1 the sakai framework five models (marked down from six) mark j. norton, nolaria consulting
TRANSCRIPT
1
The Sakai FrameworkFive Models
(Marked Down from Six)
Mark J. Norton, Nolaria Consulting
2
Disclaimer!
• Current documentation on Sakai services is lacking. It is either missing, inadequate, and (in some cases) misleading.
• The information included here represents personal research into the Sakai code base as of Sakai 2.2.
• It is not intended to be the final, official word.
3
Sakai Architecture
Charon Portal
Tool
Application Service
FrameworkServices
This presentation will focus on how the framework services are group into various models
4
Service Models in Sakai
• While Sakai has many services that perform a variety of functions, five models emerge as being important to understanding how Sakai operates:– Entities– Users– Security
– Sites– Content Hosting
Let’s start with the Entity Model
5
The Entity Model
6
Overview
• Resources in Sakai
• Entity
• Edit
• Entity Producer
• Entity Manager
7
Resources in Sakai
• It would be useful to be able to work with resources at a very abstract, general level.
• The Entity model provides this capability with the Entity and Edit interfaces.
• It allows us to treat managed data objects in Sakai in a uniform way.
• This is done by using Entity as a base interface definition.
8
Examples of Sakai Entities
• The following APIs extend Entity:– Alias– Assignment– AssignmentContent– AuthZGroup– Calendar– CalendarEvent– ContentResource– ContentCollection
– Digest– Message– MessageChannel– Preferences– Site– Group– User
9
The Entity Model
• Entities (previously referred to as resources), provide a way to organize managed data objects in Sakai.– Entity and Edit APIs– Entity Producer– Entity Manager
• Read vs. Edit: mutability
Sakai 2.2 Package Idorg.sakaiproject.entity.api
10
The Entity
• Entities are intended to be a base API that is extended by other interfaces.
• It provides basic capabilities to be shared by all Sakai data objects:– Reference– URL– Id– Properties– XML Marshalling
11
Stuff that all Things Should Have
• Reference– A string reference for this thing that includes the entity
producer name. Used to create URLs.• URL
– Having a URL for all entities allow them to be externally addressable.
• Id– Having an Id for all entities allows them to be
efficiently accessed internally.• Properties
– Metadata about this thing. Interface extensions defined property names.
12
The Base Entity API
public interface Entity{
String getUrl();String getUrl(String rootProperty);String getReference();String getReference(String rootProperty);String getId();ResourceProperties getProperties();Element toXml(Document doc, Stack stack);
}
Note that this is a read only interface ….
13
The Edit API
public interface Edit extends Entity{public boolean isActiveEdit();public ResourcePropertiesEdit getPropertiesEdit();}
Edit extends Entity to provide editing capability. This is a hold-over from the way CHEF was originally designed, ie, separating editing and access. Some recent services combine these abilities.
14
The Entity Producer
• The entity producer is the basis for a service manager that creates entities.
• It provides a way to determine if archiving and importing is supported.
• Provides a way to get entities.
• Entity creation is deferred to the higher level service object!
15
Entity Producer APIpublic interface EntityProducer{boolean willArchiveMerge();String archive(String siteId, Document doc, Stack stack, String archivePath,
List attachments);String merge(String siteId, Element root, String archivePath, String fromSiteId,
Map attachmentNames, Map userIdTrans, Set userListAllowImport);boolean parseEntityReference(String reference, Reference ref);String getEntityDescription(Reference ref);ResourceProperties getEntityResourceProperties(Reference ref);String getEntityUrl(Reference ref);Collection getEntityAuthzGroups(Reference ref);HttpAccess getHttpAccess();}
This interface is simplified for Sakai 2.2 and removes some higher level dependencies, such as Site.
16
The Entity Manager
• The API for the Entity Manager.• Sakai provides an implementation of this
in EntityManagerComponent.• Allows an Entity Producer to be registered.• Provides ways to get a Reference object
given a reference string.• A cover is provided.
17
The Entity Manager API
public interface EntityManager{List getEntityProducers();void registerEntityProducer(EntityProducer manager, String referenceRoot);Reference newReference(String refString);Reference newReference(Reference copyMe);List newReferenceList();List newReferenceList(List copyMe);boolean checkReference(String ref);}
checkReference is new for Sakai 2.2 return true if this is a valid entity reference.
18
Resource Properties
• Properties are a way of associating additional information with an entity.
• This is commonly called metadata.
• Unlike the Entity class, Resource Properties are mutable.
• The Resource Properties interface has a lot of convenience methods to access common properties.
19
Base Resource Properties API
public interface ResourceProperties extends Serializable{public Iterator getPropertyNames();public String getProperty(String name);public List getPropertyList(String name);public String getPropertyFormatted(String name);public boolean isLiveProperty(String name);public boolean getBooleanProperty(String name) public long getLongProperty(String name)public Time getTimeProperty(String name)public User getUserProperty(String name)public String getTypeUrl();public Element toXml(Document doc, Stack stack);public void addProperty(String name, String value);public void addPropertyToList(String name, String value);public void addAll(ResourceProperties other);public void addAll(Properties props);public void clear();public void removeProperty(String name);public void set(ResourceProperties other);
}
Typed, generic property access.
More …
20
Property Convenience Methodspublic interface ResourceProperties extends Serializable{public String getNamePropCreator();public String getNamePropModifiedBy();public String getNamePropCreationDate();public String getNamePropDisplayName();public String getNamePropCopyrightChoice();public String getNamePropCopyrightAlert();public String getNamePropCopyright();public String getNamePropContentLength();public String getNamePropContentType();public String getNamePropModifiedDate();public String getNamePropIsCollection();public String getNamePropCollectionBodyQuota();public String getNamePropChatRoom();public String getNamePropTo();public String getNamePropDescription();public String getNamePropCalendarType();public String getNamePropCalendarLocation();public String getNamePropReplyStyle();}
21
References
• References provide the ability to create an immutable object that wraps an entity’s references and context including:– Container– URL, Reference String, Id– Realms– Types
22
Reference APIpublic interface Reference{void addSiteContextAuthzGroup(Collection rv);void addUserAuthzGroup(Collection rv, String id);void addUserTemplateAuthzGroup(Collection rv, String id);String getContainer();String getContext();String getDescription();Entity getEntity();String getId();ResourceProperties getProperties();Collection getRealms();String getReference();String getSubType();String getType();String getUrl();boolean isKnownType();boolean set(String type, String subType, String id, String container, String context);EntityProducer getEntityProducer();}
Note the connections to the Sakai Security Model. This allows collections of entities to be created and accessed as an AuthZ group.
23
Using Entities
• In general, all persisted data objects in Sakai should extend Entity.
• Create a unique container id.
• Service managers should extend EntityProvider.
• Register your provider with the EntityManager.
24
Future Work
• The entity model is being referred to as the “Sakai Entity Bus”.
• It is being carefully reviewed by Sakai architects to ensure that it is both simple and powerful.
• It will provide the bedrock needed for improvements to many Sakai services.
25
The User Model
26
Overview
• User and User Edit
• User Directory Service
• User Directory Provider
• User Metadata (Sakai Person)
• Authentication
• Preferences
27
The User Model
• Sakai provides a model of a user in the system.
• User objects are split into an immutable base object and extended to allow editing in the UserEdit object.
• Users are entities, which allows us to treat them as Sakai managed objects.
Sakai 2.2 Package Idorg.sakaiproject.user.api
28
New for Sakai 2.2
• Authentication is now part of the User module, in terms of grouping services.
• User Preferences is also considered part of the User Model.
• SakaiPerson may be part of this later and provide support for standards-based user metadata.
29
User Relationships
30
The User
• The User Interface (including UserEdit) provides access to:– Creation and modification times.– Email address– Display name– Sort name– First and last name– User type
31
The User APIpublic interface User extends Entity, Comparable{public User getCreatedBy();public User getModifiedBy();public Time getCreatedTime();public Time getModifiedTime();
public String getEmail();public String getDisplayName();public String getSortName();public String getFirstName();public String getLastName();public boolean checkPassword(String pw);public String getType();}
Note the use of other interfaces that are extended.
32
The UserEdit APIpublic interface UserEdit extends User, Edit{public void setId(String id);public void setEmail(String email);public void setFirstName(String name);public void setLastName(String name);public void setPassword(String pw);public void setType(String type);}
Element Description
Identifier The user id.
Email User’s email adr.
First Name User’s given name.
Last Name User’s family name.
Password User password.
Type User type (SU, etc.)
33
The UserDirectoryService
• The main service for finding users is called the UserDirectory service.
• The default implementation is against a directory service, such as LDAP (hence the name).
• This service is responsible for managing and persisting Users in Sakai.
34
UserDirectoryService
• The User Directory Service provides ways to:– Find a particular user given an id.– Get collections of users.– Get special users (like anonymous)– Authenticate a user (or re-authenticate).
35
UserDirectoryService APIpublic interface UserDirectoryService extends EntityProducer{public User getUser(String id)public List getUsers(Collection ids);public User getCurrentUser();public Collection findUsersByEmail(String email);public boolean allowUpdateUser(String id);public UserEdit editUser(String id)public void commitEdit(UserEdit user);public void cancelEdit(UserEdit user);public User getAnonymousUser();public List getUsers();public List getUsers(int first, int last);public int countUsers();public List searchUsers(String criteria, int first, int last);public int countSearchUsers(String criteria);public boolean allowAddUser(String id);public UserEdit addUser(String id)public User addUser(String id, …)public UserEdit mergeUser(Element el)public boolean allowRemoveUser(String id);public void removeUser(UserEdit user)public User authenticate(String id, String password);public void destroyAuthentication();public String userReference(String id);}
Note that any changes made to a User instance must be explicitly committed by calling this method.
36
The UserFactory
• The UserFactory can be used as an alternative to addUser().
• This has a single method (newUser()) that returns an empty UserEdit.
• Setters can be used to initialize it’s values and then persisted using commitEdit().
37
The User Provider
• Providers are a way to “look someplace else” for information.
• If a UserProviderService exists, it will be accessed to provide information about a user.
• Several implementations of the user provider exists, including one against LDAP.
38
UserDirectoryProvider
public interface UserDirectoryProvider{boolean authenticateUser(String id, UserEdit edit, String password);boolean updateUserAfterAuthentication();void destroyAuthentication();boolean userExists(String id);boolean getUser(UserEdit edit);void getUsers(Collection users);boolean findUserByEmail(UserEdit edit, String email);boolean authenticateWithProviderFirst(String id);boolean createUserRecord(String id);}
39
Sakai Person
• Sakai Person provides support for person metadata based on the EduPerson standard.
• This code currently lives in the common module and is being used by some tools at Indiana.
• It may be part of an expanded user model in the future.
40
Authentication
• How do we know who the current user is? We authenticate them.
• Evidence is provided, usually:– Username and Password
• But other credentials are possible:– Smartcard, dongle, other devices– Biometrics: fingerprints, retina scan– Certificates
41
Evidence
• Sakai uses a base class called Evidence that is extended to include specific kinds of evidence:– ExternalTrustedEvidence– IdPwEvidence
• An evidence object is passed to the authentication service to determine if the user is a valid Sakai user.
42
Authentication Service
• The authentication service has a single method that takes a piece of evidence and validates the user.
Authentication authenticate(Evidence e) throws AuthenticationException;
An AuthenticationException is thrown if this user doesn’t authenticate against evidence provided.
43
Preferences
• Sakai provides a preference service based on properties.
• The Preference Service allows preferences to be created against a particular user id and persisted.
44
The Preferences API
String getId();
ResourceProperties getProperties(String key);
Collection getKeys();
Element Description
Identifier The preference id.
Properties A property set.
Keys Property keys.
45
PreferencesEdit
ResourcePropertiesEdit getPropertiesEdit(String key);
Element Description
Editable Properties Properties that can be added to or updated.
46
The PreferencesService
Preferences getPreferences(String id);
boolean allowUpdate(String id);
PreferencesEdit add(String id);
PreferencesEdit edit(String id);
void commit(PreferencesEdit edit);
void cancel(PreferencesEdit edit);
void remove(PreferencesEdit edit);
47
The Security Model
48
Overview
• An Abstract Security Model• The Sakai Security Model• Secure Application Development• Integration and Provisioning• Security APIs• Implementation using AuthzGroups• AuthzGroup Service and Group Provider
49
Security Issues
• Hacking data
• Unauthorized access
• Accidental access
• Backdoors
• Spoofing
• Development related issues
50
Mission Statement
• Determine if a user is allowed to perform an operation on a specified object managed by Sakai.
• Allow authorizations to be collected by defining a role for a user in a group.
• Support group membership.
51
An Abstract Security Model
Person
Group
Role
Function Entity
Collection
The Authorization Triple
52
Authentication
• Authenticating a user is the first step in system security.
• Recall the evidence-based authentication manager presented earlier.
• Authentication can expire, forcing re-authentication even during an active session.
53
Authorization
• Once a user is logged into the system, further operations are dependent on:– What context they are in.– What role in a site or group they have.– What tool they are working with.– What tool function they want to perform.– What kind of object is being manipulated.
54
Dependent Services
• Authorization is dependent on other models and services:– Person– Group– Role– Tool– Function– Site– Resource or Entity
For the most part, authorization only cares about identifying each of these things. That means that each must have a unique identifier that can be used to access and reference it. This is why the entity bus is important!
55
Performance and Scalability
• A good authorization system will perform well even in a large environment:– Thousands of users– Millions of objects
• We could just store triples.
• Eventually, though, the sheer number of combinations catches up with you.
56
Group-based Authorization
• By grouping people and objects, we can control access to entities or collections by a user’s role in a group.
• The trick is to do this in a manner that also scales well, is easy to use, and simple to understand.
57
Creating Secure Applications
• Defining and Registering Functions
• The Application Service
• Testing Authorization in the App Service
• Handling Security Violations
Let’s have a look at how we would go about creating applications that are secure. We’ll need to consider four things:
58
Well-Formed Sakai Applications
Tool Code
ApplicationService Impl
Application Service API
Tool code handles events and generates the user interface using a presentation technology like JSF.
Data managed by the service is abstracted into an application service with a well-defined interface. This includes allows() methods.
Framework Services
The implementation is responsible for authorizing the current user for a function on a particular entity. This is done in the group associated with the current context.
59
Registering Functions
• Functions are the operations that should be secured
• Sakai recommends that you register your security functions in your application service.
• This can be done in the tool registration file or by calling the FunctionManager:
public static final String OBJECT_UPDATE “myapp.object.update”;FunctionManager.registerFunction(MyAppService.OBJECT_UPDATE);
60
Function Manager API
void registerFunction(String function);
List getRegisteredFunctions();
List getRegisteredFunctions(String prefix);
• The Function Manager allows functions to be registered with Sakai.
• Lists of functions can be retrieved with an optional prefix. If convention is followed, it allows functions to be associated with an application.
61
Checking Permissions
• Each application service should create a set of “allow” methods that test the current user for permission to perform a specified operation.
• This is done in the context of a tool placement in a particular site.
• Always done against a collection of objects in a site.
public boolean allowObjectUpdate ();
62
The Sakai Security APIs
• Security Service– The security service allows authorization
questions to be resolved without worrying about groups and roles.
• Security Advisor– An advisor mechanism is provided to allow
policies to be defined that could potentially override underlying defaults.
Sakai 2.2 Package Idorg.sakaiproject.authz.api
63
Lock Terminology
• The Security Service uses a Key/Unlock terminology that is left over from the days when resources were actually locked (via a database).
• The mechanism has changed, but the terms remain.– Unlock = test is allowed– Key = grant permission
64
Security Service APIpublic interface SecurityService{public boolean unlock(String lock, String reference);public boolean unlock(User user, String lock, String reference);public List unlockUsers(String lock, String reference);public boolean isSuperUser();public void addKey(String userOrGroup, String lockOrRole,
String resourceOrGroup, boolean allow);public void removeKey(String userOrGroup, String lockOrRole,
String resourceOrGroup, boolean allow);
void pushAdvisor(SecurityAdvisor advisor);SecurityAdvisor popAdvisor();boolean hasAdvisors();void clearAdvisors();}
65
SecurityAdvisor API
public interface SecurityAdvisor{SecurityAdvice isAllowed(String userId, String function, String reference);}
Security advisors allow policies to be defined that are queried before the defaults established by authzGroups. Because these are stacked, an order can be established.
66
SecurityAdvice Constants
public class SecurityAdvice{SecurityAdvice ALLOWED = new SecurityAdvice("allowed");SecurityAdvice NOT_ALLOWED = new SecurityAdvice("not allowed");SecurityAdvice PASS = new SecurityAdvice("pass");}
These are defined as an inner class in SecurityAdvisor.
67
Sakai Security Implementation
• Sakai Security is implemented using AuthzGroups.
• These allow users to be grouped together within a specific context with well defined group roles.
• AuthZGroups were previously called Realms.
68
Authorization Groups
• A user may be a member of a particular authorization group.
• All users in an AuthZGroup are required to have a role.
• Each group has a set of permissions.
• The ability to perform a particular function may be specified by a role or membership of a user in a group.
69
Group Relationships
70
AuthZGroup
• AuthZGroup provides basic capabilities:– Membership– Roles– Provider Support
• Membership can be accessed either as a list of Users or Member objects.
71
AuthZGroup Membership API
public interface AuthzGroup extends Edit, Comparable, Serializable{void addMember(String userId, String roleId, boolean active, boolean provided);public Member getMember(String userId);public Set getMembers();public Set getUsers();public Set getUsersHasRole(String role);public Set getUsersIsAllowed(String function);void removeMember(String userId);void removeMembers();
} More …
72
AuthZGroup Role APIpublic interface AuthzGroup extends Edit, Comparable, Serializable{…Role addRole(String id) throws IdUsedException;Role addRole(String id, Role other) throws IdUsedException;public Role getRole(String id);public Set getRoles();public Set getRolesIsAllowed(String function);public Role getUserRole(String userId);boolean hasRole(String userId, String role);void removeRole(String role);void removeRoles();void setMaintainRole(String role);public String getMaintainRole();
} More …
73
AuthZGroup Misc. API
public interface AuthzGroup extends Edit, Comparable, Serializable{Time getCreatedTime();String getDescription();User getModifiedBy();Time getModifiedTime();
public String getProviderGroupId();void setProviderGroupId(String id);
boolean isAllowed(String userId, String function);public boolean isEmpty();boolean keepIntersection(AuthzGroup other);}
74
Role
• Besides having a name and description, roles enable a set of functions to be allowed or disallowed.
• Roles only have meaning with respect to authorization (AuthZGroups).
• They are used purely as a way to group permissions in an authzGroup.
75
Role API
public interface Role extends Comparable, Serializable{String getId();String getDescription();boolean isAllowed(String function);Set getAllowedFunctions();void setDescription(String description);void allowFunction(String lock);void allowFunctions(Collection functions);void disallowFunction(String lock);void disallowFunctions(Collection functions);void disallowAll();boolean allowsNoFunctions();}
Largely focused on what functions are defined for this role.
76
Member
• Member is a relationship object between a User and an AuthZGroup.
• It includes a role.
• Supports the concept of active and inactive members.
77
Member API
public interface Member extends Comparable, Serializable{String getUserId();Role getRole();boolean isProvided();boolean isActive();void setActive(boolean active);}
Element Description
User Identifier The user id.
Role Role for this member.
Provided Is this provided info?
Active Is this member active?
78
AuthZGroupService
• The AuthZGroup Service provides full support for managing AuthZGroups including creation.
• Provisions are made for joining and un-joining groups.
• Answers access questions between a user and a group or set of groups.
79
AuthZGroupService APIpublic interface AuthzGroupService extends EntityProducer{List getAuthzGroups(String criteria, PagingPosition page);int countAuthzGroups(String criteria);AuthzGroup getAuthzGroup(String id)boolean allowUpdate(String id);void save(AuthzGroup azGroup)boolean allowAdd(String id);AuthzGroup addAuthzGroup(String id)AuthzGroup addAuthzGroup(String id, AuthzGroup other, String maintainUserId)boolean allowRemove(String id);void removeAuthzGroup(AuthzGroup azGroup)void removeAuthzGroup(String id)String authzGroupReference(String id);AuthzGroup newAuthzGroup(String id, AuthzGroup other, String maintainUserId)… More …
80
AuthZGroupService API (cont)public interface AuthzGroupService extends EntityProducer{ …void joinGroup(String authzGroupId, String role)void unjoinGroup(String authzGroupId)boolean allowJoinGroup(String id);boolean allowUnjoinGroup(String id);
boolean isAllowed(String userId, String function, String azGroupId);boolean isAllowed(String userId, String function, Collection azGroups);Set getUsersIsAllowed(String function, Collection azGroups);Set getAuthzGroupsIsAllowed(String userId, String ftn, Collection azGroups);Set getAllowedFunctions(String role, Collection azGroups);
String getUserRole(String userId, String azGroupId);Map getUsersRole(Collection userIds, String azGroupId);
void refreshUser(String userId);}
Note that authorization is replicated here, but specified against groups.
81
Security or AuthzGroup Service?
• Given the power of the AuthzGroup Service, should that be used instead of the Security Service?– In general, the Security Service should be used for
applications, since it provides higher level policies to be defined and queried.
– Some framework services are implemented against the authzGroup Service because they need tighter integration.
82
GroupProvider
• The group provider allows groups and roles to be defined by “another source” of information.
• Providers are somewhat limited at this time and do not allow authorization to be moved out of Sakai.
• Permissions are cached by Sakai.
83
GroupProvider API
public interface GroupProvider{String getRole(String id, String user);Map getUserRolesForGroup(String id);Map getGroupRolesForUser(String userId);String[] unpackId(String id);}
Usually, roles need to be mapped to Sakai roles.
Support for compound user id’s.
84
The Content Model
85
Overview
• Content Resource
• Content Collection
• Content Hosting Service
• Locking
• Group Awareness
86
The Content Hosting Model
• Content Hosting provides a way to manage content in Sakai.
• Collections contain Resources.
• Resources may have attachment.
• Resources may have properties.
• Locks can be made against resources.
87
Content Hosting Model
Sakai 2.2 Package Idorg.sakaiproject.content.api
88
ContentResource APIpublic interface ContentResource extends Entity{public int getContentLength();public String getContentType();public byte[] getContent() throws ServerOverloadException;public InputStream streamContent() throws ServerOverloadException;}
Element Description
Content Length Length in bytes.
Content Type MIME Type
Content as an array Array of bytes.
Content as a stream An InputStream.
89
ContentResourceEdit API
public interface ContentResourceEdit extends ContentResource, Edit{public void setContentLength(int length);public void setContentType(String type);public void setContent(byte[] content);}
90
ContentCollection API
public interface ContentCollection extends Entity{public List getMembers();public List getMemberResources();public long getBodySizeK();}
Element Description
Members List of reference strings.
Member Resources List of Content Resources.
Body Size Aggregate size in 1024 units.
91
ContentCollectionEdit API
public interface ContentCollectionEdit extends ContentCollection, Edit{} // No API methods defined.
92
The Content Hosting Service
• Most of the functionality is represented in the Content Hosting Service.
• Methods are provided to work with:– Resources– Collections– Attachments– Properties– Locks
It also provides support for a special collection referred to as a drop box. This collection provides additional security access functions and a drop box name.
93
ContentHostingService API
public interface ContentHostingService extends EntityProducer{public boolean allowAddCollection(String id);public ContentCollection addCollection(String id, ResourceProperties properties)public ContentCollectionEdit addCollection(String id)public boolean allowGetCollection(String id);public void checkCollection(String id)public ContentCollection getCollection(String id)public int getCollectionSize(String id)public List getAllResources(String id);public boolean allowUpdateCollection(String id);public ContentCollectionEdit editCollection(String id)public boolean allowRemoveCollection(String id);public void removeCollection(String id)public void removeCollection(ContentCollectionEdit edit)public void commitCollection(ContentCollectionEdit edit);public void cancelCollection(ContentCollectionEdit edit);public String getContainingCollectionId(String id);public int getDepth(String resourceId, String baseCollectionId);public boolean isRootCollection(String id);public Map getCollectionMap();public void eliminateDuplicates(Collection resourceIds);
Collection Methods
More …
94
ContentHostingService APIpublic boolean allowAddResource(String id);public ContentResource addResource(String id, String type, byte[] content, ResourceProperties properties, int priority)public ContentResource addResource(String name, String collectionId, int limit, String type, byte[] content, ResourceProperties properties, int priority)public ContentResourceEdit addResource(String id)public boolean allowUpdateResource(String id);public ContentResource updateResource(String id, String type, byte[] content)public ContentResourceEdit editResource(String id)public boolean allowGetResource(String id);public void checkResource(String id)public ContentResource getResource(String id)public boolean allowRemoveResource(String id);public void removeResource(String id)public void removeResource(ContentResourceEdit edit)public boolean allowRename(String id, String new_id);public String rename(String id, String new_id)public boolean allowCopy(String id, String new_id);public String copy(String id, String new_id)public String copyIntoFolder(String id, String folder_id)public String moveIntoFolder(String id, String folder_id)public void commitResource(ContentResourceEdit edit)public void commitResource(ContentResourceEdit edit, int priority)public void cancelResource(ContentResourceEdit edit);public List findResources(String type, String primaryMimeType, String subMimeType);
Resource Methods
More …
95
ContentHostingService APIpublic boolean allowAddAttachmentResource();public boolean isAttachmentResource(String id);public ContentResource addAttachmentResource(String name, String type, byte[] content, ResourceProperties properties)public ContentResource addAttachmentResource(String name, String site, String tool, String type, byte[] content, ResourceProperties props)public ContentResourceEdit addAttachmentResource(String name)
public boolean allowGetProperties(String id);public ResourceProperties getProperties(String id)public boolean allowAddProperty(String id);public ResourceProperties addProperty(String id, String name, String value)public boolean allowRemoveProperty(String id);public ResourceProperties removeProperty(String id, String name)public ResourcePropertiesEdit newResourceProperties();
Attachment Methods
Property Methods
More …
96
ContentHostingService APIpublic String getUuid(String id);public String resolveUuid(String uuid);public String getUrl(String id);public String getReference(String id);String getSiteCollection(String siteId);String archiveResources(List resources, Document doc, Stack stack, String archivePath);public boolean isPubView(String id);public boolean isInheritingPubView(String id);public void setPubView(String id, boolean pubview);
Collection getLocks(String id);public void lockObject(String id, String lockId, String subject, boolean system);public void removeLock(String id, String lockId);public boolean isLocked(String id);public boolean containsLockedNode(String id);public void removeAllLocks(String id);
public void createDropboxCollection();public void createDropboxCollection(String siteId);public String getDropboxCollection();public String getDropboxCollection(String siteId);public boolean isDropboxMaintainer();public boolean isDropboxMaintainer(String siteId);public String getDropboxDisplayName();public String getDropboxDisplayName(String siteId);
Misc. Methods
Locking Methods
Dropbox Collection Methods
97
Content Hosting Implementation
• Content Hosting is implemented using two approaches currently:– File system (recommended)– Database
• Neither allow external administrative access, but do provide quota support.
• WebDAV support is included.
98
Group Awareness
• Group (Section) awareness is being added to the content hosting service for Sakai 2.2.
• Two objects are added:– GroupAwareEntity– GroupAwareEdit
99
GroupAwareEntity
Collection getGroups();
AccessMode getAccess();
Element Description
Groups List of authz group references.
Access mode Group or site.
100
GroupAwareEdit
void addGroup(Group group) throws PermissionException;
void removeGroup(Group group) throws PermissionException;
void setAccess(AccessMode access);
Element Description
Groups Groups can be added or removed.
Access mode Set access mode to site or group.
101
Resource Locking
• Content hosting includes a lock manager that allows long term locks to be applied to resources and collections.
• It consists of the following objects:– Lock– LockService
102
The Lock APIString getId();void setId(String id);boolean isActive();void setActive(boolean active);Date getDateAdded();void setDateAdded(Date dateAdded);Date getDateRemoved();void setDateRemoved(Date dateRemoved);String getQualifier();void setQualifier(String qualifier);String getReason();void setReason(String reason);String getAsset();void setAsset(String asset);boolean isSystem();void setSystem(boolean system);
The Lock identifier
Active flag.
Time added or removed.
Qualifiers, if any.
Reason for lock.
Asset being locked.
103
The Lock Service API
void lockObject(String assetId, String qualifier, String reason, boolean sys);
void removeLock(String assetId, String qualifierId);
Collection getLocks(String assetId);
boolean isLocked(String assetId);
void removeAllLocks(String qualifier);
104
Content Hosting vs. Repositories
• Content Hosting is not really intended to be an interface to a remote repository.
• Work around repositories is starting to emerge: Twin Peaks, Sakaibrary, etc.
• Repositories are optimized differently than Content Hosting, though content managed by CH could be including a repository service.
105
The Site Model
106
Overview
• Site
• Site Page
• Tool Configuration
• Group
• Site Service
107
The Site Model
• Sites are a way of breaking up a Sakai installation so that:– Users can have a private work space
(MyWorkSite).– Classes can have their own content.– Projects can facilitate work.– Etc.
Sakai 2.2 Package Idorg.sakaiproject.site.api
108
Site Model Diagram
109
The Site Object
• The Site object includes:– Information – Tools – Layouts for a Sakai Site– A list of pages
• Layout is done using pages.
110
Site API - Informationpublic interface Site extends Edit, Comparable, Serializable, AuthzGroup{String getTitle();String getShortDescription();String getDescription();String getIconUrl();String getIconUrlFull();String getInfoUrl();String getInfoUrlFull();void setTitle(String title);void setIconUrl(String url);void setInfoUrl(String url);void setShortDescription(String description);void setDescription(String description);String getType();boolean isType(Object type);void setType(String type);…
More …
111
Site API - Membership
public interface Site extends Edit, Comparable, Serializable, AuthzGroup{boolean isJoinable();String getJoinerRole();void setJoinable(boolean joinable);void setJoinerRole(String role);Collection getGroups();Collection getGroupsWithMember(String userId);Collection getGroupsWithMemberHasRole(String userId, String role);boolean hasGroups();Group addGroup();void removeGroup(Group group);… More …
112
Site API - Pages
public interface Site extends Edit, Comparable, Serializable, AuthzGroup{List getPages();List getOrderedPages();SitePage getPage(String id);SitePage addPage();void removePage(SitePage page);
ToolConfiguration getTool(String id);Collection getTools(String[] toolIds);…}
Support for pages.
Support for tools.
More …
113
Site API - Miscellaneouspublic interface Site extends Edit, Comparable, Serializable, AuthzGroup{ …User getCreatedBy();User getModifiedBy();Time getCreatedTime();Time getModifiedTime();
String getSkin();void loadAll();void setSkin(String skin);
boolean isPublished();boolean isPubView();Group getGroup(String id);void setPublished(boolean published);void regenerateIds();void setPubView(boolean pubView);}
Support for skinning.
Support for publishing.
114
Site Pages
• Each page can have a layout type (single or dual columns, etc.)
• A page can have one or more tool, each with it’s own ToolConfiguration.
• A page may be separately skinned.
• A page may be designed a pop-up, but this is not currently used.
115
SitePage APIpublic interface SitePage extends Edit, Serializable{public String getTitle();public void setTitle(String title);public String getSkin();public String getSiteId();public boolean isPopUp();public void setPopup(boolean popup);public int getLayout();public void setLayout(int layout);public String getLayoutTitle();public List getTools();public List getTools(int col);Collection getTools(String[] toolIds);public ToolConfiguration getTool(String id);public Site getContainingSite();public ToolConfiguration addTool();public ToolConfiguration addTool(Tool reg);public void removeTool(ToolConfiguration tool);public void moveUp();public void moveDown();}
Layout management
Tool management
Ordering of pages
116
Tool Configuration
• A Tool configuration provides:– Layout hints– A skin– Site Id– Layout order
• Since tools tend to take up screen real estate, only one or two tools tend to be configured onto a site page.
117
ToolConfiguration API
public interface ToolConfiguration extends Placement, Serializable{public String getLayoutHints();public void setLayoutHints(String hints);public int[] parseLayoutHints();public String getSkin();public String getPageId();public String getSiteId();public SitePage getContainingPage();public void moveUp();public void moveDown();public int getPageOrder();}
118
Site Service
• The Site Service provides:– Access to sites and collections of sites.– A site access security model.– Support for group membership.– Various references.– Convenience methods to directly access
things like tool configuration, etc.
119
SiteService API - Sites
public interface SiteService extends EntityProducer{Site getSite(String id) throws IdUnusedException;Site getSiteVisit(String id) Site addSite(String id, String type) Site addSite(String id, Site other)void removeSite(Site site) throws PermissionException;List getSites(SelectionType type, Object ofType, String criteria, Map propertyCriteria, SortType sort, PagingPosition page);int countSites(SelectionType type, Object ofType, String criteria, Map propertyCriteria);String merge(String toSiteId, Element e, String creatorId);void save(Site site) throws IdUnusedException, PermissionException;void saveSiteMembership(Site site) void saveGroupMembership(Site site)void saveSiteInfo(String id, String description, String infoUrl) More …
120
SiteService API - Securitypublic interface SiteService extends EntityProducer{void setSiteSecurity(String siteId, Set updateUsers,
Set visitUnpUsers, Set visitUsers);void setUserSecurity(String userId, Set updateSites,
Set visitUnpSites, Set visitSites);
boolean allowAccessSite(String id);boolean allowUpdateSite(String id);boolean allowUpdateSiteMembership(String id);boolean allowUpdateGroupMembership(String id);boolean allowAddSite(String id);boolean allowRemoveSite(String id);boolean allowViewRoster(String id);boolean allowUnjoinSite(String id);
boolean isUserSite(String site);boolean isSpecialSite(String site); More …
121
SiteService API - Miscelaneouspublic interface SiteService extends EntityProducer{String siteReference(String id);String sitePageReference(String siteId, String pageId);String siteToolReference(String siteId, String toolId);String siteGroupReference(String siteId, String groupId);
String getSiteUserId(String site);String getSiteSpecialId(String site);String getSpecialSiteId(String special);
String getSiteDisplay(String id);ToolConfiguration findTool(String id);SitePage findPage(String id);String getSiteSkin(String id);List getSiteTypes();
void join(String id)void unjoin(String id)}
122
Groups
• With the release of Sakai 2.1, a site could have more than one group associated with it.
• These are largely used for sections.
• Groups extend AuthzGroups and add a bit more descriptive information.
123
Group API
String getTitle();void setTitle(String title);
String getDescription();void setDescription(String description);
public Site getContainingSite();
This allows groups to have a title and description that is independent of AuthzGroup naming. This is useful when you want the group to appear as “Chemistry 101 – Lab 2”, rather than “sci-chem101-L002”
124
Questions?