Liferay OpenLDAP import/export

So here is what I want to accomplish, have Liferay (V5.5) authenticate against OpenLDAP and be able to import user/groups. After try and error I was able to configure the import functionality.

First you have to open portal.properties and comment the ldap.import.method=user and uncomment ldap.import.method=group. The explanation is enclosed in the comments.

# Set either user or group for import method. If set to user, portal will

# import all users and the groups associated with those users. If set to

# group, the portal import all groups and the users associated those groups.

# This value should be set based on how your LDAP server stores group

# membership information.

#

#ldap.import.method=user

ldap.import.method=group

Afterwards you have to login to Liferay as an admin user and go to the 'Enterprise Admin Portlet'-> Settings-> Authentication -> LDAP and set accordingly to your LDAP server. In every estep of the configuration you can validate that is making the connections.

Finally, section Import/Export should be configured like this:

Websphere & Spring Security 2.0 (formerly ACEGI)

I'm doing a proof of concept to demonstrate how can Spring Security 2.0 be applied in a Websphere 6.1 environment. My goal is to secure a Webapp using Spring Security instead of J2EE Security.

The first bump in the road came when I was getting a 404 while configuring the AuthenticationProcessingFilter (Form Based Security). The form was posts to:

/j_acegi_security_check

There are several documented bugs about this filter behavior. Spring Security relies on filters so you need to enable WAS 6.1 to enable for filters to be called even when a static/file resource does not exist. Bassically you need to set a Custom Web Container property:

1. Go to WAS 6.1 admin console to Application Servers and click on the server you want to configure
2. Then on the right side expand the Web Container tree and select Web Conainer
3. Click on Custom Properties
4. Add a new property called com.ibm.ws.webcontainer.invokefilterscompatibility value true
   
5. Restart the server

Now you won't get the 404 error when invoking filters that handle nonexistent locations thus Spring Security filters will work.

Install SpringIDE plugin on RAD 7

For those of you trying to install Spring IDE on IBM RAD 7 this post may come in handy.

I installed Spring IDE on RAD7 version 7.0.0.6, which is Eclipse 3.2.2 based. The SpringIDE plugin expects AspectJ Development Tools (AJDT) version 1.5.1 BUT this version of AJDT is not compatible with Eclipse 3.2. So in order to install the plugin you must first install AJDT 1.4.2 for Eclipse 3.2.2. Point your Eclipse Update Manager to:

• AJDT 1.4.2 for Eclipse 3.2.2
• Update Site URL: http://download.eclipse.org/tools/ajdt/32/update

Once you finish the AJDT installation its time to install the SpringIDE plugin. If you pay close attention to the SpringIDE installation instructions, you'll notice SpringIDE requires a Eclipse 3.2 or 3.3, so if you are doing a Clean Install, you should install the Spring IDE Dependencies (required for Eclipse 3.2.).

Having that in mind, launch RAD7 and add a new Remote Site in the Eclipse Update Manager potinting to http://springide.org/updatesite . Be sure to select ONLY the foloowing packages (I'm not integrating with Mylyn by the way):

• Core
• Dependencies
• Extensions
• Integrations
• Spring IDE AJDT Integration

That's it! Finish the installation and restart RAD7. Now you should be able to add Spring Project Nature to your projects, view Bean Graphs, Web Flows, etc. Have Fun with it.

Hibernate Tools Version Field Mapping

Been using Hibernate tools (HibernateTools-3.2.0.GA) to create some domain classes and mappings out of my existing DB, basically doing some reverse engineering. I came across a bug that I think I should point out.

If the tool encounters a field name VERSION in any table it will not generate a property mapping but a version (tag see below).

<version name="version" type="big_decimal">
<column name="VERSION" precision="22" scale="0"/>
</version>

when it should be

<property name="version" type="big_decimal">
<column name="VERSION" precision="22" scale="0"/>
</property>

Guess you'll have to modify the hbm.xml files manually.

Maven 2 External Dependencies

Been playing with Maven for a little while. I ran intro some trouble setting up dependencies that I manually installed on my local repository $USER_HOME\.m2\repository.

Maven Guide to installing 3rd party JARS describes how to do this. It's basically one command

mvn install:install-file -Dfile= -DgroupId= -DartifactId= -Dversion= -Dpackaging=

Now when I tried to mvn compile It failed and as part of the debug output stated:

[DEBUG] Artifact not found - using stub model: Unable to download the artifact from any repository

This error was due to the fact that the previous command didn't generate the pom file for every external jar that I added. By adding the -DgeneratePom=true solved the issue.

mvn install:install-file -Dfile= -DgroupId=-DartifactId= -Dversion= -Dpackaging= -DgeneratePom=true


Hope this helps.

On a side note, I know I haven't been publishing as regularly as I used to do it. I'm planning on be more religious about this. Lately I been also working with Websphere 6.1, RAD7 and other IBM tools. Now I know this are not open source and the intent of the log is to address open source technology, but since I belive it's going to be useful I'm going to post that anyway. Besides... its a blog not a publication :D

Configure Apache2 and jboss-4.2.2.GA

My company decided to host our site on an Apache2 www server (finally!). So setting up Apache was no prob. As part of the solution we want Apache 2 to forward request to Jboss so I installed mod_jk to accomplish this.

There is a nice Jboss setup guide, which is part of the official documentation here . Our configuration does not need load balancing so there is a good hint on section "17.4. Configure worker nodes in mod_jk", which states:

A non-loadbalanced setup with a single node requires a worker.list=node1 entry.

So if you follow all the steps described in that guide, you should only do the following changes for a single node request forwarding:

mod-jk.conf:

# Mount your applications
JkMount /application/* node1

workers.properties (you can comment everything else so if looks like this. I'm testing on my laptop so I'm using localhost, change appropiately):

worker.list=node1

# Define Node1
# modify the host as your host IP or DNS name.
worker.node1.port=8009
worker.node1.host=localhost
worker.node1.type=ajp13
worker.node1.lbfactor=1

uriworkermap.properties:

# Simple worker configuration file

# Mount the Servlet context to the ajp13 worker
/jmx-console=node1
/jmx-console/*=node1
/web-console=node1
/web-console/*=node1

That's it go to http://localhost/web-console/ and if it displays it you are done. Hope this post was helpful :)

ICAClient on Fedora 8

For those of you that need to install the Citix ICA Client 10.6.1 on Linux Fedora 8. If you try to install the rpm provided here, you may come up with this error:

error: Failed dependencies:
libXm.so.3 is needed by ICAClient-10.6-1.i386
libXp.so.6 is needed by ICAClient-10.6-1.i386

So you can use yum to get libXp like this

yum -y install libXp

as for libXm3, I found it here so be sure to install it.

Then, during the actual connectio, you may be prompted to trust some Equifax issued certificate. You'll have to download the Root certificates from:

http://www.geotrust.com/resources/root_certificates/index.asp

and copy them to:

/usr/lib/ICAClient/keystore/cacerts/

after all of this you should install the plugin for firefox:

ln -s /usr/lib/ICAClient/npica.so /usr/lib/mozilla/plugins/

Now see about:plugins from firefox just to make sure the plugin was configured OK. After this when you launch the ICA connection it should work with no problems.