Thoughts and Tutorials about Continuous Integration, Application Integration, SOA, IT Architecture, WebSphere and Liferay

Sep 23, 2008

Replace a SSL Certificate

After i explained how to disable the auto generation of certificates in this post, i now want to explain how to replace an certificate manually.
1. In the administrative console go to Security > SSL certificates and key management > Manage endpoint security configurations
2. Select the node where you want to repleace the ssl certificate (under Inbound)
3. Click "Manage certificates"
4. Select the default certificate and click "Create a self-signed certificate"
5. Fill out the General properties values (compare with expired certificate)
6. Click "OK" and Save the changes
6. Go to Security > SSL certificates and key management > Manage endpoint security configurations > Select the node where you want to replease the ssl certificate (under Inbound) > Manage certificates
7. Select default and click "Replace"
8. You can now choose which certificate will replace the old certificate, normally its the newly created one. Do not select "Delete old certificate after replacement" and "Delete old signers".
9. Click "OK"
10. Select the old certificate and delete it (click "Delete")
11. Click "OK" and save the changes

Sep 15, 2008

Liferay and WebSphere SSO (simplistic)

Since Liferay is providing CAS (Central Authentication Service) support its possible to access Liferay through WebSphere SSO (LTPA tokens) login credentials.
So what to do?
I can not post all of our source code because of "some security" issues :-)
Steps:
1. Edit portel-ext.properties (or portal-impl.jar//portal.properties)
1.1 Add/Edit the CAS configuration lines
##
## CAS
##
cas.auth.enabled=true
#
cas.import.from.ldap=false
#
cas.login.url=/portal/cas-web/login
cas.logout.url=/portal/html/common/was_logout.jsp
cas.service.url=/portal/c/portal/login
cas.validate.url=/portal/cas-web/proxyValidate

The bold lines say Liferay where to login or logout

2. Create Java-Classes for decrypting the WebSphere LTPA-Token
Have a look at these examples
http://blog.offbytwo.com/2007/08/21/working-with-lightweight-third-party-authentication-ltpa/
http://offbytwo.googlecode.com/svn/trunk/bitsandpieces/LTPAUtils/

and copy them to WEB-INF/classes/<class path> (or pack them into a jar-file)

3. Add AutoLogin-Classes (Step 2) to portal-ext.properties
auto.login.hooks=<class to decrypt ltpa token>,com.liferay.portal.security.auth.CASAutoLogin,...

4. Add was_logout.jsp to specify the cas-logout-path (see step 1)
Content (example):
<div style="text-align: center; color: rgb(153, 153, 153);"><%@ page import="java.util.*" %>
<%@ page import="com.liferay.portal.util.*;" %>
<title></title>
<form method="post" action="ibm_security_logout" name="logout">
<input name="logout" value="Logout" type="submit">
<input name="logoutExitPage" value="/" type="hidden">
</form>
<%-- auto-submitted by javascript --%>
<script type="text/javascript"><!-- logout.submit(); // --></script>

</div>

5. Create new Sign in portlet or edit the delivered sign in portlet
Content of view.jsp (example):
<% if (!themeDisplay.isSignedIn()) { %>

<%-- /* <form action="<portlet:renderURL windowState=">"><portlet:param name="struts_action" value="/mnet_sso_login/sso_forward"></portlet:param>" method="post" name="<portlet:namespace>fm"> */ --%>
fm">

<table class="login-table">

<tbody><tr>
<td style="padding-bottom: 10px;">
<liferay-ui:message key="login">
</liferay-ui:message></td>
<td>
<input name="j_username" class="form_input" type="text">
</td>
</tr>
<tr>
<td style="padding-bottom: 10px;">
<liferay-ui:message key="password">
</liferay-ui:message></td>
<td>
<input name="j_password" class="form_input" type="password">

</td>
</tr>
<tr>
<td>
</td>
<td>
<input class="form_button" name="" type="submit">submit" value="<liferay-ui:message key="sign-in">">
</liferay-ui:message></td>
</tr>

</tbody></table>

</portlet:namespace>
<% } %>

6. Add Login-config to web.xml
...
<login-config>
<auth-method>FORM</auth-method>
<realm-name>PortalRealm</realm-name>
<form-login-config>
<form-login-page>/c/portal/j_login</form-login-page>
<form-error-page>/portal/web/guest/login/error</form-error-page>
</form-login-config>
</login-config>
...


Thats it

Workflow:
User logs in > LTPA-Token cookie is created by WebSphere >
Custom AutoLogin-Class is called > Custom AutoLogin-Class reads Cookies > Custom AutoLogin-Class decrypts LTAP-Token from Cookie > Custom AutoLogin-Class returns credentials array
Example:
credentials[0] = String.valueOf(user.getUserId());
credentials[1] = user.getPassword();
credentials[2] = boolean.TRUE.toString();
> Liferay accepts login

Sep 8, 2008

Change tablespace in oracle dumps

If you downloaded an oracle dump from Liferay's download site and want you want to import this dump into your Oracle-based Liferay DB you will receive several errors if your tablespace isnt "SYSTEM". To fix the tablespace just open the dump file (.dmp) with an text editor like Notepad++, UltraEdit or Wordpad. You will see some strange symbols. This is because no text editor can display the CLOB entries in the dump. Normal SQL-statements are visible.
So you just have to repleace the string "TABLESPACE "SYSTEM"" with "TABLESPACE "<your_tablespace>"".
The import now will complete without errors.

Sep 1, 2008

IFrame Web-Application for use with Liferay

In Liferay its possible to implement several portals in one installation/deployment using (open) communities. Unfortunatly the URLs of these (open) communities are something like

http://www.<Host>.com/<context of liferay deployment>/web/140012/start

To "hide" these URL you can use a iFrame-Web-Application which is running under a more suitable context (like: "/jobs").

Download an EAR-File of an example application here.

The EAR-File contains an index.jsp. In this file you have to edit the source-declaration in the iframe-tag (src).

The IBM WebSphere configuration items

The WebSphere nomenclature is sometimes i bit confusing.
In this post i will explain the mostly used terms.


Cell:
A Cell is a logical group of all nodes and there deployment manager.
Node:
A node is a group of profiles. Typically one node represents a physical server.
However its possible to install/run more than one node on a physical server (through profiles).
Node agent:
A Node agent is managing a node. The node agent is needed to access the applications.
JVM (App server):
A JVM (Java Virtual Machine) is a Java-Process containing the installed applications.
Deployment Manager (Dmgr):
A Deployment Manager manages the node agents. A Dmgr-Profile contains the configuration for the entire management domain (cell).
The Administrative console runs inside the Dmgr. If the dmgr is down the applications are still avaiable over the respective node agents.