Total Pageviews

Thursday, December 23, 2010

Technology’s Good, Bad and Ugly of 2010



As 2010 is wrapping up fast, I hope it’s a good time to look back and evaluate the happenings. Overall, we can say it was an average year from technology point of view. Various things were introduced, everything from advanced smart-phones to cheap e-readers to bold new set-top boxes. And let’s not forget the rise of the tablet era with the introduction of the Apple iPad. Hmm, however some achieved high success, and few… what to say.
It is said that high can’t be measured without lows. And if we look back, we get so many things to evaluate for good and bad. So, what I’ve decided is – to write a countdown article mentioning top 15 technology success and failures of the last year.
But before starting, I’d like to justify the title of this article. If something is evolved and it meets the expectation then it is kept in the category of ‘Good’, otherwise ‘Bad’, and if it’s development process is killed, then I’ll put it in category ‘Ugly’. However, this is just a good logic and salute to Client Eastwood for giving us such nice movie as well as title for my article. :) Lets begin…
Top 15 Failures of 2010
 15. McAfee’s fake update ‘false positive’
A news “McAfee update failure causes Windows XP crashes” flashed in the month of April. Whoops!!! A bad software update from McAfee put computer viruses to shame, when it shut down thousands of corporate Windows XP computers around the country. The problem was ? McAfee’s software flagged a critical system file as malicious and dumped it into quarantine. An update to McAfee’s software products identified a legitimate system file, SVCHOST.EXE, as malware and removed it from many systems. This is known as a ‘false positive’.
14. Google Buzz
Yes, nobody’s using Google Buzz(don’t say I’m nobody), despite the fact that every Gmail user had the service unwillingly piggybacked onto their account. I’m following almost my entire Gmail address book, and I get maybe two buzz updates per week. When I asked my friends (via Buzz) why nobody’s using it, I got back a single response: “One too many things that want to know what you’re doing now or what you’re thinking.” Which brings me to the next reason Google Buzz is a miserable failure. The reason I find is Google came late to the party. Everybody’s all a-twitter about Twitter (see what I did there?). Google’s arrival to the microblogging party is unexpected and totally untimely. So that’s why nobody’s using Buzz. The service was a tough sell to begin with, providing no Facebook integration and no way to push status updates to other social networks.
13. HP Slate 500
Even before Apple released the iPad, HP was positioning itself as a main competitor. The HP Slate 500 was supposed to have everything the iPad didn’t — Adobe Flash, front and rear cameras, USB input, removable storage — but plans changed when HP acquired Palm. Suddenly, the Slate went dark, eventually emerging as a business tablet with limited appeal. It was so limited, in fact, that HP expected to sell only 5,000 units, but “exceeded expectations” with 9,000 orders.
12. Android tablets
In 2010, so many tablets were launched, but instead only one dominated the market. Sure, Samsung’s Galaxy Tab is a decent enough rival to Apple’s iPad, but most manufacturers decided to wait until next year, when Google will release Honeycomb, a tablet-oriented version of Android. Other Android tablets, such as ICD’s Ultra (pictured), simply vanished from public consciousness.
11. Google Nexus One
We had high hopes for Google’s own Android smartphone, whose contract-free online-sales model was supposed to stick it to wireless carriers. Just one snag: Google relies on those wireless providers to make Android a success in the first place. But it failed, Why? I find three reasons:
  • The average consumer just doesn’t connect Google with mobile phones. Android is a very successful platform, but Android phones aren’t sold on their Google OS, they’re HTC phones or Samsung phones. Lots of people still think Google’s just a search engine, and though geeks are vocal, they’re not a huge market segment.
  • Only sold online. People like to hold things in their hands before they buy them, especially if it’s a big purchase. And they like to have deals stitched up for them.
  • No advertising. Of course if you google it, it’s top result.. but look at the effort Apple spends on adverts on TV, in papers, plastered all over stations. Phones are prestige items. If no-one’s heard of your handset, it’s a factor against buying one. Sure maybe Apple ODs on the hype and cult-like press conferences, but hell at least everybody has heard of them.
10. JooJoo
If the JooJoo, the CrunchPad, hadn’t come from the mind of TechCrunch editor Michael Arrington, it probably would have received less attention. But buzz can’t save a poor product, and the buggy, slow JooJoo never stood a chance, especially when it landed around the same time as the iPad. In case you missed it, the Crunchpad tablet PC-like device that was announced by TechCrunch’s Michael Arrington earlier this year has run into some internal problems – no, not the technical, operational or manufacturing type problems, but rather the political type.
9. Plastic Logic Que
Announced, delayed, and killed in the span of eight months, Plastic Logic’s Que was just another casualty in the e-reader price war. As lovely as an 8.5-by-11-inch E-Ink display sounds, the $649 starting price tag pretty much guaranteed that the Que would be dead on arrival. Plastic Logic says it’s still working on a next-generation model.
8. Google Wave
Wave technically coined in 2009, but the messaging and collaboration tool finally went public in May. It started out as an invite only application and the first users who got an invitation were the ones using Sandbox. In the first few weeks, everybody was dying to get their hands on the new product by google. Many weeks have gone by and google wave has opened their gates to everyone. But as the mystery of the google wave has unfolded, it has turned out that google wave has failed expectations. Google killed the project less than three months later. Why? Here are the reasons Too much conversation, Prone to excessive spamming, Real Time Chatting and Applications affect Load time are few important reasons of its failure.
7. iPhone 4 antenna
Knowledge of problems with the iPhone 4antenna went to the highest level.
An Apple senior antenna engineer, Ruben Caballero, raised concerns in planning meetings that the iPhone 4′s external antenna could cause reception problems, according to the report, and told Jobs his concern in 2009.
In addition, a phone carrier provider revealed the antenna problem, according to another person in the report.
Apple has grappled with the antenna issue almost since the day iPhone 4 was in customers’ hands in June. Some iPhone 4 owners reported that when the device is gripped in a certain way–usually if the lower left part of the phone is covered–the phone’s signal weakens or disappears.
Apple at first said that it was a problem common to any phone and suggested customers hold the phone in a different manner or purchase a rubber case for it. That didn’t seem to satisfy customers, and several days later Apple said the cause was actually related to software–the phone was incorrectly displaying the number of signal bars, and had been since 2007–and could be fixed with a forthcoming update.
6. White iPhone 4
Vaporware isn’t usually Apple’s thing, but the white iPhone 4 went up in smoke after months of broken promises. First it was pushed to July. Then “later this year.” And now it’s supposedly slated for spring 2011, which raises one question: Doesn’t it make more sense for Apple to focus on a pale iPhone 5?
5. BlackBerry Torch
The BlackBerry Torch only sold 150,000 units in its first three days? That’s not bad at all. The real disappointment here is how deeply RIM bought into its own hype.
The hordes are proclaiming the Torch a massive failure, and they’re right—but not because of how many units they sold. 150,000 handsets is a lot of phones. In fact, it’s totally in line with other major launches of the last couple of years: Sprint sold that many Evo 4Gs in its first three days, and it’s three times as many as the Palm Pre managed at launch.
4. Ask.com
After dropping Jeeves in 2006, Ask.com was never quite the same. The company redesigned its search product several times over the past few years, and in November finally decided to throw in the towel and outsource searches to a third party. Ask.com will now focus solely on its question-and-answer service — at least until it gets the redesign bug again.
3. Blockbuster
Blockbuster’s bankruptcy filing was no surprise to users of video rental 2.0 — namely, Netflix, Redbox, Hulu, and various set-top boxes and cable on-demand services. Although the company does offer Blockbuster On-Demand and mail-in rentals, this might be a case of “too little, too late,” because there’s no strategy to make its services any better than what’s already available. Blockbuster’s rival, Hollywood Video, went bankrupt and closed its doors in February.
2. MySpace
MySpace’s new design takes the focus off social networking and emphasizes media discovery. We think it’s a mess, but it’s also a concession: Facebook won the social war. And if you can’t beat ‘em, join ‘em.
1. Microsoft Kin
We saved the biggest failure for last. Microsoft’s Kin phone had the perfect setup for a colossal flop, from heaps of hype (the Verizon-Microsoft collaboration was once rumored to be an iPhone-killer) to a splashy marketing campaign aimed at cool teens and 20-somethings. But the product itself had the limitations of a feature phone — no video sharing, GPS, or apps — despite smartphone data pricing. The Kin was discontinued after just six weeks, though it recently made a comeback with stripped-down features and cheaper subscription plans. We suspect that Microsoft and Verizon are just dumping old inventory.
So, Microsoft Kin is the winner in this category.
Top 15 Winners of 2010
15. The iPhone Dev-Team and Apple Hacking
In July, the U.S. Copyright Office declared jailbreaking/unlocking iPhones to be legal–a win for consumers (at least, the hack-minded ones). But let’s face it, most of us are not really smart enough to figure out how to hack our devices all by ourselves. So thank you, iPhone Dev-Team, for all of your hard, unpaid work.
14. Froyo
No, not the delicious make-it-yourself Pinkberry-inspired frozen treat (although I would definitely put that at the top of my list), but Google’s Android version 2.2, colloquially known as “Froyo.” Android 2.2 was not only faster and sexier than previous Android iterations, but it included full flash support (take that, Apple!) and tethering. Perhaps Android 2.3–which was just released–will be a hit in 2011, but for now I’m sticking with Froyo.
13. Wii-Inspired Gaming
While it might seem like Sony’s Move controller for the Playstation 3 and Microsoft’s Kinect device for the Xbox 360 are a little behind the times compared to Nintendo’s Wii, that didn’t stop the add-ons to the two popular gaming consoles from selling quickly. Of course, it probably helps that both products launched later in the year — the Kinect, in fact, launched just a week before Black Friday.
12. iPhone4
The iPhone 4 was launched with an immense amount of hype and speculation surrounding it — and rightfully so, since it’s predecessors were (arguably) only the most influential smart phones in history. So how does one live up to such intimidating expectations? In Apple’s case, you do it by selling a record 1.7 million units in 3 days – over 70% more than their 3GS debut the year before. Success can be measured in numbers such as units sold, revenue generated, profit margins etc., but in Apple’s case, making money has not been a problem as of late. They have been immensely successful in almost every single venture they have embarked on this decade.
11. Avatar
Yes, I am talking about James Cameron’s movie – Avatar. In Academy Awards, it rocked. While 3D HDTVs didn’t exactly sweep the market this year (mostly due to expensive peripherals and lack of 3D content), James Cameron’s fantasy-sci-fi Pandora world of Avatar certainly did a lot to increase interest in the new technology. Unfortunately, the increased interest will have to wait –Panasonic has exclusive rights to the 3D Blu-ray version ofAvatar until 2012, and is only selling the sought-after disc as part of expensive bundles.
10. StarCraft II
You thought the iPad was special for selling 3 million units in the first 80 days? Well StarCraft II: Wings of Liberty sold half that number in the first two days. The much, much-anticipated sequel to Blizzard’s original real-time strategy game was 12 years in the making — and it shows. Needless to say, gamers young and old lined up (virtually and physically) to snag the game when it was released on July 27.
9. Google Voice
Google Voice has been around for a year and a half, but the online phone management service made some pretty big leaps in 2010. It was successfully ported to the iPhone in November, more than a year after it was initially rejected from the App Store. Google also added a free (though for a limited time) integrated call-to-phone service for Gmail users, and Gmail users responded enthusiastically by placing a million calls in the first 24 hours the service was available.
8. Angry Birds
Rovio Mobile probably had no idea what a potent combination little green pigs and slingshot-launching birds could be when it came out with Angry Birds in December 2009. The physics-based puzzle game, which features birds using themselves as cannon fodder in order to break down the defenses of egg-stealing pigs, has since been downloaded more than 50 million times across multiple mobile platforms.
7. 4G
Most of the major wireless carriers haven’t even released their new 4G networks yet, but the new super-fast data option is already buzzing on everybody’s minds. HTC released the first 4G phone in June, the HTC EVO 4G, on Sprint’s 4G network, and T-Mobile released its own MyTouch 4G shortly after. Verizon just recently announced that its 4G LTE networkis available in 39 U.S. cities, though Verizon currently has no 4G-capable phones available.
6. Windows 7
Lack of gripping doesn’t make software a success…but since Vista did create a lot of gripping from more than one channel, No Gripe is Good news for Windows 7 at least. So it should come as no surprise as was reported here yesterday “Windows 7 Fastest Selling Operating System In History Says Microsoft” that Windows7 has been a success story.
Now Steve Ballmer, Microsoft CEO, proclaimed at the 2010 Consumer Electronics Show in Las Vegas in January 2010, that Windows7 has close to 1 million applications supporting the Windows7 OS. No matter how you look at that, in just over two months, developers have embraced the OS. That is not all. The number of hardware devices supporting Windows7 is hovering around 250,000.
5. Groupon
If you have never heard of Groupon recently, you probably are not working in the tech industry because it is all over the blogosphere. After all, growing from zero to US$1.35 billion valuation in 18 months is pretty AMAZING.
So what are their secret weapons? What are they doing right? How are they gaining customers at such a rate? These are -
  • Crystal Clear Value Proposition
  • Built Virality inside the Product
  • Alternative to Traditional Advertising for Local Businesses
  • Negative Working Capital
4. Netflix
Even though Big Media is playing games with everyone else, Netflix seems to be finding ways to collaborate and also make customers happy. Biggest entertainment success of the year
3. Droid X
Droid X is a super hit smartphone, and it even had crossed the Motorola’s expectations. Though Motorola Droid X didn’t beat iPhone 4 in terms of the sales, but it has given iPhone 4 a great competition. Motorola Droid X is a really a fully loaded Android smartphone, and no doubt it’s one of the best smartphones Motorola has ever designed.
Thanks to Android, as Motorola has seen a lot of success these days with their Android based sets. Motorola managed to grab a respectable market share not just in United States, but also in countries like India. Motorola Tablet will sport a 10 inch screen, and 1 GHz or 1.3 GHz processor. Motorola Tablet will feature Android 3.0 OS!!! This tablet might make its debut by the end of 2010.
2. Samsung Galaxy Tab
Despite Steve Jobs’ protestations, folks seem to be loving this 7 inch Android Tablet from Samsung, even though it is running an OS not optimized for Tablets. No doubt about it, the Galaxy Tab is a success story. It is unveiled in Germany last week, and it is set to launch first in Europe. Initial reports of pricing, though, are not encouraging. In Sweden, the Galaxy Tab will retail for the equivalent of nearly $1250 USD, while the price reported from O2 in Germany places it near $1000 USD. Keep in mind this is nearly $200 more than the top-end 64Gb iPad with Wi-Fi and 3G.
1. Apple iPad
We can consider the 600,000 to 700,000 units sold on the first available day.
We can measure the simple amount of time bloggers and journalists rave about the product in reviews. For example, 12 of the 19 top stories on TechMeme are devoted to the Apple iPad.
I’ve been considering this one for some time. Developers are the backbone to the success of a product launch and Apple did it right. The compelling reason to own and use an Apple iPad is found in the App Store as well as the iBookstore.
So, Apple iPad is the winner in this category.
To CONCLUDE, I’d like to say that it was an average year from overall technology’s point of view. However, the year 2010 is a milestone in development of tablets, and started an era of tablets. A few failed and a few launched with bang. Success and failure are just two sides of a coin. No hard feelings for those who failed, this is just an critical review article, and even as Thomas Alva Edison’s quoted years back after successful evolution of electric bulb that – “I have not failed 1,000 times. I have successfully discovered 1,000 ways to NOT make a light bulb” and it is also said wounded minds have more power and potential of discovery. So, we’re expecting some good from failures, and just one word for achievers – Congrats !!!

Monday, December 13, 2010

CAS with ageci security

At my latest project I got the opportunity to use CAS server in combination with acegi security. With this setup it is possible to have a real single sign-on authentication over multiple contexts and servers.


On the acegi security site and the CAS site I could not find a tutorial to get this setup up and running correctly. It took me several days to get a hello world setup up and running. The biggest problem came across was outdated ageci security documentation. It seems that they did some refactoring in there code base! Additional I had some problem to get tomcat (https) configured correctly. This article will give you a guide on how to get this hello world setup up and running from scratch.

My setup is based on tomcat I used tomcat version 5.5.23 as my servlet engine. CAS needs to run on https, for https you need to sign your JDK by generating a certificate and add this to the jks keychain. WARNING generating the certificate use ‘localhost ’ as your name or common name, otherwise tomcat will not except this certificate.

$JAVA_HOME\bin\keytool -delete -alias tomcat -keypass changeit
    $JAVA_HOME\bin\keytool -genkey -alias tomcat -keypass changeit -keyalg RSA
    $JAVA_HOME\bin\keytool -export -alias tomcat -keypass changeit -file server.crt
    $JAVA_HOME\bin\keytool -import -file server.crt -keypass changeit -keystore %JAVA_HOME\jre\lib\security\cacerts
    $JAVA_HOME\bin\keytool -import -file server.crt -keypass changeit

For tomcat to accept https request the next few lines should be added to the server.xml. The .keystore file can be found in your home folder.

<Connector port="8443" maxHttpHeaderSize="8192"
       maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
       enableLookups="false" disableUploadTimeout="true"
       acceptCount="100" scheme="https" secure="true"
       clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/.keystore"
       keystorePass="changeit"/>

To get CAS going download the latest 3.x release, I used 3.1 and drop the cas.war in tomcat. For a simple hello world application CAS doesn't need any more configuration. CAS will aunthenticate all user who have the same username as password, I will come back to this later on

Ageci security was for me alot more difficult to setup correctly. The article will only walk you through the basics, for more details I refer to the source code.
<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
   <property name="userMap">
     <value>
       marissa=marissa,ROLE_USER,ROLE_SUPERVISOR
       dianne=dianne,ROLE_USER
       scott=scott,ROLE_USER
       peter=peter,ROLE_USER
     </value>
   </property>
 </bean>

 <bean id="casAuthenticationProvider" class="org.acegisecurity.providers.cas.CasAuthenticationProvider">
  <property name="casAuthoritiesPopulator"><ref local="casAuthoritiesPopulator"/></property>
  <property name="casProxyDecider"><ref local="casProxyDecider"/></property>
  <property name="ticketValidator"><ref local="casProxyTicketValidator"/></property>
  <property name="statelessTicketCache"><ref local="statelessTicketCache"/></property>
  <property name="key"><value>my_password_for_this_auth_provider_only</value></property>
 </bean>

Ageci is set up around the inMemoryDaoImpl, four users are defined marissa, dianne, scott, and peter. This DAO is used to get the credentials for the users who are authenticated by CAS, CAS can only check if a user is authenticated. The CasAuthenticationProvider has a special field 'key' what should be set to some special phrase. This phrase is used with-in CAS to distinguish the different client applications. This is necessary for applications what need extra security for instance for some applications CAS needs to re-check the credentials of the user to match the security requirements.

Monday, November 29, 2010

Difference between a Java interface and a Java abstract class?

Hello every one,
There are few points that I think distinguishes Java interface from a Java Abstract Class. have a look -
1. Methods of a Java interface are implicitly abstract and cannot have implementations. A Java abstract class can have instance methods that implements a default behavior.
2. Variables declared in a Java interface is by default final. A Java abstract class may contain non-final variables.
3. Members of a Java interface are public by default. A Java abstract class can have the usual flavors of class members like private, protected, etc..
4. Java interface should be implemented using keyword “implements”; A Java abstract class should be extended using keyword “extends”.
5. An interface can extend another Java interface only, an abstract class can extend another Java class and implement multiple Java interfaces.
6. A Java class can implement multiple interfaces but it can extend only one abstract class.
7. Interface is absolutely abstract and cannot be instantiated; A Java abstract class also cannot be instantiated, but can be invoked if a main() exists.
8. In comparison with java abstract classes, java interfaces are slow as it requires extra indirection.

Wednesday, November 24, 2010

User Registration (create account) Portlet customization

The registration or create account portlet in Liferay portal can be customized to add/remove some of its field without any coding.

This blog explain some of these customization properties which developers can add them in portal-ext to change the behavior of user registration portlet.

users.screen.name.always.autogenerate - If you do not want your users to provide screen name, you can use this property hide screen name text field. The default value is false. If it is changed to true, the screen name field will not appear on the registration page and screen name will be auto generated by the portal.

login.create.account.allow.custom.password - The default registration portlet in Liferay doesn't provide option of password selection to user. If this property is set to true, the registration screen will show password fields to user and user can provide password of his/her choice.

field.enable.com.liferay.portal.model.Contact.male - If your site is not interested in knowing the gender of the user, you can remove gender selection from the page by setting false value of this property.

field.enable.com.liferay.portal.model.Contact.birthday - Last configuration is for birth date field. You can remove bith date selection by setting false value to this property.
captcha.check.portal.create_account - This propery can be used to tell whether or not to use captcha checks for the account creation.

users.email.address.required - Set this to false if you want to be able to create users without an email address. An email address will be automatically assigned to a user based on the property "users.email.address.auto.suffix". If user is entering his email id, the system will not generate a new one. Usually, setting this property to false will make sense when you don't want user to use email address for login.

Saturday, November 20, 2010

Security Questions customization

I've seen various time people asking for disabling security question and creating custom questions. That's why I am writing this post. However its quite easy.


For disabling the queries, we have to set the following properties false in portal-ext.properties
users.reminder.queries.enabled=false

When you press the drop down list box of security questions, a entry is shown -"write my own question", that can be disabled by setting the following property false in portal-ext.properties as follows:
users.reminder.queries.custom.question.enabled=false

However, if you wish to display your own custom question in the drop down list box, that's a bit tricky, but not too difficult at all. One important thing to note about this - they are not stored in an any database table, but in language_en.properties (and in other locales) file, and whose key is provided in the portal.properties file's following property:
users.reminder.queries.questions= <list of question keys>
Now, for creating your own question, you have to create a (or more) question(s) with unique key(s), and list those keys as the value os above mentioned property in portal-ext.properties file.

Don't forget to add your custom language-ext.properties file in you stack in ext-impl/src/content, so that it can also be overridden. In the same way, you can create property file for all other supported locales too.

see the following example:

portal-ext.properties
users.reminder.queries.questions= question-1,question-2

Language-ext.properties
question-1=this is the first question
question-2=this is the second question
question-3=this is the third question


Disabling Terms and Condition
set the following property false in the portal-ext.properties for disabling terms and condition:
terms.of.use.required=false

Wednesday, November 17, 2010

Custom Attributes in Liferay


Follow the steps for making custom attributes-
Go to Control Panel -> User - > Custom Attribute -> Add Custom Attribute

An Attribute is a key and type of the field (once saved) cannot be changed at all...

Accessing Custom Attribute Pragmatically
ThemeDisplay td=(ThemeDisplay)request.getAttribute(Web_Keys.THEME_DISPLAY);
User u=td.getUser();
System.out.println(u.getExpendoBridge().getAttribute("CustomAttributeName"));


Setting Attribute Pragmatically
ThemeDisplay td=(ThemeDisplay)request.getAttribute(Web_Keys.THEME_DISPLAY);
User u=td.getUser();
System.out.println(u.getExpendoBridge().setAttribute("CustomAttributeName","Value"));


Adding custom Attribute form element at Sign In Portlet

write the following code in /root/html/portlet/login/create_account.jsp
<liferay ui:custom-attribute-list
                  className="com.liferay.portal.model.user"
                  editable="<%=true%>"
                  label="<%=true%>">

but this will not visible to due to permission. So, login as admin and provide permission to guest to see and modify custom field through control panel.

Saturday, November 13, 2010

Redirect to another Portlet

This is a very short post, but big enough in its work.
The following code is capable of redirecting to some other portlet.


ThemeDisplay themeDisplay = (ThemeDisplay)liferayPortletRequest.getAttribute(WebKeys.THEME_DISPLAY);
String url =  themeDisplay.getPortalURL() + themeDisplay.getPathMain() + "/message_boards/find_message?messageId=" + _message.getMessageId();

Wednesday, November 3, 2010

Portlet Definition in EXT Environment

The file liferay-portlet.xml may be placed in the WEB-INF directory of any portlet application to configure Liferay Portal specific features. Following is an example of what this file may look like:

<?xml version="1.0"?>
<!DOCTYPE liferay-portlet-app PUBLIC "-//Liferay//DTD Portlet Application 4.2.0//EN" "http://www.liferay.com/dtd/liferay-portlet-app_4_2_0.dtd">

<liferay-portlet-app>
 <portlet>
  <portlet-name>1</portlet-name>
  <struts-path>mail</struts-path>
  <preferences-unique-per-layout>false</preferences-unique-per-layout>
  <preferences-owned-by-group>false</preferences-owned-by-group>
  <use-default-template>false</use-default-template>
  <restore-current-view>false</restore-current-view>
  <maximize-edit>true</maximize-edit>
  <private-request-attributes>false</private-request-attributes>
  <render-weight>0</render-weight>
 </portlet>
...
</liferay-portlet-app>

The portlet-name element must be equal to the portlet name specified in the portlet.xml file. Here is a complete list of all the available options.

struts-path
This option is only useful when using the Liferay StrutsPortlet framework. Suppose the struts-path value is "mail". This tells the portal that all requests with the path mail/* are considered part of this portlet's scope. Users who request paths that match mail/* will only be granted access if they also have access to this portlet. This is true for both portlet requests and regular servlet requests.
configuration-path
The configuration-path value is a Struts path that allows users to configure the portlet at runtime. The Struts path must reference a class that extends com.liferay.portal.struts.PortletAction.
indexer-class
The indexer-class value must be a class that implements com.liferay.util.lucene.Indexer and is called to create or update a search index for the portlet.
scheduler-class
The scheduler-class value must be a class that implements com.liferay.portal.job.Scheduler and is called to schedule Quartz jobs for this portlet.
portlet-url-class
The portlet-url-class value must be a class that extends com.liferay.portlet.PortletURLImplWrapper. Set this class to override the default portlet URL implementation.
portlet-url-class
The portlet-url-class value must be a class that implements com.liferay.portal.servlet.FriendlyURLPortletPlugin. Use this if content inside a portlet needs to have a friendly URL. See the Message Boards portlet source code for an example of its uses.
portlet-data-handler-class
The portlet-data-handler-class value must be a class that implements com.liferay.portal.kernel.lar.PortletDataHandlerand is called when archiving tasks are run.
smtp-message-listener-class
The smtp-message-listener-class value must be a class that implementscom.liferay.portal.kernel.smtp.MessageListener and is called when processing emails.
preferences-company-wide
Set the preferences-company-wide value to true if the preferences for the portlet are across the entire company. Setting this value to true means the value for preferences-unique-per-layout and preferences-owned-by-group are not used. The default value is false. For example, an administrator could set the preferences to an Announcements portlet that would save a message in the portlet's preferences. This message would then be used across all pages for that company. The portlet must not be instanceable because instanceable portlets have uniquely generated portlet ids. The default behavior of the bundled Announcements portlet sets the instanceable value to true so that normal users cannot create company wide messages. A future release would include permissions for the edit mode versus the view mode which would allow an administrator to set the message while users would just view the message.
preferences-unique-per-layout
Set the preferences-unique-per-layout value to true if the preferences for the portlet are unique for each page. If set to false, the preferences for the portlet are shared across all pages. The default value is true. The preferences-unique-per-layout element is used in combination with the preferences-owned-by-group element. See the comments for the preferences-owned-by-group element for more information.
preferences-owned-by-group
Set the preferences-owned-by-group value to true if the preferences for the portlet are owned by the group when the portlet is shown in a group page. If set to false, the preferences are owned by the user at all times. The default value is true. Suppose the Stocks portlet has preferences-unique-per-layout set to true and preferences-owned-by-group set to false. Users can set a different list of stocks for every personal page. Users can set a different list of stocks for every community page. Suppose the Stocks portlet has preferences-unique-per-layout set to false and preferences-owned-by-group set to false. Users can set one list of stocks to be shared across all personal pages. Users can set one list of stocks to be shared across a community's set of pages. Suppose the Stocks portlet has preferences-unique-per-layout set to true and preferences-owned-by-group set to true. Users can set a different list of stocks for every personal page. Administrators set the portlet preferences for users in a community page. Administrators can set a different list of stocks for every community page that are then shared by all users within a community. Suppose the Stocks portlet has preferences-unique-per-layout set to false and preferences-owned-by-group set to true. Users can set one list of stocks to be shared across all personal pages. Administrators set the portlet preferences for users in a community page. Administrators can set one list of stocks to be shared by all users across a community's set of pages.
use-default-template
Set the use-default-template value to true if the portlet uses the default template to decorate and wrap content. Setting this to false allows the developer to own and maintain the portlet's entire outputted content. The default value is true. The most common use of this is if you want the portlet to look different from the other portlets or if you want the portlet to not have borders around the outputted content.
show-portlet-access-denied
Set the show-portlet-access-denied value to true if users are shown the portlet with an access denied message if they do not have access to the portlet. If set to false, users are never shown the portlet if they do not have access to the portlet. The default value is set in portal.properties.
show-portlet-inactive
Set the show-portlet-inactive value to true if users are shown the portlet with an inactive message if the portlet is inactive. If set to false, users are never shown the portlet if the portlet is inactive. The default value is set in portal.properties.
action-url-redirect
Set the action-url-redirect value to true if an action URL for this portlet should cause an auto redirect. This helps prevent double submits. The default value is false.
restore-current-view
Set the restore-current-view value to true if the portlet restores to the current view when toggling between maximized and normal states. If set to false, the portlet will reset the current view when toggling between maximized and normal states. The default value is true.
maximize-edit
Set the maximize-edit value to true if the portlet goes into the maximized state when the user goes into the edit mode. This only affects the default portal icons and not what may be programmatically set by the portlet developer. The default value is false.
maximize-help
Set the maximize-help value to true if the portlet goes into the maximized state when the user goes into the edit mode. This only affects the default portal icons and not what may be programmatically set by the portlet developer. The default value is false.
maximize-print
Set the maximize-print value to true if the portlet goes into the maximized state when the user goes into the edit mode. This only affects the default portal icons and not what may be programmatically set by the portlet developer. The default value is false.
layout-cacheable
Set the layout-cacheable flag to true if the data contained in this portlet will never change unless the layout or portlet entry is changed.
instanceable
Set the instanceable value to true if the portlet can appear multiple times on a page. If set to false, the portlet can only appear once on a page. The default value is false.
private-request-attributes
Set the private-request-attributes value to true if the portlet does not share request attributes with any other portlet. The default value is true.
render-weight
The default value of render-weight is 1. If set to a value less than 1, the portlet is rendered in parallel. If set to a value of 1 or greater, then the portlet is rendered serially. Portlets with a greater render weight have greater priority and will be rendered before portlets with a lower render weight. If the ajaxable value is set to false, then render-weight is always set to 1if it is set to a value less than 1. This means ajaxable can override render-weight if ajaxable is set to false.
ajaxable
The default value of ajaxable is true. If set to false, then this portlet can never be displayed via Ajax.
add-default-resource
If the add-default-resource value is set to false, and the portlet does not belong to the page but has been dynamically added, then the user will see that he does not have permissions to view the portlet. If the add-default-resource value is set to true, the default portlet resources and permissions are added to the page. The user can then view the portlet. Most portlets are harmless and can benefit from this flexibility. However, to prevent security loop holes, the default value is false.
system
Set the system value to true if the portlet is a system portlet that a user cannot manually add to their page. The default value is false.
active
Set the active value to true if the portlet is active and available to users. If set to false, the portlet will not be active or available to users. The default value is true. This value can be changed at runtime via the Admin portlet.
include
Set the include value to true to if the portlet is available to the portal. If set to false, the portlet is not available to the portal. The default value is true. Portlets that are not included as part of the portal are never available to the user to be made active or inactive. As far the user knows, the portlets do not even exist in the system. This allows the Liferay developers to bundle a lot of portlets in one core package, and yet allow custom deployments to turn on or off individual portlets or sets of portlets. This follows the Siebel and Microsoft model of bundling everything in one core package, but using XML configuration or registry settings to turn on and off features or sets of features. We do not recommend that custom deployers modify the core source by removing specific portlets because this prevents an easy upgrade process in the future. The best way to turn on and off portlets is to set the include element. The advantage of this way of doing things is that it becomes very easy to deploy Liferay. All features are available in one package. The disadvantage is that by not utilizing all of the portlets, you are wasting disk space and may even take a small but static memory footprint. However, we feel that the extra disk space and memory usage is a cheap price to pay in order to provide an easy installation and upgrade path.
In addition to specifying the above parameters specific to each portlet, the liferay-portlet.xml file can also be used to specify role mappings and custom user attributes global to the whole portlet application. Here is an example:

<?xml version="1.0"?>
<!DOCTYPE liferay-portlet-app PUBLIC "-//Liferay//DTD Portlet Application 4.2.0//EN" "http://www.liferay.com/dtd/liferay-portlet-app_4_2_0.dtd">

<liferay-portlet-app>
...
 <role-mapper>
  <role-name>user</role-name>
  <role-link>User</role-link>
 </role-mapper>
 <custom-user-attribute>
  <name>user.name.random</name>
  <custom-class>com.liferay.portlet.CustomUserAttributes</custom-class>
 </custom-user-attribute>
</liferay-portlet-app>

Here is a more detailed description of these elements:

role-mapper
The role-mapper contains two names specified by role-name and role-link. The role-name value must be a role specified in portlet.xml. The role-link value must be the name of a Liferay role that exists in the database. The role-mapper element pairs up these two values to map roles from portlet.xml to roles in the Liferay database. This is needed because Liferay roles may contain spaces whereas roles in portlet.xml cannot contain spaces. This also adds extra flexibility where the portlet vendor does not need to have any knowledge about Liferay's roles.
custom-user-attribute
The custom-user-attribute contains a list of names that are retrieved using a custom class that extendscom.liferay.portlet.CustomUserAttributes. For a usage example, download the sample hot deployable portlet WAR named test.war. Look for the classcom.liferay.portlet.teststruts.TestStrutsUserAttributes to see how it associates the custom user attribute "user.name.test" with the value "Test Name". This class could be modified to read custom user attributes from another datasource that may be a database, a LDAP server, or a web service.