Using P&P in Distributed Environments
Mihai Cadariu shows how to solve the challenge that occurs when you use the Content Delivery software component called Personalization & Profiling (P&P) on a different server than the server to which the Web site visitor logs in.
In a non-distributed environment, P&P runs on the Presentation Server that processes the requests and generates responses. On such a server, the Web site visitor logs in and P&P makes use of the visitor's user name (that is, the 'remote user') in order to identify the P&P user. To create or load a user from the Content Broker database, P&P uses the P&P cookie, together with the name of the remote user. P&P can find out this user name by checking the value of the server variable REMOTE_USER, which contains the name of the user (visitor) who is currently logged in.
However, in a distributed environment, P&P runs on a different server than the one to which the user is logged in. Now, there is no REMOTE_USER server variable available on the P&P server. As a result, P&P cannot identify the user, so it fails to load the right user from the Content Broker database.
Example: P&P runs on a separate server. Requests to P&P are sent to a Web service that acts like a proxy for requests and responses. P&P sends the responses back to the Web service, which then proxies them back to the original caller. The visitor is logged on the original server, but not to the Web service or to the P&P server. Therefore there is no REMOTE_USER server variable available for P&P to load the user from the Broker database.
To solve this problem, pass the value of the REMOTE_USER server variable to the P&P server, so that P&P can use it to identify the user.
To do this on a Java environment, execute the following steps to implement this solution:
- Place a request filter on the P&P server, just before P&P is hit. The filter wraps the original request and adds REMOTE_USER information to the subsequent filters/servlets in that request series. The REMOTE_USER information is read from either the URL param, request attribute, cookie or session attribute.
Subsequent filters/servlets use the wrapped request, so P&P reads the remote user (i.e. request.getRemoteUser() ) and loads the P&P user from the Content Broker database.
- The Web service propagates the following:
- On requests from to P&P:
- The P&P cookie, if it exists;
- The 'RemoteUser' cookie or URL parameter (if it exists) that the filter will use;
- On responses from P&P:
- The P&P cookie generated by P&P
- The original Presentation Server needs to send information about REMOTE_USER to the Web service. This is the cookie or URL parameter 'RemoteUser' with its value set to the name of the currently logged in user.
High-level description of a request life-cycle:
- A Page is requested to the Presentation Server
- The Presentation Server has a P&P cookie coming from the visitor's browser;
- The Presentation Server adds a RemoteUser cookie or URL parameter to the request (set to the name of the current logged in user, otherwise the cookie is empty or there is no cookie at all)
- The Presentation Server forwards the request to the Web service
- The Web service receives the request from the Presentation Server
- The Web service sends the request to the P&P server including the P&P cookie and the vRemoteUser cookie or URL parameter.
- The P&P server receives request
PseudoAuthentication filter reads the RemoteUser cookie and wraps the request inside this information
- Thw P&P server executes, and P&P creates a User based on P&P cookie and RemoteUser information
High-level description of a response life-cycle:
- P&P sends a response to the Web service
- The response contains a P&P cookie set by P&P
- The Web service receives the response
- The Web service uses the P&P cookie from P&P Server
- The Web service places the P&P cookie in the response to Presentation Server
- The Web service sends the response to the Presentation Server
- The Presentation Server receives a response from the Web service
- The Presentation Server sends a response and the P&P cookie to the visitor's browser
The filter mentioned above is called the
PseudoAuthenticationFilter and it is part of the TDFramework which comes with CWA.
It is a request filter that creates a request wrapper and calls the other filters in the chain using the wrapped request.
The wrapped request contains all the information of the original request and also some extras such as REMOTE_USER. The wrapped request reads the remote user information from a cookie, URL parameter, request attribute or session attribute called 'RemoteUser'. The location of the 'remote user' information is configurable in the file cd_tdf_conf.xml.
The wrapped request overrides the
getUserPrincipal() methods to return the information sent in the cookie, URL parameter, request attribute or session attribute. If the remote user information is missing, it will return the original request remote user and principal user, respectively.