I am using jboss gatein 3.2 for my web application. In the gatein-resource.xml, i have upgraded from ext-js 3.2 to 3.4. which gives me java script error in the firebug console and all the ext-js components and menu of the gatein portlets are all also not loaded. This happens in the production mode only but works fine in the development mode. What could be wrong(ext-js 3.2 works fine in both development mode as well as production mode)
TypeError: eXo.portal.UIPortal is undefined
the bellow is my gatein resource.xml
<?xml version="1.0" encoding="UTF-8"?>
<gatein-resources
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.gatein.org/xml/ns/gatein_resources_1_1 http://www.gatein.org/xml/ns/gatein_resources_1_1"
xmlns="http://www.gatein.org/xml/ns/gatein_resources_1_1">
<javascript>
<param>
<js-module>extbaseJS</js-module>
<js-path>/javascript/lib/ext-2.1/adapter/ext/ext-base.js</js-path>
<js-priority>1</js-priority>
</param>
<param>
<js-module>extallJS</js-module>
<js-path>/javascript/lib/ext-2.1/ext-all.js</js-path>
<js-priority>2</js-priority>
</param>
<param>
<js-module>extcommonsJS</js-module>
<js-path>/javascript/commons/extCommons.js</js-path>
<js-priority>3</js-priority>
</param>
<param>
<js-module>dateJS</js-module>
<js-path>/javascript/date/date.js</js-path>
<js-priority>2</js-priority>
</param>
<param>
<js-module>extcalendarJS</js-module>
<js-path>/javascript/commons/extcalendar.js</js-path>
<js-priority>2</js-priority>
</param>
<param>
<js-module>cismstableJS</js-module>
<js-path>/javascript/tables/cismstable.js</js-path>
<js-priority>1</js-priority>
</param>
<param>
<js-module>viewJS</js-module>
<js-path>/javascript/tables/view.js</js-path>
<js-priority>1</js-priority>
</param>
<param>
<js-module>validationJS</js-module>
<js-path>/javascript/commons/validation.js</js-path>
<js-priority>1</js-priority>
</param>
<param>
<js-module>commonslookupJS</js-module>
<js-path>/javascript/commons/commons-lookup.js</js-path>
<js-priority>1</js-priority>
</param>
<!-- <param>
<js-module>fusionChartsJS</js-module>
<js-path>/javascript/charts/FusionCharts.js</js-path>
<js-priority>1</js-priority>
</param>
<param>
<js-module>securityCharts</js-module>
<js-path>/javascript/charts/securityChart.js</js-path>
<js-priority>1</js-priority>
</param> -->
<param>
<js-module>DwrProxy</js-module>
<js-path>/javascript/lib/DwrProxy.js</js-path>
<js-priority>4</js-priority>
</param>
<param>
<js-module>dynamicColumn</js-module>
<js-path>/javascript/commons/dynamicColumn.js</js-path>
<js-priority>5</js-priority>
</param>
<param>
<js-module>dateUtils</js-module>
<js-path>/javascript/date/dateUtils.js</js-path>
<js-priority>2</js-priority>
</param>
<param>
<js-module>extObjectPopup</js-module>
<js-path>/javascript/extWidgets/extObjectPopup/extObjectPopup.js</js-path>
<js-priority>5</js-priority>
</param>
<param>
<js-module>Spotlight</js-module>
<js-path>/javascript/lib/ext-2.1/Spotlight.js</js-path>
<js-priority>5</js-priority>
</param>
<param>
<js-module>ExtColumnHeader</js-module>
<js-path>/javascript/lib/ext-2.1/ColumnHeaderGroup.js</js-path>
<js-priority>5</js-priority>
</param>
<param>
<js-module>toolTreeTrends</js-module>
<js-path>/javascript/dtree/toolTreeTrends.js</js-path>
<js-priority>6</js-priority>
</param>
<param>
<js-module>toolTreeThreat</js-module>
<js-path>/javascript/dtree/toolTree.js</js-path>
<js-priority>4</js-priority>
</param>
<param>
<js-module>dynamicColumn</js-module>
<js-path>/javascript/commons/dropdownGrid.js</js-path>
<js-priority>6</js-priority>
</param>
<param>
<js-module>rgraph</js-module>
<js-path>/javascript/charts/RGraph.common.core.js</js-path>
<js-priority>6</js-priority>
</param>
<param><!--RIMS_05.05_M1_BUG_35 -->
<js-module>BarChart</js-module>
<js-path>/javascript/charts/BarChart.js</js-path>
<js-priority>1</js-priority>
</param>
<param><!--RIMS_05.05_M1_BUG_36 -->
<js-module>LineChart</js-module>
<js-path>/javascript/charts/LineChart.js</js-path>
<js-priority>1</js-priority>
</param>
</javascript>
</gatein-resources>
On the recent version of GateIn (GateIn 3.6) they changed the javascript importing syntax in gatein-resources.xml and resource compression mechanism . You can find more about that from This Link
You need to update your gatein-resources.xml in order to be compliant with the new syntax:
<scripts>
<name>extJS</name>
<script>
<path>/javascript/lib/ext-2.1/adapter/ext/ext-base.js</path>
</script>
<script>
<path>/javascript/lib/ext-2.1/ext-all.js</path>
</script>
.....
</scripts>
GateIn 3.6 provides now on demand, flexible and parallel loading of JavaScript resources. So you can also use AMD(Asynchronous module definition).
For a shared scope (Gatein support portal, portlet and shared scope), you can define your javascript modules like this:
<module>
<name>extbase</name>
<script>
<path>/javascript/lib/ext-2.1/adapter/ext/ext-base.js</path>
</script>
<depends>
<module>base</module>
</depends>
</module>
<module>
<name>extall</name>
<script>
<path>/javascript/lib/ext-2.1/ext-all.js</path>
</script>
<depends>
<module>extbase</module>
</depends>
</module>
....
You can find more information about Javascript development in GateIn here :
https://docs.jboss.org/author/display/GTNPORTAL35/JavaScript+Development
Related
I am trying to implement Role Base Access Controls on Zeppelin, using Knox to authenticate against an external IdP, and to perform group lookups from an LDAP instance once a user has been successfully authenticated.
I am currently able to login to Zeppelin, and the HadoopGroupProvider is looking up the user's groups as expected, but the authenticated user is not mapped to any roles, and is therefore unable to create Notebooks, or use any interpreters.
My configuration for Knox is shown below:
<?xml version="1.0" encoding="utf-8"?>
<topology>
<gateway>
<provider>
<role>federation</role>
<name>pac4j</name>
<enabled>true</enabled>
<param>
<name>pac4j.callbackUrl</name>
<value>https://knox.example.com/gateway/knoxsso/api/v1/websso</value>
</param>
<param>
<name>clientName</name>
<value>SAML2Client</value>
</param>
<param>
<name>saml.keystorePath</name>
<value>/opt/knox-1.3.0/data/security/keystores/gateway.jks</value>
</param>
<param>
<name>saml.keystorePassword</name>
<value>password</value>
</param>
<param>
<name>saml.privateKeyPassword</name>
<value>password</value>
</param>
<param>
<name>saml.identityProviderMetadataPath</name>
<value>/etc/sso/idp.xml</value>
</param>
<param>
<name>saml.maximumAuthenticationLifetime</name>
<value>100000</value>
</param>
<param>
<name>saml.serviceProviderEntityId</name>
<value>https://knox.example.com/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client</value>
</param>
<param>
<name>saml.serviceProviderMetadataPath</name>
<value>/etc/sso/sp.xml</value>
</param>
<param>
<name>pac4j.id_attribute</name>
<value>username</value>
</param>
</provider>
<provider>
<role>identity-assertion</role>
<name>HadoopGroupProvider</name>
<enabled>true</enabled>
<param>
<name>hadoop.security.group.mapping</name>
<value>org.apache.hadoop.security.LdapGroupsMapping</value>
</param>
<param>
<name>hadoop.security.group.mapping.ldap.bind.user</name>
<value>cn=loginuser,ou=example,ou=example,dc=example,dc=example,dc=example,dc=com</value>
</param>
<param>
<name>hadoop.security.group.mapping.ldap.bind.password</name>
<value>password</value>
</param>
<param>
<name>hadoop.security.group.mapping.ldap.url</name>
<value>ldap://example.ldap.com:389</value>
</param>
<param>
<name>hadoop.security.group.mapping.ldap.base</name>
<value>ou=example,dc=example,dc=example,dc=example,dc=com</value>
</param>
<param>
<name>hadoop.security.group.mapping.ldap.search.filter.user</name>
<value>(&(objectClass=user)(|(sAMAccountName={0})(mailNickname={0})))</value>
</param>
<param>
<name>hadoop.security.group.mapping.ldap.search.filter.group</name>
<value>(&(cn=group*)(objectclass=Group))</value>
</param>
<param>
<name>hadoop.security.group.mapping.ldap.search.attr.member</name>
<value>member</value>
</param>
<param>
<name>hadoop.security.group.mapping.ldap.search.attr.group.name</name>
<value>cn</value>
</param>
</provider>
</gateway>
<service>
<role>KNOXSSO</role>
<param>
<name>knoxsso.cookie.secure.only</name>
<value>true</value>
</param>
<param>
<name>knoxsso.token.ttl</name>
<value>100000</value>
</param>
<param>
<name>knoxsso.redirect.whitelist.regex</name>
<value>.*</value>
</param>
<param>
<name>knoxsso.token.ttl</name>
<value>-1</value>
</param>
</service>
</topology>
This is my shiro.ini configuration for Zeppelin:
[main]
knoxJwtRealm = org.apache.zeppelin.realm.jwt.KnoxJwtRealm
knoxJwtRealm.providerUrl = https://knox.example.com/
knoxJwtRealm.login = gateway/knoxsso/api/v1/websso
knoxJwtRealm.publicKeyPath = /etc/pki/tls/certs/knox.example.com.pem
knoxJwtRealm.logoutAPI = false
knoxJwtRealm.logout = gateway/knoxsso/api/v1/webssout
knoxJwtRealm.cookieName = hadoop-jwt
knoxJwtRealm.redirectParam = originalUrl
knoxJwtRealm.groupPrincipalMapping = group.principal.mapping
knoxJwtRealm.principalMapping = principal.mapping
authc = org.apache.zeppelin.realm.jwt.KnoxAuthenticationFilter
securityManager.realms = $knoxJwtRealm
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = JSESSIONID
cookie.httpOnly = true
sessionManager.sessionIdCookie = $cookie
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login
[roles]
admin_role = *
user_role = *
[urls]
/api/version = anon
/** = authc
I am confident that the HadoopGroupProvider is connecting to my LDAP instance and successfully looking up my groups, due to the gateway-audit.log:
19/10/07 15:33:00 ||6348f279-0ed2-445b-8a73-b76a8fcb985a|audit|1.2.3.4|KNOXSSO|USER1|||identity-mapping|principal|USER1|success|Groups: [Group1, Group2, Group3]
My questions are:
How do I map these groups to roles in Zeppelin?
Is there an equivalent to the org.apache.zeppelin.realm.LdapRealm's rolesByGroup configuration for the KnoxJwtRealm?
Any help is greatly appreciated, thanks in advance!
You need to install hadoop binaries and configure Hadoop Group Mapping.
And get Zeppelin rely on this configuration by providing environment variables in zeppelin-env.sh:
USE_HADOOP=True
HADOOP_CONF_DIR=<PATH_TO_HADOOP_CONFIGURATION_FILES>
You either need to add $HADOOP_HOME/bin to your OS $PATH environment variable. So Zeppelin could run hadoop command to map users and groups.
Setup specific group access permissions by writing URL-based rules under url section, such as:
[urls]
/api/configurations/** = authc, roles[<YOUR_LDAP_GROUP>]
More info:
Hadoop integration
Zeppelin KnoxSSO
The group lookup in the HadoopGroupProvider within the Knox topology looks correct and you would be able to use those groups for service level authorization for protecting access to the services being proxied by that topology.
However, those groups do not get propagated to the backend service from the gateway. Zeppelin needs to be configured to do its own group lookup and role mapping. I'm not familiar with the Zeppelin config for that unfortunately.
The following may prove helpful though: https://zeppelin.apache.org/docs/0.8.0/setup/security/shiro_authentication.html#groups-and-permissions-optional
I would like to have 2 different sitecore instance with different Solr instance on my developer PC.
What would be the best way to do it:
1. Create new instance of SOLR
2. Somehow change index name for specific sitecore instance.
based on solr article it seems like 1 way. For me it looks not really optimal.
if 2 case it is other question goes on: how to specify custom SOLR index names for sitecore config.
No you don't need to have more than one solr instance to run multiple Sitecore instances, You only need separate Core for each instance.
Create a new core for the second Sitecore instance on the same Solr
instance, you can call it "Sitecore_instance2" , then restart SOLR service.
In Sitecore.ContentSearch.Solr.Indexes.config, Sitecore.ContentSearch.Solr.Index.Analytics.config files, you will need to
change the core name for each index to "Sitecore_instance2" like
this:
<param desc="core">Sitecore_instance2</param>
I have over 8 Sitecore projects on the go that are all using SOLR. Creating a new SOLR instance for each project would just be a pain and a waste of time and resources. I have a single SOLR instance setup and then set the core names via an include file.
You would want a config like this one, just add it to the include folder:
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
<Sitecore>
<contentSearch>
<configuration>
<indexes hint="list:AddIndex">
<index id="sitecore_master_index" type="Sitecore.ContentSearch.SolrProvider.SolrSearchIndex, Sitecore.ContentSearch.SolrProvider">
<param desc="core">"Your Core Name Here"</param>
</index>
<index id="sitecore_web_index" type="Sitecore.ContentSearch.SolrProvider.SolrSearchIndex, Sitecore.ContentSearch.SolrProvider">
<param desc="core">"Your Core Name Here"</param>
</index>
<index id="sitecore_core_index" type="Sitecore.ContentSearch.SolrProvider.SolrSearchIndex, Sitecore.ContentSearch.SolrProvider">
<param desc="core">"Your Core Name Here"</param>
</index>
<index id="sitecore_analytics_index" type="Sitecore.ContentSearch.SolrProvider.SolrSearchIndex, Sitecore.ContentSearch.SolrProvider">
<param desc="core">"Your Core Name Here"</param>
</index>
<index id="sitecore_testing_index" type="Sitecore.ContentSearch.SolrProvider.SolrSearchIndex, Sitecore.ContentSearch.SolrProvider">
<param desc="core">"Your Core Name Here"</param>
</index>
<index id="sitecore_suggested_test_index" type="Sitecore.ContentSearch.SolrProvider.SolrSearchIndex, Sitecore.ContentSearch.SolrProvider">
<param desc="core">"Your Core Name Here"</param>
</index>
<index id="sitecore_fxm_master_index" type="Sitecore.ContentSearch.SolrProvider.SolrSearchIndex, Sitecore.ContentSearch.SolrProvider">
<param desc="core">"Your Core Name Here"</param>
</index>
<index id="sitecore_fxm_web_index" type="Sitecore.ContentSearch.SolrProvider.SolrSearchIndex, Sitecore.ContentSearch.SolrProvider">
<param desc="core">"Your Core Name Here"</param>
</index>
<index id="sitecore_list_index" type="Sitecore.ContentSearch.SolrProvider.SolrSearchIndex, Sitecore.ContentSearch.SolrProvider">
<param desc="core">"Your Core Name Here"</param>
</index>
<index id="social_messages_master" type="Sitecore.ContentSearch.SolrProvider.SolrSearchIndex, Sitecore.ContentSearch.SolrProvider">
<param desc="core">"Your Core Name Here"</param>
</index>
<index id="social_messages_web" type="Sitecore.ContentSearch.SolrProvider.SolrSearchIndex, Sitecore.ContentSearch.SolrProvider">
<param desc="core">"Your Core Name Here"</param>
</index>
<index id="sitecore_marketing_asset_index_master" type="Sitecore.ContentSearch.SolrProvider.SolrSearchIndex, Sitecore.ContentSearch.SolrProvider">
<param desc="core">"Your Core Name Here"</param>
</index>
<index id="sitecore_marketing_asset_index_web" type="Sitecore.ContentSearch.SolrProvider.SolrSearchIndex, Sitecore.ContentSearch.SolrProvider">
<param desc="core">"Your Core Name Here"</param>
</index>
</indexes>
</configuration>
</contentSearch>
<settings>
<!--<setting name="ContentSearch.Solr.ServiceBaseAddress">
<patch:attribute name="value">http://localhost:8983/solr</patch:attribute>
</setting>-->
</settings>
</sitecore>
Although you can run multiple cores under one instance, I still like the idea of completely separating the cores for different clients. I installed multiple instances and blogged about it here.
class="org.apache.jackrabbit.core.persistence.bundle.PostgreSQLPersistenceManager">
<param name="driver" value="org.postgresql.Driver" />
<param name="url" value="jdbc:postgresql://192.168.1.200:5433/NEWDMS" />
<param name="user" value="postgres" />
<param name="password" value="eminence" />
<param name="schema" value="postgresql" />
<param name="schemaObjectPrefix" value="${wsp.name}_" />
<param name="externalBLOBs" value="false" />
</PersistenceManager>
I have created a transient Repository and done changes in repository.xml file
while accessing jackrabbit repository i am getting following exception : org.apache.jackrabbit.core.state.ItemStateException: failed to read bundle: deadbeef-face-babe-cafe-babecafebabe
java.lang.IllegalArgumentException: Invalid namespace index: 3158064
The "failed to read bundle: deadbeef-face-babe..." message is a symptom of a repository inconsistency. Start with these knowledge base articles: Fix the "jcr:system" node, Consistency Check, and Tar Data File Rotation. The third link highlights this configuration parameter of the persistence manager that might be of interest (although I see that you are not using the default TPM persistence manager, so it might not be relevant):
<param name="maxFileSize" value="512" />
I can pass parameter in Struts 2 (GAE app) Url something like below:
http://localhost:8888/user/jr
http://localhost:8888/user/jr#jrgalia
But i got an error for
http://localhost:8888/user/jr#jrgalia.com
How to allow to pass parameter with dot character?
Below is in struts.xml
....
<constant name="struts.enable.SlashesInActionNames" value="true"/>
<constant name="struts.mapper.alwaysSelectFullNamespace" value="false"/>
...
<action name="/user/*" class="LinkAction" method="usersLink">
<param name="userName">{1}</param>
<result>
<param name="location">/index.jsp</param>
<param name="parse">false</param>
<param name="encode">false</param>
</result>
</action>
Below is the error:
HTTP ERROR 404
Problem accessing /user/jr#jrgalia.com. Reason:
NOT_FOUND
Powered by Jetty://
How I stop Jackrabbit using SimpleSecurityManager?
I'm trying to call session.getUserManager() but I get a repository exception as SimpleSecurityManager.getUserManager() explicity throws it.
<Security appName="Jackrabbit">
<SecurityManager class="org.apache.jackrabbit.core.DefaultSecurityManager" workspaceName="security">
</SecurityManager>
<AccessManager class="org.apache.jackrabbit.core.security.simple.SimpleAccessManager">
<!-- <param name="config" value="${rep.home}/access.xml"/> -->
</AccessManager>
<LoginModule class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">
<param name="anonymousId" value="anonymous"/>
<param name="adminId" value="admin"/>
</LoginModule>
</Security>
Rest of code for those that will ask...
Repository repository = new TransientRepository();
Session jackrabbitSession = repository.login(credentials);
UserManager userManager = session.getUserManager();
The user manager is a Jackrabbit extension. It's not a part of the JCR. So, you need to use a JackrabbitSession, not just a Session. Here's a link to the wiki:
http://wiki.apache.org/jackrabbit/UserManagement