Chapter 2. Configuration

GateIn 3.2 has two different database dependencies. One is the identity service configuration, which depends on Hibernate. The other is Java content repository (JCR) service, which depends on JDBC API, and can integrate with any existing datasource implementation.

When you change the database configuration for the first time, GateIn will automatically generate the proper schema (assuming that the database user has the appropriate permissions).

GateIn 3.2 assumes the default encoding for your database is latin1. You may need to change this parameter for your database in order for GateIn 3.2 to work properly.

2.1.2. Configuring the database for JCR

To configure the database used by JCR you will need to edit the file:

$JBOSS_HOME/server/default/conf/gatein/configuration.properties

For Tomcat, the file is located at

$TOMCAT_HOME/gatein/conf/configuration.properties

And edit the values of driver, url, username and password with the values for your JDBC connection (please, refer to your database JDBC driver documentation).


gatein.jcr.datasource.driver=org.hsqldb.jdbcDriver

gatein.jcr.datasource.url=jdbc:hsqldb:file:${gatein.db.data.dir}/data/jdbcjcr_${name}

gatein.jcr.datasource.username=sa

gatein.jcr.datasource.password=

By default, the name of the database is "jdbcjcr_${name}" - ${name} should be a part of the database name, as it is dynamically replaced by the name of the portal container extension (for instance, gatein-sample-portal.ear defines "sample-portal" as container name and the default portal defines "portal" as container name).

In the case of HSQL the databases are created automatically. For any other database you will need to create a database named jdbcjcr_portal (and "jdbcjcr_sample-portal" if you have gatein-sample-portal.ear in $JBOSS_HOME/server/default/deploy - note that some databases don't accept '-' in the database name, so you may have to remove $JBOSS_HOME/server/default/deploy/gatein-sample-portal.ear)

Make sure the user has rights to create tables on jdbcjcr_portal, and to update them as they will be automatically created during the first startup .

Also add your database's JDBC driver into the classpath - you can put it in $JBOSS_HOME/server/default/lib (or $TOMCAT_HOME/lib, if you are running on Tomcat)

MySQL example:

Let's configure our JCR to store data in MySQL. Let's pretend we have a user named "gateinuser" with a password "gateinpassword". We would create a database "mygateindb_portal" (remember that _portal is required), and assign our user the rights to create tables.

Then we need to add MySQL's JDBC driver to the classpath, and finally edit gatein.ear/02portal.war/WEB-INF/conf/jcr/jcr-configuration to contain the following:

gatein.jcr.datasource.driver=com.mysql.jdbc.Driver
gatein.jcr.datasource.url=jdbc:mysql://localhost:3306/mygateindb${container.name.suffix}
gatein.jcr.datasource.username=gateinuser
gatein.jcr.datasource.password=gateinpassword

2.1.3. Configuring the database for the default identity store

By default, users are stored in a database. To change the database in which to store users, you will need to edit the file:

$JBOSS_HOME/server/default/conf/gatein/configuration.properties

For Tomcat, the file is located at

$TOMCAT_HOME/gatein/conf/configuration.properties

You will find the same kind of configuration as in jcr-configuration.xml:

gatein.idm.datasource.driver=org.hsqldb.jdbcDriver
gatein.idm.datasource.url=jdbc:hsqldb:file:${gatein.db.data.dir}/data/jdbcidm_${name}
gatein.idm.datasource.username=sa
gatein.idm.datasource.password

2.2. E-Mail Service Configuration

2.2.1. Overview

GateIn 3.2 includes an e-mail sending service that needs to be configured before it can function properly. This service, for instance, is used to send e-mails to users who forgot their password or username.

2.2.2. Configuring the outgoing e-mail account

The e-mail service can use any SMTP account configured in $JBOSS_HOME/server/default/conf/gatein/configuration.properties (or $TOMCAT_HOME/gatein/conf/configuration.properties if you are using Tomcat).

The relevant section looks like:

# EMail
gatein.email.smtp.username=
gatein.email.smtp.password=
gatein.email.smtp.host=smtp.gmail.com
gatein.email.smtp.port=465
gatein.email.smtp.starttls.enable=true
gatein.email.smtp.auth=true
gatein.email.smtp.socketFactory.port=465
gatein.email.smtp.socketFactory.class=javax.net.ssl.SSLSocketFactory

It is preconfigured for GMail, so that any GMail account can easily be used (simply use the full GMail address as username, and fill-in the password.

In corporate environments you will want to use your corporate SMTP gateway. When using it over SSL, like in default configuration, you may need to configure a certificate truststore, containing your SMTP server's public certificate. Depending on the key sizes, you may then also need to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for your Java Runtime Environment.

2.3. HTTPS Configuration

2.3.1. Overview

GateIn 3.2 default run on HTTP mode. However, for security purpose, you can config GateIn to run on HTTPS mode. This section show you how to config GateIn with HTTPS mode.

2.3.2. Generate your key

If you haven't your own X.509 certificate, you can make a simple certificate using keytool command:

keytool -genkey -alias serverkeys -keyalg RSA -keystore server.keystore -storepass 123456 -keypass 123456 -dname "CN=localhost, 		OU=MYOU, O=MYORG, L=MYCITY, ST=MYSTATE, C=MY"

Now, your key is stored in server.keystore

You need to import your key into the Sun JDK keystore (This is required to help running gadget features)

keytool -importkeystore -srckeystore server.keystore -destkeystore $JAVA_HOME/jre/lib/security/cacerts

2.3.3. Setup Jboss configuration to use your key

Edit server.xml from jboss/server/<NAME>/deploy/jbossweb.sar folder. Comment lines:

<Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}" 
		       connectionTimeout="20000" redirectPort="8443" />

Uncomment lines and change keystoreFile and keystorePass to values of your key:

<Connector protocol="HTTP/1.1" SSLEnabled="true" 
		   port="8443" address="${jboss.bind.address}"
		   scheme="https" secure="true" clientAuth="false" 
		   keystoreFile="$JAVA_HOME/jre/lib/security/cacerts"
		   keystorePass="123456" sslProtocol = "TLS" />

2.3.4. Setup Tomcat configuration to use your key

Edit server.xml from tomcat/conf folder. Comment lines:

<Connector port="8080" protocol="HTTP/1.1" 
		maxThreads="150" connectionTimeout="20000" 
		redirectPort="8443" URIEncoding="UTF-8"
		emptySessionPath="true"/>

Uncomment lines and add keystoreFile and keystorePass values:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
		maxThreads="150" scheme="https" secure="true"
		clientAuth="false" sslProtocol="TLS" 
		keystoreFile="$JAVA_HOME/jre/lib/security/cacerts"
		keystorePass="123456" />

Restart GateIn. If your configuration is correct, you can access to GateIn via address: https://<ServerAddress>:8443/portal

2.4. Configuration of custom data validators

2.4.1. Overview

GateIn 3.2 includes a user-configurable validator that can be applied to input fields of different bundled portlets. Currently, this validator is only used to configure the validation of user name formats in the user account, user registration and group membership portlets, though the architecture allows for configurable validation to be used in different contexts if needed.

The validator can be configured via properties in the configuration.properties file found in the GateIn configuration directory. By default, this directory is found at $JBOSS_HOME/server/default/conf/gatein/ if you are using JBoss Application Server or $TOMCAT_HOME/gatein/conf/ if you are using Tomcat.

The architecture supports several configurations that can be activated and associated to specific instances of the user-configurable validator when they are created and assigned to fields in portlets. We will only concern ourselves with the currently supported use cases, which are creation/modification of a user name during registration/modification of a user and group membership assignments.

2.4.2. Validator configuration

A configuration is created by adding an entry in configuration.properties using the gatein.validators. prefix followed by the name of the configuration, a period '.' and the name of the validation aspect you want to configure. The user-configurable validator currently supports four different aspects per configuration, as follows, where {configuration} refers to the configuration name:

gatein.validators.{configuration}.length.min: minimal length of the validated field
gatein.validators.{configuration}.length.max: maximal length of the validated field
gatein.validators.{configuration}.regexp: regular expression to which values of the validated field must conform
gatein.validators.{configuration}.format.message: information message to display when the value of the validated field doesn't conform to the specified regular expression

Only two configurations are currently supported by GateIn, one, named username, to configure validation of user names when they are created/modified and the other, named groupmembership, to configure validation of user names in the context of group memberships.

For example, if you want to make sure that your users use an email address as their user name, you could use the following configuration:

Example 2.1.

               # validators
               gatein.validators.username.regexp=^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-za-z]{2,4}$
               gatein.validators.username.format.message=Username must be a valid email address.

Note

If you don't change the configuration of the validator, user names will be validated as follows:

Length must be between 3 and 30 characters.
Only lowercase letters, numbers, undescores (_) and period (.) can be used.
No consecutive undescores (_) or period (.) can be used.
Must start with a letter.
Must end with a letter or number.

Important

Some components that leverage GateIn depend on user names being all lowercase. We therefore strongly recommend that you also only accept lowercase user names.

2.4.3. Developer information

The user-configurable validator is implemented by the org.exoplatform.webui.form.validator.UserConfigurableValidator class. Please refer to its documentation for more details.

To use a specific validator configuration to validate a given field value, add the validator to the field as follows, where configurationName is a String representing the name of the configuration to use:

            addValidator(UserConfigurableValidator.class, configurationName))

The validator instance can then be configured by adding the relevant information in configuration.properties, for example:

            # validators
            gatein.validators.configurationName.length.min=5
            gatein.validators.configurationName.length.max=10
            gatein.validators.configurationName.regexp=^u\d{4,9}$
            gatein.validators.configurationName.format.message=Username must start with ''u'' and be followed by 4 to 9 digits.

Alternatively, a resource key can also be passed to the addValidator method to specify which localized message should be used in case a validation error occurs, for example as follows: configurationName

            addValidator(UserConfigurableValidator.class, UserConfigurableValidator.GROUPMEMBERSHIP,
            UserConfigurableValidator.GROUP_MEMBERSHIP_LOCALIZATION_KEY);