Simple Content Management Portlet Configuration
Portlet Quickstart
1. Check out the Simple Content Portlet from Jasig Subversion:
$ svn co https://source.jasig.org/portlets/SimpleContentPortlet/trunk SimpleContentPortlet
2. Build the portlet using maven.
$ cd SimpleContentPortlet $ mvn clean install
3. Deploy the resulting war file using your portal's deployment process.
In uPortal, this step involves calling the portal's deployPortletApp ant task from the command line. From uPortal's top-level directory:
$ ant deployPortletApp -DportletApp=/path/to/SimpleContentPortlet/target/SimpleContentPortlet.war
Configuration Options
jQuery noConflict Behavior
uPortal 3.1+ requires that a portlet import all of the JavaScript libraries it requires, then delete related publicly visible variables. By default, the Simple Content Portlet follows this model.
To use the portlet in an environment which already includes the jQuery library and does not delete it from the public scope, set the portlet preference "includeJQuery" to "false".
HTML Validation and Security
The Simple Content Management portlet uses OWASP's AntiSamy tool to validate and sanitize HTML input. By default, the portlet ships with a configuration that prevents users from entering JavaScript or other potentially dangerous code.
You may modify this default behavior by editing or creating a new policy file. AntiSamy's configuration options are documented in the following locations:
Using JavaScript
While the validation rules for most HTML tags and attributes may be set through manipulating the AntiSamy configuration file, no amount of twiddling will successfully enable AntiSamy to allow the inclusion of JavaScript code. You may optionally allow content publishers to include script elements by disabling the AntiSamy scan.
Important Considerations
Disabling AntiSamy means that any user with publishing rights in your portal will be able to include potentially dangerous code in the portal. Please do not disable HTML validation unless you've carefully reviewed your portal's administrative groups and permissions, have locked down access to the portal's configuration mode, and trust both the judgement and HTML authoring skills of your administrative users.
Before disabling AntiSamy, Jen recommends taking a deep breath while reflecting over the life and times of Little Bobby Tables.
Disabling AntiSamy
AntiSamy may be disabled via a simple portlet preference called "cleanContent". To disable content scanning, simply set "cleanContent" to "false". A sample alternate "Advanced CMS" configuration with content scanning disabled is included at the bottom of the distributed portlet.xml file.
CKEDITOR configuration
In addition to AntiSamy, the editor used (CKEDITOR) does its own filtering and transformation. To disable CKEDITOR' content filtering and rely only on AntiSamy, modify WEB-INF/jsp/configureContent.jsp to have
allowedContent: true;
Registering as a uPortal Portlet Publishing Type
In uPortal, the Simple Content Portlet may be registered as a pre-configured portlet publishing type. Registering the portlet in this manner will create a new option in the initial "portlet type" screen of the portlet administration wizard and will pre-configure some of the settings of the portlet. You will need to execute an ant deploy-war to deploy this file to Tomcat.
To register this new portlet type, first create a new directory in the uPortal source tree at uportal-war/src/main/resources/org/jasig/portal/channels/CMS. Copy the file from docs/cpd/cms.cpd in the portlet into this new directory.
Next, import the portlet's .channel file into your portal. From the uPortal base directory:
ant crn-import -Ddir=/path/to/SimpleContentPortlet/docs/import -Dpattern=cms.channel-type