ncicb web/portal development asoka devadas clint malone kevin rosso february 26, 2003
TRANSCRIPT
NCICB Web/Portal Development
Asoka Devadas
Clint Malone
Kevin Rosso
February 26, 2003
Web Development with ZopeWeb Development with Zope
• Zope is an open source application server which is used by NCICB to create dynamic web pages and applications, as well as provide basic content management.
• Using the Zope Management Interface, we do most of our developing on a prototype website that is eventually moved to the production (“live”) site.
NCICB Static and Dynamic Web Development overview NCICB Static and Dynamic Web Development overview
• NCICB• Emice• Director’s Challenge• SPORE’s • Center for Cancer Research Trials• Clinical Trials• Lims • SPIN • CMAP
Zope TrainingZope Training
• Goal – To teach members from all groups to learn the basic functionalities of the Zope tool in order to make web site updates/changes.
• Main methods – “how-to” guides and group training .
LDAP Enabling ZOPE AuthenticationLDAP Enabling ZOPE Authentication
• What is LDAP?
• Why LDAP enable ZOPE?
• Design/Architecture
• User/Group Maintenance
• Benefits
What is LDAP?What is LDAP?
• Simply put, LDAP is a standard protocol for accessing objects in hierarchical data storage.
• LDAP servers are used primarily for authenticating/authorizing users although it can store other non-user related types of objects like printers, workstation object, NCI org chart,…
Why LDAP Enable ZOPE?Why LDAP Enable ZOPE?
• User information was often being duplicated across multiple ZOPE web sites.
• Administration overhead for maintaining multiple user lists.
• NCI users needed to remember a username/password which was different from their NCI network username/password when accessing private areas of the various NCICB web sites.
• Managing large volumes of users/groups was cumbersome when using the standard ZOPE user folder.
Why LDAP Enable ZOPE?Why LDAP Enable ZOPE?
• Current and future plans for sharing user authentication/authorization information with the middle tier (Tomcat, RMI, ...) applications was difficult/impossible.
• Future plans for single-sign-on were severely hampered.
ZOPE LDAP Design/Architecture (High Level Architecture)ZOPE LDAP Design/Architecture (High Level Architecture)
ZOPE LDAP Design/Architecture(LDAPUserFolder)ZOPE LDAP Design/Architecture(LDAPUserFolder)
• LDAPUserFolder is a free open source product enhancement for the ZOPE server.
• Can be used in place of the standard ZOPE user folder (“acl_user”) throughout any website context to enable LDAP authentication.
• Built-in caching for better performance.• Ability to map LDAP groups to ZOPE roles.• Custom login pages.
ZOPE LDAP Design/Architecture(Novell eDirectory)ZOPE LDAP Design/Architecture(Novell eDirectory)
• Formerly Novell Directory Service (NDS), it is a mature directory service which provides a native implementation of LDAPv3 interface running over SSL.
• Stores the user credentials for NCI employees as well as users external to NCI. Also, stores group/membership information.
• Highly scalable to handle large volumes of users (billions).• NCI implementation is replicated for high availability and
performance.• Powerful management tools.
ZOPE LDAP User Maintenance (Novell eDirectory)ZOPE LDAP User Maintenance (Novell eDirectory)
• Create new LDAP groups (if necessary).
• Create new NDS user accounts for non-NCI members (if necessary).
• Add/Delete members from LDAP groups.
LDAP User Maintenance - Create groups(Novell eDirectory)LDAP User Maintenance - Create groups(Novell eDirectory)
LDAP User Maintenance – Create external users(Novell eDirectory)LDAP User Maintenance – Create external users(Novell eDirectory)
LDAP User Maintenance – Define group members(Novell eDirectory)LDAP User Maintenance – Define group members(Novell eDirectory)
ZOPE LDAP User Maintenance (ZOPE Configuration)ZOPE LDAP User Maintenance (ZOPE Configuration)
• Create LDAPUserFolder object for context to be protected (if necessary).
• Map ZOPE roles to LDAP groups (if necessary).
• Specify role-based permissions for specific ZOPE objects (if necessary).
LDAP User Maintenance – Create LDAPUserFolder(ZOPE Configuration)LDAP User Maintenance – Create LDAPUserFolder(ZOPE Configuration)
LDAP User Maintenance – Map Roles To Groups(ZOPE Configuration)LDAP User Maintenance – Map Roles To Groups(ZOPE Configuration)
LDAP User Maintenance – Specify permissions(ZOPE Configuration)LDAP User Maintenance – Specify permissions(ZOPE Configuration)
ZOPE LDAP - Immediate Benefits ZOPE LDAP - Immediate Benefits
• Eliminated duplication of user information; user info is easily shared across multiple ZOPE web sites.
• Using a central repository, made administration/maintenance of user/group information easier.
• NCI users don't need to remember a different username/password to access private NCICB web sites.
• LDAP servers are highly scalable to handle large volumes of users.
• LDAP servers provide an extremely secure way to store private user information.
ZOPE LDAP– Future Benefits ZOPE LDAP– Future Benefits
• Makes sharing user authentication/ authorization information with the middle tier (Tomcat, RMI, ...) applications much easier.
• Makes enabling single-sign-on possible.
• Custom login forms (instead simple browser login popup).
Zope LocalFS ProductZope LocalFS Product
• Features
• Implementation
• Benefits
Zope LocalFS FeaturesZope LocalFS Features
• Free open source Zope server enhancement.
• Allows a developer to map a Zope Object to a directory on a Local File System.
Files viewable on Local File system via HTTP
Files viewable using LocalFS in Zope
Zope LocalFS ImplementationZope LocalFS Implementation
• Install LocalFS product. • Create and configure new
LocalFS object. • Establish appropriate file
permissions on Unix file system and assign any necessary security restrictions on new LocalFS Zope object.
• Upload files either directly into Unix file system or via the Zope Management Interface.
LocalFS configuration page
Zope LocalFS BenefitsZope LocalFS Benefits
• Allows us to host large files such as MS-Word, Power Point, Excel, PDF, etc… without affecting the size of the Zope data.fs (limited to 2GB in total size)
• Restrictions to limit access to certain files can be easily accomplished with built-in Zope security mechanism. No longer do we need a “second sign-in” to gain access to protected documents that were once stored on a protected ftp server.
Future Zope DevelopmentFuture Zope Development
• Zope External Editor
• Zope CGI (ZCGI)
• Zope JSP
• Zope Enterprise Objects (ZEO)
Zope External EditorZope External Editor
Click pencil icon to edit
External Editor Helper app launches appropriate editor
Make changes in HTML editor (Homesite 4.5) Save changes
Changes are updated immediately in Zope
ZCGIZCGI
• What is ZCGI?
• ZCGIFolder
• ZCGIScript
• ZCGIExtensionMap
• Advantages/Limitations
ZCGI - What is ZCGI?ZCGI - What is ZCGI?
• ZCGI was written to address one of the major holes in ZOPE - The lack of direct access to CGI-BIN scripts (sh, perl, python...).
• Provides 3 new object types: ZCGIFolder, ZCGIScript, and ZCGIExtensionManager.
ZCGI - ZCGIFolderZCGI - ZCGIFolder
• Maps a file system folder containing CGI scripts to a ZOPE folder represented by the ZCGIFolder object.
• Referencing any CGI script contained in a mapped ZCGIFolder results in ZOPE executing the CGI script according to the extension mapping rules.
• Replacing Apache? The Apache cgi-bin folder could be mapped to a ZCGIFolder object called "cgi-bin" in the ZOPE Root context. This would effectively function as the cgi-bin folder on Apache.
ZCGI - ZCGIFolderZCGI - ZCGIFolder
ZCGI - ZCGIScriptZCGI - ZCGIScript
• Used to map a specific CGI script as a ZOPE object.
• These scripts must be placed under the <ZOPE Installation>/cgi-bin directory.
• These objects can be referenced using DTML in the same way as any other ZOPE object, except when referenced, ZOPE executes the associated CGI script according to the extension mapping rules.
ZCGI - ZCGIScriptZCGI - ZCGIScript
ZCGI - ZCGIExtensionMap ZCGI - ZCGIExtensionMap
• Allows you to change the handlers that are run for particular extensions of cgi scripts.
• If you want to add or change the handlers that are run for particular extensions of cgi-bin scripts, you can make changes to the ZCGIExtensionMap object in the root of your ZOPE.
• If you would like a handler to only apply to a certain section of your ZOPE, you can create a new ZCGIExtensionMap object in that ZOPE folder.
ZCGI - ZCGIExtensionMap ZCGI - ZCGIExtensionMap
ZCGI - Advantages/LimitationsZCGI - Advantages/Limitations
Advantages:• Cleaner way of calling CGI's then using
urlopen() in external methods.• Can dynamically reference ZCGIScript’s
using DTML.
Limitations:• Can't access scripts within ZCGIFolder's
by using DTML.
ZopeJSPZopeJSP
• What is it?
• How does it work?
• Advantages/Limitations
• Future Modifications
ZopeJSP – What is it?ZopeJSP – What is it?
• This product is used to create, maintain, and use JSP pages on a ZOPE server.
• Provides two new ZOPE objects: JSPFolder and JSPDocument.
ZopeJSP – How does it work?ZopeJSP – How does it work?
• JSPFolder contains one or more JSPDocument objects.
• JSPDocument can contain html, dtml, and jsp code.
• Clicking on update tab of JSPFolder replicates changes into JSP server.
ZopeJSP – Advantages/LimitationsZopeJSP – Advantages/Limitations
Advantages:• Easy to create and maintain JSP's within
ZOPE.
Limitations:• Must use only ZOPE to maintain JSP's since
an update destroys all JSP's. Unfortunately, this proves impractical for many of our uses of JSP’s at NCICB.
ZopeJSP – Future ModificationsZopeJSP – Future Modifications
• By merging the design concepts used in ZCGI, ZopeJSP and ExternalFile, we could easily design a more generic interface for calling Java servlets/JSP's from ZOPE. This should be relatively easy since we have all the code used in these products.
Zope Enterprise Objects (ZEO)Zope Enterprise Objects (ZEO)
• Allows you to run a Zope site on multiple computers (clustering/load balancing).
• Uses a client/sever architecture to share one ZEO Storage Server among many Zope “clients”.