velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Wubbel" <John.Wub...@pediatricnetwork.com>
Subject RE: Using SSL with Velocity Portlets
Date Thu, 10 Oct 2002 20:37:16 GMT
Ed,

Thank you for responding. I sent a similar post to the Jetspeed list back in 
August. No one responded. I am still in a learning mode so I have scoured the 
Jetspeed, Turbine & Velocity lists for information about what one can or can 
not do within this framework. And, I have been reading the source code to gain 
a deeper understanding. 

I initially started working with my System Administrator to configure the 
Apache Server. He has the latest security patches installed and configured the 
mod_ssl. Next we started looking at the Tomcat thinking we needed to uncomment 
a section in the server.xml file to allow SSL connection. However, I am also 
reading from the Tomcat on-line doc "SSL Configuration HOW-TO" in section "SSL 
and Tomcat" that it is only necessary to configure Tomcat for secure sockets if 
it is a standalone web server. In our case, we are running Tomcat as the 
primary container behind the Apache Server. Right now I am not concerned about 
authentication, probably Client Authentication in our case, as I am with having 
a secure connection. Since the user logs on to the portal and is authenticated 
for access to the resources we have in the portal, authentication seems 
redundant. Maybe my assumption is incorrect though.

Next, we took a look at the TurbineResources.properties to make sure it was 
configured for SSL. Having said all that, I turn now to our code. As I said our 
portlet is modeled after the Hello World Velocity example. Consequently, we 
have 2 source files located on the server under the 
jetspeed/WEB_INF/classes/... in support of the Velocity Template.
com/director/portal/portlets/MRPanelPortlet.java which is 
public class MRPanelPortlet extends VelocityPortlet
{
...
}
and in support of the actions
com/director/modules/actions/portlets/MRPanelAction.java
represented with
public class MRPanelAction extends VelocityPortletAction
{
...
}
When the portlet is initialized, the buildNormalContext method is called and 
the template is populated with a few dynamic data items. Within the template we 
replaced
<form action="$jlink" method="POST"> with 
<form action="$link.setSecure()" method="POST"> 
The non-secure action in the first case works fine. The doUpdate action is 
called, the data is saved to the database and the screen is refreshed. When we 
run it with the setSecure() to give us the proper protocol, our doUpdate 
routine is not executed. The portlet based on what I see in the jetspeed.log 
file if I interpret things correctly looks as though it is a new session for 
the portlet. 

Some templates in the portal will have the requirement for sending data via a 
secure socket and some will not. Based on what I have read, when the template 
is returned from class MRPanelPortlet you cannot pre-empt the response in any 
way to change the protocol before it gets sent to the client browser. I would 
like to know if this assumption is correct. My confidence in my ability to get 
this to work is low because I do not have the experience yet in implementing 
this and I am thinking it is a combination of several things that have to be in 
place both in the template and the supporting code to get it to work. Any and 
all comments or discussion are welcome to enlighten me.

Regards,
John Wubbel
John Wubbel Consulting

On 10 Oct 2002 at 9:11, Ed Yu wrote:

> This is more of an Apache SSL (or mod_ssl) issue. This is the link to
> how to configure portion of the web server to be secure:
> 
> http://www.modssl.org/docs/2.8/ssl_howto.html
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
> Ed Yu, Senior Solutions Architect (IBM Certified AIX Administrator), 
> Advanced Solutions Group, Physics Dept., University of South Carolina,
> Columbia, SC 29208 
> Office (803)777-8831, FAX (803)777-8833, Email ekyu@asgnet.psc.sc.edu
> 
> > -----Original Message-----
> > From: John Wubbel [mailto:John.Wubbel@pediatricnetwork.com]
> > Sent: Thursday, October 10, 2002 1:15 AM
> > To: velocity-user@jakarta.apache.org
> > Subject: Using SSL with Velocity Portlets
> > 
> > I request your comments on the following question. I have implemented
> a
> > Velocity Portlet in Jetspeed modeled after the Hello Velocity example
> with
> > an
> > action. My portlet is a form designed to capture some information from
> the
> > user. The implementation works fine and the data is put into a
> database
> > running
> > on the server. Now I find out from the customer that some of the data
> to
> > be
> > submitted by the end-user is confidential. How can I configure this
> > portlet to
> > be using SSL so the information is secure? My server runs Apache with
> port
> > 443
> > active and Jetspeed is running via Tomcat. In the
> > TurbineResources.properties
> > the use.ssl is set to true. If I set the action=https://... in the
> > template and
> > submit it, will it not complete successfully because of the fact that
> the
> > originating session for the portlet was non-secure? I would like to
> have a
> > better understanding of how SSL can be used in Jetspeed and where.
> Thanks
> > for
> > any help.
> > 
> > Sincerely,
> > John Wubbel
> > 
> > 
> > 
> > 
> > 
> > 
> > --
> > To unsubscribe, e-mail:   <mailto:velocity-user-
> > unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail: <mailto:velocity-user-
> > help@jakarta.apache.org>
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:velocity-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:velocity-user-help@jakarta.apache.org>



Sincerely,
John Wubbel
President & CEO
-----------------------------------------------------------------------------
The John Wubbel Consultancy, Inc.
Authorized MySQL Consulting & Service Provider
http://www.pediatricnetwork.com/jwc/jwc.htm

Member: The Greater Delray Beach Chamber of Commerce

AOL AIM ID jjwubbel
ICQ 78721204

mailTo: John.Wubbel@pediatricnetwork.com

Mobil Telephone: (847) 922-5498

Page: (847) 922-5498 Listen for the voice mail message then press 5, enter 
callback number.
Mobil E-Mail: 8479225498@mobil.att.net (i.e. 150 character limit)

Home Office: (561) 495-0358
--------------------------------------------------------------------------------
---
NOTICE: This e-mail message, together with any attachments, 
contains information of John Wubbel Consultancy, Inc. (Delray 
Beach, Florida  33484) that may be confidential, proprietary 
copyrighted and /or legally privileged, and is intended solely for 
the use of the individual or entity named in this message. If you 
are not the intended recipient, and have received this message 
in error, please immediately return this by e-mail and then delete it.
--------------------------------------------------------------------------------
------

 



--
To unsubscribe, e-mail:   <mailto:velocity-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:velocity-user-help@jakarta.apache.org>


Mime
View raw message