Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
ibm.com/redbooks
Redpaper
International Technical Support Organization IBM Lotus Domino Application Portlet Configuration and Tips December 2004
Note: Before using this information and the product it supports, read the information in Notices on page v.
First Edition (December 2004) This edition applies to Version 1.0 and Version 1.1 of the Domino Application Portlet
Copyright International Business Machines Corporation 2004. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .v Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Become a published author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Comments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Chapter 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1 Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1.1 Setup if you have installed Domino Extended Product portlets . . . . . . . . . . . . . . . 1.2 Configuration options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2.1 Source and Display tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2.2 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2.3 Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2.4 Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3 Edit options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 2 3 3 4 5 6 6
Chapter 2. Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.1 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.2 No authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.3 Basic authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.4 Session based authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.5 Single sign on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.5.1 Single sign on setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.6 Credential vault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.6.1 System slot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.6.2 Shared slot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.6.3 Private slot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Chapter 3. Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.1 Types of caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2 Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3 Cacheable objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4 Cache size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.5 Using caching to improve DAP performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chapter 4. Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1 Regular expression parser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1.1 Input expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1.2 Output functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1.3 Output expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1.4 Blocks within the expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1.5 Process for applying regular expression rules . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2 HTML parser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2.1 Input expression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2.2 Output expression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2.3 Output functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2.4 Process for applying HTML rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3 Correlation between the rulesets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 16 16 18 19 19 21 22 22 23 24 24 25 27 28 28 28 29 30
iii
Chapter 5. Samples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.1 Setting up Domino. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2 Setting up DAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2.1 Install portlet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2.2 Create page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2.3 Add portlet to page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2.4 Initialize portlet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3 Exploring the application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.4 Fixing the icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.5 TCP/IP trace proxies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.6 Fixing the greedy information page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.7 Switching to the HTML parser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.8 Escalating security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.9 Another sample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chapter 6. Updates to Domino Application Portlet 1.1 . . . . . . . . . . . . . . . . . . . . . . . . . 6.1 Debug tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.2 Error reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.3 Customized rule sets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.4 Support for Domino Web Access (iNotes) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.5 Selective MIME types for Rules tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.6 Output functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.7 Performance improvements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.8 Default to users mail file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.9 New URL re-writing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Appendix A. Known issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A.1 Anonymous access issue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A.2 Maximize portlet issue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A.3 Refresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A.4 Language version issue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A.5 New window opening in Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A.6 Alignment in BIDI language configuration and edit modes . . . . . . . . . . . . . . . . . . . . . . A.7 Richtext applet icons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A.8 Configuration performance (WPS 5.0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A.9 Configuration performance (WPS 4.1.2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A.10 Load issue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A.11 Table properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A.12 Domino Web Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
33 34 34 34 34 34 35 36 37 39 40 41 42 44 49 50 51 52 52 52 52 53 53 54 55 56 56 56 56 56 57 57 57 57 57 57 58
Appendix B. Additional material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Locating the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Using the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Online resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How to get IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Help from IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 61 61 61 61
iv
Notices
This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing, IBM Corporation, North Castle Drive Armonk, NY 10504-1785 U.S.A. The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrates programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy, modify, and distribute these sample programs in any form without payment to IBM for the purposes of developing, using, marketing, or distributing application programs conforming to IBM's application programming interfaces.
Trademarks
The following terms are trademarks of the International Business Machines Corporation in the United States, other countries, or both:
ibm.com iNotes Domino IBM Lotus Redbooks Redbooks (logo) WebSphere Workplace
The following terms are trademarks of other companies: Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, and service names may be trademarks or service marks of others.
vi
Preface
This IBM Redpaper discusses the Domino Access Portlet. WebSphere Portal is a complete portal solution. It provides customers with integrated content and applications in addition to a unified, collaborative workplace. Domino is a comprehensive application platform. Customers have invested heavily to exploit the power of Domino in developing proprietary applications. As a result they are understandably reluctant to start again and move towards the benefits of a portal environment. The main question asked by such customers is how do we move our Domino applications into a portal. Domino Application Portlet (DAP) provides the solution. It facilitates the easy integration of Domino Web Applications into a portal server. This paper will describe DAP in detail and will give practical examples on configuring and customizing this portlet.
Comments welcome
Your comments are important to us! We want our papers to be as helpful as possible. Send us your comments about this Redpaper or other Redbooks in one of the following ways: Use the online Contact us review redbook form found at:
ibm.com/redbooks
Mail your comments to: IBM Corporation, International Technical Support Organization Dept. JLU Mail Station P099 2455 South Road Poughkeepsie, New York 12601-5400
vii
viii
Chapter 1.
Introduction
The Domino Application Portlet (DAP) integrates the content and technology of existing Domino Web Applications into the Portal environment. It allows customers to insert these existing applications into portlets and display them on a portal server with minimal development effort. Most importantly, it renders the portlets of the Domino Web application within the context of the portal, thereby keeping the user within the context and navigational scheme of the portal. The Domino Application Portlet acts like a reverse proxy, proxying the content from the back end servers through to the browser. It appears to the browser to be the real content server. The Domino Application Portlet (DAP) channels all requests from the user client (browser) through the portal and on to the Domino HTTP server in the back end. The portlet contains an iframe with an embedded servlet that is responsible for the actual connection and display of the Domino content. It manages cookies, caching, user authentication, and framing. Rules-based parsers rewrite the content produced by the Domino HTTP server. This document explores the setup and configuration of DAP. The rest of this chapter examines the basic setup and gives an overview of the configuration options available. This is followed by a number of sections that provide a detailed examination of these options. Chapter 5, Samples on page 33 contains two concrete examples that show how to setup DAP and write rules that tailor it for your own application. Chapter 6, Updates to Domino Application Portlet 1.1 on page 49 discusses specific improvements and updates which have been made in Version 1.1 of DAP, released in September of 2004. Finally there is a description of some known problems we have discovered.
1.1 Setup
DAP is setup like any other portlet, the WAR file is installed and then the portlet is added to a page1. To install DAP onto the portal server you must be logged in with administrator rights on the Portal. An example of installing and setting up DAP is given in 5.2, Setting up DAP on page 34.
1 This is true for the standalone version available from the portlet catalog. However in Lotus Workplace DAP is installed with all the other portlets.
My Workplace Tab - access to fully integrated collaborative portlets Domino Application Portlet
available to a normal portlet user in edit mode. So for example, a normal user could configure a DAP portlet to point to his/her mail database without having to have administrator rights for the portlet.
1.2.2 Authentication
The authentication settings may be modified on the authentication tab of the configuration menu. These settings define the model DAP will use to authenticate with the Domino server and also where in the Credential Vault the username and password may be found. A number of options may be set including storage in the Credential Vault or use of Single Sign On. Note if a user is required to enter a password (for example in Basic Authentication) this will need to be done in the Edit settings. A more in-depth description of Authentication may be found in Chapter 2, Authentication on page 9.
1.2.3 Caching
Within the Caching tab settings that affect the storage of cached objects from DAP may be set. While the browser has its own caching a user may also define a number of caching mechanisms for the DAP portlet. Essentially these mechanisms define where and how objects that are passed between Domino and DAP are stored. This caching takes place on the Portal server and use of caching here prevents unnecessary calls to the Domino server. A detailed description of the options here may be found in Chapter 3, Caching on page 15.
Chapter 1. Introduction
1.2.4 Rules
The rules tab defines the rules that are used to transform URLs and links in the Domino content so that they point to DAP instead of to the Domino server. These rules come in two forms that are mutually exclusive, Regular Expression Rules or HTML Rules. While there is too much detail to go into here and a detailed explanation is given in Chapter 4, Rules on page 21, the essential difference between the two is that Regular Expression Rules are very flexible, but complicated. while HTML rules are simpler and faster, but less flexible.
The edit page is where a user must enter their Domino username and password if they are using Basic or Session based authentication. This page also contains any of the options that the Administrator decided to allow a normal user to configure. These may include the Domino Database settings and the display settings.
Chapter 1. Introduction
Chapter 2.
Authentication
This chapter describes authentication models that the Domino Application Portlet (DAP) can use to authenticate with the target Domino server. The following topics are addressed in detail: No authentication Basic authentication Session based authentication Single sign on Credential vault
2.1 Authentication
To modify the authentication settings click the wrench icon and then the authentication tab. There are four different authentication models that the Domino Application Portlet (DAP) can use to authenticate with the target Domino server. They are none, basic, session, and Single Sign On (SSO).
Domino may require either basic, session-based, or SSO authentication. It is possible to authenticate by configuring the Domino Application Portlet with a lower model than the Domino server requires. For example, you can authenticate against a Domino server configured for single-session authentication by specifying Basic authentication in the Domino Application Portlet. However, you should generally match the portlet authentication model with the Domino server it is accessing.
2.2 No authentication
If the target server and database application does not require any authentication then the none radio button should be selected. When selected, a DAP user will not be required to enter their username and password in the portlet edit mode.
The header value contains the authentication model being used together with the base64-encoding of the string username:password.
10
Upon receiving the request, Domino base64-decodes the string to reveal the username and password, which it then validates.
If session based authentication is enabled, then the initial request to Domino is modified to append the username and password in the URL. The URL then becomes:
http://dominoserver.lan:80/mail/userA.nsf?Login\&use\\rname=userA\&password=password\&re directto=/mail/userA.nsf
When Domino receives this request, it validates the username and password and sends back a cookie called DomSessAuthId. This cookie is then used to authenticate the user on further requests from DAP.
Chapter 2. Authentication
11
To configure Domino follow these steps: 1. Launch the Domino Administrator application. 2. Open the current server document. 3. Press the Create Web (R5)... button then select SSO Configuration as shown in Figure 2-3.
4. Press the Keys... button, then select Import WebSphere LTPA Keys. 5. Specify the location of the key file that you exported the WebSphere LTPA key in the previous step. (You may need to correct the LDAP realm, by adding a \ (backslash) before :389. See technotes Setting up SSO -- 1098010 Troubleshooting SSO -- 1158269). 6. Enter in a value for the DNS Domain value, (e.g., .domain.com"). 7. Enter in the value for the Domino Server Names. This should contain the name of the current Domino server. 8. Give the SSO configuration a name (e.g., LtpaToken"). 9. Press the Save & Close button. 10.In the Current Server Document select the Internet Protocols tab, and then the Domino Web Engine tab, as shown in Figure 2-4 on page 13.
12
11.For Session Authentication select Multiple Servers (SSO). For Web SSO Configuration, select the name you entered in Step 8. 12.Save the document. Finally, restart the Domino server, Application server, and Portal server. SSO is now enabled between the WebSphere and Domino servers.
Chapter 2. Authentication
13
To edit the Credential Vault settings: Go to Administration Access Credential Vault Select the option Add a vault slot. Please ensure that Vault slot is shared is checked. Whatever slot name is used to create the slot must be entered as Slot identifier in the Domino Application Portlet configuration display as shown in Figure 2-6.
14
Chapter 3.
Caching
This chapter discusses caching options for the Domino Access Portlet. It discusses the following topics in detail: Access Cacheable objects Cache size Using caching to improve DAP performance
15
3.2 Access
Figure 3-1 on page 17 shows how objects are accessible by different applications and users depending on how they were cached. In this diagram there are three instances of DAP on a particular server, D1, D2 and D3. On each instance of DAP there are various users accessing them. For example, there are two users UserA (UA) and UserB (UB) accessing DAP instance D1. D1 - UA - The object is only accessible by user A whilst accessing DAP instance D1. D1 - UA and D1 - UB - The object is accessible by user A or user B whilst accessing DAP instance D1. D1 - UA and D2 - UA The object is accessible by user A whilst accessing either DAP instance D1 or D2.
16
Chapter 3. Caching
17
Shared caching is selected. All objects that have an image mime-type, and have an applet mime-type (not shown) are cached in this part of the DAP cache. There is a maximum of 100 objects in the cache. This is the maximum for all objects in all parts of the DAP cache inclusive. The maximum size of each object in the cache is set to 250 kb. It is possible to select more than one part of the cache to be used, e.g., by selecting shared and application caching. If an object qualifies to be cached into more than one part, order will be used to decide.
18
For example, if both "User and Application" and "Application" caching are selected, and an object qualifies to be cached in both, "User and Application" will be chosen. This is because it is more secure than "Application" caching.
Chapter 3. Caching
19
20
Chapter 4.
Rules
The Domino server provides the ability to allow users to browse Domino databases over the Internet. Unfortunately, accessing Domino data through a Portal server does not work in the same way as directly accessing it through an Internet browser. References to resources, such as graphics and applets, and links to other pages are generally relative to the Domino database. In order to access this data correctly through a Portal server these resources and links need to be redirected through the portlet. The Domino Application Portlet uses a parser to configure the content returned by Domino. There are currently two available parsers: a Regular Expression parser and a HTML parser. Each parser uses a set of rules to define the appropriate data transformations necessary to redirect the application through the Portal. The supplied rules are designed to cater to the four supported applications: mail, discussion, teamroom and reservations. However, these rules can be configured, by the portlet administrator, in order to tailor the portlet to support a new database application. In this chapter, these topics are discussed in detail: Regular expression parser HTML parser Correlation between the rulesets
21
This will only match that exact text. However, in most cases we are less sure of what the exact text will be and need to use regular expression to deal with:
action="/mail/user1.nsf/83997d314a7eae6?ReadForm" action="/mail/user2.nsf/83997d314a7eae6?ReadForm"
A separate rule is required for each case. However, this input expression:
action="(.*?)"
This will match all strings of the type action="<some text here>", which gives us much more flexibility and power when writing rules.
Regular expressions
The main matching operators used in the current ruleset are: ( . * ? ) | [] ^ Start a grouping of operators Match any character Zero or more times Use minimum (reluctant) matching End the grouping of operators Logical OR Character class Beginning of a string. If within character class, then signifies logical NOT Actually, the exact input expression parent.window.location,will not match instances of "parent.window.location" within the input text. This is because the input expression contains reserved regular expression characters - the dots. To include any of the regular expression characters in the text part of an input expression you must precede them with a backslash1. So the actual input expression to match cases of "parent.window.location" is: parent\.window\.location
1 For more details on regular expression composition see the Jakarta Regular Expression API http://jakarta.apache.org/regexp/apidocs/org/apache/regexp/RE.html
22
@transform_uri_abs
This function only transforms URLs whose path is absolute (beginning with a forwardslash /).It transforms URLs so that they begin with the servlet path and end with an encrypted and encoded string that references the original URL. In this way the servlet used within the Domino Application Portlet can identify the Domino database to access and the corresponding path of the required resource.
@transform_uri_all
This function operates in a similar manner to transform_uri_abs, but it transforms the URL whether it is absolute (beginning with a forwardslash / ) or relative to the current path. For example, if the current path is http://dominoserver.ibm.com/mydb.nsf/myfolder then a URL of "mail.gif" would be appended to this path, resulting in a URL of http://dominoserver.ibm.com/mydb.nsf/myfolder/mail.gif. This functionality is maintained by the transform_uri_all function, which generates URLs of the type http://portalserver/wps/PA 11 0/rproxy/$$cGDdv$$.nsf/myfolder/mail.gif.
@proxypath
Returns the servlet path that is used to replace the link to the Domino server. An example result of applying this function is /wps/PA 1 0 69/rproxy. This path would then be used to construct a transformed URL.
@host
Returns the name of the Domino Server machine on which the current application is located [e.g.dominoserver.ibm.com.].
@protocol
This function returns the protocol used by the Domino Server (e.g., http or https).
@port
This function returns the port number used by the Domino Server (e.g., 80).
@param(n)
[where n is an integer] This function returns a string corresponding to the nth block (parenthesized expression) in the input expression. The first block is 1, the second 2 and so on. The whole of the matched text is 0. This is described in greater detail in 4.1.4, Blocks within the expressions on page 24.
@parencount
Returns the number of blocks (parenthesized expressions) within the input.
Chapter 4. Rules
23
@baseurl
This is a function dealing with occurrences of URLs within the base tag and is not generally required. These functions are used in the Output Expressions described in 4.1.3, Output expressions on page 24.
There is a corresponding output expression, which defines the transformations to perform on the text matched by the input expression. The output expression may be plain text, such as:
action="/mail/user3.nsf/83997d314a7?ReadForm"
This will replace all occurrences of <some text> with /mail/user3.nsf/83997d314a7?ReadForm. In order to deal with the more general case where we want to transform the string based on the input string, an output function (as described in 4.1.2, Output functions on page 23) is required. This rule uses two output functions @param(1)and @transform uri all().
action="@transform_uri_all(@param(1))"
We see that this expression has one set of parenthesis. Since there may be more than one set per input expression, the blocks are identified by number. In this example, there is only one set so it is referred to as block 1. Subsequent parentheses blocks would be identified by in a similar fashion by the number 2, 3 etc. These block numbers are used in the output expressions to identify the parts of the string to transform. A specific output function:
@param(block_number)
This is used to reference the individual blocks. So given an input string of:
<form name="myForm" action="/mail/user1.nsf/83997d316273?ReadForm">
The regular expression within the parentheses of the input expression matches the URL:
/mail/user1.nsf/83997d316273?ReadForm
24
In order to refer to the URL within the output expression, we would use the following function call:
@param(1)
This will match all instances of applets called myApplet. For one such instance:
<applet name="myApplet" width="250" height="100" codebase="/code" archive="Sample.jar">
The resulting blocks, returned using the @param() function are shown in Figure 4-1. There is also a default block, 0, which refers to the whole matched string.
@param(1) width=250 height=100 @param(2) /code @param(3) archive=Sample.jar Figure 4-1 Constituent Blocks
Ordering of rules
Due to the method in which the rules are processed, the most specific rule must appear first in the ruleset. Since only one rule can match a given portion of text, if the specific rule appears after a more general one then it will never be hit. This is only an issue for similar rules, which may match a subset of the text matched by other rules. Both of the rules src="(.*?)_gif" and src="icon (.*?)_gif" would match the text src="icon print.gif". Since the first rule that matches is applied, the most specific rule should be placed highest in the list of rules. If a different transformation is required for images starting with the text icon, then this rule needs to be before the more general src="(.*?)_gif", otherwise it will never be applied.In this manner there may be several specific rules to deal with specialized cases and then one general rule to catch all other occurrences of the given text.
Chapter 4. Rules
25
This will remain unchanged in the output, even if there is a more general rule, such as src="(.*?)", further down the list.
26
Case-sensitivity
Regular expressions in the Domino Application Portlet are not case-sensitive by default, but you can select case-sensitivity for the input expression of any rule. In some circumstances we do not want to apply rules to specific pieces of text. The rule shown in Table 4-1 will match any possible capitalization of href (e.g Href, HREF,..) but will always produces a lowercase output. However if the case-sensitive box is selected beside the rule in the portlet configuration then only the case given in the input expression will match.
Table 4-1 Regular Expression Rule Showing Input & Output Expressions Input href=(.*?) Output href=@param(1)
Note: The input text must match the input expression exactly, including spaces.
Chapter 4. Rules
27
@transform_uri_all @host @proxypath @protocol @port @baseurl The @param(n) and @parencount output functions are specific to the Regular Expression parser and are not available for use with the HTML parser. There is one output function which is specific to the HTML parser, the @script function. This function is used to call out to the Regular Expression Parser when JavaScript is located within the HTML page. An example of using this function is shown in Table 4-3, where for any tag if an attribute called onclick is found, then the value of that attribute is transformed using the @script function. This rule is used to transform the JavaScript value of the onclick attribute.
Table 4-3 Sample HTML rule using the @script function Tag Input attr * onclick value * Output attr onclick value @script
If four rules are identical except for the Input attribute values shown in Example 4-4, then Rule A is the most specific, while Rule D is the least specific. Rule A will only match the exact text Database, all variants of this text will be ignored. Rule B is slightly more flexible, it will match all text beginning with Database. This means that Database2 and Database list will also match. Rule C is similar to Rule B, but since more of the text has been replaced by the wildcard it is more general. It will match Database, Database list and Data form. Finally, Rule D is the most general since any value will match. This is usually used in cases where the value will have to be modified, such as the value of a href attribute. Table 4-5 on page 30 illustrates some possible text matches based on the rules described in Table 4-4 If rules are identical, except for their Output Attribute and/or Output Value, the rule that appears first in the configuration is used, see Figure 4-4 on page 30.
Chapter 4. Rules
29
Table 4-5 Example text matches for rules in Table 4-4 on page 29 Text Database Database list Data form MyString Matched Rule A B C D
30
When the rules are compared in this way, it is easy to see the relative simplicity of the HTML rules versus their Regular Expression counterparts. However, this simplicity also means a lack of flexibility when defining a new rule. For this reason, the decision over which parser best suits your needs may depend on the complexity level of the rules you will need.
Table 4-7 Equivalent HTML rule Tag Input attr * src value * Output attr src value @transform uri abs
Chapter 4. Rules
31
32
Chapter 5.
Samples
Now that you have acquainted yourselves with the theoretical aspects that underlie the workings of DAP, you are ready to delve into a practical application. In order to complete the following tutorial you will need the following: 1. A Domino 6.X server (in this document well give it the fictitious name domino.domain.com) 2. A portal server (this one we call portal.domino.com) We will host a sample application, called Sample.nsf (supplied with this document), on the Domino server and configure DAP so that the same application will be visible through the portal. We aim to cover as many features of DAP as possible, so we will gradually increase the complexity of the setup.
33
34
Chapter 5. Samples
35
Figure 5-2 Sample application as seen through DAP - note how the applet images failed to load
36
Chapter 5. Samples
37
As you can see the codebase attribute of the applet tag is successfully reverse-proxied, and we urge you to find the corresponding rule in the standard ruleset that is responsible for this translation. You should also note that the URL1 parameter that is passed to the applet obviously refers to a resource on the Domino server, namely the abook.gif icon in the /icons folder. When the page is viewed through the portlet it will request the /icons/abook.gif image from the Portal server which will of course fail. What we need is a rule that will reverse-proxy the value of the URL parameter; click the spanner icon of the portlet and select the Rules tab. Ensure that the rule type is set to Regular Expression. Scroll to the bottom of the page and click the insert rule icon (Figure 5.4) of the last rule. Enter the following in the newly created boxes:
Regular expression:
<param name="URL1" value="(.*?)"
Output model:
<param name="URL1" value="@transform_uri_all(@param(1))"
Now click Save followed by Close, you should now see a small book icon in the applets box. If you look at the frames markup you should see that it has been reverse proxied:
<applet width="250" height="100" codebase="/wps/PA\_1_0_69/rproxy/__PC_7_0_CL_PI_714731__/$$U 2FtcGxl$$.nsf/b2a27ff60012977280256eaf004e2b87/$FILE" code="myPack/TestApplet1.class" name="myApplet" archive="testApplet/Sample3.jar"> <param name="URL1" value="/wps/PA_1_0_69/rproxy/__PC_7_0_CL_ PI_714731__/$$aWNvbnMvYWJvb2suZ2lm$$"> <param name="URL2" value=""> </applet>}
Unfortunately the second icon did not appear. A second more thorough look at the frames markup should identify the following section towards the end of page in need of translation:
... } function go() { document.applets["myApplet"].setImage2("/icons/actn001.gif"); } </script>
38
...
Clearly the applet is being modified programmatically and we need to reverse-proxy the string that is being passed to it through the setImage2 method. Append the following rule to the ruleset: Regular expression:
\.setImage2\("(.*?)"\)
Output model:
.setImage2("@transform_uri_all(@param(1))")
After saving you should see both icons in the applets box, as shown in Figure 5-5.
Figure 5-6 Set-up to capture HTTP traces with the use of proxy trace utilities
Chapter 5. Samples
39
You will need to configure your browser to route its requests to a proxy. Typically you would run the trace utility on your local machine, thus you would point your browser to localhost and whatever port you have configured your proxy trace utility to listen at. Note also that most Domino applications make use of applets which may make their own network requests. So make sure your plugin is configured to route HTTP requests to the proxy. Internet Explorers JVM does not support this but Suns Java plugin does, you can find the relevant options in the Java plug-in control panel under the Proxies tab. DAP, like a browser, can be configured to route all its requests to a proxy, this option is available in the configuration view under the Source and Display tab where you can specify the Proxy Source Server. For the above example setup we would set the proxy source server host to computer.domain.com and the port to 8081. We cant stress enough how useful a HTTP trace can be when debugging a DAP-ed application. For example if the applet of the sample application used a default location to find its icons it would not be immediately obvious that the icon is even being requested. If a proxy trace is in place we would see something like:
GET http://portal.domain.com:9081/icons/actn001.gif HTTP/1.1 cookie: JSESSIONID=000026kWPj0CPiVpb9-ZtxEeZgU:-1 User-Agent: Mozilla/4.0 (Windows 2000 5.0) Java/1.4.2 02 Host: portal.domain.com:9081 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Proxy-Connection: keep-alive
Failing with:
HTTP/1.1 404 Not Found Server: WebSphere Application Server/5.0 Content-Type: text/html Content-Length: 159 <H1>Virtual Host or Web Application Not Found</H1><BR><H3> The web group /icons/actn001.gif has not been defined</H3><BR> <I>IBM WebSphere Application Server</I>
The mere presence of a 404 indicates that something is amiss. There is also a whole group of other problems that would be very hard to diagnose without the help of a trace, for instance it is often necessary to inspect data that is posted as a consequence of a form submission or it may happen that the wrong output model function is used to transform a particular URI which in turn results in some funny requests that without a trace would remain undetected.
40
Obviously a series of JavaScript instructions are executed upon a click which assemble a URL from the current location and then the browser is then sent to it. Notice how the target frame for this operation is top. This is not quite what we want; instead we want the target to be ifa which is the IFRAME containing the reverse proxied page. Thus by adding the rule: Regular expression:
_top
Output model:
ifa
We will obtain the desired behavior. The above example is somewhat contrived, and the rules used to fix far from ideal. The problem is that the rule top is very general and it may well match some text that we do not want to translate. If the text top appears anywhere in the markup it will be translated, for example if elsewhere on the page we had a script with a variable named about to topple that would be transformed into about to ifaple which will in all likelihood prevent the page from working correctly. Sometimes it will prove too difficult to come up with regular expressions that are sufficiently discriminating, in this case you will have to provide pass-through rules for all the instances in which it matches something it shouldnt. In the example above, we would have to add a rule with about to topple as both regular expression and output model with a higher priority than the top-only rule to prevent it from being garbled.
Output:
Output attribute Output value value @transform_uri_all
This is the dual of the first rule we added for the regular expression parser. The other two rules are identical as they are processed by the javascript parser, so you can append them verbatim into the Java Script Rules section of the HTML parser configuration.
Chapter 5. Samples
41
1 If you get insufficient rights when modifying the ACL you may need to modify it locally before starting the Domino server
42
Figure 5-8 Domino requires authentication but DAP is not yet configured to supply credentials
To solve the situation we must set the corresponding authentication method for DAP, so navigate to the Authentication tab in the portlets configuration and select the basic Authentication model (see Figure 5-9).
Now we only need to specify the credentials. Click the pencil icon and enter the username and password of a user in the databases ACL, once these are saved you should see the sample application as previously. Please refer to the chapter on authentication for a more in-depth description of the basic authentication scheme. It is not advised to use this authentication model if the communication channel between the Portal and the Domino server is not secured because the credentials are transferred unencrypted with each request, making it trivial for an eavesdropper to intercept them. The session authentication model is slightly more secure in that the credentials are transmitted to the host only once, so browse to DAPs configuration page and switch the authentication model to Session. You will see an error message similar to the one you saw earlier (see Figure 5-8, this is because the Domino server is not configured to accept session authentication yet). To enable this, open your Server Document in Domino Administrator or WebAdmin and under Internet Protocols Domino Web Engine set Session authentication to Single Server (see Figure 5-10 on page 44).
Chapter 5. Samples
43
Save the document and restart the HTTP task to make the change effective (either restart the Domino server or type tell http restart in the console). DAP will now use the credentials that you used previously but instead of re-transmitting them with every request it will re-transmit only the authentication token it received from Domino. Enabling SSO is somewhat more involved we refer you back to the chapter on Authentication where you can find instructions on how to set up SSO between WebSphere and Domino.
44
Like in the previous example, the principal tool that we will utilize to debug the application will be tracing, so you will need a setup as described in the previous section to be able to inspect the requests and responses. So here is what we found in our test setup: Request:
GET http://portal.domain.com:9081/domjava/actionbar.jar HTTP/1.0 Accept-Language: en-IR Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: portal.domain.com:9081 Proxy-Connection: Keep-Alive Cookie: JSESSIONID=0000XGb_2MNQTpdvV_IhKLZd4WK:-1; wcp-context=wpsadmin@1@base
Response:
HTTP/1.1 404 Not Found Server: WebSphere Application Server/5.0 Content-Type: text/html Content-Length: 192 Connection: close <H1>Virtual Host or Web Application Not Found</H1><BR> <H3>The web group /domjava/actionbar.jar has not been defined</H3><BR><I>IBM WebSphere Application Server</I>
By examining this trace of the request/response interaction between the browser and the Domino Application Portlet, we can see that the request for actionbar.jar has generated a FileNotFound Error. The offending request was for the URL: http://portal.domain.com/domjava/actionbar.jar.
Chapter 5. Samples
45
However, the applet is located on the Domino Server not the Portal server, so it cant be found. Looking at the source code for this page shown in Figure 5-12, we can see that the location of the applet is /domjava. Since we are redirecting through the Portal Server, we need to transform this URL to reflect this.
Figure 5-12 The original source, which resulted in a request for /dom-java/actionbar.jar to the Portal server
We need a rule which takes the value of the codebase attribute and changes it to redirect it to the portal server. The output function @transform_uri_abs can perform this redirection. So our new rule is:
codebase="(.*?)" => codebase="@transform_uri_abs(@param(1))"
As shown in Figure 5-13, this rule transforms /domjava into something like:
"/wps/PA_1_0_55L/rproxy/__PC_7_0_5BT_PI_891457__/$$ZG9tamF2YQ==$$".
Becomes:
<applet name="dominoActionBar"
46
With this new rule, the applet can be found and loads properly (Figure 5-14).
Chapter 5. Samples
47
48
Chapter 6.
49
Clicking on the Requests button returns a page which gives details of all the recent requests.(Figure 6-2) For each request you are given the following information: Time of each request Request URL shows the request itself Response code shows whether the request to Domino succeeded (green), was redirected (orange), or failed (red), and gives the relevant response code Content type is the mime type and character set of the content Additionally, you can see the Domino source HTML. You will see a link to the source HTML returned by the Domino server (Figure 6-3 on page 51) Transformed HTML a link to the source HTML after transformation (Figure 6-4 on page 51)
50
Figure 6-3 shows the result of clicking on the Domino Source HTML link. Text that will be transformed by the parsers is colored blue. Hovering over the blue text displays a message that tells you which rule will be applied.
Figure 6-4 is the Transformed HTML. This time you see the results of applying rules to the text. Again, text that has been transformed by the parsers is colored blue. Hovering over the blue text displays a message that tells you which rule was applied.
51
52
@path() or @path(HTML parser) This returns the name of the Domino database, for example user1.nsf @transform parent uri abs() or @transform parent uri abs(HTML parser) This returns the proxy portlet ID with the input added to the end. It is used to allow pages to target the iframe. Whereas in previous releases, the JavaScript attribute top was replaced with ifa, it is now replaced with @transform parent uri abs( ifa). For the HTML parser, this function always returns the iframe name. @transform server soft path() This is available only for the regular expression parser. It returns the path to the proxy servlet prefix, however the path does not include the server URL at the beginning.
For the lookup to work the right Collaborative Service must be enabled. These services are disabled by default, refer to the Portal Infocenter for details on configuring them. DAP needs
Chapter 6. Updates to Domino Application Portlet 1.1
53
the "Domino Directory Server" service enabled, to do this edit the Collaborative Services configuration file - CSEnvironment.properties - which typically can be found under the following directory: <WEBSPHERE DIR>/PortalServer/shared/app/config. The values that need to be set are:
# this is false by default CS_SERVER_DOMINO_DIRECTORY.enabled=true # change this to your Domino server CS_SERVER_DOMINO_DIRECTORY_1.hostname=my.server.com # for most set-ups these do not need to be changed CS_SERVER_DOMINO_DIRECTORY_1.port=389 CS_SERVER_DOMINO_DIRECTORY_1.ssl=false CS_SERVER_DOMINO_DIRECTORY_1.anonymous=true
To make any changes to CSEnvironment.properties effective the Portal server needs to be restarted.
54
Appendix A.
Known issues
Through feedback with customers and other developers, a number of issues have been brought to our attention. This section may assist you in identifying the source of any problems using the Domino Application Portlet.
55
A.3 Refresh
Currently performing a refresh of the browser window will result in the user being returned to the default page, based on the settings defined in Edit. This means that if a user is writing an email when the refresh is initiated, then the email is lost as the portlet returns to the default view for the mail database, the Inbox. A fix for this issue is proposed for Release 1.1 of DAP.
Becomes:
http://dominoserver.com/reserve.nsf/ae??ae??eiAa~>>?OpenView
To:
Input expression: target="_top" Output model: target="_self"
56
57
58
Appendix B.
Additional material
This Redpaper refers to additional material that can be downloaded from the Internet as described below.
Select the Additional materials and open the directory that corresponds with the Redpaper form number, REDP-3917-00.
59
60
Related publications
The publications listed in this section are considered particularly suitable for a more detailed discussion of the topics covered in this Redpaper.
IBM Redbooks
For information on ordering these publications, see How to get IBM Redbooks on page 61. Note that some of the documents referenced here may be available in softcopy only. Domino 6.5.1 and Extended Products: Integration Guide, SG24-6357 Portalizing Domino Applications: Integration with Portal 5.02 and Lotus Workplace 2.01, SG24-6466
Online resources
These Web sites and URLs are also relevant as further information sources: WebSphere Portal Development Zone - Info Center for WebSphere Portal 5.x
http://www-106.ibm.com/developerworks/websphere/zones/portal/proddoc.html#ic5
61
62
Back cover
Redpaper
INTERNATIONAL TECHNICAL SUPPORT ORGANIZATION