Displaying node or server name in WebSphere portal theme

At end of theme development , may requires to display node name or server name as part of theme  to troubleshoot any issues in cluster environment.

Just include the following line in footer or header

<%=com.ibm.websphere.runtime.ServerName.getDisplayName()%> 
or
<%=com.ibm.websphere.runtime.ServerName.getFullName()%>


Resources 

WCM Security Details - WCM7 - Part2

WCM Security Settings

Section
Details
User defined
If the item is not participating in a workflow, the user can edit the access under user-defined.
Workflow
If an item is participating in a workflow, then the user-defined option does not appear, and the workflow settings are displayed. This cannot be edited. Workflow-defined access is set in workflow stages.
 NOTE: Published items and workflow-defined item security:
  • If you grant a user editor access to an item in a workflow stage that uses a publish action, then those users are able to edit the published item directly. No draft is created. The same        is true for administrator defined security when applied to published items.
  • If you grant a user manager access to an item in a workflow stage that uses a publish action, then those users are able to edit and delete the published item directly. No draft is created. The same is true for administrator defined security when applied to published items.
  • If you grant a user approve access to an item in a workflow stage that uses a publish action, then those users are able to create drafts of the published item.
Administrator defined
Administrators can edit user access to an item at any time by changing the administrator defined settings.
Inheritance
You can also choose to inherit access assigned in the current Web content library, or from an item's parent. Inheritance for all user roles is enabled by default.

NOTES: 
1.      Security at the Library level,  determines  who can access the library   
2.      Security at the Library Resources Level (i.e.components, content, authoring template…etc.) determines what they can see and what functions (read, edit, delete, purge , etc) they can do.
3.      User or group who have access to create the content should be able to do New->Content for the library to initially create the content. Then, depending on how the workflow is set up for the content, that user may or may not be able to edit the content because they may not included in the access control for the next workflow stage the content moves to.

4.      Element level Security :  
a. Content Elements inherit the permissions from the content resource type.
b. In WCM, it is possible to filter who see a content element. To set permissions, go to the default content settings, expand the content element, and click Select editors or Select viewers. Content Elements inherit the permissions from the content resource type.

5.      Create new item : The ability to create new items is set at the library level, not item level. You must have at least contributor access to a library and editor access to an item-type to create a new item. If you have access to create any item type, you can also create folders and projects.

6.      Security Inheritance
                                i.            Inheritance from a library is based on the role assigned to the overall library, not on the role assigned to specific item types. For example, you may not have access to the presentation template view on a library, but if you inherit the role of editor to a presentation template, you will be able to view and edit that presentation template from the All Items view
                              ii.            Inheritance does not apply to draft items

7.      Disabling inheritance :
                                i.            By default, each role's access is automatically inherited down to each item in a library. To prevent a user or group from automatically having inherited access to an item, you will need to turn off inheritance on that item.
                              ii.            Note: By default, inheritance is enabled for all roles and items. To disable automatic inheritance, edit the WCMConfigService.properties file located in the /PortalServer/wcm/shared/app/config/wcmservices/ directory.
                            iii.            To disable automatic inheritance, set this value to “false”: default.inherit.permissions.enabled=false
                            iv.            You will need to restart WebSphere Portal to enable any configuration changes made to this file

8.      Work-Flow Security
                                i.            A workflow in WCM is a process that is used to control item state and security
                              ii.            Workflow stages determine the content security for a particular stage. (Do not confuse this with the security of the stage itself).
                            iii.            Setting approve access is only available through the workflow stage
                            iv.            A WCM "non-workflowed" item has only one state, which is published . A nonworkflowed item is represented by a gray icon close to the item.
                              v.            In Draft workflow stage add the “group A” as editors on the content , so when all contents entered into this stage they automatically give access to that group.
                            vi.            Any changes to security in workflow stage doesn’t apply to already draft content until force the content to re enter the draft stage again.
                          vii.            If the content is in the Draft stage, and user who is moving the object (click on next stage) to approve stage should have read access on the approve stage itself. Otherwise it will throw an unauthorized exception.
                        viii.            Similarly authors will need 'approve' access on the 'draft' workflow stage to approve the content by themselves (to move to publish action).
                            ix.            Authors can only add Read access to items after they are published, using the Additional Viewers when published button

9.      Batch-editing access controls : An administrator can apply access control settings for multiple items. To batch-edit security:
a. Open an item view.
b. Select the items you would like to batch-edit, and then click More Actions > Edit Access.
c. If you are assigning access to individual users or groups, edit the list of users or groups you would like to set security levels for.
                                                              i.      To remove items, first select the required items from the item list, then click Remove
                                                            ii.      To add items, click Add Search for and then select the users or groups you would like to add Security for. Click OK.
d. Select how to apply the new access levels:
                                                              i.      The same access level changes the access level of the selected users or groups to the specific access level selected in step 5.
                                                            ii.      Minimum access level changes the minimum access level of the selected users or groups to the access level selected in step 5. The access levels of a user can be raised, but not reduced.
                                                          iii.      Maximum access level changes the maximum access level of the selected users or groups to the access level selected in step 5. The access levels of a user can be reduced, but not raised.
e. Select an access level.
f. Select inheritance options as required. If you select "ignore", no changes are applied to inheritance.
g. Select to apply these settings either to the Administrator Defined or User Defined access control settings.
h. Select Only change access for existing users or groups. Do not add any new users or groups to change the access level of users and groups have already been granted access to an item. No new users or groups are added.
i. Click OK to finish.

10.  Disabling inheritance :
                              v.            By default, each role's access is automatically inherited down to each item in a library. To prevent a user or group from automatically having inherited access to an item, you will need to turn off inheritance on that item.
                            vi.            Note: By default, inheritance is enabled for all roles and items. To disable automatic inheritance, edit the WCMConfigService.properties file located in the /PortalServer/wcm/shared/app/config/wcmservices/ directory.
                          vii.            To disable automatic inheritance, set this value to “false”: default.inherit.permissions.enabled=false
                        viii.            You will need to restart WebSphere Portal to enable any configuration changes made to this file

11.  WCM Virtual Users/Groups
a. Author
b. Owner
c. Creator
d. Anonymous Portal users
e. All Authenticated Portal Users
f. All Portal User Groups
g. All Users

Resources

WCM Security Details - WCM7 - Part1


1.       Setting the access at the JCR root level
a.       Inside JCR, WCM libraries are organized in a hierarchy with a common root. The security roles set on the content library root are propagated to all libraries.
b.      By default, only administrators have access to work with Web content libraries. To allow other users to work with Web content libraries, such as virtual portal administrators, you have to assign them access to the JCR content root nod

2.       There are three levels of access controls for web content .  
a.       Library  : Library level access controls determine access to the library as a whole.
                                                               i.      If granted, it provides an entry point to the library
                                                             ii.      To render WCM objects in Rendering Portlet/Servlet, a user must be granted at least the User role on the library itself
                                                            iii.      To access WCM objects in Authoring Portlet, a user must granted at least contributor access to a library
b.      Item type per library : Item Type access controls define the item type views and tasks a user can access within the authoring portlet for particular library.
                                                              i.      The permissions set for item types in a library do not automatically give you access to individual items. They only give you access to specific tasks and views within the authoring portlet .  For example, a Manager to the Components type has access to the Purge and Unlock actions but, if that user does not also have Manager access to an individual component then the Purge and Unlock actions will not be enabled when that component is selected
                                                            ii.      In production, not all user groups need to access every WCM feature.  Like content authors doesn’t require “authoring templates” or “workflow” views..etc. By setting permissions at the item types  we can accomplish use cases like that.

c.       Item level :  Item level access controls define the actions that a user can perform on an individual item.
                                                              i.      library security is propagated by default to the library items. However, it is possible to override those permissions at the item level.
                                                            ii.      Item level security management depends on whether the item has a workflow or not
1.       Administrator defined security settings are provided for every item
2.       If the item has a workflow, effective security settings are the combination of inheritance, administrator, and current workflow stage security settings
3.       If the item does not have a workflow, effective security settings are the combination of inheritance, administrator, and user security
                               
                                                          iii.      Five different access levels (user, contributor, editor , manager and Approver) can be granted to every WCM item (Approver is only for the items that participate in workflow).
                                                           iv.      Workflow settings depend on the current workflow stage and cannot be edited

Create WebContent Viewer Portlet Clone-multiple WCM portlets instances with same configuration

Use Case: 
When you have WCM content viewer portlet on the multiple pages with same configuration like right rail portlets (support or contact us …etc) where its configured with same content items or JSP component (context will be depend on the sitearea associated with page ..etc).

Steps

1. Clone the Web Content Viewer – (JSR 286) portlet and name that like “CMP-FeaturedArticles” based on requirement



2. Once you clone the portlet , Click on the configure portlet and set the following preferences based on requirement.



3. Add the following preferences



4. Now you can add instance of this portlet on any page , all instances will get same preferences or WCM configuration. This will reduce effort to configure the each portlet instance manually.

NOTE :

1. You can pass different set of preferences , to identify exact key value pairs export sample page with WCM portlet configured manually or  Click Here for the full list of XML configuration interface parameters for the JSR 286 web content viewer.


2. If you are using the Web content pages (portal pages with content mapping) then context of the page will be the sitearea attached.