Virtual Portals (Scoped vs. Non Scoped Resources) – WP7

Few important things when working with virtual portals

1.       Initial settings for the virtual portal
a.       Managing User Populations
b.      Pre configuring the default content for virtual Portal
c.       Pre configuring the security(subadministrator) for the virtual portal
2.       Creating Virtual Portal
3.       scoped vs. non scoped resources
a.       Scoped resources: Resources that can’t be shared with other virtual portals.
                                                               i.      Portal Pages
                                                             ii.      Portlet Instances
                                                            iii.      Portal Search Engine content sources
b.      Non scoped resources : Resources that are common for all virtual portals (You can’t separate even using PAC)
                                                               i.      Themes and skins
                                                             ii.      Vault segments and vault slots
                                                            iii.      Supported clients and markups
                                                           iv.      Composite applications and templates
                                                             v.      Polices
c.       Resources that are common but can be scoped using the PAC (Portal Access Controls)
                                                               i.      Portlets :
1.       These not scoped and config mode settings or config through manage portlets will apply to all portlet instances on all virtual portals
                                                             ii.      Portlet Applications  :
1.       These not scoped and config mode settings or config through manage portlets will apply to all portlet instances on all virtual portals
                                                            iii.      Web Modules
                                                           iv.      URL Mapping contexts
                                                             v.      Users and groups
d.      Unique Name scoping
                                                               i.      Type of the portal resource decides whether the unique names are scoped or not. Unique names for scoped portal resources are themselves scoped and resources that are not scoped are themselves not scoped.

4.       Re-initialize Virtual Portal
5.       Deleting Virtual Portal


Working with fonts in Ephox Editlive – WCM 7

1.       To add or Removing fonts (font family) from the ephox editor,  edit the “” file under  wp_profile_root/PortalServer/config/com/ibm/wps/odc/editor. Comment or uncomment any of the below lines and restart the server to take the effect

# Font Menu: (Rich Text, Presentation, Spreadsheet)
# specify custom fonts to replace the ones in the font menu
# where:
#   N is a number starting with zero
#   FONTNAME is the string that appears in the font menu
#   FONTDEF is the corresponding definition, usually a single
#           typeface or comma-separated list in order of
#           preference.  One of the standard font types is
#           suggested as a final entry in the list.
#           See HTML's FONT FACE attribute or CSS font-family
#           for more details.
# formatmenu.N=- (optional) will terminate the menu
#FIXME: must add Linux fonts and/or make this list less MS-centric
#fontmenu.1=Bookman;bookman old style,new york,times,serif
#fontmenu.3=Garamond;garamond,new york,times,serif
#fontmenu.4=Lucida Console;lucida console,sans-serif
#fontmenu.6=Tahoma;tahoma,new york,times,serif
#fontmenu.7=Times;times new roman,new york,times,serif
#fontmenu.8=Trebuchet;trebuchet ms,helvetica,sans-serif

·         This is based on Ephox Editlive OEM version that comes with IBM WCM7 .
·         If you want remove the fonts dropdown completely then need to edit "ibm_eljconfig.xml.jsp" and  remove the <toolbarComboBox name="Face"> section.

2.       Setting  the default font: To change the default font, change the embedded style sheet in the 'style' element above in ibm_eljconfig.xml.jsp file under  \IBM\WebSphere\wp_profile\installedApps\NodeName\EphoxEditLive.ear\editor-editlive.war\res\editlivejava

                <style type="text/css">
                    body {
                        font-family: "Arial";


WCM Security Details - WCM7 - Part3

In Contd. Part 1 and Part 2,

WCM Inline Authoring tools security

1.       Inline authoring requires users have access to both the  “Item Type” at library level and individual item
2.       Example: to edit the current content , you need ‘edit’ access to the ‘Content’ Item Type within the library where the content resides plus edit access to the actual item
3.       Read access to authoring tool component itself

Note: you should have at least “privileged user” permission on the reserved authoring portlet page because when you click inline authoring tools it opens up reserved authoring  portlet  

Personalization Workspace security

1.       As explained in  WCM Security Part 2  setting at the “access on root” from webcontent libraries portlet  will give access to all WCM libraries (Because all wcm libraries are organized in a hierarchy with a common root ).

2.       But important thing is WCM libraries common root inherits the access permissions  from the “personalization workspace” access settings as shown in above diagram. Unless you block propagation at the personalization workspace level , all access permissions flow throw the WCM libraries.

3.       You can set the permission for personalization workspace as shown below ( applicationsàcontentàpersonalizationàbusiness rulesàselect workspaceàextra actionsàedit access)


Audit logging features -- WP7

IBM WebSphere Portal provides out of the box auditing features that allows users to log certain events and their originators into a separate log file.

These logging events are organized into following groups to enable/disable at group level instead of individual events.
1.       audit.groupEvents.enable
2.       audit.userEvents.enable
3.       audit.portletEvents.enable
4.       audit.roleEvents.enable
5.       audit.roleBlockEvents.enable
6.       audit.ownerEvents.enable
7.       audit.resourceEvents.enable
8.       audit.externalizationEvents.enable
9.       audit.userInGroupEvents.enable
10.   audit.webModuleEvents.enable
11.   audit.applicationRoleEvents.enable
12.   audit.principalToApplicationRoleMappingEvents.enable audit.roleToApplicationRoleMappingEvents.enable
13.   audit.domainAdminDataEvents.enable
14.   audit.designerDeployServiceEvents.enable

By default the audit logging service is disabled and default value for all of above settings is false.  

To enable the audit logging service , was admin consoleà Resourcesà Resource Environment Providerà WP_AuditServiceà custom properties

“audit.service.enable” to “true” and also need to enable required group of events.

By default audit service uses the following logging implementation class and audit logging output is written to the following audit log file (IBM\WebSphere\wp_profile\log\audit_2012.01.01-19.43.54.log). No other log messages are written to this file.

audit.logging.class =
audit.logFileName = log/audit_$create_time.log

ClickHere for the complete list of logging events and configuration service property details

Sample Audit Log statements

1.       Sample Page Creation log
[01/01/12 19:52:11:484 CST] I Audit 00000134e95d450700000001000000f984df05f13bcb4a3c301dc266f45a9d147fb3862000000134e95d450700000001000000f984df05f13bcb4a3c301dc266f45a9d147fb3862000000001 EJPSN0014I: User [uid=wpsadmin,o=defaultWIMFileBasedRealm] has created a Resource for ObjectID = [Z6_AoS11VAVH400NH70I5NKANU81001/null] and Name = (Name not set)

IT contains transactionID, userID , and objectID that’s been created.

2.       Added “all authenticated portal users” to “privileged user “ role on above page
[01/16/12 20:03:00:093 CST] I Audit 00000134e9672b0600000001000001f884df05f13bcb4a3c301dc266f45a9d147fb3862000000134e9672b0600000001000001f884df05f13bcb4a3c301dc266f45a9d147fb3862000000001 EJPSN0010I: User [uid=wpsadmin,o=defaultWIMFileBasedRealm] has assigned the Role with Name = Privileged User, Alias = (null) and ObjectID = [Z6_AoS11VAVH400NH70I5NKANU81001/null], affecting ActionSet [Privileged User], to the following principals: (all authenticated portal users)


Shared and Derived Pages (Sharing Portlets between pages) in Websphere Portal – WP7

Shared Pages:
1.       Shared pages enable you to share a layout model with multiple pages. After a page is shared, other pages can reference the layout of the shared page.
1.       Create a page called “source page”, make sure you select the “other pages can share the content of this page” option .

2.      Create a page called “target page” based on the above page as below

Note: “A page that uses the content from a shared page” option available only when you have at least one page on the portal is shared as in step 1.

Derived Pages:
1.       Derived pages are children of shared pages

Page derivation in websphere portal happen in two ways
1.       Implicit derivation
a.       User with “privileged user” access on page can customize the page. In this case portal implicitly creates derived page from actual page for that particular user.
2.       Explicit derivation
a.       In explicit derivation, user with appropriate permissions chooses a page that will serve as the base layer of layout information. A new page is created that will use the layout information of the base page.
b.      All base pages and their specializations can be administered separately
3.       Scenario : Base page has two portlets (about portlet , reminder portlet) . User created the additional page based on the “Base page” and then added “weather “ portlet to derived page.
4.       Changes made to the original parent page may be reflected to the derived pages that reference it.

The following implications apply to derived pages:
1.       If you delete a page that is referenced by another page, all pages that reference that page are deleted.
2.       If a portlet is deleted from the page that is referenced, the portlet is deleted from all pages that reference that page, and all individual user settings for that portlet are lost.
3.       If content is locked on the page that is referenced, content is locked on all derived pages that reference that page.
4.       The user must have access to the original page to access the derived page. Therefore private pages cannot be shared in this manner.
5.       A user is only able to see a layer of the page if appropriate access is given i.e. must have the User role for every layer above theirs in order to see the content of the previous layers.
6.       The markup specified for the root page cannot be modified on derived pages. The whole derivation tree structure with all layers supports the markup that is specified on the root page.

NOTE: You can’t create the shared pages across the virtual portal as portal pages can’t be shared between the virtual portals