You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by Dan Elder <de...@novacoast.com> on 2003/06/19 19:57:41 UTC
Iframe Portlet with Parameter Passing
Hello,
I've created an Iframe Portlet which is a copy of the existing Iframe
Portlet but adds the ability to pass parameters to the source address
(i.e. https://mydomain/index.php¶meter=true&other=nothing). This is
useful for me because with it I can now tie in other web apps to
Jetspeed and have transparent single signon by passing the current
username and password (and other values that can be retrieved from
runData.getUser()) in a url like
https://mydomain/index.php?username=dan&password=rootme. The only
problem I'm having right now is that the crypted version of the password
is returned instead of the initial password the user logs in with. I
know I can disable password encryption in the
JetspeedSecurity.properties but storing passwords in the clear in our
LDAP directory isn't an option. Is there a way that I'm missing to
retrieve the password a user logs in with in the clear even if the
backing store is encrypted? If anyone is interested in the portlet I
can post all the code as well (it's still got a few bugs).
Thank you,
Dan Elder
--
----------------------------------------------
Dan Elder, Software Developer, Novacoast, Inc.
Voice: (805) 884-4152
Mobile: (805) 453-6563
E-mail: delder@novacoast.com
----------------------------------------------
Re: Iframe Portlet with Parameter Passing
Posted by Sami Leino <sa...@netorek.fi>.
> Forgive me, I stand corrected. I missed the following lines in
> LDAPAuthentication.java:
>
> // Store the clear-text password to session if some of the //
> portlets need it (for example to single-signon functionality)
> user.setTemp( "sessionPassword", password );
>
> This works perfectly now and is exactly what I was looking for.
That was a temporary "kludge" that I added to the LDAP implementation few
months ago (because we needed the single sign-on functionality as well).
Unfortunately, this line of code is not present in the database-based
authentication code, and thus the two security implementations (LDAP/DB)
are not symmetric (which I consider to be a very bad thing). In this case,
your single sign-on portlet wouldn't work with database-based security
model.
I'm not sure if putting the clear-text password in user's session is a
security risk in the scope of Jetspeed portal. If it is, the above line of
code must be removed. If it is not considered to be a security risk, I
would suggest adding similar functionality to database-based security
implementation as well. The correct way to achieve this would propably be
to introduce a getClearTextPassword() method in the JetspeedUser
interface.
For us the single sing-on functionality is very crucial, and therefore I
think that the issue should be addressed.
Regards,
Sami
--
Sami Leino
Software Developer, Netorek Oy, Turku, Finland
Email: sami@netorek.fi
Phone: +358 44 0140499
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
Re: Iframe Portlet with Parameter Passing
Posted by Dan Elder <de...@novacoast.com>.
Forgive me, I stand corrected. I missed the following lines in
LDAPAuthentication.java:
// Store the clear-text password to session if some of the
// portlets need it (for example to single-signon functionality)
user.setTemp( "sessionPassword", password );
This works perfectly now and is exactly what I was looking for.
Therefore, I submit before you my modifications to the IFramePortlet
which now allows parameter passing (including the cleartext version of
the user's password). The main purpose of this (for me) was to allow
single signon type interaction with existing web applications. This can
now be handled transparently for the user. Please feel free to make
suggestions, comments, flames, etc... I would especially like feedback
on other improvements that could be made to the IFramePortlet. You can
currently have it automagically fill in: $username, $password,
$clearpassword, $email, $firstname, $lastname, $name.
Thank you,
Dan Elder
----------------------------------------------------------------------------
IFramePortlet.java
/*
* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Jetspeed" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache" or
* "Apache Jetspeed", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.jetspeed.portal.portlets;
//Element Construction Set
import org.apache.ecs.ConcreteElement;
import org.apache.ecs.StringElement;
//Jetspeed stuff
import org.apache.jetspeed.portal.PortletException;
import org.apache.jetspeed.portal.PortletConfig;
//turbine
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.Log;
import org.apache.turbine.util.ServerData;
import org.apache.turbine.services.servlet.TurbineServlet;
import org.apache.turbine.TurbineConstants;
import org.apache.turbine.util.DynamicURI;
//JDK stuff
import java.util.Hashtable;
/**
* A Portlet that displays the contents of a source URL in an IFRAME tag.
* portlets.xreg Usage example:
* <PRE>
* <portlet-entry name="IFrame" hidden="false"
type="abstract" application="false">
*
<classname>org.apache.jetspeed.portal.portlets.IFramePortlet</classname>
* </portlet-entry>
* </PRE>
*
* local-portlets.xreg Usage example:
* <PRE>
* <portlet-entry name="SomeSite" hidden="false" type="ref"
parent="IFramePortlet" application="false">
* <meta-info>
* <title>SomeSite Info</title>
* <description>Navigate SomeSite within an
IFRAME</description>
* </meta-info>
* <parameter name="source" value="http://somesite"
hidden="false"/>
* <media-type ref="html"/>
* </portlet-entry>
* </PRE>
*
* <P>The following parameters are accepted: </P>
* <UL>
* <LI> source - The target of the IFRAME, where it grabs it's
content from. Can use ${webappRoot}.
* Default is "http://127.0.0.1" </LI>
* <LI> width - The width of the IFRAME, or null to let the
browser decide.
* Default is null.</LI>
* <LI> height - The height of the IFRAME, or null to let the
browser decide.
* Default is null.</LI>
* <LI> scrolling - How to display a scrollbar.
* Default is "auto", to let the browser decide.</LI>
* <LI> frameborder - Whether or not to display a border around
the IFRAME.
* Default is 1 (yes).</LI>
* <LI> <code>refresh</code> - value in seconds to auto refresh
contents of the IFRAME. </LI>
* <LI> <code>align</code> - top | bottom | middle | left |
<i>right</i> - How to align the IFRAME in relation to surrounding
content.</LI>
* <LI> <code>marginwidth</code> - size of the top and bottom
margin inside the iframe. </LI>
* <LI> <code>marginheight</code> - size of the left and right
margin inside the iframe.</LI>
* <LI> Parameter 1 - The first parameter to be passed to the
IFrame (or nothing).</LI>
* <LI> Parameter 2 - The second parameter to be passed to the
IFrame (or nothing).</LI>
* <LI> Parameter 3 - The third parameter to be passed to the
IFrame (or nothing).</LI>
* <LI> Parameter 4 - The fourth parameter to be passed to the
IFrame (or nothing).</LI>
* <LI> Parameter 5 - The fifth parameter to be passed to the
IFrame (or nothing).</LI>
* <LI> Parameter 6 - The sixth parameter to be passed to the
IFrame (or nothing).</LI>
* <LI> Value 1 - The first value or special variable to be
passed to the IFrame.</LI>
* <LI> Value 2 - The second value or special variable to be
passed to the IFrame.</LI>
* <LI> Value 3 - The third value or special variable to be
passed to the IFrame.</LI>
* <LI> Value 4 - The fourth value or special variable to be
passed to the IFrame.</LI>
* <LI> Value 5 - The fifth value or special variable to be
passed to the IFrame.</LI>
* <LI> Value 6 - The sixth value or special variable to be
passed to the IFrame.</LI>
* </UL>
*
* <P>The following special variables are acceptedL </P>
* <UL>
* <LI> $username - the username of the user who logged in.</P>
* <LI> $password - the jetspeed password of the user who logged
in (may be encrypted).</P>
* <LI> $clearpassword - the cleartext password of the user who
logged in.</P>
* <LI> $firstname - the first name (if available) of the user who
logged in.</P>
* <LI> $lastname - the last name (if available) of the user who
logged in.</P>
* <LI> $name - the name (if available) of the user who logged in.</P>
* <LI> $email - the email address (if available) of the user who
logged in.</P>
* </UL>
*
* @created June 18, 2003
* @author <a href="mailto:wbarnhil@twcny.rr.com">Bill Barnhill</a>
* @author <a href="mailto:morciuch@apache.org">Mark Orciuch</a>
* @author <a href="mailto:delder@novacoast.com">Dan Elder</a>
* @version $Id: IFramePortlet.java,v 1.5 2003/06/11 21:47:47 morciuch
Exp $
* @see AbstractPortlet
*/
public class IFramePortlet extends AbstractInstancePortlet
{
static final String DEFAULT_NOTSUPP_MSG =
"[Your user agent does not support inline frames or is currently" + "
configured not to display frames]";
static final String NO_SOURCE_MSG = "Please customize source for this
IFrame";
static final String DEFAULT_SOURCE = "http://127.0.0.1";
static final String DEFAULT_WIDTH = null;
static final String DEFAULT_HEIGHT = null;
static final String DEFAULT_SCROLLING = "auto";
static final String DEFAULT_FRAMEBORDER = "1";
static final String PARAM_SOURCE = "source";
static final String PARAM_WIDTH = "width";
static final String PARAM_HEIGHT = "height";
static final String PARAM_SCROLLING = "scrolling";
static final String PARAM_FRAMEBORDER = "frameborder";
static final String PARAM_NAME = "name";
static final String PARAM_STYLE = "style";
static final String PARAM_MARGINWIDTH = "marginwidth";
static final String PARAM_MARGINHEIGHT = "marginheight";
static final String PARAM_REFRESH = "refresh";
static final String PARAM_ALIGN = "align";
static final String WEBAPPROOT = "${" + TurbineConstants.WEBAPP_ROOT + "}";
private final String PARAMETER_1 = "parameter1";
private final String PARAMETER_2 = "parameter2";
private final String PARAMETER_3 = "parameter3";
private final String PARAMETER_4 = "parameter4";
private final String PARAMETER_5 = "parameter5";
private final String PARAMETER_6 = "parameter6";
private final String VALUE_1 = "value1";
private final String VALUE_2 = "value2";
private final String VALUE_3 = "value3";
private final String VALUE_4 = "value4";
private final String VALUE_5 = "value5";
private final String VALUE_6 = "value6";
private String iSource = DEFAULT_SOURCE;
private String iWidth = DEFAULT_WIDTH;
private String iHeight = DEFAULT_HEIGHT;
private String iScrolling = DEFAULT_SCROLLING;
private String iFrameBorder = DEFAULT_FRAMEBORDER;
private String iMarginWidth = null;
private String iMarginHeight = null;
private String iStyle = null;
private String iName = null;
private String iRefresh = null;
private String iAlign = null;
private String param1 = "";
private String value1 = "";
private String param2 = "";
private String value2 = "";
private String param3 = "";
private String value3 = "";
private String param4 = "";
private String value4 = "";
private String param5 = "";
private String value5 = "";
private String param6 = "";
private String value6 = "";
/**
* Sets the source attribute of the IFramePortlet object
*
* @param source The new source value
* @since
*/
public void setSource(String source)
{
if (source != null)
{
// Handle replacement variables
Hashtable parms = new Hashtable();
if (source.indexOf("${") >= 0)
{
// Add all portlet parms
parms.putAll(this.getPortletConfig().getInitParameters());
// Add web app root variable replacement
try
{
ServerData sd =
new ServerData(
TurbineServlet.getServerName(),
Integer.parseInt(TurbineServlet.getServerPort()),
TurbineServlet.getServerScheme(),
TurbineServlet.getContextPath(),
TurbineServlet.getContextPath());
DynamicURI uri = new DynamicURI(sd);
parms.put(TurbineConstants.WEBAPP_ROOT, uri.toString() + "/");
} catch (Exception e)
{
Log.error(e);
}
// Add portlet name variable replacement
parms.put("portlet", this.getName());
}
this.iSource =
org.apache.jetspeed.util.StringUtils.replaceVars(source, parms);
}
}
/**
* This methods outputs the content of the portlet for a given request.
*
* @param runData the RunData object for the request
* @return the content to be displayed to the user-agent
*/
public ConcreteElement getContent(RunData runData)
{
// Reinitialize if user customized the portlet (this will be useful
// when portlet preferences include user name and password for
authentication or
// when other exposed iframe attributes are changed)
if
(org.apache.jetspeed.util.PortletSessionState.getPortletConfigChanged(this,
runData))
{
try
{
this.init();
} catch (PortletException pe)
{
Log.error(pe);
}
}
StringBuffer text = new StringBuffer();
if (getSource() == null || getSource().trim().length() == 0)
{
text.append(NO_SOURCE_MSG);
return (new StringElement(text.toString()));
}
text.append("<IFRAME ");
text.append("src = \"" + getSource());
// Build URL with optional paramaters and values
if (this.getParam1().length() > 0)
{
text.append("?" + this.getParam1() + "=" +
this.getValue(this.getValue1(), runData));
if (this.getParam2().length() > 0)
{
text.append("&" + this.getParam2() + "=" +
this.getValue(this.getValue2(), runData));
if (this.getParam3().length() > 0)
{
text.append("&" + this.getParam3() + "=" +
this.getValue(this.getValue3(), runData));
if (this.getParam4().length() > 0)
{
text.append("&" + this.getParam4() + "=" +
this.getValue(this.getValue4(), runData));
if (this.getParam5().length() > 0)
{
text.append("&" + this.getParam5() + "=" +
this.getValue(this.getValue5(), runData));
if (this.getParam6().length() > 0)
{
text.append("&" + this.getParam6() + "=" +
this.getValue(this.getValue6(), runData));
}
}
}
}
}
}
text.append("\" ");
if (getWidth() != null)
{
text.append("width = \"" + getWidth() + "\" ");
}
if (getHeight() != null)
{
text.append("height = \"" + getHeight() + "\" ");
}
if (getFrameName() != null)
{
text.append("name = \"" + getFrameName() + "\" ");
}
if (getStyle() != null)
{
text.append("style = \"" + getStyle() + "\" ");
}
if (getMarginWidth() != null)
{
text.append("marginwidth = \"" + getMarginWidth() + "\" ");
}
if (getMarginHeight() != null)
{
text.append("marginheight = \"" + getMarginHeight() + "\" ");
}
if (getAlign() != null)
{
text.append("align = \"" + getAlign() + "\" ");
}
text.append("scrolling = \"" + getScrolling() + "\" ");
text.append("frameborder = \"" + getFrameBorder() + "\" ");
text.append(">");
text.append("</IFRAME>");
return (new StringElement(text.toString()));
}
/**
* Initialize this portlet by setting inst. vars from InitParamaters.
*
* @throws PortletException Initialization failed
*/
public void init() throws PortletException
{
// first make sure we propagate init
super.init();
try
{
PortletConfig config = this.getPortletConfig();
String param = null;
param = config.getInitParameter(PARAM_SOURCE);
if (param != null)
setSource(param);
param = config.getInitParameter(PARAM_WIDTH);
if (param != null)
setWidth(param);
param = config.getInitParameter(PARAM_HEIGHT);
if (param != null)
setHeight(param);
param = config.getInitParameter(PARAM_SCROLLING);
if (param != null)
setScrolling(param);
param = config.getInitParameter(PARAM_FRAMEBORDER);
if (param != null)
setFrameBorder(param);
param = config.getInitParameter(PARAM_STYLE);
if (param != null)
setStyle(param);
param = config.getInitParameter(PARAM_NAME);
if (param != null)
setFrameName(param);
param = config.getInitParameter(PARAM_REFRESH);
if (param != null)
setRefresh(param);
param = config.getInitParameter(PARAM_MARGINWIDTH);
if (param != null)
setMarginWidth(param);
param = config.getInitParameter(PARAM_MARGINHEIGHT);
if (param != null)
setMarginHeight(param);
param = config.getInitParameter(PARAM_ALIGN);
if (param != null)
setAlign(param);
param = config.getInitParameter(PARAMETER_1);
if (param != null)
setParam1(param);
param = config.getInitParameter(VALUE_1);
if (param != null)
setValue1(param);
param = config.getInitParameter(PARAMETER_2);
if (param != null)
setParam2(param);
param = config.getInitParameter(VALUE_2);
if (param != null)
setValue2(param);
param = config.getInitParameter(PARAMETER_3);
if (param != null)
setParam3(param);
param = config.getInitParameter(VALUE_3);
if (param != null)
setValue3(param);
param = config.getInitParameter(PARAMETER_4);
if (param != null)
setParam4(param);
param = config.getInitParameter(VALUE_4);
if (param != null)
setValue4(param);
param = config.getInitParameter(PARAMETER_5);
if (param != null)
setParam5(param);
param = config.getInitParameter(VALUE_5);
if (param != null)
setValue5(param);
param = config.getInitParameter(PARAMETER_6);
if (param != null)
setParam6(param);
param = config.getInitParameter(VALUE_6);
if (param != null)
setValue6(param);
} catch (Exception e)
{
Log.error("Exception in init()", e);
throw new PortletException(e.getMessage());
}
}
/**
* If the paramater is known (username,password), return it's value
*
* @params s The Parameter to check
* @return The value of the parameter if it is known, nothing
otherwise
*/
private String getValue(String s, RunData runData)
{
if (s.equalsIgnoreCase("$username"))
return runData.getUser().getUserName();
else if (s.equalsIgnoreCase("$password"))
return runData.getUser().getPassword();
else if (s.equalsIgnoreCase("$clearpassword"))
return (String)runData.getUser().getTemp("sessionPassword");
else if (s.equalsIgnoreCase("$email"))
return runData.getUser().getEmail();
else if (s.equalsIgnoreCase("$firstname"))
return runData.getUser().getFirstName();
else if (s.equalsIgnoreCase("$lastname"))
return runData.getUser().getLastName();
else if (s.equalsIgnoreCase("$name"))
return runData.getUser().getName();
return s;
}
/**
* Gets the source attribute of the IFramePortlet object
*
* @return The source value
*/
public String getSource()
{
return iSource;
}
/**
* Gets the scrolling attribute of the IFramePortlet object
*
* @return The scrolling value
*/
public String getScrolling()
{
return iScrolling;
}
/**
* Gets the width attribute of the IFramePortlet object
*
* @return The width value
*/
public String getWidth()
{
return iWidth;
}
/**
* Gets the height attribute of the IFramePortlet object
*
* @return The height value
*/
public String getHeight()
{
return iHeight;
}
/**
* Gets whether to display a border around the IFRAME. "1" == yes.
*
* @return The frameBorder value
*/
public String getFrameBorder()
{
String trueValues = "1,yes,true";
if (iFrameBorder != null && trueValues.indexOf(iFrameBorder) >= 0)
{
return "1";
}
return "0";
}
/**
* Gets the message displayed when IFRAME is not supported
* This includes when Frames are turned off.
*
* @todo This should be localized
* @return The notSupportedMsg value
*/
public String getNotSupportedMsg()
{
return DEFAULT_NOTSUPP_MSG;
}
/**
* Gets the aling attribute of the IFramePortlet object
*
* @return The marginheight value
*/
public String getAlign()
{
return iAlign;
}
/**
* Gets iframe style
*
* @return The style value
*/
public String getStyle()
{
return iStyle;
}
/**
* Gets iframe name
*
* @return The name value
*/
public String getFrameName()
{
return iName;
}
/**
* Gets iframe refresh
*
* @return The refresh value
*/
public String getRefresh()
{
return iRefresh;
}
/**
* Gets the marginheight attribute of the IFramePortlet object
*
* @return The marginheight value
*/
public String getMarginHeight()
{
return iMarginHeight;
}
/**
* Gets the marginwidth attribute of the IFramePortlet object
*
* @return The marginwidth value
*/
public String getMarginWidth()
{
return iMarginWidth;
}
/**
* Sets the scrolling attribute of the IFramePortlet object
*
* @param scrolling The new scrolling value
* @since
*/
public void setScrolling(String scrolling)
{
iScrolling = scrolling;
}
/**
* Sets the width attribute of the IFramePortlet object
*
* @param width The new width value
* @since
*/
public void setWidth(String width)
{
iWidth = width;
}
/**
* Sets the height attribute of the IFramePortlet object
*
* @param height The new height value
* @since
*/
public void setHeight(String height)
{
iHeight = height;
}
/**
* Sets the frameBorder attribute of the IFramePortlet object
*
* @param frameBorder The new frameBorder value
* @since
*/
public void setFrameBorder(String frameBorder)
{
iFrameBorder = frameBorder;
}
/**
* Sets the width attribute of the IFramePortlet object
*
* @param width The new width value
*/
public void setMarginWidth(String width)
{
iMarginWidth = width;
}
/**
* Sets the marginheight attribute of the IFramePortlet object
*
* @param height The new height value
*/
public void setMarginHeight(String height)
{
iMarginHeight = height;
}
/**
* Sets the marginheight attribute of the IFramePortlet object
*
* @param height The new height value
*/
public void setAlign(String value)
{
iAlign = value;
}
/**
* Sets the refresh meta tag
*
* @param value in seconds
*/
public void setRefresh(String value)
{
iRefresh = value;
}
/**
* Sets the style of iframe. Some useful style effects:
* <UL>
* <LI>border:5px dashed purple
* <LI>border:5px dotted red
* <LI>border:5px double red
* <LI>border:5px inset red
* </UL>
*
* @param value
*/
public void setStyle(String value)
{
iStyle = value;
}
/**
* Sets the name of iframe. This is useful when referencing
* the iframe as a target from another link.
*
* @param value
*/
public void setFrameName(String value)
{
iName = value;
}
/**
*
* @return
*/
public String getParam1()
{
return param1;
}
/**
*
* @return
*/
public String getParam2()
{
return param2;
}
/**
*
* @return
*/
public String getParam3()
{
return param3;
}
/**
*
* @return
*/
public String getParam4()
{
return param4;
}
/**
*
* @return
*/
public String getParam5()
{
return param5;
}
/**
*
* @return
*/
public String getParam6()
{
return param6;
}
/**
*
* @return
*/
public String getValue1()
{
return value1;
}
/**
*
* @return
*/
public String getValue2()
{
return value2;
}
/**
*
* @return
*/
public String getValue3()
{
return value3;
}
/**
*
* @return
*/
public String getValue4()
{
return value4;
}
/**
*
* @return
*/
public String getValue5()
{
return value5;
}
/**
*
* @return
*/
public String getValue6()
{
return value6;
}
/**
*
* @param string
*/
public void setParam1(String string)
{
param1 = string;
}
/**
*
* @param string
*/
public void setParam2(String string)
{
param2 = string;
}
/**
*
* @param string
*/
public void setParam3(String string)
{
param3 = string;
}
/**
*
* @param string
*/
public void setParam4(String string)
{
param4 = string;
}
/**
*
* @param string
*/
public void setParam5(String string)
{
param5 = string;
}
/**
*
* @param string
*/
public void setParam6(String string)
{
param6 = string;
}
/**
*
* @param string
*/
public void setValue1(String string)
{
value1 = string;
}
/**
*
* @param string
*/
public void setValue2(String string)
{
value2 = string;
}
/**
*
* @param string
*/
public void setValue3(String string)
{
value3 = string;
}
/**
*
* @param string
*/
public void setValue4(String string)
{
value4 = string;
}
/**
*
* @param string
*/
public void setValue5(String string)
{
value5 = string;
}
/**
*
* @param string
*/
public void setValue6(String string)
{
value6 = string;
}
}
----------------------------------------------------------
This is the modified section of my portlets.xreg
<portlet-entry name="IFramePortlet" hidden="false" type="instance"
application="false">
<meta-info>
<title>IFrame Portlet</title>
<description>Display URL within IFrame with Passed
Parameters</description>
</meta-info>
<classname>org.apache.jetspeed.portal.portlets.IFramePortlet</classname>
<parameter name="source" value="" hidden="false"
cachedOnName="true" cachedOnValue="true">
<meta-info>
<title>Source</title>
<description>Specify source URL for this
iframe</description>
</meta-info>
</parameter>
<parameter name="width" value="640" hidden="false"
cachedOnName="true" cachedOnValue="true">
<meta-info>
<title>Width</title>
<description>Specify width for this iframe</description>
</meta-info>
</parameter>
<parameter name="height" value="480" hidden="false"
cachedOnName="true" cachedOnValue="true">
<meta-info>
<title>Height</title>
<description>Specify height for this iframe</description>
</meta-info>
</parameter>
<parameter name="frameborder" value="true" type="boolean"
hidden="false" cachedOnName="true" cachedOnValue="true">
<meta-info>
<title>Frameborder</title>
<description>Specify whether do display border around
this iframe</description>
</meta-info>
</parameter>
<parameter name="parameter1" value="" hidden="false"
cachedOnName="true" cachedOnValue="true">
<meta-info>
<title>First Parameter</title>
<description>Specify the parameter to be passed
Leave blank for no parameter.</description>
</meta-info>
</parameter>
<parameter name="value1" value="" hidden="false"
cachedOnName="true" cachedOnValue="true">
<meta-info>
<title>First Value</title>
<description>The value of the parameter to be
passed.</description>
</meta-info>
</parameter>
<parameter name="parameter2" value="" hidden="false"
cachedOnName="true" cachedOnValue="true">
<meta-info>
<title>Second Parameter</title>
<description>Specify the parameter to be passed
Leave blank for no parameter.</description>
</meta-info>
</parameter>
<parameter name="value2" value="" hidden="false"
cachedOnName="true" cachedOnValue="true">
<meta-info>
<title>Second Value</title>
<description>The value of the parameter to be
passed.</description>
</meta-info>
</parameter>
<parameter name="parameter3" value="" hidden="false"
cachedOnName="true" cachedOnValue="true">
<meta-info>
<title>Third Parameter</title>
<description>Specify the parameter to be passed
Leave blank for no parameter.</description>
</meta-info>
</parameter>
<parameter name="value3" value="" hidden="false"
cachedOnName="true" cachedOnValue="true">
<meta-info>
<title>Third Value</title>
<description>The value of the parameter to be
passed.</description>
</meta-info>
</parameter>
<parameter name="parameter4" value="" hidden="false"
cachedOnName="true" cachedOnValue="true">
<meta-info>
<title>Fourth Parameter</title>
<description>Specify the parameter to be passed
Leave blank for no parameter.</description>
</meta-info>
</parameter>
<parameter name="value4" value="" hidden="false"
cachedOnName="true" cachedOnValue="true">
<meta-info>
<title>Fourth Value</title>
<description>The value of the parameter to be
passed.</description>
</meta-info>
</parameter>
<parameter name="parameter5" value="" hidden="false"
cachedOnName="true" cachedOnValue="true">
<meta-info>
<title>Fifth Parameter</title>
<description>Specify the parameter to be passed
Leave blank for no parameter.</description>
</meta-info>
</parameter>
<parameter name="value5" value="" hidden="false"
cachedOnName="true" cachedOnValue="true">
<meta-info>
<title>Fifth Value</title>
<description>The value of the parameter to be
passed.</description>
</meta-info>
</parameter>
<parameter name="parameter6" value="" hidden="false"
cachedOnName="true" cachedOnValue="true">
<meta-info>
<title>Sixth Parameter</title>
<description>Specify the parameter to be passed
Leave blank for no parameter.</description>
</meta-info>
</parameter>
<parameter name="value6" value="" hidden="false"
cachedOnName="true" cachedOnValue="true">
<meta-info>
<title>Sixth Value</title>
<description>The value of the parameter to be
passed.</description>
</meta-info>
</parameter>
<media-type ref="html"/>
<url cachedOnURL="true"/>
<category group="Jetspeed">frames</category>
<category group="Jetspeed">proxy</category>
<category group="Jetspeed">web</category>
</portlet-entry>
--
----------------------------------------------
Dan Elder, Software Developer, Novacoast, Inc.
Voice: (805) 884-4152
Mobile: (805) 453-6563
E-mail: delder@novacoast.com
----------------------------------------------
RE: Iframe Portlet with Parameter Passing
Posted by Mark Orciuch <ma...@ngsltd.com>.
You will have to subclass TurbineUserManagement and override encryptPassword
message by plugging in a two-way encryption algorithm. You will also have to
add another interface containing decryptPassword method.
As to your parameter passing enhancement, I don't particularly care that you
are constrained to just 5 parameters.
Also, please open up a Bugzilla log entry for this enhacement and submit
patches NOT complete source files:
http://jakarta.apache.org/jetspeed/site/code-standards.html
http://www.apache.org/dev/contributors.html#patches
Best regards,
Mark Orciuch - morciuch@apache.org
Jakarta Jetspeed - Enterprise Portal in Java
http://jakarta.apache.org/jetspeed/
> -----Original Message-----
> From: Dan Elder [mailto:delder@novacoast.com]
> Sent: Friday, June 20, 2003 11:07 AM
> To: Jetspeed Developers List
> Subject: Re: Iframe Portlet with Parameter Passing
>
>
> Is there any way to store the cleartext version of a user's
> password in
> their session so that it can be used later? I understand the security
> problems this could pose but for a single sign on solution it is
> necessary. There is no need to store it permanently, but if it could
> be retrieved as a User (or in my case LDAPUser) object it could then be
> passed to other web apps transparent to the user. I like that there is
> a BasicAuthenticationIFramePortlet which sort of does this but requires
> every user to manually store their password in the configuration (which
> is a larger security hole in my mind).
> I've been hacking through Turbine and Jetspeed trying to add a
> getClearPassword and setClearPassword functionality in the two but it is
> still a hack at best which I'm not sure would ever get incorporated
> into the main branches. Retrieving the encrypted/hashed password isn't
> an option since most web apps using LDAP don't perform a comparison but
> actually rebind to the directory as a user. This provides a great deal
> more security and allows for much finer controls over what parts of the
> directory a user has rights to. In order to bind as a user though each
> webapp would need their username (or cn) and password.
> As soon as the IframePortlet is done I'll submit a nice
> version of it
> (documented). Are there any other parameters people would like to see
> passed automatically besides:
>
> username (runData.getUser().getUserName())
> password (runData.getUser().getPassword())
> cleartext password (runData.getUser().getClearPassword()) -
> if I ever
> get it working
> email (runData.getUser().getEmail())
> first name (runData.getUser().getFirstName())
> last name (runData.getUser().getLastName())
> name (runData.getUser().getName()) ?
>
> Thanks again,
> Dan Elder
>
>
> Mark Orciuch wrote:
> > Dan,
> >
> > The parameter passing part is useful - feel free to patch the orginal
> > IFramePortlet with this enhancement. As for the authentication part,
> > password encryption algorithm used in Jetspeed is a one-way encryption
> > technique so you cannot decrypt it. Take a look at
> > BasicAuthenticationIFramePortlet (in CVS head).
> >
> > Best regards,
> >
> > Mark Orciuch - morciuch@apache.org
> > Jakarta Jetspeed - Enterprise Portal in Java
> > http://jakarta.apache.org/jetspeed/
> >
> >
> >>-----Original Message-----
> >>From: Dan Elder [mailto:delder@novacoast.com]
> >>Sent: Thursday, June 19, 2003 12:58 PM
> >>To: jetspeed-dev@jakarta.apache.org
> >>Subject: Iframe Portlet with Parameter Passing
> >>
> >>
> >> Hello,
> >> I've created an Iframe Portlet which is a copy of the
> >>existing Iframe
> >>Portlet but adds the ability to pass parameters to the source address
> >>(i.e. https://mydomain/index.php¶meter=true&other=nothing). This is
> >>useful for me because with it I can now tie in other web apps to
> >>Jetspeed and have transparent single signon by passing the current
> >>username and password (and other values that can be retrieved from
> >>runData.getUser()) in a url like
> >>https://mydomain/index.php?username=dan&password=rootme. The only
> >>problem I'm having right now is that the crypted version of the password
> >>is returned instead of the initial password the user logs in with. I
> >>know I can disable password encryption in the
> >>JetspeedSecurity.properties but storing passwords in the clear in our
> >>LDAP directory isn't an option. Is there a way that I'm missing to
> >>retrieve the password a user logs in with in the clear even if the
> >>backing store is encrypted? If anyone is interested in the portlet I
> >>can post all the code as well (it's still got a few bugs).
> >> Thank you,
> >> Dan Elder
> --
> ----------------------------------------------
> Dan Elder, Software Developer, Novacoast, Inc.
> Voice: (805) 884-4152
> Mobile: (805) 453-6563
> E-mail: delder@novacoast.com
> ----------------------------------------------
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
Re: Iframe Portlet with Parameter Passing
Posted by Dan Elder <de...@novacoast.com>.
Is there any way to store the cleartext version of a user's password in
their session so that it can be used later? I understand the security
problems this could pose but for a single sign on solution it is
necessary. There is no need to store it permanently, but if it could
be retrieved as a User (or in my case LDAPUser) object it could then be
passed to other web apps transparent to the user. I like that there is
a BasicAuthenticationIFramePortlet which sort of does this but requires
every user to manually store their password in the configuration (which
is a larger security hole in my mind).
I've been hacking through Turbine and Jetspeed trying to add a
getClearPassword and setClearPassword functionality in the two but it is
still a hack at best which I'm not sure would ever get incorporated
into the main branches. Retrieving the encrypted/hashed password isn't
an option since most web apps using LDAP don't perform a comparison but
actually rebind to the directory as a user. This provides a great deal
more security and allows for much finer controls over what parts of the
directory a user has rights to. In order to bind as a user though each
webapp would need their username (or cn) and password.
As soon as the IframePortlet is done I'll submit a nice version of it
(documented). Are there any other parameters people would like to see
passed automatically besides:
username (runData.getUser().getUserName())
password (runData.getUser().getPassword())
cleartext password (runData.getUser().getClearPassword()) - if I ever
get it working
email (runData.getUser().getEmail())
first name (runData.getUser().getFirstName())
last name (runData.getUser().getLastName())
name (runData.getUser().getName()) ?
Thanks again,
Dan Elder
Mark Orciuch wrote:
> Dan,
>
> The parameter passing part is useful - feel free to patch the orginal
> IFramePortlet with this enhancement. As for the authentication part,
> password encryption algorithm used in Jetspeed is a one-way encryption
> technique so you cannot decrypt it. Take a look at
> BasicAuthenticationIFramePortlet (in CVS head).
>
> Best regards,
>
> Mark Orciuch - morciuch@apache.org
> Jakarta Jetspeed - Enterprise Portal in Java
> http://jakarta.apache.org/jetspeed/
>
>
>>-----Original Message-----
>>From: Dan Elder [mailto:delder@novacoast.com]
>>Sent: Thursday, June 19, 2003 12:58 PM
>>To: jetspeed-dev@jakarta.apache.org
>>Subject: Iframe Portlet with Parameter Passing
>>
>>
>> Hello,
>> I've created an Iframe Portlet which is a copy of the
>>existing Iframe
>>Portlet but adds the ability to pass parameters to the source address
>>(i.e. https://mydomain/index.php¶meter=true&other=nothing). This is
>>useful for me because with it I can now tie in other web apps to
>>Jetspeed and have transparent single signon by passing the current
>>username and password (and other values that can be retrieved from
>>runData.getUser()) in a url like
>>https://mydomain/index.php?username=dan&password=rootme. The only
>>problem I'm having right now is that the crypted version of the password
>>is returned instead of the initial password the user logs in with. I
>>know I can disable password encryption in the
>>JetspeedSecurity.properties but storing passwords in the clear in our
>>LDAP directory isn't an option. Is there a way that I'm missing to
>>retrieve the password a user logs in with in the clear even if the
>>backing store is encrypted? If anyone is interested in the portlet I
>>can post all the code as well (it's still got a few bugs).
>> Thank you,
>> Dan Elder
--
----------------------------------------------
Dan Elder, Software Developer, Novacoast, Inc.
Voice: (805) 884-4152
Mobile: (805) 453-6563
E-mail: delder@novacoast.com
----------------------------------------------
RE: Iframe Portlet with Parameter Passing
Posted by Mark Orciuch <ma...@ngsltd.com>.
Dan,
The parameter passing part is useful - feel free to patch the orginal
IFramePortlet with this enhancement. As for the authentication part,
password encryption algorithm used in Jetspeed is a one-way encryption
technique so you cannot decrypt it. Take a look at
BasicAuthenticationIFramePortlet (in CVS head).
Best regards,
Mark Orciuch - morciuch@apache.org
Jakarta Jetspeed - Enterprise Portal in Java
http://jakarta.apache.org/jetspeed/
> -----Original Message-----
> From: Dan Elder [mailto:delder@novacoast.com]
> Sent: Thursday, June 19, 2003 12:58 PM
> To: jetspeed-dev@jakarta.apache.org
> Subject: Iframe Portlet with Parameter Passing
>
>
> Hello,
> I've created an Iframe Portlet which is a copy of the
> existing Iframe
> Portlet but adds the ability to pass parameters to the source address
> (i.e. https://mydomain/index.php¶meter=true&other=nothing). This is
> useful for me because with it I can now tie in other web apps to
> Jetspeed and have transparent single signon by passing the current
> username and password (and other values that can be retrieved from
> runData.getUser()) in a url like
> https://mydomain/index.php?username=dan&password=rootme. The only
> problem I'm having right now is that the crypted version of the password
> is returned instead of the initial password the user logs in with. I
> know I can disable password encryption in the
> JetspeedSecurity.properties but storing passwords in the clear in our
> LDAP directory isn't an option. Is there a way that I'm missing to
> retrieve the password a user logs in with in the clear even if the
> backing store is encrypted? If anyone is interested in the portlet I
> can post all the code as well (it's still got a few bugs).
> Thank you,
> Dan Elder
> --
> ----------------------------------------------
> Dan Elder, Software Developer, Novacoast, Inc.
> Voice: (805) 884-4152
> Mobile: (805) 453-6563
> E-mail: delder@novacoast.com
> ----------------------------------------------
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org