Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 67 Next »

[10:01:53 CDT(-0500)] <EricDalquist> no more xalan, xerces, xml-apis, and xml-resolver!
[10:01:55 CDT(-0500)] <EricDalquist> yay
[10:04:50 CDT(-0500)] <b-rock> Greetings uPortal devs: during authentication for the portal, this line of code is called in the Authentication file person.getSecurityContext().getAdditionalDescriptor(); it returns a IPerson, a Map or some ChainingSecurityContext.ChainingAdditionalDescriptor
[10:05:57 CDT(-0500)] <b-rock> for me it returns ChainingSecurityContext.ChainingAdditionalDescriptor and the resulting login page has "Unrecognized User xyz"
[10:06:34 CDT(-0500)] <EricDalquist> what is the end-problem you're trying to solve?
[10:06:36 CDT(-0500)] <b-rock> Is the security context for the person configured in the person directory settings?
[10:07:10 CDT(-0500)] <b-rock> I"m trying to get the full aurthorization happening which I don't think is happpening
[10:07:44 CDT(-0500)] <athena> it sounds like you're saying the user is successfully logged in, but the portal's welcome message has "unrecognized user" instead of the name? is that accurate?
[10:07:46 CDT(-0500)] <b-rock> I can see all of the attributes for the user in the Person Attributes portlet
[10:07:59 CDT(-0500)] <b-rock> thats correct athena
[10:08:29 CDT(-0500)] <athena> that behavior typically means that authorization worked just fine, but the user's name wasn't found during the person directory steps
[10:08:32 CDT(-0500)] <b-rock> I see that is sets unrecognized user in the Authenticate.java file if the additional descriptor is a IPerson
[10:08:40 CDT(-0500)] <athena> "unrecognized user" is the default
[10:08:49 CDT(-0500)] <athena> i don't think this has any relationship to the security code
[10:09:27 CDT(-0500)] <b-rock> it sets the name as "Unrecognized person: name" in the Authenticate bean
[10:09:35 CDT(-0500)] <athena> what are you using to grab person attributes?
[10:10:14 CDT(-0500)] <b-rock> I'm using requestAttributeSourceFilter
[10:10:38 CDT(-0500)] <b-rock> that part seems to work because I do see the attributes populated in the Person Attribute portlet after logging in.
[10:11:08 CDT(-0500)] <athena> the full name in particular?
[10:11:35 CDT(-0500)] <b-rock> right. and the person security context is not returning the correct object type I think.
[10:12:18 CDT(-0500)] <athena> i've never looked at the code for the request attribute source
[10:12:23 CDT(-0500)] <b-rock> the full name appears to get set properly only if the security context additional descriptor is a person.
[10:13:15 CDT(-0500)] <athena> what's the descriptor in this case?
[10:13:41 CDT(-0500)] <b-rock> that bean has an additional descriptor attribute which is set in the personDIrectoryContext as another bean of type org.jasig.services.persondir.support.MediatingAdditionalDescriptors
[10:14:09 CDT(-0500)] <athena> interesting
[10:14:13 CDT(-0500)] <athena> EricDalquist: have you run into that at all?
[10:14:20 CDT(-0500)] <b-rock> but in the authenticate method, the type being returned is ChainingAdditionalDescriptor
[10:14:28 CDT(-0500)] <EricDalquist> sorry had to step away for a minute
[10:15:07 CDT(-0500)] <EricDalquist> the "displayName" user attribute is what is displayed
[10:15:08 CDT(-0500)] <b-rock> I copied in the working configuration from our 3.1.1 build into the 3.2.2 person directory, but we get the wrong result.
[10:15:29 CDT(-0500)] <EricDalquist> if person directory is not returning an attribute named "displayName" for the user you will get the "Unrecognized User" message
[10:15:45 CDT(-0500)] <EricDalquist> it isn't a code issue at all, just person directory configuration
[10:15:47 CDT(-0500)] <b-rock> it displays my name but it is pre-empted with "unrecognized User"
[10:16:13 CDT(-0500)] <b-rock> I'm sure it is a persondirectoryconfiguration issue but am looking for clues.
[10:16:32 CDT(-0500)] <EricDalquist> does it display your username or your actual display name
[10:17:11 CDT(-0500)] <EricDalquist> if I log in as "dalquist" but have no displayName attribute it would say "Unrecognized User: dalquist"
[10:17:11 CDT(-0500)] <b-rock> it displays my username and not my display name.
[10:17:15 CDT(-0500)] <EricDalquist> right
[10:17:27 CDT(-0500)] <EricDalquist> so the displayName attribute is not being set correctly in person directorr
[10:24:22 CDT(-0500)] <b-rock> I can see that the displayName is set in the person attributes portlet. here is my current person directory context.xml http://uportal.pastebin.com/2Vf9NGe0
[10:25:24 CDT(-0500)] <b-rock> this is the version without the org.jasig.services.persondir.support.MediatingAdditionalDescriptors as the additional descriptors attribute.
[10:26:12 CDT(-0500)] <b-rock> it seems like for either setting, the additional descriptors returned by the persons security context is not the right type.
[10:28:09 CDT(-0500)] <EricDalquist> the person security "additional descriptors" has no relation to anything in person directory (at least out of the box)
[10:28:27 CDT(-0500)] <b-rock> ok. I'm not assuming it does.
[10:28:56 CDT(-0500)] <EricDalquist> so you're using shib?
[10:29:02 CDT(-0500)] <b-rock> yes.
[10:29:17 CDT(-0500)] <b-rock> and I see in the logs that the authentication succeeded.
[10:29:26 CDT(-0500)] <b-rock> and I am able to get to the portal
[10:29:48 CDT(-0500)] <EricDalquist> http://uportal.pastebin.com/hxzjXZLt
[10:29:59 CDT(-0500)] <EricDalquist> that is what you're additional descriptors config should look like
[10:31:19 CDT(-0500)] <EricDalquist> the login servlet invalidates the session during the login process
[10:31:29 CDT(-0500)] <EricDalquist> and that config stores the attributes in both the request and the session
[10:31:40 CDT(-0500)] <EricDalquist> so they are available for the duration of the login
[10:31:43 CDT(-0500)] <b-rock> well I just completely replaced the 3.2.2 persondirectory with the 3.1.1 version, and this time we get the "Welcome My Name". with this configuration http://uportal.pastebin.com/x2JcaKCi
[10:32:24 CDT(-0500)] <EricDalquist> yeah that is the same style of MediatingAdditionalDescriptors config
[10:32:40 CDT(-0500)] <b-rock> yep. so that definately makes a big difference.
[10:33:40 CDT(-0500)] <b-rock> ok. then. we've got the data imported and authentication/authorization working in the new build, now we need to convert our theme from 3.1.1 to 3.2.2
[10:34:01 CDT(-0500)] <b-rock> it looks like there are quite a few class name changes in the theme between those versions.
[10:44:26 CDT(-0500)] <b-rock> Hi, I"ve got another question. Is there a way to redeploy some of the built-in portlets such as "Fragment Administration" and "Identity Swapper" from the command line? I'm getting error messages like this http://uportal.pastebin.com/NX1vzpfp for those and a bunch of our own custom portlets.
[10:49:29 CDT(-0500)] <EricDalquist> they are always deployed
[10:49:40 CDT(-0500)] <EricDalquist> but it looks like you may not have imported the .channel files for them
[10:49:52 CDT(-0500)] <EricDalquist> grab the relevant .channel files from the 3.2 package and import them
[11:02:12 CDT(-0500)] <b-rock> ok I'll try that. Thanks EricDalquist
[11:17:04 CDT(-0500)] <athena> so when will we see the new stax implementation in trunk? (smile)
[11:17:55 CDT(-0500)] <EricDalquist> I have to get portlet actions working again
[11:18:06 CDT(-0500)] <EricDalquist> so I'll see about doing that tonight
[11:18:13 CDT(-0500)] <EricDalquist> and then it can go back in trunk
[11:18:30 CDT(-0500)] <EricDalquist> dropped another 12k lines of code last night (big grin)
[11:21:40 CDT(-0500)] <EricDalquist> with the new pipeline hitting refresh on a completely cached page renders in ~30ms for me
[11:23:47 CDT(-0500)] <athena> sounds fantastic (smile)
[11:24:19 CDT(-0500)] <EricDalquist> oh and I have a ... weird ... local hack for my portlet to get the channel List (tongue)
[11:24:24 CDT(-0500)] <athena> oh?
[11:24:33 CDT(-0500)] <EricDalquist> I wired the ChannelListController into the portal's RequestAttributeService
[11:24:42 CDT(-0500)] <EricDalquist> and return the JSON string as a request attribute (tongue)
[11:24:45 CDT(-0500)] <athena> lol
[11:24:49 CDT(-0500)] <athena> guess that works!
[11:24:51 CDT(-0500)] <EricDalquist> yes
[11:25:03 CDT(-0500)] <EricDalquist> not really something I want to contribute back
[11:25:05 CDT(-0500)] <EricDalquist> but it works ...
[11:25:11 CDT(-0500)] <athena> yeah
[11:25:28 CDT(-0500)] <athena> i think i'm close to having the persondir stuff remapped as JPA
[11:25:48 CDT(-0500)] <EricDalquist> neat
[11:25:49 CDT(-0500)] <athena> then just need to get the person directory api query methods implemented
[11:26:51 CDT(-0500)] <athena> out this afternoon and weekend at no fluff just stuff
[11:26:59 CDT(-0500)] <athena> can go to all the spring 3 sessions (tongue)
[11:27:12 CDT(-0500)] <EricDalquist> nice
[11:27:29 CDT(-0500)] <athena> it's nice having stuff like that local
[11:27:36 CDT(-0500)] <athena> though i don't really want to drive to redmond
[11:27:43 CDT(-0500)] <athena> clearly i've gotten used to not having to drive anywhere
[11:28:09 CDT(-0500)] <EricDalquist> yes
[11:28:15 CDT(-0500)] <EricDalquist> I'm the same way
[11:28:20 CDT(-0500)] <EricDalquist> with busing to work
[11:28:24 CDT(-0500)] <EricDalquist> I rarely drive anymore
[11:28:28 CDT(-0500)] <athena> yeah
[11:28:40 CDT(-0500)] <athena> i drive to home depot because i buy stuff there that would be awkward on the bus
[11:28:51 CDT(-0500)] <athena> and i drive to my soccer games (when i actually go, which apparently lately is never)
[11:29:17 CDT(-0500)] <athena> other than that, pretty much just vacations
[14:02:59 CDT(-0500)] <b-rock> Hello again. I've had to reimport the data for our database again and am running into an import issue "Value being stored 'My Weather' does not validate against pattern: ^[\w-]+$" do you know if I can modify the channel name to work around this?
[14:03:19 CDT(-0500)] <b-rock> here is a pastebin of the actual trace http://uportal.pastebin.com/BazAMtNC
[14:03:26 CDT(-0500)] <EricDalquist> it is the portlet fname's that need to be changed
[14:03:34 CDT(-0500)] <EricDalquist> but I thought the import script did that for you
[14:04:04 CDT(-0500)] <b-rock> I do see it spitting out FIXING FNAME=portal/login/general in places.
[14:04:13 CDT(-0500)] <b-rock> do you know what I can set it to manually?
[14:04:14 CDT(-0500)] <EricDalquist> hrm, looks like a bug in the layout import script not fixing all fnames
[14:04:38 CDT(-0500)] <b-rock> is it that there should be no spaces?
[14:04:39 CDT(-0500)] <EricDalquist> so in that regex
[14:04:51 CDT(-0500)] <EricDalquist> \w is a-z A-Z 0-9 and _
[14:04:56 CDT(-0500)] <EricDalquist> and a dash is ok too
[14:05:04 CDT(-0500)] <EricDalquist> so replace the space with an _
[14:05:12 CDT(-0500)] <EricDalquist> and I think it will work out
[14:05:15 CDT(-0500)] <b-rock> ok. I'll give that a try. thanks.
[14:05:26 CDT(-0500)] <EricDalquist> I think the import scripts replace invalid characters with _
[14:06:48 CDT(-0500)] <b-rock> hmm. is seems to choke on that one for some reason.
[15:13:51 CDT(-0500)] <athena> Spring 3 session is totally packed
[15:14:20 CDT(-0500)] <EricDalquist> (smile)
[15:15:02 CDT(-0500)] <athena> seems fuller than last year's spring 3 session, but i think that room was smaller
[15:15:15 CDT(-0500)] <athena> and i bet there are a lot more people at the seattle conference than the boston version (tongue)
[15:16:03 CDT(-0500)] <EricDalquist> yeah
[15:20:45 CDT(-0500)] <athena> it's funny - i frequently overhear relevant-sounding technical conversations on the bus, in restaurants, etc.
[15:21:40 CDT(-0500)] <EricDalquist> (smile)
[15:22:55 CDT(-0500)] <EricDalquist> deleting PortalSessionManager right now ...
[15:23:22 CDT(-0500)] <EricDalquist> haven't tried it yet but my current approach is to have a servlet filter call the portal url provider to parse the request
[15:23:36 CDT(-0500)] <EricDalquist> then set a request header with the type (RENDER/ACTION/RESOURCE)
[15:23:53 CDT(-0500)] <EricDalquist> and use the @RequestMapping(header) config to have controller targeting
[15:49:50 CDT(-0500)] <athena> going to be so awesome to have no more PortalSessionManager
[15:49:59 CDT(-0500)] <athena> some of the stuff you can do with SpEL in spring 3 looks pretty cool
[15:50:09 CDT(-0500)] <EricDalquist> like what?
[15:50:23 CDT(-0500)] <athena> mostly using SpEL expressions as auto-wired values
[15:50:40 CDT(-0500)] <athena> so you can autowire up a string from the properties into a bean
[15:50:48 CDT(-0500)] <athena> or even use templating or whatever
[15:51:54 CDT(-0500)] <EricDalquist> neat
[15:52:08 CDT(-0500)] <EricDalquist> very nice
[15:52:10 CDT(-0500)] <athena> yeah
[15:52:30 CDT(-0500)] <athena> guess we can also start using the JSR-330 @Inject annotation instead of the spring-specific @Autowired if we wanted to
[15:52:31 CDT(-0500)] <EricDalquist> maybe you can apply some of what you learn there to spring config file cleanup in trunk (smile)
[15:52:54 CDT(-0500)] <athena> yeah (smile)
[15:52:59 CDT(-0500)] <athena> oh wow - this is sorta cool
[15:53:16 CDT(-0500)] <athena> so for example wiring up all cities from a list with a population property that's a certain size
[15:53:31 CDT(-0500)]

<athena> #

Unknown macro: {cities.?[population >= 100000]}

[15:53:40 CDT(-0500)] <athena> and that goes straight into the bean
[15:53:55 CDT(-0500)] <EricDalquist> wow
[15:53:58 CDT(-0500)] <athena> yeah
[15:54:42 CDT(-0500)] <athena> between this and your addition of SpEL to uportal i guess we'll all have to become SpEL experts (tongue)
[15:55:34 CDT(-0500)] <EricDalquist> lol
[15:56:24 CDT(-0500)] * athena just waits to start dreaming in expression languages too
[15:57:02 CDT(-0500)]

<athena> #

Unknown macro: {cities.?[population >= 100000].![name +', ' + state]}

[15:57:34 CDT(-0500)] <athena> apparently like the city names in "Name, State" format for all cities with a certain population size
[15:57:37 CDT(-0500)] <athena> pretty cool
[16:00:52 CDT(-0500)] <EricDalquist> uhg ... I really hate doing CSS
[16:00:59 CDT(-0500)] <EricDalquist> I just don't get the box model (tongue)
[16:02:18 CDT(-0500)] <athena> i'm so slow at CSS
[16:02:33 CDT(-0500)] <athena> i sot of get some of it, but the browser difference just kill me
[16:02:37 CDT(-0500)] <athena> and it takes me forever
[16:14:59 CDT(-0500)] <athena> how much faster did you say the new rendering pipeline is?
[16:15:15 CDT(-0500)] <EricDalquist> not really sure right now
[16:15:20 CDT(-0500)] <athena> oh ok
[16:15:24 CDT(-0500)] <athena> just faster (smile)
[16:15:26 CDT(-0500)] <EricDalquist> yeah
[16:15:40 CDT(-0500)] <EricDalquist> there are still places where I'm constructing a new XML related factory on cache-miss
[16:15:49 CDT(-0500)] <EricDalquist> once it is in trunk we'll have a better idea
[16:15:55 CDT(-0500)] <EricDalquist> though portlet caching isn't implemented yet
[16:16:00 CDT(-0500)] <athena> gotcha
[16:16:01 CDT(-0500)] <EricDalquist> so all portlets re-render on every request too
[16:17:43 CDT(-0500)] <athena> gotcha
[16:20:50 CDT(-0500)] <EricDalquist> I have no idea how I'd ever do CSS without firebug though
[16:23:58 CDT(-0500)] <EricDalquist> I think when this is done the only staticly configured sections will be Groups & Permissions, DLM & Security
[16:24:09 CDT(-0500)] <EricDalquist> and security may actually be pretty easy to replace after this
[16:24:14 CDT(-0500)] <EricDalquist> since everything will be using spring controllers
[16:31:21 CDT(-0500)] <athena> yeah, i really rely on firebug
[16:31:27 CDT(-0500)] <athena> that's terrific (smile)
[16:31:34 CDT(-0500)] <athena> would still love to think about using spring security
[16:31:46 CDT(-0500)] <athena> but even w/o that, just an update to our security framework would be nice
[16:31:49 CDT(-0500)] <EricDalquist> that would be my goal too
[16:31:58 CDT(-0500)] <EricDalquist> replace our current framework with spring-sec
[16:32:02 CDT(-0500)] <athena> yeah
[16:32:09 CDT(-0500)] <athena> i know we've been talking about that for a few years
[16:32:14 CDT(-0500)] <EricDalquist> since channels are gone and we aren't stuck with ISecurityContext
[16:32:21 CDT(-0500)] <EricDalquist> that was always the big stumbling block
[16:32:29 CDT(-0500)] <EricDalquist> so much of this stuff is enabled by removing channels
[16:33:07 CDT(-0500)] <athena> yeah
[16:33:10 CDT(-0500)] <athena> terrific (smile)
[16:33:24 CDT(-0500)] <athena> so here's what i have as a list of new stuff in 3.3:
[16:33:35 CDT(-0500)] <athena> jsr-286, rendering pipeline, and no more ichannels
[16:33:54 CDT(-0500)] <athena> groups/permissions portlets, new gallery thing, bookmarkable urls
[16:33:56 CDT(-0500)] <athena> and grouper support
[16:34:01 CDT(-0500)] <athena> what have i missed so far?
[16:34:27 CDT(-0500)] <EricDalquist> hrm ... my brain is so cooked I can't think of more
[16:34:32 CDT(-0500)] <EricDalquist> I'll write stuff down over the weekend
[16:38:56 CDT(-0500)] <EricDalquist> WOOHOO! just rendered the portal through a spring @RequestMapping controller (big grin)
[16:39:31 CDT(-0500)] <athena> fantastic!
[16:39:41 CDT(-0500)] <athena> sounds like this will all be awesome (smile)
[16:39:45 CDT(-0500)] <EricDalquist> yes
[16:39:50 CDT(-0500)] <EricDalquist> I hope (tongue)
[16:39:50 CDT(-0500)] <athena> think i'm going to go to the spring REST session next
[16:39:55 CDT(-0500)] <athena> feels pretty relevant right now
[16:40:07 CDT(-0500)] <EricDalquist> and actions work!
[16:40:10 CDT(-0500)] <EricDalquist> ohh
[16:40:11 CDT(-0500)] <EricDalquist> rest
[16:40:12 CDT(-0500)] <EricDalquist> yes
[16:40:29 CDT(-0500)] <EricDalquist> one thing I'd like to take a look at when I get this merged back in is cleaning up our app context and web.xml configs
[16:40:49 CDT(-0500)] <EricDalquist> and try to consolidate our code behind just a handfull of DispatcherServlets
[16:41:04 CDT(-0500)] <EricDalquist> we should be able to remove a lot of the filters and such from web.xml
[16:41:07 CDT(-0500)] <athena> makes sense
[16:45:41 CDT(-0500)] <athena> ok, migrating!
[16:45:42 CDT(-0500)] <athena> yac
[16:45:43 CDT(-0500)] <athena> cya

  • No labels