The Sakai JSR168 Portlet Version 2 - PowerPoint PPT Presentation

1 / 28
About This Presentation
Title:

The Sakai JSR168 Portlet Version 2

Description:

Another weakness is the need to synchronize AUTHZ between the portal and Sakai ... to support a 'group-scoped' calendar, we may have to build one anyways. ... – PowerPoint PPT presentation

Number of Views:39
Avg rating:3.0/5.0
Slides: 29
Provided by: charle460
Category:

less

Transcript and Presenter's Notes

Title: The Sakai JSR168 Portlet Version 2


1
The Sakai JSR-168 Portlet(Version 2)
  • Charles Severance
  • csev_at_umich.edu
  • December 17, 2005

2
New in Portlet Version 0.2
Announcements (sakai.announcements) Assignments
(sakai.assignment) Chat Room (sakai.chat) Discussi
on (sakai.discussion) Gradebook
(sakai.gradebook.tool) Email Archive
(sakai.mailbox) Membership (sakai.membership)
Message Forums (sakai.messageforums)
Preferences Tool (sakai.preferences)
Presentation (sakai.presentation) Profile
(sakai.profile) Resources (sakai.resources) Wiki
(sakai.rwiki) Tests Quizzes (sakai.samigo) Rost
er (sakai.site.roster) Schedule
(sakai.schedule) Site Info (sakai.siteinfo)
Syllabus (sakai.syllabus)
  • Tree View
  • Gallery View
  • Proxy portlets
  • Source in SVN
  • Configurable via properties file

3
Use Case (getting closer)
  • Goal a bunch of Sakai Portlets that can be
    scattered through out a portal at the portal
    administrators discretion - it is almost as if
    Sakai was in the portal.
  • Not quite there
  • One weakness is the provisioning step - for the
    proxy portlets they need provisioning.
  • Another weakness is the need to synchronize AUTHZ
    between the portal and Sakai - give than none of
    the AUTHZ in portals is standard at all, this is
    a challenge
  • Even though portals may not have the
    infrastructure to support a group-scoped
    calendar, we may have to build one anyways.

4
Sakai JSR-168 Portlet
  • Web Services are used to login to Sakai establish
    a session and retrieve a list of Sakai Sites,
    Pages, and Tools
  • The portlet is 100 stock JSR-168
  • Works in Pluto, uPortal, and GridSphere

5
Three Variations
  • Display the Sakai gallery - all of Sakai except
    for the login and branding.
  • Retrieve the hierarchy of sites, pages and tools
    display in a tree view with the portlet and show
    selected tools/pages in an iframe within the
    portlet
  • Proxy tool placement for a particular Sakai tool
    such as sakai.preferences

6
SakaiSite.getToolsDom
ltsitesgt ltportalgthttp//localhost8080/portallt/
portalgt ltservergthttp//localhost8080lt/servergt
ltgallerygthttp//localhost8080/gallerylt/galle
rygt ltsitegt lttitlegtMy
Workspacelt/titlegt ltidgtcsevlt/idgt
lturlgthttp//localhost8080/portal/worksite/csevlt/
urlgt ltpagesgt ltpagegt
ltidgtaf54f077-42d8-4922-80e3-59c158af2a9alt/id
gt lttitlegtHomelt/titlegt
lturlgthttp//localhost8080/portal/page/af54f07
7-42d8-4922-80e3-59c158af2a9alt/urlgt
lttoolsgt lttoolgt
ltidgtb7b19ad1-9053-4826-00f0-3a964cd20f7
7lt/idgt lttitlegtMessage of
the Daylt/titlegt
lttoolidgtsakai.motdlt/toolidgt
lturlgthttp//localhost8080/portal/tool/b7b19ad1-
9053-4826-00f0-3a964cd20f77lt/urlgt
lt/toolgt lttoolgt
ltidgt85971b6b-e74e-40eb-80cb-930583688
13clt/idgt lttitlegtMy
Workspace Informationlt/titlegt
lttoolidgtsakai.iframe.myworkspacelt/toolidgt
lturlgthttp//localhost8080/por
tal/tool/85971b6b-e74e-40eb-80cb-93058368813clt/url
gt lt/toolgt
lt/toolsgt lt/pagegt lt/pagesgt
lt/sitegt lt/sitesgt
New WS method is upwards compatible with
getSitesDom
7
Sakai Gallery View
8
How Gallery Works
/portal/gallery
Charon Portal
Sakai
uPortal, Pluto, or GridSphere
Web Svcs
Sakai Portlet
Login
9
Sakai Tree View
10
How Tree View Works
Charon Portal
/portal/page/FF96
Sakai
uPortal, Pluto, or GridSphere
ToolList
Web Svcs
Sakai Portlet
Login
11
Sakai Proxy Tool
12
Proxy Tool Selection
13
How Proxy Portlet Works
/portal/page/FF96
Charon Portal
2
Sakai
uPortal, Pluto, or GridSphere
SiteList
Web Svcs
Sakai Portlet
Login
1
14
Auto Login
  • Automatic login (unchanged from previous version)
  • The portlet can be configured system-wide to have
    a designated Sakai host that people are to be
    automatically logged into.
  • A shared secret between the portlet and the Sakai
    system allows bypass of any Sakai log in.
  • There must be a Sakai account for each portal
    account. But if the account exists and the
    shared secrets match, integration is seamless
  • If the portal is fully provisioned and knows
    first name, last name, and e-Mail,
    SakaiPortalLogin can also auto-create users.

15
How Normal Login Works
/portal/gallery
Charon Portal
2
Sakai
uPortal, Pluto, or GridSphere
Web Svcs
Sakai Portlet
SakaiLogin
1
(id,pw)
16
How Auto Login Works
/portal/gallery
Charon Portal
2
Sakai
uPortal, Pluto, or GridSphere
Web Svcs
Sakai Portlet
Request.getRemoteUser csev
PortalLogin
Configuration sakai.secretabcdef sakai.hosthttp
//
1
(id,secret)
Configuration sakai.secretabcdeff
17
How Normal Login Works
Charon Portal
Sakai
uPortal, Pluto, or GridSphere
Web Svcs
Sakai Portlet
Request.getRemoteUser csev
PortalLogin
Configuration sakai.secretabcdef sakai.hosthttp
//
(id,secret)
18
Sakai Portlet Preferences
19
Configuration
  • Configured via both a properties file and portlet
    ltinit-parmsgt
  • Default properties is in /WEB-INF/classes/org/saka
    iproject/portlets/sakaiportlet.properties
  • This file can also be placed in the -Dsakai.home
    directory as well - this will override the
    default file
  • Portlet.xml ltinit-parmsgt override these
    properties but out of the box, the portlet.xml
    does not set these properties

20
sakaiportlet.properties file
This sets parameters for sakai portlets
These values are overridden by any init-parms in
the portlet.xml or init-parms forced by the
portal sakai.host http//localhost8080 It
is convenient for testing to have the secret set
out of the box But in production, if you do not
want autologin, do not set this parameter and
autologin will be turned off sakai.secret
plug-xyzzy This is used to deal with
non-portable aspects across portals - such as
how to determine the current logged in user.
Leaving it null assumes that it is an Apache
Pluto based portal. portal.typegridsphere
portal.typeuportal
21
Notes
  • If you dont use auto-portal login, it is very
    painful to use the proxy portlets
    (sakai.calendar, etc) because they need to
    establish login separately (
  • There is a bug in 2.1 logging out from the
    gallery. Actually it might be best to hide the
    logout button as it is not really logical in a
    mode where some higher level portal is doing
    navigation.
  • Char does not work - need to figure out why.
    Probably an interaction with presence

22
TODO List
  • Create group placed versions of the proxy
    portlet - need to interoperate with the AUTHZ in
    the Portal and in Sakai
  • Need to look very closely at how AUTHZ is done in
    the portal and what APIs to call for each portal
    - this will likely be a case statement
  • Need to look closely at preferences in the
    portal, normally there are portlet-wide init
    parms and user-scoped preferences. Is there an
    intermediate level where an admin can set certain
    prefs that end-users cannot override? This will
    likely also be non portable.
  • Make tool placements in tree view look like page
    placements - should this be in Charon or in the
    Portlet? Effectively this is snatching some
    Charon code to do the titles, etc. Would be
    better to do this in Charon.

23
Outline of (TBD) AUTHZ
  • It is pretty clear that it is dangerous to depend
    on the AuthZ of the Portal because all portals
    will be different.
  • Build a service inside of Sakai which maps
    Portlet Placements to Sakai Sites
  • Allow users with site.upd to effectively grant a
    role to a portlet placement.
  • Another variant is to have folks auto-join
    sites and get a role in the site that way.

24
Current AUTHZ
Portlet
Calendar portlet placed by admin with ID FF12
Calendar portlet executed by hao - no placement
in pref - find placements
What calendars can hao see?
Site User Role AB23 csev maintain AB23 hao access
BC55 hao maintain BC55 marlon access
AB23 BC55
hao picks BC55 and it becomes his personal pref.
Calendar portlet executed by csev - no placement
in pref - find placements
What calendars can csev see?
AB23
Since there is only one csev sees it and it
becomes his pref
25
TBD AUTHZ - Maintain case
Portlet
Calendar portlet placed by admin with ID FF12
Calendar portlet executed by hao - no placement
in pref - find placements
What calendars can hao see?
AB23 BC55 (site.upd)
hao picks BC55 and then is asked, would you
like this to be a group placement? If so, what
role do people get when they see this placement?
Hao says yes - access.
Site User Role AB23 csev maintain AB23 hao access
BC55 hao maintain BC55 marlon access
Does hao have site.upd in this site?
Yes
Grant Portlet FF12 access role in AB23.
Portlet Site Role FF12 AB23 access
hao sees the AB23 calendar and it becomes his
preference.
Sweet
26
TBD AUTHZ - Access Case
Portlet
Portlet Site Role FF12 AB23 access
Calendar portlet placed by admin with ID FF12
Calendar portlet executed by csev - no placement
in pref - find placements
What is the placement portlet FF12?
Sakai notices the placement rule made by hao, and
also that csev does not have access, and adds
csev as access below.
csev is sent to the AB23 calendar and it becomes
his preference.
AB23
Site User Role AB23 csev maintain AB23 hao access
BC55 hao maintain BC55 marlon access BC55 csev acc
ess
27
TBD AUTHZ - Maintain case(more detail)
Portlet
Calendar portlet placed by admin with ID FF12
Calendar portlet executed by hao - no placement
in pref - find placements
What is the placement portlet FF12?
Portlet Site Role
Null
Since there are no placements, lets check to see
if hao can see any calendars.
Site User Role AB23 csev maintain AB23 hao access
BC55 hao maintain BC55 marlon access
What calendars can hao see?
AB23 BC55 (site.upd)
Since hao has site.upd, he picks BC55 and
indicates that this placement gets the access
role.
Grant Portlet FF12 access role in AB23.
Portlet Site Role FF12 AB23 access
hao sees the AB23 calendar and it becomes his
preference.
Sweet
28
Summary
  • This is a nice step forward for the Sakai JSR-168
    portlet
  • There is another step needed to truly meet the
    ideal use case
  • This step needs some analysis by within-portal
    security folks (I.e. I need help from the uPortal
    and GridSphere experts to determine next steps)
  • This will meet a set of needs much better than
    version 0.1 of the portlet.
  • The gallery and tree should work well
  • Proxy portlets can be used in certain cases where
    AUTHZ is well considered.
  • This version is safe from a security
    perspective - it only allows users to do what
    Sakai permits them to do.
Write a Comment
User Comments (0)
About PowerShow.com