-----Original Message-----
From: Rob Lapensee [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 29, 2000 8:24 AM
To: Kiarash Keyghobadi
Subject: problem with InitialContext / user / password
We are having a problem where the user/password, if entered wrong the first
time, will always throw a SecurityException all subsequent tries for the
correct user/password.
If the first user/password is entered correct, it works.
The client program was a servlet running under Tomcat. In Tomcat, once the
servlet object is instantiated, it will be re-used for subsequent requests.
This was on a Linux box, Orion/1.0.
Sun/Inprise jdk 1.2.2
So some sample programs were written to determine the problem. It seems
that after the first user/password are sent as properties with the first
"new InitialContext(Properties)", all subsequent "new
InitialContext(Properties)" will utilize the same user/password.
The sample client program (LoginTest) tries to connect with "admin", and the
FBS EJB displays the results from:
SessionContext.getCallerPrincipal().getName();
Which displays "admin"
The client program then goes on to connect via "user", at which point the
FBS EJB displays "admin" again.
The sample was run on NT 4.0, service pack 6.
Javasoft jdk 1.2.2
It showed the problem on Orion/1.0 and Orion/1.0.11.
I have included all configuration files and all programs required to run the
test.
Hopefully someone can determine if this is a bug in the Orion server or a
configuration problem.
Regards,
Rob Lapensee
Director of Technology
Delfour Corporation
[EMAIL PROTECTED]
www.delfour.com
<?xml version="1.0"?>
<!DOCTYPE principals PUBLIC "//Evermind - Orion Principals//" "http://www.orionserver.com/dtds/principals.dtd">
<principals>
<groups>
<group name="users">
<description>users</description>
<permission name="rmi:login" />
<permission name="com.evermind.server.rmi.RMIPermission" />
</group>
<group name="guests">
<description>guests</description>
</group>
<group name="administrators">
<description>administrators</description>
<permission name="administration" />
<permission name="com.evermind.server.AdministrationPermission" />
</group>
</groups>
<users>
<user username="user" password="456" deactivated="false">
<description>The default user</description>
<group-membership group="users" />
<group-membership group="guests" />
<group-membership group="administrators" />
</user>
<user username="anonymous" password="">
<description>The default guest/anonyomous user</description>
<group-membership group="guests" />
</user>
<user username="admin" password="123">
<description>The default administrator</description>
<group-membership group="users" />
<group-membership group="guests" />
<group-membership group="administrators" />
</user>
</users>
</principals>
<?xml version="1.0"?>
<!DOCTYPE application-server PUBLIC "Orion Application Server Config" "http://www.orionserver.com/dtds/application-server.dtd">
<application-server
application-directory="../applications"
deployment-directory="../application-deployments"
>
<rmi-config path="./rmi.xml" />
<!-- JMS-server config link, uncomment to activate the JMS service -->
<!-- <jms-config path="./jms.xml" /> -->
<principals path="./principals.xml" />
<log>
<file path="../log/server.log" />
</log>
<global-application name="default" path="application.xml" />
<global-web-app-config path="global-web-application.xml" />
<web-site path="./default-web-site.xml" />
<!-- Compiler, activate this to specify an alternative compiler such
as jikes for EJB/JSP compiling. -->
<!-- <compiler executable="jikes" classpath="/myjdkdir/jre/lib/rt.jar" /> -->
<application name="jack" path="d:\desktop\java\orion_test" />
</application-server>
LoginTest.java
<?xml version="1.0"?>
<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.2//EN" "http://java.sun.com/j2ee/dtds/application_1_2.dtd">
<application>
<display-name>orion test</display-name>
<module>
<ejb>jack</ejb>
</module>
</application>
<?xml version="1.0"?>
<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 1.2//EN" "http://java.sun.com/j2ee/dtds/ejb-jar_1_2.dtd">
<ejb-jar>
<display-name>item01</display-name>
<description>item02</description>
<enterprise-beans>
<session>
<display-name>fbs</display-name>
<description>fbs</description>
<ejb-name>FBS</ejb-name>
<home>com.jack.FBSHome</home>
<remote>com.jack.FBS</remote>
<ejb-class>com.jack.FBSBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
</session>
</enterprise-beans>
<assembly-descriptor>
</assembly-descriptor>
</ejb-jar>
FBSHome.java
FBS.java
FBSBean.java
