Page-based access control with WCM pages (Delegating the access control to sitearea)


Recently working on security setup and found this feature is very useful when you are using the WCM pages (Portal page with wcm sitearea mapping)

When page-based access control enabled for site area associated with WCM page, a user who is authorized to view the page is also automatically authorized to view all content under the site area that is associated with the page.

When page-based access control is enabled, rendering performance may get improved .

To enable page-based access control
  1. Ensure that the Web content page is associated with a site area or folder in the Web content system.
  2. Select View access to this page shall imply view access on all resources contained in web_content_library/folder.


  1.  The following access rights are required:
    1. Administrator @ wcm_library, where wcm_library represents the library containing the content that is mapped to the Web content page.
    2. Administrator @ CONTENT_MAPPINGS  (Virtual Resource)
    3. Editor @ wcm_page, where wcm_page represents the Web content page for which you want to enable page-based access.
NOTE:  This is only consider the view access at rendering time (It doesn't really do anything related ACL administration on WCM side) . 

ClickHere for the wiki article
Posted by Siva R Vaka 0 comments
Labels: , , ,

Setting “Advanced Editor i.e. Editlive editor” on WCM inline editing tools popup or overlay


Changing the "Rich text options" ( Preferences-->Edit Shared Settings) to "Advanced Editor"  in the WCM authoring portlet doesn't help to enable the "ephox editor" when we are using the inline authoring (inline authoring tools components).

WCM uses special instance of the authoring portlet that is reserved specifically for web content authoring tasks like inline authoring (using inline authoring tools components..etc). This is installed on page that is hidden from the page navigation available to typical users.

You need to change the "Rich text options" of reserved portlet ( You can navigate to hidden page as Select PageNext levelContent RootNext levelHidden PagesCurrent levelWeb Content Management)


The following tasks use the reserved authoring portlet:
  • Selecting a web content folder when creating or editing the properties of a web content page.
  • Configuring the JSR 286 web content viewer, such as selecting the content item to display.
  • Performing inline editing using authoring tools components rendered in the JSR 286 web content viewer.
  
The unique name of the hidden portal page is com.ibm.wps.hiddenpage.wcm.Authoring_Portlet and 
the unique name of the portlet window of the authoring portlet instance on the hidden portal page is com.ibm.wps.hiddenpage.wcm.control.Authoring_Portlet.

Resources
Click Here for more information on the reserved authoring portlet 
Click Here Troubleshooting Editlive
Posted by Siva R Vaka 2 comments
Labels: , ,

IE6 limitations on the no of CSS files ( Maximum limit of 31 individual StyleSheets)


Recently was working on cross browser issues with UI team after I finished developing Portal Theme . Spent lot of time figuring out the issues with IE6 and finally realized limitation of IE6 with respect to the no of cascading style sheets(CSS) it can apply.

  • All style tags after the first 31 style tags are not applied. 
  • All style rules after the first 4,095 rules are not applied.

Click Here to find more details regarding the issue

Posted by Siva R Vaka 0 comments
Labels:

WebSphere Portal Virtual Resources : WP7

Virtual resources are a unique resource type.Each resource instance belongs to only one resource type. For example, the resource instance Market News Page would belong to the Content Nodes resource type.


Following virtual resources are of my interest recently while working on security setup (These are so useful for the initial security setup with combination of role blocks).


Virtual Resource
Description
Content Nodes
The root node of all pages, labels, and external URLs. Pages contain the content that determines the portal navigation hierarchy. If a new top-level page is created, it is automatically a child resource of the Pages virtual resource. If a new page is created beneath an existing page, the new page is automatically child of the existing page. Pages inherit access control configuration from their parent page unless role blocks are used.
Portal
This is the root node of all resources in the release domain. Roles on this resource affect all other resources in the release domain by default through inheritance unless role blocks are used. Resources in other domains like Templates and Policies are not affected through role mappings on this resource.
Content Mappings
Use page-based access control to delegate access control of content items to the web content page used to display the content.
Portal Settings
Protects portal settings that can be modified through the Portal Settings Portlet or the XML configuration interface. This virtual resource has no child resources.
Portlet Applications
The root node of all installed portlet applications. Portlet applications are the parent containers for portlets. If a new Web module is installed, the portlet applications that are contained within that Web module are automatically child resources of the Portlet Applications virtual resource. Portlets that are contained within a portlet application appear as child nodes of that portlet application. Thus a two-layer hierarchy consisting of portlet applications and the corresponding portlets exists beneath the Portlet Applications virtual resource. Portlets inherit access control configuration from their parent portlet applications unless role blocks are used.
PSE Sources
The root node of all search collections. If a new search collection is created, it is automatically a child of this virtual resource. Roles on this resource affect all defined search collections unless role blocks are used.
URL Mapping Contexts
The root node of all URL mapping contexts. URL mapping contexts are user-defined definitions of URL spaces that map to portal content. If a new top-level URL mapping context is created, it is automatically a child resource of the URL Mapping Contexts virtual resource. If a new URL mapping context is created beneath an existing context, the new context is automatically a child of the existing context. URL mapping contexts inherit access control configuration from their parent context unless role blocks are used.
User Groups
The root node of all user groups. Each user group in the portal inherits its access control configuration from the User Groups virtual resource. It is not possible to create role blocks on individual user groups.
User Self Enrollment
Protects the Selfcare and User Enrollment facilities (sign up and Edit My Profile). This virtual resource has no child resources.
Users
This virtual resource has no child resources. The Users virtual resource protects sensitive operations that deal with user management. For example, in order to add a user to a user group, you must have the Security Administrator@Users role. Users are implicitly protected resources. Users cannot be protected individually, but only through their group membership. As a result, it is not possible to have a role assignment on a specific user. Roles must be on user groups instead. So, you can edit Mary's user profile if you have a role assignment on some user group to which Mary belongs.
VP URL Mappings
Protects the ability to modify a URL Mapping linked to a virtual portal.
Web Modules
The root node of all Web modules. Web modules are portlet WAR files that are installed on WebSphere Application Server. Web modules can contain multiple portlet applications. If a new Web module is installed, it is automatically a child of the Web Modules virtual resource. Roles on this resource affect all child resources (all installed Web modules) unless role blocks are used.
XML configuration interface
Protects the ability to execute XML configuration interface scripts. This virtual resource has no child resources.
STEP UP AUTHENTICATION
Protects the ability to modify the binding of resources such as Portlets or Pages to an authentication level.
THEME MANAGEMENT
Lets users update and modify the portal theme.



Note: Role inheritance never crosses domain(release,JCR,community,customization) boundaries, thus limiting the inheritance scope. Therefore, a role assignment for a user on the Content Nodes virtual resource in the release domain will only grant access to Content Nodes resources (pages) in the release domain.


Resources can appear in different domains depending on the type of resource.

  • Protected Resources of the release domain can be managed through the access control administration portlets and through the XML Configuration interface
  • Policy resources are stored in the JCR domain and can also be managed through the access control administration portlets and through the XML Configuration interface
  • Resources in the community domain can only be managed through collaboration application specific administrative portlets. Resources in this domain are not shown in the access control administration portlets
  • The customization domain only holds private resources of users. No role assignments are possible in this domain, so resources in this domain are also not shown in the access control administration portlets




Find more information on portal virtual resources at below wiki article
http://www-10.lotus.com/ldd/portalwiki.nsf/dx/Resources_wp7
Posted by Siva R Vaka 0 comments
Labels: , ,

IBM Whole-system Analysis of Idle Time (WAIT)


Recently attended the demo of the IBM Whole System Analysis of Idle Time (WAIT) Performance monitor tool. 

WAIT is designed to be zero-install, it requires no monitoring agents installed on the application server and even you don’t need to restart the server. WAIT can help you pinpoint performance bottlenecks like waiting for database data, waiting on hot locks, or executing code  in a Java applications.

Following are three steps for using WAIT
  1. Collect the data from system using the datacollector scripts provided , This is like issuing a signal to a running JVM.
  2. Upload the generated data to WAIT service.
  3. View the report in your browser. 
Following links help find out more information regarding WAIT.

Presentation

WAIT site

Posted by Siva R Vaka 0 comments
Labels: ,

Page Builder - Creating Custom Page Layouts WP7


Lotus wiki article (Click Here)  didn’t provide the complete details on how the custom layout works in page builder theme. Following article tries to explain the internal details on how the custom layouts works in page builder theme .

Create custom layout (1Row3ColumnEqualFooter) using HTML DIV tags that looks like below


Step 1: Connect to webDAV http://localhost:10039/wps/mycontenthandler/dav/fs-type1/

Step 2: copy the out of the box “customLayout” folder from the “layout-templates” to you local drive

Step 3: Rename the folder copied in above step to “1Row3ColumnEqualFooter”and also update the following files in it i.e. update the icon.gif with new icon.gif (looks like above) and also update the localized_en.properties file with title as (1Row3ColumnEqualFooter).

Step 4: Copy “1Row3ColumnEqualFooter” folder back to the http://localhost:10039/wps/mycontenthandler/dav/fs-type1/layout-templates

Step 5: Now you can see this custom layout on portal(may need to re login if doesn’t work) , ActionsàEditPageà CustomizeàChangeLayout . Now you should able to see the layout




Above steps explained in the wiki article also , but this isn’t yet solved the entire problem.

How to change the layout.html that re-presents the layout in above icon.

Step 1: Need to edit the layout.html and layout.css under the “1Row3ColumnEqual Footer” folder in webDAV

Step 2: Copy the following lines into the layout.hml (replace existing content)
<div class="hiddenWidgetsDiv">
<!-- widgets in this container are hidden in the UI by default -->
       <div class="component-container hiddenWidgetsContainer ibmDndRow" name="ibmHiddenWidgets"></div>
       <div style="clear:both"></div>
</div>
<div class="component-container ibmRow ibmDndRow" name="ibmMainContainer"></div>
<div  class="component-container ibm3Col ibmDndColumn" name="left"></div>
<div  class="component-container ibm3Col ibmDndColumn" name="middle"></div>
<div  class="component-container ibm3Col ibmRightCol ibmDndColumn" name="right"></div>
<div class="component-container ibmRow ibmDndRow" name="footer"></div>

Step 3: Copy the following lines to layout.css

.ibmClearRow { clear:both; }
.hiddenWidgetsContainer{ display:none; margin-bottom:10px; }
.ibm3Col {  float:left; width:32.5%; margin:0 .8% 2px 0; overflow:hidden; position:relative; }
.ibm_rtl .ibm3Col { margin:0 0 5px .8%; }
.ibmRow { width:100%; overflow:hidden; margin-bottom:10px; }
.ibmRightCol { margin-right:0px; margin-right:0%; }

Step 4: Update these files on the webDAV  “1Row3ColumnEqualFooter” folder

Step 5: To see the changes , create a portal page and apply the page builder theme.

Step 6: To apply the custom layout for that page, access portal pageà actionsà edit page à customize àchange layout à choose “1Row3ColumnEqual” and click save.

Step 7: Go back to administration and click “edit” icon for the page now it look like below and add portlets to containers and click “done”.

Step 8: Access the page to see the layout

 

Relation or Mapping between the <DIV> tags in layout.html and layout containers

It looks so simple to add the new layout but the page builder theme does following things to indetify what portlets need display under what <DIV> tag.

Once we select the layout in the page customization and click on it to save , then it actually update or adds lot of metadata to page.  XML for the above page as follows

<?xml version="1.0" encoding="UTF-8"?>
<content-node action="update" active="true"
       allportletsallowed="true" content-parentref="Z6_000000000000000000000000A0"
       create-type="explicit" domain="rel" objectid="Z6_S11VAVH4089E00IPA0S69O20I1"
       ordinal="5800" themeref="ZJ_CGAH47L000CS30IAH1044E1KJ5" type="staticpage"
       uniquename="TestCustomLayout">
       <localedata locale="en">
              <title>TestCustomLayout</title>
       </localedata>
       <parameter name="com.ibm.portal.IgnoreAccessControlInCaches" type="string" update="set"><![CDATA[false]]></parameter>
       <parameter name="com.ibm.portal.bookmarkable" type="string" update="set"><![CDATA[true]]></parameter>
       <parameter name="com.ibm.portal.layout.template.ref" type="string" update="set"><![CDATA[dav:fs-type1/layout-templates/1Row3ColumnEqualFooter]]></parameter>
       <parameter name="com.ibm.portal.remote-cache-expiry" type="string" update="set"><![CDATA[86400]]></parameter>
       <access-control externalized="false" owner="uid=wpsadmin,o=defaultWIMFileBasedRealm" private="false" />
       <component action="update" active="true" deletable="undefined" domain="rel" modifiable="undefined" objectid="Z7_S11VAVH4089E00IPA0S69O20I5" ordinal="100" orientation="V" skinref="undefined" type="container" width="undefined">
              <component action="update" active="true" deletable="undefined" domain="rel" modifiable="undefined" objectid="Z7_S11VAVH4089E00IPA0S69O20I3" ordinal="100" orientation="V" skinref="undefined" type="container" width="undefined" />
              <component action="update" active="true" deletable="undefined" domain="rel" modifiable="undefined" objectid="Z7_S11VAVH4089E00IPA0S69O20I7" ordinal="500" orientation="H" skinref="undefined" type="container" width="undefined">
                     <parameter name="com.ibm.portal.layoutnode.localname" type="string" update="set"><![CDATA[ibmHiddenWidgets]]></parameter>
                     <parameter name="css-classes" type="string" update="set"><![CDATA[ibmDndRow hiddenWidgetsContainer]]></parameter>
              </component>
              <component action="update" active="true" deletable="undefined" domain="rel" modifiable="undefined" objectid="Z7_S11VAVH4089E00IPA0S69O20A0" ordinal="600" orientation="H" skinref="undefined" type="container" width="undefined">
                     <parameter name="com.ibm.portal.layoutnode.localname" type="string" update="set"><![CDATA[ibmMainContainer]]></parameter>
                     <parameter name="css-classes" type="string" update="set"><![CDATA[ibmDndRow ibmRow]]></parameter>
                     <component action="update" active="true" deletable="undefined" domain="rel" modifiable="undefined" objectid="Z7_S11VAVH4089E00IPA0S69O20A3" ordinal="100" skinref="undefined" type="control" width="undefined">
                           <portletinstance action="update" domain="rel" objectid="Z5_S11VAVH4089E00IPA0S69O20A7" portletref="Z3_CGAH47L008LG50IAHUR9Q330H1" shareref="Z5_S11VAVH4089E00IPA0S69O20A7" />
                     </component>
              </component>
              <component action="update" active="true" deletable="undefined" domain="rel" modifiable="undefined" objectid="Z7_S11VAVH4089E00IPA0S69O20A6" ordinal="700" orientation="H" skinref="undefined" type="container" width="undefined">
                     <parameter name="com.ibm.portal.layoutnode.localname" type="string" update="set"><![CDATA[left]]></parameter>
                     <parameter name="css-classes" type="string" update="set"><![CDATA[ibm3Col ibmDndColumn]]></parameter>
                     <component action="update" active="true" deletable="undefined" domain="rel" modifiable="undefined" objectid="Z7_S11VAVH4089E00IPA0S69O20Q0" ordinal="100" skinref="undefined" type="control" width="undefined">
                           <portletinstance action="update" domain="rel" objectid="Z5_S11VAVH4089E00IPA0S69O20Q4" portletref="Z3_CGAH47L008LG50IAHUR9Q330H1" shareref="Z5_S11VAVH4089E00IPA0S69O20Q4" />
                     </component>
                     <component action="update" active="true" deletable="undefined" domain="rel" modifiable="undefined" objectid="Z7_S11VAVH4089E00IPA0S69O2060" ordinal="200" skinref="undefined" type="control" width="undefined">
                           <portletinstance action="update" domain="rel" objectid="Z5_S11VAVH4089E00IPA0S69O2064" portletref="Z3_CGAH47L008LG50IAHUR9Q330H1" shareref="Z5_S11VAVH4089E00IPA0S69O2064" />
                     </component>
              </component>
              <component action="update" active="true" deletable="undefined" domain="rel" modifiable="undefined" objectid="Z7_S11VAVH4089E00IPA0S69O20A1" ordinal="800" orientation="H" skinref="undefined" type="container" width="undefined">
                     <parameter name="com.ibm.portal.layoutnode.localname" type="string" update="set"><![CDATA[middle]]></parameter>
                     <parameter name="css-classes" type="string" update="set"><![CDATA[ibm3Col ibmDndColumn]]></parameter>
                     <component action="update" active="true" deletable="undefined" domain="rel" modifiable="undefined" objectid="Z7_S11VAVH4089E00IPA0S69O20Q2" ordinal="100" skinref="undefined" type="control" width="undefined">
                           <portletinstance action="update" domain="rel" objectid="Z5_S11VAVH4089E00IPA0S69O20Q6" portletref="Z3_CGAH47L008LG50IAHUR9Q330H1" shareref="Z5_S11VAVH4089E00IPA0S69O20Q6" />
                     </component>
              </component>
              <component action="update" active="true" deletable="undefined" domain="rel" modifiable="undefined" objectid="Z7_S11VAVH4089E00IPA0S69O20A4" ordinal="900" orientation="H" skinref="undefined" type="container" width="undefined">
                     <parameter name="com.ibm.portal.layoutnode.localname" type="string" update="set"><![CDATA[right]]></parameter>
                     <parameter name="css-classes" type="string" update="set"><![CDATA[ibm3Col ibmRightCol ibmDndColumn]]></parameter>
                     <component action="update" active="true" deletable="undefined" domain="rel" modifiable="undefined" objectid="Z7_S11VAVH4089E00IPA0S69O20Q1" ordinal="100" skinref="undefined" type="control" width="undefined">
                           <portletinstance action="update" domain="rel" objectid="Z5_S11VAVH4089E00IPA0S69O20Q5" portletref="Z3_CGAH47L008LG50IAHUR9Q330H1" shareref="Z5_S11VAVH4089E00IPA0S69O20Q5" />
                     </component>
                     <component action="update" active="true" deletable="undefined" domain="rel" modifiable="undefined" objectid="Z7_S11VAVH4089E00IPA0S69O2062" ordinal="200" skinref="undefined" type="control" width="undefined">
                           <portletinstance action="update" domain="rel" objectid="Z5_S11VAVH4089E00IPA0S69O2066" portletref="Z3_CGAH47L008LG50IAHUR9Q330H1" shareref="Z5_S11VAVH4089E00IPA0S69O2066" />
                     </component>
              </component>
              <component action="update" active="true" deletable="undefined" domain="rel" modifiable="undefined" objectid="Z7_S11VAVH4089E00IPA0S69O20A5" ordinal="1000" orientation="H" skinref="undefined" type="container" width="undefined">
                     <parameter name="com.ibm.portal.layoutnode.localname" type="string" update="set"><![CDATA[footer]]></parameter>
                     <parameter name="css-classes" type="string" update="set"><![CDATA[ibmDndRow ibmRow]]></parameter>
                     <component action="update" active="true" deletable="undefined" domain="rel" modifiable="undefined" objectid="Z7_S11VAVH4089E00IPA0S69O20Q3" ordinal="100" skinref="undefined" type="control" width="undefined">
                           <portletinstance action="update" domain="rel" objectid="Z5_S11VAVH4089E00IPA0S69O20Q7" portletref="Z3_CGAH47L008LG50IAHUR9Q330H1" shareref="Z5_S11VAVH4089E00IPA0S69O20Q7" />
                     </component>
              </component>
       </component>
</content-node>
  
  1. Names of DIV tags in layout.html are added in container component node level parameters.
  2. CSS classes of DIV tags in layout.html,  are also added at container component node level parameters to arrange the containers positions or alignment
FAQ’s
  1. What is the main purpose of the page builder theme custom page layouts ?
Ans: Page builder theme helps to separate the page layout design with page administration  by separting the “layout” from the portal page by keeing it webDAV.

  1. Why there is nothing called custom layouts in the standard portal theme ?
Ans: As standard portlet theme uses the out the box layout tools , Page “Editors/Admins” can modify the layout directly in page “edit layout”.  It has flexibility to arrange the containers in any layout.

  1. Difference between PageBuilder Theme custom page layout vs Portal Theme out of box page layout?
Ans: In starndard portal theme page layout gets generated by using the HTML table cell structure . Layout containers uses the table structure to arrange the portlets on the page. But page bulder theme uses the Div layouts to generate the page structure.

  1. Can we create the DIV layout structure using the standard portal theme?
Ans: Yes, but need to use the custom CSS styles to move the portlets to arrange the layout.

    Posted by Siva R Vaka 3 comments
    Labels: , ,
    Subscribe to: Posts (Atom)