JBoss.orgCommunity Documentation

Administrator Guide

Copyright © 2009-2012

About this guide
1. Installation and Startup
1.1. System requirements
1.2. Install the Tomcat bundle
1.3. Install JBoss EARs
1.4. Profiles of eXo Platform
2. Configuration
2.1. eXo Platform configuration
2.2. Database configuration
2.2.1. Connect to a production database
2.2.2. FAQs of database configuration
2.3. File system paths
2.4. JCR system and default Workspaces
2.5. Transaction Service
2.6. Mail server
2.7. Email-notification configuration for watching a document
2.8. WebDAV cache control
2.9. Chat server
2.9.1. XMPPMessenger
2.9.2. Chat server configuration
2.10. Office server
2.11. Log-in
2.12. JCR
2.13. Cache configuration
2.13.1. Portal Cache Configuration
2.13.2. Social Cache Configuration
2.13.3. ECMS Cache Configuration
2.14. Users configuration
2.14.1. Super-user configuration
2.14.2. Default users list definition of eXo Platform
2.14.3. Grant users access to toolbar
2.14.3.1. Grant all users access to toolbar but not CMS
2.14.3.2. Grant all new users access to toolbar and CMS
2.15. Gadget configuration
2.16. Other properties
3. Management
3.1. Introduction to eXo Platform management
3.1.1. JMX interface
3.1.2. REST interface
3.2. Management views of eXo Platform
3.2.1. PortalContainer management view
3.2.2. Cache management view
3.2.2.1. Cache instances
3.2.2.2. CacheManager
3.2.2.3. PicketLinkIDMCacheService
3.2.3. Content management view
3.2.3.1. WCMComposer
3.2.3.2. FriendlyService
3.2.3.3. WCMService
3.2.4. JCR management view
3.2.4.1. SessionRegistry
3.2.4.2. LockManager
3.2.4.3. Repository
3.2.4.4. Workspace
3.2.5. Portal management view
3.2.5.1. Template statistics
3.2.5.2. Template management
3.2.5.3. Skin management
3.2.5.4. TokenStore
3.2.5.5. Portal statistics
3.2.5.6. Application statistics
3.2.6. Knowledge management view
3.2.6.1. Forum
3.2.6.2. Job
3.2.6.3. Plugin
3.2.6.3.1. RoleRulesPlugin
3.2.6.3.2. BBCodePlugin
3.2.6.3.3. ForumInitialDataPlugin
3.2.6.3.4. InitialDataPlugin
3.2.6.4. Storage
3.2.7. Collaboration management view
4. Security
4.1. Change the JAAS realm
4.1.1. Tomcat
4.1.2. Common changes
4.2. Gadget proxy configuration
4.2.1. Overview
4.2.2. Configure the ProxyFilterServie
4.2.3. How does it work?
4.3. HTTPS configuration
5. Backup and Restore
5.1. Pre-backup
5.2. Back up eXo Platform
5.3. Restore
5.4. Third-party tools
6. Clustering
6.1. About clustering in eXo Platform
6.2. Set up the eXo Platform cluster
6.2.1. Shared file system
6.2.2. Set up eXo Platform cluster
6.2.3. Advanced configuration
6.2.3.1. JBossCache
6.2.3.2. Shared file system
6.2.4. Local JCR index in cluster
6.3. FAQs of clustering
7. Deployment
7.1. Remove sample portals
7.1.1. Remove Acme website/Acme Social Intranet
7.1.2. Remove Crash
7.2. Deploy a custom extension
7.3. Set up Apache front-end
7.3.1. Base configuration for Apache
7.3.2. Connect via HTTP protocol (Apache mod_proxy)
7.3.3. Connect via AJP protocol
7.3.3.1. AJP proxy module
7.3.3.2. Apache Tomcat's AJP connector
7.4. Configure the session timeout for the web server
7.4.1. Tomcat server
7.4.2. JBoss server
8. Migration
8.1. What needs to be migrated?
8.2. Migrate with transparent configuration
8.3. Upgrade plugins details
8.3.1. Mandatory plugins
8.3.2. Optional plugins
9. Organization Integration
9.1. Terminology
9.2. Sync Platform with an existing Directory
9.2.1. Sync at startup
9.2.2. Sync at login time
9.2.3. Sync on demand
9.2.4. Scheduled/Periodic sync
9.2.4.1. Use REST
9.2.4.2. Use JMX
9.3. Use Legacy Organization Models

About this guide

This guide describes how to get started with eXo Platform 3.5, especially for:

Through the guide, you can do many administrative tasks when implementing eXo Platform 3.5. The administration of eXo Platform 3.5 is categorized into the following main topics:

  • Installation and Startup: Knowledge of how to install the Tomcat bundle and JBoss EARs and information of eXo Platform profiles.

  • Configuration: Understanding of configuration related to eXo Platform, database, cache, users and gadget proxy, file system paths, mail server, WebDAV Cache Control, Chat Server, OpenOffice Server, Log-in, JCR.|

  • Management: Introduction to eXo Platform management, knowledge of eXo Platform management views.

  • Security: Changes related to the JAAS realm.

  • Backup and Restore: Backup of database and file systems for the JCR index and value storage.

  • Clustering: Changes related to clustering, which are necessary for eXo Platform to work in the cluster mode.

  • Deployment: How-Tos of removing sample applications, deploying a custom extension, setting up Apache Front-end and configuring the session timeout for the web server.

  • Migration: Step-by-step instructions for migrating eXo Platform from 3.0 to 3.5.

  • Organization Integration: Instructions on how to connect eXo Platform to a populated data source, such as LDAP server, MS ActiveDirectory, or Database.

Chapter 1. Installation and Startup

eXo Platform is packaged as a deployable enterprise archive defined by the Java EE specification, and as a configuration directory. In this chapter, you will see the following topics:

To run eXo Platform 3.5, your system is required to meet the following specifications or higher.

The eXo server will run on the 8080 portal, so make sure this port is not currently in use.

The easiest way to install eXo Platform is to use the Tomcat bundle. This is a ready-made package on top of the Tomcat 6 application server. First, you need to download and extract the package named eXo-Platform-tomcat-3.5.x.zip on your server.

Start up the server

eXo Platform leverages the application server on which it is deployed. This means that you only need to start and stop your application with the default commands.

  • On Linux and OS X: 

$TOMCAT_HOME/start_eXo.sh

  • On Windows: 

%TOMCAT_HOME%\start_eXo.bat

The server is started successfully when you see the following message in your log/console:

INFO: Server startup in 353590 ms

Shut down the server

  • On Linux and OS X: 

$TOMCAT_HOME/stop_eXo.sh

  • On Windows: 

%TOMCAT_HOME%\stop_eXo.bat

If you receive the message when you try to stop Tomcat as below, you must stop Tomcat by pressing Ctrl+C or by killing with the -9 command. To perform the kill action automatically, you can run stop_eXo.sh -force that is only available on Linux and OS X systems.

Tomcat did not stop in time. The PID file was not removed.

The server has been stopped successfully when you see the following message in your log/console:

INFO: Stopping Coyote HTTP/1.1 on http-8080

Start up eXo Platform by running built-in startup scripts

You can start up eXo Platform by running one of the following built-in startup scripts:

  • Linux & OS X: start_eXo.sh

  • Windows: start_eXo.bat

  • Linux and OS X in the developer mode: start_eXo.sh with the -debug option.

  • Windows in the developer mode: start_eXo.bat with the -debug option.

In the normal mode, the start_eXo scripts launch eXo Platform with the following JVM options:

-Xms256m 
-Xmx1024m 
-XX:MaxPermSize=256m 
-Djava.security.auth.login.config=../conf/jaas.conf  
-Dexo.conf.dir.name=gatein/conf 
-Dexo.profiles=default

Details:

-Xms Minimal Heap Size (defaults to 256 MB).
-Xmx Maximal Heap Size (defaults to 1 GB).
-Djava.security.auth.login.config Path to the JAAS security file where the security domains and JAAS authentication modules are declared.
-Dexo.conf.dir.name Path where eXo Platform will start looking at configuration.properties and configuration.xml.
-Dexo.profiles List of comma-separated profiles of eXo Plaform to activate.

In the developer mode, the start_eXo scripts launch eXo Platform in the developer mode with a few JVM options.

-Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n 
-Dcom.sun.management.jmxremote 
-Dorg.exoplatform.container.configuration.debug 
-Dexo.product.developing=true

Details:

-Dcom.sun.management.jmxremote Activate the remote JMX monitoring.
-Xdebug -Xrunjdwp:transport=dt_socket, address=8000,server=y,suspend=n Enable the remote debugging.
-Dorg.exoplatform.container. configuration.debug The container will log in to the console which the .xml file loads.
-Dexo.product.developing=true Deactivate JavaScript and CSS merging for debugging more easily. Next, activate a special language called Magic Locale "ma" showing the property keys instead of the translations.

Now, you can start and run the eXo Platform demo, but you will need to adjust these values for a production setup.

Customize environment variables in Tomcat

Previously, users got used to changing the gatein.sh file, but this file is no longer used since Platform 3.5.0-CR1. Now, to customize the environment variables and JVM memory parameters, you have to modify the setenv.sh file (setenv.bat file in Windows).

This file is located in:

  • Linux & OS X:

$TOMCAT_HOME/bin/setenv.sh

  • Windows: 

$TOMCAT_HOME\bin\setenv.bat

The following is the content of this file:

LOG_OPTS="-Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.SimpleLog"
SECURITY_OPTS="-Djava.security.auth.login.config=../conf/jaas.conf"
EXO_OPTS="-Dexo.product.developing=false -Dexo.conf.dir.name=gatein/conf"
IDE_OPTS="-Djavasrc=$JAVA_HOME/src.zip -Djre.lib=$JAVA_HOME/jre/lib"
if [ "$EXO_PROFILES" = "" -o "$EXO_PROFILES" = "-Dexo.profiles=default" ] ; then 
	EXO_PROFILES="-Dexo.profiles=default"
fi

CATALINA_OPTS="-Xms256m -Xmx1024m -XX:MaxPermSize=256m $CATALINA_OPTS $LOG_OPTS $SECURITY_OPTS $EXO_OPTS $IDE_OPTS $EXO_PROFILES"
export CATALINA_OPTS

Note

In Linux environments, the ulimit limits the system-wide resource used. When running eXo Platform, you may get the error message about "Too many open files" because the ulimit had limited the opened files. By default, the number of open files is limited to "1024". You should execute the command "ulimit -n 8196" as root before starting the server to avoid this issue.

eXo Platform provides EARs packages to deploy in your existing JBoss application server. They are distributed in the package named eXo-Platform-jboss-3.5.x.zip.

Install eXo Platform on JBoss

1. Copy the following files to jboss-root/server/default/deploy.

  • gatein-ds.xml

  • gatein.ear

  • gatein-wsrp-extension-$version.ear

  • starter-gatein-$version.ear

  • exo-wcm-extension-$version.ear

  • exo-workflow-extension-$version.ear

  • exo-collaboration-extension-$version.ear

  • exo-knowledge-extension-$version.ear

  • exo-social-extension-$version.ear

  • exo-platform-extension-$version.ear

  • exo-social-intranet-$version.ear

  • exo-acme-website-$version.ear

  • exo-default-portal-$version.ear

  • exo-gadget-pack-$version.ear

2. Create the jboss-root/server/default/conf/gatein folder, then copy these files to this folder.

  • configuration.properties

  • configuration.xml

3. Copy the oauthkey.pem file to jboss-root/server/default/conf/gatein/gadgets.

4. Configure the JVM parameters.

  • On Linux, add these lines to the end of jboss-root/bin/run.conf: 

# Platform environment variables
EXO_PROFILES="-Dexo.profiles=default"
EXO_OPTS="-Dexo.product.developing=false -Dexo.conf.dir.name=gatein -Dgatein.data.dir=../gatein"
REMOTE_DEBUG="-Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n -Dcom.sun.management.jmxremote -Dorg.exoplatform.container.configuration.debug"
EXO_XML="-Djavax.xml.stream.XMLOutputFactory=com.sun.xml.stream.ZephyrWriterFactory -Djavax.xml.stream.XMLInputFactory=com.sun.xml.stream.ZephyrParserFactory -Djavax.xml.stream.XMLEventFactory=com.sun.xml.stream.events.ZephyrEventFactory"
JAVA_OPTS="$JAVA_OPTS $EXO_OPTS $EXO_PROFILES $EXO_XML"

  • On Windows, add these lines to the end of jboss-root/bin/run.conf.bat:

rem # Platform environment variables
set "EXO_PROFILES=-Dexo.profiles=default"
set "EXO_OPTS=-Dexo.product.developing=false -Dexo.conf.dir.name=gatein -Dgatein.data.dir=../gatein"
set "REMOTE_DEBUG=-Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n -Dcom.sun.management.jmxremote -Dorg.exoplatform.container.configuration.debug"
set "EXO_XML=-Djavax.xml.stream.XMLOutputFactory=com.sun.xml.stream.ZephyrWriterFactory -Djavax.xml.stream.XMLInputFactory=com.sun.xml.stream.ZephyrParserFactory -Djavax.xml.stream.XMLEventFactory=com.sun.xml.stream.events.ZephyrEventFactory"
set "JAVA_OPTS=%JAVA_OPTS% %EXO_OPTS% %EXO_PROFILES% %EXO_XML%"

Adapt to your needs:

  • To use another implementation of SAX, change the class names in the EXO_XML variable. For example: com.sun.xml.internal.stream.XMLOutputFactoryImpl.

  • To debug the application, simply add $REMOTE_DEBUG to the JAVA_OPTS variable.

5. Add the eXo Platform logging categories to jboss-root/server/default/conf/jboss-log4j.xml.




<!-- Limit the JSR170 categories -->

<category name="exo.jcr">

  <priority value="INFO"/>

</category>

<!-- Limit the JSR-168 and JSR-286 categories -->

<category name="org.exoplatform.services">

  <priority value="INFO"/>

</category>

6. Configure the emptySessionPath attribute.

From JBoss AS 4 or lower, to make Wiki work properly, you have to configure the emptySessionPath attribute in the server.xml file. If you are running Jboss with the "default" profile, this file will be located in server/default/deploy/jbossweb.sar/server.xml/ path.

Depending on the Connector you are using, you have to set the emptySessionPath attribute to "true" for that Connector respectively.

For example, if you are using the AJP Connector, the configuration should be as follows:

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" address="${jboss.bind.address}" protocol="AJP/1.3"
    emptySessionPath="true" enableLookups="false" redirectPort="8443" />

However, from JBoss AS 5 or higher, emptySessionPath="true" no longer sets the cookie path / by default. Instead, the cookie path is set via the following element in the Context element in the server/default/deploy/jbossweb.sar/context.xml file.

<SessionCookie path="/" />

Session cookies are now scoped to the context by default. 7. Start up the server.

  • On Linux and OS X: 

$JBOSS_HOME/bin/run.sh

  • On Windows: 

%JBOSS_HOME%\bin\run.bat

The server is started successfully when you see the following message in your log/console:

INFO [org.jboss.bootstrap.microcontainer.ServerImpl] (main) JBoss (Microcontainer) [5.1.1 (build: ...)] Started in 5m:29s:259ms

8. Shut down the server.

  • On Linux and OS X:

$JBOSS_HOME/bin/shutdown.sh

  • On Windows: 

%JBOSS_HOME%\bin\shutdown.bat

The server has been stopped successfully when you see the following message in your log/console:

INFO  [org.jboss.bootstrap.microcontainer.ServerImpl] (JBoss Shutdown Hook) Shutdown complete

eXo Platform comes with different runtime profiles, enabling you to customize which modules you want to enable/disable in each eXo Platform instance.

The following profiles are supported:

Profile Description
collaboration Enable the Collaboration module.
knowledge Enable the Knowledge module.
social Enable the Social module.
workflow Enable the Workflow add-ons within the Content module.
webos Enable the eXo WebOS module.

Additionally, you can use these composite profiles:

Profile Description
minimal Contains GateIn + Content.
default Contains all modules except workflow and webos (GateIn, eXo IDE, Collaboration, Social, Knowledge).
all All available modules.

For example:

./start_eXo.sh default,workflow

./start_eXo.sh collaboration,knowledge

./start_eXo.sh minimal,social

For the developer mode 

./start_eXo.sh -debug [profiles]

.\start_eXo.bat -debug [profiles]

Chapter 2. Configuration

This chapter covers the following topics:

In eXo Platform, the configuration is performed in a folder whose location is controlled by a system property named exo.conf.dir. By default, the gatein.sh startup script sets this property as follows:

-Dexo.conf.dir.name=gatein/conf

So the main entry point for the eXo Platform configuration is /gatein/conf/. This directory contains the following files:

This section explains some parts of the eXo Platform internals so that you can understand the roles of these configuration files.

The eXo Platform Kernel collects runtime components in the portal containers. A portal container holds all components to run a portal instance. It serves portal pages under the servlet context for its name.

The default portal container in eXo Platform is simply called "portal". This explains why the default URL of the samples is http://localhost:8080/portal.

The default portal container can be configured directly inside exo.conf.dir.

However, eXo Platform is capable of running several portal instances simultaneously on the same server. Each instance can be configured and customized independently via files located at: /gatein/conf/portal/$PORTAL_NAME, where $PORTAL_NAME is the name of the portal container.

Note

The name of the configuration file can be altered. Please refer to the PortalContainer section in the Kernel reference for more details on portal containers and other options to modify the location of the properties.

Services that run inside a portal container are declared via the xml configuration files like configuration.xml. Such files exist in jars, wars and below exo.conf.dir.

The .xml configuration files also serve as the main way to customize the portal via the multiple plugins offered by the eXo Platform components.

Additionally, the .xml files may contain variables that are populated via properties defined in configuration.properties. Hence, the configuration.properties file serves as exposing some selected variables that are necessary to configure eXo Platform in a server environment.

configuration.properties

The system configuration is mostly done in the configuration.properties file. In most cases, this should be the only file for the system administrator to configure.

configuration.xml

This file contains the built-in configuration for the "portal" portal container.

Note

To learn more about how to configure a new portal container, please refer to the Kernel reference guide.

portal/portal/configuration.xml

This file is empty by default. This is where further customizations can be placed. Generally, custom configurations are provided by extension wars. However, this file is the last loaded by the kernel. It has a higher priority over any other configuration files, including extensions. So, you can override any internal component configuration.

This may turn handy services or configurations that are not exposed in configuration.properties.

For example, you can change the default WebDAV update policy by adding the following code to this configuration.xml file:




  <component>

    <key>org.exoplatform.services.jcr.webdav.WebDavServiceImpl</key>

    <type>org.exoplatform.services.jcr.webdav.WebDavServiceImpl</type>

    <init-params>

      <value-param>

        <name>auto-mix-lockable</name>

        <value>false</value>

      </value-param>

      <value-param>

        <name>def-folder-node-type</name>

        <value>nt:folder</value>

      </value-param>

      <value-param>

        <name>def-file-node-type</name>

        <value>nt:file</value>

      </value-param>

      <value-param>

        <name>def-file-mimetype</name>

        <value>text/plain</value>

      </value-param>

      <value-param>

        <name>update-policy</name>

        <value>replace</value>

      </value-param>

    </init-params>

  </component>

eXo Platform relies on the application server for its database access, so the database must be configured as a data source at the AS level. The data source is obtained by accessing the Enterprise Naming Context (ENC) through the Java Naming and Directory Interface (JNDI) service.

If you intend to bring your eXo Platform to production, the embedded hsql database will not be appropriate and you will need to configure your app server to use another one. You need to learn how to configure eXo Platform data sources and your app server. If you need to change the data sources name, read the Rename the data source section below.

Note

The steps below will show you how to configure eXo Platform to use a MySQL database. You need to adapt them to your actual production environment.

Tip

Refer to the FAQs of database configuration section to find out our sample configuration files for MySQL and other DB systems.

Step 1. Prepare your database server.

You need to prepare two database schema, then do as follows:

1. Connect to your database server using the ssh command: 

ssh root@db.example.org

2. Verify that MySQL is running: 

sudo /etc/init.d/mysqld status

3. Connect to MySQL: 

mysql -u root -p

In this step, you will be prompted for entering your password.

4. Create 2 databases: one for idm ($dbname-idm) and the other for jcr ($dbname-jcr). For example:

i. Create the first database. 

create database _$dbname_;

ii. Configure the user who has the remote access right (not only from the host server):

grant all on _$dbname_.* to '_$username_'@'_$IP_' identified by '_$password_';

In which, $IP = AS host name, $IP = IP with wildcard (eg 192.168.1.% = all IPs on 192.168.1.x network) and $username = username that eXo Platform will connect with (i.e. 'dbnameuser').

5. Verify that both databases were created successfully.

show databases;

6. Quit the server with the exit command.

Note

eXo Platform does not require tables to be created before it starts because these tables are created automatically on the first startup. If you want to run the DDL script to create the database objects, please contact eXo Support to obtain the script for your database.

Step 2. Configure eXo Platform.

After the database is ready, you need to configure eXo Platform to connect to it. The configuration steps may be different, depending on the application server. Here, instructions are for Tomcat and JBoss.

Tomcat bundle:

In Tomcat, the data sources configuration requires you to edit the server.xml file.

Tip

Please refer to Tomcat's JNDI Resources How To for more details on the JNDI resources binding in Tomcat.

Edit the server.xml file

1. Open the file following the $TOMCAT_HOME/conf/server.xml path.

2. Declare the binding of the data sources in the GlobalNaming context:

  • Change the driver from org.hsqldb.jdbcDriver to com.mysql.jdbc.Driver.

  • Change the username and password to the values set above.

  • Change the URL to access your DataBase from jdbc:hsqldb:file:../gatein/data/hsql/exo-jcr_portal into jdbc:mysql://_$host_:3306/_$dbname_.

The code now should look like:




<!-- eXo JCR Datasource for portal -->

<Resource auth="Container" driverClassName="com.mysql.jdbc.Driver" logAbandoned="true" maxActive="20" maxIdle="10" maxWait="10000" minEvictableIdleTimeMillis="60000" name="exo-jcr_portal" password="_$password_" removeAbandoned="true" removeAbandonedTimeout="10" type="javax.sql.DataSource" url="jdbc:mysql://_$host_:3306/_$dbname-jcr_" username="_$username_"/>



<!-- eXo IDM Datasource for portal -->                

<Resource auth="Container" driverClassName="com.mysql.jdbc.Driver" logAbandoned="true" maxActive="20" maxIdle="10" maxWait="10000" minEvictableIdleTimeMillis="60000" name="exo-idm_portal" password="_$password_" removeAbandoned="true" removeAbandonedTimeout="10" type="javax.sql.DataSource" url="jdbc:mysql://_$host_:3306/_$dbname-idm_" username="_$username_"/>   

3. Add the JDBC driver. In this step, you need to add the MySQL connector to Tomcat by adding mysql-connector-java-5.1.x.jar to $TOMCAT_HOME/lib/.

JBoss:

Configure the data source for eXo Platform under JBoss

  • Edit gatein-ds.xml

  • Add the JDBC driver

1. Edit the gatein-ds.xml file.

i. Open the file following the $JBOSS_HOME/server/default/deploy/gatein-ds.xml path.

ii. Declare the binding of the data sources in the GlobalNaming context:

  • Change the driver: org.hsqldb.jdbcDriver into com.mysql.jdbc.Driver.

  • Change the username and password to the values set earlier.

The configuration should now look like:




<datasources>

    <no-tx-datasource>

      <jndi-name>exo-idm_portal</jndi-name>

      <connection-url>jdbc:mysql://_$host_:3306/_$dbname-idm_</connection-url>

      <driver-class>com.mysql.jdbc.Driver</driver-class>

      <user-name>_$username_</user-name>

      <password>_$password_</password>



      <min-pool-size>5</min-pool-size>

      <max-pool-size>20</max-pool-size>

      <idle-timeout-minutes>0</idle-timeout-minutes>

      <prepared-statement-cache-size>32</prepared-statement-cache-size>

   </no-tx-datasource>

<!-- ...  -->

   <no-tx-datasource>

      <jndi-name>exo-jcr_portal</jndi-name>

      <connection-url>jdbc:mysql://_$host_:3306/_$dbname-jcr_</connection-url>

      <driver-class>com.mysql.jdbc.Driver</driver-class>

      <user-name>_$username_</user-name>

      <password>_$password_</password>



      <min-pool-size>5</min-pool-size>

      <max-pool-size>20</max-pool-size>

      <idle-timeout-minutes>0</idle-timeout-minutes>

      <prepared-statement-cache-size>32</prepared-statement-cache-size>

   </no-tx-datasource>

</datasources>

2. Add the JDBC driver. In this step, you need to add the MySQL connector library in JBoss by adding mysql-connector-java-5.1.x.jar to $JBOSS_HOME/server/default/lib/.

Tip

You can get the latest MySQL connector here.

3. Rename the data source.

By default, eXo Platform defines two data sources:

You may want to rename the data source as follows:

i. Open and edit the configuration.properties path.

In this step, indicate to eXo name of the data sources.

# JNDI name of the datasource that will be used by eXo JCR
gatein.jcr.datasource.name=java:/comp/env/exojcr
...
# JNDI Name of the IDM datasource
gatein.idm.datasource.name=java:/comp/env/exo-idm

Note

eXo Platform automatically appends the portal container name ("_portal" by default) to these values before performing a JNDI lookup.

ii. Change the data source name in the application server.

In this step, you need to change the name under which the data sources are bound in the JNDI tree by the app server. This is a dependent application sever.

Q1. How to configure eXo Platform to connect to other database systems?

Configuring eXo Platform to connect to other database can be done easily. eXo Platform provides sample configuration files in the folders:

In each folder, you will find two sample xml files: gatein-ds.xml for JBoss and server.xml for Tomcat.

Each file contains 2 preconfigured datasources. For example (JCR datasource in mysql/server.xml):

<Resource name="exo-jcr_portal" auth="Container" type="javax.sql.DataSource"
          maxActive="128" maxIdle="32" maxWait="10000"
          testWhileIdle="true" timeBetweenEvictionRunsMillis="30000" validationQuery="SELECT 1" 
          username="${db.username}" password="${db.password}" driverClassName="com.mysql.jdbc.Driver"
          url="jdbc:mysql://${db.host}:${db.port}/${db.jcr.name}"/>

You simply replace the variables with the expected values:

Variables Expected values
db.username The username that connects to the database.
db.password The password for the above user.
db.host The hostname or IP address of the DB server.
db.port The port to connect to the DB.
db.jcr.name The DB name for the JCR datasource.
db.idm.name The DB name for the IDM datasource.

Please remember to add the JDBC connector JAR in the classpath of your application server.

You can download the official JDBC connector JARs from the following websites:

Q2. How to remove the idle MySQL connections?

Some RDBMSs, like MySQL, close the idle connections after a period (8 hours on MySQL by default). Thus, a connection from the pool will be invalid and any application SQL command will fail, resulting in errors as below:

org.hibernate.SessionException: Session is closed!
at org.hibernate.impl.AbstractSessionImpl.errorIfClosed(AbstractSessionImpl.java:72)
at org.hibernate.impl.SessionImpl.getTransaction(SessionImpl.java:1342)

To avoid this, you can use DBCP to monitor the idle connections and drop them when they are invalid, with the parameters testWhileIdle, timeBetweenEvictionRunsMillis and validationQuery.

The validation query is specific to your RDBMS. For example, on MySQL, you would use:

testWhileIdle="true" timeBetweenEvictionRunsMillis="30000" validationQuery="SELECT 1"

In which:

You can add these parameters to the data source configuration file of your application server, for example: conf/server.xml on Tomcat.

For more details on the configuration, or some examples on other RDBMS and applications servers, please refer to:

Q3. How to enable managed DataSource?

When you want to use a managed data source (which is the case under JBoss), set "true" for the gatein.jcr.datasource.managed property in the configuration.properties file

# indicates if the jcr datasource is using managed transactions. 
# false by default. 
gatein.jcr.datasource.managed=true

eXo Platform requires the read/write access to several paths in the local file system.

# Arjuna configuration
com.arjuna.ats.arjuna.objectstore.objectStoreDir=${gatein.data.dir}/jta
.....

# Directory for common data (in cluster, mount it as a network shared directory between nodes)
# On standalone JBoss app server it is assignet to ${jboss.server.data.dir} by default.
exo.shared.dir=../gatein

# Configuration directory (in cluster, this directory is per node)
# Usual locations of configuration directory:
# for Tomcat app server it is ${catalina.home}/gatein/conf.
# for JBoss app server it is ${jboss.server.home.dir}/conf/gatein.
gatein.conf.dir=${catalina.home}/${exo.conf.dir.name}

# Data directory
gatein.data.dir=${exo.shared.dir}/data

# path for any JCR data 
gatein.jcr.data.dir=${gatein.data.dir}/jcr

# path for file data inserted in JCR
gatein.jcr.storage.data.dir=${gatein.jcr.data.dir}/values

# path for the jcr index
gatein.jcr.index.data.dir=${gatein.jcr.data.dir}/index

The following table explains what goes in which path. The Temporary column indicates if the data are temporary or persistent (V: temporary, X: persistent).

Variable Content Temporary
com.arjuna.ats.arjuna.objectstore.objectStoreDir JTA transactional data. V
gatein.jcr.data.dir Directory for JCR data. X
gatein.jcr.data.dir/swap Directory for swapped data of JCR V
gatein.jcr.storage.data.dir Binary value storage for JCR. X
gatein.jcr.index.data.dir Lucene index for JCR. X

Each variable can be defined as an absolute or a relative path. The default configuration combines them to obtain a compact tree:

/gatein       # gatein.data.dir
  /data
    /hsql
    /jcr      # gatein.jcr.data.dir
      /index  # gatein.jcr.index.data.dir    
      /swap
      /values # gatein.jcr.storage.data.dir    
    /jta

The following is the configuration of workspaces (default and system) for JCR repository.



# JCR system and default workspaces

gatein.jcr.repository.default=repository

gatein.jcr.workspace.default=collaboration

gatein.jcr.workspace.system=system

JCR transaction default timeout configured for 7 mins (420 sec) by default. If your application runs longer transactions, you might need a bigger timeout.

# JCR Transaction Service
# TransactionService default timeout (in seconds), set it to one hour here:
gatein.jcr.transaction.timeout=3600

Note

The Mail portlet and its services are deprecated. It remains fully supported for eXo customers, however it will not receive any enhancement and will be removed from the product scope in the future.

eXo Platform requires the SMTP server to send emails, such as notifications or password reminders.

The Email service can use any SMTP account that needs to be configured in /server/default/conf/gatein/configuration.properties (Or $TOMCAT_HOME/ gatein/conf/configuration.properties if you are using Tomcat).

The relevant section looks like:

#EMail
# Domain name: Help for sending links from email notifications. The default domain name is http://localhost:8080.
gatein.email.domain.url=http://localhost:8080
# Email display in "from" field of email notification.
gatein.email.smtp.from=noreply@exoplatform.com
gatein.email.smtp.username=
gatein.email.smtp.password=
gatein.email.smtp.host=smtp.gmail.com
gatein.email.smtp.port=465
gatein.email.smtp.starttls.enable=true
gatein.email.smtp.auth=true
gatein.email.smtp.socketFactory.port=465
gatein.email.smtp.socketFactory.class=javax.net.ssl.SSLSocketFactory

Some authenticated SMTP systems, such as GMail, GMX, MS Exchange, require the value for 'sender' or 'from' in the email message that must be identical to the SMTP user and host.

The Forum application uses it in the notification phase as the default sender. If it is not set, the sender will be empty.

gatein.email.domain.url Domain name.
gatein.email.smtp.from Sender's email address.
gatein.email.smtp.host SMTP hostname.
gatein.email.smtp.port SMTP port.
gatein.email.smtp.starttls.enable True to enable the secure (TLS) SMTP. See RFC 3207.
gatein.email.smtp.auth True to enable the SMTP authentication.
gatein.email.smtp.username Username to send for authentication.
gatein.email.smtp.password Password to send for authentication.
gatein.email.smtp.socketFactory.port Specify the port to connect to when using the specified socket factory.
gatein.email.smtp.socketFactory.class This class will be used to create SMTP sockets.

To see more details, refer to JavaMail API documentation.

For Knowledge, you have to modify the following properties to the configuration file /gatein/conf/configuration.properties to make sure that this mail service works with the authenticated SMTP systems:

gatein.email.domain.url=http://localhost:8080
gatein.email.smtp.from=noreply@exoplatform.com

Note

The value of email address should be in a valid format.

eXo Platform 3.5 provides the Watch document function in Sites Explorer that allows you to receive email notifications of changes on your selected documents.

To customize the email notification, simply change the configuration in the configuration.properties file. This file is defined at:

The relevant section looks like:



Email content for WatchDocumentService

gatein.ecms.watchdocument.sender=support@exoplatform.com

gatein.ecms.watchdocument.subject=Your watching document is changed

gatein.ecms.watchdocument.mimetype=text/html

gatein.ecms.watchdocument.content=<![CDATA[Dear $user_name,<br><br>The document $doc_name ($doc_title) has changed.<br>

<br>Please go to <a href="$doc_url">$doc_title</a> to see this change.<br><br>]]>

Details:

Property Default value Description
gatein.ecms.watchdocument.sender support@exoplatform.com The email address of the sender.
gatein.ecms.watchdocument.subject Your watching document is changedThe subject of the notification email.
gatein.ecms.watchdocument.mimetype text/html The mimeType which is used to write the notification email. There are two types: text/html and text/plain.
gatein.ecms.watchdocument.content <![CDATA[Dear $user_name,<br><br>The document $doc_name ($doc_title) has changed.<br><br>Please go to <a href="$doc_url">$doc_title</a> to see this change.<br><br>]]>The content of the notification email.

At present, eXo Platform provides 4 parameters below in the gatein.ecms.watchdocument.content property of the email:

Note

If the values above are not set in the configuration.properties file, the server will use the default values defined in an .xml file.

The embedded WebDAV server lets you control the cache-control http header that transmits to clients by the MIME type. This is useful for fine-tuning your website.

The configuration property is exo.webdav.cache-control.

exo.webdav.cache-control=text/*:max-age=3600;image/*:max-age=1800;*/*:no-cache;

The property expects a comma-separated list of key=pair values, where keys are a list of MIME types followed by the cache-control value to set.

Note

The Chat portlet and its services are deprecated. It remains fully supported for eXo customers, however it will not receive any enhancement and will be removed from the product scope in the future.

If you change the host name and port for the Chat server, you will need to edit two properties:

# IP or hostname for the eXo Chat XMPP server
exo.chat.server=127.0.0.1

# TCP port for where the eXo Chat server listens for XMPP calls
exo.chat.port=5222

The standalone Chat server is configured in the $CHATSERVER/conf/openfire.xml file.

Configuration is based on properties expressed in the XML syntax. For example, to set the prop.name.is.blah=value property, you would write this xml snippet:




<prop>

  <name>

    <is>

      <blah>value</blah>

    </is>

  </name>

</prop>

Openfire has an extensive list of configuration properties. Please read the list of all properties in Openfire documentation for more details.

The Chat server is an Openfire server bundled with plugins and configurations that allow connectivity to eXo Platform. The following properties are used to configure it.

Property Description Default value
env
serverbaseURL Base URL for all URLs below. http://localhost:8080/
restContextName Name of the rest context. rest
provider
authorizedUser.name Username to authenticate against the HTTP REST service. root
authorizedUser.password Password matching with provider.authorizeduser.name. password
eXoAuthProvider
authenticationURL URL to authenticate users. /organization/authenticate/
authenticationMethod HTTP method used to pass parameters. POST
eXoUserProvider
findUsersURL URL to find all users. /organization/xml/user/find-all/
findUsersMethod HTTP method for user/find-all. GET
getUsersURL URL to retrieve a range of users. /organization/xml/user/view-range/
getUsersMethod HTTP method for user/view-range. GET
usersCountURL URL to count users. /organization/xml/user/count/
usersCountMethod HTTP method for user/count. GET
userInfoURL URL to get user information. /organization/xml/user/info/
userInfoMethod HTTP method for user/information. GET
eXoGroupProvider
groupInfoURL URL to get group information. /organization/xml/group/info/
groupInfoMethod HTTP method for information. GET
getGroupsAllURL URL to view all groups. /organization/xml/group/view-all/
getGroupsAllMethod HTTP method for group/view-all. GET
getGroupsRangeURL URL to view a group range. /organization/xml/group/view-from-to/
getGroupsRangeMethod HTTP method for group/view-from-to. GET
getGroupsForUserURL URL to get groups for a user. /organization/xml/group/groups-for-user/
getGroupsForUserMethod HTTP method for groups-for-user. GET
groupsCountURL URL to count groups. organization/xml/group/count
groupsCountMethod HTTP method for group/count. GET

Ports

To run the chat server properly, several ports must be opened in the firewall.

Port Type Description
5222 (1) Client to server (xmpp) The standard port for clients is to connect to the server. Connections may or may not be encrypted. You can update the security settings for this port with the exo.chat.port property.
9090 & 9091 Admin Console (http) The ports used for accessing the unsecured and secured Openfire Admin Console respectively.
3478 & 3479 STUN service The port used for the service that ensures connectivity between entities behind a NAT.

eXo Platform allows users to view various types of documents directly in the Sites Explorer through the office server. To do so, the office application must be available in your local device first.

Then, JODConverter will use the default values below to start the office server.

You can customize the default values by adding the properties below in the configuration.properties file:

# JODConverter 3.0
wcm.jodconverter.portnumbers=8100,8101,8102,8103,8104
wcm.jodconverter.officehome=/usr/lib/libreoffice
wcm.jodconverter.taskqueuetimeout=30000
wcm.jodconverter.taskexecutiontimeout=120000
wcm.jodconverter.maxtasksperprocess=200
wcm.jodconverter.retrytimeout=120000
Key Default value Description
wcm.jodconverter.portnumbers 2002List of ports, separated by commas, those used by each JODConverter processing thread. The number of office instances is equal to the number of ports.
wcm.jodconverter.officehomeSee here The absolute path to the office home on the current local device. It means that the office needs to be installed in the local device before using it.
wcm.jodconverter.taskqueuetimeout 30000 The maximum living time of a task in the conversation queue. The task will be removed out of the queue if the waiting time is longer than taskQueueTimeout.
wcm.jodconverter.taskexecutiontimeout 120000 The maximum time to process a task. If the processing time of a task is longer than taskExecutionTimeout, this task will be aborted and the next task is processed.
wcm.jodconverter.maxtasksperprocess 200 The maximum number of tasks are processed.
wcm.jodconverter.retrytimeout120000 The interval time to try to restart the office services after an unexpected crash.

The default office home 

"/opt/openoffice.org3"
"/opt/libreoffice"
"/usr/lib/openoffice"
"/usr/lib/libreoffice"

"<SYSTEM_PROGRAMFILES>/OpenOffice.org 3"
"<SYSTEM_PROGRAMFILES>/LibreOffice 3"

"/Applications/OpenOffice.org.app/Contents"
"/Applications/LibreOffice.app/Contents"

The login to eXo Platform is controlled by the Java Logging API.

By default, the login is configured to:

  • log errors and warnings on the console.

  • logs /gatein/logs/gatein-YYYY-MM-DD.log.

In Tomcat, the login is configured via the conf/logging.properties file. Please refer to Tomcat's Logging Documentation for more information on how to adjust this file to your needs.

The set of properties controls the JCR behaviour.

# Type of JCR configuration to use. Possible values are:
# local : local JBC configuration
# cluster : cluster JBC configuration
gatein.jcr.config.type=local

....

# JCR dialect.
# auto : enabled auto detection
gatein.jcr.datasource.dialect=auto

# JCR Session Registry configuration
# Define here the Max Age of the JCR Session in the session registry (in seconds)
gatein.jcr.sessionregistry.sessionmaxage=300

# JCR cache configuration
gatein.jcr.cache.config=file:${gatein.conf.dir}/jcr/jbosscache/${gatein.jcr.config.type}/cache-config.xml
gatein.jcr.cache.expiration.time=15m

# JCR Locks configuration
gatein.jcr.lock.cache.config=file:${gatein.conf.dir}/jcr/jbosscache/${gatein.jcr.config.type}/lock-config.xml

# JCR Index configuration
gatein.jcr.index.cache.config=file:${gatein.conf.dir}/jcr/jbosscache/${gatein.jcr.config.type}/indexer-config.xml

# JGroups configuration
# for eXo Cache and IDM org-service (in cluster cache-config.xml files)
gatein.jgroups.config=${gatein.conf.dir}/jgroups/jgroups-udp.xml
# for JCR
gatein.jcr.jgroups.config=file:${gatein.jgroups.config}

Details:

gatein.jcr.config.type Set to cluster if you want to use eXo Platform in the cluster mode. Otherwise, leave local.
gatein.jcr.cache.config Path to the JBoss Cache configuration for the JCR cache.
gatein.jcr.cache.expiration.time JCR cache expiration time.
gatein.jcr.lock.cache.config Path to the JBoss Cache configuration for the JCR lock.
gatein.jcr.index.cache.config Path to the JBoss Cache configuration for the JCR index.
gatein.jgroups.config Path to the JGroups configuration to use for the cluster mode of eXo Cache and PicketLink IDM organization service (see below in IDM caches).
gatein.jcr.jgroups.config Path to the JGroups configuration to use for the cluster mode.

For more details on configuring these files, please refer to the eXo JCR Reference Guide.

Please refer to the Cache management view section to see the description about the cache configuration.

# Portal Cache Configuration - TemplateService
cache.exo.portal.TemplateService.capacity=3000
cache.exo.portal.TemplateService.liveTime=600

# Portal Cache Configuration - ResourceBundleData
cache.exo.portal.ResourceBundleData.capacity=3000
cache.exo.portal.ResourceBundleData.liveTime=600

# Portal Cache Configuration - MOPSessionManager
cache.exo.portal.MOPSessionManager.Capacity=5000
cache.exo.portal.MOPSessionManager.TimeToLive=60000
cache.exo.portal.MOPSessionManager.ExpirationTimeout=60000

# Social Cache Configuration - IdentityCache
cache.exo.social.IdentityCache.Capacity:300
cache.exo.social.IdentityCache.TimeToLive:-1

# Social Cache Configuration - IdentityIndexCache
cache.exo.social.IdentityIndexCache.Capacity:300
cache.exo.social.IdentityIndexCache.TimeToLive:-1

# Social Cache Configuration - ProfileCache
cache.exo.social.ProfileCache.Capacity:300
cache.exo.social.ProfileCache.TimeToLive:-1

# Social Cache Configuration - IdentitiesCountCache
cache.exo.social.IdentitiesCountCache.Capacity:2000
cache.exo.social.IdentitiesCountCache.TimeToLive:86400

# Social Cache Configuration - IdentitiesCache
cache.exo.social.IdentitiesCache.Capacity:2000
cache.exo.social.IdentitiesCache.TimeToLive:86400

# Social Cache Configuration - RelationshipCache
cache.exo.social.RelationshipCache.Capacity:10000
cache.exo.social.RelationshipCache.TimeToLive:-1

# Social Cache Configuration - RelationshipFromIdentityCache
cache.exo.social.RelationshipFromIdentityCache.Capacity:10000
cache.exo.social.RelationshipFromIdentityCache.TimeToLive:-1

# Social Cache Configuration - RelationshipsCountCache
cache.exo.social.RelationshipsCountCache.Capacity:800
cache.exo.social.RelationshipsCountCache.TimeToLive:-1

# Social Cache Configuration - RelationshipsCache
cache.exo.social.RelationshipsCache.Capacity:800
cache.exo.social.RelationshipsCache.TimeToLive:-1

# Social Cache Configuration - ActivityCache
cache.exo.social.ActivityCache.Capacity:6000
cache.exo.social.ActivityCache.TimeToLive:-1

# Social Cache Configuration - ActivitiesCountCache
cache.exo.social.ActivitiesCountCache.Capacity:4000
cache.exo.social.ActivitiesCountCache.TimeToLive:-1

# Social Cache Configuration - ActivitiesCache
cache.exo.social.ActivitiesCache.Capacity:4000
cache.exo.social.ActivitiesCache.TimeToLive:-1

# Social Cache Configuration - SpaceCache
cache.exo.social.SpaceCache.Capacity:100
cache.exo.social.SpaceCache.TimeToLive:-1

# Social Cache Configuration - SpaceRefCache
cache.exo.social.SpaceRefCache.Capacity:400
cache.exo.social.SpaceRefCache.TimeToLive:-1

# Social Cache Configuration - SpacesCountCache
cache.exo.social.SpacesCountCache.Capacity:2000
cache.exo.social.SpacesCountCache.TimeToLive:86400

# Social Cache Configuration - SpacesCache
cache.exo.social.SpacesCache.Capacity:2000
cache.exo.social.SpacesCache.TimeToLive:86400


# ECMS Cache Configuration - Viewer
cache.exo.ecms.Viewer.PDFViewer.Capacity=300
cache.exo.ecms.Viewer.PDFViewer.TimeToLive=3600

# ECMS Cache Configuration - Drives
cache.exo.ecms.Drives.ManageDrive.Capacity=300
cache.exo.ecms.Drives.ManageDrive.TimeToLive=86400

# ECMS Cache Configuration - Scripts
cache.exo.ecms.Scripts.ScriptService.Capacity=300
cache.exo.ecms.Scripts.ScriptService.TimeToLive=86400

# ECMS Cache Configuration - Templates
cache.exo.ecms.Templates.TemplateService.Capacity=300
cache.exo.ecms.Templates.TemplateService.TimeToLive=86400

# ECMS Cache Configuration - Webcontent
cache.exo.ecms.Webcontent.InitialWebContentPlugin.Capacity=300
cache.exo.ecms.Webcontent.InitialWebContentPlugin.TimeToLive=600

# ECMS Cache Configuration - WCM Composer
cache.exo.ecms.WCMComposer.Capacity=1000
cache.exo.ecms.WCMComposer.TimeToLive=3600

In eXo Platform, the user "root" is defined as the super-admin by default. You could override this configuration by modifying the system property named exo.super.user defined in configuration.properties.

In eXo Platform, the default users, excluding Super-admin user, are defined in "Acme WebSite" and "Office Intranet" extensions. By deleting those extensions, the users "john", "demo", "james" and "mary" will not be created.

If all new members require access to the toolbar (but NOT the Content Management System (CMS)), administrators can change the default portal behavior to meet your request by doing the following steps:

1. Define the group of new members in the organization-configuration.xml file defined in the path tomcat/webapps/ecmdemo/WEB-INF/conf/sample-portal/portal/organization-configuration.xml.




<component-plugin>

      <name>wcm.new.user.event.listener</name>

      <set-method>addListenerPlugin</set-method>

      <type>org.exoplatform.services.organization.impl.NewUserEventListener</type>

      <description>this listener assign group and membership to a new created user</description>

      <init-params>

        <object-param>

          <name>configuration</name>

          <description>description</description>

          <object type="org.exoplatform.services.organization.impl.NewUserConfig">

            <field name="group">

              <collection type="java.util.ArrayList">

                <value>

                  <object type="org.exoplatform.services.organization.impl.NewUserConfig$JoinGroup">

                    <field name="groupId"><string>/platform/users</string></field>

                    <field name="membership"><string>member</string></field>

                  </object>

                </value>                

              </collection>

            </field>

            <field name="ignoredUser">

              <collection type="java.util.HashSet">

                <value><string>james</string></value>

              </collection>

            </field>

          </object>

        </object-param>

      </init-params>

</component-plugin>

The sample configuration above sets the group of new users to the /platform/users group with the member role.

2. Customize the value of <access-permissions> in the sharedlayout.xml file defined in the path tomcat/webapps/ecm-wcm-extension/WEB-INF/conf/portal/portal/sharedlayout.xml file as follows:




<container template="system:/groovy/portal/webui/container/UIContainer.gtmpl">

     <container template="system:/groovy/portal/webui/container/UIToolbarContainer.gtmpl">

          <!-- users containing to the following group can see the top toolbar -->

       <access-permissions>*:/platform/users</access-permissions>

       ...........................

     </container>

</container>   

3. Restart the server.

If all users require access to both the toolbar and the underlying CMS implementation, administrators can change the default portal behavior to grant the appropriate permissions to newly registered users:

1. Do the same as Step 1 and Step 2 of "Grant all users access to toolbar but not CMS".

2. Edit the organization-configuration.xml file and add /platform/web-contributors to wcm.new.user.event.listener. See the example below: 




<component-plugin>

      <name>wcm.new.user.event.listener</name>

      <set-method>addListenerPlugin</set-method>

      <type>org.exoplatform.services.organization.impl.NewUserEventListener</type>

      <description>this listener assign group and membership to a new created user</description>

      <init-params>

        <object-param>

          <name>configuration</name>

          <description>description</description>

          <object type="org.exoplatform.services.organization.impl.NewUserConfig">

            <field name="group">

              <collection type="java.util.ArrayList">

                <value>

                  <object type="org.exoplatform.services.organization.impl.NewUserConfig$JoinGroup">

                    <field name="groupId"><string>/platform/users</string></field>

                    <field name="membership"><string>member</string></field>

                  </object>

                </value>

                <!-- new users should also be a member of the web-contributors group to see the top toolbar -->

                <value>

                  <object type="org.exoplatform.services.organization.impl.NewUserConfig$JoinGroup">

                    <field name="groupId"><string>/platform/web-contributors</string></field>

                    <field name="membership"><string>member</string></field>

                  </object>

                </value>

              </collection>

            </field>

            <field name="ignoredUser">

              <collection type="java.util.HashSet">

                <value><string>james</string></value>

              </collection>

            </field>

          </object>

        </object-param>

      </init-params>

</component-plugin>

3. Restart the server.

Default OAuth key configuration

In eXo Platform, OAuth gadgets use a OAuth key to authorize with external service providers. There is always a default key defined in the oauthkey.pem file. This key will be used in case the OAuth gadgets do not indicate a key.

It is strongly recommended that you create your own oauthkey.pem file by using the openssl tool and some commands as follows:

openssl req -newkey rsa:1024 -days 365 -nodes -x509 -keyout testkey.pem -out testkey.pem -subj '/CN=mytestkey'
openssl pkcs8 -in testkey.pem -out oauthkey.pem -topk8 -nocrypt -outform PEM

After creating the new oauthkey.pem file, you can use it to replace the default oauthkey.pem file in the gatein/gadgets/ folder.

# navigation controller file
gatein.portal.controller.config=${gatein.conf.dir}/controller.xml

# global portlet.xml
gatein.portlet.config=${gatein.conf.dir}/portlet.xml

# JNDI Name of the IDM datasource
# portal name will be appended to this name before the JNDI lookup
# example : java:/comp/env/exo-idm in "portal" portal will result in a JNDI lookup on context : java:/comp/env/exo-idm_portal 
gatein.idm.datasource.name=java:exo-idm

# IDM 
gatein.portal.idm.createuserportal=false
gatein.portal.idm.destroyuserportal=true

# IDM caches
gatein.idm.api.cache.config=file:${gatein.conf.dir}/idm/jbosscache/${gatein.jcr.config.type}/api-cache-config.xml
gatein.idm.store.cache.config=file:${gatein.conf.dir}/idm/jbosscache/${gatein.jcr.config.type}/store-cache-config.xml

# Key files for gadget
gatein.gadgets.securitytokenkeyfile=${exo.shared.dir}/gadgets/key.txt
gatein.gadgets.signingkeyfile=${exo.shared.dir}/gadgets/oauthkey.pem

Chapter 3. Management

In this chapter, the following topics are included:

Managing resources of eXo Platform is critical for IT operators and system administrators to monitor and supervise the production system.

The eXo Platform product is exposed as a manageable set of resources that can be inspected at runtime to monitor and manage servers.

When it comes to Java, the Java Management Extension (also known as JMX) is the de-facto standard to expose managed resources externally.

This chapter explains various resources provided by the eXo Platform server, possible management actions, and how to obtain relevant metrics.

The resources management is exposed via the JMX layer. eXo Platform registers a set of MBean entities in an MBeanServer.

At runtime, MBeans are registered by the eXo Kernel in the MBeanServer and directly viewable in the JMX console. However, it is strongly recommended that you use a better JMX client, such as JVisualVM, available since Java 6.

To enable JMX monitoring in Tomcat, you need to pass the following system property to the VM: -Dcom.sun.management.jmxremote.

The built-in REST Management Provider of eXo Platform makes some of the MBeans operations accessible as REST endpoints. Administrators can handle the system simply with a browser without performing any complex configurations.

Only members of the platform/administrators group are given permission to work on the REST management. The authentication requires you to log in by your own account.

The base URL to access the REST endpoints is http://localhost:8080/rest/management, with the last one followed by the parameter parsed in the managed resource's @RESTEndpoint annotation, leading slash then targeted operation. Consider the SkinService, which is annotated @RESTEndpoint("skinservice"); the full URL to access JMX 'getSkinList' method through the REST request is http://localhost:8080/rest/management/skinservice/getSkinList.

PortalContainer manages all objects and configurations of a given portal.

AttributeDescription
ConfigurationXML Configuration information of the specified portal container in the XML format.
Name The name of the portal container.
RegisteredComponentNames The list of the registered component names.
Started Indicate the portal container is started or not.
OperationDescription
getConfigurationXML Return configuration information of the portal container calculated by the loading mechanism. The returned value is an XML document in the eXo Kernel format.
getName Return the portal container name.
getRegisteredComponentNames Return the list of all registered component names.
isStarted Check if the portal container is started or not. The portal container is only started once all its components have been started.

Note

PortalContainer can be controlled through the following path:

eXo Platform uses caches at several levels. Monitoring them can provide the critical performance information, especially useful for tuning the server. Each cache is exposed with statistics and management operations.

AttributeDescription
Name The name of the cache.
Capacity The maximum capacity of the cache.
HitCount The total number of times the cache was successfully queried.
MissCount The total number of times the cache was queried without success.
Size The number of entries in the cache.
TimeToLive The valid period of the cache entry in seconds. If the value is set to -1, the entries are never expired.
OperationDescription
clearCache() Evict all entries from the cache. This method can be used to force a programmatic flush of the cache.
getName Return the cache name.
getLiveTime Return the valid lifetime of an entry in the cache in seconds.
setLiveTime Set the valid lifetime of an entry in the cache in seconds.
getCacheHit Return the total number of successful hits.
getCacheMiss Return the total number of unsuccessful hits.
getMaxSize Return the maximum capacity of the cache.
setMaxSize Set the maximum capacity of the cache.
getCacheSize Return the number of entries in the cache.
Cache NameDescription
MOPSessionManager Cache all model objects of portal by storageId, such as pages, navigations, and preferences.
ResourceBundleData Cache all resource bundles by name and locale.
TemplateService Cache all Groovy templates of portal by its template path and ResourceResolver.
Cache NameDescription
org.exoplatform.services.jcr.impl.core. lock.LockManagerImpl

Cache lockData by the lockToken.

Cache lockData by the internal identifier of node.

Cache NameDescription
org.exoplatform.ecm.REST.viewer. PDFViewerRESTService Cache data of PDF files by the ObjectKey object.
org.exoplatform.services.cms.drives. ManageDriveService Cache all drives of Sites Explorer by the drive group name (String constant).
org.exoplatform.services.cms.scripts. impl.ScriptService Cache all Groovy script files by the script name.
org.exoplatform.services.cms.templates. TemplateService Cache all Groovy templates by the mechanism of org.exoplatform.groovyscript. text.TemplateService.
org.exoplatform.services.wcm. webcontent.InitialWebContentPlugin Cache all artifact data by sourcePath of deploymentDescriptor. These data are reused when a new portal is deployed.
wcm.composer Cache published contents by the hash generated from path, version, remoteUser, language, recursive, orderBy, orderType, primaryType of cached nodes in Content.
Cache NameDescription
ActivitiesCache Cache activities list by ListActivitiesKey.
ActivitiesCountCache Cache count of activities by activity ID, identity ID (the identity who makes request) and the type of activity.
ActivityCache Cache activity by ActivityKey (based on the activity ID).
IdentitiesCache Cache identity list by ListIdentitiesKey (based on IdentityFilterKey, offset, limit).
IdentitiesCountCache Cache identity count by IdentityFilterKey (based on the provider ID, remote ID, name, positon, company, skills, first character of the identity, and the List<IdentityKey>).
IdentityCache Cache identity by IdentityKey (based on the identity ID) .
IdentityIndexCache Cache identity index by IdentityCompositeKey (based on the provider ID and the remote ID).
ProfileCache Cache profile by IdentityKey (based on the identity ID).
RelationshipCache Cache relationship by RelationshipKey (based on the ID of the relationship).
RelationshipFromIdentityCache Cache relationship key by RelationshipIdentityKey (based on the identity ID of 2 users which have relationship).
RelationshipsCache Cache list identity wich have relation by ListRelationshipsKey.
RelationshipsCountCache Cache relationship count by RelationshipCountKey.
SpaceCache Cache space by SpaceKey (based on the space ID).
SpaceRefCache Cache ref space by SpaceRefKey (base on the display name, pretty name, group ID and the space URL).
SpacesCache Cache list space by ListSpacesKey (based on SpaceFilterKey, offset and limit).
SpacesCountCache Cache spaces count by spaceFilterKey (based on the user ID, the first character of space name, the space name search condition, and space type (MEMBER,PENDING,INVITED,PUBLIC,ACCESSIBLE, VISIBLE, EDITABLE, ALL)).

The CacheManager management view enables you to control different caches.

OperationDescription
clearCaches() Force a programmatic flush of all the registered caches.

PicketLinkIDMCacheService is the default implementation for the organization model.

exo:portal="portal",service=PicketLinkIDMCacheService,name=plidmcache.

OperationDescription
invalidateAll Invalidate all caches.
invalidate(namespace) Invalidate a specific cache namespace.

Note

PicketLinkIDMCacheService can be controlled through the following path:

However, the REST View managements of Cache instances and CacheManager are not currently exposed in this version.

WCMComposer is responsible for assembling pages, and is key for serving pages efficiently.

AttributeDescription
Cached Indicate the cache is used or not.
CachedEntries The number of nodes in the cache.
UsedLanguages The list of all languages accessible in the composer.
UsedOrderBy The list of OrderBy properties accessible in the composer.
UsedPrimaryTypes The list of primary types accessible in the composer.
OperationDescription
cleanTemplates Clean all templates in the composer.
setCached(iscached) Enable/Disable caching in the composer.
useDefaultLanguage Check if the default language is used in case the translation is not published.
getUsedPrimaryTypes Return the list of primary types accessible in the composer.
getCachedEntries Return the number of nodes in the cache.
isCached Check if the cache is used in the composer.
getUsedLanguages Return the list of all languages accessible in the composer.
getUsedOrderBy Return the list of OrderBy properties accessible in the composer.

FriendlyService is to make URIs more friendly.

AttributeDescription
Enabled Indicate the service is enabled or not.
Friendlies The list of registered Friendly URIs.
ServletName The name of the servlet referenced in the service.
OperationDescription
addFriendly(friendlyUri, unfriendlyUri) Add a new Friendly Uri to the list with two parameters: friendlyUri and unfriendlyUri. The value entered in the friendlyUri field replaces that of the unfriendlyUri field.
removeFriendly(friendlyUri) Remove a friendly URI from the list by entering that Uri into the friendlyUri field.
isEnabled Check if the service is enabled or not. If the value is returned as "True", the service is enabled. If "False", the service is disabled.
setEnabled(isEnabled) Set the service as activated or deactivated by entering "True" or "False" respectively into the isEnabled field.
getServletName Return the name of servlet referenced in the service.
getFriendlies Return the list of registered friendly URIs.
AttributeDescription
PortletExpirationCache The expiration period of portlet cache in seconds.
OperationDescription
getPortletExpirationCache Return the expiration period of porlet cache in seconds.
setPortletExpirationCache (expirationCache) Set the expiration period of portlet cache by entering the value into the expirationCache field.

Note

WCMComposer, FriendlyService, and WCMService can be controlled through the following paths respectively:

Java Content Repository (JCR) provides a management view to monitor sessions, locks, repository configurations, and workspace configurations.

AttributeDescription
TimeOut The expiration period of a JCR session.
Size The number of currently active sessions.
OperationDescription
runCleanup Clean all JCR sessions timed out.
getTimeOut Return the timeout of a JCR session.
getSize Return the number of currently active sessions.

LockManager stores lock objects and is reponsible for removing expired locks.

AttributeDescription
NumLocks The number of active locks.
OperationDesription
cleanExpiredLocks Remove all expired JCR locks.
getNumLocks Return the number of active JCR locks.
Workspace NameDescription
backup Data backed up.
collaboration Data of collaboration, such as sites content, documents, groups, records space, tags, and users.
dev-monit Data of the IDE application.
dms-system Data of DMS, including node types, templates, views, taxonomy trees.
knowledge Data of knowledge, including exo:applications, and groups.
pc-system State information of producer portlets and remote portlet registry.
portal-system Data of the Portal model objects, such as navigations, pages, portals, application registry.
portal-work Information of Gadget token and Remember me token.
social Data of Social, including activity, identity, profile, relationship and space.
system Data of system, including versions storage, node types, namespaces.
wsrp-system Data of remote portlets.
AttributeDescription
Name The name of the repository container.
RegisteredComponentNames The list of registered component names in the repository.
OperationDescription
getName Return the repository container name.
getRegisteredComponentNames Return the list of registered component names in the repository.
AttributeDescription
Name The name of the workspace container.
RegisteredComponentNames The list of registered component names in the workspace.
OperationDescription
getName Return the workspace container name.
getRegisteredComponentNames Return the list of registered component names in the workspace.

Note

Currently, the REST View managements of SessionRegistry, LockManager, Repository and Workspace are not exposed in this version.

Template statistics exposes various templates used by the portal and its components to render markups. Various statistics are available for individual templates, and aggregated statistics, such as the list of the slowest templates. Most management operations are performed on a single template; those operations take the template identifier as an argument.

AttributeDescription
TemplateList The list of templates loaded.
SlowestTemplates The list of the 10 slowest templates.
MostExecutedTemplates The list of the 10 most used templates.
FastestTemplates The list of 10 fastest templates.
OperationDescription
getAverageTime(templateId) Return the average rendering time of a specified template in seconds.
getExecutionCount(templateId) Return the number of times the specified template has been executed.
getMinTime(templateId) Return the minimum rendering time of the specified template in seconds.
getMaxTime(templateId) Return the maximum rendering time of the specified template in seconds.
getSlowestTemplates Return the list of the 10 slowest templates.
getMostExecutedTemplates Return the list of the 10 most used templates.
getTemplateList Return the list of templates loaded.
getFastestTemplates Return the list of the 10 fastest templates.

Template management provides the capability to force the reload of a specified template.

OperationDescription
reloadTemplates Clear the template cache.
listCachedTemplates List identifiers of the cached templates.
reloadTemplate(templateId) Clear the template cache for a specified template identifier.
AttributeDescription
SkinList The list of loaded skins by the skin service.
OperationDescription
reloadSkin(skinId) Force a reload of the specified skin and the operation.
reloadSkins Force a reload of the loaded skins.
getSkinList Return the list of loaded skins by the skin service.
AttributeDescription
Name The name of one specific token.
ValidityTime The expiration period of one specific token in seconds.
PeriodTime The expiration daemon period of one specific token in seconds. The token is deleted after the specified period.
OperationDescription
cleanExpiredTokens Remove all expired tokens.
size Return the number of tokens, including valid tokens and expired tokens undeleted yet.
getName Return the token name.
getValidityTime Return the expiration time of one specific token in seconds.
getPeriodTime Return the expiration daemon period of one specific token in seconds.

eXo Platform provides the following TokenStore instances:

Token NameDescription
gadget-token Store tokens of the Oauth gadget into the JCR node, such as org.exoplatform.portal. gadget.core.Gadget TokenInfoService.
jcr-token Store common tokens into the JCR node, such as org.exoplatform.web.security. security.CookieTokenService, and org.exoplatform.web.security.security.Rem indPasswordTokenService.
memory-token Store temporary tokens into the transient memory, such as org.exoplatform.web. security.security.TransientTokenService.
getPortalList Return the list of identifiers of all loaded portals.
AttributeDescription
PortalList The list of identifiers of loaded portals.
OperationDescription
getThroughput(portalId) Return the number of requests for the specified portal per second.
getAverageTime(portalId) Return the average execution time of the specified portal in seconds.
getExecutionCount(portalId) Return the number of times the specified portal has been executed.
getMinTime(portalId) Return the minimum time of the specified portal in seconds.
getMaxTime(portalId) Return the maximum time of the specified portal in seconds.
getPortalList Return the list of identifiers of loaded portals.

Various applications are exposed to provide relevant statistics.

AttributeDescription
ApplicationList The list of loaded applications.
SlowestApplications The list of the 10 slowest applications.
MostExecutedApplications The list of the 10 most executed applications.
FastestApplications The list of the 10 fastest applications.
OperationDescription
getAverageTime(applicationId) Return the average time spent of the specified application.
getExecutionCount(applicationId) Return the number of times the specified application has been executed.
getMinTime(applicationId) Return the minimum time spent of the specified application.
getMaxTime(applicationId) Return the maximum time spent of the specified application.
getSlowestApplications Return the list of the 10 slowest applications.
getMostExecutedApplications Return the list of the 10 most executed applications.
getFastestApplications Return the list of the 10 fastest applications.
getApplicationList Return the list of application identifiers classified in the alphabetic order.

Note

Template statistics, Template management, Skin management, Portal statistics and Application statistics can be controlled through the following paths respectively:

However, the REST View management of TokenStore is currently not exposed in this version.

The Knowledge application provides a management view, enabling you to control rules, statistics, information of data storage in Forum and Answers.

With the Forum Service management view, you can view ADMIN rules, statistics, such as the number of online users, and information of Mail Service configuration.

AttributeDescription
AdminRules The list of rules defining administrators.
ContactProvider The string containing the specific ContactProvider implementation name which provides user profile to the forum, including: org.exoplatform.ks.com mon.user.BusinessProfileContactProvider, org.exoplatform.ks.common.user.DefaultCo ntactProvider,org.exoplatform.ks.common. user.PersonalProfileContactProvider.
MailServiceConfig The string containing the configuration of the Mail service used for the notifications in Knowledge.
OnlineUsers The list of currently online users.
OperationDescription
countOnlineUsers Return the number of currently online users.
hasForumAdminRole(String username) Check if the user is the forum administrator or not.
getAdminRules Return the list of rules defining administrators.
getOnlineUsers Return the list of online users.
getContactProvider Return the name of a specific ContactProvider implementation.
setContactProvider(String contactProviderClassName Set a specific ContactProvider implementation. The user profile on portal is obtained to populate into that of Forum.
getMailServiceConfig Return the Mail service configuration used to send notifications in Knowledge.

The Job management view enables you to view state information of Jobs used in Knowledge.

AttributeDescription
DataMap The map containing the state information for Job instances.
Name The name of the Job.
OperationDescription
getName Return the names of Job instances.
getDataMap Return the state information of Job instances.

Knowledge provides the following Job instances:

JobDescription
DeactiveJob Deactivate topics which meet TWO predefined deactivation properties: inactiveDays and forumName in Forum.
LoginJob Update information of users logged in, serving for statistics.
NotifyJob Send email notifications in Answers.
RecountActiveUserJob Indicate the number of active users in Forum.
SendMailJob Send email notifications in Forum.
UpdateDataJob Update Forum statistics, such as posts or topics of users.

The Knowledge application provides the following plugins:

AttributeDescription
AllRules The list of all rules of RoleRulesPlugin. For example, the rule defining 'root' user as an administrator follows the form of ADMIN=root.
Description The brief description of RoleRulesPlugin functions.
Name The name of RoleRulesPlugin.
RuleNames The list of possible rule names; for example, the rule defining administrators is named ADMIN.
OperationDescription
addRule Add a rule. For example, to add the ADMIN rule for the 'demo' user, you need to input two parameters: ADMIN in the p1 and demo in the p2.
getRules Return the list of rules defining the user with the role inputed in p1.
getName Return the name of the plugin.
getRuleNames Return the list of possible rule names. For example, if 'demo' and 'mary' are defined as ADMIN (ADMIN=demo, mary), the list of returned rule names will be ADMIN.
getDescription Return the brief description of the plugin.
getAllRules Return all rules added to the plugin.
AttributeDescription
BBCodes The list of BBCodes defined in the plugin.
OperationDescription
getBBCodes Return the list of BBCodes. The Forum application currently provides the following BBCodes: [URL], [JUSTIFY], [B], [HIGHLIGHT], [I], [U], [RIGHT], [EMAIL], [LIST], [COLOR], [CENTER], [CODE], [QUOTE], [CSS], [LEFT], [FONT], [GOTO], [SIZE], [SLIDESHARE], [IMG], [WIKI].
AttributeDescription
Location The location where the Forum export file is stored.
OperationDescription
getLocation Return the location where the Forum export file is stored, for example war:/data/forum/data-full-forum.zip.
AttributeDescription
Location The location where the FAQ export file is stored.
OperationDescription
getLocation Return the location where the FAQ export file is stored, for example war:/data/Technical-FAQ.zip.
isForceXML Indicate if the data loaded from the FAQ export file should override any data found in the existing database.

The Storage management view enables you to get storage information in Knowledge, such as data path, repository and workspace.

AttributeDescription
Path The JCR data path of the Forum Storage.
Repository The name of repository containing the workspace where Forum data are stored.
Workspace The name of workspace containing Forum data.
OperationDescription
getRepository Return the name of repository of the Forum Storage.
getWorkspace Return the name of workspace of the Forum Storage.
getPath Return the JCR data path of the Forum Storage.

Note

Currently, the REST View managements of Forum, Job, Plugin, Storage are not exposed in this version.

The Collaboration application provides a management view, enabling you to view some state information of Jobs used in itself.

AttributeDescription
DataMap The map containing the state information for the Job instances.
Name The name of the Job.
OperationDescription
getName Return the name of Job instances.
getDataMap Return the state information of Job instances.

The Collaboration application provides the following Job instances:

Job NameDescription
PopupReminderJob Show pop-up reminders in the Calendar application.
ReminderJob Send email reminders in the Calendar application.
messageToHistoricalMessageJob Save messages in the Chat application in the data storage of Collaboration.

Note

Currently, the REST View management of Collaboration is not exposed.

Chapter 4. Security

This chapter presents the topics related to security configuration in eXo Platform:

eXo Platform relies on JAAS for propagating the user identity and roles to the different applications deployed on the server.

The JAAS realm is used by all eXo Platform applications and even propagated to the JCR for Access Control.

By default, eXo Platform uses the JAAS realm named "gatein-domain". If your IT operation rules require you to use another JAAS realm, you will need to modify several files so that eXo Platform can work on your JAAS realm.

Since the security configuration is highly dependent of the app server, each application sever is represented separately.

In the Tomcat bundle, the JAAS configuration is controled by the $TOMCAT_HOME/conf/jaas.conf:

gatein-domain {
  org.gatein.wci.security.WCILoginModule optional;
  org.exoplatform.services.security.jaas.SharedStateLoginModule required;
  org.exoplatform.services.security.j2ee.TomcatLoginModule required; 
};

Replace gatein-domain with your own domain name.

Note

The PortalLoginModule module was designed to support the 'Remember me' feature. The password wrapped in PasswordCallback is the cookie token key. The PortalLoginModule module uses the token key to retrieve Credential object from CookieTokenService, then injects the correct username/password into the shared state (accessible from subsequent login modules). For the moment, to keep the authentication work properly, the PortalLoginModule module is mandatory. On the other hand, to ensure that correct password is visible to other login modules, it should be the first one in the JAAS configuration file. The custom login module could retrieve the real password through the shared state instead of PasswordCallback.

Tip

To learn more about the syntax, or realms in Tomcat, refer to the JAAS tutorial or Tomcat Realm How-To respectively.

For JBoss, you need to edit the default JAAS security domain in the 02portal.war!WEB-INF/jboss-web.xml file.




<jboss-web>

  <security-domain>java:/jaas/gatein-domain</security-domain>

</jboss-web>

Additionally, you need to edit the application-policy to match the security-domain in the gatein.ear!META-INF/gatein-jboss-beans.xml.




<deployment xmlns="urn:jboss:bean-deployer:2.0">

  <application-policy xmlns="urn:jboss:security-beans:1.0" name="gatein-domain">

    <authentication>

      <login-module code="org.exoplatform.web.security.PortalLoginModule" flag="required">

        <module-option name="portalContainerName">portal</module-option>

        <module-option name="realmName">gatein-domain</module-option>

      </login-module>

      <login-module code="org.exoplatform.services.security.jaas.SharedStateLoginModule" flag="required">

        <module-option name="portalContainerName">portal</module-option>

        <module-option name="realmName">gatein-domain</module-option>

      </login-module>

      <login-module code="org.exoplatform.services.security.j2ee.JbossLoginModule" flag="required">

        <module-option name="portalContainerName">portal</module-option>

        <module-option name="realmName">gatein-domain</module-option>

      </login-module>

    </authentication>

  </application-policy>

</deployment> 

Tip

To learn more about the JBoss security configuration, refer to JBoss Web Docs.

Finally, you need to do some common changes on both app servers as follows:

configuration.properties

First, change the JAAS realm to match your own security constraints and then identify the entry named exo.security.domain inside the configuration.properties file.

# Realm name
exo.security.domain=gatein-domain

Note

Internally, eXo Platform uses this setting to set a new variable named "portal.container.realm" that is then used in the Kernel configuration files, such as platform-extension/WEB-INF/conf/platform/repository-configuration.xml.

portal.war

Inside portal.war, you should declare the Realm name in the web.xml file:




<login-config>

  <auth-method>FORM</auth-method> 

  <realm-name>gatein-domain</realm-name> 

  <form-login-config>

    ...

  </form-login-config>

</login-config>

rest.war

You also need to modify rest.war to provide secured REST services properly.




<login-config>

  <auth-method>BASIC</auth-method> 

  <realm-name>gatein-domain</realm-name>        

</login-config>

Note

This change is very important, allowing you to secure the file downloads via WEBDAV.

In eXo Platform, you could allow gadgets to load remote resources. However, this could be a potential security risk, as it will make the Gadget deployed as an open web proxy. So, you can set up the anonymous proxy to accept or deny certain hosts via configuring the ProxyFilterService.

By default, the proxy is closed to any host except the domain on which the gadget server is installed.

To modify the filtering of domain names, modify the portal.war/WEB-INF/conf/common/common-configuration.xml file.

The default configuration is set as below:




<component>

  <key>org.exoplatform.web.security.proxy.ProxyFilterService</key>

  <type>org.exoplatform.web.security.proxy.ProxyFilterService</type>

  <init-params>

    <values-param>

      <!-- The white list -->

      <name>white-list</name>

      <!-- Accept anything not black listed -->

      <value/>

    </values-param>

    <values-param>

      <name>black-list</name>

      <value/>

    </values-param>

  </init-params>

</component>

The proxy service will deny access to any domain that is in the blacklist. If the domain name does not match any of the blacklist, the proxy filter will verify if the domain name is on the white list. If the domain name is not defined in either the white list or black list, access will be denied. Multiple values can be added for each list and wildcards can also be used.

The following is an example of a valid configuration: 




<component>

  <key>org.exoplatform.web.security.proxy.ProxyFilterService</key>

  <type>org.exoplatform.web.security.proxy.ProxyFilterService</type>

  <init-params>

    <values-param>

      <name>white-list</name>

      <value>*.example.com</value>

      <value>www.example.net</value>

    </values-param>

    <values-param>

      <name>black-list</name>

      <value>evil.example.com</value>

    </values-param>

  </init-params>

</component>

By default, eXo Platform runs in the HTTP mode. However, for the security purposes, you can configure it to run in the HTTPS mode. This section explains how to configure HTTPS mode.

1. Generate your key.

If you do not have an X.509 certificate, you can make a simple certificate using the keytool command.

i. Change the variables in the following command to suit your circumstances, then run it a terminal:

keytool -genkey -alias serverkeys -keyalg RSA -keystore server.keystore -storepass 123456 -keypass 123456 -dname "CN=localhost, OU=MYOU, O=MYORG, L=MYCITY, ST=MYSTATE, C=MY"

Your key will be stored in server.keystore.

ii. Import your key into the Sun JDK keystore (this is required to help running gadget features) with the following command:

keytool -importkeystore -srckeystore server.keystore -destkeystore $JAVA_HOME/jre/lib/security/cacerts

2. Set up the Jboss configuration to use your new key.

i. Comment the following lines in JBOSS_HOME/server/<PROFILE>/deploy/jbossweb.sar/server.xml:




 <Connector URIEncoding="UTF-8" acceptCount="100" address="${jboss.bind.address}" compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript" compression="on" compressionMinSize="2048" connectionTimeout="20000" disableUploadTimeout="true" emptySessionPath="true" enableLookups="false" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" noCompressionUserAgents=".*MSIE 6.*" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>

ii. Uncomment the following line:




<Connector SSLEnabled="true" address="${jboss.bind.address}" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore" keystorePass="rmi+ssl" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>

Then, change the values of keystoreFile and keystorePass to values of your key.

3. Restart your server. You can now access the portal via https://<ServerAddress>:8443/portal.

Chapter 5. Backup and Restore

The backup of eXo Platform instance involves backing up the databases and the file systems for the JCR index and value storage. The following topics are covered in this chapter:

Note

The gatein.data.dir variable is defined in the configuration.properties file and by default points to the $APPSEVERHOME/gatein/data folder.

You can use the .tar command for the file backup from your application server home dir: 

tar cvjf gatein-backup.tar.bz gatein/data

You can start your backup strategy with the concept of a data repository. It is required to store and arrange backup data properly. The backup of one eXo Platform instance produces a set of files which can be located on various storage media (hard disk, tape, optical or solid storages, or even special remote backup services).

The files are organized in catalogs (folders) or used in different media to the concrete Platform implementation. However, it is highly recommended that you apply the Backup rotation scheme to make the backup implementation effective and reliable.

Also, be sure that your available backup solution of Operating System and Database software are always used, allowing you to simplify the backup organization and avoid mistakes and data loss.

In the pre-backup, you need to stop the whole eXo Platform server.

Warning

In case of the eXo Platform clustering, every node should be stopped before the backup is performed.

The backup of eXo Platform consists of the following parts:

  • Backup of the JCR data:

    • JCR index files, pointed by the configuration property: gatein.jcr.index.data.dir.

    • JCR value storage files, pointed by the configuration property: gatein.jcr.storage.data.dir.

    • JCR database backup, database specified in the JDNI configuration of Application server with the exo-jcr_portal name.

  • Backup of Organization service database specified in the JDNI configuration of Application server with the exo-idm_portal name.

  • Backup of Transaction service files pointed by the configuration property: com.arjuna.ats.arjuna.objectstore.objectStoreDir.

In the pre-backup, it is recommended that you prepare for tools, such as scripts, to restore data quickly and safely.

Note

eXo Platform indicates to one Portal application in this context, which is set by default. However, if your eXo Platform instance runs several portals, each of which has its own JCR, Organization and Transaction services, you should back up data of each portal separately.

Information provided in this chapter only describes the backup of the single-portal Platform. The backup can be repeated for each portal in your system. Only two types of JCR files are important in the backup: index and value storages.

The gatein.jcr.data.dir folder ($gatein.data.dir/jcr by default) also contains the swap sub-folder. The swap folder is used for temporary files in case BLOBs are stored in the database and has no meaning for backup. For more details, see the eXo JCR configuration section.

To learn more about the basic principles of eXo Platform backup and how to create your backup implementation, see the following Backup Planning example:

Environment

  • The eXo Platform server runs on the RedHat Linux server. eXo Platform provides the remote database server MySQL 5.1:

    • JCR database - jcrdb.

    • Organization service database - idmdb.

  • The eXo Platform files are on the network mounted storage /mnt/netfs/platform:

    • JCR value storage files in /mnt/netfs/platform/jcr/values.

    • JCR index files in /mnt/netfs/platform/jcr/index.

    • Transaction service stored in /mnt/netfs/platform/jta.

  • The backup storage is located on the dedicated network mounted storage: /mnt/backupfs/my_plf_backup.

Naming and Rotation

It is a general case when the backup is organized in the two-cycle rotation: backup files are stored everyday and older data are stored weekly, and the data storage history will be planned for three years.

To implement this approach, the daily backup is run (at night when the site is not in use) and stores result files (database and JCR files) on the network storage in the following structure:

  • /my_plf_backup/2010/... - The archive folder of the previous year.

  • /my_plf_backup/current/ - The archive folder of the current year.

  • /my_plf_backup/current/weeks - The weekly archive folder of the current year.

  • /my_plf_backup/current/weeks/01 - The archive folder of the first week of the current year.

  • /my_plf_backup/current/weeks/02 - The archive folder of the second week of the current year.

  • /my_plf_backup/current/weeks/N - The archive folder of the week named N of the current year.

The backup files are named to the ISO 8601 date format:

  • yyyy-MM-dd_mysql_jcrdb.tar.gz - For the JCR database.

  • yyyy-MM-dd_mysql_idmdb.tar.gz - For the Organization service database.

  • yyyy-MM-dd_jcr_values.tar.gz - For the JCR value storage files.

  • yyyy-MM-dd_jcr_index.tar.gz - For the JCR index files.

  • yyyy-MM-dd_jta.tar.gz - For the Transaction service files.

For the files backup, eXo Platform provides a shell script running on the eXo Platform server. This script does the following actions:

  • Stop the eXo Platform server to ensure the full stop by the log sniffering.

  • Run the database backup tool against jcrdb and store the result file in the archive /mnt/backupfs/my_plf_backup/current/yyyy-MM-dd_mysql_jcrdb.tar.gz.

  • Run the database backup tool against idmdb and store the result file in the archive /mnt/backupfs/my_plf_backup/current/yyyy-MM-dd_mysql_idmdb.tar.gz.

  • Copy the JCR value files to the archive /mnt/backupfs/my_plf_backup/current/yyyy-MM-dd_jcr_values.tar.gz.

  • Copy the JCR index files to the archive /mnt/backupfs/my_plf_backup/current/yyyy-MM-dd_jcr_index.tar.gz.

  • Copy the Transaction service files to the archive /mnt/backupfs/my_plf_backup/current/yyyy-MM-dd_jta.tar.gz.

  • Copy all old archive files of 7 days to a week folder, for example /my_plf_backup/current/weeks/02.

  • Delete older files of 7 days as from /my_plf_backup/current/.

  • Create a folder for the previous year in /my_plf_backup/ if it is the first week of a new year, such as /my_plf_backup/2010, and then move content of /my_plf_backup/current/weeks there.

  • Start the eXo Platform server.

  • Send email to the administrator in case of any errors on any step.

Note

Examples of the script implementation are out of the scope of this guide.

1. Stop the whole eXo Platform instance by using the shell command: stop_eXo. To see more details, see the Installation and Startup chapter.

2. Run the backup procedure, including:

  • The JCR database.

  • The Organization service database.

  • The JCR value storage files.

  • The JCR index files.

  • The Transaction service files.

3. Archive the backup files to your backup storage.

4. Start the eXo Platform server.

Note

In case of the eXo Platform clustering, start the backup to the steps described in the Clustering chapter.

Restoring from the backup can be used in several cases, such as failure, or site duplication. Similar to the backup, it is important to stop the whole eXo Platform before restoring. Next, do the main steps to start restoring from the backup of eXo Platform:

1. Unarchive the backup files from the backup storage to the temporary location.

2. Stop the whole eXo Platform instance by using the shell command stop_eXo. To see more details, see the Installation and Startup chapter.

3. Run the restoring procedure to restore from the backup local files for:

  • The JCR database.

  • The Organization service database.

  • The JCR value storage files.

  • The JCR index files.

  • The Transaction service files.

4. Start the eXo Platform server.

Note

In case of the eXo Platform clustering, start restoring to the steps described in the Clustering chapter.

Steps described above are based on the whole backup of data. However, the incremental backup approach allows you to preserve data by creating multiple copies that are based on the differences in those data. The successive copy of data only contains the portion which has been changed since the preceding copy has been created.

In steps described above, it is also possible to implement an incremental backup against the eXo Platform data.

Users of the Unix platforms can use the rsync tool for files synchronization and implement the incremental backup for JCR value and index files. Meanwhile, Microsoft Windows users can use the Backup utility (Ntbackup.exe).

These tools can be used in conjunction with a database incremental backup feature of your RDBMS to implement the eXo Platform incremental backup solution. However, all backup targets described above should be counted.

In case of the example, it is possible to organize the full backup weekly (on Sunday) and incrementals daily. The incremental backup will be faster, and reduce your site maintenance daily.

Note

It is also possible to use the ready solutions as backula.org.

Chapter 6. Clustering

This chapter covers the following topics:

Clustering allows eXo Platfrom users to run various portal instances on several parallel servers which are also called nodes. The load is distributed across different servers, so the portal is still accessible via other cluster nodes in case of any failed servers. Thanks to adding more nodes to the cluster, eXo Platform's performance can be much improved. A cluster is a set of nodes which is managed together and participate in the workload management. Installing eXo Platform in the cluster mode is considered in the following main cases:

These characteristics should be handled by the overall architecture of your system. The Load Balancing is typically achieved by a front server or device that distributes the request to the cluster nodes. Also, the High Availability on the data layer can be typically achieved using the native replication implemented by Relation Database Management System (RDBMS) or Shared File Systems, such as SAN and NAS.

In eXo Platform, the persistence mostly relies on JCR, which is a middleware between the eXo Platform applications (including the Portal) and the database. Hence, this component must be configured to work in the cluster mode.

The embedded JCR server requires a portion of its state to be shared on a file system shared among the cluster nodes:

Note

Since Platform 3.5, a local JCR index can be used on each node of the cluster. It is a new feature and it needs a special configuration in Platform (described below).

All nodes must have the read/write access to the shared file system.

Note

It is strongly recommended that you use a mount point on a SAN.

The following steps describe a typical setup of Platform cluster:

This step is done in the configuration.properties file. This configuration.properties file must be set in the same way on all the cluster nodes. First, point the exo.shared.dir variable to a directory shared between cluster nodes.

exo.shared.dir=/PATH/TO/SHARED/FS

The path is shared, so all nodes will need the read/write access to this path. Then, switch the JCR to the cluster mode.

gatein.jcr.config.type=cluster

In this step, JCR enables the automatic network replication and discovery between other cluster nodes.

You need to indicate the cluster kernel profile to eXo Platform. This can be done by editing the startup script in the bin/gatein.sh folder as below:

EXO_PROFILES="-Dexo.profiles=default,cluster"

or use the start_eXo.sh script with such parameters:

./start_eXo.sh default,cluster

For the initial startup of your JCR cluster, you should only start a single node. This node will initialize the internal JCR database and create the system workspace. Once the initial node is definitely started, you can start the other nodes.

Note

This constraint is only for the initial start. As above, you can start the cluster in any order, but it should be started fully from the single node. After that, others can start in any order or in parallel.

Note

Always start the cluster from a single node, as on initial startup, and then start all others in any order or in parallel. Nodes of the cluster will automatically try to join others at startup. Once they have discovered each other, they will synchronize their state. During the synchronization, the node is not ready to serve requests.

The cluster mode is preconfigured to work out of the box. The eXo Platform clustering fully relies on the JBossCache replication which uses JGroups internally. The default configuration of JBossCache lies in exo.portal.component.common-x.x.x.jar. Since eXo Platform 3.5, the JCR's JBossCache configuration is externalized to the gatein.conf.dir configuration folder:

Note

The advanced configuration is optional and is not required in general cases. It is recommended to do an advanced configuration only in case of a need.

The JBossCache configuration is done in the configuration.properties file using following properties:

# JCR cache configuration
gatein.jcr.cache.config=file:${gatein.conf.dir}/jcr/jbosscache/${gatein.jcr.config.type}/cache-config.xml
gatein.jcr.cache.expiration.time=15m

# JCR Locks configuration
gatein.jcr.lock.cache.config=file:${gatein.conf.dir}/jcr/jbosscache/${gatein.jcr.config.type}/lock-config.xml

# JCR Index configuration
gatein.jcr.index.cache.config=file:${gatein.conf.dir}/jcr/jbosscache/${gatein.jcr.config.type}/indexer-config.xml

# JGroups configuration
gatein.jgroups.jmxstatistics.enable=true
# for eXo Cache and IDM org-service (in cluster cache-config.xml files)
gatein.jgroups.config=${gatein.conf.dir}/jgroups/jgroups-udp.xml
# for JCR
gatein.jcr.jgroups.config=file:${gatein.jgroups.config}

By default, the nodes discovery is based on UDP, in which JGroups is responsible for the nodes identification through the UDP transport. The administrator can change the configuration of detection and ports in jgroups-udp.xml.

Optionally, if you need separate physical storage for JCR indexes and value storage files, it is possible to configure related paths, each to a separate shared file system:

gatein.jcr.storage.data.dir=/PATH/TO/SHARED/VALUES_FS/values
gatein.jcr.index.data.dir=/PATH/TO/SHARED/INDEX_FS/index

Note

JCR clustering with local index on each node is a new feature. Find more information about Indexing in clustered environment in JCR reference documentation.

If the cluster is used with the local JCR index on each node, apply the following changes to the steps described above:

gatein.jcr.index.data.dir=/PATH/TO/LOCAL/INDEX

EXO_PROFILES="-Dexo.profiles=default,cluster,cluster-index-local"

Or, by using the following command with this additional profile.

./start_eXo.sh default,cluster,cluster-index-local

Q1. How to migrate from local to the cluster mode?

If you intend to migrate your production system from local (non-cluster) to the cluster mode, follow these steps:

1. Update the configuration to the cluster mode as explained above on your main server.

2. Use the same configuration on other cluster nodes.

3. Move the index and value storage to the shared file system.

4. Start the cluster.

Q2. Why is startup failed with the "Port value out of range" error?

On Linux, your startup is failed if you encounter the following error:

[INFO] Caused by: java.lang.IllegalArgumentException: Port value out of range: 65536

This problem happens under specific circumstances when JGroups-the networking library behind the clustering attempts to detect the IP to use for communication with other nodes.

You need to verify:

  • The host name is a valid IP address, served by one of the network devices, such as eth0, eth1.

  • The host name is NOT defined as localhost or 127.0.0.1.

Q3. How to solve the "failed sending message to null" error?

If you encounter the following error when starting up in the cluster mode on Linux:

Dec 15, 2010 6:11:31 PM org.jgroups.protocols.TP down
SEVERE: failed sending message to null (44 bytes)
java.lang.Exception: dest=/228.10.10.10:45588 (47 bytes)

Be aware that clustering on Linux only works with IPv4. Therefore, when using a cluster under Linux, add the following property to JVM parameters:

 -Djava.net.preferIPv4Stack=true

Q3. How to hide JGroups protocol warnings in the log?

In cluster mode several Platform subsystems, such as JCR, various caches, organization service, use shared JGroups transport. And in case of used by default UDP transport it might cause a side effect - lot of warnings, like these below:

WARNING: discarded message from different group "gatein-idm-api-cluster" (our group is "gatein-idm-store-cluster"). Sender was 192.168.1.55:54232
Dec 16, 2011 4:46:09 PM org.jgroups.protocols.TP passMessageUp
WARNING: discarded message from different group "gatein-idm-store-cluster" (our group is "gatein-idm-api-cluster"). Sender was 192.168.1.55:63364
Dec 16, 2011 4:46:10 PM org.jgroups.protocols.TP passMessageUp

To hide such warnings need configure the Application Server logger in appropriate way:

  • Apache Tomcat, in ${CATALINA_HOME}/conf/logging.properties add following lines

org.jgroups.level = SEVERE
org.jgroups.handlers = java.util.logging.ConsoleHandler,6gatein.org.apache.juli.FileHandler

  • JBoss Application Server, for server profile all, add in ${jboss_server}/server/all/conf/jboss-log4j.xml following

  <category name="org.jgroups.protocols.UDP">
    <priority value="ERROR"/>
  </category>

Chapter 7. Deployment

This chapter covers the following topics:

eXo Platform comes with two sample portals that show the capabilities of the product. However, once implementing your own extensions, you may not need these sample portals. In some cases, you usually want to remove them before deploying your system in production.

The following instructions are used in cases where the hsqldb embedded database configuration is used.

Both Acme website and Acme Social Intranet are sample extensions demonstrating the intranet that you can implement with eXo Platform.

Remove the Acme website/Acme Social Intranet

1. Stop the server using the shutdown.sh command.

2. Delete the following relevant files: Tomcat

JBoss

3. Restart the server.

Crash is a complementary tool for development and maintenance. As it opens telnet and SSH sockets, it is highly recommended that you remove Crash for your production deployments. Crash is in the crash.war file in tomcat/webapps.

Remove a Crash

1. Stop the serve by using the shutdown.sh command.

2. Delete the crash.war file.

3. Restart the server.

Extensions are packaged as the Java EE web applications and packaged as the normal .war files. To deploy the custom extension, you may do as for any other web apps.

In Tomcat, this ends up by copying the war archive to the webapps folder.

However, the GateIn extension mechanism imposes that the starter.war webapp starts after all extension wars.

This is the case for the sample applications bundled by default.

There are several ways to control the loading order of webapps in Tomcat. Please refer to Tomcat's Deployer How To.

It may be necessary to use the HTTP server as a front-end for Tomcat. For example, you may want to keep more than one application server on the same host, and/or you want to access these app servers with the separate DNS names, without adding a port to the URL.

There are two methods that allow you to "glue" Apache HTTP Daemon and Tomcat application server:

First, you need to configure a new virtual host in Apache HTTPD for the application server. This is the simplest example of a virtual host:

<VirtualHost *:80>
  ServerName      Enter your server DNS name here
  RedirectMatch permanent "^/?$" "/portal/"
</VirtualHost>

You can find more information on the Apache HTTP daemon host here.

With the glue method, it is necessary to configure the Apache HTTP daemon to work as the reverse proxy, which will redirect the client's requests to the app server's HTTP connector.

For this connection type, you need to include the mod_proxy module in the HTTP daemon configuration file. This can be found in the httpd.conf file, which is usually located at /etc/httpd/conf/. However, depending on your OS, this path may vary. You will then need to add some directives to your virtual host configuration.

ProxyRequests   Off
ProxyPass	 "/" http://YOUR_AS_HOST:AS_HTTP_PORT/
ProxyPassReverse "/" http://YOUR_AS_HOST:AS_HTTP_PORT/

Details:

In the above example, the HTTP daemon will work in the reverse proxy mode (ProxyRequests Off) and will redirect all requests to the tcp port 8080 on the localhost. So, the configuration of a virtual host looks like the following:

<VirtualHost *:80>
  ServerName      Enter your server DNS name here
  RedirectMatch	permanent "^/?$" "/portal/"
  ProxyRequests   Off
  ProxyPass	 "/" http://localhost:8080/
  ProxyPassReverse "/" http://localhost:8080/
</VirtualHost>

For more detail on mod_proxy, refer to this documentation.

As described above, the 'glue' method can be implemented via one of the following ways:

With the first method, you only need the HTTP daemon and application server, but settings are limited.

With the second method, you can obtain more settings, but you will need to download and install additional modules for the HTTP Daemon that are not included in the default package.

Make sure that mod_proxy_ajp.so is included in the list of loadable modules. Add the following to your virtual host configuration setting:

ProxyPass / ajp://localhost:8009/

In this example, the app server is located on the same host as the Apache HTTP daemon, and accepts incoming connections on the port 8009 (the default setting for the Tomcat application server). You can find the full list of virtual host configurations here:

<VirtualHost *:80>
  ServerName      Enter your server DNS name here
  RedirectMatch	permanent "^/?$" "/portal/"
  ProxyRequests   Off
  ProxyPass	/ ajp://localhost:8009/
</VirtualHost>

1. Download AJP connector module here.

2. Move the downloaded mod_jk.so file to the HTTPD's module directory, for example /etc/httpd/modules. The directory may be different, depending on the OS.

3. Create the configuration file for the mod_jk.conf module.

LoadModule    jk_module  modules/mod_jk.so
<IfModule jk_module>
  # ---- Where to find workers.properties
        JkWorkersFile   conf.d/workers.properties
  # ---- Where to put jk logs
  JkLogFile       logs/mod_jk.log
  # ---- Set the jk log level [debug/error/info]
  JkLogLevel    info
  # ---- Select the timestamp log format
  JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
  JkRequestLogFormat "%w %R %T"
  # ---- Send everything for context /examples to worker named worker1 (ajp13)
  JkMountFileReload       "0"
</IfModule>

For more details, see the Tomcat documentation.

4. Place the mod_jk.conf file into the directory where other configuration files for Apache HTTP daemon are located. For example, /etc/httpd/conf.d/.

5. Create the workers.properties file, which defines the AJP workers for the HTTP daemon.

worker.list=status, WORKER_NAME
# Main status worker
worker.stat.type=status
worker.stat.read_only=true
worker.stat.user=admin
# Your AJP worker configuration
worker.WORKER_NAME.type=ajp13
worker.WORKER_NAME.host=localhost
worker.WORKER_NAME.port=8109
worker.WORKER_NAME.socket_timeout=120
worker.WORKER_NAME.socket_keepalive=true

Note

In the example above, you can change WORKER_NAME to any value.

6. Put this file in the same directory as the mod_jk.conf file.

7. Update the virtual host configuration.

<VirtualHost *:80>
  ServerName      Enter your server DNS name here
  RedirectMatch	permanent "^/?$" "/portal/"
  ProxyRequests   Off
  JkMount         /*	WORKER_NAME
</VirtualHost>

The session timeout defines the validation period of a session. In the portal environment, such as eXo Platform, it is highly recommended that all web applications have the same session timeout value.

The session timeout is configurable individually for each web application in the web.xml file:




<!-- ==================== Default Session Configuration ================= --> 

<!-- You can set the default session timeout (in minutes) for all newly   --> 

<!-- created sessions by modifying the value below.                       --> 

<session-config> 

  <session-timeout>30</session-timeout> 

</session-config>

In the Tomcat bundle, this file is located at $TOMCAT_HOME/conf/web.xml.

Configure the session timeout of Server Tomcat

1. Stop the server by the shutdown.sh command.

2. Open the web.xml file.

3. Change the value of the session-timeout.

4. Save and then restart the server by the gatein.sh command.

In the JBoss server, this file is located at $Jboss_home/server/default/deployers/jbossweb.deployer/web.xml.

Configure the session timeout of the JBoss server

1. Stop the server by using the shutdown.sh command.

2. Open the web.xml file.

3. Change the value of the session timeout.

4. Save and restart the server.

Chapter 8. Migration

The eXo Platform migration from 3.0 to 3.5 is performed automatically when the server is started. This chapter represents step-by-step instructions that allows you to migrate eXo Platform from 3.0 to 3.5 through the following topics:

There are many changes between eXo Platform 3.0 and eXo Platform 3.5, including data type structure (JCR node type), pre-defined data, templates and gadgets:

All of changes above will be migrated automatically by the migration tools that are detailed as below.

Note

This section discusses how to migrate eXo Platform with only one server start-up. Every configuration will be put in 2 files:

Step 1. Prepare an environment.

1. Back up the eXo Platform 3.0 and its data.

2. Configure eXo Platform 3.5 to run with the eXo Platform 3.0 data as follows:

i. With Tomcat bundle, copy 2 folders "index" and "value" from $PLF-3.0-TOMCAT_HOME/gatein/data/jcr to $PLF-3.5-TOMCAT_HOME/gatein/data/jcr. With Jboss bundle, copy 2 folders "index" and "value" from $PLF-3.0-JBOSS_HOME/gatein/jcr to $PLF-3.5-JBOSS_HOME/server/default/data/gatein/jcr.

ii. With Tomcat bundle, configure the database connections in the $PLATFORM-3.5-TOMCAT_HOME/conf/server.xml file to point to the eXo Platform 3.0 database.

For example, if your eXo Platform 3.0 runs on mySQL database, you need to configure the server.xml file as below:

<!-- eXo JCR Datasource for portal -->
	<Resource name="exo-jcr_portal" auth="Container" type="javax.sql.DataSource"
		maxActive="128" maxIdle="32" maxWait="10000"
		testWhileIdle="true" timeBetweenEvictionRunsMillis="30000" validationQuery="SELECT 1"
		username="${db.username}" password="${db.password}" driverClassName="com.mysql.jdbc.Driver"
			url="jdbc:mysql://${db.host}:${db.port}/${db.jcr.name}"/>

<!-- eXo IDM Datasource for portal -->
	<Resource name="exo-idm_portal" auth="Container" type="javax.sql.DataSource"
	   maxActive="128" maxIdle="32" maxWait="10000"
	   testWhileIdle="true" timeBetweenEvictionRunsMillis="30000" validationQuery="SELECT 1"
	   username="${db.username}" password="${db.password}" driverClassName="com.mysql.jdbc.Driver"
			url="jdbc:mysql://${db.host}:${db.port}/${db.idm.name}"/>

With Jboss bundle, configure the $PLF-3.5-JBOSS_HOME/server/default/deploy/gatein-ds.xml file.




    <!-- eXo IDM for portal -->

    <no-tx-datasource>

      <jndi-name>exo-idm_portal</jndi-name>

      <connection-url>jdbc:mysql://_$host_:3306/_$dbname-idm_</connection-url>

      <driver-class>com.mysql.jdbc.Driver</driver-class>

      <user-name>_$username_</user-name>

      <password>_$password_</password>

      <min-pool-size>5</min-pool-size>

      <max-pool-size>20</max-pool-size>

      <idle-timeout-minutes>0</idle-timeout-minutes>

      <prepared-statement-cache-size>32</prepared-statement-cache-size>

   </no-tx-datasource>

 

   <!-- eXo JCR Datasource for portal -->

   <no-tx-datasource>

      <jndi-name>exo-jcr_portal</jndi-name>

      <connection-url>jdbc:mysql://_$host_:3306/_$dbname-jcr_</connection-url>

      <driver-class>com.mysql.jdbc.Driver</driver-class>

      <user-name>_$username_</user-name>

      <password>_$password_</password>

      <min-pool-size>5</min-pool-size>

      <max-pool-size>20</max-pool-size>

      <idle-timeout-minutes>0</idle-timeout-minutes>

      <prepared-statement-cache-size>32</prepared-statement-cache-size>

   </no-tx-datasource>

iii. Delete the JCR_CONFIG table in the JCR database: "jdbc:mysql://$ {db.host} :$ {db.port} /$ {db.jcr.name} "

Step 2. Configure to migrate the eXo Platform data from 3.0 to 3.5.

1. Add the following code to the $PLATFORM-3.5-TOMCAT_HOME/gatein/conf/configuration.properties or $PLF-3.5-JBOSS_HOME/server/default/conf/gatein/configuration.properties file.

############
# Upgrades #
############
# JCR user directories structure migration configuration
# This configuration is optional, if you do not want to run it, you set use-old-user-distribution=true and run-jcr-user-directories-migrate=false
use-old-user-distribution=false
run-jcr-user-directories-migrate=true

#This configuration for JCR session time-out. It is very important to run JCR user directories migration
#This configuration is example for a Platform with 1000 users
#Please see more detail in section
gatein.jcr.transaction.timeout=10000

### Commons upgrade plugins configuration
## indicates if upgrade plugins is enabled or not

#Gadget upgrade plugin, it is required
commons.upgrade.Upgrade-Gadgets.enable=true

#ECMS upgrade plugin, all are required
commons.upgrade.UpgradeVotingNodeTypePlugin.enable=true
commons.upgrade.FavoriteActionUpgradePlugin.enable=true
commons.upgrade.ThumbnailNodeTypeUpgradePlugin.enable=true

#ECMS template and script upgrade plugin, they are required
commons.upgrade.NodeTypeTemplateUpgradePlugin.enable=true
commons.upgrade.QueryUpgradePlugin.enable=true
commons.upgrade.ScriptUpgradePlugin.enable=true
commons.upgrade.SiteExplorerTemplateUpgradePlugin.enable=true
commons.upgrade.WCMTemplateUpgradePlugin.enable=true
commons.upgrade.UserViewUpgradePlugin.enable=true

#CS upgrade plugin, it is required
commons.upgrade.UpgradeCalendarPlugin.enable=true

#Social upgrade plugin, it is required
commons.upgrade.UpgradeToMOSPlugin.enable=true

#Social space template upgrade plugin, it is required
commons.upgrade.UpgradeTemplatePlugin.enable=true

#KS forums, all of them are required
commons.upgrade.UpgradeForumPlugin.enable=true
commons.upgrade.UpgradeWikiPlugin.enable=true
commons.upgrade.UpgradeAnswerPlugin.enable=true

#Portal navigation upgrade plugin
#This Configuration is optional. If you do not want to migrate your portal/groups navigation, set commons.upgrade.Upgrade-Navigations.enable=false
commons.upgrade.Upgrade-Navigations.enable=true

#Space home page template plugin, it is required
commons.upgrade.Upgrade-Spaces-Home-page.enable=true

##This Configuration is optional. If you do not want to re-import the contents, set commons.upgrade.Upgrade-WCM-Contents.enable=false
commons.upgrade.Upgrade-WCM-Contents.enable=true

## indicates the desired execution order (names of upgrade plugins separated with commas ",")
commons.upgrade.plugins.order=Spaces-Home-page,Upgrade-Gadgets,Upgrade-Navigations,Upgrade-WCM-Contents,UpgradeVotingNodeTypePlugin,FavoriteActionUpgradePlugin,ThumbnailNodeTypeUpgradePlugin,UpgradeToMOSPlugin,UpgradeTemplatePlugin,UpgradeAnswerPlugin,UpgradeWikiPlugin,UpgradeForumPlugin,UpgradeCalendarPlugin,NodeTypeTemplateUpgradePlugin,QueryUpgradePlugin,ScriptUpgradePlugin,SiteExplorerTemplateUpgradePlugin,WCMTemplateUpgradePlugin,UserViewUpgradePlugin 

## Proceed to the upgrade if it is the first time you run this service
commons.upgrade.proceedIfFirstRun=true

2. Add the following code to the $PLATFORM-3.5-TOMCAT_HOME/gatein/conf/portal/portal/configuration.xml or $PLF-3.5-JBOSS_HOME/server/default/conf/gatein/configuration.xml file. 






<configuration xmlns="http://www.exoplatform.org/xml/ns/kernel_1_2.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.exoplatform.org/xml/ns/kernel_1_2.xsd http://www.exoplatform.org/xml/ns/kernel_1_2.xsd">



  <!--Configuration for migration JCR user directories structure-->

  <component>

    <key>org.exoplatform.services.jcr.ext.hierarchy.NodeHierarchyCreator</key>

    <type>org.exoplatform.services.jcr.ext.hierarchy.impl.NodeHierarchyCreatorImpl</type>

    <init-params>

      <value-param>

        <name>old-user-distribution</name>

        <value>${use-old-user-distribution:false}</value>

      </value-param>

      <value-param>

        <name>auto-migrate</name>

        <value>${run-jcr-user-directories-migrate:false}</value>

      </value-param>

    </init-params>

  </component>



  <!-- Configuration for migration Portal/groups navigation-->

  <!-- This Configuration is optional. If you do not want to migrate your portal/groups navigation, remove this session -->

  <!-- If there are some portals in your Platform, you need to configure for each portal-->

  <external-component-plugins>

    <!-- The full qualified name of the UserPortalConfigService -->

    <target-component>org.exoplatform.portal.config.UserPortalConfigService</target-component>

    <component-plugin>

      <!-- The name of the plugin -->

      <name>new.portal.config.user.listener</name>

      <!-- The name of the method to call on the UserPortalConfigService in order to register the NewPortalConfigs -->

      <set-method>initListener</set-method>

      <!-- The full qualified name of the NewPortalConfigListener -->

      <type>org.exoplatform.portal.config.NewPortalConfigListener</type>

      <description>this listener init the portal configuration</description>

      <init-params>

        <object-param>

          <name>portal.configuration</name>

          <description>description</description>

          <object type="org.exoplatform.portal.config.NewPortalConfig">

            <field name="predefinedOwner">

              <collection type="java.util.HashSet">

                <value>

                  <string>intranet</string>

                </value>

              </collection>

            </field>

            <field name="ownerType">

              <string>portal</string>

            </field>

            <field name="templateLocation">

              <string>war:/conf/office-extension/portal</string>

            </field>

            <field name="importMode">

              <string>merge</string>

            </field>

          </object>

        </object-param>

        <object-param>

          <name>group.configuration</name>

          <description>description</description>

          <object type="org.exoplatform.portal.config.NewPortalConfig">

            <field name="predefinedOwner">

              <collection type="java.util.HashSet">

                <value>

                  <string>/developers</string>

                </value>

              </collection>

            </field>

            <field name="ownerType">

              <string>group</string>

            </field>

            <field name="templateLocation">

              <string>war:/conf/office-extension/portal</string>

            </field>

            <field name="importMode">

              <string>overwrite</string>

            </field>

          </object>

        </object-param>

        <object-param>

          <name>portal.configuration</name>

          <description>description</description>

          <object type="org.exoplatform.portal.config.NewPortalConfig">

            <field name="predefinedOwner">

              <collection type="java.util.HashSet">

                <value>

                  <string>acme</string>

                </value>

              </collection>

            </field>

            <field name="ownerType">

              <string>portal</string>

            </field>

            <field name="templateLocation">

              <string>war:/conf/acme-portal/portal</string>

            </field>

            <field name="importMode">

              <string>overwrite</string>

            </field>

          </object>

        </object-param>

        <object-param>

          <name>group.configuration</name>

          <description>description</description>

          <object type="org.exoplatform.portal.config.NewPortalConfig">

            <field name="predefinedOwner">

              <collection type="java.util.HashSet">

                <value>

                  <string>/platform/web-contributors</string>

                </value>

              </collection>

            </field>

            <field name="ownerType">

              <string>group</string>

            </field>

            <field name="templateLocation">

              <string>war:/conf/acme-portal/portal</string>

            </field>

            <field name="importMode">

              <string>overwrite</string>

            </field>

          </object>

        </object-param>

        <object-param>

          <name>portal.configuration</name>

          <description>description</description>

          <object type="org.exoplatform.portal.config.NewPortalConfig">

            <field name="predefinedOwner">

              <collection type="java.util.HashSet">

                <value>

                  <string>default</string>

                </value>

              </collection>

            </field>

            <field name="ownerType">

              <string>portal</string>

            </field>

            <field name="templateLocation">

              <string>war:/conf/default-website/portal</string>

            </field>

            <field name="importMode">

              <string>overwrite</string>

            </field>

          </object>

        </object-param>

      </init-params>

    </component-plugin>

  </external-component-plugins>



  <!-- Configuration for re-import WCM content from webapp (.war files) file-->

  <!-- You can define the .war file that you want to re-import content-->

  <external-component-plugins>

    <target-component>org.exoplatform.commons.upgrade.UpgradeProductService</target-component>

    <!-- ECMS-Contents upgrade plugin-->

    <component-plugin>

      <name>Upgrade-WCM-Contents</name>

      <set-method>addUpgradePlugin</set-method>

      <type>org.exoplatform.platform.upgrade.plugins.UpgradeContentPlugin</type>

      <description>WCM Contents Upgrade Plugin</description>

      <init-params>

        <value-param>

          <name>product.group.id</name>

          <description>The groupId of the product</description>

          <value>org.exoplatform.platform</value>

        </value-param>

        <!--value-param>

            <name>plugin.execution.order</name>

            <description>The plugin execution order</description>

            <value>4</value>

        </value-param-->

        <values-param>

          <name>webapps-mames</name>

          <description>webapps to upgrade</description>

          <value>acme-intranet</value>

          <value>acme-intranet-portlet</value>

          <value>acme-website</value>

          <value>acme-websiteResources</value>

          <value>authoring-apps</value>

          <value>calendar</value>

          <value>chat</value>

          <value>chatbar</value>

          <value>cometd</value>

          <value>commons-extension</value>

          <value>CommonsResources</value>

          <value>contact</value>

          <value>content</value>

          <value>crash</value>

          <value>cs-extension</value>

          <value>csResources</value>

          <value>dashboard</value>

          <value>default-website</value>

          <value>ecm-wcm-core</value>

          <value>ecm-wcm-extension</value>

          <value>ecmadmin</value>

          <value>ecmbrowsecontent</value>

          <value>ecmexplorer</value>

          <value>ecmworkflow-extension</value>

          <value>exo-gadget-resources</value>

          <value>exoadmin</value>

          <value>eXoDMSGadgets</value>

          <value>eXoDMSResources</value>

          <value>eXoGadgets</value>

          <value>eXoGadgetServer</value>

          <value>eXoPlatformResources</value>

          <value>eXoResources</value>

          <value>eXoStaticResources</value>

          <value>eXoWCMResources</value>

          <value>eXoWorkflowResources</value>

          <value>faq</value>

          <value>fck</value>

          <value>formgenerator</value>

          <value>forum</value>

          <value>gadget-pack</value>

          <value>IDE</value>

          <value>intranet-gadget</value>

          <value>ks-extension</value>

          <value>ksResources</value>

          <value>mail</value>

          <value>newsletter</value>

          <value>platform-extension</value>

          <value>platformNavigation</value>

          <value>poll</value>

          <value>portal</value>

          <value>presentation</value>

          <value>rest</value>

          <value>searches</value>

          <value>seo</value>

          <value>SmartGWT</value>

          <value>social</value>

          <value>social-extension</value>

          <value>social-portlet</value>

          <value>social-resources</value>

          <value>web</value>

          <value>webos-ext</value>

          <value>webosadmin</value>

          <value>webosResources</value>

          <value>wiki</value>

          <value>workflow</value>

        </values-param>

      </init-params>

    </component-plugin>



    <!-- Configuration for Gadget upgrade plugin-->

    <!-- In can define "what are the gadget which you want to update" in this configuration-->

    <component-plugin>

      <name>Upgrade-Gadgets</name>

      <set-method>addUpgradePlugin</set-method>

      <type>org.exoplatform.platform.upgrade.plugins.UpgradeLocalGadgetsPlugin</type>

      <description>Gadgets Upgrade Plugin</description>

      <init-params>

        <value-param>

          <name>product.group.id</name>

          <description>The groupId of the product</description>

          <value>org.exoplatform.platform</value>

        </value-param>

        <!--value-param>

            <name>plugin.execution.order</name>

            <description>The plugin execution order</description>

            <value>1</value>

        </value-param-->

        <object-param>

          <name>eventslist</name>

          <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

            <field name="name">

              <string>eventslist</string>

            </field>

            <field name="path">

              <string>war:/gadgets/events/Events.xml</string>

            </field>

          </object>

        </object-param>

        <object-param>

          <name>taskslist</name>

          <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

            <field name="name">

              <string>taskslist</string>

            </field>

            <field name="path">

              <string>war:/gadgets/tasks/Tasks.xml</string>

            </field>

          </object>

        </object-param>

        <object-param>

          <name>messageslist</name>

          <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

            <field name="name">

              <string>messageslist</string>

            </field>

            <field name="path">

              <string>war:/gadgets/messages/Messages.xml</string>

            </field>

          </object>

        </object-param>

        <object-param>

          <name>To-do</name>

          <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

            <field name="name">

              <string>To-do</string>

            </field>

            <field name="path">

              <string>war:/gadgets/Todo/Todo.xml</string>

            </field>

          </object>

        </object-param>

        <object-param>

          <name>Calendar</name>

          <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

            <field name="name">

              <string>Calendar</string>

            </field>

            <field name="path">

              <string>war:/gadgets/Calendar/Calendar.xml</string>

            </field>

          </object>

        </object-param>

        <object-param>

          <name>Calculator</name>

          <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

            <field name="name">

              <string>Calculator</string>

            </field>

            <field name="path">

              <string>war:/gadgets/Calculator/Calculator.xml</string>

            </field>

          </object>

        </object-param>

        <object-param>

          <name>rssAggregator</name>

          <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

            <field name="name">

              <string>rssAggregator</string>

            </field>

            <field name="path">

              <string>war:/gadgets/rssAggregator/rssAggregator.xml</string>

            </field>

          </object>

        </object-param>

        <object-param>

          <name>IDE</name>

          <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

            <field name="name">

              <string>IDE</string>

            </field>

            <field name="path">

              <string>war:/ide.xml</string>

            </field>

          </object>

        </object-param>

        <object-param>

          <name>lastpost</name>

          <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

            <field name="name">

              <string>lastpost</string>

            </field>

            <field name="path">

              <string>war:/gadgets/lastpost/Lastpost.xml</string>

            </field>

          </object>

        </object-param>

        <object-param>

          <name>pollslist</name>

          <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

            <field name="name">

              <string>pollslist</string>

            </field>

            <field name="path">

              <string>war:/gadgets/polls/Polls.xml</string>

            </field>

          </object>

        </object-param>

        <object-param>

          <name>Activities</name>

          <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

            <field name="name">

              <string>Activities</string>

            </field>

            <field name="path">

              <string>war:/gadgets/Activities/Activities.xml</string>

            </field>

          </object>

        </object-param>

        <object-param>

          <name>ViewerFriends</name>

          <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

            <field name="name">

              <string>ViewerFriends</string>

            </field>

            <field name="path">

              <string>war:/gadgets/ViewerFriends/ViewerFriends.xml</string>

            </field>

          </object>

        </object-param>

        <object-param>

          <name>SocialRssReader</name>

          <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

            <field name="name">

              <string>SocialRssReader</string>

            </field>

            <field name="path">

              <string>war:/gadgets/SocialRssReader/SocialRssReader.xml</string>

            </field>

          </object>

        </object-param>

        <object-param>

          <name>MySpaces</name>

          <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

            <field name="name">

              <string>MySpaces</string>

            </field>

            <field name="path">

              <string>war:/gadgets/MySpaces/MySpaces.xml</string>

            </field>

          </object>

        </object-param>

      </init-params>

    </component-plugin>

  </external-component-plugins>

</configuration>

Note

If this file has not been existing, you need to create it first.

3. Increase the JCR session time-out and JVM Xmx if you have a lot of data in eXo Platform 3.0. For example, in your current eXo Platform 3.0, there are about 200 users, 2 Gigabytes in the gatein/data/jcr/values folder, and 1 Gigabyte in the mySQL data, you will need to:

i. Configure the $PLATFORM-3.5-TOMCAT_HOME/gatein/conf/configuration.properties or $PLF-3.5-JBOSS_HOME/server/default/conf/gatein/configuration.properties file by adding the following configuration.

gatein.jcr.transaction.timeout=10000

ii. Update JAVA_OPTS Xmx: with Tomcat bundle, in $PLF-3.5-TOMCAT_HOME/bin/setenv.sh or .bat file, update JVM Xmx to 4G. With Jboss bundle, update JAVA_OPTS Xmx in the $PLF-3.5-JBOSS_HOME/bin/run.conf file.

Step 3. Perform the eXo Platform data migration from 3.0 to 3.5.

In this step, you only need to start server (Tomcat bundle or JBoss bundle), and the migration will be run automatically.

Step 4. Finish your migration.

1. Stop server and remove the migration configurations through the following sub-steps:

i. Disable all migration plugins in the $PLF-3.5-TOMCAT_HOME/gatein/conf/configuration.properties file (or $PLF-3.5-JBOSS_HOME/server/default/conf/gatein/configuration.properties):

############
# Upgrades #
############
# JCR user directories structure migration configuration
use-old-user-distribution=false
run-jcr-user-directories-migrate=false
#gatein.jcr.transaction.timeout=10000

# Commons upgrade plugins configuration
## indicates if upgrade plugins is enabled or not
commons.upgrade.Upgrade-Gadgets.enable=false

#ECMS upgrade plugin
commons.upgrade.UpgradeVotingNodeTypePlugin.enable=false
commons.upgrade.FavoriteActionUpgradePlugin.enable=false
commons.upgrade.ThumbnailNodeTypeUpgradePlugin.enable=false

#ECMS template and script upgrade plugin
commons.upgrade.NodeTypeTemplateUpgradePlugin.enable=false
commons.upgrade.QueryUpgradePlugin.enable=false
commons.upgrade.ScriptUpgradePlugin.enable=false
commons.upgrade.SiteExplorerTemplateUpgradePlugin.enable=false
commons.upgrade.WCMTemplateUpgradePlugin.enable=false
commons.upgrade.UserViewUpgradePlugin.enable=false

#CS upgrade plugin
commons.upgrade.UpgradeCalendarPlugin.enable=false

#Social upgrade plugin
commons.upgrade.UpgradeToMOSPlugin.enable=false

#Social space template upgrade plugin
commons.upgrade.UpgradeTemplatePlugin.enable=false

#KS forums
commons.upgrade.UpgradeForumPlugin.enable=false
commons.upgrade.UpgradeWikiPlugin.enable=false
commons.upgrade.UpgradeAnswerPlugin.enable=false

#Portal navigation upgrade plugin
commons.upgrade.Upgrade-Navigations.enable=false

#Space home page template plugin
commons.upgrade.Upgrade-Spaces-Home-page.enable=false

#Re-import the contents
commons.upgrade.Upgrade-WCM-Contents.enable=false

## indicates the desired execution order (names of upgrade plugins separated with commas ",")
commons.upgrade.plugins.order=Upgrade-Spaces-Home-page,Upgrade-Gadgets,Upgrade-Navigations,Upgrade-WCM-Contents,UpgradeVotingNodeTypePlugin,FavoriteActionUpgradePlugin,ThumbnailNodeTypeUpgradePlugin,UpgradeToMOSPlugin,UpgradeTemplatePlugin,UpgradeAnswerPlugin,UpgradeWikiPlugin,UpgradeForumPlugin,UpgradeCalendarPlugin,NodeTypeTemplateUpgradePlugin,QueryUpgradePlugin,ScriptUpgradePlugin,SiteExplorerTemplateUpgradePlugin,WCMTemplateUpgradePlugin,UserViewUpgradePlugin

## Proceed to the upgrade if it's first time you run this service
commons.upgrade.proceedIfFirstRun=true

ii. Delete configurations that were added before the migration in $PLF-3.5-TOMCAT_HOME/gatein/conf/portal/portal/configuration.xml or $PLF-3.5-JBOSS_HOME/server/default/conf/gatein/configuration.xml file.

If you do not run the JCR user directories structure migration, you need to keep the $PLATFORM-3.5-TOMCAT_HOME/gatein/conf/portal/portal/configuration.xml or $PLF-3.5-JBOSS_HOME/server/default/conf/gatein/configuration.xml file with the content as below:






<configuration xmlns="http://www.exoplatform.org/xml/ns/kernel_1_2.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.exoplatform.org/xml/ns/kernel_1_2.xsd http://www.exoplatform.org/xml/ns/kernel_1_2.xsd">

<component>

     <key>org.exoplatform.services.jcr.ext.hierarchy.NodeHierarchyCreator</key>

     <type>org.exoplatform.services.jcr.ext.hierarchy.impl.NodeHierarchyCreatorImpl</type>

     <init-params>

<value-param>

   <name>old-user-distribution</name>

   <value>true</value>

        </value-param>

     </init-params>

</component>

</configuration>

2. Restart the server again. The migration process is done.

Note

eXo Platform 3.5's Upgrade Framework is used to migrate existing data from eXo Platform 3.0 to 3.5.

A plugin is a .jar file which is used for performing a specific task, especially for modifying the old data so that they are matched or compatible with the new structure.

Plugins can be enabled/disabled via $PLATFORM-3.5-TOMCAT_HOME/gatein/conf/configuration.properties. Meanwhile some of them are mandatory and must be always enabled; the others are optional and can be disabled. Also, plugins should also be disabled if you do not use certain features, such as Collaboration, Knowledge, Social, in your project.

To enable or disable a plugin, set the "enable" properties to "true" or "false" respectively, for example:

commons.upgrade.UpgradeVotingNodeTypePlugin.enable=true

When not specified, the plugins will be enabled by default.

This section shows a list of eXo Platform 3.5 upgrade plugins.

These following plugins are required for upgrading to eXo Platform 3.5's new data structure, templates, skin and services.

Content data tructure

ECMS templates and scripts

They are:

Note

By default, all the ECMS templates will be automatically migrated. In case you want to migrate a specific template manually, you need to specify your desired template in the configuration.properties file.

Specify the node type templates which you do not want to upgrade with the following syntax:

unchanged-nodetype-templates=<node name list>

For example:

unchanged-nodetype-templates=nt:file, exo:article

Specify the pre-defined queries which you do not want to upgrade with the following syntax: 

unchanged-queries=<query name list>

For example:

unchanged-queries=Created Documents

Specify the pre-defined scripts which you do not want to upgrade with the following syntax:

unchanged-scripts=<script name list>

For example:

unchanged-scripts=action/AddMetadataScript.groovy, action/AddTaxonomyActionScript.groovy

Specify templates of Sites Explorer with the following syntax:

unchanged-site-explorer-templates=<templates name list>

For example:

unchanged-site-explorer-templates=ThumbnailsView, ContentView

Specify views of Sites Explorer with the following syntax:

unchanged-site-explorer-views=<view name list>

For example:

unchanged-site-explorer-views=anonymous-view

Use the following templates to specify the templates of the Content List Viewer and Search portlets:

unchanged-clv-templates=<template name list>
unchanged-wcm-search-templates=<template name list>

For example:

unchanged-clv-templates=list/BigHotNewsTemplateCLV.gtmpl,navigation/CategoryList.gtmpl
unchanged-wcm-search-templates=search-form/UIDefaultSearchForm.gtmpl

Collaboration

Knowledge

Social

Gadgets 




<component-plugin>

    <name>Upgrade-Gadgets</name>

    <set-method>addUpgradePlugin</set-method>

    <type>org.exoplatform.platform.upgrade.plugins.UpgradeLocalGadgetsPlugin</type>

    <description>Gadgets Upgrade Plugin</description>

    <init-params>

        <value-param>

            <name>product.group.id</name>

            <description>The groupId of the product</description>

            <value>org.exoplatform.platform</value>

        </value-param>

        <!--value-param>

            <name>plugin.execution.order</name>

            <description>The plugin execution order</description>

            <value>1</value>

        </value-param-->

        <object-param>

            <name>eventslist</name>

            <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

                <field name="name">

                    <string>eventslist</string>

                </field>

                <field name="path">

                    <string>war:/gadgets/events/Events.xml</string>

                </field>

            </object>

        </object-param>

        <object-param>

            <name>taskslist</name>

            <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

                <field name="name">

                    <string>taskslist</string>

                </field>

                <field name="path">

                    <string>war:/gadgets/tasks/Tasks.xml</string>

                </field>

            </object>

        </object-param>

        <object-param>

            <name>messageslist</name>

            <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

                <field name="name">

                    <string>messageslist</string>

                </field>

                <field name="path">

                    <string>war:/gadgets/messages/Messages.xml</string>

                </field>

            </object>

        </object-param>

        <object-param>

            <name>To-do</name>

            <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

                <field name="name">

                    <string>To-do</string>

                </field>

                <field name="path">

                    <string>war:/gadgets/Todo/Todo.xml</string>

                </field>

            </object>

        </object-param>

        <object-param>

            <name>Calendar</name>

            <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

                <field name="name">

                    <string>Calendar</string>

                </field>

                <field name="path">

                    <string>war:/gadgets/Calendar/Calendar.xml</string>

                </field>

            </object>

        </object-param>

        <object-param>

            <name>Calculator</name>

            <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

                <field name="name">

                    <string>Calculator</string>

                </field>

                <field name="path">

                    <string>war:/gadgets/Calculator/Calculator.xml</string>

                </field>

            </object>

        </object-param>

        <object-param>

            <name>rssAggregator</name>

            <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

                <field name="name">

                    <string>rssAggregator</string>

                </field>

                <field name="path">

                    <string>war:/gadgets/rssAggregator/rssAggregator.xml</string>

                </field>

            </object>

        </object-param>

        <object-param>

            <name>IDE</name>

            <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

                <field name="name">

                    <string>IDE</string>

                </field>

                <field name="path">

                    <string>war:/ide.xml</string>

                </field>

            </object>

        </object-param>

        <object-param>

            <name>lastpost</name>

            <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

                <field name="name">

                    <string>lastpost</string>

                </field>

                <field name="path">

                    <string>war:/gadgets/lastpost/Lastpost.xml</string>

                </field>

            </object>

        </object-param>

        <object-param>

            <name>pollslist</name>

            <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

                <field name="name">

                    <string>pollslist</string>

                </field>

                <field name="path">

                    <string>war:/gadgets/polls/Polls.xml</string>

                </field>

            </object>

        </object-param>

        <object-param>

            <name>Activities</name>

            <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

                <field name="name">

                    <string>Activities</string>

                </field>

                <field name="path">

                    <string>war:/gadgets/Activities/Activities.xml</string>

                </field>

            </object>

        </object-param>

        <object-param>

            <name>ViewerFriends</name>

            <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

                <field name="name">

                    <string>ViewerFriends</string>

                </field>

                <field name="path">

                    <string>war:/gadgets/ViewerFriends/ViewerFriends.xml</string>

                </field>

            </object>

        </object-param>

        <object-param>

            <name>SocialRssReader</name>

            <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

                <field name="name">

                    <string>SocialRssReader</string>

                </field>

                <field name="path">

                    <string>war:/gadgets/SocialRssReader/SocialRssReader.xml</string>

                </field>

            </object>

        </object-param>

        <object-param>

            <name>MySpaces</name>

            <object type="org.exoplatform.platform.upgrade.plugins.GadgetUpgrade">

                <field name="name">

                    <string>MySpaces</string>

                </field>

                <field name="path">

                    <string>war:/gadgets/MySpaces/MySpaces.xml</string>

                </field>

            </object>

        </object-param>

    </init-params>

</component-plugin>

Portal navigation

WCM contents 




<component-plugin>

    <name>Upgrade-WCM-Contents</name>

    <set-method>addUpgradePlugin</set-method>

    <type>org.exoplatform.platform.upgrade.plugins.UpgradeContentPlugin</type>

    <description>WCM Contents Upgrade Plugin</description>

    <init-params>

        <value-param>

            <name>product.group.id</name>

            <description>The groupId of the product</description>

            <value>org.exoplatform.platform</value>

        </value-param>

        <value-param>

            <name>plugin.execution.order</name>

            <description>The plugin execution order</description>

            <value>4</value>

        </value-param>

        <values-param>

            <name>webapps-mames</name>

            <description>webapps to upgrade</description>

            <value>acme-intranet</value>

            <value>acme-intranet-portlet</value>

            <value>acme-website</value>

            <value>acme-websiteResources</value>

            <value>authoring-apps</value>

            <value>calendar</value>

            <value>chat</value>

            <value>chatbar</value>

            <value>cometd</value>

            <value>commons-extension</value>

            <value>CommonsResources</value>

            <value>contact</value>

            <value>content</value>

            <value>crash</value>

            <value>cs-extension</value>

            <value>csResources</value>

            <value>dashboard</value>

            <value>default-website</value>

            <value>ecm-wcm-core</value>

            <value>ecm-wcm-extension</value>

            <value>ecmadmin</value>

            <value>ecmbrowsecontent</value>

            <value>ecmexplorer</value>

            <value>ecmworkflow-extension</value>

            <value>exo-gadget-resources</value>

            <value>exoadmin</value>

            <value>eXoDMSGadgets</value>

            <value>eXoDMSResources</value>

            <value>eXoGadgets</value>

            <value>eXoGadgetServer</value>

            <value>eXoPlatformResources</value>

            <value>eXoResources</value>

            <value>eXoStaticResources</value>

            <value>eXoWCMResources</value>

            <value>eXoWorkflowResources</value>

            <value>faq</value>

            <value>fck</value>

            <value>formgenerator</value>

            <value>forum</value>

            <value>gadget-pack</value>

            <value>IDE</value>

            <value>intranet-gadget</value>

            <value>ks-extension</value>

            <value>ksResources</value>

            <value>mail</value>

            <value>newsletter</value>

            <value>platform-extension</value>

            <value>platformNavigation</value>

            <value>poll</value>

            <value>portal</value>

            <value>presentation</value>

            <value>rest</value>

            <value>searches</value>

            <value>seo</value>

            <value>SmartGWT</value>

            <value>social</value>

            <value>social-extension</value>

            <value>social-portlet</value>

            <value>social-resources</value>

            <value>web</value>

            <value>webos-ext</value>

            <value>webosadmin</value>

            <value>webosResources</value>

            <value>wiki</value>

            <value>workflow</value>

        </values-param>

    </init-params>

</component-plugin>

JCR user directory structure

This plugin is built-in in JCR that provides an option for migrating old JCR users directory structure to new JCR users directory structure. This allows you to improve performance when having a lot of users in database.

For example, the table below shows the difference in response time of eXo Platform 3.5 (new user directory structure) against eXo Platform 3.0 (old user directory structure) while performing some actions:

Number of users Type Account & Login Load Intranet Welcome Page Load /portal/rest/jcr/repository/collaboration/Users Load User Private JCR Folder
500 13.61% -20.83% -30.12% 14.29%
1000 8.82% -25.00% -86.06% 8.96%
2000 0.20% -29.63% -93.89% -1.37%
5000 -4.30% -33.93% -95.45% -10.67%

Formula: (Platform 3.5 value - Platform 3.0 value) * 100 / Platform 3.0 value (negative value means better).

It can be seen that with a larger number of users, the new user directory structure performs faster than the old one, especially when accessing the user directory directly.

To enable the migration, set these 2 flags in the $PLF-3.5-TOMCAT_HOME/gatein/conf/configuration.properties file (or $PLF-3.5-JBOSS_HOME/server/default/conf/gatein/configuration.properties) as below:

use-old-user-distribution=false
run-jcr-user-directories-migrate=true

JCR user directory structure migration will take much time, so you need to increase the JCR session time-out. Measure the amount of data in your current eXo Platform 3.0 and use a right session time-out. For example, if there are 1000 users in current eXo Platform 3.0, you should set configuration in the $PLF-3.5-TOMCAT_HOME/gatein/conf/configuration.properties (or $PLF-3.5-JBOSS_HOME/server/default/conf/gatein/configuration.properties) file as below:

gatein.jcr.transaction.timeout=10000

The time you need to migrate the JCR user directories structure depends on the amount of eXo Platform user data and your system speed. This migration also consumes memory, so you need to make sure to have enough resource on your server and configure enough memory to update the Xmx Java option (in the $PLF3.5-TOMCAT_HOME/bin/setenv.sh or $PLF-3.5-JBOSS_HOME/bin/run.conf file) before running. For example, you can use 6 Gigabyte RAM to migrate 5000 users.

Chapter 9. Organization Integration

The eXo Platform integration with another systems is very important. To make eXo Platform work with predefined organizational data properly, it is necessary to initialize some backend settings for each organizational element. Operations involved in synchronizing eXo Platform's backend settings with the organizational entities are called organizational model integration.

By default, the integration with an enteprise directory is done via picketlink IDM. You can refer to PicketLink IDM Integration chapter for details. The goal of this chapter is to instruct you how to connect eXo Platform to a populated organizational data source, such as LDAP Server, MS ActiveDirectory, or Database, through the following topics:

Before learning about how to integrate the organizational model, you should be aware of the following terms:

When an external organizational data source (LDAP server, MS ActiveDirectory) is used, eXo Platform must be notified of any changes on organizational entities, including addition, deletion and update. These changes are reflected in the backend settings of eXo Platform. These notifications are performed thanks to several means provided by eXo Platform. Pick up one of the following use cases related to your needs.

Pick up one of the following use cases of integration execution related to your needs.

At the start-up of eXo Platform, all groups are synchronized. This means that the groups which have been added/deleted will be integrated. This operation is mandatory because some of eXo Platform features require some system groups to be integrated, such as the system group of Social spaces.

In case you want to disable groups synchronization at start-up, and proceed manually to the system groups synchronization, you must modify an init param of OrganizationIntegrationService:




<component>

  <type>org.exoplatform.platform.organization.integration.OrganizationIntegrationService</type>

  <init-params>

    ...

    <value-param>

      <name>synchronizeGroups</name>

      <value>false</value>

    </value-param>

  </init-params>

</component>

Once users have logged in, their profile, memberships and related groups will be auto-synchronized. Also, administrators can activate the synchronization process manually without depending on the users' login. (See the next sections for more details).

You could enforce the integration of some organizational elements via REST or JMX. See the operations you can perform in the following table.

OperationDescription
invokeAllListenersSynchronize and integrate all organizational elements.
invokeGroupsListenersSynchronize and integrate all groups stored in the data source.
invokeGroupListenersSynchronize and integrate a selected group stored in the data source.
invokeUsersListenersSynchronize and integrate all users stored in the data source.
invokeUserListenersSynchronize and integrate a selected user stored in the data source.
invokeMembershipListenersSynchronize and integrate a specific membership.

Note

For invokeAllListeners, invokeGroupsListeners and invokeUsersListeners, it may take few hours if the organizational data source contains thousands of users.

You can select the periodic integration of the whole organizational elements which are not integrated yet. This feature is not activated automatically in the eXo Platform distribution. To do so, you will have to add this configuration: 




<external-component-plugins>

  <target-component>org.exoplatform.services.scheduler.JobSchedulerService</target-component>

    <component-plugin>

        <name>OrgInitializerCronJob</name>

        <set-method>addCronJob</set-method>

        <type>org.exoplatform.services.scheduler.CronJob</type>

        <description>Schedule the organization integration operation</description>

        <init-params>

            <properties-param>

                <name>cronjob.info</name>

                <description>Invoke initializer periodically</description>

                <property name="jobName" value="OrgInitializerCronJob"/>

                <property name="groupName" value="group"/>

                <property name="job" value="org.exoplatform.platform.organization.integration.OrganizationIntegrationJob"/>

                <property name="expression" value="0 45 23 * * ? *"/>

            </properties-param>

        </init-params>

    </component-plugin>

</external-component-plugins>

You need to modify the expression property value to change the period according to the CRON Expression documentation. The value presented above means that this job is executed at 23:45:00 everyday.

The organization integration management API is also exposed as REST. You need to login as an administrator first, then use one of those links:

Para-valueDescription
USERNAMESelect a username.
EVENT

Select one of the following values.

- ADDED - Select this option if the user is not yet integrated into eXo Platform. This will integrate the use and his/her memberships and groups.

- UPDATED - Select this option if the user field or membership has been modified/added/deleted. This will update the user profiles integrated into eXo Platform and all related memberships.

- DELETED - Select this option if the user has been deleted from the organization data source. So the user profile will be deleted from eXo Platform.

Para-valueDescription
EVENT

Select one of the following values:

- ADDED - Search for users who are added to the Organization data source, but not yet integrated. Those users will then be synchronized.

- UPDATED - Search for users that are present in the Organization data source and already integrated into eXo Platform. Those profiles will be updated.

- DELETED - Search for users that are deleted from the Organization data source, but their profiles are still always existing in eXo Platform. Those profiles are then deleted.

Also, you can request for synchronizing all users.

Para-valueDescription
GROUP_IDSelect a groupId, such as /platform/users.
EVENT

Select one of the following values:

- ADDED - Select this option if the group is not yet integrated into eXo Platform. This will integrate the group.

- UPDATED - This option is not used any longer.

- DELETED - Select this option if the group has been deleted from Organization data source. The group profile is then deleted from eXo Platform.

Para-valueDescription
EVENT

Select one of the following values:

- ADDED - Search for groups that are added to the Organization data source, but not yet integrated into eXo Platform. Those groups will be integrated.

- UPDATED: This option is not used any longer.

- DELETED - Search for groups that are deleted from the Organization data source, but their profiles are still existed in eXo Platform. Those profiles are then deleted.

You can also request for synchronizing all groups.

Para-valueDescription
GROUP_IDSelect a groupId, such as /platform/users.
USERNAMESelect a username.
EVENT

Select one of the following values:

- ADDED - Search for memberships that are added to the Organization data source, but not yet integrated into eXo Platform. Those memberships will be integrated.

- UPDATED - This option is not used any longer.

- DELETED - Search for memberships that are deleted from the Organization data source. This will synchronize user's memberships related to the selected group.

To access the Integration Service features via JMX, you can use JMX-compliant monitoring tools, such as JConsole. The name of the MBean is: exo:portal="portal",service=extensions,name=OrganizationIntegrationService,type=platform.

If you used one of those Organization Data Models.

in a previous version of eXo Platform, you will be able to keep working with them on eXo Platform 3.5.

Configure Legacy Organization Services

1. Add a new file named configuration.xml in ${exo.conf.dir.name}/portal/portal/ with the following configuration.




<configuration xmlns="http://www.exoplaform.org/xml/ns/kernel_1_2.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.exoplaform.org/xml/ns/kernel_1_2.xsd http://www.exoplaform.org/xml/ns/kernel_1_2.xsd">

           

    <import>legacy-organization-configuration.xml</import>

    

    <!-- Remove unnecessary Picket LINK Services -->

    <remove-configuration>org.exoplatform.services.organization.idm.PicketLinkIDMCacheService</remove-configuration>

    <remove-configuration>org.exoplatform.services.organization.idm.PicketLinkIDMService</remove-configuration>

</configuration>

2. Add a new file named legacy-organization-configuration.xml in ${exo.conf.dir.name}/portal/portal with one of the contents below.

Hibernate Organization Service configuration 




<configuration xmlns="http://www.exoplaform.org/xml/ns/kernel_1_2.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.exoplaform.org/xml/ns/kernel_1_2.xsd http://www.exoplaform.org/xml/ns/kernel_1_2.xsd">

  <component>

    <key>org.exoplatform.services.organization.OrganizationService</key>

    <type>org.exoplatform.services.organization.hibernate.OrganizationServiceImpl</type>

  </component>

  <external-component-plugins>

    <target-component>org.exoplatform.services.database.HibernateService</target-component>

    <component-plugin> 

      <name>add.hibernate.mapping</name>

      <set-method>addPlugin</set-method>

      <type>org.exoplatform.services.database.impl.AddHibernateMappingPlugin</type>

      <init-params>

        <values-param>

          <name>hibernate.mapping</name>

          <value>org/exoplatform/services/organization/impl/UserImpl.hbm.xml</value>

          <value>org/exoplatform/services/organization/impl/MembershipImpl.hbm.xml</value>

          <value>org/exoplatform/services/organization/impl/GroupImpl.hbm.xml</value>

          <value>org/exoplatform/services/organization/impl/MembershipTypeImpl.hbm.xml</value>

          <value>org/exoplatform/services/organization/impl/UserProfileData.hbm.xml</value>

        </values-param>

      </init-params>

    </component-plugin>

  </external-component-plugins>

  <import>classpath:/conf/portal/organization-configuration.xml</import>    

</configuration>  

LDAP Organization Service configuration 




<configuration xmlns="http://www.exoplaform.org/xml/ns/kernel_1_2.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.exoplaform.org/xml/ns/kernel_1_2.xsd http://www.exoplaform.org/xml/ns/kernel_1_2.xsd">

    <component>

        <key>org.exoplatform.services.ldap.LDAPService</key>

        <type>org.exoplatform.services.ldap.impl.LDAPServiceImpl</type>

        <init-params>

            <object-param>

                <name>ldap.config</name>

                <description>Default ldap config</description>

                <object type="org.exoplatform.services.ldap.impl.LDAPConnectionConfig">         

                    <field name="providerURL"><string>ldap://127.0.0.1:389,10.0.0.1:389</string></field>

                    <field name="rootdn"><string>CN=Manager,DC=exoplatform,DC=org</string></field>

                    <field name="password"><string>secret</string></field>          

                    <field name="version"><string>3</string></field>

                    <field name="minConnection"><int>5</int></field>

                    <field name="maxConnection"><int>10</int></field>       

                    <field name="referralMode"><string>follow</string></field>  

                    <field name="serverName"><string>default</string></field>

                </object>

            </object-param>

        </init-params>

    </component>

    <component>

        <key>org.exoplatform.services.organization.OrganizationService</key>

        <type>org.exoplatform.services.organization.ldap.OrganizationServiceImpl</type>

        <component-plugins>

            <component-plugin>

                <name>init.service.listener</name>

                <set-method>addListenerPlugin</set-method>

                <type>org.exoplatform.services.organization.ldap.OrganizationLdapInitializer</type>

                <description>this listener populate organization ldap service create default dn</description>      

            </component-plugin>  

        </component-plugins> 

        <init-params>

            <value-param>

                <name>ldap.userDN.key</name>

                <description>The key used to compose user DN</description>

                <value>cn</value>

            </value-param>

            <object-param>

                <name>ldap.attribute.mapping</name>

                <description>ldap attribute mapping</description>

                <object type="org.exoplatform.services.organization.ldap.LDAPAttributeMapping">                

                    <field name="userLDAPClasses"><string>top,person,organizationalPerson,inetOrgPerson</string></field>

                    <field name="profileLDAPClasses"><string>top,organizationalPerson</string></field>

                    <field name="groupLDAPClasses"><string>top,organizationalUnit</string></field>

                    <field name="membershipTypeLDAPClasses"><string>top,organizationalRole</string></field>

                    <field name="membershipLDAPClasses"><string>top,groupOfNames</string></field>

                    <field name="baseURL"><string>dc=exoplatform,dc=org</string></field>

                    <field name="groupsURL"><string>ou=groups,ou=portal,dc=exoplatform,dc=org</string></field>

                    <field name="membershipTypeURL"><string>ou=memberships,ou=portal,dc=exoplatform,dc=org</string></field>

                    <field name="userURL"><string>ou=users,ou=portal,dc=exoplatform,dc=org</string></field>

                    <field name="profileURL"><string>ou=profiles,ou=portal,dc=exoplatform,dc=org</string></field>

                    <field name="userUsernameAttr"><string>uid</string></field>

                    <field name="userPassword"><string>userPassword</string></field>

                    <field name="userFirstNameAttr"><string>givenName</string></field>

                    <field name="userLastNameAttr"><string>sn</string></field>

                    <field name="userDisplayNameAttr"><string>displayName</string></field>

                    <field name="userMailAttr"><string>mail</string></field>

                    <field name="userObjectClassFilter"><string>objectClass=person</string></field>

                    <field name="membershipTypeMemberValue"><string>member</string></field>

                    <field name="membershipTypeRoleNameAttr"><string>cn</string></field>

                    <field name="membershipTypeNameAttr"><string>cn</string></field>

                    <field name="membershipTypeObjectClassFilter"><string>objectClass=organizationalRole</string></field>

                    <field name="membershiptypeObjectClass"><string>organizationalRole</string></field>

                    <field name="groupObjectClass"><string>organizationalUnit</string></field>

                    <field name="groupObjectClassFilter"><string>objectClass=organizationalUnit</string></field>

                    <field name="membershipObjectClass"><string>groupOfNames</string></field>

                    <field name="membershipObjectClassFilter"><string>objectClass=groupOfNames</string></field>

                    <field name="ldapCreatedTimeStampAttr"><string>createdTimeStamp</string></field>

                    <field name="ldapModifiedTimeStampAttr"><string>modifiedTimeStamp</string></field>

                    <field name="ldapDescriptionAttr"><string>description</string></field>

                </object>

            </object-param>

        </init-params>     

    </component>



    <external-component-plugins>

        <target-component>org.exoplatform.services.database.HibernateService</target-component>

        <component-plugin> 

            <name>add.hibernate.mapping</name>

            <set-method>addPlugin</set-method>

            <type>org.exoplatform.services.database.impl.AddHibernateMappingPlugin</type>

            <init-params>

                <values-param>

                    <name>hibernate.mapping</name>          

                    <value>org/exoplatform/services/organization/impl/UserProfileData.hbm.xml</value>

                </values-param>

            </init-params>

        </component-plugin>

    </external-component-plugins>

</configuration>

AD Organization Service configuration 




<configuration xmlns="http://www.exoplaform.org/xml/ns/kernel_1_2.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.exoplaform.org/xml/ns/kernel_1_2.xsd http://www.exoplaform.org/xml/ns/kernel_1_2.xsd">

  <component>

    <key>org.exoplatform.services.ldap.LDAPService</key>

    <type>org.exoplatform.services.ldap.impl.LDAPServiceImpl</type>

    <init-params>

      <object-param>

        <name>ldap.config</name>

        <description>Default ldap config</description>

        <object type="org.exoplatform.services.ldap.impl.LDAPConnectionConfig">

          <field name="providerURL"><string>ldap://192.168.2.88:389</string></field>

          <field name="rootdn"><string>CN=Administrator,CN=Users, DC=exoplatform,DC=org</string></field>

          <field name="password"><string>Secret1234</string></field>

          <field name="version"><string>3</string></field>

          <field name="minConnection"><int>5</int></field>

          <field name="maxConnection"><int>10</int></field>

          <field name="referralMode"><string>ignore</string></field>

          <field name="serverName"><string>active.directory</string></field>

        </object>

      </object-param>

    </init-params>

  </component>

  <component>

    <key>org.exoplatform.services.organization.OrganizationService</key>

    <type>org.exoplatform.services.organization.ldap.OrganizationServiceImpl</type>

    <component-plugins>

      <component-plugin>

        <name>init.service.listener</name>

        <set-method>addListenerPlugin</set-method>

        <type>org.exoplatform.services.organization.ldap.OrganizationLdapInitializer</type>

        <description>this listener populate organization ldap service create default dn</description>

      </component-plugin>

    </component-plugins>

    <init-params>

      <object-param>

        <name>ldap.attribute.mapping</name>

        <description>ldap attribute mapping</description>

        <object type="org.exoplatform.services.organization.ldap.LDAPAttributeMapping">

          <field name="userLDAPClasses"><string>top,person,organizationalPerson,user</string></field>

          <field name="profileLDAPClasses"><string>top,organizationalPerson</string></field>

          <field name="groupLDAPClasses"><string>top,organizationalUnit</string></field>

          <field name="membershipTypeLDAPClasses"><string>top,group</string></field>

          <field name="membershipLDAPClasses"><string>top,group</string></field>

          <field name="baseURL"><string>DC=test,DC=man</string></field>

          <field name="groupsURL"><string>ou=groups,ou=portal,DC=test,DC=man</string></field>

          <field name="membershipTypeURL"><string>ou=memberships,ou=portal,DC=test,DC=man</string></field>

          <field name="userURL"><string>ou=users,ou=portal,DC=test,DC=man</string></field>

          <field name="profileURL"><string>ou=profiles,ou=portal,DC=test,DC=man</string></field>

          <field name="userUsernameAttr"><string>sAMAccountName</string></field>

          <field name="userPassword"><string>unicodePwd</string></field>

          <field name="userFirstNameAttr"><string>givenName</string></field>

          <field name="userLastNameAttr"><string>sn</string></field>

          <field name="userDisplayNameAttr"><string>displayName</string></field>

          <field name="userMailAttr"><string>mail</string></field>

          <field name="userObjectClassFilter"><string>objectClass=user</string></field>

          <field name="membershipTypeMemberValue"><string>member</string></field>

          <field name="membershipTypeRoleNameAttr"><string>cn</string></field>

          <field name="membershipTypeNameAttr"><string>cn</string></field>

          <field name="membershipTypeObjectClassFilter"><string>objectClass=group</string></field>

          <field name="membershiptypeObjectClass"><string>group</string></field>

          <field name="groupObjectClass"><string>organizationalUnit</string></field>

          <field name="groupObjectClassFilter"><string>objectClass=organizationalUnit</string></field>

          <field name="membershipObjectClass"><string>group</string></field>

          <field name="membershipObjectClassFilter"><string>objectClass=group</string></field>

          <field name="ldapCreatedTimeStampAttr"><string>createdTimeStamp</string></field>

          <field name="ldapModifiedTimeStampAttr"><string>modifiedTimeStamp</string></field>

          <field name="ldapDescriptionAttr"><string>description</string></field>

        </object>

      </object-param>

    </init-params>

  </component>

  <external-component-plugins>

    <target-component>org.exoplatform.services.database.HibernateService</target-component>

    <component-plugin>

      <name>add.hibernate.mapping</name>

      <set-method>addPlugin</set-method>

      <type>org.exoplatform.services.database.impl.AddHibernateMappingPlugin</type>

      <init-params>

        <values-param>

          <name>hibernate.mapping</name>

          <value>org/exoplatform/services/organization/impl/UserProfileData.hbm.xml</value>

        </values-param>

      </init-params>

    </component-plugin>

  </external-component-plugins>

</configuration>