stored procedures and entity beans
I'm in the position of trying to migrate towards a j2ee/ejb architecture from one where most of the access logic (and to an extent, business methods) were in stored PL/SQL procedures in an Oracle 8i database. To keep from having to "reinvent the wheel"s of the stored procedures (and making the transition easier), are there any existing patterns or methods for utilizing stored procedures but still using EJB's? Is the answer simply "use BMP, put the stored procedures in load/store"? is there any orion-specific trick of defining a _query but using a stored procedure instead (can orion fetch from out variables instead of resultset? Thanks! James -- James Manning [EMAIL PROTECTED] GPG Key fingerprint = B913 2FBD 14A9 CE18 B2B7 9C8E A0BF B026 EEBB F6E4
orion on unix
Hi, I used to run orion on NT machine and now I have to deploy it on a Sun Sparc Solaris machine. Honestly, my knowledge on unix system admin is very limited. Ok, now I have this problem: I have untar the orion archieve to a folder called orion, this folder and all the files and subfolders under it are belongs to a user name 'orion', the group access permission for this folder (and all it's files) are also called 'orion'. When I log in to unix as user 'orion' and try to start up the app server by typing java -jar orion.jar, I get a message "Error starting HTTP-Server : Permission denied". I can only startup orion if I log in as root user. This is not acceptable because I can't let everyone to have root access just for starting up the orion server.(Our project still in the development phase so we need to start and stop the server quite often) I am puzzle with this error because I have already set the owner of all the files under orion folder to be 'orion', and orion app server is using it's own http-server internally so it shouldn't has any permission problem. I think that orion app server might try to access some of the unix system file which must have root access, if this is the case can someone tell me which file it it? Or is there any alternative work around for this problem? Thanks and best regards Lee
Native user support
Hello, An article on dcb.sun.com (http://dcb.sun.com/practices/profiles/orion_appserver.jsp) says native user support with Orion is available. "Unlike native Web servers such as Apache that utilize user IDs and security, Orion's Java technology-based system will run with the permissions of the user who started the server. Orion developers offer a security workaround by providing "native user" support for various platforms. With the appropriate library, you can start Orion with a given user ID to increase security and prevent malicious attacks. The "native user" support is available at: http://www.orionserver.com/private/native_user_support.tar.gz" Does anyone have experience with native user support with Orion? The http://www.orionserver.com/private/native_user_support.tar.gzis not a valid url (404), so can somebody send me this file? TIA Mathias Bogaert
Re: orion on unix
Hi, Hi, I used to run orion on NT machine and now I have to deploy it on a Sun Sparc Solaris machine. [...] starting HTTP-Server : Permission denied". I can only startup orion if I log in as root user. This is not acceptable because I can't let everyone to [...] Or is there any alternative work around for this problem? On a UNIX (or derivate) systems, only root can bind to the lower 1024 ports, this means you cannot start orion on the default HTTP port 80. There is an attribute of the web-site tag called "port" in the default-web-site.xml, typically the line should look like: web-site host="[ALL]" port="8080" display-name="Default Orion WebSite" Which will cause the webserver to bind to the 8080 port. You can access this page from a browser with the following url: http://server:8080/ hth, Robert.
RE: orion on unix
This is because the default http port 80 is privliged. If you don't want to run as root, reconfigure Orion to run on a non-privliged port such as 8080 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Heng Chee, Lee - SG Sent: 07 January 2001 08:54 To: Orion-Interest Subject: orion on unix Hi, I used to run orion on NT machine and now I have to deploy it on a Sun Sparc Solaris machine. Honestly, my knowledge on unix system admin is very limited. Ok, now I have this problem: I have untar the orion archieve to a folder called orion, this folder and all the files and subfolders under it are belongs to a user name 'orion', the group access permission for this folder (and all it's files) are also called 'orion'. When I log in to unix as user 'orion' and try to start up the app server by typing java -jar orion.jar, I get a message "Error starting HTTP-Server : Permission denied". I can only startup orion if I log in as root user. This is not acceptable because I can't let everyone to have root access just for starting up the orion server.(Our project still in the development phase so we need to start and stop the server quite often) I am puzzle with this error because I have already set the owner of all the files under orion folder to be 'orion', and orion app server is using it's own http-server internally so it shouldn't has any permission problem. I think that orion app server might try to access some of the unix system file which must have root access, if this is the case can someone tell me which file it it? Or is there any alternative work around for this problem? Thanks and best regards Lee
Re: orion on unix
There is a util available on Linux called "ipchains" that can redirect all requests from port 80 to 8080. After you set it up with root user, u can run Orion as non-root on port 8080 and without clients even noticing it. Find out if there is such a tool on Unix that u are running. Never run Orion as ROOT. Even Orion team says that there might be some security leaks if running Orion as root. There is tutorial that i've read @ www.orionsupport.com called "Running Orion on Linux" that has explanation about users and everything. Take a look maybe it will help. And ofcourse same website has tutorial named "Running Orion on Unix" maybe it has instructions that u need. I hope this helps -Anton - Original Message - From: "Ronald Hatcher" [EMAIL PROTECTED] To: "Orion-Interest" [EMAIL PROTECTED] Sent: Sunday, January 07, 2001 6:15 AM Subject: RE: orion on unix This is because the default http port 80 is privliged. If you don't want to run as root, reconfigure Orion to run on a non-privliged port such as 8080 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Heng Chee, Lee - SG Sent: 07 January 2001 08:54 To: Orion-Interest Subject: orion on unix Hi, I used to run orion on NT machine and now I have to deploy it on a Sun Sparc Solaris machine. Honestly, my knowledge on unix system admin is very limited. Ok, now I have this problem: I have untar the orion archieve to a folder called orion, this folder and all the files and subfolders under it are belongs to a user name 'orion', the group access permission for this folder (and all it's files) are also called 'orion'. When I log in to unix as user 'orion' and try to start up the app server by typing java -jar orion.jar, I get a message "Error starting HTTP-Server : Permission denied". I can only startup orion if I log in as root user. This is not acceptable because I can't let everyone to have root access just for starting up the orion server.(Our project still in the development phase so we need to start and stop the server quite often) I am puzzle with this error because I have already set the owner of all the files under orion folder to be 'orion', and orion app server is using it's own http-server internally so it shouldn't has any permission problem. I think that orion app server might try to access some of the unix system file which must have root access, if this is the case can someone tell me which file it it? Or is there any alternative work around for this problem? Thanks and best regards Lee
RE: orion on unix
You could run the following command in your script as root: ipchains -A input --destination-port 80 -p tcp -j REDIRECT 10080 Then su to the orion user and start orion on a port 1024 as non root, there is an article on orionsupport.com about this but it's down at the moment. Christian Billen -Original Message- From: Heng Chee, Lee - SG [SMTP:[EMAIL PROTECTED]] Sent: Sunday, January 07, 2001 2:54 AM To: Orion-Interest Subject:orion on unix Hi, I used to run orion on NT machine and now I have to deploy it on a Sun Sparc Solaris machine. Honestly, my knowledge on unix system admin is very limited. Ok, now I have this problem: I have untar the orion archieve to a folder called orion, this folder and all the files and subfolders under it are belongs to a user name 'orion', the group access permission for this folder (and all it's files) are also called 'orion'. When I log in to unix as user 'orion' and try to start up the app server by typing java -jar orion.jar, I get a message "Error starting HTTP-Server : Permission denied". I can only startup orion if I log in as root user. This is not acceptable because I can't let everyone to have root access just for starting up the orion server.(Our project still in the development phase so we need to start and stop the server quite often) I am puzzle with this error because I have already set the owner of all the files under orion folder to be 'orion', and orion app server is using it's own http-server internally so it shouldn't has any permission problem. I think that orion app server might try to access some of the unix system file which must have root access, if this is the case can someone tell me which file it it? Or is there any alternative work around for this problem? Thanks and best regards Lee
Re: File Upload Servlet
Hi, I solved the problem by writing a separate class to parse the ServletInputStream. It parses the stream for parameters passed and raw stream data. Works reat. What I did was I put all the ins and outs of the servlet in a separate class, -- I named it `FilePostHandler' -- and called the class in the servlet. No code has changed from the servlet -- Just isolated the code from the servlet. Then it works. I still wonder why it wasn't working. Thanks. Hello, folks! Happy new year! I wrote a servlet that uploads files to the server. The problem with the servlet is that it works but it takes too much time. I put a couple of print statements at the beginning of the servlet and at the end of the servlet for a debuging purpose. Both the print statements responded immediately and uploaded a file correctly. At the second upload, when I clicked on the upload button, nothing happended for a very long time and then started to print the two statements. The servlet part seems OK. The servlet itself is processed quickly enough as all the print statements prints almost at the same time. Now,, then what? Something must be taking process before the servlet call. I searched the orionsupport pages and found a cool class specially designed for uploading files, which is com.evermind.io.PostFileInputStream. This appeared great for the first time, but it started giving me the `500 Internal Server Error' as follows: 500 Internal Server Error java.lang.ArrayIndexOutOfBoundsException at java.lang.System.arraycopy(Native Method) at com.evermind.io.PostFileInputStream.read(JAX) at com.freightstream.servlet.FileUpload.writeOut(FileUpload.java:72) at com.freightstream.servlet.FileUpload.service(FileUpload.java:48) at javax.servlet.http.HttpServlet.service(HttpServlet.java) at com.evermind.server.http.d3.so(JAX) at com.evermind.server.http.d3.sm(JAX) at com.evermind.server.http.ef.su(JAX) at com.evermind.server.http.ef.dn(JAX) at com.evermind.util.f.run(JAX) What am I doing wrong? As usual, orion does not have much documentation on how to use the class. Please give me a clue. Any idea will help. Thanks a billion.
RE: orion on unix
Since Solaris doesn't have ipchains, you may have better luck using ssh port forwarding. something like ssh -L80:nnn.nnn.nnn.nnn:8080 orion@localhost Ron Hatcher -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Christian Billen Sent: 07 January 2001 16:20 To: Orion-Interest Subject: RE: orion on unix You could run the following command in your script as root: ipchains -A input --destination-port 80 -p tcp -j REDIRECT 10080 Then su to the orion user and start orion on a port 1024 as non root, there is an article on orionsupport.com about this but it's down at the moment. Christian Billen -Original Message- From: Heng Chee, Lee - SG [SMTP:[EMAIL PROTECTED]] Sent: Sunday, January 07, 2001 2:54 AM To: Orion-Interest Subject:orion on unix Hi, I used to run orion on NT machine and now I have to deploy it on a Sun Sparc Solaris machine. Honestly, my knowledge on unix system admin is very limited. Ok, now I have this problem: I have untar the orion archieve to a folder called orion, this folder and all the files and subfolders under it are belongs to a user name 'orion', the group access permission for this folder (and all it's files) are also called 'orion'. When I log in to unix as user 'orion' and try to start up the app server by typing java -jar orion.jar, I get a message "Error starting HTTP-Server : Permission denied". I can only startup orion if I log in as root user. This is not acceptable because I can't let everyone to have root access just for starting up the orion server.(Our project still in the development phase so we need to start and stop the server quite often) I am puzzle with this error because I have already set the owner of all the files under orion folder to be 'orion', and orion app server is using it's own http-server internally so it shouldn't has any permission problem. I think that orion app server might try to access some of the unix system file which must have root access, if this is the case can someone tell me which file it it? Or is there any alternative work around for this problem? Thanks and best regards Lee
Complex O/R and EJB 2.0 CMP
I've been trying to get started with some O/R stuff with orion, and have gone thru the orion-cmp primer, and the complex-or example. A few problems, is that the orion-cmp primer is very simplistic, and the complex-or example (from orionsupport, which is currently down) does not have any examples, or docs on how to create and use a client application to exercise the ejb cmp entities. Does anyone have any code/examples or info on this? I like the layout of the complex-or example more so than the orion-cmp primer, because it is not required to jar it up, and classes can just be recompiled, and run (if only I could run something against it). Also, what is the difference in the EJB 2.0 CMP and orion proprietary CMP. Servlet/JDBC is sure looking a bit simpler right now. Hopefully, some info and more examples are available to help get an environment setup with CMP EJB's, to work off of. -Darren __ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/
Re: orion on unix
Yes, but sudo will still run orion with UID 0. This will not improve security. Then you might as well make a group called 'orion', and put all the users that need access to orion into this group. Change the dir/file perms so that it is read/writable for these users. If you try to get orion to run non-root because of security, follow the example on orionsupport. --nils Scott M. Stirling([EMAIL PROTECTED])@Sun, Jan 07, 2001 at 01:49:15PM -0500: I think there is a better solution than using ipchains (which I'm not sure is supported anywhere but on Linux, and is bound to incurr some overhead, though I'm not sure if it would be significant), or at least an alternative. Install sudo if you haven't already. You have to configure sudo with the names/groups of users and their permissions. What sudo does is allow non-root users to execute super user commands and temporarily attain super user privileges for the purpose of executing commands. You can have users enter a password to use sudo, or you can configure sudo to allow users/groups to use it without a password. In any case, make sure the actual root password and the sudo password are different, that way no one needs to know the root password except root. To use sudo, once installed, you just prefix sudo to any command in order to use it: sudo reboot sudo java -jar orion.jar etc. http://www.courtesan.com/sudo/ On 07 Jan 2001 16:54:01 +0800, Heng Chee, Lee - SG wrote: Hi, I used to run orion on NT machine and now I have to deploy it on a Sun Sparc Solaris machine. Honestly, my knowledge on unix system admin is very limited. Ok, now I have this problem: I have untar the orion archieve to a folder called orion, this folder and all the files and subfolders under it are belongs to a user name 'orion', the group access permission for this folder (and all it's files) are also called 'orion'. When I log in to unix as user 'orion' and try to start up the app server by typing java -jar orion.jar, I get a message "Error starting HTTP-Server : Permission denied". I can only startup orion if I log in as root user. This is not acceptable because I can't let everyone to have root access just for starting up the orion server.(Our project still in the development phase so we need to start and stop the server quite often) I am puzzle with this error because I have already set the owner of all the files under orion folder to be 'orion', and orion app server is using it's own http-server internally so it shouldn't has any permission problem. I think that orion app server might try to access some of the unix system file which must have root access, if this is the case can someone tell me which file it it? Or is there any alternative work around for this problem? Thanks and best regards Lee -- Scott Stirling West Newton, MA
Re: Native user support
Are you sure that's not just JNDI? On Sun, 7 Jan 2001, Mathias Bogaert wrote: Hello, An article on dcb.sun.com (http://dcb.sun.com/practices/profiles/orion_appserver.jsp) says native user support with Orion is available. "Unlike native Web servers such as Apache that utilize user IDs and security, Orion's Java technology-based system will run with the permissions of the user who started the server. Orion developers offer a security workaround by providing "native user" support for various platforms. With the appropriate library, you can start Orion with a given user ID to increase security and prevent malicious attacks. The "native user" support is available at: http://www.orionserver.com/private/native_user_support.tar.gz" Does anyone have experience with native user support with Orion? The http://www.orionserver.com/private/native_user_support.tar.gz is not a valid url (404), so can somebody send me this file? TIA Mathias Bogaert
RE: orion on unix
The best way to get around this, I think, is to use apache as a front end and connect Orion to it. There is excellent documentation on how to do this on www.orionsupport.com... when it comes up. It think it is one of the featured links on the right hand menu. Apache runs anywhere, pretty much. What you do is start up apache as root. Apache grabs whatever lower numbered ports it needs (including 80) and then changes its user to something else (usually 'nobody'). You change the configuration in /etc/httpd/conf/httpd.conf (at least on linux) and then you can connect to it using standard procedures supported by both apache and orion. The main benefit of this is that you can run jrun as whomever you would like ('orion' is a good username) and you only have to worry about the file permissions from that point on. You DEFINITELY don't want to run orion, or any other Servlet Container as root. The main reason is security. One of your developers could very easily write a piece of code that would wipe out the entire hard drive, or worse... and if anyone was able to hack in... all they would need to do is write up a jsp file, and they have all the access they want. Anyway. The apache thing works for us. We are able to do a lot of things with this. One example is Virtual hosting. Each developer is able to have their own instance of orion, running on their own virtual IP address, on their own code base and starting and stopping it on their own running as their own user. Apache allows for this. Tony Wilson -Original Message- From: Heng Chee, Lee - SG [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 07, 2001 12:54 AM To: Orion-Interest Subject:orion on unix Hi, I used to run orion on NT machine and now I have to deploy it on a Sun Sparc Solaris machine. Honestly, my knowledge on unix system admin is very limited. Ok, now I have this problem: I have untar the orion archieve to a folder called orion, this folder and all the files and subfolders under it are belongs to a user name 'orion', the group access permission for this folder (and all it's files) are also called 'orion'. When I log in to unix as user 'orion' and try to start up the app server by typing java -jar orion.jar, I get a message "Error starting HTTP-Server : Permission denied". I can only startup orion if I log in as root user. This is not acceptable because I can't let everyone to have root access just for starting up the orion server.(Our project still in the development phase so we need to start and stop the server quite often) I am puzzle with this error because I have already set the owner of all the files under orion folder to be 'orion', and orion app server is using it's own http-server internally so it shouldn't has any permission problem. I think that orion app server might try to access some of the unix system file which must have root access, if this is the case can someone tell me which file it it? Or is there any alternative work around for this problem? Thanks and best regards Lee
RE: User guide: My Comments
Add the mailing list archive, which is invaluable, to your list, and I think you have definitely covered it. The only times these sources have failed us have been actual bugs, so I guess you need to add the bug DB to the list also. tim. i think you will all find that most of the questions you will ask can be answered by reading the Specs ie EJB, servlet, jsp etc. With the combination of these Specs (very important) the minimal orion documentation and the sample and tutorials you have all the documentation you need. You just have to put it all together. And my opinion is that if you find something out for your self you are less likely to forget it. You can't be hand held all the time :) -Original Message- From: Ray Harrison [mailto:[EMAIL PROTECTED]] Sent: Friday, January 05, 2001 8:37 PM To: Orion-Interest Subject: Re: User guide There's more info and examples,etc on www.orionsupport.com. Check it out. --- Laurent Vansuypeene [EMAIL PROTECTED] wrote: hi everybody, I need to evaluate orionserver but i don't find any user guide on the site and the documentation is quiet not enough. For example, i want to know how to define servlet context, EJB2.0 (how to define EQL, where are the generated stub...) Has someone a user guide ? Thanks in advance __ BoƮte aux lettres - Caramail - http://www.caramail.com __ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/
RE: Are these Orion bugs?
My guess is that the bug lies in the combination of JSP + Multipart-Encoded + Tags. I tried to do the exact same thing as yourself (create a tag to upload files) a few weeks ago and gave up after not being able to do it. If you do manage, or would like a hand / fellow coder to bounce ideas off - give me a bell. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Huibert Aalbers Indaberea Sent: Monday, January 08, 2001 9:44 AM To: Orion-Interest Subject: Re: Are these Orion bugs? Actually I am doing something like pageContext.getServletRequest().getParameter("HiddenField) inside a custom tag. I believe that the problem may be related to the fact that I am doing this inside a custom tag called from within a JSP page, inside of doing it in a servlet, which is a well proven way to do it. I am doing it this way to separate the HTML from the java code. Huibert on 1/7/01 3:39 PM, Tim Endres at [EMAIL PROTECTED] wrote: The first problem is that I cannot use request.getParameter() to check the value of "normal" field (as opposed to a "file" parameters). I assumed that this was normal and that I had to examine the request header to do the trick. Is this correct? HttpServletRequest.getParameter() works fine for me. Maybe your problem lies in the fact that you are using it under HttpServlet.doGet() as opposed to doPost()? In other words, does your FORM element include the attribute METHOD="POST"? Here is code that works fine for me under doPost(): Enumeration enum = httpReq.getParameterNames(); for ( ; enum.hasMoreElements() ; ) { String name = (String) enum.nextElement(); String value = req.getParameter( name ); } tim.
ejb deployment problem
hello, i'm developing ejb using jbuilder4.The EJBs work well in inprise app server. when i deploy it to orion,it works too. but i found the datasource that i specified doesn't be used,orion uses a default datasource (HSQL) service my EJBs.WHY ? can somebody help me? thanks in advance. ahfei [EMAIL PROTECTED]
RE: orion on unix
Scott, There is some JNI code to do this on OrionSupport - should be up soon. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Scott M. Stirling Sent: Monday, January 08, 2001 11:44 AM To: Orion-Interest Subject: RE: orion on unix I was going to suggest something similar, which is to start up Orion as root and then have the process change UID to a non-root user, just like Apache. But starting the process as root is precisely the thing the user was trying to avoid. Throwing Apache in the front end is bound to decrease performance, versus using Orion's HTTP server. It's certainly the easiest (and a good portable one -- better than ipchains) solution, but I didn't mention because it defeats the purpose of using Orion as the web server for performance. The security problems with running an app server as root can be dealt with by using Java policy files. I've written them for JRun in the past, to restrict access to just the directories, files and ports necessary. But running an app server is a risky proposition anyway. Even if it's not running as root it probably has access to all your businesses' critical data via database access and Web-based business transactions; people's credit card numbers, etc. These are much more valuable than the files on your file system. The real problem expressed by the original email is that regular restarts of the server are necessary. All Java app servers suffer from this in one place or another. Eventually, they'll all have to be able to dynamically reload configuration settings, and any class or component. Orion is all ready well on the way toward that goal with dynamic reload of ears, EJB jars, servlets, etc. A related problem is the distinction between development and production -- why can't each developer belong to the same group, have them all stop and start Orion on a port above 1024 for development purposes, and then deal with this port 80 problem when it's time to move production. In most organizations I've dealt with, the developers aren't the ones stopping and starting the production server anyway. Scott Stirling West Newton, MA On 07 Jan 2001 13:44:34 -0800, Tony Wilson wrote: The best way to get around this, I think, is to use apache as a front end and connect Orion to it. There is excellent documentation on how to do this on www.orionsupport.com... when it comes up. It think it is one of the featured links on the right hand menu. Apache runs anywhere, pretty much. What you do is start up apache as root. Apache grabs whatever lower numbered ports it needs (including 80) and then changes its user to something else (usually 'nobody'). You change the configuration in /etc/httpd/conf/httpd.conf (at least on linux) and then you can connect to it using standard procedures supported by both apache and orion. The main benefit of this is that you can run jrun as whomever you would like ('orion' is a good username) and you only have to worry about the file permissions from that point on. You DEFINITELY don't want to run orion, or any other Servlet Container as root. The main reason is security. One of your developers could very easily write a piece of code that would wipe out the entire hard drive, or worse... and if anyone was able to hack in... all they would need to do is write up a jsp file, and they have all the access they want. Anyway. The apache thing works for us. We are able to do a lot of things with this. One example is Virtual hosting. Each developer is able to have their own instance of orion, running on their own virtual IP address, on their own code base and starting and stopping it on their own running as their own user. Apache allows for this. Tony Wilson
Re: Are these Orion bugs?
- Original Message - From: "Mike Cannon-Brookes" [EMAIL PROTECTED] My guess is that the bug lies in the combination of JSP + Multipart-Encoded + Tags. I tried to do the exact same thing as yourself (create a tag to upload files) a few weeks ago and gave up after not being able to do it. If you do manage, or would like a hand / fellow coder to bounce ideas off - give me a bell. The difference has nothing to do with GET or POST. The issue is that the POST is multipart/form-data encoded. This encodes the post very differently which the servlet API (and accordingly JSPs) do not support. It does not matter whether you're checking a file parameter or a "normal" parameter... the entire form is encoded the same way. You'll have to use a utility class or something to parse the input stream from the request and read the parameter data. I've got a tag library that detects whether the form was multipart/form-data and accordingly parse the data Serge Knystautas Loki Technologies http://www.lokitech.com/