You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by luiscolorado <lu...@fmssolutions.com> on 2006/11/01 19:56:23 UTC
Hosting multiple portals
Hi! We are an Application Server Provider, who have about 30 customers. Each
customer may have about 30 users, so we have about 1,000 users. We want to
deploy a portal for our customers using jetspeed-1.
I want to allow customers, let say company A, administer their own users.
However, I don't want that company A can see the users of company B. I think
I could achieve this by deploying multiple instances of the portal, that is,
deploy one new portal for each company... I would have about 30 portals.
I think that is pretty ugly... what if I want to deploy a new portlet to all
the 30 customers? I would have to deploy it to 30 different directories.
What if we grow to have 100 customers? If that's they it has to be done,
fine, but I don't know if that's the best way to do it.
Have you ever done something like that before? What is a good approach to
host multiple portals?
Thank you all!
Luis
--
View this message in context: http://www.nabble.com/Hosting-multiple-portals-tf2555125.html#a7120064
Sent from the Jetspeed - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: Hosting multiple portals
Posted by David Sean Taylor <da...@bluesunrise.com>.
Bhaskar Roy wrote:
> I am trying to do this using custom coding, I was not aware of this
> feature of jetspeed, but one thing want to know, what will be the access
> URL for those subsites?
Depends on how you setup your profiling rules
The default setting would be to use the exact same URL, and then have
the profiler figure out the subsite based on the current user
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: Hosting multiple portals
Posted by Bhaskar Roy <br...@platformexchange.com>.
I am trying to do this using custom coding, I was not aware of this
feature of jetspeed, but one thing want to know, what will be the access
URL for those subsites?
Thanks
Bhaskar
On Mon, 2006-11-06 at 19:16, luiscolorado wrote:
> Hi, David!
>
> I think this is a great feature that seems to fit the bill quite nicely.
> However, I have a problem: I'm using some vendor's software which is based
> on Jetspeed-1. I have been trying to convince them to upgrade to something
> more current, but it has been difficult. I still have some hope that I will
> convince them to move to Jetspeed-2, but that may take awhile.
>
> Do you know if the sub-sites model (or something similar) is available for
> Jetspeed-1? I have only found sub-sites information for Jetspeed-2.
>
> Thanks a lot!
>
> Luis
>
>
> David Sean Taylor wrote:
> >
> > Have you looked into the subsite feature?
> > Its not documented greatly, but you can find some info here:
> >
> > http://portals.apache.org/jetspeed-2/guides/guide-profiler.html
> > http://portals.apache.org/jetspeed-2/guides/guide-security-declarative-psml.html
> >
> > Subsites allow you to divide your site up into different trees of PSML.
> >
--
Regards,
Bhaskar Roy
CTO PlatformExchange Inc
+1-415-661-8910
+91-9886081541
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: Hosting multiple portals
Posted by David Sean Taylor <da...@bluesunrise.com>.
luiscolorado wrote:
> Hi, David!
>
> I think this is a great feature that seems to fit the bill quite nicely.
> However, I have a problem: I'm using some vendor's software which is based
> on Jetspeed-1. I have been trying to convince them to upgrade to something
> more current, but it has been difficult. I still have some hope that I will
> convince them to move to Jetspeed-2, but that may take awhile.
>
> Do you know if the sub-sites model (or something similar) is available for
> Jetspeed-1? I have only found sub-sites information for Jetspeed-2.
Subsites are not available for Jetspeed-1 and there is no real
equivalent feature there, although I have achieved similar 'subsite'
result in a large installation of 1.5. Basically we set up 1.5 to give
completely different portals depending on the url:
employees.somecompany.com/jetspeed
clients.somecompany.com/jetspeed
vendors.somecompany.com/jetspeed
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: Hosting multiple portals
Posted by luiscolorado <lu...@fmssolutions.com>.
Hi, David!
I think this is a great feature that seems to fit the bill quite nicely.
However, I have a problem: I'm using some vendor's software which is based
on Jetspeed-1. I have been trying to convince them to upgrade to something
more current, but it has been difficult. I still have some hope that I will
convince them to move to Jetspeed-2, but that may take awhile.
Do you know if the sub-sites model (or something similar) is available for
Jetspeed-1? I have only found sub-sites information for Jetspeed-2.
Thanks a lot!
Luis
David Sean Taylor wrote:
>
> Have you looked into the subsite feature?
> Its not documented greatly, but you can find some info here:
>
> http://portals.apache.org/jetspeed-2/guides/guide-profiler.html
> http://portals.apache.org/jetspeed-2/guides/guide-security-declarative-psml.html
>
> Subsites allow you to divide your site up into different trees of PSML.
>
--
View this message in context: http://www.nabble.com/Hosting-multiple-portals-tf2555125.html#a7198793
Sent from the Jetspeed - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: Hosting multiple portals
Posted by David Sean Taylor <da...@bluesunrise.com>.
Aaron Evans wrote:
> Hi Luis,
>
> My company is also an ASP and I have built (and am continually
> building) a single portal to service all of our customers, only I am
> using Jetspeed 2 (which would be my recommendation).
>
> I wish I could tell you that J2 could do this kind of data
> segmentation out of the box, but AFAIK, there is no way to do it.
Have you looked into the subsite feature?
Its not documented greatly, but you can find some info here:
http://portals.apache.org/jetspeed-2/guides/guide-profiler.html
http://portals.apache.org/jetspeed-2/guides/guide-security-declarative-psml.html
Subsites allow you to divide your site up into different trees of PSML.
Users are directed to different subsites based on profiling rules per
user. By assigning a subsite-profiling rule to a user, that user is
directed to a subsite of pages. Each subsite has its own root, and its
own page.security
>
> We have similar requirements as you do. For example, we allow our
> customers to manage their own users.
A delegation model for managing users is possible.
Basically you would filter the list of users in the user browser by some
attribute. One possible way would be to filter by role.
>
> I'm going to describe to you in general what we've done and you can
> decide if a similar setup is right for you.
>
> Firstly, to make things easy, I don't allow any one to edit pages. I
> basically author the pages and deploy them in order to expose the
> functionality I want.
>
> The reason for this is to make sure that users can't add
> administrative portlets to their pages. I think maybe since 2.0,
> there may be access control for portlets, but am not sure (I have
> implemented my own access control mechanism in a base class that all
> my portlets extend).
I had to go back to the 2.0 branch to check this out.
Seems that we do a permission check:
if (permissionManager.checkPermission(subject,
new PortletPermission(portlet.getUniqueName(),
SecuredResource.VIEW_ACTION, subject )))
However we are missing this the following seed data:
INSERT INTO SECURITY_PERMISSION
VALUES(100,'org.apache.jetspeed.security.PortletPermission','j2-admin::*','view,
edit','2004-05-22 16:27:12.572','2004-05-22 16:27:12.572');
INSERT INTO PRINCIPAL_PERMISSION VALUES(6,100);
Try adding that, it should filter out all portlets from the j2-admin app
(j2-admin::*)
btw -- im rewriting the portlet selector
New features:
* no longer a popup
* categories
* categories determined via search component lookup on list of keywords
* categories configured in portlet selector edit mode
* paging
* new layout with image support via jetspeed-portlet.xml
* create new portlets from existing portlets feature
* ability to set title and prefs when creating new portlets
>
> Secondly, I have divided my user base into groups according to the
> customer accounts (ie. a customer account is a group). This allows me
> to profile users according to which organization the user belongs to
> (ie. can have a specific skin or specific functionality in special
> cases).
>
> Additionally, each user is assigned roles which controls what
> functionality (portlets) each user has access to.
>
> Finally, I have implemented my own custom user management portlet so
> that I can:
> -add whatever custom attributes I need to for a given user
> -enforce that every user must be a member of some customer group (or
> internal group)
> -enforce that only internal users can have internal roles
> -and most importantly, segmentation of the data
>
> The segmentation of the data is what you are really after here.
> Basically, my user management portlet checks the profile of the logged
> in user. If they are internal, they can access all users. Otherwise,
> they can only access (view,add,edit) user accounts that belong to the
> same customer organization.
>
ah so you are doing this already...i should have read ahead before
describing profiling, oh well
i think we missed out on a "domain" object in our security model
that could help quite a bit for these scenarios
> I actually made a base "Data Management Portlet" that solves the
> problem for us in general, since we have a bunch of different data
> that has to remain segmented in the same way.
>
> One other thing: we use an LDAP directory to store our users, groups
> and roles (although you can use a DB and achieve the same results).
> But the point here is that I am not using the J2 user/role/group
> tables at all and I have implemented my own ATN/ATZ components.
>
Yeah, I've done likewise on some portals
We often need to integrate with a federated authentication system, but
also need local users stored in the Jetspeed databse. This lead to an
interesting usage of the SPIs where I have two sets of SPIs
> Not that I am saying you need to do this necessarily, but in our case,
> it just made things simpler in the long run since we want to use the
> user database for ATN/ATZ for other systems, and ultimately, for an
> enterprise SSO solution.
>
> Anyhow, I hope all of this helps you.
>
> -aaron
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: Hosting multiple portals
Posted by Aaron Evans <aa...@gmail.com>.
On 11/1/06, luiscolorado <lu...@fmssolutions.com> wrote:
>
> I think this is great stuff. However, I'm concerned about the development
> time... how much time did you spend doing this customization?
It probably took me about 3-4 weeks or so to:
-get comfortable with building and deploying jetspeed
-doing my custom skin
-build my custom ATN/ATZ components to swap for jetspeed's default
implementations
The last step probably isn't absolutely necessary.
I then spent maybe a week to build my custom user management portlet.
>Did you basically download the source code and changed/extended/copied it as
> required?
>
I looked at the source yes. Jetspeed provides well-defined interfaces
for the components I swapped out for authentication and authorization
and the default implementations for LDAP served as a guide for me to
write my own. Then it is a matter of changing two spring assembly
files.
> Now, I think that you probably have the best solution, but I just want to
> play devil's advocate: wouldn't it be faster or more convenient to have
> multiple deployments, and use scripts to copy/deploy files and
> configurations to the the multiple deployments? Wouldn't that, by the way,
> provide you the capability of using multiple servers more easily?
>
Just to be clear, the portal isn't really the core service that we are
charging our customers for. If it were (ie. if we were a portal ASP),
then yes, I would absolutely have multiple deployments rather than
shared infrastructure.
We are a VOIP service provider. The portal allows our customers to
view and configure their services online as well as view reports and
access other related application services. It is also used internally
for us to provision and administrate our customers services.
Thus, there are instances where we need a full view accross all
customer data in a single place; hence, a single portal. The portal
is also tightly integrated with many of our other internal systems as
well as some 3rd party web services and I think multiple portals would
just complicate things for us.
We will need to setup a clustered environment soon (to distribute
load), but we should be able to do that (since J2 is capable of that)
without too much trouble.
All that said, I'm sure in some cases (eg. a portal ASP) it might make
sense to just have separate deployments.
> Finally... did you look into any other projects, books, or any other
> resources I could look into.
>
Not really. I read the portlet spec (JSR 168) and a lot of the
jetspeed documentation. I of course frequently reference tomcat
documentation and the Java API docs. But that's about it really...
> Thank you for an awesome post. Luis.
No problem, I hope it is helpful.
-aaron
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: Hosting multiple portals
Posted by luiscolorado <lu...@fmssolutions.com>.
I think this is great stuff. However, I'm concerned about the development
time... how much time did you spend doing this customization? Did you
basically download the source code and changed/extended/copied it as
required?
Now, I think that you probably have the best solution, but I just want to
play devil's advocate: wouldn't it be faster or more convenient to have
multiple deployments, and use scripts to copy/deploy files and
configurations to the the multiple deployments? Wouldn't that, by the way,
provide you the capability of using multiple servers more easily?
Finally... did you look into any other projects, books, or any other
resources I could look into.
Thank you for an awesome post. Luis.
Aaron Evans-2 wrote:
>
> Hi Luis,
>
> My company is also an ASP and I have built (and am continually
> building) a single portal to service all of our customers, only I am
> using Jetspeed 2 (which would be my recommendation).
>
> I wish I could tell you that J2 could do this kind of data
> segmentation out of the box, but AFAIK, there is no way to do it.
>
>
> Finally, I have implemented my own custom user management portlet so that
> I can:
> -add whatever custom attributes I need to for a given user
> -enforce that every user must be a member of some customer group (or
> internal group)
> -enforce that only internal users can have internal roles
> -and most importantly, segmentation of the data
>
> The segmentation of the data is what you are really after here.
> Basically, my user management portlet checks the profile of the logged
> in user. If they are internal, they can access all users. Otherwise,
> they can only access (view,add,edit) user accounts that belong to the
> same customer organization.
>
> I actually made a base "Data Management Portlet" that solves the
> problem for us in general, since we have a bunch of different data
> that has to remain segmented in the same way.
>
>
--
View this message in context: http://www.nabble.com/Hosting-multiple-portals-tf2555125.html#a7121153
Sent from the Jetspeed - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: Hosting multiple portals
Posted by Aaron Evans <aa...@gmail.com>.
Hi Luis,
My company is also an ASP and I have built (and am continually
building) a single portal to service all of our customers, only I am
using Jetspeed 2 (which would be my recommendation).
I wish I could tell you that J2 could do this kind of data
segmentation out of the box, but AFAIK, there is no way to do it.
We have similar requirements as you do. For example, we allow our
customers to manage their own users.
I'm going to describe to you in general what we've done and you can
decide if a similar setup is right for you.
Firstly, to make things easy, I don't allow any one to edit pages. I
basically author the pages and deploy them in order to expose the
functionality I want.
The reason for this is to make sure that users can't add
administrative portlets to their pages. I think maybe since 2.0,
there may be access control for portlets, but am not sure (I have
implemented my own access control mechanism in a base class that all
my portlets extend).
Secondly, I have divided my user base into groups according to the
customer accounts (ie. a customer account is a group). This allows me
to profile users according to which organization the user belongs to
(ie. can have a specific skin or specific functionality in special
cases).
Additionally, each user is assigned roles which controls what
functionality (portlets) each user has access to.
Finally, I have implemented my own custom user management portlet so that I can:
-add whatever custom attributes I need to for a given user
-enforce that every user must be a member of some customer group (or
internal group)
-enforce that only internal users can have internal roles
-and most importantly, segmentation of the data
The segmentation of the data is what you are really after here.
Basically, my user management portlet checks the profile of the logged
in user. If they are internal, they can access all users. Otherwise,
they can only access (view,add,edit) user accounts that belong to the
same customer organization.
I actually made a base "Data Management Portlet" that solves the
problem for us in general, since we have a bunch of different data
that has to remain segmented in the same way.
One other thing: we use an LDAP directory to store our users, groups
and roles (although you can use a DB and achieve the same results).
But the point here is that I am not using the J2 user/role/group
tables at all and I have implemented my own ATN/ATZ components.
Not that I am saying you need to do this necessarily, but in our case,
it just made things simpler in the long run since we want to use the
user database for ATN/ATZ for other systems, and ultimately, for an
enterprise SSO solution.
Anyhow, I hope all of this helps you.
-aaron
On 11/1/06, luiscolorado <lu...@fmssolutions.com> wrote:
>
> Hi! We are an Application Server Provider, who have about 30 customers. Each
> customer may have about 30 users, so we have about 1,000 users. We want to
> deploy a portal for our customers using jetspeed-1.
>
> I want to allow customers, let say company A, administer their own users.
> However, I don't want that company A can see the users of company B. I think
> I could achieve this by deploying multiple instances of the portal, that is,
> deploy one new portal for each company... I would have about 30 portals.
>
> I think that is pretty ugly... what if I want to deploy a new portlet to all
> the 30 customers? I would have to deploy it to 30 different directories.
> What if we grow to have 100 customers? If that's they it has to be done,
> fine, but I don't know if that's the best way to do it.
>
> Have you ever done something like that before? What is a good approach to
> host multiple portals?
>
> Thank you all!
>
> Luis
> --
> View this message in context: http://www.nabble.com/Hosting-multiple-portals-tf2555125.html#a7120064
> Sent from the Jetspeed - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org