SSL-problems (was SSL-100% CPU)
I have tried to dig deeper into the SSL problem, while it is a major showstopper right now and a problem that has to be solved before I can use Orion in my project. I have made to bat files for the certificate generation to be able to play around a little faster: step1.bat: keytool -genkey -keyalg "RSA" -alias testalias -keystore mykeystore -dname "cn=My Name, ou=MyCompany, o=MyCompany, c=SE" -storepass 123456 -keypass 654321 -validity 360 keytool -certreq -keyalg "RSA" -alias testalias -file localhost.csr -storepass 123456 -keypass 654321 -keystore mykeystore rem Go to thawte and copy the contents of localhost.csr. start https://www.thawte.com/cgi/server/test.exe step2.bat rem Before running this, save the output from Thawte into localhost.cer keytool -import -trustcacerts -file localhost.cer -keystore mykeystore -storepass 123456 -keypass 654321 Output when running the scripts: E:\testjava -version java version "1.3.0" Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-C) Java HotSpot(TM) Server VM (build 2.0fcs-E, mixed mode) E:\teststep1 E:\testkeytool -genkey -keyalg "RSA" -alias testalias -keystore mykeystore -dna me "cn=My Name, ou=MyCompany, o=MyCompany, c=SE" -storepass 123456 -keypass 6543 21 -validity 360 E:\testkeytool -certreq -keyalg "RSA" -alias testalias -file localhost.csr -sto repass 123456 -keypass 654321 -keystore mykeystore E:\teststart https://www.thawte.com/cgi/server/test.exe E:\teststep2 E:\testkeytool -import -trustcacerts -file localhost.cer -keystore mykeystore -storepass 123456 -keypass 654321 Owner: CN=My Name, OU=MyCompany, O=MyCompany, C=SE Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FO R TESTING PURPOSES ONLY, C=ZA Serial number: 488d5a Valid from: Tue Jul 04 09:55:28 GMT+02:00 2000 until: Fri Aug 04 09:55:28 GMT+02 :00 2000 Certificate fingerprints: MD5: AE:C8:43:16:A5:FC:15:70:6A:A6:2D:D8:7F:8F:8C:87 SHA1: D1:98:C0:C7:DA:D5:DB:D5:D1:E3:C6:A1:39:A0:59:34:0A:8F:DC:99 Trust this certificate? [no]: yes Certificate was added to keystore E:\testkeystore -list -keystore mykeystore 'keystore' is not recognized as an internal or external command, operable program or batch file. E:\testkeytool -list -keystore mykeystore Enter keystore password: 123456 Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries: mykey, Tue Jul 04 09:53:14 GMT+02:00 2000, trustedCertEntry, Certificate fingerprint (MD5): AE:C8:43:16:A5:FC:15:70:6A:A6:2D:D8:7F:8F:8C:87 testalias, Tue Jul 04 09:51:48 GMT+02:00 2000, keyEntry, Certificate fingerprint (MD5): BE:ED:A9:00:04:5D:A6:F4:9A:92:40:25:0C:AB:9C:EC OK. Now I start Orion (I have tried it with 1.0, 1.1.4, 1.1.8 with the same result): E:\java\orionjava -jar orion.jar Error starting HttpServer: Unable to intialize SSLServerSocketFactory 'com.evermind.ssl.JSSESSLServerSocketFactory': Unrecoverable key error: Cannot recover key Now to something interesting: I delete the key with the alias 'testalias': E:\testkeytool -delete -alias testalias -keystore mykeystore Enter keystore password: 123456 E:\testkeytool -list -keystore mykeystore Enter keystore password: 123456 Keystore type: jks Keystore provider: SUN Your keystore contains 1 entry: mykey, Tue Jul 04 09:53:14 GMT+02:00 2000, trustedCertEntry, Certificate fingerprint (MD5): AE:C8:43:16:A5:FC:15:70:6A:A6:2D:D8:7F:8F:8C:87 Now I start Orion again: E:\java\orionjava -jar orion.jar Orion/1.1.8 initialized Orion initializes, but takes about 100% CPU and accessing https://localhost:443 fails. Does anybody have a clue? /Thanks, Mattias Arbin, Ctakt AB My secure-web-site.xml: ?xml version="1.0"? !DOCTYPE web-site PUBLIC "Orion Web-site" "http://www.orionserver.com/dtds/web-site.dtd" web-site host="[ALL]" secure="true" port="443" display-name="Default Orion WebSite" !-- The default web-app for this site, bound to the root -- ssl-config keystore="../../../test/mykeystore" keystore-password="123456" / default-web-app application="default" name="defaultWebApp" / !-- Uncomment this to activate the news app -- !-- web-app application="news" name="news-web" root="/news" / -- !-- Access Log, where requests are logged to -- access-log path="../log/default-web-access.log" / /web-site My server.xml: ?xml version="1.0"? !DOCTYPE application-server PUBLIC "Orion Application Server Config" "http://www.orionserver.com/dtds/application-server.dtd" application-server application-directory="../applications" deployment-directory="../application-deployments" rmi-config path="./rmi.xml" / !-- JMS-server config link, uncomment to activate the JMS service -- !-- jms-config path="./jms.xml" / -- principals path="./principals.xml" / log file path="../log/server.log" / /log global-application name="default" path="application.xml" / global-web-app-config path="global-web-application.xml" / web-site path="./default-web-site.xml" / web-site path="./secure-web-site.xml" / !-- Compiler, activate
RE: EJBMaker not working
Hi Brett, First of all upgrage to 1.1.8. The export dialog is a bit tricky. If you want to write to somewhere/ejb/myproject, the dialog should look like: Look in: ejb File name: myproject (in other words: do not go into the myproject directory itself) Then press save. This should work. Martin. -Original Message- From: Brett Waterson [mailto:[EMAIL PROTECTED]] Sent: dinsdag 4 juli 2000 0:57 To: Orion-Interest Subject: EJBMaker not working Hi, I cannot seem to get EJBMaker to work. It runs OK, but it does nothing when you select a directory within export. (ie. does not produce files) Any ideas? Brett Waterson Technical Leader ZIVO New Zealand Limited 7 - 9 Alpers Avenue, Auckland NEW ZEALAND E-mail: [EMAIL PROTECTED] http://www.ZIVO.com Sydney * Melbourne * Canberra * Brisbane * Auckland * Wellington * Singapore * Hong Kong * Bangkok * Kuala Lumpur The ZIVO brand name is a trademark of the ZIVO Pty. Ltd. Group. NOTICE This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify ZIVO Pty. Ltd. immediately. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of ZIVO Pty. Ltd.
Some common misunderstandings? Was: DeadlockException
Hi all, i wanted to let you join some of the misunderstandings i had concerning transactions and their safety/isolation levels, since i am not a learned database programmer but have come to databases/ejb accidently (ok, i had to earn money ;-). I compared the access to a data entity (in the ejb server) from different clients always with the in-memory access of an object in shared memory from different threads (and this analogy is somewhat misleading, as you will see). In memory, you have the possibility to lock the object prior to each access (or to let it be locked by the language/system you use), even if it is only read access. That means, once read an object, nobody else (no other thread) will be allowed to even see this object - and the thread will be suspended until the object is released by the other thread. This system is safe if every thread completes its computation and releases its locks (and on abnormal termination a release of all locks could be made by the system). My misunderstanding now was, that i always searched for a transaction type in EJB, which provides similar safety and did not understand well the slightly difference between read locks and the isolation level "repeatable read" (and that i did not read accurate all availiable literature but relied on my intentions). But "repeatable read" does only guarantee, that during a transaction of a client a read on the same entity will lead to the same result unless this client itself changes the entity, regardless off parallel working other clients which could change this entity. But another client will not be halted if it wants to read this entity. If then both clients want to modify the same entity after they have read it both (and therefore it cannot be changed directly due to the "repeatable read"), we get a wunderful deadlock. Let us take an entity X and the clients A and B, in paranthesis my assumptions of what happens in the server. A reads X - allowed (make a copy?) B reads X - allowed (make a copy?) A writes X - allowed (change A's copy?)? Or already forbidden (if there are no copys)? B writes X - forbidden in any case, result would be undeterministic This situation leads to a deadlock exception, which has to be handled appropriate by the clients. In short words: If programming a client i must bear in mind that concurrent accesses may lead to exceptions (and rollbacks of transactions). What's more with databases (my entity beans use BMP): If the database has locked a data entity, another "client" (bean) that wants to access this entity will not be halted until the lock is released but will get an exception (and there is no - standard - way to decide, wether the thrown SQLException was caused by a lock/deadlock or by other failures, since the result codes vary for each database). So, writing beans with BMP that will be accessed for writing concurrently (i mean the same entity, not the type) by different clients is really a big deal. BTW, it would be interesting, what fallback mechanisms for these cases are provided by orion's CMP - i never used it myself ;-) Just a little excurs for those who are interested (reading it now, i have the impression that i really had "tomatos on my eyes", as we say in Germany, but these misunderstandings have been really expensive in terms of time and money for my company). Best regards to all, Jens PS: Are there any databases in the world, which provide a real safe lock mechanism for concurrent read/write access? I mean, a real lock beginning with the read? And an automatic wait for a request if some resources are locked? Would be hot on the market, i think... PPS: Many of these problems could be handled with the wood-hammer-method (another germanism, i fear) of repeating a whole failed transaction automatically by the server as provided by orion with the "max-tx-retries" feature - unfortunately it does not seem to work yet... -Ursprüngliche Nachricht- Von: Jens Stutte [mailto:[EMAIL PROTECTED]] Gesendet am: Montag, 26. Juni 2000 15:17 An: Orion-Interest Cc: '[EMAIL PROTECTED]' Betreff: AW: DeadlockException Thanx for the answer. Of course i can get deadlocks as i work against a database - but this deadlock seems to be caused by orion itself prior of accessing the database. Orion must have some internal locking mechanisms to avoid concurrent access to entity bean variables, i assume. And the 'resource entity's mentioned in the exception are orion specific and have nothing to do with my database (which i update myself via BMP). I'd like to know if orion's isolation level "repeatable_read" is equivalent to someting like "exclusive read" (which would avoid any deadlocks if the data gets locked for read and write until the end of a transaction). Furthermore the setting of "max-tx-retries" would help repeating a failed exception, but i did not get it work. Regards, Jens
Performance Orion 1.1.8
Hello, I'm trying to understand the performance of my beans. I notice that on every call to an Entity bean, com.evermind.server.ejb.EvermindEntityContext.cloneObject is called. The program spends nearly 20% of the time in this method. Within the method, the bulk o fthe time is spent in readObject. Is there anything I can to do make this more efficient? Thanks, Vidur
Re: Orion UserTransaction
Hi Theo,
long time ago i got following answer:
: We'll check this out, it does seem weird,
: Regards,Karl Avedal
the problem is not solved yet.
klaus
I'm having exactly the same problem as you.
May I ask you if (and how) you have solved it?
Hello,
i have a SessionBean:
public class PersonBean implements SessionBean {
private UserTransaction ut = null;
private SessionContext ctx;
[...]
public void ejbCreate() throws RemoteException, CreateException {
ut = ctx.getUserTransaction();
ejb-jar.xml: session
transaction-typeBean/transaction-type
when my client calls the create-method, i get following exception:
"Only beans with user-managed transaction can invoke getUserTransaction()"
did i miss something?
--
Klaus Thiele - Personal Informatik AG
mailto:[EMAIL PROTECTED]
"There's got to be more to life than compile-and-go."
Update: Performance Scalability
All, In a previous message I expressed my concern about performance as compared with Weblogic 5.1. With assistance from Karl Avedal, I made some changes to my application and am very pleased to announce that Orion is approximately 2x faster than Weblogic 5.1. I wasn't using the DB connection pool and it is a pleasure to work with a product that does conform and support the latest J2EE specification. In general, migrating from WL to Orion has been pretty painless. Most of the changes were container specific, config files, etc. and no code changes. The only code changes I'm now going to make has to do with improving my code. This exercise has identified areas that were inefficient or were specific to WL. BTW, my evaluation of Orion and two other Ejb servers has resulted in Orion as my choice hands down. Thanks Tom Tom Wnuk [EMAIL PROTECTED] [EMAIL PROTECTED] winmail.dat
AW: Update: Performance Scalability
Hi Kirk, i assume he confused (like me some time ago) the different jndi names for the database connections. In a data-source you specify different locations, which will be treated differently by the server. The "location" is a 'naked' standard JDBC connection without pooling or anything. The "ejb-location" provides server specific wrapper classes for the connections, which provide such things as pooling, transaction handling for EJBs etc. I don't know the specific purpose of the "xa-location" and when to use it. Anyway, from within EJBs you should always use the "ejb-location". Regards, Jens Stutte PS: Example of a data-source: data-source name="BaseDB" class="com.evermind.sql.ConnectionDataSource" location="jdbc/BaseDB" xa-location="jdbc/xa/BaseXADB" ejb-location="jdbc/BaseEJBDB" inactivity-timeout="60" url="jdbc:informix-sqli://beatnix.net-media.de:1536/BaseDB:INFORMIXSERVER=on _beatnix" connection-driver="com.informix.jdbc.IfxDriver" username="informix" password="topsecret" / -Ursprüngliche Nachricht- Von: Kirk Kalvar [mailto:[EMAIL PROTECTED]] Gesendet am: Dienstag, 4. Juli 2000 17:19 An: Orion-Interest Betreff: RE: Update: Performance Scalability Tom: Could you be more specific? You weren't accessing the db connection pool, but what did you do to fix it? Thanks in Advance, Kirk S. Kalvar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 04, 2000 9:27 AM To: Orion-Interest Subject: Update: Performance Scalability All, In a previous message I expressed my concern about performance as compared with Weblogic 5.1. With assistance from Karl Avedal, I made some changes to my application and am very pleased to announce that Orion is approximately 2x faster than Weblogic 5.1. I wasn't using the DB connection pool and it is a pleasure to work with a product that does conform and support the latest J2EE specification. In general, migrating from WL to Orion has been pretty painless. Most of the changes were container specific, config files, etc. and no code changes. The only code changes I'm now going to make has to do with improving my code. This exercise has identified areas that were inefficient or were specific to WL. BTW, my evaluation of Orion and two other Ejb servers has resulted in Orion as my choice hands down. Thanks Tom Tom Wnuk [EMAIL PROTECTED] [EMAIL PROTECTED]
UserTransaction.
Hi !
I'm trying to use an UserTransaction in a client code.
None of the usuals JNDI names work, like,
UserTransaction utx =
(UserTransaction)initialContext.lookup("java:comp/UserTransaction")
What is the default JNDI name where the UserTransaction is bound for clients
?
Do I have to include it as a resource in my application-client.xml to bind
it to JNDI ?
And how do I configure this ?
thx for the help.
Rui Gil
Does the EBB-JAR Class-Path manifest attribute ?
Hi, Am trying to deploy an EBB which has dependent classes in other jar files; these other jar files are specified in the ebb-jar file's Class-Path manifest attribute (sec 17.3 of the EJB spec) and deployed in the EAR. When loading the ejb-jar I get a java.lang.ClassCircularityError exception. This does not occur if I stick the dependent jar on the system class path, or as an installed extension, or unzip the contents and deploy inside the ejb-jar. Has anyone tried deploying dependent jars which are specified in the ejb-jar Class-Path manifest? If so, any success? Or is this a known bug in the EJB class loader? Cheers, Jeff
