uPortal deployments with apache and tomcat

6 messages

uPortal deployments with apache and tomcat

Reply Threaded

Hello All,

At BYU we are getting ready to deploy uPortal 3.1.1 at the end of the month. I have noticed on the deployment section of the jasig web page that "a lot" of people run uPortal with a layer 5-7 load balancer that balances a cluster of apache/tomcat boxes.

layer 5-7 balancer -> apache/tomcat servers -> database

Some of our system administrators have expressed concerns about running apache/tomcat on a single box because someone might be able to comprise the box and discover the database passwords. Their suggestion was to separate concerns and run a load balanced cluster of apache servers that front (via mod_proxy and load balancer) a separate cluster of tomcat servers. In other words, you would have to compromise two boxes instead of one following the information flow to discover the database password.

layer 5-7 balancer-> apache cluster ->mod_proxy->layer5-7 balancer->tomcat servers -> database

To me, separating concerns adds complexity and not a lot of value. I am not sure that the separated version is any more secure than running on a single server. However, I am not a systems admin so I was curious if anyone has deployed uPortal using an apache cluster forwarding to a tomcat cluster? Also, has anyone heard of any security issues running apache/tomcat on a single server? Thanks!

tom freestone
([hidden email])

-- 

You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-user

Anne-Marie Scott

Mutiple Sources of User Attributes for Different Types of Users (PersonDirectory question I think)

Reply Threaded

Hi All,

I have a query that I'm trying to deal with at the moment and I would appreciate some advice from folks if you can offer it.

We have 2 sources of information for users in our portal (we're running uP 2.5.3 still BTW).
Our Identity Management system provides the local portal DB with information about the bulk of our users, but we have a small cohort of other users that aren't in our IDM and that we want to pull in from another remote DB.

We've got the PersonDirectory configured (using the beans config) to query the local and the remote DB and then the results are merged. It's my belief that with this config that we'll check the local *and* remote DB and then merge the data for all users that log in.

What I'd like to achieve is some sort of config where if the user is detected in the local DB, we don't then query the remote DB. Is there some way of configuring PersonDirectory to achieve this? Or has anyone else implemented anything similar?

All info gratefully received!

Many Thanks,

A-M.

------------------
Anne-Marie Scott
Team Manager (Delivery & Integration)
Service Management Section
I.S. Applications Division
The University of Edinburgh, Old College, South Bridge, Edinburgh. EH8 9YL.

T: +44 (0)131 650 2120
E: mailto:[hidden email]
W: www.myed.ed.ac.uk / www.ed.ac.uk/is/applications

Please kindly consider your environment before printing this e-mail

--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

---
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-user

Eric Dalquist

Re: uPortal deployments with apache and tomcat

Reply Threaded

In reply to this post by Tom Freestone

Some javascript/style in this post has been disabled (why?)

We have Apache & Tomcat on the same machine and have never had any problems though I don't think there is any issue with your proposed setup either (other than more hardware).

-Eric

Tom Freestone wrote:

Hello All,

At BYU we are getting ready to deploy uPortal 3.1.1 at the end of the month. I have noticed on the deployment section of the jasig web page that "a lot" of people run uPortal with a layer 5-7 load balancer that balances a cluster of apache/tomcat boxes.

layer 5-7 balancer -> apache/tomcat servers -> database

Some of our system administrators have expressed concerns about running apache/tomcat on a single box because someone might be able to comprise the box and discover the database passwords. Their suggestion was to separate concerns and run a load balanced cluster of apache servers that front (via mod_proxy and load balancer) a separate cluster of tomcat servers. In other words, you would have to compromise two boxes instead of one following the information flow to discover the database password.

layer 5-7 balancer-> apache cluster ->mod_proxy->layer5-7 balancer->tomcat servers -> database

To me, separating concerns adds complexity and not a lot of value. I am not sure that the separated version is any more secure than running on a single server. However, I am not a systems admin so I was curious if anyone has deployed uPortal using an apache cluster forwarding to a tomcat cluster? Also, has anyone heard of any security issues running apache/tomcat on a single server? Thanks!

tom freestone
([hidden email])
-- 

You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-user

smime.p7s (4K) Download Attachment

Eric Dalquist

Re: Mutiple Sources of User Attributes for Different Types of Users (PersonDirectory question I think)

Reply Threaded

In reply to this post by Tom Freestone

I'm not sure if there is with 2.5.3 but the PersonDirectory code used in
3.x definitely can do this and you may be able to backport some of the
IPersonAttributeDao implementations from the stand-alone project to your
2.5 codebase.

We have a pretty complex personDirectoryContext in uportal 3.1 that I've
attached so hopefully it gives some ideas as to how this would be
approached using the CascadingPersonAttributeDao

-Eric

Anne-Marie Scott wrote:

> Hi All,
>
> I have a query that I'm trying to deal with at the moment and I would appreciate some advice from folks if you can offer it.
>
> We have 2 sources of information for users in our portal (we're running uP 2.5.3 still BTW).
> Our Identity Management system provides the local portal DB with information about the bulk of our users, but we have a small cohort of other users that aren't in our IDM and that we want to pull in from another remote DB.
>
> We've got the PersonDirectory configured (using the beans config) to query the local and the remote DB and then the results are merged. It's my belief that with this config that we'll check the local *and* remote DB and then merge the data for all users that log in.
>
> What I'd like to achieve is some sort of config where if the user is detected in the local DB, we don't then query the remote DB. Is there some way of configuring PersonDirectory to achieve this? Or has anyone else implemented anything similar?
>
> All info gratefully received!
>
> Many Thanks,
>
> A-M.
>
> ------------------
> Anne-Marie Scott
> Team Manager (Delivery & Integration)
> Service Management Section
> I.S. Applications Division
> The University of Edinburgh, Old College, South Bridge, Edinburgh. EH8 9YL.
>
> T: +44 (0)131 650 2120
> E: mailto:[hidden email]
> W: www.myed.ed.ac.uk / www.ed.ac.uk/is/applications
>
> Please kindly consider your environment before printing this e-mail
>
>
>

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.5.xsd">



<bean id="currentUserProvider" class="org.jasig.portal.persondir.support.PersonManagerCurrentUserProvider">
<property name="personManager" ref="personManager" />
<property name="portalRequestUtils" ref="portalRequestUtils" />
</bean>


<bean id="usernameAttributeProvider" class="org.jasig.services.persondir.support.SimpleUsernameAttributeProvider">
<property name="usernameAttribute" value="username" />
</bean>



<bean id="personAttributeDao" class="org.jasig.portal.portlets.swapper.OverwritingPersonAttributeDao">
<property name="delegatePersonAttributeDao" ref="requestAttributeMergingDao" />
<property name="attributeOverridesMap" ref="sessionAttributesOverridesMap" />
</bean>


<bean id="sessionAttributesOverridesMap" class="java.util.concurrent.ConcurrentHashMap" scope="globalSession">
<aop:scoped-proxy />
</bean>



<bean id="requestAttributeMergingDao" class="org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl">
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="merger">
<bean class="org.jasig.services.persondir.support.merger.ReplacingAttributeAdder" />
</property>
<property name="personAttributeDaos">
<list>
<ref bean="requestAttributesDao"/>
<ref bean="cachingMergedPersonAttributeDao"/>
</list>
</property>
</bean>


<bean id="requestAttributeSourceFilter" class="org.jasig.services.persondir.support.web.RequestAttributeSourceFilter">
<property name="additionalDescriptors" ref="requestAdditionalDescriptors" />
<property name="usernameAttribute" value="remoteUser" />
<property name="remoteUserAttribute" value="remoteUser" />
<property name="serverNameAttribute" value="serverName" />
<property name="processingPosition" value="BOTH" />
</bean>


<bean id="requestAdditionalDescriptors" class="org.jasig.services.persondir.support.MediatingAdditionalDescriptors">
<property name="delegateDescriptors">
<list>
<bean class="org.jasig.services.persondir.support.AdditionalDescriptors" scope="globalSession">
<aop:scoped-proxy />
</bean>
<bean class="org.jasig.services.persondir.support.AdditionalDescriptors" scope="request">
<aop:scoped-proxy />
</bean>
</list>
</property>
</bean>


<bean id="requestAttributesDao" class="org.jasig.services.persondir.support.AdditionalDescriptorsPersonAttributeDao">
<property name="descriptors" ref="requestAdditionalDescriptors" />
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="currentUserProvider" ref="currentUserProvider" />
</bean>



<bean id="cachingMergedPersonAttributeDao" class="org.jasig.services.persondir.support.CachingPersonAttributeDaoImpl">
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="cacheNullResults" value="true" />
<property name="userInfoCache">
<bean class="org.jasig.portal.utils.cache.MapCacheFactoryBean">
<property name="cacheFactory" ref="cacheFactory" />
<property name="cacheName" value="org.jasig.services.persondir.USER_INFO.merged" />
</bean>
</property>
<property name="cacheKeyGenerator" ref="userAttributeCacheKeyGenerator" />
<property name="cachedPersonAttributesDao" >
<bean class="org.jasig.services.persondir.support.CascadingPersonAttributeDao">
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="personAttributeDaos">
<list>

<bean class="org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl">
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="merger">
<bean class="org.jasig.services.persondir.support.merger.ReplacingAttributeAdder" />
</property>
<property name="personAttributeDaos">
<list>
<ref bean="cachinguPortalJdbcAttributeSource"/>
<ref bean="cachinguPortalJdbcUserSource"/>

<bean class="org.jasig.services.persondir.support.RegexGatewayPersonAttributeDao">
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="patterns">
<map>
<entry key="username" value="^[^@]*$" />
</map>
</property>
<property name="targetPersonAttributeDao">
<bean class="org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl">
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="merger">
<bean class="org.jasig.services.persondir.support.merger.ReplacingAttributeAdder" />
</property>
<property name="personAttributeDaos">
<list>
<ref bean="cachinguPortalJdbcAttributeSource"/>
<ref bean="cachinguPortalJdbcUserSource"/>
<ref bean="cachingLdapPersonAttributeDao"/>
</list>
</property>
</bean>
</property>
</bean>

<bean class="org.jasig.services.persondir.support.RegexGatewayPersonAttributeDao">
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="patterns">
<map>
<entry key="username" value="^[^@]*@[^@]*$" />
</map>
</property>
<property name="targetPersonAttributeDao">
<ref bean="cachingAuthHubPersonAttributeDao"/>
</property>
</bean>
</list>
</property>
</bean>


<bean class="org.jasig.services.persondir.support.RegexGatewayPersonAttributeDao">
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="patterns">
<map>
<entry key="wiscedustudentviewinportal" value="Y" />
</map>
</property>
<property name="targetPersonAttributeDao">
<bean class="org.jasig.services.persondir.support.CascadingPersonAttributeDao">
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="personAttributeDaos">
<list>
<bean class="org.jasig.services.persondir.support.EchoPersonAttributeDaoImpl" />
<ref bean="cachingGraduationStatusAttributeSource"/>
<ref bean="cachingGraduationSurveyStatusAttributeSource"/>
</list>
</property>
</bean>
</property>
</bean>
</list>
</property>
</bean>
</property>
</bean>


<bean id="cachinguPortalJdbcUserSource" class="org.jasig.services.persondir.support.CachingPersonAttributeDaoImpl">
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="cacheNullResults" value="true" />
<property name="userInfoCache">
<bean class="org.jasig.portal.utils.cache.MapCacheFactoryBean">
<property name="cacheFactory" ref="cacheFactory" />
<property name="cacheName" value="org.jasig.services.persondir.USER_INFO.up_user" />
</bean>
</property>
<property name="cacheKeyGenerator" ref="userAttributeCacheKeyGenerator" />
<property name="cachedPersonAttributesDao" >
<bean class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
<constructor-arg index="0" ref="PersonDB" />
<constructor-arg>
<value>
SELECT USER_NAME
FROM UP_USER
WHERE {0} AND ROWNUM <= 100
</value>
</constructor-arg>
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="USER_NAME" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="USER_NAME">
<set>
<value>uid</value>
<value>username</value>
<value>user.login.id</value>
</set>
</entry>
</map>
</property>
</bean>
</property>
</bean>


<bean id="cachinguPortalJdbcAttributeSource" class="org.jasig.services.persondir.support.CachingPersonAttributeDaoImpl">
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="cacheNullResults" value="true" />
<property name="userInfoCache">
<bean class="org.jasig.portal.utils.cache.MapCacheFactoryBean">
<property name="cacheFactory" ref="cacheFactory" />
<property name="cacheName" value="org.jasig.services.persondir.USER_INFO.up_person_dir" />
</bean>
</property>
<property name="cacheKeyGenerator" ref="userAttributeCacheKeyGenerator" />
<property name="cachedPersonAttributesDao" >
<bean class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
<constructor-arg index="0" ref="PersonDB" />
<constructor-arg>
<value>
SELECT FIRST_NAME||' '||LAST_NAME AS FIRST_LAST, FIRST_NAME, LAST_NAME, EMAIL, USER_NAME
FROM UP_PERSON_DIR
WHERE {0} AND ROWNUM <= 100
</value>
</constructor-arg>
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />

<property name="queryAttributeMapping">
<map>
<entry key="username" value="USER_NAME" />
<entry key="givenName" value="FIRST_NAME" />
<entry key="sn" value="LAST_NAME" />
<entry key="mail" value="EMAIL" />
</map>
</property>

<property name="resultAttributeMapping">
<map>
<entry key="FIRST_LAST" value="displayName" />
<entry key="FIRST_NAME" value="givenName" />
<entry key="LAST_NAME" value="sn" />
<entry key="EMAIL" value="mail" />
<entry key="USER_NAME">
<set>
<value>uid</value>
<value>username</value>
<value>user.login.id</value>
</set>
</entry>
</map>
</property>
</bean>
</property>
</bean>


<bean id="cachingLdapPersonAttributeDao" class="org.jasig.services.persondir.support.CachingPersonAttributeDaoImpl">
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="cacheNullResults" value="true" />
<property name="userInfoCache">
<bean class="org.jasig.portal.utils.cache.MapCacheFactoryBean">
<property name="cacheFactory" ref="cacheFactory" />
<property name="cacheName" value="org.jasig.services.persondir.USER_INFO.ldap" />
</bean>
</property>
<property name="cacheKeyGenerator" ref="userAttributeCacheKeyGenerator" />
<property name="cachedPersonAttributesDao" >
<bean class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="contextSource" ref="defaultLdapContext" />
<property name="baseDN" value="${ldap.base}" />
<property name="queryTemplate" value="(&{0}(uid=*))"/>
<property name="searchControls">
<bean class="javax.naming.directory.SearchControls">
<property name="countLimit" value="100" />
<property name="searchScope">
<util:constant static-field="javax.naming.directory.SearchControls.ONELEVEL_SCOPE" />
</property>
<property name="timeLimit" value="5000" />
<property name="returningObjFlag" value="false" />
</bean>
</property>
<property name="queryAttributeMapping">
<map>
<entry key="displayName" value="displayName" />
<entry key="givenName" value="givenName" />
<entry key="mail" value="mail" />
<entry key="sn" value="sn" />
<entry key="username" value="uid" />

<entry key="wisceduadvisorflag" value="wisceduadvisorflag" />
<entry key="wisceduappttype" value="wisceduappttype" />
<entry key="wisceduinstructorflag" value="wisceduinstructorflag" />
<entry key="wisceduisisemplid" value="wisceduisisemplid" />
<entry key="wisceduisisinstructoremplid" value="wisceduisisinstructoremplid" />
<entry key="wisceduisisnonstudentemplid" value="wisceduisisnonstudentemplid" />
<entry key="wisceduisisstudentemplid" value="wisceduisisstudentemplid" />
<entry key="wisceduphotoid" value="wisceduphotoid" />
<entry key="wiscedupvi" value="wiscedupvi" />
<entry key="wiscedustudentgroup" value="wiscedustudentgroup" />
<entry key="wiscedustudentid" value="wiscedustudentid" />
<entry key="wiscedustudentstatus" value="wiscedustudentstatus" />
<entry key="wwid" value="wwid" />
</map>
</property>
<property name="resultAttributeMapping">
<map>

<entry key="cn" value="cn" />
<entry key="displayName" value="displayName" />
<entry key="givenName" value="givenName" />
<entry key="mail" value="mail" />
<entry key="postalAddress" value="postalAddress" />
<entry key="postalCode" value="postalCode" />
<entry key="sn" value="sn" />
<entry key="telephoneNumber" value="telephoneNumber" />
<entry key="uid">
<set>
<value>uid</value>
<value>username</value>
<value>user.login.id</value>
</set>
</entry>



<entry key="ctcalxitemid" value="ctcalxitemid" />
<entry key="mailhost" value="mailhost" />
<entry key="wisceduadvisorflag" value="wisceduadvisorflag" />
<entry key="wisceduallemails" value="wisceduallemails" />
<entry key="wisceduapptid" value="wisceduapptid" />
<entry key="wisceduappttype" value="wisceduappttype" />
<entry key="wisceduacadcareer" value="wisceduacadcareer" />
<entry key="wiscedudarsflag" value="wiscedudarsflag" />
<entry key="wiscedudepartment" value="wiscedudepartment" />
<entry key="wisceduformerappointmentviewinportal" value="wisceduformerappointmentviewinportal" />
<entry key="wisceduhrpersonid" value="wisceduhrpersonid" />
<entry key="wisceduinstructorflag" value="wisceduinstructorflag" />
<entry key="wisceduisgradapplicant" value="wisceduisgradapplicant" />
<entry key="wisceduisisemplid" value="wisceduisisemplid" />
<entry key="wisceduisisinstructoremplid" value="wisceduisisinstructoremplid" />
<entry key="wisceduisisnonstudentemplid" value="wisceduisisnonstudentemplid" />
<entry key="wisceduisisstudentemplid" value="wisceduisisstudentemplid" />
<entry key="wisceduisugapplicant" value="wisceduisugapplicant" />
<entry key="wiscedumailplusemailaddress" value="wiscedumailplusemailaddress" />
<entry key="wiscedumajor" value="wiscedumajor" />
<entry key="wiscedunewhireviewinportal" value="wiscedunewhireviewinportal" />
<entry key="wisceduphotoid" value="wisceduphotoid" />
<entry key="wisceduportalactivated" value="wisceduportalactivated" />
<entry key="wisceduportalactivationkeyaccess" value="wisceduportalactivationkeyaccess" />
<entry key="wisceduportalcsastudent" value="wisceduportalcsastudent" />
<entry key="wiscedupvi" value="wiscedupvi" />
<entry key="wiscedusalequityreport" value="wiscedusalequityreport" />
<entry key="wiscedustudentgroup" value="wiscedustudentgroup" />
<entry key="wiscedustudentid" value="wiscedustudentid" />
<entry key="wiscedustudentssnupdate" value="wiscedustudentssnupdate" />
<entry key="wiscedustudentstatus" value="wiscedustudentstatus" />
<entry key="wiscedustudentviewinportal" value="wiscedustudentviewinportal" />
<entry key="wiscedutextalertinportal" value="wiscedutextalertinportal" />
<entry key="wisceduudds" value="wisceduudds" />
<entry key="wisceduudsdisplayname" value="wisceduudsdisplayname" />
<entry key="wisceduwebcalinportal" value="wisceduwebcalinportal" />
<entry key="wisceduwebmailinportal" value="wisceduwebmailinportal" />
<entry key="wisceduwebspaceactive" value="wisceduwebspaceactive" />
<entry key="wisceduwiscworldeligible" value="wisceduwiscworldeligible" />
<entry key="wwid" value="wwid" />


</map>
</property>
</bean>
</property>
</bean>

<bean id="cachingAuthHubPersonAttributeDao" class="org.jasig.services.persondir.support.CachingPersonAttributeDaoImpl">
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="cacheNullResults" value="true" />
<property name="userInfoCache">
<bean class="org.jasig.portal.utils.cache.MapCacheFactoryBean">
<property name="cacheFactory" ref="cacheFactory" />
<property name="cacheName" value="org.jasig.services.persondir.USER_INFO.authhub" />
</bean>
</property>
<property name="cacheKeyGenerator" ref="userAttributeCacheKeyGenerator" />
<property name="cachedPersonAttributesDao" >
<bean class="org.jasig.services.persondir.support.CascadingPersonAttributeDao">
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="personAttributeDaos">
<list>
<bean class="org.jasig.services.persondir.support.EchoPersonAttributeDaoImpl" />

<bean class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
<constructor-arg index="0" ref="AuthHubDS" />
<constructor-arg index="1" value="SELECT * FROM TABLE(iaareg.saportal_piped({0}))" />
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="queryAttributeMapping">
<map>
<entry key="username"><null/></entry>
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="SPVI" value="spvi"/>
<entry key="FIRST_NAME" value="givenName"/>
<entry key="MIDDLE_NAME" value="middleName"/>
<entry key="LAST_NAME" value="sn"/>
<entry key="PERSON_ID" value="hrPersonID"/>
<entry key="CREDENTIAL" value="uid"/>
<entry key="EMAIL_ADDRESS" value="mail"/>
<entry key="PHONE" value="telephoneNumber"/>
<entry key="PHONE_EXT" value="telephoneNumberExtension"/>
</map>
</property>
</bean>

<bean class="org.jasig.services.persondir.support.MessageFormatPersonAttributeDao">
<property name="formatAttributes">
<set>
<bean class="org.jasig.services.persondir.support.MessageFormatPersonAttributeDao$FormatAttribute">
<property name="attributeNames" value="displayName" />
<property name="format" value="{0} {1}" />
<property name="sourceAttributes">
<list>
<value>givenName</value>
<value>sn</value>
</list>
</property>
</bean>
</set>
</property>
</bean>
</list>
</property>
</bean>
</property>
</bean>


<bean id="cachingGraduationStatusAttributeSource" class="org.jasig.services.persondir.support.CachingPersonAttributeDaoImpl">
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="cacheNullResults" value="true" />
<property name="userInfoCache">
<bean class="org.jasig.portal.utils.cache.MapCacheFactoryBean">
<property name="cacheFactory" ref="cacheFactory" />
<property name="cacheName" value="org.jasig.services.persondir.USER_INFO.graduating_senior" />
</bean>
</property>
<property name="cacheKeyGenerator" ref="userAttributeCacheKeyGenerator" />
<property name="cachedPersonAttributesDao" >
<bean class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
<constructor-arg index="0" ref="DataWarehouse" />
<constructor-arg>
<value>
SELECT 'true' as wisceduisgraduating
FROM uw.Stdnt_Multiterm
WHERE ({0} AND (Term='1094' AND Deg_Expected='Y' AND (NOT (Withdrew_Ind='Y') OR Withdrew_Ind IS NULL)))
</value>
</constructor-arg>
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="queryAttributeMapping">
<map>
<entry key="wisceduisisstudentemplid" value="ID" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="wisceduisgraduating" value="wisceduisgraduating" />
</map>
</property>
</bean>
</property>
</bean>


<bean id="cachingGraduationSurveyStatusAttributeSource" class="org.jasig.services.persondir.support.CachingPersonAttributeDaoImpl">
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="cacheNullResults" value="true" />
<property name="userInfoCache">
<bean class="org.jasig.portal.utils.cache.MapCacheFactoryBean">
<property name="cacheFactory" ref="cacheFactory" />
<property name="cacheName" value="org.jasig.services.persondir.USER_INFO.graduating_senior_survey" />
</bean>
</property>
<property name="cacheKeyGenerator" ref="userAttributeCacheKeyGenerator" />
<property name="cachedPersonAttributesDao" >
<bean class="org.jasig.services.persondir.support.RegexGatewayPersonAttributeDao">
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="patterns">
<map>
<entry key="wisceduisgraduating" value="true" />
</map>
</property>
<property name="targetPersonAttributeDao">
<bean class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
<constructor-arg index="0" ref="SharedWebHosting" />
<constructor-arg>
<value>
SELECT 'true' as wisceduisgradquestcomplete
FROM websurvey.sur_response_hidden_field_vw
WHERE {0}
</value>
</constructor-arg>
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
<property name="queryAttributeMapping">
<map>
<entry key="wiscedupvi" value="answer_text" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="wisceduisgradquestcomplete" value="wisceduisgradquestcomplete" />
</map>
</property>
</bean>
</property>
</bean>
</property>
</bean>

<bean id="userAttributeCacheKeyGenerator" class="org.jasig.services.persondir.support.AttributeBasedCacheKeyGenerator">
<property name="useAllAttributes" value="true" />
<property name="ignoreEmptyAttributes" value="true" />
</bean>

<bean class="org.jasig.portal.user.UserAttributesCacheCleaner" />
</beans>

smime.p7s (4K) Download Attachment

Curtis Garman

Re: uPortal deployments with apache and tomcat

Reply Threaded

In reply to this post by Eric Dalquist

We are running apache and tomcat on the same box as well

Curtis

On Wed, Oct 14, 2009 at 1:28 PM, Eric Dalquist
<[hidden email]> wrote:

> We have Apache & Tomcat on the same machine and have never had any problems
> though I don't think there is any issue with your proposed setup either
> (other than more hardware).
>
>
> -Eric
>
>
> Tom Freestone wrote:
>
> Hello All,
>
> At BYU we are getting ready to deploy uPortal 3.1.1 at the end of the
> month. I have noticed on the deployment section of the jasig web page that
> "a lot" of people run uPortal with a layer 5-7 load balancer that balances a
> cluster of apache/tomcat boxes.
>
> layer 5-7 balancer -> apache/tomcat servers -> database
>
> Some of our system administrators have expressed concerns about running
> apache/tomcat on a single box because someone might be able to comprise the
> box and discover the database passwords. Their suggestion was to separate
> concerns and run a load balanced cluster of apache servers that front (via
> mod_proxy and load balancer) a separate cluster of tomcat servers. In other
> words, you would have to compromise two boxes instead of one following the
> information flow to discover the database password.
>
> layer 5-7 balancer-> apache cluster ->mod_proxy->layer5-7 balancer->tomcat
> servers -> database
>
> To me, separating concerns adds complexity and not a lot of value. I am not
> sure that the separated version is any more secure than running on a single
> server. However, I am not a systems admin so I was curious if anyone has
> deployed uPortal using an apache cluster forwarding to a tomcat cluster?
> Also, has anyone heard of any security issues running apache/tomcat on a
> single server? Thanks!
>
> tom freestone
> ([hidden email])
>
> --
>
> You are currently subscribed to [hidden email] as:
> [hidden email]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/uportal-user

Shockley, Gerard C

RE: uPortal deployments with apache and tomcat

Reply Threaded

We've been running uPortal in prod since 2006 with ZERO problems.

Apache->MOD_PROXY->MOD_JK->Linux>Tomcat>Uportal>-DB
Sun->Linux on SystemZ

Gerard C. Shockley
AD Technical Services, Information Services & Technology

Boston University
[hidden email]

617.353.9898 (w)
617.353.6171 (f)

http://www-03.ibm.com/systems/z/index.html

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Curtis Garman
Sent: Wednesday, October 14, 2009 3:08 PM
To: [hidden email]
Subject: Re: [uportal-user] uPortal deployments with apache and tomcat

We are running apache and tomcat on the same box as well

Curtis

On Wed, Oct 14, 2009 at 1:28 PM, Eric Dalquist <[hidden email]> wrote:

> We have Apache & Tomcat on the same machine and have never had any
> problems though I don't think there is any issue with your proposed
> setup either (other than more hardware).
>
>
> -Eric
>
>
> Tom Freestone wrote:
>
> Hello All,
>
> At BYU we are getting ready to deploy uPortal 3.1.1 at the end of the
> month. I have noticed on the deployment section of the jasig web page
> that "a lot" of people run uPortal with a layer 5-7 load balancer that
> balances a cluster of apache/tomcat boxes.
>
> layer 5-7 balancer -> apache/tomcat servers -> database
>
> Some of our system administrators have expressed concerns about
> running apache/tomcat on a single box because someone might be able to
> comprise the box and discover the database passwords. Their
> suggestion was to separate concerns and run a load balanced cluster
> of apache servers that front (via mod_proxy and load balancer) a
> separate cluster of tomcat servers. In other words, you would have to
> compromise two boxes instead of one following the information flow to discover the database password.
>
> layer 5-7 balancer-> apache cluster ->mod_proxy->layer5-7
> balancer->tomcat servers -> database
>
> To me, separating concerns adds complexity and not a lot of value. I
> am not sure that the separated version is any more secure than running
> on a single server. However, I am not a systems admin so I was
> curious if anyone has deployed uPortal using an apache cluster forwarding to a tomcat cluster?
> Also, has anyone heard of any security issues running apache/tomcat on
> a single server? Thanks!
>
> tom freestone
> ([hidden email])
>
> --
>
> You are currently subscribed to [hidden email] as:
> [hidden email]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/uportal-user

--
Curtis Garman
Web Programmer
Heartland Community College

---
You are currently subscribed to [hidden email] as: [hidden email] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-user

---
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-user