I wrote the Jetspeed 2.0 release announcement. Here are some additional features of Jetspeed.
Standard and secure platform for creating custom web portals.
Friday, May 26, 2006
Monday, May 22, 2006
Jetspeed Security and Content Management
The objective of this text is to outline how to provide portal content and functionality to an outside server. There are two issues. One is the user must be authenticated to use a particular content. The other is defining the method to access the pages without the menu and logos. A third issue comes to mind if the provided content is inline rather than in an iframe (the server does all of the content negociation and the clients browser does not even know that it is getting content from a third party) which is all urls for images, links, forms, and resources must be standardized so that the server can know when it is to act as a proxy to third party portal content).
Authentication
One way to do authorization is by using a post request over https where password credentials can be verified. Another way is to sacrafice security for facility by allowing get requests to be made over http. This is not desirable but may facilitate testing. Production servers must make the post over a secure connection.
Content without menus and logos
One assumption that is made is the menus and logos will be invisible and only the content of the portal will be present. For this to work we need to be able to use two different themes depending on the caller.
A page accessed using the MyPage.psml will be rendered with the logo and menus. If the same page is accessed using MyPage.psml?org.apache.portals.jetspeed.theme=simple the logos and menus would be hidden. This parameter can also be passed one time during authetication to set the theme used for the entire session.
URLs
If the server does the content negociation it will act as a proxy to the Jetspeed portal requesting content and providing it inline to the end user. All URLs with a given prefix would have to be redirected to another server for content. A portlet can be written for Jetspeed to act as a proxy server to aquire third party content.
Code
This url will authenticate the user and override all page themes so that the portal content is presented without menus and logos.
It depends on a patch submitted by me a few days ago. See the Jira issue
The objective of this text is to outline how to provide portal content and functionality to an outside server. There are two issues. One is the user must be authenticated to use a particular content. The other is defining the method to access the pages without the menu and logos. A third issue comes to mind if the provided content is inline rather than in an iframe (the server does all of the content negociation and the clients browser does not even know that it is getting content from a third party) which is all urls for images, links, forms, and resources must be standardized so that the server can know when it is to act as a proxy to third party portal content).
Authentication
One way to do authorization is by using a post request over https where password credentials can be verified. Another way is to sacrafice security for facility by allowing get requests to be made over http. This is not desirable but may facilitate testing. Production servers must make the post over a secure connection.
Content without menus and logos
One assumption that is made is the menus and logos will be invisible and only the content of the portal will be present. For this to work we need to be able to use two different themes depending on the caller.
A page accessed using the MyPage.psml will be rendered with the logo and menus. If the same page is accessed using MyPage.psml?org.apache.portals.jetspeed.theme=simple the logos and menus would be hidden. This parameter can also be passed one time during authetication to set the theme used for the entire session.
URLs
If the server does the content negociation it will act as a proxy to the Jetspeed portal requesting content and providing it inline to the end user. All URLs with a given prefix would have to be redirected to another server for content. A portlet can be written for Jetspeed to act as a proxy server to aquire third party content.
Code
This url will authenticate the user and override all page themes so that the portal content is presented without menus and logos.
http://localhost:8080/jetspeed/login/proxy?org.apache.jetspeed.login.username=user&org.apache.jetspeed.login.password=user&org.apache.jetspeed.theme.override=simple
It depends on a patch submitted by me a few days ago. See the Jira issue
Subscribe to:
Posts (Atom)
