Sun ONE logo      Previous      Contents      Index      Next     

Sun ONE Portal Server 6.1 Administrator's Guide

Chapter 4
Administering the Desktop Service

This chapter describes how to administer the Sun™ ONE Portal Server Desktop service.

This chapter contains these sections:

Overview of the Desktop

This section describes the Desktop component, its underlying structure, and how you administer it.

Desktop Glossary

Table 4-1 describes the pertinent Desktop terminology.

The first column of the table lists the term; the second column provides a definition of the term.

Table 4-1  Desktop Glossary

Term

Definition

Desktop

Provides the primary end user interface for Sun ONE Portal Server.

Provider

Adapts the interface of a generic resource for use use by the portal server. A JSP provider compiles and executes a JSP file to generate a markup. An XML provider translates an XML file to generate a markup The portal server can also query the provider for information to display a markup on a portal page.

Channel

Displays content in the Desktop, usually arranged in rows and columns. At runtime, a channel consists of a provider object, configuration, and any data files (JSP, HTML templates, and so on) required to support the channel.

Container or Container Channel

A channel that primarily generates its content by including or aggregating the content of other channels (referred to as child channels).

Desktop Architecture and Container Hierarchy

The Desktop is the primary end-user interface for Sun ONE Portal Server. It is implemented through a servlet and is supported by various APIs and utilities (for example, Sun™ ONE Identity Server APIs, resource bundles, properties files, back-end servers such as mail, and so on).

The Desktop provides a mechanism for extending and aggregating content through the Provider Application Programming Interface (PAPI). Content providers, or providers, enable container hierarchy and the basic building blocks for building some types of channels. Usually, channels are arranged in rows and columns, but they can also be displayed in some other arrangement, depending on the implementation of the container channels. The provider is the programmatic entity responsible for the generation of content, which is displayed in the channel. Generated content can consist of entire pages, frames, or channels; any markup.

As the amount of content on a portal increases, a containment method for referencing or referring to groups of content can facilitate the portal configuration, development, and end-user experience.The Sun ONE Portal Server provides a flexible, extensible set of container providers to aggregate content.

Figure 4-1 provides an example of the Desktop container hierarchy. In this figure, a Tab container is the top-level container. The Tab Container contains two Tab Channels, Tab 1 and Tab 2. Tab 2 is a Table Container and contains five channels.

Figure 4-1  Sample Desktop Container Hierarchy

This figure illustrates the container hierarchy of a sample Desktop. See the text preceding the figure for details on the containers.

Figure 4-1 illustrates the following containment types:

Desktop Providers

Sun ONE Portal Server uses two types of providers:

The Desktop uses a display profile for storing content provider and channel data. See Chapter 5, "Administering the Display Profile" for more information.

Desktop Service

The Desktop service uses Sun ONE Identity Server services to store application and user-specific attributes for each organization or suborganization. You then create a display profile policy and assign it to users. You also use the Sun ONE Identity Server administration console to modify Desktop attributes. See Appendix C, "Desktop Attributes" for more information.

Sample Desktops

Within the sample Desktops, Sun ONE Portal Server includes the following channels:

These channels are customized and configured for the sample portal. They may require the modification of the user interface before they are deployed.

Desktop Customization

When deploying Sun ONE Portal Server, one of your major tasks will be to develop, or customize your own portal. You will create create and extend providers, channels and container channels, deploy your own online help, come up with a look-and-feel, and so on. If desired, you can use the sample Desktops as a starting point in customizing your site’s portal. See the Sun ONE Portal Server 6.1 Desktop Customization Guide for more information on customizing your portal.

Overview of Hot Deployment of Channels

Sun ONE Portal Server enables you to deploy providers and channels on a live system without performing a restart, hence the “hot deployment.” You can do so without interrupting user sessions.

The three technologies that facilitate hot deployment are:

Overview of Provider Archives

The par utility enables you to package and transport channels and providers, and all associated files, in and out of the Sun ONE Portal Server system. The channel or provider is stored in the .par file format. Files included in the .par include:

Administering the Desktop Service

The Desktop merges all of the documents in a user’s display profile merger set and uses the result to configure the user’s desktop. A display profile merger set consists of all the display profile documents associated with a user. Display profiles are defined at different levels in the Sun ONE Identity Server organization tree. Display profile documents from the various levels of the tree are merged or combined to create the user’s display profile. For example, the user’s display profile document is merged with the role display profile documents (if any), the organization’s display profile document, and the global display profile document to form the user’s display profile.

The Desktop display profile and other configuration data are defined as service attributes of the Desktop service under the Sun ONE Identity Server service management framework. When an organization registers for the Desktop service from the Sun ONE Identity Server administration console, all users within the organization inherit the Desktop service attributes in their user profiles. These attributes are queried by the Desktop to determine how information will be aggregated and presented in the Desktop.

By default, the Policy Configuration service is automatically registered to the top-level organization. Suborganizations must register their policy services independently of their parent organization. Any policy service you create must be registered to all organizations.

The following describes the high-level steps that you perform to configure the Desktop service for users in an Sun ONE Identity Server organization:

  1. Registering the Policy service for an organization.
  2. Creating a referral policy for a peer or suborganization.
  3. Creating a normal policy for a peer or suborganization.
  4. Assigning a default redirect URL.
  5. Customizing Desktop service attributes.

    6. Note

    If you install the sample portal, the installer installs all the necessary display profile XML files for the sample. You can customize the profiles using the Sun ONE Identity Server console or the command-line interface. See Chapter 5, "Administering the Display Profile" for further information.

By default, the Policy Configuration service is automatically registered to the top-level organization. Suborganizations must register their policy services independently of their parent organization. Any policy service you create must be registered to all organization. The high-level steps to use policies are:

  1. Registering the Policy service for an organization. (This will be done automatically for the organization specified at installation.) Suborganizations do not inherit their parent’s services, so you need to register a suborganization’s Policy service. See To Register a Policy Service for a Suborganization for information.
  2. Creating a referral policy for a peer or suborganization. You can delegate an organization’s policy definitions and decisions to another organization. (Alternately, policy decisions for a resource are delegated to other policy products.) A referral policy controls this policy delegation for both policy creation and evaluation. It consists of a rule and the referral itself. If the policy service contains actions that do not require resources, referral policies cannot be created for suborganizations. See To Create a Referral Policy for a Suborganization for information.
  3. Creating a normal policy for a peer or suborganization. You create a normal policy to define access permissions. A normal policy can consist of multiple rules, subjects, and conditions. See To Create a Normal Policy for a Suborganization for information.

To Register a Policy Service for a Suborganization

Suborganizations do not inherit their parent’s services, so you need to register a suborganization’s Policy service.

  1. Log in to the Sun ONE Identity Server admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Choose the organization for which you would like to register the Desktop service.
  3. Choose Services from the View menu in the navigation pane.
  4. Click Register in the navigation pane.

    5. A list of available services displays in the data pane.

  5. Select the check box for Desktop under Portal Server Configuration and click Register.

    6. The Navigation pane is updated with the registered Desktop service under Portal Server Configuration.

  6. Choose Services from the View menu in the navigation pane.
  7. Click the properties arrow next to Desktop in the navigation pane.
  8. A question is displayed in a message box in the data pane to confirm if a service template should be created for the Desktop service. Click Create in the message box to create the template.
  9. After the page is submitted and the template created, the data pane displays a list of Desktop service attributes and their default values, if any. Modify the values as needed. When done, click Save to store the final values in the service template.

    10. The display profile of a newly created service template takes on the value entered in the Dynamic section of the Desktop service under Service Management. If those values were blank, the display profile in this new template is also blank.

    Note

    The default value for the Conflict Resolution Interval attribute is “Highest.” Setting up service templates at different levels (for example, organization and role) with the same priority for a registered service could lead to unexpected results.

To Create a Referral Policy for a Suborganization

You can delegate an organization’s policy definitions and decisions to another organization. A referral policy controls this policy delegation for both policy creation and evaluation. It consists of a rule and the referral itself. The referral must define the parent organization as the resource in the rule, and it must contain a SubOrgReferral with the name of the organization as the value in the referral.

  1. Log in to the Sun ONE Identity Server admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Select Identity Management from the navigation pane.
  3. Select Policies from the View menu.
  4. Click New to create new policy.

    5. The Create Policy page appears in the data pane.

  5. For Name, type SubOrgReferral_Desktop. Make sure you select Referral in Type of Policy. Then click Create.
  6. Select Desktop in Service and click Next
  7. Click Rules from the View menu in the data pane and click Add. Make sure Desktop is selected and click Next.

    8. The Add Rule template appears in the data pane.

  8. Enter DesktopRule in Rule Name and click Create.
  9. Click Referrals from the View menu in the data pane and click Add.

    10. The Add Referral template appears in the data pane.

  10. Enter SubOrgReferral_Desktop in Name.

    11. Make sure that the name of the suborganization is selected for Value in the data pane and click Create to complete the policy’s configuration.

  11. Click Save in the data pane.

    12. The message “The policy properties have been saved” is displayed when the data is saved.

To Create a Normal Policy for a Suborganization

You create a normal policy to define access permissions. A normal policy can consist of multiple rules, subjects, and conditions.

  1. Log in to the Sun ONE Identity Server admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Navigate to the organization or suborganization that you want to assign a policy.

    3. All created organizations are displayed in the navigation pane.

  3. Choose Policies from the View menu.

    4. The policies for that organization are displayed.

  4. Select New in the navigation pane. The New Policy page opens in the data pane.
  5. Enter SubOrgNormal_Desktop in Name. Make sure you select Normal in Type of Policy. Click Create
  6. Choose Rules from the View menu in the data pane and click Add. The Add Rule page opens in the data pane
  7. Select Desktop from the Service menu and click Next. Enter DesktopRule in Rule Name. Make sure Has Privilege to Execute NetMail is checked
  8. Select Desktop from the Service menu and click Next. Make sure Has Privilege to Execute NetMail is checked.
  9. Select the type of subject from the Type menu and click Next to complete subject configuration.
  10. Choose Subjects from the View menu in the data pane and click Add. The Add Subject page opens in the data pane.
  11. Click Create to complete the policy configuration.

    12. The message “The policy properties have been saved.” is displayed when the data is saved.

To Redirect Successful Login User to the Desktop URL

By default, users in an organization receive the Desktop service attributes and values after successfully logging in. These values are queried by the Desktop servlet to determine the Desktop contents of any users in the organization. To instruct Sun ONE Identity Server to invoke the Desktop servlet automatically after a user has successfully logged in, you can change the value of the Default Redirect URL to the Desktop URL.

To set the default redirect for a specific organization to the Desktop URL:

  1. Log in to the Sun ONE Identity Server admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Select the organization for which you want to set the Desktop URL.
  3. Choose Services from the View menu.
  4. Click the properties arrow next to Core in the navigation pane.
  5. In the data pane, search for an attribute named User’s Default Redirect URL.
  6. Set the value of the User’s Default Redirect URL to the URL for the Desktop servlet, for example, /portal/dt is the URL for the sample Desktop.
  7. Click Save.
  8. Verify the default redirect URL by logging in to the Desktop.

To Redirect Successful Login User to the Desktop URL (Global)

The values applied to the global attributes are applied across the Sun ONE Identity Server configuration and will be inherited by every newly created organization.

To set the Default Redirect URL to the Desktop URL globally:

  1. Log in to the Sun ONE Identity Server admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Choose Service Management in the location pane.
  3. Click the properties arrow next to Core in the navigation pane.
  4. In the data pane, search for an attribute named User’s Default Redirect URL.
  5. Set the value of the Default Redirect URL to the URL for the Desktop Servlet, for example, /portal/dt.
  6. Click Save.

To Modify the Values of Desktop Service Attributes

You can customize the Desktop service by modifying its service attributes.

  1. Log in to the Sun ONE Identity Server admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Select the organization for which you want to modify the Desktop attributes.
  3. Click the properties arrow next to Desktop in the navigation pane.

    4. A list of Desktop service attributes, including the display profile XML, is displayed in the data pane.

  4. Modify the service attribute values.

    5. See Appendix C, "Desktop Attributes" for information on the attributes.

  5. When done, click Save.

    6. The changes will affect only users in this particular suborganization or role.

To Modify the Values of Desktop Service Attributes (Global)

Occasionally, you need to modify the global Desktop service attribute values that affect all organizations that want to register for the Desktop service in the future.

The values applied to the global attributes are applied across the Sun ONE Identity Server configuration and are inherited by every configured organization.

  1. Log in to the Sun ONE Identity Server admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Choose Service Management in the location pane.
  3. Click the properties arrow next to Desktop in the navigation pane.

    4. A list of global Desktop service attributes, including the display profile XML, is displayed in the data pane.

  4. Modify the service attribute values.

    5. See Appendix C, "Desktop Attributes" for information on the attributes.

  5. When done, click Save.

    6. The changes affect all organizations that register the Desktop service in the future.

To Log On to the Sample Desktop

  1. Log out from the Sun ONE Identity Server administration console.
  2. Log on with a user account (not the amadmin user) using the following URL:

    3. http://server:port/portal/dt

    If you need to create a user account, see Chapter 2, "Administering Authentication, Users, and Services" for information.

To Examine the Desktop Logs

Desktop errors on the are logged to debug log files. By default, the location of these log files is as follows.

Examine these log files for errors. An example follows. This error indicates that an unauthenticated user attempted to execute the desktop.

06/20/2002 02:36:30:600 PM PDT: Thread[Thread-177,5,main]

ERROR: DesktopServlet.handleException()

com.sun.portal.desktop.DesktopException: DesktopServlet.doGetPost(): no privilige to execute desktop

at com.sun.portal.desktop.DesktopServlet.doGetPost(DesktopServlet.j ava:456)

at com.sun.portal.desktop.DesktopServlet.service(DesktopServlet.jav a:303)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sun.server.http.servlet.NSServletRunner.invokeServletService (NSServletRunner.java:897)

at com.sun.server.http.servlet.WebApplication.service(WebApplicatio n.java:1065)

at com.sun.server.http.servlet.NSServletRunner.ServiceWebApp(NSServ letRunner.java:959)

Administering par Files

The par utility enables you to transfer or move providers or channels from one Sun ONE Portal Server to another. The par utility creates a specialized packaging mechanism called a .par file for transport of channels and providers into and out of the server. A .par file is an extended form of the .jar file format, with added manifest information to carry the deployment information and an XML document intended for integration into the Sun ONE Portal Server display profile on the target server.

The par command line utility is used to create, modify, and deploy par files. The export subcommand allows you to create or modify a par file. The import subcommand allows you to import or deploy the provider or channel on an Sun ONE Portal Server. The describe subcommand describes the contents of a par file. See par for detailed information on the syntax of the par command.

To use the par utility, you must be logged in as superuser to the Sun ONE Portal Server on which the files you want to export or import are resident. When you export you need to be sure to export all the required files for the channel or provider. For example, with channels you must include the static content files and with providers you must include all the class files used by the provider. Because specifying all the data to be included in the par file on the command line can be cumbersome, a simple text file with lines indicating the data is created and this “export file” is called by the par utility. See Chapter 13, "Command-Line Utilities" for further information.

To Create a New par File

To create a new par file to export a channel or provider:

  1. Log in to the Sun ONE Portal Server from which to export the channel or provider.
  2. Change directories to the directory where the script is installed. That is:

    3. cd BaseDir/SUNWps/bin

  3. At the command line, enter the par export command and subcommand and include the following arguments: the name of the par file to create, a directory server name argument corresponding to the desired display profile document to export, and any number of (requires at least one) export files or from specifications. For example, to export the channel mychannel from o=sesta.com,o=isp to the mychannel.par file, enter

    4. ./par export mychannel.par "o=sesta.com,o=isp" from: channel mychannel

    See Chapter 13, "Command-Line Utilities" for syntax information.

To Modify an Existing par File

To modify an existing par file to export a channel or provider:

  1. Log in to the Sun ONE Portal Server from which to export the channel or provider.
  2. Change directories to the directory where the script is installed. That is:

    3. cd BaseDir/SUNWps/bin

  3. At the command line, par export command and subcommand with the modify option and include the following arguments: the name of the par file to modify, a directory server name argument corresponding to the desired display profile document to export, and any number of (requires at least one) export tiles or from specifications. For example, to modify the mychannel.par file to include the static content file /mycontent.html, enter

    4. ./par export --modify mychannel.par "dc=sesta,dc=com" “from= file /mycontent.html”

To Deploy par Files

To import a par file to an Sun ONE Portal Server to deploy a provider or channel on the system:

  1. Copy the par file for the provider or channel to import to the Sun ONE Portal Server on which to deploy the provider or channel.
  2. Log in to the Sun ONE Portal Server on which to import the channel or provider.
  3. Change directories to the directory where the script is installed. That is:

    4. cd BaseDir/SUNWps/bin

  4. At the command line, par import command and subcommand and include the following arguments: the name of the par file to import, a directory server name argument corresponding to the desired display profile document to export, For example, to import the mychannel.par file, enter

    5. ./par import --auto myfile.par "do=sesta,dc=com"



Previous      Contents      Index      Next     

Copyright 2003 Sun Microsystems, Inc. All rights reserved.