stored procedures and entity beans

[James Manning]

I'm in the position of trying to migrate towards a j2ee/ejb architecture
from one where most of the access logic (and to an extent, business
methods) were in stored PL/SQL procedures in an Oracle 8i database.

To keep from having to "reinvent the wheel"s of the stored procedures
(and making the transition easier), are there any existing patterns
or methods for utilizing stored procedures but still using EJB's?

Is the answer simply "use BMP, put the stored procedures in load/store"?
is there any orion-specific trick of defining a _query but using a
stored procedure instead (can orion fetch from out variables instead
of resultset?

Thanks!

James
-- 
James Manning [EMAIL PROTECTED]
GPG Key fingerprint = B913 2FBD 14A9 CE18 B2B7  9C8E A0BF B026 EEBB F6E4

orion on unix

[Heng Chee, Lee - SG]

Hi,
I used to run orion on NT machine and now I have to deploy it on a Sun Sparc
Solaris machine.
Honestly, my knowledge on unix system admin is very limited.
Ok, now I have this problem:
I have untar the orion archieve to a folder called orion, this folder and
all the files and subfolders under it are belongs to a user name 'orion',
the group access permission for this folder (and all it's files) are also
called 'orion'. When I log in to unix as user 'orion' and try to start up
the app server by typing java -jar orion.jar, I get a message "Error
starting HTTP-Server : Permission denied".  I can only startup orion if I
log in as root user. This is not acceptable because I can't let everyone to
have root access just for starting up the orion server.(Our project still in
the development phase so we need to start and stop the server quite often)

I am puzzle with this error because I have already set the owner of all the
files under orion folder to be 'orion', and orion app server is using it's
own http-server internally so it shouldn't has any permission problem. 
I think that orion app server might try to access some of the unix system
file which must have root access, if this is the case can someone tell me
which file it it?
Or is there any alternative work around for this problem?





Thanks and best regards
Lee

Native user support

[Mathias Bogaert]

Hello,

An article on dcb.sun.com (http://dcb.sun.com/practices/profiles/orion_appserver.jsp) 
says native user support with Orion is available.

"Unlike native Web servers such as Apache that 
utilize user IDs and security, Orion's Java technology-based system will run 
with the permissions of the user who started the server. Orion developers offer 
a security workaround by providing "native user" support for various platforms. 
With the appropriate library, you can start Orion with a given user ID to 
increase security and prevent malicious attacks. The "native user" support is 
available at: http://www.orionserver.com/private/native_user_support.tar.gz"

Does anyone have experience with native user 
support with Orion?

The http://www.orionserver.com/private/native_user_support.tar.gzis 
not a valid url (404), so can somebody send me this file?

TIA

Mathias Bogaert

Re: orion on unix

[Brautigam Robert]

 Hi,

Hi,

 I used to run orion on NT machine and now I have to deploy it on a Sun Sparc
 Solaris machine.
[...]
 starting HTTP-Server : Permission denied".  I can only startup orion if I
 log in as root user. This is not acceptable because I can't let everyone to
[...]
 Or is there any alternative work around for this problem?

On a UNIX (or derivate) systems, only root can bind to the lower 1024 ports,
this means you cannot start orion on the default HTTP port 80. There is an
attribute of the web-site tag called "port" in the default-web-site.xml,
typically the line should look like:
web-site host="[ALL]" port="8080" display-name="Default Orion WebSite"
Which will cause the webserver to bind to the 8080 port. You can access
this page from a browser with the following url:
http://server:8080/

hth,
Robert.

RE: orion on unix

[Ronald Hatcher]

This is because the default http port 80 is privliged. If you don't want to
run as root, reconfigure Orion to run on a non-privliged port such as 8080

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Heng Chee, Lee
- SG
Sent: 07 January 2001 08:54
To: Orion-Interest
Subject: orion on unix


Hi,
I used to run orion on NT machine and now I have to deploy it on a Sun Sparc
Solaris machine.
Honestly, my knowledge on unix system admin is very limited.
Ok, now I have this problem:
I have untar the orion archieve to a folder called orion, this folder and
all the files and subfolders under it are belongs to a user name 'orion',
the group access permission for this folder (and all it's files) are also
called 'orion'. When I log in to unix as user 'orion' and try to start up
the app server by typing java -jar orion.jar, I get a message "Error
starting HTTP-Server : Permission denied".  I can only startup orion if I
log in as root user. This is not acceptable because I can't let everyone to
have root access just for starting up the orion server.(Our project still in
the development phase so we need to start and stop the server quite often)

I am puzzle with this error because I have already set the owner of all the
files under orion folder to be 'orion', and orion app server is using it's
own http-server internally so it shouldn't has any permission problem.
I think that orion app server might try to access some of the unix system
file which must have root access, if this is the case can someone tell me
which file it it?
Or is there any alternative work around for this problem?





Thanks and best regards
Lee

Re: orion on unix

[anton]

There is a util available on Linux called "ipchains" that can
redirect all requests from port 80 to 8080. After you set it up
with root user, u can run Orion as non-root on port 8080
and without clients even noticing it.

Find out if there is such a tool on Unix that u are running.

Never run Orion as ROOT. Even Orion team says that there
might be some security leaks if running Orion as root.

There is tutorial that i've read @ www.orionsupport.com called
"Running Orion on Linux" that has explanation about users and
everything. Take a look maybe it will help. And ofcourse same
website has tutorial named "Running Orion on Unix" maybe
it has instructions that u need.

I hope this helps

-Anton

- Original Message -
From: "Ronald Hatcher" [EMAIL PROTECTED]
To: "Orion-Interest" [EMAIL PROTECTED]
Sent: Sunday, January 07, 2001 6:15 AM
Subject: RE: orion on unix


 This is because the default http port 80 is privliged. If you don't want
to
 run as root, reconfigure Orion to run on a non-privliged port such as 8080

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]On Behalf Of Heng Chee, Lee
 - SG
 Sent: 07 January 2001 08:54
 To: Orion-Interest
 Subject: orion on unix


 Hi,
 I used to run orion on NT machine and now I have to deploy it on a Sun
Sparc
 Solaris machine.
 Honestly, my knowledge on unix system admin is very limited.
 Ok, now I have this problem:
 I have untar the orion archieve to a folder called orion, this folder and
 all the files and subfolders under it are belongs to a user name 'orion',
 the group access permission for this folder (and all it's files) are also
 called 'orion'. When I log in to unix as user 'orion' and try to start up
 the app server by typing java -jar orion.jar, I get a message "Error
 starting HTTP-Server : Permission denied".  I can only startup orion if I
 log in as root user. This is not acceptable because I can't let everyone
to
 have root access just for starting up the orion server.(Our project still
in
 the development phase so we need to start and stop the server quite often)

 I am puzzle with this error because I have already set the owner of all
the
 files under orion folder to be 'orion', and orion app server is using it's
 own http-server internally so it shouldn't has any permission problem.
 I think that orion app server might try to access some of the unix system
 file which must have root access, if this is the case can someone tell me
 which file it it?
 Or is there any alternative work around for this problem?





 Thanks and best regards
 Lee

RE: orion on unix

[Christian Billen]

You could run the following command in your script as root:
ipchains -A input --destination-port 80 -p tcp -j REDIRECT 10080
Then su to the orion user and start orion on a port  1024 as non root, 
there is an article on orionsupport.com about this but it's down at the 
moment.

Christian Billen

-Original Message-
From:   Heng Chee, Lee - SG [SMTP:[EMAIL PROTECTED]]
Sent:   Sunday, January 07, 2001 2:54 AM
To: Orion-Interest
Subject:orion on unix

Hi,
I used to run orion on NT machine and now I have to deploy it on a Sun 
Sparc
Solaris machine.
Honestly, my knowledge on unix system admin is very limited.
Ok, now I have this problem:
I have untar the orion archieve to a folder called orion, this folder and
all the files and subfolders under it are belongs to a user name 'orion',
the group access permission for this folder (and all it's files) are also
called 'orion'. When I log in to unix as user 'orion' and try to start up
the app server by typing java -jar orion.jar, I get a message "Error
starting HTTP-Server : Permission denied".  I can only startup orion if I
log in as root user. This is not acceptable because I can't let everyone to
have root access just for starting up the orion server.(Our project still 
in
the development phase so we need to start and stop the server quite often)

I am puzzle with this error because I have already set the owner of all the
files under orion folder to be 'orion', and orion app server is using it's
own http-server internally so it shouldn't has any permission problem.
I think that orion app server might try to access some of the unix system
file which must have root access, if this is the case can someone tell me
which file it it?
Or is there any alternative work around for this problem?





Thanks and best regards
Lee

Re: File Upload Servlet

[Seung R. Bang]

Hi,
I solved the problem by writing a separate class to parse
the ServletInputStream. It parses the stream for parameters
passed and raw stream data. Works reat.
What I did was I put all the ins and outs of the servlet
in a separate class, -- I named it `FilePostHandler' --
and called the class in the servlet. No code has changed
from the servlet -- Just isolated the code from the servlet.
Then it works. I still wonder why it wasn't working.
Thanks.


 
 Hello, folks! Happy new year!
 I wrote a servlet that uploads files to the server.
 The problem with the servlet is that it works but it takes too much time.
 I put a couple of print statements at the beginning of the servlet and at the end of
 the servlet
 for a debuging purpose. Both the print statements responded immediately and uploaded
 a file correctly.
 At the second upload, when I clicked on the upload button, nothing happended for a
 very long time and
 then started to print the two statements. The servlet part seems OK. The servlet
 itself is processed
 quickly enough as all the print statements prints almost at the same time. Now,,
 then what?
 Something must be taking process before the servlet call.
 
 I searched the orionsupport pages and found a cool class specially designed for
 uploading files, which is
 com.evermind.io.PostFileInputStream. This appeared great for the first time, but it
 started giving
 me the `500 Internal Server Error' as follows:
 
 
 500 Internal Server Error
 
 java.lang.ArrayIndexOutOfBoundsException
 at java.lang.System.arraycopy(Native Method)
 at com.evermind.io.PostFileInputStream.read(JAX)
 at com.freightstream.servlet.FileUpload.writeOut(FileUpload.java:72)
 at com.freightstream.servlet.FileUpload.service(FileUpload.java:48)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java)
 at com.evermind.server.http.d3.so(JAX)
 at com.evermind.server.http.d3.sm(JAX)
 at com.evermind.server.http.ef.su(JAX)
 at com.evermind.server.http.ef.dn(JAX)
 at com.evermind.util.f.run(JAX)
 
 
 
 What am I doing wrong?  As usual, orion does not have much documentation on how to
 use the class.
 Please give me a clue. Any idea will help. Thanks a billion.
 
 
 
 

RE: orion on unix

[Ronald Hatcher]

Since Solaris doesn't have ipchains, you may have better luck using ssh port
forwarding. something like ssh -L80:nnn.nnn.nnn.nnn:8080 orion@localhost

Ron Hatcher

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Christian
Billen
Sent: 07 January 2001 16:20
To: Orion-Interest
Subject: RE: orion on unix


You could run the following command in your script as root:
ipchains -A input --destination-port 80 -p tcp -j REDIRECT 10080
Then su to the orion user and start orion on a port  1024 as non root,
there is an article on orionsupport.com about this but it's down at the
moment.

Christian Billen

-Original Message-
From:   Heng Chee, Lee - SG [SMTP:[EMAIL PROTECTED]]
Sent:   Sunday, January 07, 2001 2:54 AM
To: Orion-Interest
Subject:orion on unix

Hi,
I used to run orion on NT machine and now I have to deploy it on a Sun
Sparc
Solaris machine.
Honestly, my knowledge on unix system admin is very limited.
Ok, now I have this problem:
I have untar the orion archieve to a folder called orion, this folder and
all the files and subfolders under it are belongs to a user name 'orion',
the group access permission for this folder (and all it's files) are also
called 'orion'. When I log in to unix as user 'orion' and try to start up
the app server by typing java -jar orion.jar, I get a message "Error
starting HTTP-Server : Permission denied".  I can only startup orion if I
log in as root user. This is not acceptable because I can't let everyone to
have root access just for starting up the orion server.(Our project still
in
the development phase so we need to start and stop the server quite often)

I am puzzle with this error because I have already set the owner of all the
files under orion folder to be 'orion', and orion app server is using it's
own http-server internally so it shouldn't has any permission problem.
I think that orion app server might try to access some of the unix system
file which must have root access, if this is the case can someone tell me
which file it it?
Or is there any alternative work around for this problem?





Thanks and best regards
Lee

Complex O/R and EJB 2.0 CMP

[Darren Pamatat]

I've been trying to get started with some O/R stuff
with orion, and have gone thru the orion-cmp primer,
and the complex-or example. A few problems, is that
the orion-cmp primer is very simplistic, and the
complex-or example (from orionsupport, which is
currently down) does not have any examples, or docs on
how to create and use a client application to exercise
the ejb cmp entities. Does anyone have any
code/examples or info on this?

I like the layout of the complex-or example more so
than the orion-cmp primer, because it is not required
to jar it up, and classes can just be recompiled, and
run (if only I could run something against it). Also,
what is the difference in the EJB 2.0 CMP and orion
proprietary CMP.

Servlet/JDBC is sure looking a bit simpler right now.
Hopefully, some info and more examples are available
to help get an environment setup with CMP EJB's, to
work off of.

-Darren


__
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/

Re: orion on unix

[Nils Frohberg]

Yes, but sudo will still run orion with UID 0. This will not improve security. Then 
you might as well make a group called 'orion', and put all the users that need access 
to orion into this group. Change the dir/file perms so that it is read/writable for 
these users.

If you try to get orion to run non-root because of security, follow the example on 
orionsupport.

--nils

Scott M. Stirling([EMAIL PROTECTED])@Sun, Jan 07, 2001 at 01:49:15PM -0500:
 I think there is a better solution than using ipchains (which I'm not
 sure is supported anywhere but on Linux, and is bound to incurr some
 overhead, though I'm not sure if it would be significant), or at least
 an alternative.
 
 Install sudo if you haven't already.  You have to configure sudo with
 the names/groups of users and their permissions.  What sudo does is
 allow non-root users to execute super user commands and temporarily
 attain super user privileges for the purpose of executing commands.  You
 can have users enter a password to use sudo, or you can configure sudo
 to allow users/groups to use it without a password.  In any case, make
 sure the actual root password and the sudo password are different, that
 way no one needs to know the root password except root.  To use sudo,
 once installed, you just prefix sudo to any command in order to use it:
 
 sudo reboot
 sudo java -jar orion.jar
 etc.
 
 http://www.courtesan.com/sudo/
  
 
 On 07 Jan 2001 16:54:01 +0800, Heng Chee, Lee - SG wrote:
  Hi,
  I used to run orion on NT machine and now I have to deploy it on a Sun Sparc
  Solaris machine.
  Honestly, my knowledge on unix system admin is very limited.
  Ok, now I have this problem:
  I have untar the orion archieve to a folder called orion, this folder and
  all the files and subfolders under it are belongs to a user name 'orion',
  the group access permission for this folder (and all it's files) are also
  called 'orion'. When I log in to unix as user 'orion' and try to start up
  the app server by typing java -jar orion.jar, I get a message "Error
  starting HTTP-Server : Permission denied".  I can only startup orion if I
  log in as root user. This is not acceptable because I can't let everyone to
  have root access just for starting up the orion server.(Our project still in
  the development phase so we need to start and stop the server quite often)
  
  I am puzzle with this error because I have already set the owner of all the
  files under orion folder to be 'orion', and orion app server is using it's
  own http-server internally so it shouldn't has any permission problem. 
  I think that orion app server might try to access some of the unix system
  file which must have root access, if this is the case can someone tell me
  which file it it?
  Or is there any alternative work around for this problem?
  
  
  
  
  
  Thanks and best regards
  Lee
 
 -- 
 Scott Stirling
 West Newton, MA
 

Re: Native user support

[Sach Jobb]

Are you sure that's not just JNDI?

On Sun, 7 Jan 2001, Mathias Bogaert wrote:

 Hello,
 
 An article on dcb.sun.com 
(http://dcb.sun.com/practices/profiles/orion_appserver.jsp) says native user support 
with Orion is available.
 
 "Unlike native Web servers such as Apache that utilize user IDs and security, 
Orion's Java technology-based system will run with the permissions of the user who 
started the server. Orion developers offer a security workaround by providing "native 
user" support for various platforms. With the appropriate library, you can start 
Orion with a given user ID to increase security and prevent malicious attacks. The 
"native user" support is available at: 
http://www.orionserver.com/private/native_user_support.tar.gz"
 
 Does anyone have experience with native user support with Orion?
 
 The http://www.orionserver.com/private/native_user_support.tar.gz is not a valid url 
(404), so can somebody send me this file?
 
 TIA
 
 Mathias Bogaert
 
 

RE: orion on unix

[Tony Wilson]

The best way to get around this, I think, is to use apache as a front end
and connect Orion to it.
There is excellent documentation on how to do this on
www.orionsupport.com... when it comes up.  It think it is one of the
featured links on the right hand menu.

Apache runs anywhere, pretty much.

What you do is start up apache as root.  Apache grabs whatever lower
numbered ports it needs (including 80) and then changes its user to
something else (usually 'nobody').  You change the configuration in
/etc/httpd/conf/httpd.conf (at least on linux) and then you can connect to
it using standard procedures supported by both apache and orion.

The main benefit of this is that you can run jrun as whomever you would like
('orion' is a good username) and you only have to worry about the file
permissions from that point on.


You DEFINITELY don't want to run orion, or any other Servlet Container as
root.  The main reason is security.  One of your developers could very
easily write a piece of code that would wipe out the entire hard drive, or
worse... and if anyone was able to hack in... all they would need to do is
write up a jsp file, and they have all the access they want.

Anyway.  The apache thing works for us.  We are able to do a lot of things
with this.  One example is Virtual hosting.  Each developer is able to have
their own instance of orion, running on their own virtual IP address, on
their own code base and starting and stopping it on their own running as
their own user.  Apache allows for this.

Tony Wilson



-Original Message-
From:   Heng Chee, Lee - SG [mailto:[EMAIL PROTECTED]]
Sent:   Sunday, January 07, 2001 12:54 AM
To: Orion-Interest
Subject:orion on unix

Hi,
I used to run orion on NT machine and now I have to deploy
it on a Sun Sparc
Solaris machine.
Honestly, my knowledge on unix system admin is very limited.
Ok, now I have this problem:
I have untar the orion archieve to a folder called orion,
this folder and
all the files and subfolders under it are belongs to a user
name 'orion',
the group access permission for this folder (and all it's
files) are also
called 'orion'. When I log in to unix as user 'orion' and
try to start up
the app server by typing java -jar orion.jar, I get a
message "Error
starting HTTP-Server : Permission denied".  I can only
startup orion if I
log in as root user. This is not acceptable because I can't
let everyone to
have root access just for starting up the orion server.(Our
project still in
the development phase so we need to start and stop the
server quite often)

I am puzzle with this error because I have already set the
owner of all the
files under orion folder to be 'orion', and orion app server
is using it's
own http-server internally so it shouldn't has any
permission problem. 
I think that orion app server might try to access some of
the unix system
file which must have root access, if this is the case can
someone tell me
which file it it?
Or is there any alternative work around for this problem?





Thanks and best regards
Lee

RE: User guide: My Comments

[Tim Endres]

Add the mailing list archive, which is invaluable, to your list, and I
think you have definitely covered it. The only times these sources have
failed us have been actual bugs, so I guess you need to add the bug DB
to the list also.
tim.

 i think you will all find that most of the questions you will ask can be
 answered by reading the Specs ie EJB, servlet, jsp etc.
 
 With the combination of these Specs (very important) the minimal orion
 documentation and the sample and tutorials you have all the documentation
 you need. You just have to put it all together. And my opinion is that if
 you find something out for your self you are less likely to forget it. You
 can't be hand held all the time :)
 
 -Original Message-
 From: Ray Harrison [mailto:[EMAIL PROTECTED]]
 Sent: Friday, January 05, 2001 8:37 PM
 To: Orion-Interest
 Subject: Re: User guide
 
 There's more info and examples,etc on www.orionsupport.com. Check it out.
 
 --- Laurent Vansuypeene [EMAIL PROTECTED] wrote:
  hi everybody,
 
  I need to evaluate orionserver but i don't find any user
  guide on the site and the documentation is quiet not enough.
  For example, i want to know how to define servlet context,
  EJB2.0 (how to define EQL, where are the generated stub...)
  Has someone a user guide ?
 
  Thanks in advance
  __
  Boîte aux lettres - Caramail - http://www.caramail.com
 
 
 
 
 __
 Do You Yahoo!?
 Yahoo! Photos - Share your holiday photos online!
 http://photos.yahoo.com/
 

RE: Are these Orion bugs?

[Mike Cannon-Brookes]

My guess is that the bug lies in the combination of JSP + Multipart-Encoded
+ Tags. I tried to do the exact same thing as yourself (create a tag to
upload files) a few weeks ago and gave up after not being able to do it.

If you do manage, or would like a hand / fellow coder to bounce ideas off -
give me a bell.

Mike

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]On Behalf Of Huibert
 Aalbers Indaberea
 Sent: Monday, January 08, 2001 9:44 AM
 To: Orion-Interest
 Subject: Re: Are these Orion bugs?


 Actually I am doing something like
 pageContext.getServletRequest().getParameter("HiddenField) inside a custom
 tag.

 I believe that the problem may be related to the fact that I am doing this
 inside a custom tag called from within a JSP page, inside of doing it in a
 servlet, which is a well proven way to do it. I am doing it this way to
 separate the HTML from the java code.

 Huibert

 on 1/7/01 3:39 PM, Tim Endres at [EMAIL PROTECTED] wrote:

  The first problem is that I cannot use request.getParameter()
 to check the
  value of "normal" field (as opposed to a "file" parameters). I
 assumed that
  this was normal and that I had to examine the request header to do the
  trick. Is this correct?
 
  HttpServletRequest.getParameter() works fine for me. Maybe your
 problem lies
  in
  the fact that you are using it under HttpServlet.doGet() as opposed to
  doPost()?
  In other words, does your FORM element include the attribute
 METHOD="POST"?
 
  Here is code that works fine for me under doPost():
 
  Enumeration enum = httpReq.getParameterNames();
  for ( ; enum.hasMoreElements() ; )
  {
  String name = (String) enum.nextElement();
  String value = req.getParameter( name );
  }
 
  tim.
 
 

ejb deployment problem

[ahfei]

hello,

 i'm developing ejb using jbuilder4.The EJBs work well in inprise app server. when i 
deploy it to orion,it works too. but  i found 
the datasource that i specified doesn't be used,orion uses a default datasource (HSQL) 
service my EJBs.WHY ? can somebody help me?
thanks in advance.

 
ahfei
[EMAIL PROTECTED]

RE: orion on unix

[Mike Cannon-Brookes]

Scott,

There is some JNI code to do this on OrionSupport - should be up soon.

Mike

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]On Behalf Of Scott M.
 Stirling
 Sent: Monday, January 08, 2001 11:44 AM
 To: Orion-Interest
 Subject: RE: orion on unix


 I was going to suggest something similar, which is to start up Orion as
 root and then have the process change UID to a non-root user, just like
 Apache.  But starting the process as root is precisely the thing the
 user was trying to avoid.

 Throwing Apache in the front end is bound to decrease performance,
 versus using Orion's HTTP server.  It's certainly the easiest (and a
 good portable one -- better than ipchains) solution, but I didn't
 mention because it defeats the purpose of using Orion as the web server
 for performance.

 The security problems with running an app server as root can be dealt
 with by using Java policy files.  I've written them for JRun in the
 past, to restrict access to just the directories, files and ports
 necessary.  But running an app server is a risky proposition anyway.
 Even if it's not running as root it probably has access to all your
 businesses' critical data via database access and Web-based business
 transactions; people's credit card numbers, etc.  These are much more
 valuable than the files on your file system.

 The real problem expressed by the original email is that regular
 restarts of the server are necessary.  All Java app servers suffer from
 this in one place or another.  Eventually, they'll all have to be able
 to dynamically reload configuration settings, and any class or
 component.  Orion is all ready well on the way toward that goal with
 dynamic reload of ears, EJB jars, servlets, etc.

 A related problem is the distinction between development and production
 -- why can't each developer belong to the same group, have them all stop
 and start Orion on a port above 1024 for development purposes, and then
 deal with this port 80 problem when it's time to move production.  In
 most organizations I've dealt with, the developers aren't the ones
 stopping and starting the production server anyway.

 Scott Stirling
 West Newton, MA

 On 07 Jan 2001 13:44:34 -0800, Tony Wilson wrote:
  The best way to get around this, I think, is to use apache as a
 front end
  and connect Orion to it.
  There is excellent documentation on how to do this on
  www.orionsupport.com... when it comes up.  It think it is one of the
  featured links on the right hand menu.
 
  Apache runs anywhere, pretty much.
 
  What you do is start up apache as root.  Apache grabs whatever lower
  numbered ports it needs (including 80) and then changes its user to
  something else (usually 'nobody').  You change the configuration in
  /etc/httpd/conf/httpd.conf (at least on linux) and then you can
 connect to
  it using standard procedures supported by both apache and orion.
 
  The main benefit of this is that you can run jrun as whomever
 you would like
  ('orion' is a good username) and you only have to worry about the file
  permissions from that point on.
 
 
  You DEFINITELY don't want to run orion, or any other Servlet
 Container as
  root.  The main reason is security.  One of your developers could very
  easily write a piece of code that would wipe out the entire
 hard drive, or
  worse... and if anyone was able to hack in... all they would
 need to do is
  write up a jsp file, and they have all the access they want.
 
  Anyway.  The apache thing works for us.  We are able to do a
 lot of things
  with this.  One example is Virtual hosting.  Each developer is
 able to have
  their own instance of orion, running on their own virtual IP address, on
  their own code base and starting and stopping it on their own running as
  their own user.  Apache allows for this.
 
  Tony Wilson

Re: Are these Orion bugs?

[Serge Knystautas]

- Original Message -
From: "Mike Cannon-Brookes" [EMAIL PROTECTED]


 My guess is that the bug lies in the combination of JSP +
Multipart-Encoded
 + Tags. I tried to do the exact same thing as yourself (create a tag to
 upload files) a few weeks ago and gave up after not being able to do it.

 If you do manage, or would like a hand / fellow coder to bounce ideas
off -
 give me a bell.

The difference has nothing to do with GET or POST.  The issue is that the
POST is multipart/form-data encoded.  This encodes the post very differently
which the servlet API (and accordingly JSPs) do not support.  It does not
matter whether you're checking a file parameter or a "normal" parameter...
the entire form is encoded the same way.

You'll have to use a utility class or something to parse the input stream
from the request and read the parameter data.  I've got a tag library that
detects whether the form was multipart/form-data and accordingly parse the
data

Serge Knystautas
Loki Technologies
http://www.lokitech.com/