Sun JavaTM System Portal Server supports Web Services for Remote Portlets (WSRP). This chapter presents guidelines and best practices for using WSRP. This chapter contains the following sections:
WSRP 1.0 is an OASIS standard that simplifies integration of remote applications and content into portals. The WSRP standard defines presentation-oriented, interactive web services with a common, well-defined interface and protocol for processing user interactions and for providing presentation fragments suited for mediation and aggregation by portals as well as conventions for publishing, finding and binding such services.
Because the WSRP interfaces are common and well-defined, all web services that implement the WSRP standard plug into all WSRP compliant portals – a single, service-independent adapter on the portal side is sufficient to integrate any WSRP service. As a result, WSRP is the means for content and application providers to provide their services to organizations running portals with no programming effort required.
See the WSRP 1.0 standard for more information:
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsrp
The implementation of the WSRP 1.0 standard in Portal Server includes both the WSRP consumer and the WSRP producer. The WSRP producer implementation supports publishing JSR 168 portlets for use by a remote WSRP consumer. The JSR 168 portlets are deployed locally on a portal server. These portlets can be published by an instance of the WSRP producer.
Another portal server, through its WSRP consumer, can subscribe to these remote portlets. While local portlets can be expected to provide a large part of the base functionality for portals, remote portlets allow the potential to bind to a variety of remote portlets without installation effort or code running locally on the consuming portal server.
This section discusses the following topics:
Create a producer if you want to offer locally deployed portlets remotely to other portals that act as WSRP consumers. A portal can host multiple producers. The consumer can import remote portlets offered by a producer. Based on the portlets that you want to provide to WSRP consumers, you may create one or more producers. A producer can support registration or it does not require registration. If a producer supports registration, then consumers must register to work with the producer.
Registration is used to build a technical or business relationship between the consumer and the producer. While creating a producer, you can define any one of the following registration mechanisms: in-band registration or out-of-band registration:
If the producer requires registration and enabled in-band registration: the consumer can provide the details through WSRP interface and register with the producer. Consumer is also provided an option to register through out-of-band communication. That is, consumer can provide the registration handle obtained through out-of-band communication.
If the producer requires registration and enabled out-of-band registration: the consumer should obtain the registration handle through out-of-band communication and provide the registration handle during registration. Out-of-band registration happens with manual intervention such as phone calls, email, and so on. For a producer that supports out-of-band registration, the producer gets the details about the consumer through out-of-band communication, and it creates a registration handle for the consumer. The registration handle is communicated to the consumer through out-of-band communication.
Select the Portals tab.
Select a portal server from Portals.
Click the WSRP tab.
From the Select DN drop-down menu select any DN, and click the Producer tab.
The WSRP Producers table displays all producers that are created.
Organizations are created in Sun Java System Identity Server. Select the DN of an organization or suborganization based on the availability of portlets.
Click New to create a new producer.
Type the name to identify the producer.
Select Required for Registration.
Select Supported for Inband Registration
To add a registration property, click Add Row. Enter the values. Enter the name of the registration property and description.
Registration properties are the details that you want to get from the consumer while the consumer registers to a specific producer. The registration properties entered by the consumer can be validated through the Registration Validation class.
Select Supported for out-of-band Registration if you wish the consumer to provide the details through out-of-band communication, such as phone calls, email, and so on.
Click Next.
The Review screen displays the details that you entered. Review details. You can click Previous and change the details you entered.
Click Finish.
For a producer that does not require registration, consumer is not required to enter any information or get any information through out-of-band communication. In this case, the consumer can not customize (or edit) the portlets offered by the producer. The producer that does not support registration provides Read-Only portals to the consumers.
Select the Portals tab.
Select a portal server from Portals.
Click the WSRP tab.
Select DN.
The Configured Producers table displays all producers that are already configured.
Click New.
Type the name of the producer.
Select Registration not required.
Click Finish.
A producer can be disabled. But, all the consumers registered with the disabled producer will not be able to access the portlets offered by the producer.
In the Producer tab, click the producer name link.
The Edit Properties screen appears. The screen displays WSDL (Web Services Definition Language) URL. WSDL URL is a unique URL for a specific producer through which the consumer accesses the producer.
Add one or more published portlets to the producer.
The producer must have at least one published portlet to enable it. The screen displays all published portlets associated with the portal in which the producer is created.
Select a portlet, and click Add.
Edit the Registration Validation Class field if required.
Registration Validator is used to validate the registration properties that are entered by the consumer. You can also customize this class based on the needs.
Click Save. Now, the Enable check box displayed in the screen can be edited. Select Enable and click Save.
You can also edit other properties of the producer.
You can customize the RegistrationValidator class. Using this class, you can process the registration properties. For example, verifying the zip code of the customer. RegistrationValidator is the SPI for registration validation in the WSRP producer. For more information on customizing the validation class, see http://portal/portal/javadocs/. You can also refer to WSRP: Validating Registration Data in Sun Java System Portal Server 7.2 Developer’s Guide.
For a producer that supports registration, a registration handle needs to be generated for a specific consumer. After generating the registration handle, it needs to be communicated to the consumer to register with the producer through out-of-band communication. Consumer needs to enter the registration handle, while registering with the producer.
Click the Consumer Registration tab.
The screen displays all consumers that are already registered to the specific producer.
Click New.
Type details, such as name, status, consumer agent, and method.
A unique name to identify the consumer.
Can be Enabled or Disabled.
Specifies the name and version of the consumer's vendor. Consumer Agent Name should be ProductName.MajorVersion.MinorVersion, where ProductName identifies the product the consumer installed for its deployment, and majorVersion and minorVersion are vendor-defined indications of the version of its product. This string can then contain any additional characters/words the product or consumer wishes to supply.
Specifies whether the Consumer has implemented portlet URLs in a manner that supports HTML markup containing forms with method, get.
Click Next.
The screen displays the registration property values that are specified while creating the producer.
Enter the values, and click Next. Click Finish.
This section explains the activities need to be performed at the consumer side.
The following topics are discussed:
To communicate with the portlets offered by the producer, a consumer needs to add a configured producer. If a producer requires registration, add a configured producer using the following methods:
By entering the registration property values (in-band registration)
By entering the registration handle (out-of-band registration)
If the producer does not require registration, the consumer is not required to enter any details while adding a configured producer.
Select the Portals tab.
Select a portal server from Portals.
Click the WSRP tab.
Select any DN and click New.
Type the configured producer name. Select the identity propagation mechanism. By default, None is selected.
Identity propagation mechanism allows the users of the consumer portal to present their credentials to the producer portal. It is a mechanism by which users can federate their identity from consumer portal to the producer portal.
Type the WSDL URL, and click Next.
If the producer requires registration, you can register the producer in two methods: by entering the registration property values (in-band registration) or entering the registration handle (out-of-band registration). Click Next.
If you selected the first method in step 7, enter the registration properties and click Next. If you selected the second method, enter the registration handle obtained through out-of-band communication, and click Next.
Review the details and click Finish.
psadmin create-configured-producer
Identity propagation is a mechanism by which the WSRP consumer supplies the identity of the user to the WSRP producer web service. It is a federation mechanism where the user federates its identity between the consumer and producer. After a successful federation, the consumer portal propagates the user identity to the producer portal. The WSRP producer, after receiving the user credentials from the consumer, validates the credentials and allows or denies access to the resource in the specified user context.
The user has two identities for each portal. That is, one for producer portal and the other for consumer portal. The user federates these identities using the identity propagation mechanism provided. This provides a single-sign on mechanism for the consumer and the producer portal. When the user logs into the portal through the consumer portal, the user gets the content that the user gets when logs directly into the producer portal. The changes that the user makes using the federated identity would be available when the user logs into the producer portal.
Sun Java System WSRP producer supports the following identity propagations:
SSO Token: Select if both the producer portal and the consumer portal are connected to the same Access Manager instance. Typically recommended in configurations where both the producer portal and consumer portal are deployed within the same organization.
WSS User Name Token Profile (username only): Uses the WSS specification where the user name is propagated as WS Security headers from the consumer portal to the producer portal.
WSS User Name Token Profile (with password digest): WS Security headers send the user ID that is targeted at the producer with the password in the Digest form.
WSS User Name Token Profile (with password text): WS Security headers send the user's user ID that is targeted at the producer with the password in the Text form.
In the above list, the last three options implement the OASIS WSS Username token profile specification. This specification describes how to use the Username Token with the Web Services. WSS specification describes how a web service consumer can supply a Username Token by identifying the requestor by username, and optionally using a password to authenticate that identity to the web service producer.
Many portal vendors support and implement the OASIS WSS Username token profile specification. Use one of the three options when interoperability is required.
There are two levels of identity propagation mechanism in Portal Server. First, the administrator of the consumer portal discovers that the producer portal supports one of the above specified identity propagation mechanisms. The administrator may allow the users to send their identity. Portal Server consumer supports all the above mentioned Identity Propagation Mechanisms.
After the consumer is created, the administrator has to create remote channels based on the identity propagation mechanism supported by the consumer. After the channels are available on the user Desktop, they are ready to accept identity propagation.
The identity propagation mechanism is set at the producer automatically. checks for authentication from Sun SSO, then OASIS user name token profile, and then the No Identity Propagation mode.
Only new users can use the Digest Password facility after running the configuration command to store the LDAP passwords in plain text
Creation of a consumer should involve selecting the WSSO Username Token Profile (with Digest Password) option for User Identity Propagation Mechanism.
The Web Services SSO Portlet must be edited to select the appropriate Web service URL (producer) and provide the new username and password.
Do the following to configure Sun Java System WSRP Producer to accept Digest Passwords.
Run the command /opt/SUNWdsee/ds6/bin/dscfg set-server-prop pwd-storage-scheme:CLEAR to change the password storage scheme of the Directory Server so that plain text passwords are stored.
It is assumed that the default installed location of the Directory Server is /opt/SUNWdsee.
Create a new user in the AM console, to ensure that the Username Token Profile with Password Digest can be used.
When using the WSS User Name Token Profile (with PasswordDigest), communication between the producer portal and consumer portal should be secure because the password is sent in plain text between the consumer and the producer.
Two different consumers that point to the same producer URL should use the same identity propagation mechanism types.
You can create user token profiles to authenticate user credentials if the user uses identity propagation mechanism. You can define the user name and password for specific Web service that the producer offers.
Log in to Portal Server Desktop.
In the WebServices SSO Portlet, click the Edit button.
In the Create NewToken Profile section, select the WebService URL for which you want to create a user token profile.
Type the user name and password. Click Add.
You can also edit or remove an existing user token profile.
After the consumer configures the producer, use the Update Service Description option to update any changes made to the producer later. For example, addition of new portlets or changes to the registration properties after the registration.
Select the Portals tab.
Select a portal server from Portals.
Click the WSRP tab.
Select DN (Distinguished Name).
Click the configured producer link.
In the Edit Configured Producer screen, click Update Service Description.
psadmin update-configured-producer-service-description
WSRP supports the concept of user categories, which are included in the service description of the producer. Mapping user categories to the roles allows the user to map the roles that are defined in the consumer portal to the roles that are defined in the portlet. Sun Java System Portal Server maps Java System Access Manager's roles to the portlet's roles. These roles can be mapped to the corresponding WSRP user categories.
You can perform the following tasks:
Roles can be defined in the portlet while deploying the portlet.
The roles defined in the portlet must exist in the Access Manger of the producer.
The following task creates a role in amconsole in Sun Java System Access Manager and Portlets.
Log in to the Access Manager console.
Create a role and add a user to it.
In webxml of the portlet application, add the following code:
<security-role>
<role-name>PS_TEST_DEVELOPER_ROLE<role-name>
</security-role>
Add the following lines in portlet.xml of the portal.
<security-role-ref>
<role-name>PS_TEST_DEVELOPER_ROLE<role-name>
<role-link>PS_TEST_DEVELOPER_ROLE<role-link>
</security-role-ref>
Create the portlet application war file.
Create a roles file with the following entry.
cn\=AM_TEST_DEVELOPER_ROLE,o\=DeveloperSample,dc\=india,dc\=sun,dc\=com=PS_TEST_DEVELOPER_ROLE
Deploy the portlet using the following command.
/opt/SUNWportal/bin/psadmin deploy-portlet -u amadmin -f ps_password -d "o=DeveloperSample,dc=india,dc=sun,dc=com"-p portal1 -i stockprice-8080 --rolesfile rolesfile TestPortlet.war
Do the following to map user categories to role:
In the Consumer tab, click the producer name link.
The Edit Configured Producer screen displays the following: User Category: The roles in the producer portlet. Local Roles: The roles that are defined at the consumer's Sun Java System Access Manager.
In the User Categories to Role Mapping section, map user categories to the roles defined at the consumer, and click OK.
The Sun Java System Portal Server implementation of WSRP Consumer maps common user attributes stored in the user entry on the Sun Java System Directory Server to the standard set of user attributes that the WSRP specification mandates.
If a consumer portlet uses any of the attributes that are not specified in the LDAP schema, create a custom object class to store these attributes and add this object class to the user entry. After attributes are created, map the LDAP attribute to the corresponding WSRP attribute using Sun Java System Access Manager management console.
Proxies need to be configured for consumer and for web container XML files.
You can perform the following tasks:
Run ./cacaoadm get-param java-flags.
Copy the values and paste it to ./cacaoadm set-param java-flags.
Now add the following to the command: -Dhttp.proxyHost=webcache.canada.sun.com -Dhttp.proxyPort=8080 -Dhttp.proxyUser=Proxyuser -Dhttp.proxyPassword=Password
Press Enter.
Restart the common agent container server.
Edit the following file:
vi /var/opt/SUNWappserver/domains/domain1/config/domain.xml
Set the following JVM options:
Dhttp.proxyHost
Dhttp.proxyPort
Dhttp.proxyUser
Dhttp.proxyPassword
This section describes how to administer the Sun Java System Portal Server Web Services for Remote Portlets (WSRP) service. The tasks to administer a WSRP producer are:
A WSRP producer is created with the following:
Name of the producer instance (must be unique for the entire portal server)
Whether registration is required. When registration is required, all WSRP consumers must register with this producer instance before making requests. Requests from unregistered WSRP consumers will be denied.
Whether in-band registration is supported. In-band registration allows WSRP consumers to register programmatically. Otherwise, out-of-band registration is required with manual contact (such as email or telephone) between the WSRP consumer administrator and the WSRP producer administrator to set up and exchange access to a registration handle.
Select the Portals tab.
Select a portal server from Portals.
Click WSRP, then Producers from the submenu.
From Select DN drop-down menu choose any DN.
From WSRP Producers click New to launch the wizard
Follow the instructions to create the specified producer.
For more information about the attributes, see Sun Java System Portal Server 7.2 Technical Reference
You can edit the WSRP Producer as follows:
Add or remove portlets from the published list
Change the requirement on registration
This option should be modified for an existing producer.
Enable or disable in-band registration
Specify the Registration Validator Class. The registration validator class is used by the WSRP Producer to validate that the values sent by the WSRP consumer are acceptable.
Add new registration properties. Any change in properties will apply to subsequent consumers registering with the producer.
Select the Portals tab.
Select a portal server from Portals.
Click WSRP, then Producers from the submenu.
From Select DN drop-down menu choose any DN.
Select a WSRP producer and modify the configuration attributes as necessary
For more information about the attributes, see Sun Java System Portal Server 7.2 Technical Reference
Click Save to record the changes.
Each consumer registration represents a remote WSRP consumer that has established a relationship with the WSRP producer. A WSRP producer that supports allows multiple WSRP consumers to register with it. The registration mechanism allows a WSRP consumer to describe its capabilities to a WSRP producer.
A WSRP consumer is added out of band (such as by email or telephone). The information entered when adding a consumer registration must match the capabilities of the WSRP consumer that is given the registration handle. Consumer registrations allow a WSRP producer to scope artifacts (such as portlet preferences) that a WSRP consumer creates on the WSRP producer.
Select the Portals tab.
Select a portal server from Portals.
Click WSRP, then Producers from the submenu.
From Select DN drop-down menu choose any DN.
Select a WSRP producer, then Consumer Registrations.
Click New to launch the wizard.
Follow the instructions to create the specified consumer registration.
For more information about the attributes, see Sun Java System Portal Server 7.2 Technical Reference
psadmin create-consumer-registration
You can edit existing consumer registrations manually. Note that this could also be done via in-band registration from the WSRP Consumer end. Ensure that both out of band and in band registration are not used simultaneously.
Select the Portals tab.
Select a portal server from Portals.
Click WSRP, then Producers from the submenu.
From Select DN drop-down menu choose any DN.
Select producers, then select a WSRP producer, then Consumer Registrations.
Select a consumer registration and modify the configuration attributes as necessary.
For more information about the attributes, see Sun Java System Portal Server 7.1 Technical Reference
Click Save to record the changes.
This section describes the tasks to administer the WSRP Consumer:
Select the Portals tab.
Select a portal server from Portals.
Click WSRP, then Producers from the submenu.
From Select DN drop-down menu choose any DN.
Under Configured Producer click New to launch the wizard.
Follow the instructions to create the specified configured producer.
For more information about the attributes, see Sun Java System Portal Server 7.1 Technical Reference
psadmin create-configured-producer
Select the Portals tab.
Select a portal server from Portals.
Click WSRP, then Consumer from the submenu.
From Select DN drop-down menu choose any DN.
Select a configured producer and modify the configuration attributes as necessary.
Use the Update Service Description option to update any changes made to the producer. See Updating Service Description.
For more information about the attributes, see Sun Java System Portal Server 7.1 Technical Reference
Click Save to record the changes.
The WSRP consumer sends the consumer name to producers during registration. The value specified for the consumer name is used as the default unless a value is specified for consumer name at the organization or suborganization level.
Select the Portals tab.
Select a portal server from Portals.
Click WSRP, then Consumer from the submenu.
From Select DN drop-down menu choose any DN.
Under WSRP Consumer, click Edit.
Specify the consumer name.
Click OK.
If you cannot access WSRP channels, check whether the Derby is up and running. If Derby is not running, restart it. If you cannot access WSRP channels even after restarting the Derby, follow the below procedure to access WSRP channels.
Login to the Application Server Administration Console.
Click Resources in the left pane.
Navigate to JDBC and click Connection Pools.
Click WSRPDataSourcePool.
The Edit Connection Pool page appears on the right pane.
Enable Connection validation by selecting Required, and click Save.
Refresh the Portal desktop to view WSRP channels.