Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring...
-
date post
15-Jan-2016 -
Category
Documents
-
view
217 -
download
0
Transcript of Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring...
![Page 1: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/1.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Dan Ellentuck, Columbia University
Configuring uPortal Groups and Permissions
![Page 2: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/2.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Agenda
• Rationale and functions• Service structure• Composite Group Service configuration• Group service components configuration• Common services configuration• Permission service configuration• GAP Managers
![Page 3: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/3.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Overview
Configuration for
uPortal 2.4+ Possible to backport to uPortal 2.1+
Not applicable:
uPortal 3
Also note significant changes for uPortal 2.6
![Page 4: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/4.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Requirements
• Need for authorization• Role-based• Use widely-dispersed information• Model complex organization• Granular permissions
![Page 5: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/5.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
AuthZ Functions in uPortal
3 Flavors:
• Framework• Individual Channels• Portlets
![Page 6: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/6.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
AuthZ Functions in uPortal
Framework
Protect portal functions and content:
Access to publishing.
Right to subscribe/render a channel.
![Page 7: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/7.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
AuthZ Functions in uPortal
Individual Channels
Protect functions and content private to the channel:
Must be an org.jasig.portal.IChannel.
Announcements Channel: Create Topic and Delete Announcement. Groups Manager Channel: Create, Delete, Select a specific group.
![Page 8: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/8.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
AuthZ Functions in uPortal
Portlets
Protect functions and content via isUserInRole()
See: org.jasig.portal.container.servlet.ServletRequestImpl
.isUserInRole(String role)
Translates role and role-reference group key
![Page 9: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/9.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Group Functions in uPortal
Separation of concerns:• Group membership• Authorization
Current Responsibilities:• Supply user roles for authorization• Categorize portal entities (channel categories)• Customize content (AL, DL)
![Page 10: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/10.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Agenda
• Rationale and functions• Service structure• Common services configuration• Composite Group Service
configuration• Group service components
configuration• Permission service configuration• GAP Managers
![Page 11: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/11.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
GAP Service Dependencies
uPortal services
Entity TypesGAP common
services
Properties
JDK + supporting libs
XML libsCommonsJDK etc…
RDBM Sequence etc…
Caching Locking
GAP servicesGroups
Permissions
![Page 12: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/12.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Group Service facade
Service api (simplified):
{
public IEntityGroup findGroup(String key);
public IEntity getEntity(String key, Class type);
public IEntityGroup newGroup(Class type, String serviceName);
public EntityIdentifier[] searchForEntities(String query, int method, Class type);
public EntityIdentifier[] searchForGroups(String query, int method, Class leaftype);
}
![Page 13: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/13.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Authorization service façade
3 separate façades:
• AuthorizationPrincipal• PermissionsManager• UpdatingPermissionsManager
![Page 14: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/14.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Authorization service façade
IAuthorizationPrincipal• Represents a user or group• Service api (simplified):
{
public IPermission[] getAllPermissions();
public IPermission[] getPermissions();
public boolean hasPermission(String owner, String activity, String target);
public boolean hasPermission(String owner, String activity,
String target, IPermissionPolicy policy);
}
![Page 15: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/15.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Authorization service façade
IPermissionManager• Represents a read-only application • Service api (simplified):
{
public IPermission[] getAllPermissions(IAuthorizationPrincipal principal,
String activity, String target);
public IAuthorizationPrincipal[] getAuthorizedPrincipals(String activity,
String target);
public IPermission[] getPermissions(String activity, String target);
public IPermission[] getPermissions(IAuthorizationPrincipal principal,
String activity, String target);
}
![Page 16: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/16.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Authorization service façade
IUpdatingPermissionManager
• Represents an updating application• Extends IPermissionManager• Service api (simplified):
{
public void addPermissions(IPermission[] permissions);
public IPermission newPermission(IAuthorizationPrincipal principal);
public void removePermissions(IPermission[] permissions);
public void updatePermissions(IPermission[] permissions);
}
![Page 17: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/17.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Agenda
• Rationale and functions• Service structure• Composite Group Service
configuration• Common services configuration• Group service components
configuration• Permission service configuration• GAP Managers
![Page 18: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/18.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Composite Group Service
uPortal
Person Directory
Composite Group Service
component “local”
Group 0 {local.1, dan, ben}
Group 1 {local.n, pags.1, ben}
…
Group n {…}
component “pags”
Group 0 {pags.1, pags.n}
Group 1 {…}
..
Group n {…}
component “other”
Group A {other.B, other.C}
Group B {don, pete}
Group C {…}
Group Service clients
GAP common services
other source
uPortal db
![Page 19: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/19.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Composite Group Service
compositeGroupServices.xml…
<servicelist
defaultService="local
"compositeFactory="org.jasig.portal…">
<service>
<name>local</name>
<service_factory>org.jasig...etc</service_factory>
<entity_store_factory>org.jasig...etc</entity_store_factory>
<group_store_factory>org.jasig...etc</group_store_factory>
<entity_searcher_factory>org.jasig...etc</entity_searcher_factory>
<internally_managed>true</internally_managed>
<caching_enabled>true</caching_enabled>
</service>
<service>
<name>pags</name>
<service_factory>org.jasig...etc</service_factory>
<entity_store_factory>org.jasig...etc</entity_store_factory>
<group_store_factory>org.jasig...etc</group_store_factory>
<entity_searcher_factory>org.jasig...etc</entity_searcher_factory>
<internally_managed>false</internally_managed>
<caching_enabled>true</caching_enabled>
</service>
...
</servicelist>
Composite Group Service
component “local”
Group 0 {local.1, dan, ben}
Group 1 {local.n, pags.1, ben}
…
Group n {…}
component “pags”
Group 0 {pags.1, pags.n}
Group 1 {…}
..
Group n {…}
component “other”
Group A {other.B, other.C}
Group B {don, pete}
Group C {…}
![Page 20: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/20.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Composite Group Service
Component Service Descriptor
<service>
<name>local</name>
<service_factory> org.jasig.portal.groups.ReferenceIndividualGroupServiceFactory </service_factory>
<entity_store_factory> org.jasig.portal.groups.ReferenceEntityStoreFactory </entity_store_factory>
<group_store_factory> org.jasig.portal.groups.ReferenceEntityGroupStoreFactory </group_store_factory>
<entity_searcher_factory> org.jasig.portal.groups.ReferenceEntitySearcherFactory </entity_searcher_factory>
<internally_managed>true</internally_managed> <caching_enabled>true</caching_enabled>
</service>
![Page 21: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/21.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Composite Group Service
Interface for IEntityGroupStore
{
public boolean contains(IEntityGroup group, IGroupMember member);
public void delete(IEntityGroup group);
public IEntityGroup find(String key);
public Iterator findContainingGroups(IGroupMember gm);
public Iterator findEntitiesForGroup(IEntityGroup group);
public ILockableEntityGroup findLockable(String key);
public String[] findMemberGroupKeys(IEntityGroup group);
public Iterator findMemberGroups(IEntityGroup group);
public IEntityGroup newInstance(Class entityType);
public EntityIdentifier[] searchForGroups
(String query, int method, Class leaftype);
public void update(IEntityGroup group);
public void updateMembers(IEntityGroup group);
}
![Page 22: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/22.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Composite Group Service
Component Service Descriptor
<service>
<name>local</name>
<service_factory> org.jasig.portal.groups.ReferenceIndividualGroupServiceFactory </service_factory>
<entity_store_factory> org.jasig.portal.groups.ReferenceEntityStoreFactory </entity_store_factory>
<group_store_factory> org.jasig.portal.groups.ReferenceEntityGroupStoreFactory </group_store_factory>
<entity_searcher_factory> org.jasig.portal.groups.ReferenceEntitySearcherFactory </entity_searcher_factory>
<internally_managed>true</internally_managed> <caching_enabled>true</caching_enabled>
</service>
![Page 23: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/23.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Composite Group Service
Interface for READ-ONLY IEntityGroupStore
{
public boolean contains(IEntityGroup group, IGroupMember member);
public IEntityGroup find(String key);
public Iterator findContainingGroups(IGroupMember gm);
public Iterator findEntitiesForGroup(IEntityGroup group);
public String[] findMemberGroupKeys(IEntityGroup group);
public Iterator findMemberGroups(IEntityGroup group);
public EntityIdentifier[] searchForGroups
(String query, int method, Class leaftype);
}
![Page 24: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/24.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Agenda
• Rationale and functions• Service structure• CompositeGroupService
configuration• Group service components
configuration• Common services configuration• Permission service configuration• GAP Managers
![Page 25: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/25.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Group components configuration
Available in baseline uPortal:• Local• PAGS• Filesystem• LDAP
Locally developed:• JitLDAP (University of Calgary, Matthew Ling)• SQL (Columbia University)
![Page 26: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/26.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Group components configuration
Common Conventions:• Config files in properties/groups• Xml document w/ <group-store> and <group> elements• <group> element contains membership rules• Except for local, READ-ONLY
![Page 27: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/27.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Group components configuration
“local” group service• In portal db• No configuration required• Supports read-write access
![Page 28: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/28.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Group components configuration
Person Attribute Group Service (“PAGS”)• Client of Person Directory• Tests value of IPerson attributes• Testers include String, regex comparisons• Tests can be combined with operators AND, OR• Read-Only (but will be updatable in 2.6)
![Page 29: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/29.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Group components configuration
Person Attribute Group Service (“PAGS”) <group> <group-key>2</group-key> <group-name>Short First Names</group-name> <group-description> Portal users whose first names are between 1 and 5 characters long </group-description> <selection-test> <test-group> <test> <attribute-name>givenName</attribute-name> <tester-class>org.jasig.portal.groups.pags.testers.RegexTester</tester-class> <test-value>^.{1,5}$</test-value> </test> </test-group> </selection-test> <members> <member-key>3</member-key> </members> </group>
![Page 30: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/30.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Group components configuration
Filesystem Group Service• Groups are files and directories• Read-only• Files contain lists of member keys• Component Service descriptor:
<service groupsRoot="C:/groups">
<name>filesystem</name>
<service_factory>...</service_factory>
<entity_store_factory>...</entity_store_factory>
<group_store_factory>...</group_store_factory>
<entity_searcher_factory>...</entity_searcher_factory>
<internally_managed>false</internally_managed>
<caching_enabled>false</caching_enabled>
</service>
![Page 31: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/31.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Group components configuration
Entity-testing vs. Group-testingGroup-testing (filesystem)
Tom
Paul
Mary
/mydir/.../myGroup
filesystem.myGroup.getMembers()
returns {Tom, Paul, Mary}
![Page 32: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/32.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Group components configuration
Entity-testing vs. Group-testing
Entity-testing (PAGS)
<group> <group-key>myGroup</group-key> <group-name>PAGS Test Users</group-name> <group-description> Users whose user names equal Tom, Paul or Mary </group-description> <selection-test> <test-group> <test> <attribute-name>uid</attribute-name> <tester-class> org.jasig.portal.groups.pags.testers.RegexTester </tester-class> <test-value>Tom|Paul|Mary</test-value> </test> </test-group> </selection-test> </group>
PAGS.myGroup.getMembers()
returns {}
![Page 33: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/33.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Agenda
• Rationale and functions• Service structure• CompositeGroupService
configuration• Group service components
configuration• Common services configuration• Permission service configuration• GAP Managers
![Page 34: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/34.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Common Service configuration
Concurrency properties:
portal.properties
. . .
# Concurrency Services settings:## multiServer (true/false) indicates if the portal will run in multiple jvms.## clockTolerance (in milliseconds) sets a fudge factor to account for system clocks# on different hosts. Only used when org.jasig.portal.concurrency.multiServer=true.## Defaults: multiServer=false# clockTolerance=5000#org.jasig.portal.concurrency.multiServer=falseorg.jasig.portal.concurrency.clockTolerance=5000
![Page 35: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/35.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Common Service configuration
Multi-Server=true/false
• Entity locks in memory/in db• Cache invalidations
![Page 36: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/36.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Common Service configuration
Locking properties:
portal.properties
. . .
# Entity Lock Service settings:
#
# * defaultLockDuration sets the default lock duration in seconds. Locks can also be
# requested for specific durations.
#
# Defaults: defaultLockDuration=300
#
org.jasig.portal.concurrency.IEntityLockServiceFactory=org.jasig.portal.concurrency.
locking.ReferenceEntityLockServiceFactory
org.jasig.portal.concurrency.IEntityLockService.defaultLockDuration=300
![Page 37: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/37.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Common Service configuration
Caching properties:
portal.properties
. . .
# Entity Caching Service settings:
#
# * defaultMaxCacheSize - the default value for maximum number of entries in a
# cache.
# * defaultSweepInterval - the default value in seconds for the interval between
# cache sweeps.
# * defaultMaxIdleTime - the default value in seconds for the time after which a
# cache entry may be purged if it has not been accessed.
#
#
org.jasig.portal.concurrency.IEntityCachingService.defaultMaxCacheSize=1000
org.jasig.portal.concurrency.IEntityCachingService.defaultSweepInterval=60
org.jasig.portal.concurrency.IEntityCachingService.defaultMaxIdleTime=1800
![Page 38: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/38.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Agenda
• Rationale and functions• Service structure• CompositeGroupService
configuration• Group service components
configuration• Common services configuration• Permission service configuration• GAP Managers
![Page 39: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/39.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Permission service configuration
2 ways to configure:
• Custom permissions policy• Permissions store
![Page 40: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/40.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Permission Service Configuration
Service configuration:
portal.properties
. . .
# Authorization Service settings:
#
# * IPermissionStore.implementation is the permission store.
# * IPermissionPolicy.defaultImplementation is the permission policy used when not
# overridden at runtime (see IAuthorizationPrincipal.hasPermission()).
# * IAuthorizationService.cachePermissions sets if permissions will be cached by
# the entity caching service. (Default=true).
#
org.jasig.portal.security.IPermissionStore.implementation=
org.jasig.portal.security.provider.RDBMPermissionImplorg.jasig.portal.security.IPermissionPolicy.defaultImplementation=
org.jasig.portal.security.provider.DefaultPermissionPolicy
org.jasig.portal.security.IAuthorizationService.cachePermissions=true
![Page 41: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/41.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Permission Service Configuration
IPermissionPolicy interface
• Alternate default permission policy• Overloaded IAuthorizationPrincipal.hasPermission()
{
public boolean doesPrincipalHavePermission
(IAuthorizationService service,
IAuthorizationPrincipal principal,
String owner,
String activity,
String target)
}
![Page 42: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/42.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Agenda
• Rationale and functions• Service structure• CompositeGroupService
configuration• Group service components
configuration• Common services configuration• Permission service configuration• GAP Managers
![Page 43: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/43.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Manager Channels
• Manager Channels are service clients
• Transactional state in service
• Alternate managers
![Page 44: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/44.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Manager Channels
Groups Manager channel
![Page 45: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/45.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Manager Channels
Groups Manager configuration:
portal.properties
. . .
# Retrieval limits for Groups Manager.
# Limit the number of group members that should be enumerated when the Groups Manager
# generates an XML representation of the groups hierarchy
#
org.jasig.portal.channels.groupsmanager.wrappers.GroupWrapper.limitRetrievals=true
org.jasig.portal.channels.groupsmanager.wrappers.GroupWrapper.retrievalLimit=25
![Page 46: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/46.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
GAP Resources
Groups and Permissions wiki:http://jasigch.princeton.edu:9000/display/GAP/Home
uPortal mailing lists:• [email protected]
– Discuss anything related to uPortal• [email protected]
– Membership restricted to uPortal framework developers– Coordination of development work
![Page 47: Mon, June13, 2005 uPortal Conference, Baltimore, MD Dan Ellentuck, Columbia University Configuring uPortal Groups and Permissions.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649d4d5503460f94a2c41e/html5/thumbnails/47.jpg)
Mon, June13, 2005uPortal Conference, Baltimore, MD
Speaker: Dan Ellentuck
Presentation Title: Configuring Groups and Permissions
Date: 6/13/2005
Time: 2:00 PM – 3:00 PM
Speaker Info:
The End
Questions ?