Luminis Logger
This year at Summit I presented a home grown JSP application that I coined "Luminis Logger". Here at Lehigh University we needed to have better, quantified data on who's logging into our portal, how often, what roles, etc... This home grown application has met that need.
While I was developing it, I did my best to keep it simple enough so that other school's can take advantage of the product. Luminis Logger can be placed right on to your portal box. It's DB backend defaults to your existing Luminis DB backend, and it's written to use the Luminis LDAP and Luminis user roles for authentication into the app.
I've attached "luminislogger.zip" which includes the app along with installation instructions There are also a few screenshots attached so you can get an idea of what kind of data you can see.
UPDATE: The initial posting contained a lumlog.car that used a deprecated LogService to catch any errors. Some schools seem to have this LogService and others don't. I have since rewritten the lumlog.car to use Apache Commons Logging which should work on any Luminis 4 system (not sure about lum 3, I'll rename the first lumlog.car to lumlog-old.car since that might have a better chance on lum 3).
Along those lines, I've also created a lumlog-debug.car that has increased logging. If your not seeing any DB records, the lumlog-debug.car should help you step through the process.
UPDATE #2: I cleaned up several small issues that would have caused some headaches...
1.) Some of my sql searches found in the searchtime.jsp that may have prevented some school's searches from working. (Specifically removed "uportal." from my searches that used something like "uportal.tablename".
2.) The initial zip was missing "connections_core.js" which was preventing the records page from updating correctly. The file is now included in the zip.
3.) Placed the new lumlog.car file inside the zip
UPDATE #3: The loginok.html file has been updated to fix a bug with CAS app logins. The previous version wouldn't differentiate a CAS auth versus a portal login, and would log people into the portal instead. The new loginok.html will identify a CAS auth and redirect back to the CAS application. It will also NOT log it in Luminis Logger. However it could be logged by editing loginok.html and placing the url call to "lumlog" prior to the CAS redirect.
For institutions that are concerned about the login delay, it is possible to use a custom portal theme, call the lumlog url in your theme, and set a custom cookie to flag that you have called lumlog already. This method would also require cookie cleanup at logout (depending on which version of Luminis 4, there are different ways to do this).
Greg Skinner
Lehigh Universtiy
gas207 at lehigh.edu
Logger
This looks really interesting. However, there are a few concerns I have:
1) A number of the JSPs appear to have SQL injection vulnerabilities. None of the client-provided data is checked prior to being used in SQL statements. Since the code uses the existing Luminis DB connection by default, an injection could allow somebody to see any Luminis tables (or run privileged stored procedures and/or shell commands if permissions are set as so). I didn't confirm this on our own box, but a quick glance at the code does raise this as a concern. Although, the affected code only applies to people in the "requiredRole" role (unless forceRole is off), so it does appear to be somewhat contained.
2) What effect does this have on login times and general performance? During busy periods, many people seem to have login delay and performance issues. Adding additional LDAP and DB lookups to the process will increase that. Do you have any idea on the extent of delay and performance impact?
3) The .car file file uses LuminisLogger.java, which has:
Class.forName("oracle.jdbc.driver.OracleDriver").newInstance();
conn = GTLib.cPool.getConnection(); //get connection from pool
Does this mean it only works with Oracle as a backend DBMS? I realize this only loads the Oracle JDBC driver then uses an existing connection, but can you please confirm it works on MS SQL as well? I'm just asking because this differs from the method used to instantiate the JDBC driver in the included JSPs.
comments
1.) I'll work at cleaning up the SQL injection issues. I'm fairly new to the JSP world, but I'm familiar with injection concerns. I'll make that first on my list of changes to roll out.
2.) Login times will be effected slightly from the loginok.html piece. I've seen an estimated 1-2 seconds difference on login. I'm thinking of adding a spinner to my loginok.html page, although the actual login time isn't too bad at our institution (maybe 2-3 seconds). Obviously, login speed is important, so similiarly to implementing a drag and drop theme, you have to make a decision for your institution and weigh the benefits of logging versus the fastest possible load time.
3.) The car file is meant to use the existing portal db as you mentioned. I did this so that institutions could deploy Luminis Logger in as few steps as possible. Modifying and recompiling a car file is quick if your familiar with the process, but can be confusing if your new to it. I was trying to avoid that. However if you wish to store the login information in another oracle DB, or mssql, mysql, etc... you will need to customize the LuminisLogger.java, recompile it, and redeploy your car. Consequently you will then need to customize the lummis logger webpages for any differences in SQL calls from Oracle and your database of choice.
Greg
Luminis 5
I saw your presentation at Summit. Thanks for sharing this awesome tool. We're going to be implementing LP5 very shortly (fresh install). I'd love to use Luminis Logger. I know that during the presentation you briefly commented that it should work still. Could you comment in any more detail about that?
It will need a little work for Luminis 5
Sorry If I wasn't too clear in the presentation. It shouldn't be hard to get it to work in Luminis 5. I have a Luminis 5 Beta install here so I plan on looking into it. The two big things that need to be redesigned for Luminis 5 is...
1.) Lumlog.car and calling it at login - Right now I'm calling another dbconnection from the pool. I'll need to find the proper call to do something similar in 5. I also need to see how Liferay/Luminis5 calls pages at login, so that it will store the information.
2.) LDAP data - I currently grab role totals and channel titles/names from Luminis LDAP. Luminis 5 is shipping with an internal LDAP still, but I'm guessing it will have a different structure. The first piece is critical, but you could get by without this piece and you would still get total logins, and the roles of each user, you just wouldn't be able to compute role %'s for your results.
I also wanted to mention that I had some good dialogue with a few Sungard members about Luminis Logger and they seemed very willing to help share information with me so that I can get these pieces working.
Thanks for the comment.
Greg
Luminis Logger
Greg, thanks for creating a great tool for the Luminis community. We (Wofford College) are planning on deployment to our test environment very soon. I enjoyed your presentation and many others at my first Summit.
Thanks again,
Franklin Pettit
Wofford College
LumDev SVN Candidate
Perhaps this should be added to the subversion instance for LumDev so that every can help contribute to the project?
I implemented the logger app
I implemented the logger app in our development environment. Very nice.
One slight issue with the install I had is that the sql script tries to create tables in the UPORTAL schema. Since we upgraded to Luminis 4, we no longer have a UPORTAL schema. Everything is kept in a single LUMINIS schema so I edited the sql script to replace UPORTAL with LUMINIS and also in a few of the jsp files.
I did see a slightly noticeable difference in login time after replacing the loginok.html file. I would also like to see a please wait spinner implemented on this page as you mentioned in another comment.
Another thing I'm seeing is in the "Top Roles by Login" section all my roles are "null". I'm guessing that's because I haven't implemented the the addon scripts yet(?) I got stuck on the environment variables defined at the beginning of each script. It looks like the oracle instant client is required to run these? Is this installed with Luminis or was this a separate install?
Great job and thanks for sharing with us!
Jonahlyn
our luminis 4 has a uportal schema
Just thought that I would mention that when we moved to Luminis 4 we kept the separate uPortal and Luminis DB schemas.
I thought that this was the normal way to do it, but perhaps it was just a throw back to settings that we had in our config files for the install.
On a purist front, I prefer to have the separation.
Derek
University of Leeds, UK
luminis logger conflict with Luminis IV CAS server..
We configure Luminis Logger in our luminis IV development system. I find it is very useful to get all luminis related logging info.
However, I find luminis IV built-in CAS server cannot be worked properly after luminis Logger is deployed.
When our applications use Luminis CAS system for authentication,luminis CAS system will redirect to luminis IV first page instead our application default first page after we login our application via luminis CAS successfully.>/cp/home/next"
I find it is related to loginok.html file
When I replace YAHOO.util.Connect.asyncRequest('GET', "/cp/home/next", callback, null); to window.top.location=/*URL*/ "http://<
All application can be redirected to their first page successfully, However, no logging result is submitted to luminis logger.
I would like to use both application in same server..
Please advice how to fix it.
Thanks,
William
Luminis Logger and Mobile Devices
We just implemented Luminis Logger in production and it's working great and gathering data, but it is keeping Android phones from being able to log into our portal. It's not an issue on any other phone so far. The initial asyncRequest() on '/cp/home/next' is what is failing, and our log file shows 'Programming error org.jasig.portal.security.PortalSecurityException: System does not allow for unauthenticated non-guest users' as the error when this occurs. Do you have any idea what might be happening?
related
That's probably actually related to the article below...
http://www.lumdev.net/node/3662
Thanks [updated]
That makes sense with what I was beginning to see on our end. At least that gives me more to work with. Thanks!
Update:
I stumbled across Issue 7978 in the Android Open Source Issue board that has to do with the authentication cookie drop that most likely has to do with this. Here's the link to the issue: http://code.google.com/p/android/issues/detail?id=7978.
To put a patch on the problem, I wrote a JS error message advising Android users of the state of the issue and am redirecting them to the login page after displaying the message. This way students are not left hanging wondering why the portal will not let them in.