Domain.xml - multi-domain configuration

Resources in Vine can be structured as multi-domains. It could be useful if you want to distinguish resources in different locations like departments, cities, countries etc. You can use it to filter visible resources for logged in users. So in general you have one main root domain as so far and you can define additional ones as some kind of sub domains by using general paradigm like "domain rule" - everything is explained below:

Firstly the main Domain.xml (root domain), which is loacated in $PORTAL_HOME\webapps\vine\WEB-INF\vine\resources\:

<domain name="MAINDOMAIN" label="Main domain" description="Main domain description">

    <!-- Authentication modues - are common for all domains -->
    <!-- Portlet authentication -->
    <authenticationModule key="PortletAuthModule"
                          order="1"/>

    <!-- Credential repository authentication -->
    <authenticationModule key="CredentialRepositoryAuthModule" order="3"/>

    <authenticationModule key="VomsDefaultCredentialAuthModule" order="4"/>

    <!-- Vine Role Manager - if not exists it is added automatically -->
    <vineRoleResource/>

    <!-- Portal - if not exists it is added automatically-->
    <hostResource name="portal"
                  hostname="localhost"
                  label="Localhost Portal"
                  description="Portal">

        <!-- Portal file system -->
        <portalFileSystem label="Portal File System" description="Portal File System"/>

        <!-- Account manager -->
        <accountResource name="GuestAccountManager"
                         label="Guest Account"
                         description="Guest Account Manager">

            <gridsphereRegistrationResource name="GridsphereRegistration"
                                            label="GridsphereRegistration"/>

        </accountResource>

    </hostResource>

    <!-- PSNC organization - resources can be grouped in organizations -->
    <organization name="PSNC"
                  label="PSNC"
                  description="Poznan Supercomputing and Networking Center"
                  image1-small-url="/vineportlets/hpceuropa/psnc/PsncLogo.jpg"
                  image1-small-label="PSNC"
                  image1-url="/vineportlets/hpceuropa/psnc/PsncBuilding.jpg"
                  image1-label="PSNC"
                  html-url="/hpceuropa/psnc/psnc.jsp">

    <!-- Seagrass Cluster -->
    <hostResource name="Seagrass"
                  hostname="seagrass.man.poznan.pl"
                  label="PSNC Seagrass"
                  description="Linux Host (2 CPUs)">

        <!-- GridFtp -->
        <gridftpResource label="PSNC Seagrass (Grid-FTP)"/>

        <!-- MyProxy -->
        <myproxyResource name="PSNC_MyProxy" label="PSNC_MyProxy" useCredential="false" checkConnection="true"
                         timeoutMiliseconds="5000"/>

    <</hostResource>

    <!-- omiidemo -->
    <hostResource name="omiidemo"
                  hostname="omiidemo.man.poznan.pl"
                  label="PSNC OMII Demo Machine"
                  description="Linux Host (2 CPUs)">

        <!-- GridFtp -->
        <gridftpResource label="PSNC OMII-Demo (Grid-FTP)" description="Some description"/>

        <!-- WS-GRAM -->
        <wsGramResource label="PSNC OMII-Demo (WS-GRAM)" port="8443">

            <resourceAttribute name="description" value="GT4"/>
            <!-- possible values: FORK, LSF, PBS, MULTI, CONDOR -->
            <resourceAttribute name="factoryType" value="FORK"/>
            <resourceAttribute name="WsrfResource.AuthorizationType" value="host"/>
            <resourceAttribute name="WsrfResource.DelegationEnabled" value="true"/>
            <resourceAttribute name="WsrfResource.MessageProtectionType" value="2"/>

        </wsGramResource>

    </hostResource>

    </organization>

</domain>
</cite>

The security mechanisms are common for the whole portal - vine role manager, authentication modules and localhost with account manager and registration modules. Special file resource (also configured on localhost) - Portal File System is also shared among domains.

So these things are the same in all defined domains - should be defined in the root domain (Domain.xml in the $PORTAL_HOME\webapps\vine\WEB-INF\vine\resources directory)

So how we can define some sub domain now? This is very simple:

We have to create a new directory for it in location: $PORTAL_HOME\webapps\vine\WEB-INF\vine\resources\.
So we will create a directory called "PSNC" like the sub domain name.

And we have to create a file Domain.xml within it with such content:

<domain name="PSNC" label="PSNC Domain">
    <domain-rule value="%PSNC%"/>
</domain>

So as you can see we can define so called domain rules.

Domain rule let you define some substring of the resource distinguish name (resource DN) which will be accessible within the given domain.
Every resource has attribute called "name" which always is included in the DN of the resource. So if we have here rule like this:

    <domain-rule value="%portal%"/>

it means every resource with name containing "portal" will be included here - this is a localhost which is required actually (it is added automatically so it doesn't have to be added manually)

    <domain-rule value="%PSNC%"/>

it means that every resource with name containing "PSNC" will be included or which is contained by the organization with such substring in its name attribute.

Organizations are very useful here. You can group resources within the organizations and then you can build simple domain rule which contains its name as the value
like <domain-rule value="%PSNC%"/> - it will include all resources in the PSNC organization from the root domain.

Apart from domain rules it is possible to specify resources in normal way as in the root domain - all resources are merged later in the root domain (it always sums up all resources spread over all sub domains).

The gridsphere login portlet (GridSphereLoginPortlet) shipped with Vine Toolkit support multi-domain configuration so user can choose the desired domain while logging in (it is set in session pramateres). Then all resource are filtered by use of domain rules and user can see and access only filtered resources.