David Sean Taylor wrote:
> Hi All,
>
> I've updated the profiler proposal with your suggestions, thank you all very
> much.
> Now I need to implement this thing :)
> In order to do so, I am asking your permission for CVS write access.
>
+1, even if I imagine he has already the write access. :-)
>
> David
>
> ----------------------------------------------------------------------------
> ---------
>
> ============================
> Jetspeed Profiler Proposal
> ============================
>
> The ProfilerService is a service to abstract the management and mapping of
> profile resources, also known now as Portal Markup Resources (PSML). The
> Profiler maps a request for a profile to a profile resource. Since each
> implementation of a profiler will be different, we are providing the
> interfaces to the service, and we will also provide a default
> implementation.
>
> The default implementation has a profiling policy defined in this proposal
> based on resource-specific URLs, Mime-Types and language preferences. More
> complex implementations will need to use other inputs in mapping to
> resources such as Cookies, IP Address Ranges, Statistical Resource Usage
> Analysis, Business Rules inside of servlets or EJBs,...
>
> Each ProfilerService will store its profiles in whatever datastore best fits
> the needs of its application, perhaps in LDAP servers, WebDAV, relational
> or object databases. The default service persists to the file system, using
> the existing implementation of PSML files with some changes to the directory
> layout.
>
> The default implementation is meant to be useful for many installations. It
> also provides base functionality which can be reused or extended by other
> implementations.
>
> The ProfilerService is a Turbine service.
>
> ===================================
> The Default Implementation
> ===================================
>
> The default service uses Turbine Security to control access to user, group
> and role resources. It makes use of the new Turbine security. The Rundata
> now has an ACL member, which is used to check for users having access to
> groups and roles. Optionally, this security checking can be configured to be
> turned off.
>
> The basic mapping provided by the default provider:
>
> Resource URL Profile Path --------------->
> Request Language Preferences -----------> Profiler ----------> Actual
> Profile Resource
> Request Mime Types ------------------->
>
> A resource is identified in a request by a Resource URL. This URL is made up
> of the base part of the URL which addresses the server, along with a
> Profile Path portion. The profiler looks at the path, which provides
> addressing for the user, group, role, media type, and localization which is
> used to map to the actual resource.
>
> ----------------------
> Capability Map
> ----------------------
>
> The media type is determined by the CapabilityMap service.
> The CapabilityMap determines the media type from the HTTP headers.
> This media type is then passed to the Profiler to be used in mapping the
> request to a particular PSML resource.
> The CapabilityMap is planned to eventually support W3 CC/PP RDF
> descriptions - see http://www.w3.org/TR/NOTE-CCPP/.
>
> ----------------------
> Users, Groups and Roles
> ----------------------
>
> Groups allow for resources to be shared by users.
> A typical use-case is a common portal page for Human Resources.
> Instead of designing a HR markup for every employee in the company, they
> only design a markup for the organizations (groups) in the company i.e.
> Finance, Accounting, Marketing.
>
> Secure access to groups and roles is controlled by the ProfilerService.
> Since Jetspeed does not yet have a security service in place, it is up to
> the ProfilerService to make use of
> a security service. The Profiler service queries the security service to
> verify that a user has access to the group and role resources.
>
> The default implementation uses Turbine security.
>
> Like groups, roles allow for resources to be shared by users. We are
> providing support for both roles and groups
> since some implementations may use group-based security, while others may
> use role-based security.
>
> Groups and role resources may be specified in the resource URL.
> Alternatively, they can be automatically used when the group or role
> parameter is not specified. The Profiler will make use of the first matching
> group or role resource that a user has read access to.
>
> -----------------
> Resource Names
> -----------------
>
> The Profiler expects to have a default resource for every user.
> To use the default resource, you don't need to specify a resource name in
> the resource URL path. The default resource name is set in the Profiler
> configuration.
>
> In order to specify a resource other than the default markup for a user,
> resource names are specified in the Resource URL Path. To specify a
> non-default resource, a resource name must be specified in the path.
>
> Resource paths are specified using Turbine parameter pairs. Paths specified
> in this format are not order specific, but they do expect that every
> parameter is provided in a name/value consecutive pair in the URL path.
>
> To tell Jetspeed that the request is for a specific portal markup resource,
> use the 'profile' keyword as the name of the parameter, and then the actual
> resource name is specified in the value portion of the pair.
>
> This resource name simply identifies the resource that the user is
> requesting. An example of a 'BenefitsPage' resource would be:
>
> http://host/servlet/jetspeed/profile/BenefitsPage
>
> When no name or path is specified, the default resource is used for the
> current user. The resource name can also have an extension. If it is
> omitted, the default is to append a configurable extension (PSML).
>
> -----------------
> Parameters
> -----------------
>
> Here are the supported parameters in a resource path url:
>
> /profile/<ResourceName> - Specifies the name of the profiling resource.
>
> /role/<RoleName> - Specifies that the request can only be satisfied by a
> common role resource .
> An example would be /profile/FinancePage/role/Accountant/, meaning that we
> are requesting the FinancePage resource, and it is the Finance resource for
> the Accountant role. It will be up to the Profiler implementation to
> determine if the user is authorized to assume this role. The Security
> service, whether it is Turbine Security or other, should hold the
> controlling access information.
>
> /group/<groupName> - Specifies that the request can only be satisfied by a
> common group resource.
> An example would be /group/Finance/profile/BenefitsPage, meaning that we are
> requesting the BenefitsPage, and it is the Benefits page for the group
> 'Finance'. It will be up to the Profiler implementation to determine if the
> user is a member of this group. The Security service, whether it be Turbine
> Security or other, should hold this mapping.
>
> /media-type/<mediaType> - To specifically request a mediatype in the
> request.
>
> /user/ - Specifies that the request can only be satisfied by a user
> resource. An example would be /profile/BenefitsPage/user/, meaning that we
> are requesting the BenefitsPage, but only for the current user. Specifying
> the name of the user is not allowed, only the authenticated username is
> applied. This format breaks the rules of Turbine name/value pairs in
> parameters. Thus, the 'user' keyword must be specified last in the resource
> path.
>
> When no user/group/role parameter is specified, the resource is resolved by
> first looking for a user resource, then a group resource, and finally a role
> resource. Only groups and roles that the user has read acess priveleges will
> be considered.
>
> -------------------------------
> Localized Resources
> --------------------------------
>
> Resources can optionally be localized.
> This is done by suffixing the resource name. The suffix is made up of a
> required ISO-639 standard two-character language abbreviation, and an
> optional IS0-3166 standard two-character country code abbreviation.
>
> The suffix is of the format:
>
> _lc_cc
>
> where:
>
> lc = language code
> cc = country code
>
> Some examples
>
> groups/accounting/html/default_fr_FR.psml // french language, France
> groups/accounting/html/default_fr.psml // french language, any country
>
> For a given locale of fr_FR, the search order for the default accounting
> resource would be:
>
> groups/accounting/html/default_fr_FR.psml
> groups/accounting/html/default_fr.psml
> groups/accounting/html/default.psml
>
> The profiler will look at the "Content Language" HTML header for locale
> specific settings. If there are multiple settings, all settings will be
> searched until the first resource is found.
>
> Localization can be configured in the JetspeedResources.properties file.
>
> You can configure a default language. This language will be considered the
> default language and no suffix will be necessary for their resources.
>
> # only french belgium
> profiler.language.default=fr_BE
>
> # default language any spanish
> profiler.language.default=es
>
> # all resources must be suffixed
> profiler.language.default=
>
> To turn on/off all localization checking:
> profiler.default=true/false
>
> For a complete list of ISO-639 standard language abbreviations, see:
> http://www.ics.uci.edu/pub/ietf/http/related/iso639.txt
>
> For a complete list of ISO-3166 standard country code abbreviations, see:
> http://userpage.chemie.fu-berlin.de/diverse/doc/ISO_3166.html
>
> -------------------------------
> Device Explicit Resource Names
> --------------------------------
>
> Optionally, names can include the media type explicitly.
>
> http://host/servlet/jetspeed/profile/BenefitsPage/media-type/html/user/
>
> In this case, the 'media-type' parameter must be specified, and then the
> actual media type as the parameter value. The above example explicitly asks
> for the html resource for the BenefitsPage, and explicitly for the current
> user. First the profiler will look for the media type in the resource name.
> If it is not specified there, it will then query the CapabilityMap.
>
> -------------------------------
> Default Media-Type and Fallback
> --------------------------------
>
> If a request is for a given media type, and the resource is not found for
> the given media type, then the profiler will fallback to a default resource
> if available. This default resource is assumed to work for all media types
> without a specific resource. The default media type resource should be
> placed in the root directory for a given user, role or group.
>
> -------------------------------
> Anonymous Access and Profiles
> --------------------------------
>
> The default resource shown to anonymous logons is configured with
> profiler.anon.directory setting. A device specific path could be set here,
> but probably should not so that Jetspeed can autodectect the media type.
>
> # Directory used for anonymous access
> profiler.anon.directory=/user/default/
>
> The actual resource displayed is then dependent on media type, language, and
> the default resource markup filename.
>
> Profiles available to anonymous users are configured with:
>
> profiler.anon.profiles=/role/TennisNewUserProfile
> profiler.anon.profiles=/role/RugbyNewUserProfile
> profiler.anon.profiles=/role/BadmintonNewUserProfile
>
> These are not used directly by the default profiler, but could be used by
> applications to provide choices of profiles available to anonymous users.
> The roles must actually have their security setup correctly to work, meaning
> that access should be given to 'everyone' on these roles.
>
> -------------------------------
> Authorized Profiles
> --------------------------------
> When a user first signs up, they could be given a choice of profiles
> available authorized users. This services can be configured as:
>
> profiler.authorized.profiles=/role/engineer/
> profiler.authorized.profiles=/group/accounting/
>
> --------------------------------
> Cookie-based Anonymous Sessions
> --------------------------------
> Cookies are used to automatically remember an unauthorized user's last
> profile The cookie would remember which 'anon' role it used last. This
> provides access for unauthorized users to other resources besides the
> default.
>
> --------------------------------
> Cookie-based Authorized Sessions
> --------------------------------
> Cookies are used to automatically logon an authorized user and remember the
> default profile for the authorized user.
>
> --------
> Profile
> --------
>
> PSML resource are materialised as a 'Profile' object.
> It would be interesting if the Profile's contents (Controls, Controllers,
> Portlets) were also first-class persistence-capable objects, so that
> Customizers could store changes to one portlet ref instead of re-writing the
> entire psml tree. At this point in time, the Profile will simply be a
> wrapper around the existing implementation along with some new accessors.
>
> -----------------------------------
> Jetspeed Resources Configuration
> -----------------------------------
>
> # The Profiler Service is implemented as a Turbine service.
> services.Profiler.classname=org.apache.jetspeed.services.profiler.JetspeedPr
> ofilerService
>
> # Base URL for fetching user configuration files
> # for use with the default profiler
> profiler.base.url=/profiles/
>
> # Directory used for anonymous access
> profiler.anon.dir=/profiles/user/default/
>
> # default markup file
> profiler.default.markup=default
>
> # default markup file per user
> profiler.default.ext=psml
>
> # default markup file per user
> profiler.security=true/false
>
> # only french belgium
> profiler.language.default=fr_BE
>
> # default language any spanish
> profiler.language.default=es
>
> # all resources must be suffixed
> profiler.language.default=
>
> To turn on/off all localization checking:
> profiler.default=true/false
>
> profiler.anon.profiles=
> profiler.authorized.profiles=
>
> ----------------
> Directory Layout
> -----------------
>
> All resources are defined as relative to the root (profiler.base.url).
>
> Markup files are organized in directories under the root. There are three
> subpaths under the root:
>
> Root
> | --- / user
> | --- / role
> | --- / group
>
> Under the /user subtree, are the directories for all users and likewise for
> roles and groups:
>
> user
> | --- / raul
> | --- / steve
> | --- / luis
>
> role
> | --- / engineer
> | --- / accountant
> | --- / supervisor
>
> group
> | --- / finance
> | --- / marketing
> | --- / accounting
>
> Under each of these subtrees, there is one directory for each media type.
> Media types are capable of supporting one or more mime types.
> For instance, both "text/html" and "text/dhtml" could map to the the same
> media type. But they also may not. This mapping is controlled in the Portlet
> Registry (JetspeedConfig.jcfg) with the CapabilityMapRegistry.
>
> In the example below, both mime types map to the same media type.
>
> <capability-map-registry>
> <capability-map-entry name="html">
> <mime-type>text/html</mime-type>
> </capability-map-entry>
>
> <capability-map-entry name="html">
> <mime-type>text/dhtml</mime-type>
> </capability-map-entry>
>
> Media types are defined in the media type registry.
>
> <media-type-registry>
>
> <media-type-entry name="html">
> <capability-map ref="html"/>
> <meta-info>
> <title>HTML</title>
> </meta-info>
> </media-type-entry>
>
> ----------
> Examples
> ----------
>
> Here is an example tree:
>
> {root}
> users
> {default}
> default.psml // fallback: can be used as crossdevice media
> html
> default.psml
> raul
> html
> default.psml
> page1.psml
> wml
> default.psml
> steve
> default.psml // fallback: can be used as crossdevice media
> html
> default.psml
> groups
> accounting
> html
> default.psml
> page1.psml
> wml
> default.psml
> marketing
> html
> default.psml
>
> An incoming request from an html browser of:
>
> http://server/servlet/jetspeed
>
> would map to the resource path:
>
> {root}/user/{current-user}/html/default.psml
>
> An incoming request from an html browser of:
>
> http://server/servlet/jetspeed/group/sales/profile/SalesCenter
>
> would map to the resource path:
>
> {root}/group/sales/html/SalesCenter.psml
>
> An incoming request from a wml browser of:
>
> http://server/servlet/jetspeed/profile/JavaCenter/role/programmer/
>
> would map to the resource path:
>
> {root}/role/programmer/wml/JavaCenter.psml
>
> An incoming request from a wml browser of for user 'raul':
>
> http://server/servlet/jetspeed/profile/MySportsPortal
>
> would map to the resource path:
>
> {root}/user/raul/wml/MySportsPage.psml
>
> and if that failed, it would try again for the user's groups and roles.
> it may find a page such as:
>
> {root}/role/footballfan/wml/MySportsPage.psml
>
> -------------------------
> Modifications to the Code
> -------------------------
>
> The JetspeedProfilerService will be implemented in the
> org.apache.jetspeed.services.profiler package.
>
> The ProfilerService interface will be placed in the
> org.apache.jetspeed.services.profiler package.
>
> The Profile interface will be place in the org.apache.jetspeed.om.profiler
>
> The JetspeedProfile class will be implemented and placed in the
> org.apache.jetspeed.om.profiler package
>
> The interception of requests will only occur in
> org.apache.jetspeed.turbine.screens.Home.java
> Home.java will need to be modified.
> This is under the assumption that there is only one entry point into
> Jetspeed markup generation.
>
> The package org.apache.jetspeed.profiler will be removed.
> All import statements to this package will be replaced with imports to the
> service.
> A few new string resources will be adaded to JetspeedResources.java
>
> ------------------------------
> Modifications to Configuration
> ------------------------------
>
> The Profile Registry in the jcfg file would be removed.
>
> The 'psml' directory will be removed.
>
> A new directory under 'content' will be added, 'profiles'.
> It will have the structure as shown in the default implementation above.
>
> The JetspeedResources.Properties will be modified to add the configuration
> settings described above.
>
> Add the profiler service to the TurbineResources.Properties.
>
> ====================
> Interfaces
> ====================
>
> All profiler services must implement the ProfilerService interface.
> The Profile interface defines a profile instance.
> A Profile is the object representation of a Jetspeed PSML resource.
>
> public interface ProfilerService extends Service {
>
> /** The name of this service */
> public String SERVICE_NAME = "ProfileManager";
>
> /*
> * get the Profile object using the Rundata state and capability map
> * this is the mapping functionality of the profiler
> *
> * @param rundata the rundata object for the current request
> * @return a Profile object if found by the manager or null
> */
> public Profile getProfile(RunData rundata);
>
> /*
> * stores a cookie in response to the current resource
> *
> * @param rundata the rundata object for the current request
> */
> public void storeCookie(RunData rundata);
>
> }
>
> public interface Profile extends Initable {
> /**
> Gets the root set of portlets for this profile object.
>
> @return The root portlet set for this profile.
> */
> public PortletSet getRootSet();
>
> /**
> Gets the PortletSetFactory for this profile
>
> @return The portlet set factory for this profile.
> */
> public PortletSetFactory getFactory();
>
> /**
> stores the resource by merging and rewriting the psml file
>
> @throws ProfileException if an error occurs storing the profile
> */
> public void store() throws ProfileException;
>
> }
>
> ------------------------------------------
> Jetspeed Default Implementation Accessors:
> ------------------------------------------
>
> class JetspeedProfile
> {
> /*
> accessors
> */
> String getUser();
> String getGroup();
> String getRole();
> String getResourceName();
> String getResourcePath();
> String getMediaType();
> String getLanguageCode();
> String getCountryCode();
> }
>
> class JetspeedProfilerService
> {
> /*
> get the base URL for the profile registry
> */
> String getBaseURL();
>
> /*
> get the default resource name
> */
> String getDefaultResourceName();
>
> /*
> is security enabled
> */
> boolean isSecurityEnabled();
>
> getAuthorizedProfiles();
> getAnonymousProfiles();
> }
>
> ==============================
> Future Directions
> ==============================
>
> - Mapping IP address ranges to Groups. This would require a table, either in
> the database or a simple text file.
>
> - Dynamic profiling based on usage statistics
>
> - The Profile's content generation based on runtime criteria, not static
> psml files
>
> --
> --------------------------------------------------------------
> Please read the FAQ! <http://java.apache.org/faq/>
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Archives and Other: <http://marc.theaimsgroup.com/?l=jetspeed>
> Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://marc.theaimsgroup.com/?l=jetspeed>
Problems?: [EMAIL PROTECTED]
