphere administrative UI). </li></ul><ul><li>Since the portlet applications are not deployed into the Jetspeed Deployment Manager, instead we must infuse registration code into the portlet application before it is packaged and deployed to Websphere. Jetspeed provides a Deploy Tool to run during the build process of your portlet application: </li></ul><ul><li>java -jar jetspeed-deploy-tools-<version>.jar -s inputWarPath outputWarPath </li></ul><ul><li>where: </li></ul><ul><li>-s: flag indicating whether or not to strip to loggers from the application. When the flag is present, the loggers available in the application will be removed. </li></ul><ul><li>inputWarPath: the path of the war to process. </li></ul><ul><li>outputWarPath: the path of the processed war. </li></ul>
  61. 61. Deploy Tool changes to web.xml <ul><li>The deploy tool adds the following servlet to your portlet application. This servlet allows Jetspeed to communicate with your portlet application to invoke cross-context portlet phases (action, render). </li></ul><ul><li>Additionally, the deploy tool instructs the servlet to attempt to register this portlet application during the servlet initialization phase. A check-sum value on the portlet.xml, web.xml, and jetspeed-portlet.xml for changes, determining if re-registration is necessary. </li></ul>
  62. 62. Deployable Applications <ul><li>The Portal and Portlet Applications are implemented as separate web applications. Jetspeed runs as a MVC-Controller-type servlet, running in a standalone web(portlet) application. Each portlet application runs in its own web application. The Portal then dispatches to portlets using cross-context invocation </li></ul>Application Server Jetspeed Portal Portlet App #1 PA WAR #1 PA WAR #2 Portlet App #2 Portlet Registry Deploy Deploy Register-> Register-> Jetspeed Cluster Clustered App Servers [JSR-88 J2EE Deployment]
  63. 63. Jetspeed and Cross Context Concerns <ul><li>The Portlet API strongly suggests that all portlet applications are each stored in different web applications. This means that parts of Jetspeed must exist in common class loaders shared amongst all web applications in the application server. </li></ul>Tomcat Application Server <ul><li>Shared Lib: </li></ul><ul><li>Jetspeed-API jar </li></ul><ul><li>Pluto JAR </li></ul><ul><li>Jetspeed Commons </li></ul><ul><li>Bridges Commons </li></ul>Jetspeed Webapp * Jetspeed Implementation Portlet Application #1 Portlet Application #1 PA #1 Class Loader PA #2 Class Loader
  64. 64. Local Portlet Applications <ul><li>Local Portlet Applications are deployed directly into the Jetspeed web application and class and jar files are stored under the WEB-INF/apps directory. Resource files, such as HTML, CSS, images and JSP, must be stored in Jetspeed’s web application directory structure. The downside is that collisions of resource files from different web applications is possible. Class loader concerns are handled by Jetspeed correctly. </li></ul><ul><li>Advantages of this approach: </li></ul><ul><li>‘ Jetspeed Lite’ solutions: deploy Jetspeed in one simple WAR file. </li></ul><ul><li>As of 2.0 and 2.1-dev, only Jetspeed layouts are deployed locally. </li></ul>
  65. 65. Pluto <ul><li>Pluto is the Reference Implementation of the Java Portlet Specification. The current version of this Portlet specification is 1.0. Portlets are designed to run in the context of a portal. They are written to the Portlet API. Pluto implements the contract, the Portlet API, between portlets and portals. Pluto is a portlet container. Jetspeed embeds Pluto into the Jetspeed portal. Pluto is the default Container component in the Spring assembly, it is just another component. </li></ul>
  66. 66. Pluto API: Portal to Portlet-Container Interface <ul><li>The Pluto API is currently a set of not-so-well documented interfaces in Pluto. These interfaces can be categorized into the following groups: </li></ul><ul><li>1. Container Invoker APIs - provides ability to render portlets and perform actions on portlets. </li></ul><ul><li>2. Container Services APIs - provides a way to enhance the portlet container with services implemented in the portal. </li></ul><ul><li>3. Common Object Model APIs - provides a common object model to the Portlet API model defined by the portlet specification's deployment descriptor, and used by Pluto and Jetspeed as a common object model to share portlet applications, portlet descriptions, and portlet entity information between the portal, container, and the portal's persistent registry. </li></ul><ul><li>4. Factory APIs - Allows the entire container implementation to be plugged in and implemented by the portal, or default to the Pluto implementations </li></ul><ul><li>The goal is for Jetspeed and Pluto, through the open source community, to pave the way for a standardized portal to portlet container API. </li></ul>
  67. 67. Pluto Spring-ized org.apache.pluto.util.NamespaceMapper org.apache.pluto.invoker.PortletInvoker InformationProviderService StaticInformationProvider DynamicTitle Service LogService ServletResponseFactory ServletRequestFactor javax.portlet.PortletPreferences javax.portlet.PortletURL javax.portlet.ActionResponse javax.portlet.PortalContext javax.portlet.PortletContext javax.portlet.PortletConfig javax.portlet.PortletSession javax.portlet.RenderResponse javax.portlet.RenderRequest javax.portlet.ActionRequest ServletPortletInvokerFactory LocalPortletInvokerFactory
  68. 68. Navigational State <ul><li>Navigational state holds: </li></ul><ul><li>All portlet Request Parameters for all portlets </li></ul><ul><li>Windows states for all portlets on the current page </li></ul><ul><li>Portlet Modes for all portlets on the current page </li></ul><ul><li>Jetspeed supports several algorithms for encoding Nav state: </li></ul><ul><li>PathNavigationalState : All fully encoded on URL: </li></ul><ul><li>SessionNavigationalState : Only portlet window state (window state and portlet mode) are saved in the session, parameters are encoded on the url </li></ul><ul><li>SessionFullNavigationalState : State and parameters are saved in the session ( the default ) </li></ul><ul><li>See portal-url-generation.xml for full Spring configuration </li></ul>
  69. 69. Transitional Navigational State <ul><li>Transitional navigational state can be seen encoded on the URL. Here is an example: </li></ul><ul><li>http://localhost:8080/jetspeed/portal/_ns:YWRwLTd8YzB8ZDB8Zg__/ </li></ul>
  70. 70. Portlet Preferences Component <ul><li>Portlet Preferences are a feature of the Portlet API for providing a custom view or behavior of portlets for different users. The configuration is represented as a persistent set of name-value pairs. Jetspeed handles are persistence and retrieval of portlet preferences. The Jetspeed Preferences component stores its preferences in a relational database. All Jetspeed database access is done through Spring + OJB. </li></ul><ul><li>Programming with portlet preferences will be covered in the section on the Portlet API (JSR-168). </li></ul>
  71. 71. Java Preferences API <ul><li>The Java Preferences API (java.util.prefs) provides a generic mechanism for storing user and system preferences, as well as configuration data. Jetspeed 2 relies on this API to provide a wide ranging of functionality to higher level services. Some of the Jetspeed components leveraging the Preferences API are: </li></ul><ul><li>1. Portlet Preferences : Portlet preferences are stored in the system preferences tree. The following path structure is used to establish the location of a given portlet preference in the preferences tree: </li></ul><ul><li>/portlet_application/${PortletAppName}/portlets/${PortletName}/preferences/${Pref Name}/values </li></ul><ul><li>The preferences values are stored under the values node as a map of key/values. </li></ul><ul><li>2. User Attributes : User attributes are stored in the user preferences tree as follows. The following path structure is used to stored a user's attributes: </li></ul><ul><li>/user/${User Name}/userinfo </li></ul><ul><li>The user attributes are stored as a preferences key/values map under the userinfo node. </li></ul><ul><li>3. Roles and groups hierarchy </li></ul>
  72. 72. Preferences Database <ul><li>All Preferences are stored in the following two database tables: </li></ul>
  73. 73. Preferences in Edit Mode
  74. 74. Portlet Registry <ul><li>The Portlet Registry persists the entire contents of the portlet deployment descriptors in the Jetspeed database: </li></ul><ul><li>portlet.xml </li></ul><ul><li>jetspeed-portlet.xml (Jetspeed-specific extensions) </li></ul><ul><li>When a portlet application is deployed, Jetspeed updates the registry with the definitions defined in these portlet descriptors including: </li></ul><ul><li>One Portlet Application definition </li></ul><ul><li>One or more portlet definitions </li></ul><ul><li>Supported User Attributes </li></ul><ul><li>Supported custom portlet modes and window states </li></ul><ul><li>Details of the portlet.xml will be covered in more detail in the section on JSR-168 (Portlet API). </li></ul>
  75. 75. Portlet.xml <ul><li>Portlet Name, description, display name </li></ul><ul><li>Implementing class </li></ul><ul><li>Init Parameters </li></ul><ul><li>Supported Mime Types / Modes </li></ul><ul><li>Supported Locales </li></ul><ul><li>Resource Bundle Information / Localization (titles, keywords) </li></ul><ul><li>Default Portlet Preferences </li></ul>
  76. 76. Jetspeed-Portlet.xml <ul><li>We allow for extended metadata to attribute portlets and portlet applications. This  metadata conforms to the &quot;Dublin Core&quot; DCMI format: </li></ul><ul><li>DCMI allows for extended metadata such as subject, contributor, language, publisher, relation, …) </li></ul><ul><li>Map user attribute names to other attribute names </li></ul><ul><li>Define Jetspeed Services used by this portlet. </li></ul>
  77. 77. Jetspeed Services <ul><li>Jetspeed provides a way for portlets to access Jetspeed components, or services, from a portlet. Although this is a Jetspeed-specific feature, it is how Jetspeed Administrative portlets can work with customizing Jetspeed. For example, the Group Administration portlet below uses a Jetspeed service to manipulate Jetspeed groups. </li></ul><ul><li>All services must be exported by Jetspeed in the jetspeed-services.xml file. All services required by a portlet must be specified in the jetspeed-portlet.xml </li></ul>
  78. 78. Jetspeed Services defined in Spring
  79. 79. Jetspeed Services (cont.) <ul><li>Portlet applications requiring a jetspeed service must define it in their jetspeed-portlet.xml deployment descriptor: </li></ul><ul><li><js:services> </li></ul><ul><li><js:service name= 'ApplicationServerManager' /> </li></ul><ul><li><js:service name= 'PageManager' /> </li></ul><ul><li><js:service name= 'PermissionManager' /> </li></ul><ul><li><js:service name= 'PortalAdministration' /> </li></ul><ul><li><js:service name= 'UserManager' /> </li></ul><ul><li></js:services> </li></ul>
  80. 80. Jetspeed Services <ul><li>And then get the service in the portlet init phase: </li></ul><ul><li>groupManager = (GroupManager) </li></ul><ul><li>getPortletContext().getAttribute( </li></ul><ul><li>CommonPortletServices. </li></ul><ul><li>CPS_GROUP_MANAGER_COMPONENT); </li></ul>
  81. 81. Managing the Registry <ul><li>Jetspeed provides two portlets for managing the Portlet Registry: </li></ul><ul><li>1. Portlet Application Browser </li></ul><ul><li>2. Portlet Application Details </li></ul>
  82. 82. Managing the Registry, Details
  83. 83. Search Component <ul><li>Jetspeed-2 provides an integration with the popular Apache Lucene search engine, a high-performance, full-featured text search engine library written entirely in Java; a technology suitable for nearly any application that requires full-text search, especially cross-platform.. </li></ul><ul><li>By default, Jetspeed-2 indexes all registry information: portlet instances and portlet definitions as searchable entities. </li></ul>
  84. 84. User Information (Attributes) <ul><li>The Portlet API defines an interface for providing user information to portlets. Portlets can access this user information via the portlet API: </li></ul><ul><li>User information can be edited with the User Manager portlet </li></ul><ul><li>Map userInfo(Map) </li></ul><ul><li>request.getAttribute(PortletRequest.USER_INFO); </li></ul><ul><li>String givenName = (String)userInfo.get(&quot;;); </li></ul><ul><li>String email = </li></ul><ul><li>(String)userInfo.get(&quot;;) ; </li></ul>
  85. 85. Profiler <ul><li>The Jetspeed Profiler is a portal resource location rule-based engine. The profiler locates the following kinds of portal resources: </li></ul><ul><li>PSML pages </li></ul><ul><li>Folders </li></ul><ul><li>Menus </li></ul><ul><li>When a request is received by the portal, the profiler will map the request to a resource based on a normalized set of runtime parameters and state such as request parameters, HTTP headers, and session attributes. The Profiler is invoked during the Jetspeed request processing pipeline in the profiler valve. This valve requires that the request context is already populated with the portal request and response, capabilities, language and user information. The runtime parameters make up the profile criterion which the profiler uses to locate portal resources. The profiler works hand in hand with the Site and Page Manager components. </li></ul>
  86. 86. Profiler Rules and Rule Criteria <ul><li>A Profiling Rule defines a list of criteria used when evaluating a request to determine the location of a specific resource. Profiling rules are used by the profiler to generically locate portal resources based on the decoupled criteria for known portlet request data. A rule consists of an ordered list of criteria which should be applied in a given order. Following this rule's order, the profiling engine applies each criteria of the rules using a less-specific algorithm until the least specific resource criterion is considered. When all criteria are exhausted, the rule will fail and a fallback resource will be required. </li></ul><ul><li>Rule Criteria are templates for locating profile properties. Jetspeed has a profiling policy based on resource-specific URLs, Mime-Types and language preferences. More complex implementations will need to use other inputs in mapping to resources such as Cookies, IP Address Ranges, Statistical Resource Usage Analysis, Business Rules inside of servlets or EJBs,... </li></ul>
  87. 87. Rule Criterion Resolvers <ul><li>Resolvers are Java classes that try to match criteria to find resources </li></ul>
  88. 88. Directories of PSML Pages <ul><li>The Profiler searches over a directory tree of PSML pages trying to locate a PSML page to be displayed. By default, this directory structure is found under WEB-INF/pages . The ‘directory’ can also be stored in the database. There are several system directories known by the profiler: </li></ul><ul><li>_user – holds all user-specific pages </li></ul><ul><li>2. _role – holds all role-specific pages </li></ul><ul><li>3. _group –holds all group-specific pages </li></ul><ul><li>4. __subsite-root – contains complete subsite trees, exactly like root tree </li></ul>
  89. 89. Common Profiler Rules Provided <ul><li>J1 – uses a most-specific to least-specific algorithm from Jetspeed-1 </li></ul><ul><ul><li>Page-Path + User + Media Type + Language + Country </li></ul></ul><ul><li>J2 – Default. Looks at the URL path combined with User + Media </li></ul><ul><ul><li>Page-Path + User + Media Type </li></ul></ul><ul><li>Role Fallback - Look for page in each role dir for the given user </li></ul><ul><li>User-Role Fallback – Look for page in user’s home dir, if not found, look in each role dir for the given user </li></ul><ul><li>Variants: Path, Group Fallback, User-Role-Combo Fallback, Subsite-Roll Fallback </li></ul>
  90. 90. A Path-MediaType Role Fallback Example Path Profiler Media Type Page Role Fallback Repeat over each role for user
  91. 91. Profiler Rule Example Path : /my-page.psml Profiler Roles : Admin, Tester /roles/admin/html/my-page.psml Media : HTML, XHTML Page Manager Profile Locator
  92. 92. Page Manager <ul><li>The Page Manager persists and secures access to pages. Pages are the basic resource for storing one or more portlets for viewing. </li></ul><ul><li>By default, pages are stored on the file system in the web application under WEB-INF/pages. This location should be moved in production systems. See page-manager.xml for changing this configuration. The File System Page Manager will scan for new PSML every 10 seconds (configurable) </li></ul><ul><li>There is a second Page Manager implementation, the Database Page Manager. This alternate Page Manager stores all data in a relational database. To use the Database Page Manager: </li></ul><ul><li>1. Run the database importer to import PSML into the database </li></ul><ul><li>2. Swap the assembly/alternate/db-page-manager.xml with the file system version </li></ul><ul><li>NOTE: you can also export out from the database to the file system. </li></ul>
  93. 93. Security and the Page Managers <ul><li>The Page Managers support two kinds of security: </li></ul><ul><li>Permission Security (Java Security Policy) </li></ul><ul><li>Constraints Security (PSML Constraints) </li></ul><ul><li>In the page manager’s Spring configuration, you can enable either one of these, or turn them both off (not recommended) </li></ul><ul><li>Example Security Constraint: </li></ul><ul><li><security-constraints-def name=&quot;manager&quot;> </li></ul><ul><li><security-constraint> </li></ul><ul><li><roles>manager</roles> </li></ul><ul><li><permissions>view</permissions> </li></ul><ul><li></security-constraint> </li></ul><ul><li></security-constraints-def> </li></ul>
  94. 94. Jetspeed Database <ul><li>The Jetspeed Database is configured in Spring under : </li></ul><ul><li>WEB-INF/assembly/boot/datasource.xml </li></ul><ul><li>By default, we use Spring to configure a JNDI data source. This data source needs to be configured on your application server. </li></ul><ul><li><bean id=&quot; JetspeedDS &quot; class=&quot;org.springframework.jndi.JndiObjectFactoryBean&quot;> </li></ul><ul><li><property name=&quot;resourceRef&quot;><value>false</value></property> </li></ul><ul><li><property name=&quot; jndiName &quot;> </li></ul><ul><li><value> java:comp/env/jdbc/jetspeed </value> </li></ul><ul><li></property> </li></ul><ul><li></bean> </li></ul>
  95. 95. Tomcat’s JNDI JDBC Configuration <ul><li>Jetspeed creates a Tomcat context file for the Jetspeed web application and deploys it to Tomcat automatically. This context file holds the JDBC configuration for the database used by Jetspeed internally. Note in our example below, we have renamed the default Jetspeed context to “/fep”. The Jetspeed custom build automatically handles context renaming. </li></ul>
  96. 96. OJB <ul><li>OJB, the Object Relational Bridge, is an object-relational mapping tool from the Apache Software Foundation. All database access in Jetspeed runs thru OJB. Mapping is controlled with a simple XML mapping file, which tells OJB how to map from database tables to Java classes. Each component in the system has its own OJB mapping file. It can be found in the component’s jar under the JETSPEED-INF directory. Here is an example mapping : </li></ul>
  97. 97. OJB Support <ul><li>OJB supports the most popular open source and proprietary databases. OJB will automatically figure out which database is in use by looking at the JDBC data sources metadata. </li></ul><ul><li>OJB is a powerful object-relational tool supporting associations such as one to many, and mapping those associations to Java Collections. You can also set associations to be auto-retrieved or lazy-loaded. </li></ul>
  98. 98. Supported Database and Torque <ul><li>The Torque project is another database project from Apache. It is used to generate database specific schema for your portal. This is done by simply setting a property, and then using the Jetspeed custom build to build your custom portal with proper database support. By default, Jetspeed now uses the Derby database. Although OJB and Torque support more database, the list of supported and tested databases with Jetspeed are: </li></ul><ul><li>Oracle </li></ul><ul><li>MySQL </li></ul><ul><li>Microsoft SQL </li></ul><ul><li>PostgreSQL </li></ul><ul><li>DB2 </li></ul><ul><li>Hypersonic </li></ul><ul><li>Derby </li></ul>
  99. 99. XML Torque files <ul><li>Torque uses XML files to generically define the database definitions (DDL), table and indexes: </li></ul><ul><li><table name='PORTLET_STATISTICS'> </li></ul><ul><li><column name='IPADDRESS' type='VARCHAR' size=&quot;80&quot;/> </li></ul><ul><li><column name='USER_NAME' type='VARCHAR' size=&quot;80&quot;/> </li></ul><ul><li><column name='TIME_STAMP' type='TIMESTAMP'/> </li></ul><ul><li><column name='PAGE' type='VARCHAR' size=&quot;80&quot;/> </li></ul><ul><li><column name='PORTLET' type='VARCHAR' size=&quot;255&quot;/> </li></ul><ul><li><column name='STATUS' type='INTEGER'/> </li></ul><ul><li><column name='ELAPSED_TIME' type='INTEGER'/> </li></ul><ul><li></table> </li></ul>
  100. 100. Database Population Scripts <ul><li>The database population scripts are still specific for each supported database. Because of the non-standard-ness of the SQL standard, we need to have different seed population scripts for each database flavor. A lot of the population scripts that come with Jetspeed out of the box may not be applicable in your portal, such as the default roles and groups and administrative users. </li></ul><ul><li>We hope to phase out SQL population scripts in version 2.1 </li></ul>
  101. 101. Jetspeed XML <ul><li>Jetspeed XML and the Jetspeed Serializer component will phase out database population scripts. Jetspeed XML is an XML format for importing and exporting Jetspeed data such as: </li></ul><ul><li>Users </li></ul><ul><li>User Information </li></ul><ul><li>Roles </li></ul><ul><li>Groups </li></ul><ul><li>Profiling Rules and Criterion </li></ul><ul><li>Permissions </li></ul><ul><li>Note: Jetspeed serialization is still under development at this time </li></ul>
  102. 102. Websphere configuration <ul><li>Websphere requires a special configuration: </li></ul><ul><li>WEB-INF/assembly/wps.xml </li></ul><ul><li><beans> </li></ul><ul><li><!-- required for websphere, uncomment if running under websphere </li></ul><ul><li><bean id=&quot;org.apache.jetspeed.request.PortalRequestFactory&quot; class=&quot;org.apache.jetspeed.request.PortalRequestFactoryImpl&quot;/> </li></ul><ul><li>--> </li></ul><ul><li></beans> </li></ul><ul><li>The Portal Request Factory is replaced with Websphere because of the way that Websphere 5.x derives the context path during cross-context requests to render portlets. </li></ul>
  103. 103. Jetspeed Security <ul><li>Jetspeed 2 security leverages J2EE authentication and authorization standards for both authentication and authorization through the implementation of a default Login Module and a default Authorization Policy . </li></ul><ul><li>Authentication establishes the identity of the user and populates the Subject with all the user principals. In a portal context, the populated Subject is added to the session in the Security Valve implementation. The Subject principals are then used to authorize the user's access to a given resource. Jetspeed Security leverages JAAS authorization by checking the user's permission with the Java Access Controller. </li></ul><ul><li>The Authorization policy is a standard Java Security Policy. The Jetspeed implementation of this policy a RDBMS policy, stored in the Jetspeed database. </li></ul>
  104. 104. Jetspeed Security Layers <ul><li>Jetspeed Security can be accessed at the Java API layer: the JAAS API </li></ul><ul><li>We implement both a Login Module and Security Policy </li></ul><ul><li>Jetspeed Security Managers are configured in security-managers.xml </li></ul><ul><li>Security managers are high-level APIs, used to manage users, roles, groups and permissions </li></ul><ul><li>Jetspeed provides a Security Service Provider Interface ( SPI ) for layered handlers of security services. See the security-providers.xml and security-spi-*.xml </li></ul>
  105. 105. JAAS Login Module Configuration <ul><li>Jetspeed security architecture is fully JAAS compliant. Integrators can replace Jetspeed security architecture with their own LoginModule and Policy implementation. </li></ul><ul><li>To configure the login module, edit security-atn.xml. The Login Module proxy bootstraps the Login Module into the Spring initialization life cycle. You can disable Jetspeed’s login module by removing this file in your deployment. </li></ul><ul><li><bean id=&quot;; </li></ul><ul><li>class=&quot;; > </li></ul><ul><li><constructor-arg index=&quot;0&quot;> </li></ul><ul><li><ref bean=&quot;;/></constructor-arg> </li></ul><ul><li><!-- Portal user role name used to identify authenticated users in web.xml security constraints --> </li></ul><ul><li><constructor-arg index=&quot;1&quot;><value>portal-user</value></constructor-arg> </li></ul><ul><li></bean> </li></ul>
  106. 106. JAAS Security Policy Configuration <ul><li>The JAAS Security policy is implemented as a RDBMS security policy. It bootstraps during the Spring initialization life cycle. You can disable Jetspeed’s security policy by removing this file in your deployment. </li></ul><ul><li><!-- Security: RDBMS Policy implementation for JAAS --> </li></ul><ul><li><bean id=&quot;; </li></ul><ul><li>class=&quot;; > </li></ul><ul><li><constructor-arg > </li></ul><ul><li><ref bean=&quot;;/></constructor-arg> </li></ul><ul><li></bean> </li></ul>
  107. 107. Permission Manager <ul><li>Security Permissions in Jetspeed are standard Java permissions. We support 3 kinds of permissions: </li></ul><ul><li>1. Portlet Permission </li></ul><ul><li>2. Folder Permission </li></ul><ul><li>3. Page Permission </li></ul><ul><li>Permissions are stored in the RDBMS Security Policy. They protect resources for given actions. Permissions are RBAC (Role-based Access Controls) applied to portlet actions (view, edit, help, configure) </li></ul><ul><li>AccessController.checkPermission(new PortletPermission(portlet.getUniqueName(), JetspeedActions.MASK_VIEW)); </li></ul>
  108. 108. Permission Manager impl
  109. 109. User, Role and Group Managers <ul><li>Jetspeed provides its own User management out of the box. Many deployed systems replace the user management with their own database, or LDAP implementations. Role and Group managers are also provided out of the box along with administrative tools. </li></ul>
  110. 110. Login Module <ul><li>For authentication, Jetspeed 2 provide a default login module implementation. Login modules provide a standard way to expose authentication services for java application. </li></ul><ul><li>Configuration is central to JAAS authentication. By default, Jetspeed 2 is configured to use its DefaultLoginModule implementation. The configuration file (l ogin.conf ) for the login module ship with the jetspeed2-security-{version}.jar component and provide the following configuration: </li></ul><ul><li>Jetspeed { required; }; </li></ul><ul><li>In order to override this configuration, you can place your own login.conf file in your web application class path under WEB-INF/classes. The location of the login.conf file is configured in the security-providers.xml file. </li></ul>
  111. 111. Login Module + User Manager <ul><li>The login module leverages the User Manager to authenticate users </li></ul>
  112. 112. Authentication SPI <ul><li>Authentication service providers are configured in security-spi-atn.xml file. Here the user management handler is configured as well credentials handlers </li></ul>
  113. 113. Credentials <ul><li>Jetspeed provides quite a few features for managing credentials: </li></ul><ul><li>A custom password credential implementation </li></ul><ul><li>Configurable Password Encoding with standard SHA-1 or Base-64 </li></ul><ul><li>Enforced Password Value Rules (not blank, minimum length, minimum numeric characters) </li></ul><ul><li>Interception framework for handling credential life cycle events: </li></ul><ul><ul><li>Validate Password on login load and force change if invalid </li></ul></ul><ul><ul><li>Encode Password on first load </li></ul></ul><ul><ul><li>Password Expiration enforces lifespan for passwords managing expiration date </li></ul></ul><ul><ul><li>Max Password Failures enforces maximum number of invalid password attempts in a row </li></ul></ul><ul><ul><li>Password History forces unique passwords in respect to previously used passwords </li></ul></ul>
  114. 114. Credentials Implementation
  115. 115. Login Validation <ul><li>The Login Validation Valve provides feedback to the user about the cause of an failed login attempt. </li></ul><ul><li>It retrieves the User Principal and its current Password Credential for the specified user name, and (if found) determines an specific error code based on its state. This error code is communicated back to through the session so an appropriate error message can be presented to the user. </li></ul><ul><li>The following possible error codes can be returned : </li></ul><ul><li>ERROR_UNKNOWN_USER </li></ul><ul><li>ERROR_INVALID_PASSWORD </li></ul><ul><li>ERROR_USER_DISABLED </li></ul><ul><li>ERROR_FINAL_LOGIN_ATTEMPT </li></ul><ul><li>ERROR_CREDENTIAL_DISABLED </li></ul><ul><li>ERROR_CREDENTIAL_EXPIRED </li></ul><ul><li>Of the above error codes, the ERROR_FINAL_LOGIN_ATTEMPT will only be reported if the valve is configured with the same maxNumberOfAuthenticationFailures value as used for the related MaxPasswordAuthenticationFailuresInterceptor described above: </li></ul>
  116. 116. Managing Password Expiration <ul><li>If the PasswordExpirationInterceptor is used, password expiration for a certain user can be directly managed through the UserDetailPortlet provided with the security portlet application. </li></ul><ul><li>If enabled, this portlet can display the current expiration date of a password and also allows to change its value: </li></ul>
  117. 117. Single Sign on <ul><li>Jetspeed-2 Single Sign-on (SSO) feature is a credential store implemented as a component. It uses J2 security implementation for storing credentials. A management portlet allows the editing of SSO sites and remote credentials. It supports Basic Authentication and Form Based authentication and supports cookies . </li></ul><ul><li>The SSO Management administrative feature enables you to configure &quot;single sign-on&quot; access interactively. </li></ul>
  118. 118. SSO Administration Portlet
  119. 119. Web Content Portlet + SSO <ul><li>Jetspeed comes with a sample Web Content Portlet that uses SSO. </li></ul><ul><li>Enter the following credentials on the setup screen: </li></ul><ul><li>username = jetspeed_test0    password = jetspeed </li></ul>
  120. 120. Web Content Portlet + SSO (continued) <ul><li>Once the credentials are entered, you will no longer need to enter them for this user. The user will be automatically logged on to the NY Times site </li></ul><ul><li>Credentials can be configured for a group of users as well as a single user in the SSO admin </li></ul>
  121. 121. Portlet Statistics <ul><li>Jetspeed gathers statistics about portlet activity and logs it to either a database or a CLF file. The portlet can gather statistics over time periods as well as the top hit portlets. Of course you can use your own tools or queries to gather this information from the database. Statistics for portlets display hit counts and render times in milliseconds </li></ul>
  122. 122. User Statistics <ul><li>Jetspeed gathers statistics about user activity and logs it to either a database or a CLF file. Statistics for users display session counts and time logged on in minutes </li></ul>
  123. 123. Page Statistics <ul><li>Jetspeed gathers statistics about page activity and logs it to either a database or a CLF file. Statistics for pages display hit counts and render times in milliseconds </li></ul>