After thirteen years of hosting this blog at Kattare. I only hit one little snag. I used jstack to look at the Java VM threads and found some clues that led me to a post on ServerFault. As recommended in that post, I added -Djava. This is the third of my side projects that I'm sharing and one that involves the Apache Roller blog server and the Apache Shiro security framework. You might find this interesting if you're considering using Shiro for authentication and authorization, or if your interested in how security works in Apache Roller.
Inspired by my work with Ember. I've enjoyed working with Apache Shiro , so I decided that a good first step would be to figure out how to use Apache Shiro in Roller for Roller's existing web interface. Working over the winter break I was able to replace Roller's existing Spring security implementation with Shiro and remove all Spring dependencies from my Rollarcus fork of Roller. This interface enables Shiro to do username and password checks for users when they attempt to login, and to get the user's roles.
Below is the first part of the class, which includes the doGetAuthenticationInfo method, which returns the AuthenticationInfo for a user specified by an AuthenticationToken that includes the user's username. In other words, this method allows Shiro to look-up a user by providing a username and get back the user's hashed password, so that Shiro can validate a user's username and password.
This allows Shiro to detmerine if the user is a Roller admin user or a blog editor. In the code above you can see that we use the loadUserByUsername too look-up a user by username, then we use Roller's Java API to get the user's roles. Now that we've implementated a realm, we've provided Shiro with everything needed to authenticate Roller users and get access to Roller user role information. Shiro includes a RolesAuthorizationFilter , which is close to what we need but not exactly right for Roller.
I had to extend Shiro's roles filter so that we can allow a user who has any not all of the required roles for a resource. Now that we've seen the Java code needed to hook Shiro into Roller, lets look at how we configure Shiro to use that code. We do that using the Shiro configuration file: shiro.
In the configuration file above, you see how we hook in the new ShiroAuthorizingRealm on line 3. The next couple lines are boiler-plate code to hook in Shiro's caching mechanism and then, on line 9, we configure an authentication method called authc , which is configured to use Shiro's Form Authentication feature.
And, on line 13, we hook in our new RollerRolesAuthorizationFilter. And finally, on lines , you see the list of Roller URL patterns that need protection, which authentication method to use authc or authcBasic and the authorization filter and roles required for access to the URL pattern.
That's all there is to the story of Roller and Shiro so far. I did the work in my experimental Rollarcus fork of Roller. Pull requests are quite welcome as are suggestions for improvement. Please let me know if you see anything wrong in the above code. In part one , I explained the basics of the example Usergrid-Ember "Checkin" app, how the index page is displayed and how login is implemented. In part two, I'll explain how Ember. Model class. Here's what I added for the Activities collection:.
From app. Usergrid follows the above conventions for collections, but there are some exceptions. For example, the Usergrid Activities collection. It works like this:. A NewActivity represents the data needed to create a new Activity, here's the model:.
Here's the adapter:. You can see a couple of other interesting things in the example above. Unfortunately, what Ember-Data expects and what Usergrid provides are quite different. The two examples below illustrate the differences:. You can see two differences above. Ember-Data expects JSON objects to be returned with a "type key" which you can see above: the "cats" field in the collection and the "cat" field in the individual object.
Here's the code:. In the code above you can see how the extractArray method moves the "entities" collection returned by Usergrid into a type-key field as expected by Ember-Data and how it copies the "uuid" field to add the "id" field that Ember-Data expects.
We also need to transform the data that Ember-Data sends to Usergrid. The template displays an Add-Checkin form with two fields: one for content and one for the location. Here's what it looks like in all its modal glory:. Both fields are simple strings someday I'd like to extend Checkin to use location information from the browser.
I won't go into detail here, but it took a bit of research to figure out how to make a Bootstrap modal dialog work with Ember. Below you can see the add-checkin controller, which provides a save function to save a new checkin. In the code above you can see how easy it is to access Usergrid data via Ember-Data now that we've got our custom REST adapter and serializer in place.
We create a new Activity with a call to this. I appreciate any feedback you might have about this article, the Usergrid-Ember project and Apache Usergrid.
If you're interested in either Usergrid or JavaScript web development then I hope you'll read on JavaScript MVC frameworks are not simple and each has its own learning curve.
Is it really worth the learning time when you can do so much with a little library like jQuery? For most projects I think the answer is yes. These frameworks force you to organize your code in a logical and consistent way, which is really important as projects grow larger, and they provide features that may save you a lot of development time. Based on what I've seen on the net and local meet-ups, the leading frameworks these days are Ember.
The first thing you see when you visit the Ember. The Starter Kit is a, a minimal Ember. It's a good way to start: small and simple. Ember-CLI generates too many magic boiler-plate files and sub-directories for somebody who is trying to understand the basics of the framework. I like to bite off more than I can chew, so I decided to use a couple of other tools.
I used Bower to manage dependencies and Grunt to concatenate and minify those dependencies, and other things like launching a simple web server for development purposes.
I also decided to use Bootstrap to provide various UI components needed, like a navbar and nicely styled list views. I won't cover the details, but it was relatively easy to get Bower and Grunt working. Here are the config files in case you are interested: bower. I did hit one problem: when I included Bootstrap as one of my dependencies the Glyphicons would all appear as tiny boxes, so I decided to pull Bootstrap from a CDN instead looks like there is a fix for that now.
Every Ember. The snippet below shows what I needed to get started:. For example: Ember. LoginRoute , the controller to be named App. LoginController and the template to be named "login. Let's talk about the index route.
IndexRoute to provide the model data and JavaScript functions needed for the index page. The Apache Roller community. You can find the list of fixes and improvements at the end of this email.
The Apache Roller community is pleased to announce the release of Roller 5. This release includes some small improvements to Roller and a couple dozen bug fixes. It also upgrades many dependencies including Apache Struts 2.
Release may be downloaded from the Roller project Downloads Page. Apache Roller is the open source Java blog server that once powered the ground-breaking employee blogging site blogs. If you want to set up a Java-powered blog server for yourself or for several thousand of your closest friends, try Roller! Roller supports fundamental weblogging features such as group blogging, RSS and Atom newsfeeds, rich-text editing, customizable page templates, comments, pings, trackbacks, blogroll management and provides Atom Publishing Protocol and XML-RPC interfaces for blogging clients.
Roller was featured in an O'Reilly OnJava. Apache Roller 5. This release takes care of a potential security problem involving bloggers with admin permissions on a blog being able by default to execute arbitrary code on the server hosting Roller. As a reminder, even without this issue, as bloggers can blog and instantly post anything and everything including copyrighted, privacy-infringing, and other objectionable content, do not grant blog-writing accounts above the "Limited" role can edit but not post blog entries to people whom you do not thoroughly know and trust.
Home Planet About. Project Roller Blogs, news and views. Watch our demo videos. Modern cloud based software The world of 'Guest Experience' is changing.
We're helping businesses change with it. Request a demo. We aim to help businesses achieve just that. Read more about us. Get up and running in no time!
0コメント