Configuring Security (Technical Note: Managing Sun Java System Portal Server 7.1 Update 1 Blog Portlet)

Technical Note: Managing Sun Java System Portal Server 7.1 Update 1 Blog Portlet

Configuring Security

This sections contains the following:

APP and AAPP Endpoints

Enabling the APP and AAPP endpoints in Roller should be carefully considered. Communication with these requires an unencrypted user name and password to be passed over the network (for HTTP basic authentication).

The AAPP endpoint allows removal or modification of any weblog or user account on the server. The APP endpoint allows removal or modification of any weblog entry or resource for which the authenticating user has access. If unencrypted credentials are a concern, consider running SSL on the Roller APP and AAPP endpoints.

Password Storage

APP and AAPP passwords are stored in Blog portlet's preferences. These passwords can either be stored in plain or DES 56-bit encrypted strings. If the portlet preference encryptedPasswords is set to true, then the portlet assumes that passwords are encrypted, otherwise it assumes plain passwords.

The default setting is plain passwords, encryptedPasswords=false. If encrypted passwords are enabled, the value for the APP user password is encrypted automatically as it is submitted by the user from the portlet's user interface. If passwords are entered directly, then they must be manually encrypted. Passwords can be entered directly by editing the portlet preferences in the Portal Server management console, or by editing the preferences in the community template role display profile.

To encrypt a plain password, use the supplied command line utility class: com.sun.portal.app.blog.password.Password. For example, to encrypt a password:

export CLASSPATH=WEB-INF/classes:WEB-INF/lib/commons-codec-1.3.jar
java com.sun.portal.app.blog.password.Password -c encrypt 
-k WEB-INF/classes/passwords.key -d '<plain password>'

Note –

If the path for the passwords.key file is set, navigate to the directory where the blog portlet is deployed (such as, /space/appserver/domains/domain1/applications/j2ee-modules/blogportlet if the application server is installed in /space), and then, run the java command.

The resulting string printed to standard out can be used as aappUserPassword and appUserPassword preference values.