The following technologies are required :
- Java 1.5 or +
- Tomcat 6 or +
- a web server (like Apache)
- mysql 5 or +
- PHP 5 or +
The platform was tested on :
- MacOS X 10.6 Server
- Ubuntu 9.10 and 10.04 with Tomcat 6, Apache 2, mysql 5 and PHP 5
... but in theory in can work on other systems.
Some packages have to be installed on Linux on top of PHP : php5-mysql for the link with the database, php5-xsl (or php-xml for CentOS) for XML documents transformations, php5-gd for image processing, and php5-curl which is used for the forum authentication.
The following file contains all PAELLOS (WebJaxe + server), with the source code :
paellos_1.0.tar.gz
PHP extensions
With PHP5, the PHP extensions php_xsl and php_gd2 must be enabled
but php_domxml must be disabled (it's a PHP4 extension).
Folder location
WebJaxe folder can be placed anywhere in the website. The website root is usually a folder named htdocs, in which the webjaxe folder can be placed.
File permissions
The PHP user (which might be different from the web user) needs write access to the following folders in the webjaxe folder : site_config, contribXML, sites, historique, poubelle and tmp. Permissions should be checked before launching WebJaxe for the first time.
Initialization
Open the following page in a web browser :
http://[your website]/[WebJaxe's folder]/index.php
Remark
If your web server runs on another port than the default one (80), make sure to replace http://[your website] by http://[your website]:[port number].
To create WebJaxe's database, the database administrator login and password must be entered (often 'root' / '' or 'root' / 'root' by default).
The database is named webjaxe by default.
Information on the account for WebJaxe's administrator must then be entered.
Mail management is used to alert the administrators when a new user registers. There are 3 options :
- Disabled : no email is sent
- PHP mail function : the email is sent using PHP's mail function, relying on the server mail system
- SMTP server : the provider SMTP server address must be entered
Once this is done, click on the "Create the database" button to finish WebJaxe's installation.
TeX equations images server
To use equations with the TeX syntax in the XPAGES language, a little additional server has to be configured. The Jaxe applet and its XPAGES plugin do not contain a TeX processor (it would be too heavy !). So, the plugin calls a server, sending the equation text, to which the server replies with the image of the equation. This server is already present in WebJaxe's serveurtex folder, but it requires the installation of the following programs : latex, dvipng and ImageMagick. It is also necessary to edit the file config/XPAGES/XPAGES_config.xml by hand to specify the server to use (look for "tex.php" to find it). The default value is set to a server that is not necessarily available.
The paths to the commands convert and tex2png can be changed if necessary in tex.php.
Permissions should be checked to make sure the PHP user can write inside serveurtex/CACHE.
Securing WebJaxe
The information to access the database is stored in the site_config.xml file, located in the site_config folder. This folder is protected for the Apache web server with a .htaccess file if .htaccess files are enabled with the instruction AllowOverride in httpd.conf. This prevents reading site_config.xml directly from the web, while still letting WebJaxe use it.
This protection only works with the Apache web server. If you use another web server, such as IIS, you will need to protect the site_config folder in another way, for instance by editing its properties and forbidding reading. The way to do that is unfortunately different from one web server to another.
A .htaccess can also be added to the other folders in ordre to manage reading authorizations.
To avoid having to manage both Apache and WebJaxe users to control access, the lecture_fichier.php PHP script can be used with the Mod_rewrite Apache module. For instance, the following code can be placed in a .htaccess file in the contribXML and sites folders, to make sure that only authorized WebJaxe users can access the XML files and the websites created with WebJaxe :
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^(.*)$ ../php/partie_utilisateur/lecture_fichier.php?fichier=%{REQUEST_URI}
</IfModule>
This code redirects read requests for all files in the folder to the lecture_fichier.php script, which only returns the contents of the files for connected authorized WebJaxe users.
- edit the server ServletProperties file (it is in serveur/WEB-INF/classes/paellos)
- edit SITENAME/constantes.jsp in the UTF-8 character encoding. The site name must match the web application name, and therefore the folder name (it will be called SITENAME from now on).
- make sure the configuration files are not readable by all (but Tomcat must be able to read them)
- If necessary, to let Tomcat manage the "SITENAME" application, add in Tomcat's conf/server.xml the informations in exemple_pour_tomcat_6_de_server.xml (there is for instance a connector to redirect queries from Apache). Initially, it is better to try without changing this file (it's edition is no longer necessary since Tomcat 6).
- replace the logo.png file by your training's logo
- make sure Tomcat's connector uses URIEncoding="UTF-8" in conf/server.xml (otherwise search queries will not work with accented characters).
If a security manager is enabled (this is for instance the case by default with Ubuntu 9), the web application has to be authorized to do local connections to mySQL, as well as reading the website files, use the indexation files for search queries on the website, and use certain classes :
create a file named tomcat6/conf/policy.d/paellos.policy, with (by changing "SITENAME", "serveur.smtp", "/var/www" and ".../index_lucene" if necessary) :
grant codeBase "file:${catalina.base}/webapps/SITENAME/-" {
permission java.net.SocketPermission "localhost:3306", "connect,resolve"; // access to the SQL database
permission java.net.SocketPermission "smtp.exemple.fr:25", "connect,resolve"; // sending emails
permission java.io.FilePermission "/var/www/webjaxe/-", "read"; // reading WebJaxe files
permission java.io.FilePermission "/var/www/public", "read"; // generating the public website
permission java.io.FilePermission "/var/www/public/-", "read,write,delete"; // generating the public website
permission java.io.FilePermission "${catalina.base}/webapps/SITENAME/WEB-INF/sites", "read"; // training websites
permission java.io.FilePermission "${catalina.base}/webapps/SITENAME/WEB-INF/sites/-", "read,write,delete"; // training websites
permission java.io.FilePermission "${catalina.base}/webapps/SITENAME/WEB-INF/index_lucene/-", "read,write,delete"; // indexation files
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.compiler"; // jsp compilation
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.compiler.*"; // jsp compilation
};
- If Apache is used as the main web server, it is possible to use it for all queries with specific paths, and to redirect the queries to Tomcat. This can be done with Apache's mod_jk module. It might be necessary to install mod_jk if it is not already installed (on Ubuntu, it can also be necessary to install the mods include, rewrite and suexec for Apache, and to change the owner of the webapps folder). For instance, here is how mod_jk can be configured in httpd.conf :
# warning: with Apache 2, do not use AddModule, and replaced httpd by apache2 in the paths
AddModule mod_jk.c
<IfModule mod_jk.c>
JKLogFile /var/log/httpd/mod_jk.log
JKWorkersFile /etc/httpd/workers.properties
JKMount /SITENAME/* PAELLOS
</IfModule>
and workers.properties should be added next to it (if it already exists, it should be combined).
In each Virtualhost (typically the files in sites-enabled), the following code must be added :
<IfModule mod_jk.c>
JkMountCopy On
</IfModule>
On Tomcat side, a matching connector is required to listen to incoming queries, as described in the exemple_pour_tomcat_6_de_server.xml file included in PAELLOS
- possibly change the site home page, index.html (located in SITENAME/site/) (for instance to disable the links to the forum and the chat room if they are not used).
The forum and chat features are optionnal. The discussion forum suggested with PAELLOS is phpBB (a plugin provides automatic authentication on a phpBB forum with PAELLOS' database).
Forum installation
- install phpBB3 from http://www.phpbb.com/, and add auth_paellos.php (requires php5-curl on Linux) in includes/auth
(this is needed to use PAELLOS database for authentication on the forum ;
the forum administrator must already exist in the database)
- In the administration, "General" tab, "Authentication" link, choose the "Paellos" method and enter the information required to connect to PAELLOS database : server (use "localhost" if it's on the same machine), user name, password and database name.
- (to see the users firstnames and lastnames) in the administration, go to the "Users and Groups" tab. Click on the "Custom profile fields" link. Add the fields "firstname" and "lastname" (single text field) (with a title of your choice). The values will be automatically added when users connect to the forum for the first time.
- Create a group "XXXX Students" and a group "XXXX Tutors" with the training name. The group names are in the file auth_paellos.php, they can be changed if necessary.
- Create forums with matching rights for the groups. For instance, users rights should be given to the matching forum for the student group, and moderator rights for the tutor and administrator groups.
Chatroom installation
The mChat module for phpBB was tested, but other solutions are possible.
- install mChat for phpBB :
http://www.phpbb.com/customise/db/mod/mchat_new_version/
(AutoMOD can help for the installation; the theme should be refreshed after the installation, otherwise the chat is displayed on a blue background and the scrollbar is missing; group permissions should also be added to let users use the chat)