Download uPortal 2.6 Brownbag I

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Remote Desktop Services wikipedia , lookup

Cross-site scripting wikipedia , lookup

Semantic Web wikipedia , lookup

Proxy server wikipedia , lookup

Transcript
Web Proxy Channel
and Portlet
Andrew Petro
JA-SIG Denver
26 June 2007
© Copyright Unicon, Inc., 2007. Some rights reserved.
http://creativecommons.org/licenses/by-nc/3.0/us/ Portions borrowed from
previous JA-SIG presentations by Andrew and others.
Meet your speaker
• Andrew Petro
• Unicon, Inc.
• Software developer, cooperative support
uPortal lead, and occasional uPortal
consultant
• Previously with Yale University ITS
Technology & Planning
This presentation
• Web proxy generally
• The CWebProxy channel that’s included in
uPortal, originally developed by Memorial
University Newfoundland
• The Web Proxy Portlet open source project
spearheaded by University of WisconsinMadison
Web proxy generally
Inline frames
Browser
Portal
<iframe />
<iframe />
External web server
• Browser performs
aggregation
Web proxies
Browser
Portal
External web server
• Portal performs aggregation
Advantages of each
Inline frame
Web proxy
• Simple
• Portal (and firewalls,
etc.) can insulate the
backing server
• Fast (potentially)
• Transparent handling of
backing css, javascript
• Transformation of
content
• Portal services (authN,
attributes, permission)
• Caching
JSR-168 portlets
• JSR-168 portlets run inside the portal JVM
– Possibly with some classloader isolation
• Action vs. Render distinction
• Easy preferences
• … Cf. Matt Young’s talk, e.g.
JSR-168 portlets
Browser
Portal
?
• Portal performs aggregation
What if Something Goes Wrong?
Browser
Portal
?!
What if Something Goes REALLY Wrong?
Browser
Portal
?!
Doctor, it hurts when I do this…
• Well, don’t do that
– Memory leaks / abuse
– Lock thrash
– Infinite recursion
• Web proxy as way to share inside-portal
codebase across many outside-portal proxied
applications
Service windows
• Upgrading proxied applications without
restarting the portal – independent service
windows
Arbitrary backing web technology
• Spring, and Spring PortletMVC are excellent
• But you might want to use, or have existing expertise
in:
• PHP
• ASP
• Perl
• …
• Ruby (On Rails)
• ColdFusion
• Plain Old HTML
Exposing Portal Views
• Maybe you have a well-functioning Spring
WebMVC application
– Portal views as just additional elements in the
view layer
– Re-use existing DataSources, services, hosting,
development
– Just expose a few more URLs and associated
portal-appropriate views
Web Proxy channel
Traditional web proxy
• Proxied application produces XHTML
• WebProxy proxies it
• simple
Web Proxy of Tomcat’s Number Guessing
http://localhost:8080/jspexamples/num/numguess.jsp
Channel Markup
<form method="get"
action="tag.9ebcc3d6be8e1c38.render.userLayoutRo
otNode.target.n23.uP#n23">
What's your guess?
<input type="text" name="guess" />
<input type="submit" value="Submit" />
</form>
Web Proxy Channel Config
Pass-through type
• What renders will “pass through” the channel,
the little box on the screen?
– All
– Application – just those sharing URI prefix with the
initial XML URI
– Marked – just URLs with special attributes in their
HTML elements will be rendered inside the portal
– None
Publishing a new web proxy
Lots of options
Tidy?
• Brad Johnson’s suggestion of moving to more
accomodating “TagSoup” library
You can proxy markup other than HTML!
• This is just one selection of XSLTs you can
use
• Can use CWebProxy as a CGenericXSLT on
steroids
Passing uPortal user attributes
• Show up as request attributes to the remote
application
• Useful for passing username, identifiers
LocalConnectionContext
• Applies context to the request from portal to
backing application
• Can be based on Security Context
• E.g., CAS proxy ticket
LocalConnectionContext uses
• Authentication
– Proxy CAS
– BASIC authentication
• Modify URLs to take advantage of an proxy
server for performance
YaleInfo Recent Email
• Uses Proxy CAS * 2
• Links to message in IMP
• Not a full e-mail client in uPortal
HTTPS
Request
portal
XML
response
Recent
E-mail
Channel
servlet
IMAP
Protocol
IMAP
Server
YaleInfo Network Registration
Building applications to be proxied
Choose a link scheme
• All in channel?
• Application?
• Marked?
Take care in HTML production
• Performs better if CWebProxy doesn’t need
to tidy the output
Choose an authentication scheme
• Proxy CAS is compelling
HTTPS
Request
portal
XML
response
Recent
E-mail
Channel
servlet
IMAP
Protocol
IMAP
Server
Use uPortal CSS styles
• Or add new styles to your portal
• New in default theme/skin:
– channels.css , a designated place for you to add
your extra CSS styles
Securing Web Proxies
Blocking Proxying of Local Files
• Web proxy
– Convenient
– Simple
– Powerful
• But can be too much so
What if I’m clever yet mean
• And tell the web proxy channel to proxy a
file:// on the portal server?
• Or some other resource the portal can get to
that I’m not intended to get to?
Additional configuration
How this works
• Blocked URI prefixes – if blocked, X
• Allowed URI prefixes – if not allowed, X
• Control whether initial URL should be subject
to these rules
– Allows end-user-setting-ChannelStaticData CPDs
to be secured
– E.g., RSS reader via XSLT
University of Wisconsin-Madison
Web Proxy Portlet
Fortunately, Eric is right here
• And has designs for refactoring it
• So maybe he can say a few words on that
topic…
• http://my.wisc.edu/
Example: Lost and Found service
URLs adjust the web proxy configuration
• https://mydemo.doit.wisc.edu/portal/tag.ac784df01d3c8
0be.render.userLayoutRootNode.target.u21l1
n100.uP?uP_portlet_action=true&uP_window
_state=normal&edu.wisc.my.webproxy.URL=
http%3A%2F%2Fwww.doit.wisc.edu%2Fport
al%2Fdemo%2Flostandfound%2Fviewfound.
html#u21l1n100
Next steps for uPortal
Ship UW Web Proxy Portlet with uPortal
• It’s been out for review more than long
enough
• UW-Wisc has exercised it
• With Eric’s additional refactoring it will be
especially ready for wide use
Continue to ship CWebProxy
• Adopters have written applications designed
especially to work with it
• Marked URL features and all
• Begin exploring whether these can be
accomodated in Web Proxy Portlet
Converge on Web Proxy Portlet
• If/When Web Proxy Portlet takes hold like
CWebProxy
• And backwards compatibility or migration
path is in place
• Consider deprecating CWebProxy
– But no immediate plans for this
– CWebProxy remains a viable channel to use and
build against
Questions?
Andrew Petro
[email protected]