[uportal-dev] Bad practices - should improve the documentation

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[uportal-dev] Bad practices - should improve the documentation

Julien Gribonvald
Hi folks,

 From some feedback we need to improve some documentations about the
Authentication configuration part on uPortal. Also we shoudl provide a
way (and not discribing all properties) on how to configure uportal (the
French uPortal-start doc have more items about that), my way would be to
say, watch properties by properties on the default uPortal.properties
file and override the property on a custom file (from portal.home path)
to your way only if it doesn't suit.

The common problem is that peoples don't know that uPortal-start default
datas/configuration should not be used in production like that. Also
they don't know how to disable some parts (mainly on previously to
uPortal 5). As example peoples let in production the access to the admin
account with the default password with the SimpleSecurityContextFactory
activated.

This problem is recurrent since seval uportal versions, I think that
there are already many informations on list about this problem, but
peoples can't find how to fix that problem easily. In old documentations
that's not really clear and in latest uPortal 5 version nothing exist
(or I didn't find it).

For the current documentation I pushed a PR in uPortal-start, I'm not
sure to entirely satisfy and respond to the problem with my purpose, so
please review my PR.

After for old documentation versions how could we do ? I've watched on
this part:
https://apereo.atlassian.net/wiki/spaces/UPM43/pages/103948903/Authentication 
a real developper can understand after some search but that's not really
obvious.

In my mind we should explain how it works, maybe also telling that only
other auth than the uPortal local should be used ? what do you think ?
The problem will be on the layout user auth, I know that we can disable
the local auth and have a CAS auth for a layout user (just add the user
to your LDAP/CAS system). What is your feeling about that ?

On an other side we can manage some loading depending only on some
profiles, as example we could enable some classes/properties loading
only for a test env, in that case I would purpose that we define the
quickstart path only for the test env and that we set the
SimpleSecurityContextFactory enable only for this env (surely too much
drastic ?).


Thanks,

--
Julien Gribonvald

--
You received this message because you are subscribed to the Google Groups "uPortal Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-dev/f6d0aec0-9d3c-dd4d-7941-d3f77019eb18%40recia.fr.