Vivek Agarwal’s Portal/Java Blog

An IBM Gold Consultant’s weblog about IBM, Lotus, WebSphere, J2EE, IT Processes, and other IT technologies

Playing with Liferay II

Posted by Vivek Agarwal on February 6, 2006


While setting up my sandbox Liferay install, I ran into a few issues/questions that in my opinion, the docs were not too clear on.

How do you set up default content for new users?

The first one was how do you set up default page hierarchies for new users. Essentially, in my case I have set up Liferay to perform authentication against our Windows Active Directory domain. So I do not have to explicitly create new user accounts in Liferay. As and when users login for the first time to Liferay, their Liferay portal accounts get created (i.e. created in the Liferay Portal database). I was not too clear after skimming through the Liferay documentation and playing with the administration, on how to set up default page hierarchies deploying standard/custom Liferay portlets for new users.

The answer was two-part. The first part involved creating groups (that are very different from the concept of user groups that I am used to) that are essentially communities and similar to virtual portals in the WebSphere Portal sphere. For each group, you can go edit pages using the administration portlet, and create the requisite page hierarchies with the relevant portlets laid out on those pages. Fairly straight forward and this part is pretty clear from exploring the product! Then came the question of how do I associate new users that do not exist in the Liferay Portal with the group(s) (or default page hierachies) that I had created. I explored the admin portlet but did not see anything obvious. On the user management screen, I saw the ability to create new users explicitly and below that were various other options that looked related to new user creation. However, I finally clicked on the “Default Groups and Roles” link below the new user creation form and that was the answer to my question. Basically, you can define roles and groups that are automatically assigned to new users. This enables you to set up new users with access to default page hierarchies.

Easy enough when you figure it out! However, there seem to be several issues here –

q The biggest issue is that Liferay is not aware of the external user repository. It is only aware of its internal user repository and users are only added there once users login to Liferay. So if my external user repository (LDAP – Active Directory being Microsoft’s implementation) has users and user groups set up, there is no default way to utilize the user groups in Liferay.

q Additionally a page hierarchy can only be visible to a single Liferay group. So if I want one set of users (group A) to see a page hierarchy, and another set (group B) to see the same page hierarchy but with one additional page, I have to create two groups and create the identical portions of the page hierarchy twice. Of course, if it is acceptable for a user from group B to see 2 different communities – group A with the common pages and group B with the single additional page, then Liferay’s model. Otherwise, it looks like a lot of unwelcome administrative overhead.

Switching to a more robust database after a bundled install

For initial investigation, I had chosen to perform a bundled install of Liferay with JBoss and Tomcat – this was pretty cool as I was able to have it running in a jiffy! However, after a couple of days I wanted to switch Liferay to using MySQL – this was pretty straightforward and simply involved creating a MySQL database, populating it with Liferay tables/seed data using a SQL script, plopping in the MySQL drivers in the JBoss lib folder, and updating the liferay-ds.xml file used for data source configuration. Pretty simple unless you do what I did – I renamed the liferay-ds.xml to liferay-ds.xml.original and configured MySQL using a new liferay-ds.xml. Well that ends up causing issues as JBoss ends up initializing from liferay-ds.xml.original as well. So only have a single liferay-ds.xml configuration file in the JBoss deploy folder!

Public and private events in the calendar

Somehow I was not too clear that the Desktop community home page is a private page that is specific to each user and that the calendar portlet on that page is not shared. So any events that you create on the calendar portlet on the Desktop community can only be private events. And the corollary to this is that all events created on any other community are public events that are visible to all users that have access to that community.

IMHO, it would have been a better design to have the “Add Event” capability accommodate the user being able to designate the event as a private or shared event. And for a shared event, indicate the groups with access to that event. And from an access control perspective, it would be easy to ensure that the user creating the event can only make the event available on the communities that that user has access to.

Currently if I have an event that I want to be visible to multiple groups, I need to create that event once for each group! L It should be pretty easy to modify the “Add Event” to support what I am suggesting. Maybe I will do real work for a change and I actually code a variant of the “Add Event” that implements my suggestion.

Signing off

I typed this up on my flight from Austin to Colorado Springs and it is time to sign off. However, I have quite a lot more to say about authorization in Liferay – I believe that there are significant limitations in this area. But overall, Liferay is certainly worth a look and can work for many organizations in the SMB space.

Advertisements

10 Responses to “Playing with Liferay II”

  1. stephen said

    Just wondering if you could me out a little im stuck on ADS + Liferay i have create the user in the liferay database first , then i had added the

    to portal-ext.properties

    auth.pipeline.pre=com.liferay.portal.auth.ADSAuth
    #auth.pipeline.post=com.liferay.portal.auth.ADSAuth

    auth.impl.ads.initial.context.factory=com.sun.jndi.ldap.LdapCtxFactory
    auth.impl.ads.security.authentication=none
    auth.impl.ads.host=
    auth.impl.ads.port=389
    auth.impl.ads.userid=cn=Administrator,
    auth.impl.ads.password= auth.impl.ads.domainlookup=cn=Users,

    the user if password works via ldapbrowser but authentication does not work in liferay i have turned on authenticate by userid and not email ,
    if i disable the top line it logs in ok using the database

    Cheers

    -Stephen

  2. Brian Kim said

    Check out our new Liferay 4.0. We changed the architecture to allow for fine-grained permissioning in this release. Documentation is improved as well 🙂

    Brian Kim
    Liferay, LLC

    • ash said

      Hi,

      I’m new to Liferay. I’m using Liferay 6.0.

      While I’m trying to integrate portlets using liferay, I’m struck with the user management part.

      I have imported the users from LDAP to Liferay. There are around 2500 users in the system. I’m trying to assign roles to the users depending on their Job Title. All users with job title as ‘Manager’ needs to be assigned with role ‘Manager’.

      It is very difficult to assign this role to each and every manager one by one. Is there a way to achieve this in bulk, like a batch update?

      Plz help me to get an answer for this.

      Thanks,
      ash

  3. Brian,

    I am certainly on it in terms of looking at Liferay 4.0. It certainly seems to have some good enhancements – congrats on a great job!

    At first glance though, I am a little disappointed with the access control enhancements – I still dont see how I could have pages on a single community with different user groups having different access rights on each page. I can certainly see the need for a “Human Resources” community that has some pages that are more privileged than others. I know about the new private/public pages within a community feature – that is useful but not the solution for my problem. I do not necessarily want to limit the more privileged pages in the “Human Resources” community to the community members. I could want to limit those pages to a certain managers group in my LDAP.

    Basically, what I am looking for is the ability to set access control on a page within a community for a given LDAP group.

    Probably not making much sense since I am in a hurry, but will post later more coherently or so I hope!

  4. Nguyen Thi Phuong said

    Dear Sir,
    I have a problem with Liferay 3.6.1 when I add Portlet mail.
    Error: 10,814 INFO [STDOUT] A3 CREATE mail/junk-mail
    2006-09-15 06:50:10,814 INFO [STDOUT] A3 NO CREATE Cannot create folder ‘mail/junk-mail’
    2006-09-15 06:50:10,814 INFO [STDOUT] A4 LIST “” mail/junk-mail
    2006-09-15 06:50:10,939 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/].[jsp]] Servlet.service() for servlet jsp threw exception
    javax.mail.FolderNotFoundException: mail/junk-mail not found
    at com.sun.mail.imap.IMAPFolder.checkExists(IMAPFolder.java:266)
    at com.sun.mail.imap.IMAPFolder.open(IMAPFolder.java:726)
    at com.liferay.portlet.mail.util.MailUtil._getFolder(MailUtil.java:867)
    at com.liferay.portlet.mail.util.MailUtil.getFolder(MailUtil.java:337)
    at org.apache.jsp.html.portlet.mail.view_jsp._jspService(org.apache.jsp.html.portlet.mail.view_jsp:469)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)

    Can you help me resolve this problem?
    Thanks a lot.

  5. Sandeep said

    Dear Sir,

    I am very new in Liferay Portlet Development.

    Will you please provide the Details Tutorial Links of Liferay Portlet.

  6. Jassi said

    Dear Sir,

    Required info for User Authentication with model.

    for this i have updated portal.properties

    auth.pipeline.pre = com.orangescape.dimension.auth.UserAuthenticator

    and created file usertable.properties to

    #######################mandatory configuration###########################
    com.orangescape.dimension.auth.datasource = java:/dimension
    com.orangescape.dimension.auth.userid=select EMPLOYEE_ID from EMPLOYEEMASTER where EMPLOYEE_ID =
    com.orangescape.dimension.auth.emailid=select EMAIL_ADDRESS from EMPLOYEEMASTER where EMPLOYEE_ID =
    com.orangescape.dimension.auth.password=select PASSWORD1 from EMPLOYEEMASTER where EMPLOYEE_ID =
    com.orangescape.dimension.auth.groupid=select GROUPID from EMPLOYEEMASTER where EMPLOYEE_ID=
    com.orangescape.dimension.auth.themeid=officetiger
    com.orangescape.dimension.auth.firstname=select distinct FIRST_NAME from EMPLOYEEMASTER_LOGINVIEW where EMPLOYEE_ID =
    com.orangescape.dimension.auth.lastname=select distinct LAST_NAME from EMPLOYEEMASTER_LOGINVIEW where EMPLOYEE_ID =

    #######################optional configuration###########################
    #used to provide the company id,do not provide any values unless you know what you are doing 😉

    #com.orangescape.dimension.auth.companyid=

    #used to provide the roleid ,do not provide any values unless you know what you are doing 😉
    #com.orangescape.dimension.auth.roleid=

    #this is meant for deleting the default power user role thats assigned during user creation
    com.orangescape.dimension.auth.poweruserid=12

    after this when trying to login its give authentication failure

    Can you help me resolve this problem?
    Thanks a lot.

  7. Ajay said

    Hi sir,

    i am working with Liferay.
    i am trying to integrate wordpress blog with the Lliferay..
    is it possible?if yes..please can u give the startup steps?

    Thks in advance

  8. jignesh said

    hey can anybody help me to setup liferay with weblogic

  9. Raj said

    I need to integrate Liferay with our own custom authorization module. Is there any way to by pass LR authorization and plug in custom authorization?

Sorry, the comment form is closed at this time.

 
%d bloggers like this: