A few days ago I wrote a goofy post about the current state of open source Java-based portal software in which I half-concluded that Liferay is the only choice worth considering, and that unfortunately Liferay will drive a person completely insane.
I stand by my claims, but after the comments I received I think that I need to let people know where I'm coming from. What I want from a portal is an out-of-the-box collaborative experience to synergize my enterprise. But seriously, what I want is an application that can satisfy two basic requirements:
1) The application should provide all of the basic collaborative features that one would expect to use here in 2009. What does that mean? It means wikis, blogs, forums, chat, file sharing, etc. These are not things that I want to spend time implementing.
2) The application should be extensible. This is the whole point of a portal, and all portal applications meet this requirement.
Given these requirements and then considering the sorry state of open source portlets, the only choice worth considering is Liferay. The whole point of Liferay is that BAM, your Intranet portal is up and running and usable, and you can get on with implementing the important bits that are specific to your business.
When you first install Liferay, it's a very "WOW!" experience. It actually starts up and works and looks slick. Drag & drop, tons of portlets, etc. For a good week or so you can have a lot of fun setting it up and showing it off; your friends and collegues will be amazed! But when you actually start to get in to the nitty gritty of your Liferay implementation, things start to fall apart.
I spent a fair bit of time trying to decide if I should write this post or not. On one hand I'm really starting to like the Liferay community, and the developers seem like good people. On the other hand, there's not a lot of information out there about Liferay and I feel like the whole point of the "blogosphere" is to share our experiences for the betterment of all. Everything I'm writing here is based on my own personal experience with Liferay, and unfortunately, just about everything I write from here on is going to be negative.
Advice about Liferay in the Enterprise (or just your Business):
1) Liferay security is extremely poor.
I know that this might be a little controversial as I've read other blogs praising Liferay's permissions system... but really, just because something is really hard to understand doesn't mean that it's good, or even working.
If you're setting up Liferay in your business, then it's imperative that you test and re-test the restrictions in place on every single bit of data that you're exposing through your portal. One of the biggest problems I've had with Liferay is little pieces of confidential information showing up here and there for people who should not have access to it.
For example, the search portlet *will* comprimise security by showing search results, complete with abstracts, to users that should not have access to them. If you have a wiki hiding somewhere in a closed community, and have the tightest permissions on that thing you can possibly set, the search portlet is still going to show results from that wiki to every knucklehead on the site. The reason for this is that Liferay's opensearch implementation doesn't yet do "Liferay permissions." There's no big warning anywhere about this, so hopefully you found out about it by reading this instead of the hard way. My advice: do not use the search portlet.
Another example is the fine-grained permissions for each portlet. Often times they simply do not work correctly. Take the message board: if you create a restricted category (e.g. "forum"), then the posts in that category do not inherit its permissions, and are viewable by anyone with a link. Then, even if you lock down the security of each post in the restricted category, the post title and abstract will still appear to anyone who clicks the "Recent Posts" tab! This problem isn't isolated to the message board; I've found similar behavior in the document library and blog portlets. My advice: do not use fine-grained permissions in Liferay. I should also note that the activities portlet doesn't respect fine-grained portlet permissions at all.
If the above aren't enough to make you uneasy, then there is also a report of an NTLM bug in which any non-domain user can login as any user with a blank or random password. This is a big one, and one that should have been nailed immediately. That it existed in 5.1 and still exists in 5.2.1 is inexcusable. My advice: do not expose your Intranet portal to the outside world.
2) Liferay is very buggy.
It seems like everytime I try to set something up, whether it be a wiki or a blog or whatever, I run into some maddening bug. For instance when editing a wiki page or forum post, all of the new line characters disappear! This makes the entire wiki virtually unusable or at least a significant pain in the rear. A bug report was filed for this one and a fix has been committed, but the problem exists in the default 5.2.1 package that you're going to download. Heck, it even exists on the Liferay community site itself.
Aside from that I've seen 3rd party portlet javascript completely break Liferay's javascript, bugs in the new scoping feature, portlets that simply don't install or work, and a variety of other flaws. Without going into detail about every annoying little thing that I've run across, I'll just leave you with this: be prepared to download the Liferay source and do a bit of patching yourself.
There are hundreds of bugs in the Liferay JIRA, and something like 75+ critical bugs. They don't seem to get patched up very quickly. I know the developers are doing the best they can.
3) Documentation is hit or miss.
The Liferay Administrator's Guide is fantastic. Unfortunately, it's for 5.1 and some important bits aren't going to work for 5.2. Things like database configuration. The Liferay wiki is ok, but I really have a hard time using it. For whatever reason, it's very hard to drill down to topics that are relative...everything's in this search view that returns way too many results. I hate wikis for technical support anyhow because the information is almost always incomplete or out of date.
4) Community is hit or miss.
The community can be really great, and it can also be really bad. What I've found is that a single user who really gets on the ball in the forums can start a chain reaction and forum usage goes up. All too often, however, the forums seem to wither and a lot of posts with good questions go unanswered.
If you're going to use Liferay, then I recommend getting active in the community, and don't let your questions go unanswered. Bump away. The traffic on the forums isn't very high so nobody is going to get too upset.
5) The permissions system is whack.
There's a hilarious diagram in the Liferay Administrator's Guide that is intended to make the permissions system easy to understand. On the contrary, it just demonstrates the complexity. Maybe I'm "old school" or something, but users and groups are just fine. Want to throw in roles? Fine. But I don't need communities and organizations and locations and public and private pages and everything else all mixed up with users and groups and roles.
Here's what I recommend: assuming that you're going to want to bring your users in from LDAP or some external source, don't bother using Liferay organizations. The idea behind organizations is interesting, but the benefits of using them are very few and I've run into more bugs due to the added complexity. Instead, just use Liferay communities. Unlike organizations, user groups can be associated with communites, which allows you to grant access to a particular community to a user group that you've imported via LDAP. This way you can manage your users in a more centralized way, which is sorta the whole point of LDAP.
Another recommendation: use public pages sparingly. From what I can tell, public pages in Liferay are groups of pages with Guest access hard wired to "on". I can't think of many good reasons for this in a corporate environment, especially if you occasionally have guests on your network.
6) Liferay releases are... odd.
Be very careful before deciding to upgrade to the latest release of Liferay. With 5.2 we saw changes to database setup that were sort of hard to find, a bunch of example data that had to be physically removed, and a whole bunch of portlets and themes that took a month or so to be released.
7) Performance is pretty poor.
Now maybe I'm being too harsh, but the requirements for running Liferay are pretty high. Be prepared to dedicate a server instance to Liferay with a couple gigs of memory and a decent CPU.
Ok, so I think I've covered everything that's bothered me about Liferay thus far. Reviewing my list, it almost seems like Liferay could use some real business-grade suit-and-tie management to make sure that priorities are set and that the project as a whole moves in some well-defined direction. With things like Social Office taking up developers time, I really don't see the overall quality of Liferay improving much. Given that, it's important to take it for what it is and work around its problems and limitations because it is a good product. It's miles ahead of the other portals out there in terms of end user experience, administration, and simply getting a full-featured portal up and running in short order.
Tuesday, February 24, 2009
Things You Should Know About Liferay in the Enterprise
Thursday, February 12, 2009
How to Select an Open-Source Java Portal for your Enterprise
As usual, I'm spending a lot of time trying to select the appropriate open-source java-based portal for my enterprise (e.g. "company"). I say "as usual", because I've been doing this for a couple of years now. With this vast experience under my belt, I thought it appropriate to share my strategy and process with you all.
1. Determine Your Requirements
This is the best part of portal research! You should write down every cool idea you can think of. Dare to dream big!
Ok, now start crossing stuff off until you're left with the following:
Requirement #1: Portal must work.
Requirement #2: Portal must include Amazing Google Maps Mashup portlet, RSS Reader portlet, and Analog Clock portlet.
There, now you've chosen some realistic requirements.
2. Observe the Desolate Playing Field.
Ok, there are really only a few choices here, so let's not complicate things too much.
Contender #1: Liferay.
Contender #2: Jboss.
Contender #3: eXo.
Contender #4: GridSphere.
Contender #5: StringBeans.
Contender #6: Jetspeed and the like.
3. Choose Liferay
It's just the obvious choice. It looks good. It's easy to create layouts. It has an analog clock portlet. Oops, analog clock isn't available on the latest version. Oh well, it still has Google Maps and an RSS reader, which are both critical to business operations.
But seriously, it has a crapload of portlets and is fairly easy to get running.
4. Fall Out of Love with Liferay
Ok, you know that one feature that you left in your requirements even though I told you to cross it off? You know how you're all excited about Liferay having a sweet portlet that satisfies that requirement? Well, that feature is probably broken.
5. Hate Liferay
This is a big step in our process. It takes a little while to get to this point, and it's important to simply confront the fact that you hate Liferay. Listen, it's ok. Don't feel bad for the way you feel. We've all asked questions in the Liferay forums, and we've all experienced that 90% of them go unanswered. We've all been trapped by a bug fix over here that breaks something over there. Yes, my friend, that portlet really did disappear after you upgraded, and it might not be coming back for several months. No, the code comments aren't just hiding somewhere.
6. Visit JBoss Website
Jboss Portal is it. This is a big company sponsored project. We all know about it. Hell, we have unopened email somewhere deep in our inbox from a RedHat salesman trying to sell us this amazing free software. Look at this site, it's so awesomely corporate.
7. View JBoss Portal Demo on JBoss website.
8. Download eXo Portal.... and stuff
So you've heard a lot about eXo, and holy crap the featureset is huge. This one product can do everything you need, and everything you didn't know you needed. Except it's not just one product, it's a half dozen different products. Oh, but there's an "all-in-one" product, cool. Wait a minute... how the hell does this thing work... let's look at the documentation...
9. Visit Gridsphere Website.
Quick, find a screenshot. I'll wait.
10. Check out StringBeans.
Wha?
11. Look at JetSpeed, uPortal, and All the Other Products That Would Appeal to those Guys Who Use vi and Brag About It.
12. Go Back to Liferay
By this time you've forgotten all the bad times, and Liferay is starting to look pretty hot again. Maybe this time it'll work out. Maybe it was just you. Maybe Liferay has really changed this time.
13. Repeat this Process ad nauseam.
Meanwhile, you're still using Sharepoint.
Wednesday, July 16, 2008
Liferay + Alfresco = Lalfrescoray
Hey what's that, some egg on my face?
My comments about the Liferay WebDAV support in this whiny article are incorrect. As of Liferay 5.1 WebDAV does seem to work since I replaced a goofy NIC in my server. Please see the article comments for more information.
*************************************
Once again I find myself stuck between two partial solutions that I can't combine to solve what seems to me to be a rather simple problem. Here it is:
1) I need a "portal".
2) I need a document management "portlet".
3) I must access the document management system via CIFS or WebDAV.
4) The system must be somewhat seamless; single sign on at least.
After reviewing some options, I decided that Liferay should be able to meet my requirements. It's a "portal" with lots of "portlets" included, including document management. (notice my sarcastic quotation marks)
DENIED: Liferay's WebDAV doesn't work well enough to be considered well enough.
Ok ok, I've heard a lot of talk on the ol' blogosphere about integrating Alfresco and Liferay. From all the buzz it must be a pretty good solution, especially with all this "web script" stuff on the Alfresco side. Plus Alfresco has some great features that I can take advantage of, and I know that it's CIFS support works because I've used it in the past.
FAIL. Liferay and Alfresco do not mix. Like, not at all. Well, not if you want to use Alfresco 2.1 Community or better. (BTW, the latest Liferay Alfresco Content Portlet 5.0.0.1 uses Alfresco 2.0) Ok ok, I'm being a little too negative. They do mix I'm sure if you write your own authentication filter to make SSO work. No problem!
You see, both Liferay and Alfresco love talking it up about standards support, like JSR-168, but it seems that neither of them pull it off well enough to, you know, INTEROPERATE.
The guy (guys?) at Cignex have a supposed solution using CAS between the two, but Alfresco doesn't jive with CAS as easily as Liferay, and I couldn't get this working reliably for SSO. I even bought this book called "Liferay Portal Enterprise Intranets" by Jonas Yuan in anticipation of the Alfresco integration section. What a complete bust and $60 down the drain. The book isn't necessarily bad, but the devil is in the details and the book is unfortunately devil-free.
Not suprisingly, another solution is to simply purchase Alfresco Enterprise, because it uses a different code base than community. In fact, Alfresco Enterprise 2.2+ will work with Liferay while Alfresco Community 2.9B will not. Open source? Sorta.
Frankly, I'm a little bit suprised to see the world of open source portals and document mangagement systems still in such a ridiculous state. Liferay has more bugs than a volkswagon dealer and both Liferay and Alfresco are stupidly difficult to configure in any interesting way, as all Java-based web applications seem to be. XML NIGHTMARE! Here's a tip: if it takes weeks just to understand how to configure your software, then your software isn't finished. Excessive meta configuration files are not a feature. Most of your users don't give a shit about Java Beans or any other beans for that matter.
Community? Not very good in either camp. Outdated documents, wikis (DIE WIKI DIE) and very poor forum support.
Not to just pick on Liferay and Alfresco, I've also tried out Exo and Icecore (built on Liferay) with limited success. I've looked at the JBoss portal a few times also but I just can't get over them basing their forum portlet on phpBB. I know, sounds petty, but phpBB....jesus...I don't want to think about this anymore. Bye.
Oh, and one more thing (damn I'm frustrated). HTTP Basic Auth is NOT a good solution for any feature of any software intended to be used in the Enterprise. (yes, including the Starship Enterprise) Pushing it over SSL only makes transport safer, and doesn't solve the root problem. (and we're just self-signing anyhow, even if we don't like to admit to it) And entering a password into a browser is NOT a good solution, ever. Receiving a password from a web browser is NOT a good solution. This is all the more true on the Starship Enterprise where people are either using potentially weak SSO or making all of their passwords match. The last thing you want are domain passwords in your damn browser cookies. I'm looking at you, REST authentication appologist!