JBoss World day 1

Yesterday was the first JBoss World day.

I had the chance to go on stage during the keynote, invited by our CTO Sacha Labourey to make a little (but working) demo of JBoss Portal 2.6.4. My goal was to show to the audience the current JBoss Portal product and to get the following message out:

• JBoss Portal 2.6.4 just released
• JBoss Portlet Container 2.0 Beta, an implementation of the Portlet 2.0 spec (will be released tomorrow, more to come, stay tuned)
• JBoss Portlet Bridge to make the integration of JSF/RF/Seam apps in JBoss Portal

Right now I am sitting at Thomas session about JBoss Portal. 

My talk is tomorrow morning at 9 AM and you don't want to miss it if you are present and want to hear about Portlet 2.0. I hope to see you there!

How to scope Portlet data per Window

I have been often asked how it is possible to scope data in a Portlet for a specific window. One obvious way would be to generate some unique ID and store it in the Portlet preferences, however this means that we start to use the preferences of the Portlet as a database which is not advised by the specification. So it would be neat to be able to retrieve the window ID provided by the portal to the portlet container.

Since Portlet 2.0 it is possible to retrieve the window ID using the PortletRequest.getWindowID(). Still there is a way to have this window id value using the Portlet 1.0 specification, it may sound like an hack but it respects the specification. The trick is to use the fact that the Portlet session attributes are scoped using the window id value, for instance if the Portlet put the value foo in the Portlet session, it will be stored as javax.portlet.p.XYZ?foo where the XYZ is the window id.

Here is how to do it in practice:

public class WindowIDPortlet extends GenericPortlet
{

protected void doView(RenderRequest request, RenderResponse response) throws PortletException, PortletSecurityException, IOException
{
PortletSession session = request.getPortletSession();
WindowIDRetriever retriever = (WindowIDRetriever)session.getAttribute("retriever");
if (retriever == null)
{
retriever = new WindowIDRetriever();
session.setAttribute("retriever", retriever);
}
String windowID = retriever.getWindowID();

//
response.setContentType("text/html");
PrintWriter writer = response.getWriter();
writer.print("Window ID is equals to " + windowID);
}

public static class WindowIDRetriever implements HttpSessionBindingListener
{

/** . */
private String windowID;

public void valueBound(HttpSessionBindingEvent event)
{
String name = event.getName();
windowID = name.substring("javax.portlet.p.".length(), name.indexOf('?'));
}

public void valueUnbound(HttpSessionBindingEvent event)
{
}

public String getWindowID()
{
return windowID;
}
}
}

What you need to pay attention to is the fact that if you use the window id value as a key in a cache then it will be fine, however if you start to persist data using the window id as a key then as you will not be aware of the associated window destruction and you will not be able to remove associated data in the database when the portal destroys the window. In that case the best advice is probably to implement a purge mechanism that would remove the out dated entries in the database (which suppose that you associate with the records, the date at which it was inserted).

LDAP support tutorial for JBoss Portal 2.6 (part 2)

LDAP support tutorial for JBoss Portal 2.6 (part 2)

In previous post I showed you how to enable LDAP support in JBoss Portal 2.6. Simple LDAP tree containing single 'ou=People' and 'ou=Roles' containers was used as an example.


In most cases portal deployment needs to cover more complex LDAP tree shapes. Lets consider LDAP tree with few separate containers for user entries:


We want to have an intranet portal that will be accessible for our employees (IT, HR and Sales) and not for our customers. We have few possibilities but the simplest one will be to specify a few separate LDAP search DNs to retrieve users. To do this we need to use the LDAPExtUserModuleImpl as UserModule in JBoss Portal.

In your 'ldap_identity-config.xml' file you will need to update User module configuration to enable LDAPExtUserModuleImpl implementation.

<module>
   <type>User</type>
<implementation>LDAP</implementation>
<class>org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl</class>
<config>
</config>
</module>

... and

<option-group>
<group-name>common</group-name>

<option>
<name>userCtxDN</name>
<value>ou=Sales,o=test,dc=portal,dc=example,dc=com</value>
<value>ou=HR,o=test,dc=portal,dc=example,dc=com</value>
<value>ou=IT,o=test,dc=portal,dc=example,dc=com</value>
</option>

<option>
<name>roleCtxDN</name>
<value>ou=Roles,o=test,dc=portal,dc=example,dc=com</value>
</option>

<option>
<name>userSearchFilter</name>
<value><![CDATA[(uid={0})]]></value>
</option>
</option-group>

With such a configuration JBoss Portal will retrieve its users from 'ou=Sales', 'ou=IT' and 'ou=HR' containers and not from 'ou=Customers'. In a very similar way you can configure many search DNs for roles. Just use 'LDAPExtRoleModuleImpl' and specify several values for 'roleCtxDN' option.

By using extended features you loose the possibility to manage user entries - with 'LDAPExtUserModuleImpl' you cannot create users from JBoss Portal administration panel, however you can still manage roles membership.

Notice that with 'LDAPExtUserModuleImpl' you need to specify an additional config option: userSearchFilter. This implementation gives you the possibility to specify powerful LDAP queries to obtain users from the directory. The syntax of the filter is compatible with RFC 2254 - you can find more in this document. Additionally '{0}' string is replaced with user name during the query.

In our example we used '(uid={0})' because in our case the 'uid' parameter is used to specify user name in LDAP entries. Using userSearchFilter you can also specify logical conditions like:

(&(uid={0})(objectClass=inetUser)(memberOf=cn=portalUser,ou=Roles,o=test,dc=portal,dc=example,dc=com))

With such a filter JBoss Portal will retrieve only users that have 'inetUser' objectClass and belong to 'portalUser' LDAP Role.

In conclusion we have seen the the very flexible and powerful support for custom LDAP trees that JBoss Portal offers since the 2.6 version.

LDAP support tutorial for JBoss Portal 2.6 (part 1)

LDAP support tutorial for JBoss Portal 2.6 (part 1)

In this tutorial we'll configure JBoss Portal LDAP support. You will learn the basic configuration that needs to be done to leverage a directory server in your portal deployment. Before we start you will need to get:

• JBoss Portal sources:
  
  The best way to obtain latest JBoss Portal 2.6 sources is to use Subversion:
  
  $ svn co http://anonsvn.jboss.org/repos/portal/tags/JBoss_Portal_2_6_0/ jboss-portal-2.6
  

• JBoss Application Server 4.0.5GA.
  
  It can be downloaded from here: http://labs.jboss.com/jbossas/downloads
  
  You need to download the .zip version and simply unpack it somewhere on your disk. Before you proceed, the 'JBOSS_HOME' environment variable should be set to point to directory containing unpacked archive. Under Linux you can use:
  
  $ export JBOSS_HOME=/opt/JBoss/jboss-4.0.5GA
  

Preparing the LDAP directory.

In this tutorial we'll use OpenDS directory server. JBoss Portal leverages it for unit tests so in the source distribution you can find an embedded directory server that can be deployed on JBoss Application Server.

1. Build JBoss Portal sources by doing:
   
   [jboss-portal-2.6] $ ./build/build.sh
   
   This may take a while as all nessesary libraries have to be downloaded from a library repository. During this tutorial we'll assume that you are using Linux. But you will also find proper '.bat' scripts for Windows operating system as well.
   
   
2. Deploy OpenDS directory server
   
   [jboss-portal-2.6] $ ./identity/build.sh deploy-ldap
   
   This will copy necessary files into the JBoss AS pointed by 'JBOSS_HOME' environment variable.
   
   
3. Run JBoss AS:
   
   $ cd
   $JBOSS_HOME/bin
   [bin] $ ./run.sh
   

At the moment you should have an instance of the OpenDS LDAP server listening on port 10389. To be able to use it with portal we need to provision it with sample data. To do this we'll use simple LDAP tool with GUI written in Java - LDAP Browser/Editor. It's a very lightweight tool that runs on many environment. Follow installation notes specified here: http://www-unix.mcs.anl.gov/~gawor/ldap/installation.html
You will simply need to download the archive, unpack it and run the lbe.sh or lbe.bat script (assuming that you have the java command in your operating system path). If you are using Fedora Linux you can also find 'lbe' rpm package in Dries repository.

Provision LDAP with sample data.

You will find ldif containing sample LDAP tree in portal sources (jboss-portal-2.6/identity/src/resources/example/portal-sample-local.ldif). To add it into OpenDS using LDAP Browser you need to:

1. Run LDAP Browser/Editor, and choose menu 'File' - 'Connect'
   
   
   
2. Change to 'Quick Connect' tab and enter following information:
   
• host: localhost
• port: 10389
• leave 'Base DN' empty
• uncheck 'Annonymous bind' checkbox
• user DN: cn=Directory Manager
• password: password
• click 'Connect'
3. mouse click on 'Root DSE'
4. choose menu 'LDIF' - 'Import'
   
   
   
5. point to the 'jboss-portal-2.6/identity/src/resources/example/portal-sample-local.ldif' file and click 'Import'

You should be able to see the imported LDAP tree.


Shutdown JBOSS AS:
$ cd $JBOSS_HOME/bin
[bin] $ ./shutdown.sh

Configure JBoss Portal LDAP support

JBoss is preconfigured to work with a locally deployed OpenDS. To enable LDAP support only tiny modification is needed:

1. Edit file jboss-portal-2.6/core/src/resources/portal-core-sar/META-INF/jboss-service.xml and change following line:
   
   'conf/identity/identity-config.xml'
   to
   'conf/identity/ldap_identity-config.xml'
   
   You will find configuration details in jboss-portal-2.6/core/src/resources/portal-core-sar/conf/identity/ldap_identity-config.xml
   
   
2. Install JBoss Portal:
   [jboss-portal-2.6] $ ./build/build.sh deploy-all
   [jboss-portal-2.6] $ ./core/build.sh datasource
   [jboss-portal-2.6] $ cp ./core/output/resources/setup/portal-hsqldb-ds.xml $JBOSS_HOME/server/default/deploy/
3. Run JBoss Portal
   $ cd
   $JBOSS_HOME/bin
   [bin] $ ./run.sh

It works.

At the moment JBoss Portal should store identity related data in LDAP store. Let's check it out.

1. Open your browser and go to http://localhost:8080/portal
   
   
   
2. Login as user 'jduke' with password 'theduke'. This is the user account we added into LDAP in previous steps.
   
3. On the left side click on the 'Edit your profile' link.
   
4. In the 'Real e-mail' field enter 'newemail@email.com' and click 'Save changes'
   
   
   
5. Refresh the view in LDAP Browser and check that new email address was updated in proper user entry
6. Logout from portal and login back as user 'admin' with password 'admin'.
7. Click on the 'Admin' link in the top right corner and go into 'Members' tab.
8. Click on the 'Create User account' link.
   
   
   
9. Fill in the form with sample data and click 'New user registration'
10. Verify in LDAP Browser that new user entry was added to the directory
    
    
    
11. Try to login with username and password you specified for the new account.
12. Go back in the 'Members' tab you can also list and manage all the users that are present in LDAP. Its also possible to assign specific roles to them. Try it out!
    
    

Please check out JBoss Portal 2.6 Reference Guide to learn more.