jboss

Packt Publishing recently published a book on JBoss Portal; the book, titled JBoss Portal Server Development, is written by Ramanujam Rao - a JavaEE architect who currently works for Nationwide. Packt sent me a copy and asked that I write a review of the book, which I plan on doing in the next few weeks.

Until then, Packt has made available a sample chapter of the book - JBoss Portal Server Development, Chapter 6: Portals and AJAX (download the sample chapter at: http://www.packtpub.com/files/jboss-portal-server-development-sample-cha...).

In the sample chapter, Rao discusses the basics of AJAX in the Portal environment, describing the enhancements for asynchronous communication JSR286 brings to the table. He also provides some basic code examples implementing a portlet with AJAX functionality, in addition to describing JBoss Portal’s out of the box AJAX support (drag and drop, partial page refreshing, etc.).

I’m excited about the book, because I think it’s one of the first on JBoss Portal, which speaks to the products coming maturity and will give it some clout to compete with the other portal vendors. I’m sure the folks at JBoss Mass would agree.

At first glance, the book appears to be a solid companion to the jboss.org documentation, adding an additional level of architectural guidance; it’s a great addition to the bookshelf if you’ll be working with JBoss Portal.

I’ve always been an open source fan and for the past 2 or 3 years I’ve been working with JBoss products - lately JBoss Portal. So, I decided I want to become more active in the JBoss Portal forums on JBoss.com - unfortunately, though, their forums aren’t RSS-enabled and I’m a big RSS user.

So, I decided to use one of my favorite, free web-tools - Yahoo Pipes - to build an RSS feed for the JBoss.com forums.

In short, the pipe does the following:

1. uses a URL Builder object to “scrape” the jboss.com forum site
2. passes in a parameter of the forum ID to read (ie: 215 for the Portal User’s forum, 205 for the Portal design forum)
3. uses regular expressions to slice and dice the fetched page into an aggregated RSS feed

Because the forum ID is a parameter, you can add any JBoss.com forum to your RSS client of choice. The feed results aren’t perfect (eg: doesn’t get the original post date right), but it does the trick for my needs.

So check out the JBoss.com Forum Feeds Pipe at: http://pipes.yahoo.com/pembertonandy/jbossforums

Feel free to clone the pipe and use it to your liking; the same technique can be used on any publicly available site. Let me know if you like it!

Before the Portlet 2 specification (JSR286), the recommended method for adding AJAX functionality to a JSR168 portlet was to deploy an additional servlet to the portal server (either inside the same WAR as your portlet(s) or in a stand-alone WAR) to handle asynchronous requests. Requests to these servlets are then handled by the servlet container as opposed to being routed through the portlet container, so they don’t automatically inherit the security context from the portal, as your portlets would.

The goal of this article is to describe how to enable security in your AJAX servlets in JBoss Portal 2.6.

JBoss Portal 2.7 supports JSR286, which has features built into portlets for serving AJAX requests. So while this technique may be less useful in that environment, nothing precludes the use of AJAX servlets in the 286 environment, so this technique may still come in handy.

Securing AJAX servlets in JBoss Portal 2.6 involves four high-level steps.

Step 1: Add the Portal’s Security Application Policy to the Servlet Container

Step 1 is mostly a copy/paste effort. The key point here is that you’re configuring the servlet container to use the same JAAS settings that you’ve configured the Portal to use. You’ll want to look at the Portal’s JAAS settings in: $PS_HOME/server/default/deploy/jboss-portal.sar/conf/login-config.xml

There should be a block that looks something like: - you’ll want to copy this block into the login-config used by the servlet container at: $PS_HOME/server/default/conf/login-config.xml

<application-policy name="portal">
	<authentication>
		<login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="required">
			<module-option name="unauthenticatedIdentity">guest</module-option>
			<module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
			<module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
			<module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
			<module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
			<module-option name="additionalRole">Authenticated</module-option>
			<module-option name="password-stacking">useFirstPass</module-option>
		</login-module>
	</authentication>
</application-policy>

Step 2: Secure your AJAX Servlet Web Application

This step is standard for securing web applications; just add the appropriate security settings to the web.xml deployed with your AJAX servlet WAR.

For example, these settings may look like:

<security-constraint>
	<web-resource-collection>
		<web-resource-name>Security</web-resource-name>
		<url-pattern>/*</url-pattern>
	</web-resource-collection>
	<auth-constraint>
		<role-name>Authenticated</role-name>
	</auth-constraint>
</security-constraint>
<login-config>
	<auth-method>BASIC</auth-method>
	<realm-name>JBoss Portal</realm-name>
</login-config>
<security-role>
	<role-name>Authenticated</role-name>
</security-role>

Step 3: Configure your Servlet Web App to use the Portal Security Policy

At this point, we need to tell the servlet web app which JAAS security-domain to use, ie: the one we added in step 1. To do this, JBoss has a proprietary extension to the servlet spec that uses a file: jboss-web.xml in the same location as your web.xml. Add in the following:

<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 4.2//EN"
    "http://www.jboss.org/j2ee/dtd/jboss-web_4_2.dtd">
<jboss-web>
	<security-domain>java:jaas/portal</security-domain>
</jboss-web>

At this point, your servlet web application should be secured and using the same security-domain as the Portal. There’s only one small problem: when you first log in you’ll notice (if you used BASIC as your auth-method as in my example), you’ll get prompted to login from your AJAX calls in addition to logging in to the portal. This is because the Portal and your AJAX servlet application are separate web applications deployed to the application server, and do not inherently trust eachother’s authenticated sessions.

Step 4: Enable Single Sign On between the Portal and your Servlet Web App

Luckily, JBoss uses Tomcat under the covers as the servlet container, and Tomcat has a nice, out-of-the-box feature for enabling single-sign-on (SSO) between web apps. To do so, you simply need to enable the SSO valve in Tomcat’s server configuration at: $PS_HOME/server/default/deploy/jboss-web.deployer/server.xml

See the Portal reference guide for more information on enabling SSO in Tomcat.

Conclusion

So that does it. Your AJAX servlets are now secured using the same security-domain as your Portal install and are configured for SSO.

Hopefully you found this technique helpful; if you have any comments, questions, or improvements please comment.

The goal of this article is to show you how to use pack:tag to optimize the performance of your JBoss Portal theme. I’ve used this approach on a production JBoss Portal 2.6 implementation and tested the approach out in version 2.7.

JBoss Portal has a feature-rich theme framework where CSS and javascript resources are included in the Portal; building a custom theme is easy. Pack:tag is an open source project that optimizes performance for java-based web apps; it provides a JSP tag library that automatically minifies, compresses, and combines CSS and javascript resources.

As more rich features and dynamic components reach your portal, larger AJAX frameworks and CSS libraries are required to support them. Large downloads will not only make your Portal load slower, but will also take longer to execute when using the Portal. Also, Portals are no longer accessed solely inside the firewall, many companies use them to power external facing sites - so few assumptions should be made about client bandwidth. Compressing your Portal theme with pack:tag will lead to faster downloads and page response time.

Building a custom Portal theme is covered in depth elsewhere, so we won’t get into that here. Instead, let’s look at the steps necessary to get your theme working with pack:tag:

Install pack:tag

• Place the packtag-X.X.jar in the WEB-INF lib of your theme. To use pack:tag with one of the out of the box themes, place the packtag JAR at: [PS_HOME]/server/default/deploy/jboss-portal.sar/portal-core.war/WEB-INF/lib
• You’ll also want to place the packtag.properties file in WEB-INF

Pack Your Theme

• By default, you should have theme resources defined in a *-themes.xml file - because pack:tag uses a tag library, we have to move these resources from the XML file and put them into your layout JSP page.
• Add the pack:tag tld reference to your layout JSP:
  

  
  <%@ taglib prefix="pack" uri="http://packtag.sf.net" %> 
  

• Wrap the resource references in the pack:tag; for our custom theme this looks something like:
  

  
  <pack:style>
  	<src>/styles/extjs/css/ext-all.css</src>
  	<src>/styles/extjs/css/xtheme-gray.css</src>
  	<src>/styles/app.css</src>
  </pack:style>
  

  
  <pack:script>
  	<src>/scripts/jquery/jquery.js</src>
  	<src>/scripts/extjs/adapter/jquery/ext-jquery-adapter.js</src>
  	<src>/scripts/extjs/ext-all-debug.js</src>
  </pack:script>
  

Limitations and Gotchas

• In JBoss Portal themes, layouts and themes are loosely coupled: layouts are used to generate markup, while themes include CSS and javascript references to style the layout. If you’ve written a JBoss Portal theme before, you’re probably thinking that we just tightly coupled the layout and theme.
• Well, this is true - but, it turns out that the mechanism that provides the loose coupling has some problems out of the box. For one thing, Portal reorders your script and CSS references in the worst possible way (placing all the links after the scripts). This violates Yahoo’s best practices for website performance.
• So, we can work around the tight coupling we’ve added by creating an additional JSP include file that will store the css/js references for your custom theme(s). You can then dynamically reference the active theme to load the appropriate theme files. The following snippet will do the trick for JBoss Portal 2.6.X:
  

  
  <jsp:include page="includes/theme-${requestScope['RENDERCONTEXT'].themeContext.theme.themeInfo.name}.jsp" />
  

• Additionally, introducing pack:tag can also cause unexpected issues with your theme. Because pack:tag combines all your resource requests into a single request (see the first Yahoo performance rule), image references in CSS files can break. So if you get 404s on resource requests after enabling pack:tag, you’ll know what to debug.

Example

Check out the following Firebug screen shots depicting the actual file size savings in our custom theme:

Custom Theme CSS Before pack:tag

Custom Theme CSS After pack:tag

Custom Theme JS Before pack:tag

Custom Theme JS After pack:tag

Results

That’s right! Adding pack:tag resulted in:

• Total CSS file size downloaded went from 141KB to 21KB - ~15% the original size
• 6 HTTP requests for CSS reduced to 2
• Total javascript file size downloaded went from 2MB to 188KB - ~10% the original size
• 21 HTTP requests for javascript reduced to 1

References and Tools

• http://sourceforge.net/projects/packtag
• http://developer.yahoo.com/performance/rules.html
• http://developer.yahoo.com/yslow/
• http://getfirebug.com/