Group,
This is just a heads-up. I don't see it referred to anywhere in the
documents, but a bad tag order in the j2ee xml configuration tags or in the
orion xml configuration tags can break an application. In particular, we
often have to create orion-*.xml files for security or clustering. The
role-mapping tags can be easily be put out of order if you are writing these
yourself. This will break the various usermanager security options, if you
use them.
The order of the tags does matter in xml, you can examine the various dtd's
for orion by going to http://www.orionserver.com/dtds/orion-web.dtd or
orion-application.dtd, etc to download the various dtd's. These dtd's can
give good insight into what is going on behind the scenes, and what is the
proper order.
You can also check your xml by starting orion with the -validateXML option,
or rewrite you xml with the -validateXML and -rewriteXML options:
java -jar orion.jar -validateXML
this will give you errors for each bad xml file.
java -jar orion.jar -validateXML -rewriteXML
this will rewrite 'well-formed' xml...this can be treacherous if you have
badly formed xml (tag closing '>' missing, for example).
An example of a broken orion-application.xml file follows ... can anybody
spot the error?:
<?xml version="1.0"?>
<!DOCTYPE orion-application PUBLIC "-//Evermind//DTD J2EE Application
runtime 1.2//EN" "http://www.orionserver.com/dtds/orion-application.dtd";>
<orion-application deployment-version="1.5.2">
<ejb-module remote="false" path="myejbs.jar" />
<ejb-module remote="false" path="usermanager" />
<web-module id="mysite" path="mysite.war" />
<security-role-mapping name="some-users">
<group name="some-users" />
</security-role-mapping>
<user-manager class="com.evermind.ejb.EJBUserManager" >
<property name="defaultGroups" value="users" />
<property name="home" value="com.evermind.ejb.EJBUser" />
</user-manager>
<persistence path="persistence" />
<principals path="principals.xml" />
<log>
<file path="application.log" />
</log>
<namespace-access>
<read-access>
<namespace-resource root="">
<security-role-mapping name="<jndi-user-role>">
<group name="administrators" />
</security-role-mapping>
</namespace-resource>
</read-access>
<write-access>
<namespace-resource root="">
<security-role-mapping name="<jndi-user-role>">
<group name="administrators" />
</security-role-mapping>
</namespace-resource>
</write-access>
</namespace-access>
</orion-application>
Its the user-manager tag. It must go after the principals tag, or this apps
security won't work! Here is the element definition for
orion-application.dtd:
<!ELEMENT orion-application
(ejb-module*,web-module*,client-module*,security-role-mapping*,
persistence?, library*, principals?, mail-session*, user-manager?, log?,
data-sources?, namespace-access?)>
the elephantwalker
