Red paper IBM Lotus Domino no
advertisement
Front cover
IBM Lotus Domino
no
Application Portlet
Configuration and Tips
Configuration and authentication
Parsers and rulesets
Examples and sample code
Thomas Delahunty
Kornelius Elstner
James Ryan
Katherine Sewell
ibm.com/redbooks
Redpaper
International Technical Support Organization
IBM Lotus Domino Application Portlet
Configuration and Tips
December 2004
Note: Before using this information and the product it supports, read the information in “Notices” on page v.
First Edition (December 2004)
This edition applies to Version 1.0 and Version 1.1 of the Domino Application Portlet
© Copyright International Business Machines Corporation 2004. All rights reserved.
Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule
Contract with IBM Corp.
Contents
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .v
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Become a published author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Comments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Chapter 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.1 Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.1.1 Setup if you have installed Domino Extended Product portlets . . . . . . . . . . . . . . .
1.2 Configuration options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2.1 Source and Display tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2.2 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2.3 Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2.4 Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3 Edit options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1
2
2
3
3
4
5
6
6
Chapter 2. Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.1 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.2 No authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.3 Basic authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.4 Session based authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.5 Single sign on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.5.1 Single sign on setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.6 Credential vault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.6.1 System slot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.6.2 Shared slot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.6.3 Private slot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Chapter 3. Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.1 Types of caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.2 Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.3 Cacheable objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.4 Cache size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.5 Using caching to improve DAP performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
15
16
16
18
19
19
Chapter 4. Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.1 Regular expression parser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.1.1 Input expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.1.2 Output functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.1.3 Output expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.1.4 Blocks within the expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.1.5 Process for applying regular expression rules . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.2 HTML parser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.2.1 Input expression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.2.2 Output expression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.2.3 Output functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.2.4 Process for applying HTML rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.3 Correlation between the rulesets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
21
22
22
23
24
24
25
27
28
28
28
29
30
© Copyright IBM Corp. 2004. All rights reserved.
iii
Chapter 5. Samples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.1 Setting up Domino. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.2 Setting up DAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.2.1 Install portlet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.2.2 Create page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.2.3 Add portlet to page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.2.4 Initialize portlet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.3 Exploring the application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.4 Fixing the icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.5 TCP/IP trace proxies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.6 Fixing the greedy information page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.7 Switching to the HTML parser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.8 Escalating security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.9 Another sample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
33
34
34
34
34
34
35
36
37
39
40
41
42
44
Chapter 6. Updates to Domino Application Portlet 1.1 . . . . . . . . . . . . . . . . . . . . . . . . .
6.1 Debug tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.2 Error reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.3 Customized rule sets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.4 Support for Domino Web Access (iNotes) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.5 Selective MIME types for Rules tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.6 Output functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.7 Performance improvements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.8 Default to user’s mail file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.9 New URL re-writing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
49
50
51
52
52
52
52
53
53
54
Appendix A. Known issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A.1 Anonymous access issue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A.2 Maximize portlet issue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A.3 Refresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A.4 Language version issue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A.5 New window opening in Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A.6 Alignment in BIDI language configuration and edit modes . . . . . . . . . . . . . . . . . . . . . .
A.7 Richtext applet icons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A.8 Configuration performance (WPS 5.0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A.9 Configuration performance (WPS 4.1.2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A.10 Load issue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A.11 Table properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A.12 Domino Web Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
55
56
56
56
56
56
57
57
57
57
57
57
58
Appendix B. Additional material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Locating the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Using the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Online resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How to get IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Help from IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
iv
IBM Lotus Domino Application Portlet: Configuration and Tips
61
61
61
61
61
Notices
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult
your local IBM representative for information on the products and services currently available in your area. Any
reference to an IBM product, program, or service is not intended to state or imply that only that IBM product,
program, or service may be used. Any functionally equivalent product, program, or service that does not
infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to
evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document. The
furnishing of this document does not give you any license to these patents. You can send license inquiries, in
writing, to:
IBM Director of Licensing, IBM Corporation, North Castle Drive Armonk, NY 10504-1785 U.S.A.
The following paragraph does not apply to the United Kingdom or any other country where such provisions are
inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS
PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of
express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made
to the information herein; these changes will be incorporated in new editions of the publication. IBM may make
improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time
without notice.
Any references in this information to non-IBM Web sites are provided for convenience only and do not in any
manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the
materials for this IBM product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring
any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, their published
announcements or other publicly available sources. IBM has not tested those products and cannot confirm the
accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the
capabilities of non-IBM products should be addressed to the suppliers of those products.
This information contains examples of data and reports used in daily business operations. To illustrate them
as completely as possible, the examples include the names of individuals, companies, brands, and products.
All of these names are fictitious and any similarity to the names and addresses used by an actual business
enterprise is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrates programming
techniques on various operating platforms. You may copy, modify, and distribute these sample programs in
any form without payment to IBM, for the purposes of developing, using, marketing or distributing application
programs conforming to the application programming interface for the operating platform for which the sample
programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore,
cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy, modify, and
distribute these sample programs in any form without payment to IBM for the purposes of developing, using,
marketing, or distributing application programs conforming to IBM's application programming interfaces.
© Copyright IBM Corp. 2004. All rights reserved.
v
Trademarks
The following terms are trademarks of the International Business Machines Corporation in the United States,
other countries, or both:
ibm.com®
iNotes™
Domino®
IBM®
Lotus®
Redbooks™
Redbooks (logo)
WebSphere®
Workplace™
™
The following terms are trademarks of other companies:
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems,
Inc. in the United States, other countries, or both.
Linux is a trademark of Linus Torvalds in the United States, other countries, or both.
Other company, product, and service names may be trademarks or service marks of others.
vi
IBM Lotus Domino Application Portlet: Configuration and Tips
Preface
This IBM® Redpaper discusses the Domino® Access Portlet.
WebSphere® Portal is a complete portal solution. It provides customers with integrated
content and applications in addition to a unified, collaborative workplace. Domino is a
comprehensive application platform. Customers have invested heavily to exploit the power of
Domino in developing proprietary applications. As a result they are understandably reluctant
to start again and move towards the benefits of a portal environment. The main question
asked by such customers is how do we move our Domino applications into a portal. Domino
Application Portlet (DAP) provides the solution. It facilitates the easy integration of Domino
Web Applications into a portal server. This paper will describe DAP in detail and will give
practical examples on configuring and customizing this portlet.
Become a published author
Join us for a two- to six-week residency program! Help write an IBM Redbook dealing with
specific products or solutions, while getting hands-on experience with leading-edge
technologies. You'll team with IBM technical professionals, Business Partners and/or
customers.
Your efforts will help increase product acceptance and customer satisfaction. As a bonus,
you'll develop a network of contacts in IBM development labs, and increase your productivity
and marketability.
Find out more about the residency program, browse the residency index, and apply online at:
ibm.com/redbooks/residencies.html
Comments welcome
Your comments are important to us!
We want our papers to be as helpful as possible. Send us your comments about this
Redpaper or other Redbooks™ in one of the following ways:
Use the online Contact us review redbook form found at:
ibm.com/redbooks
Send your comments in an email to:
redbook@us.ibm.com
Mail your comments to:
IBM Corporation, International Technical Support Organization
Dept. JLU Mail Station P099
2455 South Road
Poughkeepsie, New York 12601-5400
© Copyright IBM Corp. 2004. All rights reserved.
vii
viii
IBM Lotus Domino Application Portlet: Configuration and Tips
1
Chapter 1.
Introduction
The Domino Application Portlet (DAP) integrates the content and technology of existing
Domino Web Applications into the Portal environment. It allows customers to insert these
existing applications into portlets and display them on a portal server with minimal
development effort. Most importantly, it renders the portlets of the Domino Web application
within the context of the portal, thereby keeping the user within the context and navigational
scheme of the portal.
The Domino Application Portlet acts like a reverse proxy, proxying the content from the back
end servers through to the browser. It appears to the browser to be the real content server.
The Domino Application Portlet (DAP) channels all requests from the user client (browser)
through the portal and on to the Domino HTTP server in the back end. The portlet contains an
iframe with an embedded servlet that is responsible for the actual connection and display of
the Domino content. It manages cookies, caching, user authentication, and framing.
Rules-based parsers rewrite the content produced by the Domino HTTP server.
This document explores the setup and configuration of DAP. The rest of this chapter
examines the basic setup and gives an overview of the configuration options available. This is
followed by a number of sections that provide a detailed examination of these options.
Chapter 5, “Samples” on page 33 contains two concrete examples that show how to setup
DAP and write rules that tailor it for your own application. Chapter 6, “Updates to Domino
Application Portlet 1.1” on page 49 discusses specific improvements and updates which have
been made in Version 1.1 of DAP, released in September of 2004. Finally there is a
description of some known problems we have discovered.
© Copyright IBM Corp. 2004. All rights reserved.
1
1.1 Setup
DAP is setup like any other portlet, the WAR file is installed and then the portlet is added to a
page1. To install DAP onto the portal server you must be logged in with administrator rights on
the Portal. An example of installing and setting up DAP is given in 5.2, “Setting up DAP” on
page 34.
Figure 1-1 Initial DAP window
1.1.1 Setup if you have installed Domino Extended Product portlets
The Domino 6.5.1 Extended Products portlets are an enhancement to the existing
WebSphere Portal Collaboration Center portlets and therefore offer the ability to integrate the
application functionality of the Domino 6.5.1 platform into a intelligent common user interface
served up by WebSphere Portal Server. One of the key portlets included with the Extended
Products Portlets included the Domino Application Portlet. Figure 1-2 on page 3 illustrates the
tabs where you would see the Domino Application portlet and shows a sample Domino Web
application being rendered through DAP.
Attention: If you want to learn more about installing and configuring the Domino Extended
Products portlets, refer to Chapter 8 within the redbook Domino 6.5.1 and Extended
Products: Integration Guide, SG24-6357.
http://www.redbooks.ibm.com/abstracts/sg246357.html
1
This is true for the standalone version available from the portlet catalog. However in Lotus® Workplace™ DAP is
installed with all the other portlets.
2
IBM Lotus Domino Application Portlet: Configuration and Tips
My Workplace Tab - access to fully integrated collaborative portlets
Domino Application Portlet
Figure 1-2 Domino Application Portlet included as an Extended Product Portlet
1.2 Configuration options
To configure the Domino Application Portlet you must have administrator access rights. The
configuration menu may be accessed by clicking the wrench icon in the upper right hand
corner of the portlet.
To configure the Domino Application portlet, complete the following steps:
1. Click the Configure portlet properties icon in the top-right area of the portlet window. This
icon looks like a wrench.
It contains four main tabs, which are:
Source and Display
Authentication
Caching
Rules
1.2.1 Source and Display tab
The source and display tab allows the user to define which Domino server and database the
portlet is to display (Domino Source Server options). In addition to this it also allows the user
to direct DAP to look for the Domino content via a proxy server. This is a useful feature if the
user wants to see what requests are being made by the portlet to the Domino server. Finally
this tab also lets the user configure the iframe in which the DAP portlet displays the Domino
content. The show in edit mode check box permits some of these options to be made
Chapter 1. Introduction
3
available to a normal portlet user in edit mode. So for example, a normal user could configure
a DAP portlet to point to his/her mail database without having to have administrator rights for
the portlet.
Figure 1-3 Source and Display UI
1.2.2 Authentication
The authentication settings may be modified on the authentication tab of the configuration
menu. These settings define the model DAP will use to authenticate with the Domino server
and also where in the Credential Vault the username and password may be found. A number
of options may be set including storage in the Credential Vault or use of Single Sign On. Note
if a user is required to enter a password (for example in Basic Authentication) this will need to
be done in the Edit settings. A more in-depth description of Authentication may be found in
Chapter 2, “Authentication” on page 9.
4
IBM Lotus Domino Application Portlet: Configuration and Tips
Figure 1-4 Authentication UI
1.2.3 Caching
Within the Caching tab settings that affect the storage of cached objects from DAP may be
set. While the browser has it’s own caching a user may also define a number of caching
mechanisms for the DAP portlet. Essentially these mechanisms define where and how
objects that are passed between Domino and DAP are stored. This caching takes place on
the Portal server and use of caching here prevents unnecessary calls to the Domino server. A
detailed description of the options here may be found in Chapter 3, “Caching” on page 15.
Figure 1-5 Caching UI
Chapter 1. Introduction
5
1.2.4 Rules
The rules tab defines the rules that are used to transform URLs and links in the Domino
content so that they point to DAP instead of to the Domino server. These rules come in two
forms that are mutually exclusive, Regular Expression Rules or HTML Rules. While there is
too much detail to go into here and a detailed explanation is given in Chapter 4, “Rules” on
page 21, the essential difference between the two is that Regular Expression Rules are very
flexible, but complicated. while HTML rules are simpler and faster, but less flexible.
Figure 1-6 Rules UI
1.3 Edit options
The edit options may be accessed by selecting the pencil icon in the top right hand corner on
the DAP portlet page.
Figure 1-7 Edit UI
The edit page is where a user must enter their Domino username and password if they are
using Basic or Session based authentication. This page also contains any of the options that
the Administrator decided to allow a normal user to configure. These may include the Domino
Database settings and the display settings.
6
IBM Lotus Domino Application Portlet: Configuration and Tips
Figure 1-8 Edit UI
Chapter 1. Introduction
7
8
IBM Lotus Domino Application Portlet: Configuration and Tips
2
Chapter 2.
Authentication
This chapter describes authentication models that the Domino Application Portlet (DAP) can
use to authenticate with the target Domino server. The following topics are addressed in
detail:
No authentication
Basic authentication
Session based authentication
Single sign on
Credential vault
© Copyright IBM Corp. 2004. All rights reserved.
9
2.1 Authentication
To modify the authentication settings click the wrench icon and then the authentication tab.
There are four different authentication models that the Domino Application Portlet (DAP) can
use to authenticate with the target Domino server. They are none, basic, session, and Single
Sign On (SSO).
Figure 2-1 Authentication UI
Domino may require either basic, session-based, or SSO authentication. It is possible to
authenticate by configuring the Domino Application Portlet with a lower model than the
Domino server requires. For example, you can authenticate against a Domino server
configured for single-session authentication by specifying Basic authentication in the Domino
Application Portlet. However, you should generally match the portlet authentication model
with the Domino server it is accessing.
2.2 No authentication
If the target server and database application does not require any authentication then the
none radio button should be selected. When selected, a DAP user will not be required to enter
their username and password in the portlet edit mode.
2.3 Basic authentication
Basic password authentication, also known as name-and-password authentication, uses
basic HTTP authentication schema to ask users for their names and passwords and then
verifies the accuracy of the passwords by checking them against a secure hash of the
password stored in Person documents in the Domino Directory. When set up for this, Domino
asks for a name and password only when a client tries to access a protected resource on the
server.
When connecting to Domino, DAP retrieves the username and password specified in the edit
mode of the portlet. It may also retrieve these values from a credential vault system slot, if this
type of slot is selected. Refer to 2.6.1, “System slot” on page 14 for further information
regarding this.
It then creates a header in the following format:
Header name:
Header value:
Authentication
Basic: Ghy753Jk03==??}
The header value contains the authentication model being used together with the
base64-encoding of the string username:password.
10
IBM Lotus Domino Application Portlet: Configuration and Tips
Upon receiving the request, Domino base64-decodes the string to reveal the username and
password, which it then validates.
2.4 Session based authentication
DAP also provides for session authentication. Session-based authentication differs from basic
password authentication in that the user name and password is replaced by a cookie. The
user name and password is sent over the network only the first time the user logs in to a
server. Thereafter the cookie is used for authentication.
When connecting to Domino, DAP constructs a URL using the connection settings specified
in the edit or config mode of the portlet.
Protocol
Host
http:// dominoserver.lan
Port
:80
Path and filename
/mail/userA.nsf
If session based authentication is enabled, then the initial request to Domino is modified to
append the username and password in the URL. The URL then becomes:
http://dominoserver.lan:80/mail/userA.nsf?Login\&use\\rname=userA\&password=password\&re
directto=/mail/userA.nsf
When Domino receives this request, it validates the username and password and sends back
a cookie called DomSessAuthId. This cookie is then used to authenticate the user on further
requests from DAP.
2.5 Single sign on
Single sign on (multi-server session-based authentication) allows Web users to log in once to
a Domino or WebSphere server, and then access any other Domino or WebSphere servers in
the same DNS domain that are enabled for single sign on (SSO) without having to log in
again. User Web browsers must have cookies enabled since the authentication token that is
generated by the server is sent to the browser in a cookie. You can set this up by creating a
domain-wide configuration document -the Web SSO Configuration document - in the Domino
Directory. You initialize the configuration document by importing LTPA keys from WebSphere
(you will need the password specified when generating the keys in WebSphere). When SSO
is enabled, the user will not be required to specify their credentials in edit mode of the portlet.
2.5.1 Single sign on setup
To configure SSO for WebSphere follow these steps:
1. Log on to the WebSphere Application Server Console.(Start → IBM → WebSphere →
Application Serverv5.0 → Administrative Console)
2. Go to Security → Authentication Mechanisms and click LTPA, as shown in Figure 2-2
on page 12.
3. Enter the password to be used, and a file name that will contain the exported key.
4. Press Export keys button.
Chapter 2. Authentication
11
Figure 2-2 WebSphere LTPA Configuration
To configure Domino follow these steps:
1. Launch the Domino Administrator application.
2. Open the current server document.
3. Press the Create Web (R5)... button then select SSO Configuration as shown in
Figure 2-3.
Figure 2-3 Domino SSO Configuration
4. Press the Keys... button, then select Import WebSphere LTPA Keys.
5. Specify the location of the key file that you exported the WebSphere LTPA key in the
previous step. (You may need to correct the LDAP realm, by adding a “\” (backslash)
before :389. See technotes Setting up SSO -- 1098010 Troubleshooting SSO -- 1158269).
6. Enter in a value for the DNS Domain value, (e.g., “.domain.com").
7. Enter in the value for the Domino Server Names. This should contain the name of the
current Domino server.
8. Give the SSO configuration a name (e.g., “LtpaToken").
9. Press the Save & Close button.
10.In the Current Server Document select the Internet Protocols tab, and then the Domino
Web Engine tab, as shown in Figure 2-4 on page 13.
12
IBM Lotus Domino Application Portlet: Configuration and Tips
Figure 2-4 Domino Server Configuration
11.For Session Authentication select Multiple Servers (SSO). For Web SSO
Configuration, select the name you entered in Step 8.
12.Save the document.
Finally, restart the Domino server, Application server, and Portal server. SSO is now enabled
between the WebSphere and Domino servers.
2.6 Credential vault
The Domino Application Portlet uses the WebSphere Portal credential vault to handle
authentication if the authentication model in Domino is basic or session-based. In such cases,
you will need to enter the slot type to be used. In addition, for system slots you must also
provide the slot name (identifier). If no authentication is used in Domino (anonymous access)
no credential vault settings are required.
If single sign on (SSO) is used in Domino, access is inherent in the SSO framework and no
credential vault settings are needed.The credential vault is organized as follows:
The portal administrator partitions the vault into several vault segments.
Vault segments can be created and configured only by portal administrators.
Each vault segment contains one or more vault slots. Vault slots are the “drawers” where
portlets, such as Domino Application Portlet, store and retrieve a user's credentials (for
example, login details). Each slot holds one credential.Domino Application Portlet uses the
default segment only. There are three different types of slots where credentials can be stored
and retrieved by DAP.
Chapter 2. Authentication
13
2.6.1 System slot
The credentials that are stored in a system slot can be accessed by all users and by all
portlets. The administrator sets the username and password in a new slot via the portlet
settings, as shown in Figure 2-5. (Note - this is from WebSphere Portal 5.0.)
Figure 2-5 Credential Vault Settings
To edit the Credential Vault settings:
Go to Administration → Access → Credential Vault
Select the option Add a vault slot. Please ensure that Vault slot is shared is checked.
Whatever slot name is used to create the slot must be entered as Slot identifier in the
Domino Application Portlet configuration display as shown in Figure 2-6.
Figure 2-6 System slot
2.6.2 Shared slot
Credentials that are stored in a shared slot are accessible by all Domino Application Portlet
instances for a given user. Users enter login information using the portlet's Edit mode.
Credential changes in one portlet instance are reflected in all other portlet instances for that
user.
2.6.3 Private slot
Credentials that are stored in a private slot are not accessible by all Domino Application
Portlet instances for a given user. They are only accessible by the user whilst accessing the
portlet instance that stored the credentials.
14
IBM Lotus Domino Application Portlet: Configuration and Tips
3
Chapter 3.
Caching
This chapter discusses caching options for the Domino Access Portlet. It discusses the
following topics in detail:
Access
Cacheable objects
Cache size
Using caching to improve DAP performance
© Copyright IBM Corp. 2004. All rights reserved.
15
3.1 Types of caching
To modify the caching settings click the wrench icon and then click the caching tab. The
manner in which cached objects are accessed in DAP depends on the caching type selected.
The different caching types include:
User and application (most secure)
Cached objects can be accessed only by the user who put them into the cache, and only
while accessing the current application.
User
Cached objects are shared by all applications, but can be accessed only by the user who
put them into the cache.
Application
Cached objects can be accessed by any user, but only while using the application that put
them into the cache.
Shared (least secure)
Cached objects can be accessed by any user or application, regardless of which
application or user put them into the cache.
3.2 Access
Figure 3-1 on page 17 shows how objects are accessible by different applications and users
depending on how they were cached. In this diagram there are three instances of DAP on a
particular server, D1, D2 and D3. On each instance of DAP there are various users accessing
them. For example, there are two users UserA (UA) and UserB (UB) accessing DAP
instance D1.
D1 - UA - The object is only accessible by user A whilst accessing DAP instance D1.
D1 - UA and D1 - UB - The object is accessible by user A or user B whilst accessing DAP
instance D1.
D1 - UA and D2 - UA The object is accessible by user A whilst accessing either DAP
instance D1 or D2.
16
IBM Lotus Domino Application Portlet: Configuration and Tips
Figure 3-1 Caching
Chapter 3. Caching
17
3.3 Cacheable objects
Here we choose what type of objects can be stored, and the part of the cache to store them.
The part of the cache to store the object is determined using the mime-type of the object, and
in the case of shared caching, the string defining the URL of the object. This helps you to limit
shared caching to objects that are common to all users. For example, you might enter /icons
to ensure that only objects whose URLs contain "/icons" will be stored in the shared cache.
The user also has an option to specify user-defined mime-types, in the situation that the list
provided is insufficient. The default caching configuration for DAP is shown in Figure 3-2.
Figure 3-2 Caching
Shared caching is selected.
All objects that have an image mime-type, and have an applet mime-type (not shown) are
cached in this part of the DAP cache.
There is a maximum of 100 objects in the cache. This is the maximum for all objects in all
parts of the DAP cache inclusive.
The maximum size of each object in the cache is set to 250 kb.
It is possible to select more than one part of the cache to be used, e.g., by selecting shared
and application caching. If an object qualifies to be cached into more than one part, order will
be used to decide.
18
IBM Lotus Domino Application Portlet: Configuration and Tips
The order is:
1.
2.
3.
4.
User and Application
User
Application
Shared
For example, if both "User and Application" and "Application" caching are selected, and an
object qualifies to be cached in both, "User and Application" will be chosen. This is because it
is more secure than "Application" caching.
3.4 Cache size
The maximum size of both the cache and the cached objects are configurable. The cache
operates in a Most Recently Used basis, whereby when the size of the cache has reached
its maximum, the object with the oldest accessed date is removed before adding a new
object. DAP also provides a Clear Cache button, which allows for the contents of the cache to
be deleted.
Figure 3-3 Clear Cache button
3.5 Using caching to improve DAP performance
The primary way to improve DAP performance using caching is to make use of the Shared
cache. The Shared cache will store objects that are accessible to all users on all DAP portlet
instances. For example, once a frequently requested image from Domino is stored in DAP’s
Shared cache by a particular user on a DAP instance, this image will be accessible by all
subsequent users on any DAP instance without the need to retrieve it from Domino again. If
we compare this with deciding to store objects in the user and application cache, a lot more
overhead is required. For each user accessing the same resource we must request it from
Domino and keep a copy of it in memory.
Another way to improve performance using caching is to carefully configure the maximum
size of the contents of the cache, and the maximum size of each object in the cache. Since
the objects are effectively cached in the Portal server's memory, allocation should be carefully
assigned if space is an issue.
Chapter 3. Caching
19
20
IBM Lotus Domino Application Portlet: Configuration and Tips
4
Chapter 4.
Rules
The Domino server provides the ability to allow users to browse Domino databases over the
Internet. Unfortunately, accessing Domino data through a Portal server does not work in the
same way as directly accessing it through an Internet browser. References to resources, such
as graphics and applets, and links to other pages are generally relative to the Domino
database. In order to access this data correctly through a Portal server these resources and
links need to be redirected through the portlet.
The Domino Application Portlet uses a parser to configure the content returned by Domino.
There are currently two available parsers: a Regular Expression parser and a HTML parser.
Each parser uses a set of rules to define the appropriate data transformations necessary to
redirect the application through the Portal.
The supplied rules are designed to cater to the four supported applications: mail, discussion,
teamroom and reservations. However, these rules can be configured, by the portlet
administrator, in order to tailor the portlet to support a new database application.
In this chapter, these topics are discussed in detail:
Regular expression parser
HTML parser
Correlation between the rulesets
© Copyright IBM Corp. 2004. All rights reserved.
21
4.1 Regular expression parser
The Regular Expression Parser makes use of the Jakarta regular expression parsing engine.
It treats the entire input (from Domino) HTML page as plain text and tries to match each
position to one of the defined rules.
The regular expressions are composed of an input expression and an output expression. The
input expression defines the content each rule is to search the text for.
4.1.1 Input expressions
The first component of a Regular Expression rule is the input expression. This expression
defines what the rule is to search for within the given input. Input expressions can either be
plain text, which will look for an exact match, or a regular expression to match when the
content you are trying to match can change. For example, an input expression of:
parent.window.location
This will only match that exact text. However, in most cases we are less sure of what the exact
text will be and need to use regular expression to deal with:
action="/mail/user1.nsf/83997d314a7eae6?ReadForm"
action="/mail/user2.nsf/83997d314a7eae6?ReadForm"
A separate rule is required for each case. However, this input expression:
action="(.*?)"
This will match all strings of the type action="<some text here>", which gives us much more
flexibility and power when writing rules.
Regular expressions
The main matching operators used in the current ruleset are:
(
Start a grouping of operators
.
Match any character
*
Zero or more times
?
Use minimum (reluctant) matching
)
End the grouping of operators
|
Logical OR
[]
Character class
^
Beginning of a string. If within character class, then
signifies logical NOT
Actually, the exact input expression parent.window.location,will not match instances of
"parent.window.location" within the input text. This is because the input expression contains
reserved regular expression characters - the dots. To include any of the regular expression
characters in the text part of an input expression you must precede them with a backslash1.
So the actual input expression to match cases of "parent.window.location" is:
parent\.window\.location
1
For more details on regular expression composition see the Jakarta Regular Expression API
http://jakarta.apache.org/regexp/apidocs/org/apache/regexp/RE.html
22
IBM Lotus Domino Application Portlet: Configuration and Tips
4.1.2 Output functions
In situations where outputting a static string is insufficient to properly deal with the proxying, a
function is required. Output functions are used to perform complicated rule transformations,
usually taking the matched text as input. The most commonly used functions are the pair of
@transform functions. These functions transform URLs found within the Domino input,
redirecting them from the Domino server through the Domino Application Portlet. These
methods therefore form the basis of the Domino Application Portlet's reverse proxying
capabilities.
@transform_uri_abs
This function only transforms URLs whose path is absolute (beginning with a forwardslash
/).It transforms URLs so that they begin with the servlet path and end with an encrypted and
encoded string that references the original URL. In this way the servlet used within the
Domino Application Portlet can identify the Domino database to access and the
corresponding path of the required resource.
@transform_uri_all
This function operates in a similar manner to transform_uri_abs, but it transforms the URL
whether it is absolute (beginning with a forwardslash / ) or relative to the current path. For
example, if the current path is http://dominoserver.ibm.com/mydb.nsf/myfolder then a URL
of "mail.gif" would be appended to this path, resulting in a URL of
http://dominoserver.ibm.com/mydb.nsf/myfolder/mail.gif. This functionality is maintained
by the transform_uri_all function, which generates URLs of the type
http://portalserver/wps/PA 11 0/rproxy/$$cGDdv$$.nsf/myfolder/mail.gif.
@proxypath
Returns the servlet path that is used to replace the link to the Domino server. An example
result of applying this function is /wps/PA 1 0 69/rproxy. This path would then be used to
construct a transformed URL.
@host
Returns the name of the Domino Server machine on which the current application is located
[e.g.dominoserver.ibm.com®.].
@protocol
This function returns the protocol used by the Domino Server (e.g., http or https).
@port
This function returns the port number used by the Domino Server (e.g., 80).
@param(n)
[where n is an integer] This function returns a string corresponding to the nth block
(parenthesized expression) in the input expression. The first block is 1, the second 2 and so
on. The whole of the matched text is 0. This is described in greater detail in 4.1.4, “Blocks
within the expressions” on page 24.
@parencount
Returns the number of blocks (parenthesized expressions) within the input.
Chapter 4. Rules
23
@baseurl
This is a function dealing with occurrences of URLs within the base tag and is not generally
required.
These functions are used in the Output Expressions described in 4.1.3, “Output expressions”
on page 24.
4.1.3 Output expressions
For each input expression for example:
action="(.*?)"
There is a corresponding output expression, which defines the transformations to perform on
the text matched by the input expression. The output expression may be plain text, such as:
action="/mail/user3.nsf/83997d314a7?ReadForm"
Which will, given the input string:
action="<some text>"
This will replace all occurrences of <some text> with
/mail/user3.nsf/83997d314a7?ReadForm. In order to deal with the more general case where
we want to transform the string based on the input string, an output function (as described in
4.1.2, “Output functions” on page 23) is required. This rule uses two output functions
@param(1)and @transform uri all().
action="@transform_uri_all(@param(1))"
The result of applying this rule to action="<some text>" is:
action="wps/PA_1_0_V9/rproxy/__PC_7_0_18L_PI_432667__/<some text>"
4.1.4 Blocks within the expressions
The input expression is divided up according to the groups of parentheses it contains. Staying
with the input expression defined in 4.1.1, “Input expressions” on page 22:
action="(.*?)"
We see that this expression has one set of parenthesis. Since there may be more than one
set per input expression, the blocks are identified by number. In this example, there is only
one set so it is referred to as block 1. Subsequent parentheses blocks would be identified by
in a similar fashion by the number 2, 3 etc. These block numbers are used in the output
expressions to identify the parts of the string to transform. A specific output function:
@param(block_number)
This is used to reference the individual blocks. So given an input string of:
<form name="myForm" action="/mail/user1.nsf/83997d316273?ReadForm">
This will match our rule, action="(.*?)", as follows:
action="/mail/user1.nsf/83997d316273?ReadForm"
The regular expression within the parentheses of the input expression matches the URL:
/mail/user1.nsf/83997d316273?ReadForm
24
IBM Lotus Domino Application Portlet: Configuration and Tips
In order to refer to the URL within the output expression, we would use the following function
call:
@param(1)
Using a more complicated example, the input expression:
<applet name="myApplet" (.*?) codebase="(.*?)" (.*?)>
This will match all instances of applets called myApplet. For one such instance:
<applet name="myApplet" width="250" height="100" codebase="/code"
archive="Sample.jar">
The resulting blocks, returned using the @param() function are shown in Figure 4-1. There is
also a default block, 0, which refers to the whole matched string.
@param(1) width=”250” height=”100”
@param(2) /code
@param(3) archive=”Sample.jar”
Figure 4-1 Constituent Blocks
4.1.5 Process for applying regular expression rules
The Regular Expression rules are processed according to the order which they appear in the
Domino Application Portlet Configuration page. A given piece of text can be transformed only
once, by the first rule that matches it. This process means that text is only processed by one
rule since once the parser matches a rule, the text is transformed and the parser skips on to
the text after the matched input. The process for applying regular expression rules is as
follows:
1. Begin at the first character of the input text.
2. Beginning with 1st rule, apply each rule in turn looking for a match.
a. If a match is found, do not process further rules. Go to Step 3.
b. If no match is found move to the next character in the input text. Return to Step 2.
3. Transform the found text according to the output model for the rule. Move to the character
in the input text that is immediately after the found text. Return to Step 2.
Ordering of rules
Due to the method in which the rules are processed, the most specific rule must appear first
in the ruleset. Since only one rule can match a given portion of text, if the specific rule
appears after a more general one then it will never be ”hit”. This is only an issue for similar
rules, which may match a subset of the text matched by other rules.
Both of the rules src="(.*?)_gif" and src="icon (.*?)_gif" would match the text src="icon
print.gif". Since the first rule that matches is applied, the most specific rule should be
placed highest in the list of rules. If a different transformation is required for images starting
with the text icon, then this rule needs to be before the more general src="(.*?)_gif",
otherwise it will never be applied.In this manner there may be several specific rules to deal
with specialized cases and then one general rule to catch all other occurrences of the given
text.
Chapter 4. Rules
25
Figure 4-2 Configuration Page Showing Regular Expression Rules
Rules to skip over text
Another feature of the rule processing is that rules can be designed to make the parser skip
over portions of the text. A rule may be written which matches the text but that does not
modify it. Since only one rule can match a given portion of text, no subsequent rules can be
applied and the text remains unchanged.
As described in 4.1.4, “Blocks within the expressions” on page 24, there is a default block (0),
which refers to the entire matched string. Using the output function @param in conjunction with
this block reference allows us to obtain the matched text. By outputting the matched input
text, there is no change to the text. For example, if an input expression is:
src="special_icon(.*?)gif"
And the output model is:
@param(0)
Then the matched input text, e.g.,
src="special_icon65.gif"
This will remain unchanged in the output, even if there is a more general rule, such as
src="(.*?)", further down the list.
26
IBM Lotus Domino Application Portlet: Configuration and Tips
Figure 4-3 Configuration Page Showing Case-Sensitive Box
Case-sensitivity
Regular expressions in the Domino Application Portlet are not case-sensitive by default, but
you can select case-sensitivity for the input expression of any rule. In some circumstances we
do not want to apply rules to specific pieces of text. The rule shown in Table 4-1 will match
any possible capitalization of href (e.g Href, HREF,..) but will always produces a lowercase
output. However if the case-sensitive box is selected beside the rule in the portlet
configuration then only the case given in the input expression will match.
Table 4-1 Regular Expression Rule Showing Input & Output Expressions
Input
Output
href=”(.*?)”
href=”@param(1)”
Note: The input text must match the input expression exactly, including spaces.
4.2 HTML parser
In addition to the Regular Expression parser, a HTML parser has been provided which parses
the input text based on its HTML structure. This parser also uses a set of rules for data
transformation. However due to the complexity of the rules required for the Regular
Expression parser, the rules used by the HTML parser are designed to be a more
user-friendly alternative.
Since most HTML pages also contain portions of JavaScript, the HTML parser must also deal
with them. However, since JavaScript is not structured in the way that HTML is, the HTML
parser cannot deal with the scripts itself. A dedicated JavaScript parser is planned for a future
release, but currently when the HTML parser encounters JavaScript it calls out to the Regular
Expression parser to parse the script.
As with the Regular Expression rule structure discussed in 4.1, “Regular expression parser”
on page 22, the HTML rules are divided into an input expression and an output expression.
However these two expressions have been split into smaller constituent parts.
Chapter 4. Rules
27
4.2.1 Input expression
The input expression has been subdivided into three components:
Tag
Input Attribute
Input Value
The Tag component specifies the particular HTML tag that this rule is applied to. By
specifying the Tag name, rules are only applied if that tag is found within the input HTML
page. The input expression requires two additional components which identify the particular
tag attribute/value pairs to search for.
The Input Attribute specifies the attribute, of the given tag, that the rule is to be applied to. As
a final level of detail, we can specify the value of the given attribute using the Input Value
component. Since the HTML rules were designed to be easier to read, negating the need to
understand regular expressions, we tried to keep each component as simple as possible.
However, to allow some flexibility one wildcard character is allowed - the *. This is either used
to signify any within one of the input components, or, in the case of Input Value, in
conjunction with some text to signify any text beginning with. If all three components of the
input expression match the input string then the rule is applied.
4.2.2 Output expression
Due to the structure of the HTML rules, a rule may transform the value of a particular attribute
of a particular tag. Once a match has been found the attention switches to the output
expression to decide what transformations to invoke. The output expression for the HTML
rules is in two parts:
Output Attribute
Output Value
HTML Rules are not allowed to search for attributes of one tag and then modify the values of
different tags so there is no need to have a Tag component in the output expression. If such
rule functionality is required then the Regular Expression parser must be used. The Output
Attribute specifies the attribute name for the output. Often this is the same as the input
attribute name, but this is not a requirement. For example, a rule specified on the param tag
may use the name attribute to locate the appropriate portion of HTML, but it is the value
attribute that will require modification. An illustration of this is shown in Table 4-2. The Output
Value specifies the value for the output attribute. It comprises text optionally combined with a
single output function.
Table 4-2 Sample HTML Rules
Tag
Input
Output
attr
value
attr
value
param
name
data
value
@transform uri all
a
href
*
href
@transform uri abs
4.2.3 Output functions
The output functions provided for use with the HTML parser are mostly consistent with those
available for the Regular Expression Parser.The functions listed below have been described
in 4.1.2, “Output functions” on page 23.
@transform_uri_abs
28
IBM Lotus Domino Application Portlet: Configuration and Tips
@transform_uri_all
@host
@proxypath
@protocol
@port
@baseurl
The @param(n) and @parencount output functions are specific to the Regular Expression
parser and are not available for use with the HTML parser. There is one output function which
is specific to the HTML parser, the @script function. This function is used to call out to the
Regular Expression Parser when JavaScript is located within the HTML page. An example of
using this function is shown in Table 4-3, where for any tag if an attribute called onclick is
found, then the value of that attribute is transformed using the @script function. This rule is
used to transform the JavaScript value of the onclick attribute.
Table 4-3 Sample HTML rule using the @script function
Tag
*
Input
Output
attr
value
attr
value
onclick
*
onclick
@script
4.2.4 Process for applying HTML rules
For a given Tag, Input Attribute and Input Value combination, only one rule can be
applied. This mirrors the functionality of the Regular Expression parser, where only one rule
can be applied to a given portion of input text. In the case that more than one rule matches a
given combination, the most specific rule available is applied. The more detail a rule gives, the
more specific it is. For example, a rule which uses the wildcard * to signify any tag is very
general. In contrast, a rule which specifies the tagname is more specific. This applies to the
attribute and value components as well.
Table 4-4 Example rules
Rule
Value
Rule A Input value:
Database
Rule B Input value:
Database*
Rule C Input value:
Data*
Rule D Input value:
*
If four rules are identical except for the Input attribute values shown in Example 4-4, then Rule
A is the most specific, while Rule D is the least specific. Rule A will only match the exact text
’Database’, all variants of this text will be ignored. Rule B is slightly more flexible, it will match
all text beginning with ’Database’. This means that ’Database2’ and ’Database list’ will also
match. Rule C is similar to Rule B, but since more of the text has been replaced by the
wildcard it is more general. It will match ’Database’, ’Database list’ and ’Data form’. Finally,
Rule D is the most general since any value will match. This is usually used in cases where the
value will have to be modified, such as the value of a href attribute. Table 4-5 on page 30
illustrates some possible text matches based on the rules described in Table 4-4 If rules are
identical, except for their Output Attribute and/or Output Value, the rule that appears first in
the configuration is used, see Figure 4-4 on page 30.
Chapter 4. Rules
29
Table 4-5 Example text matches for rules in Table 4-4 on page 29
Text
Matched Rule
Database
A
Database list
B
Data form
C
MyString
D
Figure 4-4 Configuration Page Showing HTML Rules
4.3 Correlation between the rulesets
As described in 4.1, “Regular expression parser” on page 22 and 4.2, “HTML parser” on
page 27, the Regular Expression and HTML parsers function in different ways and so the
rulesets for each one are structured differently. This has led to some differences in the
rulesets. However, as a whole there is a general correlation between the rules as the parsers
are basically performing the same function.
For example, the Regular Expression rule shown in Table 4-6 is equivalent to the HTML rule
shown in Table 4-7 on page 31. Both of these rules search for the HTML attribute src with any
value and output the result of applying the transform uri abs function.
Table 4-6 Regular Expression rule
30
Input
Output
src=(”|’)(.*?)\1
src=@param(1)@transform uri abs(
@param(2))@param(1)
IBM Lotus Domino Application Portlet: Configuration and Tips
When the rules are compared in this way, it is easy to see the relative simplicity of the HTML
rules versus their Regular Expression counterparts. However, this simplicity also means a
lack of flexibility when defining a new rule. For this reason, the decision over which parser
best suits your needs may depend on the complexity level of the rules you will need.
Table 4-7 Equivalent HTML rule
Tag
*
Input
Output
attr
value
attr
value
src
*
src
@transform uri abs
Chapter 4. Rules
31
32
IBM Lotus Domino Application Portlet: Configuration and Tips
5
Chapter 5.
Samples
Now that you have acquainted yourselves with the theoretical aspects that underlie the
workings of DAP, you are ready to delve into a practical application. In order to complete the
following tutorial you will need the following:
1. A Domino 6.X server (in this document we’ll give it the fictitious name
domino.domain.com)
2. A portal server (this one we call portal.domino.com)
We will host a sample application, called Sample.nsf (supplied with this document), on the
Domino server and configure DAP so that the same application will be visible through the
portal. We aim to cover as many features of DAP as possible, so we will gradually increase
the complexity of the setup.
© Copyright IBM Corp. 2004. All rights reserved.
33
5.1 Setting up Domino
The sample database (Sample.nsf) needs to be copied into the Data folder of the Domino
server. This should be enough to expose the application through
http://domino.domain.com/Sample.nsf. Initially, we will keep all authentication off. We will
then enable this later, once we’ve verified that all other parts work as intended.
5.2 Setting up DAP
The portal server needs to have DAP installed, verify that this is the case through the
administrative console. To check this, log into the portal as an administrative user through
http://portal.domain.com:9081/wps/myportal. Note that we are connecting to the portal
directly, depending on your setup you may omit the port and connect to the portal via the
HTTP server. Navigate to the Administration section, then select Portlets -> Manage Portlets;
the list should include an entry for a “Domino Application Portlet”. If that is the case you can
go ahead and create a page to host the portlet, otherwise you have to install the portlet first.
5.2.1 Install portlet
To do that you will need a copy of the standalone portlet archive (dap.war); under Portlets
click Install, browse to the archive, click Next, and finally confirm the action by clicking the
Install button. You should see a message that confirms the installation of the portlet.
5.2.2 Create page
Now we need a page to host the portlet, to do this click ‘Portal User Interface’ and then
Manage Pages on the navigation bar on the left. We suggest you create the new page under
the MyPortal label. Most out-of-the-box portal installations will have this section set up by
default. So click the MyPortal link followed by the New Page button, give it a nice name, for
example “Sample Domino Application” and confirm with OK.
5.2.3 Add portlet to page
To add the portlet to the page you click the pencil icon in the page list of the MyPortal section,
this will lead you to the portal layout editor, keep the default layout for the page and click the
Add Portlet button, you will be presented with a list of all the available portlets. Chances are
that there are a lot of portlets installed on your system, so the easiest way to find DAP is to
reduce the list by entering some search criteria. By searching for the word ‘domino’ in the
portlet titles, the list should reduce to a handful of portlets, tick the selection box next to
“Domino Application Portlet” and click OK. The system should confirm the success of the last
operation and to complete the addition of DAP to the page click the ‘Done’ button. You can
now look at a running instance of DAP by navigating to the MyPortal section and then to
Sample Domino Application Page; you should see a window similar to Figure 5-1 on page 35.
34
IBM Lotus Domino Application Portlet: Configuration and Tips
Figure 5-1 Working DAP setup, portlet not yet configured
5.2.4 Initialize portlet
All that remains to do is to point DAP to the sample application on the Domino server, click the
pencil icon and on the following page enter domino.domain.com (or rather, the actual name of
the Domino server that you are using) as the host and Sample.nsf in the path and filename
box. Click first on Save, then on the Close button. You must also check that authentication is
set to None, to do that click the wrench icon to enter the portlet configuration mode and select
the Authentication tab. DAP defaults to Basic authentication so you will probably have to
select the None option.
If you made any changes here click Save and then Close. Now you should see a window
similar to Figure 5-2 on page 36. If that isn’t the case, ensure you followed all the steps
outlined above.
Chapter 5. Samples
35
Figure 5-2 Sample application as seen through DAP - note how the applet images failed to load
5.3 Exploring the application
You should also make yourself familiar with the application as seen directly from the Domino
server, as there are a couple of issues with the one seen through the portal. The base rules
that the portlet ships with will ensure that most of the application will work, yet we will focus on
the bits that do not to illustrate DAP’s modus operandi. So point your favorite browser to
http://domino.domain.com/Sample.nsf and notice how there are some icons in the applet’s
view area (Figure 5-3 on page 37), compare this with the portalized application (Figure 5-2).
Also observe the behavior of the ‘Info’ button of the sample application both when seen
through DAP and when seen directly from Domino. In the following paragraphs we hope to
introduce you to the art of rule-making, as you will see it will require a good dose of instinct
and plenty of experience to successfully identify the fragments of a page that require some
translation to be viewed through DAP.
36
IBM Lotus Domino Application Portlet: Configuration and Tips
Figure 5-3 The sample application as seen directly from Domino
5.4 Fixing the icons
As we mentioned the application viewed through DAP is missing two icons, being an applet
the initial strategy is to inspect the applet’s tags both when viewed directly on Domino and
when viewed through DAP. To view the markup of the two pages, right-click the frame and
select ‘View Source’.
This is what we saw on our test servers:
From Domino: (Example 5-1)
Example 5-1 Example of code shown through Domino
<applet width="250" height="100"
codebase="/Sample.nsf/b2a27ff60012977280256eaf004e2b87/$FILE"
code="myPack/TestApplet1.class" name="myApplet"
archive="testApplet/Sample3.jar">
<param name="URL1" value="/icons/abook.gif">
<param name="URL2" value="">
</applet>
Chapter 5. Samples
37
Through DAP: (Example 5-2)
Example 5-2 Example of code shown through DAP
<applet width="250" height="100"
codebase="/wps/PA_1_0_69/rproxy/__PC_7_0_CL_PI_751987__/$$U2
FtcGxl$$.nsf/b2a27ff60012977280256eaf004e2b87/$FILE"
code="myPack/TestApplet1.class" name="myApplet"
archive="testApplet/Sample3.jar">
<param name="URL1" value="/icons/abook.gif">
<param name="URL2" value="">
</applet>
As you can see the codebase attribute of the applet tag is successfully reverse-proxied, and
we urge you to find the corresponding rule in the standard ruleset that is responsible for this
translation. You should also note that the URL1 parameter that is passed to the applet
obviously refers to a resource on the Domino server, namely the “abook.gif” icon in the /icons
folder. When the page is viewed through the portlet it will request the “/icons/abook.gif” image
from the Portal server which will of course fail. What we need is a rule that will reverse-proxy
the value of the URL parameter; click the spanner icon of the portlet and select the Rules tab.
Ensure that the rule type is set to ‘Regular Expression’. Scroll to the bottom of the page and
click the insert rule icon (Figure 5.4) of the last rule. Enter the following in the newly created
boxes:
Figure 5-4 Insert Rule Icon
Regular expression:
<param name="URL1" value="(.*?)"
Output model:
<param name="URL1" value="@transform_uri_all(@param(1))"
Now click Save followed by Close, you should now see a small book icon in the applet’s box.
If you look at the frame’s markup you should see that it has been reverse proxied:
<applet width="250" height="100"
codebase="/wps/PA\_1_0_69/rproxy/__PC_7_0_CL_PI_714731__/$$U
2FtcGxl$$.nsf/b2a27ff60012977280256eaf004e2b87/$FILE"
code="myPack/TestApplet1.class" name="myApplet"
archive="testApplet/Sample3.jar">
<param name="URL1" value="/wps/PA_1_0_69/rproxy/__PC_7_0_CL_
PI_714731__/$$aWNvbnMvYWJvb2suZ2lm$$">
<param name="URL2" value="">
</applet>}
Unfortunately the second icon did not appear. A second more thorough look at the frame’s
markup should identify the following section towards the end of page in need of translation:
...
}
function go()
{
document.applets["myApplet"].setImage2("/icons/actn001.gif");
}
</script>
38
IBM Lotus Domino Application Portlet: Configuration and Tips
...
Clearly the applet is being modified programmatically and we need to reverse-proxy the string
that is being passed to it through the setImage2 method. Append the following rule to the
ruleset: Regular expression:
\.setImage2\("(.*?)"\)
Output model:
.setImage2("@transform_uri_all(@param(1))")
After saving you should see both icons in the applet’s box, as shown in Figure 5-5.
Figure 5-5 Display of both icons in applet’s box
5.5 TCP/IP trace proxies
Admittedly this example is quite simple, you will find that generally it is considerably trickier to
identify the text that requires processing by the parser. During development of the portlet we
found that TCP tracing utilities are exceedingly useful for debugging purposes. These utilities
act as a proxy and let you view a trace of all the request and responses between the browser
and the portal and also between portal and the Domino server. WebSphere Studio
Application Developer includes a special type of server a “TCP Monitor” which you can use as
a tracer but you can also find freeware utilities on the Internet that offer the same functionality.
Refer to the WebSphere Studio documentation to set up a TCP Monitor. A typical test setup
would look like the one shown in Figure 5.6, assuming that the workstation that you are
working on is ‘computer.domain.com’.
Figure 5-6 Set-up to capture HTTP traces with the use of proxy trace utilities
Chapter 5. Samples
39
You will need to configure your browser to route its requests to a proxy. Typically you would
run the trace utility on your local machine, thus you would point your browser to ‘localhost’
and whatever port you have configured your proxy trace utility to listen at. Note also that most
Domino applications make use of applets which may make their own network requests. So
make sure your plugin is configured to route HTTP requests to the proxy. Internet Explorer’s
JVM does not support this but Sun’s Java™ plugin does, you can find the relevant options in
the Java plug-in control panel under the ‘Proxies’ tab. DAP, like a browser, can be configured
to route all its requests to a proxy, this option is available in the configuration view under the
‘Source and Display’ tab where you can specify the ‘Proxy Source Server’.
For the above example setup we would set the proxy source server host to
‘computer.domain.com’ and the port to ‘8081’. We can’t stress enough how useful a HTTP
trace can be when debugging a DAP-ed application.
For example if the applet of the sample application used a default location to find its icons it
would not be immediately obvious that the icon is even being requested. If a proxy trace is in
place we would see something like:
GET http://portal.domain.com:9081/icons/actn001.gif HTTP/1.1
cookie: JSESSIONID=000026kWPj0CPiVpb9-ZtxEeZgU:-1
User-Agent: Mozilla/4.0 (Windows 2000 5.0) Java/1.4.2 02
Host: portal.domain.com:9081
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Proxy-Connection: keep-alive
Failing with:
HTTP/1.1 404 Not Found
Server: WebSphere Application Server/5.0
Content-Type: text/html
Content-Length: 159
<H1>Virtual Host or Web Application Not
Found</H1><BR><H3>
The web group /icons/actn001.gif has not been
defined</H3><BR> <I>IBM WebSphere Application Server</I>
The mere presence of a 404 indicates that something is amiss. There is also a whole group of
other problems that would be very hard to diagnose without the help of a trace, for instance it
is often necessary to inspect data that is posted as a consequence of a form submission or it
may happen that the wrong output model function is used to transform a particular URI which
in turn results in some funny requests that without a trace would remain undetected.
5.6 Fixing the greedy information page
One thing you might not have noticed is that when you click the “Info” page of the application
through DAP it will grab the entire page and seemingly leave the portal. We will have to look
at what exactly happens when the “Info” button is clicked, here is what the button’s tag looked
on our test setup:
<input type="button"
onclick="var pathname = window.location.pathname;
var path = pathname.substring(0,(pathname
.lastIndexOf(\singlequote .nsf\singlequote )+5));
var myurl3=path+&quot;/Info&quot;;
window.open(myurl3,&quot;_top&quot;);"
value="Info">
40
IBM Lotus Domino Application Portlet: Configuration and Tips
Obviously a series of JavaScript instructions are executed upon a click which assemble a
URL from the current location and then the browser is then sent to it. Notice how the target
frame for this operation is “ top”.
This is not quite what we want; instead we want the target to be “ifa” which is the IFRAME
containing the reverse proxied page. Thus by adding the rule:
Regular expression:
_top
Output model:
ifa
We will obtain the desired behavior. The above example is somewhat contrived, and the rules
used to fix far from ideal. The problem is that the rule ‘ top’ is very general and it may well
match some text that we do not want to translate. If the text ‘ top’ appears anywhere in the
markup it will be translated, for example if elsewhere on the page we had a script with a
variable named ‘about to topple’ that would be transformed into ‘about to ifaple’ which will in
all likelihood prevent the page from working correctly. Sometimes it will prove too difficult to
come up with regular expressions that are sufficiently discriminating, in this case you will have
to provide pass-through rules for all the instances in which it matches something it shouldn’t.
In the example above, we would have to add a rule with ‘about to topple’ as both regular
expression and output model with a higher priority than the ‘ top’-only rule to prevent it from
being garbled.
5.7 Switching to the HTML parser
The three rules above have of course corresponding rules in the HTML parser. To try these
out switch to the HTML parser and add the following rule:
Input match:
Tag
param
Input attribute name
Value
URL1
Output:
Output attribute
Output value
value
@transform_uri_all
This is the dual of the first rule we added for the regular expression parser. The other two
rules are identical as they are processed by the javascript parser, so you can append them
verbatim into the Java Script Rules section of the HTML parser configuration.
Chapter 5. Samples
41
Figure 5-7 Requiring authentication, Anonymous access is set to ‘No Access’
5.8 Escalating security
To start off with we had no security enabled. We will now proceed and ensure users are
authenticated when they access a database through DAP. Using the Domino Administrative
console modify the ACL so that Anonymous access is disabled for the Sample.nsf database
(see Figure 5-7) and add one of your Domino users to the ACL1. Also ensure that session
authentication is disabled in the server document under Internet Protocols → Domino Web
Engine. You should now see an error message when viewing the database through DAP
(Figure 5.8).
1
If you get insufficient rights when modifying the ACL you may need to modify it locally before starting the Domino
server
42
IBM Lotus Domino Application Portlet: Configuration and Tips
Figure 5-8 Domino requires authentication but DAP is not yet configured to supply credentials
To solve the situation we must set the corresponding authentication method for DAP, so
navigate to the Authentication tab in the portlet’s configuration and select the basic
Authentication model (see Figure 5-9).
Figure 5-9 Setting up DAP to use basic authentication
Now we only need to specify the credentials. Click the pencil icon and enter the username
and password of a user in the database’s ACL, once these are saved you should see the
sample application as previously. Please refer to the chapter on authentication for a more
in-depth description of the basic authentication scheme. It is not advised to use this
authentication model if the communication channel between the Portal and the Domino
server is not secured because the credentials are transferred unencrypted with each request,
making it trivial for an eavesdropper to intercept them. The session authentication model is
slightly more secure in that the credentials are transmitted to the host only once, so browse to
DAP’s configuration page and switch the authentication model to Session. You will see an
error message similar to the one you saw earlier (see Figure 5-8, this is because the Domino
server is not configured to accept session authentication yet). To enable this, open your
Server Document in Domino Administrator or WebAdmin and under Internet Protocols →
Domino Web Engine set Session authentication to Single Server (see Figure 5-10 on
page 44).
Chapter 5. Samples
43
Figure 5-10 Enabling Domino Session authentication
Save the document and restart the HTTP task to make the change effective (either restart the
Domino server or type tell http restart in the console). DAP will now use the credentials that
you used previously but instead of re-transmitting them with every request it will re-transmit
only the authentication token it received from Domino. Enabling SSO is somewhat more
involved we refer you back to the chapter on Authentication where you can find instructions on
how to set up SSO between WebSphere and Domino.
5.9 Another sample
In this second example we are going to work with a mail database (instantiated from a
mail6.ntf template) on the same Domino server that we used previously. We will assume that
you created the database under mail/username.nsf; set up a new page with the Domino
Application Portlet and point it to mail database. For this example you will need to import a
custom ruleset, called Sample2Rules.xml, supplied with this document. You should also first
save a copy of the original ruleset just in case you need to restore the portlet to its original
state. To export a ruleset open the configuration view by clicking on the wrench icon and click
the Rules tab. When you click the Export button you will be asked to specify a file name and
location, for example you may enter OriginalRules.xml and note where the file will be saved.
To import the ruleset for this sample, simply click the Import button and then browse to the file
you downloaded earlier. Once you have completed all these steps view the page you just
created and notice that the HTML has loaded, but the applet
lotus.notes.apps.actionbar.ActionBar has failed to load. (Figure 5.11)
44
IBM Lotus Domino Application Portlet: Configuration and Tips
Figure 5-11 The action bar applet failed to load
Like in the previous example, the principal tool that we will utilize to debug the application will
be tracing, so you will need a setup as described in the previous section to be able to inspect
the requests and responses. So here is what we found in our test setup:
Request:
GET http://portal.domain.com:9081/domjava/actionbar.jar HTTP/1.0
Accept-Language: en-IR
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Host: portal.domain.com:9081
Proxy-Connection: Keep-Alive
Cookie: JSESSIONID=0000XGb_2MNQTpdvV_IhKLZd4WK:-1;
wcp-context=wpsadmin@1@base
Response:
HTTP/1.1 404 Not Found
Server: WebSphere Application Server/5.0
Content-Type: text/html
Content-Length: 192
Connection: close
<H1>Virtual Host or Web Application Not Found</H1><BR>
<H3>The web group /domjava/actionbar.jar has not been
defined</H3><BR><I>IBM WebSphere Application Server</I>
By examining this trace of the request/response interaction between the browser and the
Domino Application Portlet, we can see that the request for actionbar.jar has generated a
FileNotFound Error. The offending request was for the URL:
http://portal.domain.com/domjava/actionbar.jar.
Chapter 5. Samples
45
However, the applet is located on the Domino Server not the Portal server, so it can’t be
found.
Looking at the source code for this page shown in Figure 5-12, we can see that the location of
the applet is /domjava. Since we are redirecting through the Portal Server, we need to
transform this URL to reflect this.
Figure 5-12 The original source, which resulted in a request for /dom-java/actionbar.jar to the Portal
server
We need a rule which takes the value of the codebase attribute and changes it to redirect it to
the portal server. The output function @transform_uri_abs can perform this redirection. So
our new rule is:
codebase="(.*?)" => codebase="@transform_uri_abs(@param(1))"
Figure 5-13 The HTML markup of the reverse-proxied page
As shown in Figure 5-13, this rule transforms /domjava into something like:
"/wps/PA_1_0_55L/rproxy/__PC_7_0_5BT_PI_891457__/$$ZG9tamF2YQ==$$".
This rule seeks out all text matching:
codebase="<anything>"
And transforms ”<anything>” to point to the portal server.
So:
<applet name="dominoActionBar"
code="lotus.notes.apps.actionbar.ActionBar.class"
codebase="/domjava" archive="actionbar.jar" mayscript>
Becomes:
<applet name="dominoActionBar"
46
IBM Lotus Domino Application Portlet: Configuration and Tips
code="lotus.notes.apps.actionbar.ActionBar.class"
codebase="/wps/PA_1_0_55L/rproxy/__PC_7_0_5BT_PI_891457__/$$ZG9tamF2YQ==$$"
archive="actionbar.jar" mayscript>
With this new rule, the applet can be found and loads properly (Figure 5-14).
Figure 5-14 Now the action bar displays correctly
Chapter 5. Samples
47
48
IBM Lotus Domino Application Portlet: Configuration and Tips
6
Chapter 6.
Updates to Domino Application
Portlet 1.1
This chapter describes the modifications and new features present in the release of the
Domino Application Portlet Version 1.1, which was released in September of 2004.
© Copyright IBM Corp. 2004. All rights reserved.
49
6.1 Debug tab
In the configuration section there is now a debug tab, which allows you to see the HTML
returned by Domino, both before and after transformation. Here you can quickly locate the
transformed text and identify the rule responsible for the transformation.
Figure 6-1 Debug Preview
Clicking on the Requests button returns a page which gives details of all the recent
requests.(Figure 6-2) For each request you are given the following information:
Time of each request
Request URL shows the request itself
Response code shows whether the request to Domino succeeded (green), was redirected
(orange), or failed (red), and gives the relevant response code
Content type is the mime type and character set of the content
Additionally, you can see the Domino source HTML. You will see a link to the source HTML
returned by the Domino server (Figure 6-3 on page 51)
Transformed HTML a link to the source HTML after transformation (Figure 6-4 on page 51)
Figure 6-2 Debug Requests
50
IBM Lotus Domino Application Portlet: Configuration and Tips
Figure 6-3 shows the result of clicking on the Domino Source HTML link. Text that will be
transformed by the parsers is colored blue. Hovering over the blue text displays a message
that tells you which rule will be applied.
Figure 6-3 Debug Source
Figure 6-4 is the Transformed HTML. This time you see the results of applying rules to the
text. Again, text that has been transformed by the parsers is colored blue. Hovering over the
blue text displays a message that tells you which rule was applied.
Figure 6-4 Debug Transformed
6.2 Error reporting
Improvements have been made to the error reporting mechanism. DAP now provides the user
with possible reasons for the errors and suggested fixes. For example Figure 6-5 shows how
DAP deals with an error code returned as part of a response from the Domino server. This
error arose from an incorrect name in the path variable in the edit settings. Here DAP has
correctly suggested that the user check that the path and filename are correct in the Edit or
Config settings.
Figure 6-5 Improved Error Reporting
Chapter 6. Updates to Domino Application Portlet 1.1
51
6.3 Customized rule sets
In DAP 1.1 each supported Web application now has its own ruleset e.g. MailD5.xml. This will
improve performance if a user is only using one application. The default ruleset is also
available (default_rules.xml) containing the rules for all the supported applications (except
iNotes™). New customized rulesets can be imported in the rules section in the configuration
by clicking the Import button. The following rule set files are shipped with Domino Application
portlet. Each rule set is designed for a particular Domino template. The name of the
appropriate templates are shown in parentheses.
default rules.xml (suitable for all templates except iNotes)
mailD6.xml (mail6.ntf) and mailD5.xml (mail50.ntf)
discussionD6.xml (discsw6.ntf) and discussionD5.xml (discsw50.ntf)
reservationsD6.xml (resrc60.ntf) and reservationsD5.xml (resrc50.ntf)
teamroomD6.xml (teamrm6.ntf) and teamroomD5.xml (teamrm50.ntf)
iNotesD6.xml (iNotes6.ntf) and iNotesD5.xml (iNotes5.ntf)
6.4 Support for Domino Web Access (iNotes)
As explained above there are now rulesets for individual applications. Included among these
are two rulesets that supports Domino Web Access application (iNotes). To provide DAP
support for iNotes 5 or 6 replace your existing ruleset with the relevant ruleset as outlined
above.
6.5 Selective MIME types for Rules tab
On the Rules tab the user can select/deselect mime types (Figure 6-6). Only files of the
selected mime types will be parsed, resulting in improved performance as only relevant files
will be processed.
Figure 6-6 Selecting Mime Types
6.6 Output functions
For those users interested in writing their own rules there are a number of new output
functions available:
52
IBM Lotus Domino Application Portlet: Configuration and Tips
@path() or @path(HTML parser) This returns the name of the Domino database, for
example user1.nsf
@transform parent uri abs() or @transform parent uri abs(HTML parser) This returns the
proxy portlet ID with the input added to the end. It is used to allow pages to target the
iframe. Whereas in previous releases, the JavaScript attribute top was replaced with ifa, it
is now replaced with @transform parent uri abs( ifa). For the HTML parser, this function
always returns the iframe name.
@transform server soft path() This is available only for the regular expression parser. It
returns the path to the proxy servlet prefix, however the path does not include the server
URL at the beginning.
6.7 Performance improvements
There have been changes made to improve the performance of the regular expression parser.
Its throughput has been substantially increased and the performance is now roughly
independent from the number of rules that the parser has to match against. The management
of network connections has also been improved, this has resulted in Web applications that
feel noticeably faster. Changes in the UI have improved the speed when switching between
tabs on the Configuration page.
6.8 Default to user’s mail file
Often users do not know the path to their mail file and it is generally inferable from their
username. DAP can now look up a user's mail file by using Portal's Collaborative Services.
This feature is only available under WebSphere Portal 5.X. To enable the automatic mail file
lookup the administrator must tick the "Default to user's mail file" check box in the Portlet
Configuration view (Figure 6.7). It is important to leave the "Path and filename" empty as any
value specified for it in either Configuration or Edit mode will override whatever path has been
looked up in the directory. If "Default to user's mail file" is enabled and a user has not yet
specified their credentials then the View mode will consist of a login form. Once some
credentials have been supplied the view will display the Inbox. Note that a host must be
specified. In a typical scenario the administrator would specify the host in Config Mode and
hide the Domino Source Server settings from the Edit mode. When users log into the portal
for the first time they will have to enter their mail file credential; later logons will bring them
straight to their Inbox.
Figure 6-7 Default to Users mail file
For the lookup to work the right Collaborative Service must be enabled. These services are
disabled by default, refer to the Portal Infocenter for details on configuring them. DAP needs
Chapter 6. Updates to Domino Application Portlet 1.1
53
the "Domino Directory Server" service enabled, to do this edit the Collaborative Services
configuration file - CSEnvironment.properties - which typically can be found under the
following directory:
<WEBSPHERE DIR>/PortalServer/shared/app/config.
The values that need to be set are:
# this is false by default
CS_SERVER_DOMINO_DIRECTORY.enabled=true
# change this to your Domino server
CS_SERVER_DOMINO_DIRECTORY_1.hostname=my.server.com
# for most set-ups these do not need to be changed
CS_SERVER_DOMINO_DIRECTORY_1.port=389
CS_SERVER_DOMINO_DIRECTORY_1.ssl=false
CS_SERVER_DOMINO_DIRECTORY_1.anonymous=true
To make any changes to CSEnvironment.properties effective the Portal server needs to be
restarted.
6.9 New URL re-writing
This feature was introduced to improve the behavior of links to other documents. In DAP 1.0
links in documents are generally not rewritten as they are typically entered as complete
URLs. Although it is possible to enter relative links in Domino Web Applications it may be
considered a bit awkward. Given that the links are not rewritten, upon being clicked the target
resource would typically be referenced directly and for most complete URLs this is the desired
behavior. Consider for example the case in which a friend sends you a mail with a link to
http://www.ibm.com, as you read the mail through DAP and click on the link, you expect the
browser to move to that location and you would thus leave the portal. If your friend wants to
send you a link to a document in a TeamRoom on another server the same happened in DAP
1.0, but in many situations the link would fail to work for example if the target server was
protected by a firewall that interdicted connections from external sources. DAP 1.1 looks at
links and if they appear to be links to Domino databases then it will rewrite them. Clicking on
those links will keep the target application reverse proxied through DAP.
As this modus operandi may not always be desirable, it is possible to turn this feature off and
revert to the old 1.0 link rewriting behavior. This can be done by setting the portlet parameter
"disable_cross_server_urls" to "yes" via the Portal Administration console in the Manage
Portlets section.
54
IBM Lotus Domino Application Portlet: Configuration and Tips
A
Appendix A.
Known issues
Through feedback with customers and other developers, a number of issues have been
brought to our attention. This section may assist you in identifying the source of any problems
using the Domino Application Portlet.
© Copyright IBM Corp. 2004. All rights reserved.
55
A.1 Anonymous access issue
An issue occurs when the portlet authentication is turned off (anonymous portal user), but the
database application still requires the user to authenticate. The user is presented with the
Domino login screen, but authentication fails. This problem has been resolved in a hotfix and
will be integrated into the next full release of DAP (Release 1.1).
A.2 Maximize portlet issue
In the current release of DAP, the width and height of the portlet are set in the Edit page and
are not updated by the maximize action. This means that when the DAP portlet is maximized
it remains at the defined size rather than taking up the full page.
A.3 Refresh
Currently performing a refresh of the browser window will result in the user being returned to
the default page, based on the settings defined in Edit. This means that if a user is writing an
email when the refresh is initiated, then the email is lost as the portlet returns to the default
view for the mail database, the Inbox. A fix for this issue is proposed for Release 1.1 of DAP.
A.4 Language version issue
In the WebSphere Application Server’s implementation of the
HttpServletRequest.getRequestURI() method, HTTP requests are decoded if the request’s
URI contains percentage-encoded hexidecimal. This is a problem for some language versions
of the Domino 6.5 databases where the translated view name is used in the URL instead of
the alias.
For example:
http://dominoserver.com/reserve.nsf/%E6%8C%89%E6%97%A5%E6%9C%9F
%E9%A1%AF%E7%A4%BA%E9%A0%90%E7%B4%84?OpenView
Becomes:
http://dominoserver.com/reserve.nsf/ae??ae??eiAa~’>>?OpenView
A.5 New window opening in Linux
If problems are encountered with actions that result in new windows opening (for example
opening a document), the rules redirecting the target frame to ifa need to be changed to
_self. For example, for Linux® (only), you should change:
Input expression: target="_top"
Output model: target="ifa"
To:
Input expression: target="_top"
Output model: target="_self"
56
IBM Lotus Domino Application Portlet: Configuration and Tips
A.6 Alignment in BIDI language configuration and edit modes
When viewing configuration mode (wrench icon) in a BIDI language, the input and output
fields will be LTR while the comment fields will display RTL. In order to display the rules
correctly, with respect to soft characters like ( , ) and &, you must force fields containing these
characters to display LTR.
A.7 Richtext applet icons
The icons to accept or reject a link do not display. This is because the icon path is specified in
the applet itself, which cannot be modified.
Figure A-1 Richtext Applet Showing Missing Icons
A.8 Configuration performance (WPS 5.0)
The general portal server configuration (in Manage Portlets) is slow for Domino Application
Portlet because of the relatively large quantity of configuration information. To overcome this,
it is recommended that you use the Domino Web Application Portlet configuration mode
(wrench icon) instead, which has improved performance times. Note - If you want to change
the concrete portlet name (for example if you copy the concrete portlet) then you must use the
configuration in Manage Portlets.
A.9 Configuration performance (WPS 4.1.2)
There is a known performance issue with the Domino Application Portlet configuration in
WebSphere Portal Server 4.1.2, where switching tabs and saving the configuration is
noticeably slower than in Version 5.0.
A.10 Load issue
On WPS 4.x, with heavy traffic accessing Domino Application Portlet, some users may
receive a 500 error response code signalling a failed POST request to Domino.
A.11 Table properties
There is an issue with table properties (for example cell padding) in Domino Web Application
Portlet, using the HTML parser. Domino is generating HTML with duplicate attribute names.
The HTML parser overwrites the values because the attributes have the same name. This
can result in the new property values not being used. Note - This is not an issue with the
Regular Expression Parser.
Appendix A. Known issues
57
A.12 Domino Web Access
Domino Web Access (iNotes) is not supported with release 1.0 of the Domino Application
Portlet. Note that in release 1.1 of the Domino Application Portlet, support has been provided
for Domino Web Access through two application specific rulesets. See 6.4, “Support for
Domino Web Access (iNotes)” on page 52.
58
IBM Lotus Domino Application Portlet: Configuration and Tips
B
Appendix B.
Additional material
This Redpaper refers to additional material that can be downloaded from the Internet as
described below.
Locating the Web material
The Web material associated with this Redpaper is available in softcopy on the Internet from
the IBM Redbooks Web server. Point your Web browser to:
ftp://www.redbooks.ibm.com/redbooks/redp3917
Alternatively, you can go to the IBM Redbooks Web site at:
ibm.com/redbooks
Select the Additional materials and open the directory that corresponds with the Redpaper
form number, REDP-3917-00.
Using the Web material
The additional Web material that accompanies this Redpaper includes the following files:
File name
DefaultRules.xml
Sample.nsf
Sample1Rules.xml
Sample2Rules.xml
Description
Default Ruleset
Sample Notes Database used for examples in this paper.
Sample Ruleset
Sample Ruleset
© Copyright IBM Corp. 2004. All rights reserved.
59
60
IBM Lotus Domino Application Portlet: Configuration and Tips
Related publications
The publications listed in this section are considered particularly suitable for a more detailed
discussion of the topics covered in this Redpaper.
IBM Redbooks
For information on ordering these publications, see “How to get IBM Redbooks” on page 61.
Note that some of the documents referenced here may be available in softcopy only.
Domino 6.5.1 and Extended Products: Integration Guide, SG24-6357
Portalizing Domino Applications: Integration with Portal 5.02 and Lotus Workplace 2.01,
SG24-6466
Online resources
These Web sites and URLs are also relevant as further information sources:
WebSphere Portal Development Zone - Info Center for WebSphere Portal 5.x
http://www-106.ibm.com/developerworks/websphere/zones/portal/proddoc.html#ic5
WebSphere Portal and Lotus Workplace Catalog
http://catalog.lotus.com/wps/portal/portalworkplace
How to get IBM Redbooks
You can search for, view, or download Redbooks, Redpapers, Hints and Tips, draft
publications and Additional materials, as well as order hardcopy Redbooks or CD-ROMs, at
this Web site:
ibm.com/redbooks
Help from IBM
IBM Support and downloads
ibm.com/support
IBM Global Services
ibm.com/services
© Copyright IBM Corp. 2004. All rights reserved.
61
62
IBM Lotus Domino Application Portlet: Configuration and Tips
Back cover
®
IBM Lotus Domino
Application Portlet
Configuration and Tips
Configuration and
authentication
Parsers and rulesets
Examples and sample
code
WebSphere Portal is a complete portal solution. It provides
customers with integrated content and applications in addition to
a unified, collaborative workplace.
Domino is a comprehensive application platform. Customers
have invested heavily to exploit the power of Domino in
developing proprietary applications. As a result they are
understandably reluctant to start again and move towards the
benefits of a portal environment. The main question asked by
such customers is how do we move our Domino Applications into
a portal.
Domino Application Portlet (DAP) provides the solution. It
facilitates the easy integration of Domino Web Applications into a
portal server. This IBM Redpaper describes the Domino
Application Portlet (DAP) in detail and gives practical examples
for configuring and customizing this portlet.
Redpaper
INTERNATIONAL
TECHNICAL
SUPPORT
ORGANIZATION
BUILDING TECHNICAL
INFORMATION BASED ON
PRACTICAL EXPERIENCE
IBM Redbooks are developed
by the IBM International
Technical Support
Organization. Experts from
IBM, Customers and Partners
from around the world create
timely technical information
based on realistic scenarios.
Specific recommendations
are provided to help you
implement IT solutions more
effectively in your
environment.
For more information:
ibm.com/redbooks
REDP-3917-00
