Everything Java Apache Geospatial Open Source. Hello Shinning Stars!!! Vincent Massol, Raphael Luta, Santiago Gala, Carsten Z.

Monday, May 22, 2006

Jetspeed Security and Content Management

The objective of this text is to outline how to provide portal content and functionality to an outside server. There are two issues. One is the user must be authenticated to use a particular content. The other is defining the method to access the pages without the menu and logos. A third issue comes to mind if the provided content is inline rather than in an iframe (the server does all of the content negociation and the clients browser does not even know that it is getting content from a third party) which is all urls for images, links, forms, and resources must be standardized so that the server can know when it is to act as a proxy to third party portal content).


One way to do authorization is by using a post request over https where password credentials can be verified. Another way is to sacrafice security for facility by allowing get requests to be made over http. This is not desirable but may facilitate testing. Production servers must make the post over a secure connection.

Content without menus and logos

One assumption that is made is the menus and logos will be invisible and only the content of the portal will be present. For this to work we need to be able to use two different themes depending on the caller.

A page accessed using the MyPage.psml will be rendered with the logo and menus. If the same page is accessed using MyPage.psml?org.apache.portals.jetspeed.theme=simple the logos and menus would be hidden. This parameter can also be passed one time during authetication to set the theme used for the entire session.


If the server does the content negociation it will act as a proxy to the Jetspeed portal requesting content and providing it inline to the end user. All URLs with a given prefix would have to be redirected to another server for content. A portlet can be written for Jetspeed to act as a proxy server to aquire third party content.


This url will authenticate the user and override all page themes so that the portal content is presented without menus and logos.


It depends on a patch submitted by me a few days ago. See the Jira issue

No comments: