[JBoss-user] [JCA/JBoss] - Trying to return an unknown connection2 / Interceptors
Adrian -- In reference to this post http://www.jboss.org/index.html?module=bb&op=viewtopic&t=59294, I have a few questions. 1) The workaround stated for this problem is to remove the CachedConnectionManager from the container. What is the downside to this workaround? 2) Is the appearance of the "Trying to return an unknown connection2" something that can be safely ignored. Or is it an indication of a problem that can have nasty side-effects? It does not seem to negatively impact our application. 3) What is the correct way to design interceptors that require database resources in a way that plays nicely with the CachedConnectionManager? Our application employs a security extension implemented via JBoss security extension framework. It looks up user permissions in a database and must do so in the current transaction context. In order to improve performance, the database connection and statement are being cached for the duration of the transaction. Thanks for you help. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3866467#3866467 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3866467 --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [EJB/JBoss] - invokeHome and invoke called on interceptor for create metho
Invoking a create() method for an entity results in two calls on container interceptors. invokeHome() is called prior to the ejbCreate() being called on the bean. The ejbCreate() method is then invoked on the bean instance. And after that the interceptor's invoke() method is called with the fully initialized bean instance. But ejbCreate() is NOT invoked a second time. Can someone in the JBoss group explain to me (briefly) how, and perhaps why, this works the way it does? We are developing a entity lifecycle interceptor that emits messages when an entity is created. The question is: On which interceptor method should we depend for the create event, invoke() or invokeHome()? And is this double interceptor call behavior something that will remain consistent across versions of JBoss? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3866279#3866279 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3866279 --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - security association set for main thread during deployment a
Potential Security Flaw Using MDB During the deployment of a message driven bean, the container creates a connection to the message queue using the user/pwd provided by the deployment descriptor. The authenticated subject created by this operation is bound to the current thread (via the security association class) using a ThreadLocal. The thread that deploys components existing in the deploy directory at startup is the "main" thread. This means that the "main" thread has a security association. This security association (meaning the Subject bound to the thread by a ThreadLocal) is then copied to every other thread created by JBoss, including the the HTTP processor threads, class loader threads, etc. The very first time the application is accessed using one of the HTTP processor threads, it has the security association create the jms login. Once the processor thread has processed one request, the security association is cleared and functions normally. This is a serious security vulnerability. A partial workaround is to not deploy the MDBs until after JBoss has finished starting up. This prevents the jms-connection user security association from being inherited by the HTTP processor threads. Regards, Eugene View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3863200#3863200 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3863200 --- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets & JSP] - Re: How to remove Pragma: no-cache from tomcat responses??
Given the presence of the following bug in IE http://support.microsoft.com/support/kb/articles/q316/4/31.asp this is a fairly serious problem. If you are running Apache as a web server front-end to JBoss-Tomcat, you can use mod_header to remove the Pragma and Cache-control headers. Add the following lines to the httpd.conf file: Header unset Pragma Header unset Cache-control However, this is not an ideal solution, hopefully the JBoss folks will find a better workaround in the near future! View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3844510#3844510 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3844510 --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user