CMP and BLOB fields
Hi list! I have a CMP with a BLOB field and it does not work. I've read in the list archives that the EJB specifications explain that a CMP cannot have BLOB fields. I've changed the BLOB by a LONG RAW, and it has started to work. What's the difference between a BLOB and a LONG RAW? If the correct one is LONG RAW, why the Serializable objects are mapped to BLOBs instead of LONG RAWs? I'm using orion 1.4.5 with Oracle Thanks -- ·· Juan Fuentes Nieto Essi Projects [EMAIL PROTECTED]t +34 977 221 182 http://www.essiprojects.com f +34 977 230 170 ··
Re: Problems accessing remote EJBs
Hi, just curious: jndi_props.put(javax.naming.Context.SECURITY_PRINCIPAL,oops); jndi_props.put(javax.naming.Context.SECURITY_CREDENTIALS,oops); jndi_props.put(javax.naming.Context.PROVIDER_URL,ormi://196.129.237.124:23791/testapp); i entered wrong appname - server hangs forever! i entered wrong userid/passwd - no effect !?!?!?!? additional line (dont know exactly what this mean): jndi_props.put(dedicated.connection,true); the wrong userid/passwd throws an exception _not_ in new InitialContext(jndi_props); as excepted but in initial.lookup(ejb/Settings); ?!?!? ...and nothing works :( tia klaus Am Donnerstag, 20. September 2001 23:14 schrieben Sie: Hi Kesav, thanks for help, but it does not work (1.5.2 and 1.0.2.2.1) klaus Am Donnerstag, 20. September 2001 16:17 schrieben Sie: This is what exactly I also observer long back. In your first senario every thing works fine If you want to access remote ejb from jsp/servlets there is a small difference. 1)The lookup should not be java:comp/env/ the lookup should be directly to the ejb name. 2)You should not use PortableRemoteObject.narrow() after lookup. Example. If your ejb name is ejb/MyEJB Inside jsp/servlet jndi_props.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY,com.ev er mind.se rver.rmi.RMIInitialContextFactory); Context ctx = new InitialContext(jndi_props); Home home = (Home)ctx.lookup(ejb/MyEJB); //You get directly the reference to the home object Remote remote = homre.create(); remote.invoke(); Kesav Kumar Kolla Voquette Inc 650 356 3740(W) 510 889 6840(R) VoquetteDelivering Sound Information -Original Message- From: Klaus Thiele [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 3:02 AM To: Orion-Interest Subject: Problems accessing remote EJBs Hi all, (it drives me crazy...) i'm trying to access some ejbs from my webapp on another orion-server. 1) my application-client (with application-client.xml) works fine. jndi_props.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY,com.ev er mind.se rver.ApplicationClientInitialContextFactory); ... initial = new InitialContext(jndi_props); = Ok. rootctx = (Context)initial.lookup(java:comp/env); System.out.println(rootctx: +rootctx.toString()); == shows the contents of application-client.xml (=Context), Ok. 2) same source but (servlet or jsp-page(attached)) jndi_props.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY,com.ev er mind.se rver.rmi.RMIInitialContextFactory); ... initial = new InitialContext(jndi_props); = Ok. rootctx = (Context)initial.lookup(java:comp/env); System.out.println(rootctx: +rootctx.toString()); == Exception: java:comp/env not found Did i miss something? - where to get the Context? - whats wrong? 3) same as 2) but calling initial = new InitialContext(); = local access rootctx = (Context)initial.lookup(java:comp/env); System.out.println(rootctx: +rootctx.toString()); == shows webapp.war/web.xml (=Context), Ok. tia klaus btw: rmi.xml: server host=196.129.237.124 port=23791 username=admin password=secure/ orion-application.xml: ejb-module remote=true path=ejb-jar.jar / works (for all ejbs) if _both_ servers are 1.5.2 or oc4j-1.0.2.2.1. but then there are other bugs -- Klaus Thiele - Personal Informatik AG mailto:[EMAIL PROTECTED] Your mouse has moved. Windows must be restarted for the change to take effect. Content-Type: text/html; charset=iso-8859-1; name=Anhang: 1 Content-Transfer-Encoding: quoted-printable Content-Description: -- Klaus Thiele - Personal Informatik AG mailto:[EMAIL PROTECTED] Your mouse has moved. Windows must be restarted for the change to take effect.
IMPLEMENTING SECURITY AND AUTHENTIFICATION
I want to create some users for my application, map this users with pre-created roles, and then, know about how can I make the authentification. Please help me ! I must do it very, vey quickly !!! __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil: 656 62 83 92Fax: (+34) 914 586 176__
Re: about Authentication
Mars, We have a howto up at on our site regarding securing a directory using BASIC authentication. You can find it here: http://www.atlassian.com/article/securingdirectory.html Cheers, Scott -- Scott Farquhar :: [EMAIL PROTECTED] Atlassian :: http://www.atlassian.com Supporting YOUR J2EE World mars wrote: Dear , I have a question about use from certificate I got a problem .I don't know how to set the BASIC Authentication for my web via the Orion server. Thank's mars
Cannot find Oracle JDBC driver on HP/UX
I'v read the thread about loading the JDBC classes on a PA RISC system, and I have the same problem on HP/UX 11. Starting the Orion server in the Orion root path does not help, copying it into $JRE/lib does the job, but it seems to be an UGLY hack. Java HotSpot(TM) Server VM (build 1.3.1 1.3.1.00-release-010607-19:35-PA_RISC2.0 PA2.0, mixed mode) Orion 1.5.2 Any reaction would be very helpful.
re: CMP and BLOB fields
didn't catch the first time around -Original Message- From: The elephantwalker [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 1:32 AM To: Orion-Interest Subject: RE: CMP and BLOB fields Juan, If you make your cmp field a byte[], the type in Oracle will be BLOB in version 1.5.0 and above. You are almost there, however, BLOB's are not stored in the same way as other fields, and are therefore limited to 4k in Oracle with a Thin Driver. There is a way, however, to use BLOB's in a cmp, and within the spec. We do this on our web site, www.elephantwalker.com. Users can attach up to 4 MB of files to the message board at a time, and all of these are stored with a cmp/ejb. How do we do it? The cmp has the standard fields for a file: mime-type, size, name, creation date, modified date (and whatever else you want). We have business methods in the cmp which are setAttachment, getAttachment. Within the business method, a stateless session bean is used to put the byte[] in and out of the ejb. The stateless session bean does the down and dirty with jdbc to break the 4k barrier for the BLOB. On remove, the slsb also removes the BLOB. The disadvantage is we have to limit the size of any one file, for memory reasons. But you could easily chunk up the byte[] to get around this problem. We will be putting this up on our tips page soon, but until then, you can take a peak at the CLOB version of the stateless session bean at www.elephantwalker.com/rfa?id=86, the BLOB version is very similar. You will have to join, to look at this, but its free. regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Juan Fuentes Sent: Friday, September 21, 2001 12:34 AM To: Orion-Interest Subject: CMP and BLOB fields Hi list! I have a CMP with a BLOB field and it does not work. I've read in the list archives that the EJB specifications explain that a CMP cannot have BLOB fields. I've changed the BLOB by a LONG RAW, and it has started to work. What's the difference between a BLOB and a LONG RAW? If the correct one is LONG RAW, why the Serializable objects are mapped to BLOBs instead of LONG RAWs? I'm using orion 1.4.5 with Oracle Thanks -- ·· Juan Fuentes Nieto Essi Projects [EMAIL PROTECTED]t +34 977 221 182 http://www.essiprojects.com f +34 977 230 170 ··
fail to JNDI lookup session EJB from external client
I have created an orion-ejb-jar.xml descriptor for the Session bean Foo and Foo2, but I can't succeed in looking up the object using JNDI. The descriptor is located in META-INF/ in the EJB jar and looks like this: === orion-ejb-jar enterprise-beans session-deployment name=Foo location=foo-stateless/ session-deployment name=Foo2 location=foo-stateful/ /enterprise-beans /orion-ejb-jar === I'm not too sure the syntax is correct, any pointer to more information would be very usefull. The source I'm using is http://www.orionserver.com/docs/orion-ejb-jar.xml.html. The client stops with this error: === HP9000:~/src/BeanCommTest/FooBean/dist$ java TestFoo javax.naming.NameNotFoundException: foo-stateless not found at com.evermind.server.rmi.RMIContext.lookup(Unknown Source) at javax.naming.InitialContext.lookup(InitialContext.java:350) at TestFoo.main(TestFoo.java:29) === A few extra questions: 1 - Is it possible to deploy an EJB without using EAR application archives? Currently the only way I see, is to incorporate it in an EAR and deploy the latter into Orion. 2 - How can I see all bounded JNDI objects in the Orion server? I don't see any command options alike in admin.jar. 3 - Is there any way to increase logging verbosity? It would be very handy during introduction into the Orion environment. Thanks! -- Quote up, answer down.
please help me !!!! orion server crashed
Greetings, all, i am running. orion 1.5.2 on sun's jre 1.3.1. Recently orion is frequently being crashed after ruuning gor a few days; and sometimes even worse, after i restart orion, it is down immediately. The global-application log file s shows tons of exception for IOException , NullPionterException and SQLException. Could anyone tell me how orion handle exceptions; and under what conditions, orion would be forced to shut down? Could memory leak cause orion down? Our server' OS is windows NT 4.0. your suggestion and help is highly appreciated! hua
Strange debug error ??
Hellu everyone, When I start orion with the -Dhttp.virtualdirectory.debug=true (says the debug Orion doc's), I always get, the following error, whereas the applicaton runs perfect ? What is it and should I do something about it ? Eddie Error: --- java.lang.Throwable: setting contentLength to 195 at com.evermind.server.http.EvermindHttpServletResponse.setContentLength(Unknow n Source) at com.evermind.server.http.EvermindHttpServletResponse.sendRedirect(Unknown Source) at nl.unwired.sgs.vwr.web.login.doRequest(login.java:159) at nl.unwired.servlet.VelocityHttpServlet.doPost(VelocityHttpServlet.java:143) at javax.servlet.http.HttpServlet.service(HttpServlet.java:211) at javax.servlet.http.HttpServlet.service(HttpServlet.java:309) at javax.servlet.http.HttpServlet.service(HttpServlet.java:336) at com.evermind._cob._xdd(Unknown Source) at com.evermind._cob._shc(Unknown Source) at com.evermind._iz._rzc(Unknown Source) at com.evermind._iz._ft(Unknown Source) at com.evermind._ip.run(Unknown Source)
Marshalling excetpion
Title: Marshalling excetpion HERE2 HERE3 Exception:ProjectEdit.savePMBackupMgr(): Transaction was rolled back: Error preparing bean instance: com.evermind.transaction.MarshallingXAException; nested exception is: com.evermind.transaction.MarshallingXAException Display Project Exception: ProjectDisplay:showPage()Transaction was rolled back: Error preparing bean instance: com.evermind.transaction.MarshallingXAException; nested exception is: com.evermind.transaction.MarshallingXAException -- i keep getting this error ... and no other errors are getting thrown or printed out. I seemed to have noticed though ... it occurs more on pages that i am passing through LOADS of info .. is there something i am doing wrong? What makes this happen?? -Joseph Joseph Faisal Nusairat, Sr. Project Manager WorldCom tel: 614-723-4232 pager: 888-452-0399 textmsg: [EMAIL PROTECTED]
HELP !!! SECURITY
Ok... I have understand all about security but know, how and where can I activate a option to use a Orion-Based console or something else to control de User Name and Password ? __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6 B28036 MadridSPAINTel.: (+34) 914 577 747Mvil: 656 62 83 92Fax: (+34) 914 586 176__
RE: Questions about Orion
Thanks for your response. Few follow-up questions. By the way, Orion by itself can out do IIS by six to one!... In what scenario? ... make sure you test the jdbc drivers with all necessary uses of sql including things like LIMIT, CLOB, BLOB as well as 100's of open connections. These are the key database needs for a appserver servicing the web. What about resource/connection pooling? Like anything, if you run it on Windows, it will be compromised. I was asking more about known Orion vulnerabilities? Thanks, Vlad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of The elephantwalker Sent: Friday, September 21, 2001 1:08 AM To: Orion-Interest Subject: RE: Questions about Orion Vlad, Here are the answers as I know them: 1. SQL Server 2000 database -- That's a tough one. I don't know any IT managers recommending this beast. But if you got to live with it ... make sure you test the jdbc drivers with all necessary uses of sql including things like LIMIT, CLOB, BLOB as well as 100's of open connections. These are the key database needs for a appserver servicing the web. 2. Orion uses the Java 1.3 jvm from Sun, IBM or others. As they say, if it runs on one, it runs on all. 3. We use IBM's jvm with absolutely no problems. 4. Scalability is determined by your clustering needs. Orion clusters httpsessions in islands of two to four servers. Statefull Session Beans are not clustered, but entity beans and slsb's are easily set up in a clustered environment. Orion is easily the fastest jsp/servlet engine on the planet, and along with some very good performance numbers on the ejb side, you can out do other app servers by a factor of 3 to 1. By the way, Orion by itself can out do IIS by six to one! Oracle thought so much of the Orion performance, they licensed the software as the core of their j2ee application server. 5. j2ee security is used on Orion, you can implement your own user security, or link up with ldap, or use the builtin usermanagers for databases. SSL is also a feature of Orion, but I would recommend locking down your web server with SSL, or use a hardward accelerator, and proxying Orion outside the dmz. This is how most firms implement appservers. 6. Like anything, if you run it on Windows, it will be compromised. We have not had any security troubles with Linux RedHat 7.1 and orion. 7. Ironflare doesn't really provide the technical support that some need. With Ironflare's encouragement, companies like Flowsheet Technologies and others provide subscription based customer support for Orion. Join our site, www.elephantwalker.com, its free, and sign up for a subscription when you need some help. We also provide a course for Orion in the San Francisco Bay Area. regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vlad Vinogradsky Sent: Thursday, September 20, 2001 8:22 PM To: Orion-Interest Subject: Questions about Orion I am evaluating the Orion server for use in a production web site which would be hosted by a hosting services provider. It would run on a Windows 2000 box alongside other web sites serviced by IIS and will manage data in SQL Server 2000 database. I have a few questions I wasn't able to find answers to and I wonder if you can help me with them. 1. I wonder if anybody had any negative experience using Orion server on Windows 2000 or with SQL Server 2000? I-Net jdbc products are going to be used. 2. Any comments on performance, scalability and availability of the Orion server on Windows 2000? 3. What VM is best to use to run Orion server? 4. Does it have auto start and restart features? Do you have to have an interactive logon session to start it? 5. What security context does it run in? 6. What is Orion server security track record? Has it ever been compromised or taken out by DOS attacks? 7. Any comments on IronFlare's technical support? It looks like there is no live tech support - just email. All input is welcome. Thanks, Vlad
RE: HELP !!! SECURITY
David, The orionconsole application allows you to add and remove users, but it is VERY buggy, and not supported by IronFlare: java -jar orionconsole.jar Most of us write a admin web module to administer user's. Here are the relavent API's: 1. roleManager: This class can be instanced by using the following jndi lookup: RoleManager manager = (RoleManager)new InitialContext().lookup("java:comp/RoleManager"); It has things like addToRole, login, getPrincipal, and removePrincipal. This api is the class you should use to interact with a second api, usermanager. Check out the api here http://www.orionserver.com/docs/api/index.html. 2. UserManager: There are three of these builtin, - XMLUserManager. This one is used by the container for the global application, and users, and role/group mapping is stored in the principals.xml file of the orion/config directory. Since it is usually the parent of all other usermanagers, the principals.xml file should be included in each ear/META-INF directory with its own usersecurity. - DataSourceUserManager. This usermanager uses a database to store user information, groups, etc. - EJBUserManager. This usermanager uses an ejb to store user information, groups, etc. You can write your own user manager to interface with LDAP or any other security datastore. A good example is in http://www.orionsupport.com/articles/usermanager.html(orhttp://uk.orionsupport.com/articles/usermanager.html mirror). These security api's are specific to Orion, since there is no specification for how containers impement user security in j2ee. If you want to use user security, www.jollem.com has a draft tutorial on user security which talks about the specifics of configuring security for an application in orion. regards, the elephantwalker www.elephantwalker.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David BonillaSent: Friday, September 21, 2001 8:23 AMTo: Orion-InterestSubject: HELP !!! SECURITY Ok... I have understand all about security but know, how and where can I activate a option to use a Orion-Based console or something else to control de User Name and Password ? __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil: 656 62 83 92Fax: (+34) 914 586 176__
Configure CASTOR
Hallo, how could I use Castor within a Session Bean? How could I lookup the database in JNDI? db = (Database) ctx.lookup( java:comp/env/jdo/mydb ); Thanks to all!! Markus Hildebrandt
RE: Questions about Orion
Vlad, see comments... regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vlad Vinogradsky Sent: Friday, September 21, 2001 7:08 AM To: Orion-Interest Subject: RE: Questions about Orion Thanks for your response. Few follow-up questions. By the way, Orion by itself can out do IIS by six to one!... In what scenario? elephantwalker Orion serving up jsp pages compared to asp pages from IIS. /elephantwalker ... make sure you test the jdbc drivers with all necessary uses of sql including things like LIMIT, CLOB, BLOB as well as 100's of open connections. These are the key database needs for a appserver servicing the web. What about resource/connection pooling? elephantwalker Orion uses connection pooling for its ejbs, and you can specify connection pooling for your jdbc connections in orion with a DataSource configuration. /elephantwalker Like anything, if you run it on Windows, it will be compromised. I was asking more about known Orion vulnerabilities? elephantwalker AFAIK, there are none if you take the following steps: 1. Run orion as a non administor user. 2. Do not use any of the script based servlets, such as php. 3. User jdbc drivers that support encrypted network traffic. Oracle does this...I don't know about m$ sql server. However, Windows is known to have many security issues, and if your operating system security is compromised, the hackers will have access to the orion, and any other resources you have. I would recommend staying away from any windows system for any internet application because the windows record on security is so BAD. You should see my internet logs the last few days ;(...filled with requests for silly things on the c drive, something the frequently patched IIS is vulnerable to, but which orion justs sends back a 404. In the past two years, I have seen no similar failure of Orion, nor any complaints on the list. /elephantwalker Thanks, Vlad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of The elephantwalker Sent: Friday, September 21, 2001 1:08 AM To: Orion-Interest Subject: RE: Questions about Orion Vlad, Here are the answers as I know them: 1. SQL Server 2000 database -- That's a tough one. I don't know any IT managers recommending this beast. But if you got to live with it ... make sure you test the jdbc drivers with all necessary uses of sql including things like LIMIT, CLOB, BLOB as well as 100's of open connections. These are the key database needs for a appserver servicing the web. 2. Orion uses the Java 1.3 jvm from Sun, IBM or others. As they say, if it runs on one, it runs on all. 3. We use IBM's jvm with absolutely no problems. 4. Scalability is determined by your clustering needs. Orion clusters httpsessions in islands of two to four servers. Statefull Session Beans are not clustered, but entity beans and slsb's are easily set up in a clustered environment. Orion is easily the fastest jsp/servlet engine on the planet, and along with some very good performance numbers on the ejb side, you can out do other app servers by a factor of 3 to 1. By the way, Orion by itself can out do IIS by six to one! Oracle thought so much of the Orion performance, they licensed the software as the core of their j2ee application server. 5. j2ee security is used on Orion, you can implement your own user security, or link up with ldap, or use the builtin usermanagers for databases. SSL is also a feature of Orion, but I would recommend locking down your web server with SSL, or use a hardward accelerator, and proxying Orion outside the dmz. This is how most firms implement appservers. 6. Like anything, if you run it on Windows, it will be compromised. We have not had any security troubles with Linux RedHat 7.1 and orion. 7. Ironflare doesn't really provide the technical support that some need. With Ironflare's encouragement, companies like Flowsheet Technologies and others provide subscription based customer support for Orion. Join our site, www.elephantwalker.com, its free, and sign up for a subscription when you need some help. We also provide a course for Orion in the San Francisco Bay Area. regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vlad Vinogradsky Sent: Thursday, September 20, 2001 8:22 PM To: Orion-Interest Subject: Questions about Orion I am evaluating the Orion server for use in a production web site which would be hosted by a hosting services provider. It would run on a Windows 2000 box alongside other web sites serviced by IIS and will manage data in SQL Server 2000 database. I have a few questions I wasn't able to find answers to and I wonder if you can help me with them. 1. I wonder if anybody had any negative experience using Orion server on Windows 2000 or with SQL Server 2000? I-Net jdbc products are going to be
The Security (again)
Title: En blanco I discover myself how to get a dialog to put the login and password when my application starts, now, the problem is that... it doesn´t work properly !!! I write the correct login and password but the server doesn´t recognize it !!! Someboy has a good idea about what happens ? Thank you very much !!! __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil: 656 62 83 92Fax: (+34) 914 586 176__
RE: HELP !!! SECURITY
lo que? the orionconsole is run with: $orion# java -jar orionconsole.jar HTH, JP PS: mail me (in Spanish if you like) if that's not what you're looking for. An extended explanation would be appreciated -Original Message-From: David Bonilla [mailto:[EMAIL PROTECTED]]Sent: Viernes, 21 de Septiembre de 2001 11:23To: Orion-InterestSubject: HELP !!! SECURITY Ok... I have understand all about security but know, how and where can I activate a option to use a Orion-Based console or something else to control de User Name and Password ? __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6 B28036 MadridSPAINTel.: (+34) 914 577 747Mvil: 656 62 83 92Fax: (+34) 914 586 176__
RE: Questions about Orion
all inline -Original Message- From: Vlad Vinogradsky [mailto:[EMAIL PROTECTED]] Sent: Jueves, 20 de Septiembre de 2001 23:22 To: Orion-Interest Subject: Questions about Orion I am evaluating the Orion server for use in a production web site which would be hosted by a hosting services provider. It would run on a Windows 2000 box alongside other web sites serviced by IIS and will manage data in SQL Server 2000 database. I have a few questions I wasn't able to find answers to and I wonder if you can help me with them. 1. I wonder if anybody had any negative experience using Orion server on Windows 2000 or with SQL Server 2000? I-Net jdbc products are going to be used. I'm using W2k. Runs neat. SQL Server 2000, I used I-Net's drivers and everything worked fast and smooth. However I haven't used it intensly. 2. Any comments on performance, scalability and availability of the Orion server on Windows 2000? As with any W2k, use the lastest SP and hotfixes. The maximun number of _true_ threads W2k manages is 250 (1 uP, 1 GB RAM); about 75 are used by services, and if you'll have IIS there, you can't have more than 75-100 threads running without severe problems. Of course, If you'd ever have 100 concurrent users on a single orion, you'd be using a cluster(won't ya?). 3. What VM is best to use to run Orion server? For W2k, Sun's latest is the fastest. Have proof (and an NDA, so I can't reveal it). You can test, the results are almost humanly measurable. It's amazing how much Sun's VM has changed since 1.2.2. 4. Does it have auto start and restart features? Do you have to have an interactive logon session to start it? There are some utilities that allow you to run orion(or any java app) as a service. Search the list archives. 5. What security context does it run in? I think the elephantwalker covered that. You can implement your own UserManager; if you're thinking of auth against the PDC, yes, it can be done. You'd have to write your own UserManager, and then use JNI or J-Integra to call upon ADSI objects. 6. What is Orion server security track record? Has it ever been compromised or taken out by DOS attacks? There were fixed bugs. Also, dropped connections on long-execution pages do not kill the webserver thread, so there may be DOS vulnerabilities. even so, it's a whole lot better than IIS. And bugs don't have the same amount of press. 7. Any comments on IronFlare's technical support? It looks like there is no live tech support - just email. All input is welcome. Thanks, Vlad HT, JP
RE: Questions about Orion
Don't know about Orion but I am using MS/SQL Server 2000 with JSQLConnect JDBC drivers with both Borland and WebLogic Appservers. And, it is working very well. Bill G... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of The elephantwalker Sent: Thursday, September 20, 2001 10:08 PM To: Orion-Interest Subject: RE: Questions about Orion Vlad, Here are the answers as I know them: 1. SQL Server 2000 database -- That's a tough one. I don't know any IT managers recommending this beast. But if you got to live with it ... make sure you test the jdbc drivers with all necessary uses of sql including things like LIMIT, CLOB, BLOB as well as 100's of open connections. These are the key database needs for a appserver servicing the web. 2. Orion uses the Java 1.3 jvm from Sun, IBM or others. As they say, if it runs on one, it runs on all. 3. We use IBM's jvm with absolutely no problems. 4. Scalability is determined by your clustering needs. Orion clusters httpsessions in islands of two to four servers. Statefull Session Beans are not clustered, but entity beans and slsb's are easily set up in a clustered environment. Orion is easily the fastest jsp/servlet engine on the planet, and along with some very good performance numbers on the ejb side, you can out do other app servers by a factor of 3 to 1. By the way, Orion by itself can out do IIS by six to one! Oracle thought so much of the Orion performance, they licensed the software as the core of their j2ee application server. 5. j2ee security is used on Orion, you can implement your own user security, or link up with ldap, or use the builtin usermanagers for databases. SSL is also a feature of Orion, but I would recommend locking down your web server with SSL, or use a hardward accelerator, and proxying Orion outside the dmz. This is how most firms implement appservers. 6. Like anything, if you run it on Windows, it will be compromised. We have not had any security troubles with Linux RedHat 7.1 and orion. 7. Ironflare doesn't really provide the technical support that some need. With Ironflare's encouragement, companies like Flowsheet Technologies and others provide subscription based customer support for Orion. Join our site, www.elephantwalker.com, its free, and sign up for a subscription when you need some help. We also provide a course for Orion in the San Francisco Bay Area. regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vlad Vinogradsky Sent: Thursday, September 20, 2001 8:22 PM To: Orion-Interest Subject: Questions about Orion I am evaluating the Orion server for use in a production web site which would be hosted by a hosting services provider. It would run on a Windows 2000 box alongside other web sites serviced by IIS and will manage data in SQL Server 2000 database. I have a few questions I wasn't able to find answers to and I wonder if you can help me with them. 1. I wonder if anybody had any negative experience using Orion server on Windows 2000 or with SQL Server 2000? I-Net jdbc products are going to be used. 2. Any comments on performance, scalability and availability of the Orion server on Windows 2000? 3. What VM is best to use to run Orion server? 4. Does it have auto start and restart features? Do you have to have an interactive logon session to start it? 5. What security context does it run in? 6. What is Orion server security track record? Has it ever been compromised or taken out by DOS attacks? 7. Any comments on IronFlare's technical support? It looks like there is no live tech support - just email. All input is welcome. Thanks, Vlad
RE: Transaction question ?
No-- they're invoked in different transactions. Transactional activity maps directly to threads-- that is, the thread's id is the transaction id (so to speak). HTH, JP -Original Message- From: Stephen Davidson [mailto:[EMAIL PROTECTED]] Sent: Martes, 18 de Septiembre de 2001 13:32 To: Orion-Interest Subject: Re: Transaction question ? Eddie wrote: Hellu, Please some help on the following transaction scenario ?: I am receing some information through a HTTP post method. The servlet, running as part of a J2EE application, calls a EJB method A. The EJB method does some little processing. After this, it checks some conditions, and might do some more processing in an other EJB method B depending on the conditions (in the same method still). I want to call method B in a thread, such that the client, performing the HTTP request, isn't waiting too long. So I want to start method B in a thread, such that the initial EJB method A returns. How does the transacion model looks like in this case and it is wise to do it like this ? (My transaction attribute is set to Required and I am using CMP). I mean, is EJB method B, that runs in the thread executed in a new transaction, as the initial EJB method A returns, or does it run in the same db transaction as method A ? Eddie Hi Eddie. Launching threads in an EJB is against spec, as you may have noticed. What you may want to consider is using JMS. You would want to set up the EJB as a MessageDrivenBean, and then have the onMessage call method B. My understanding is that you can preserve the transaction/across through a message. -Steve -- Stephen Davidson Java Consultant Delphi Consultants, LLC http://www.delphis.com Phone: 214-696-6224 x208
Newbie question
Title: Newbie question I've been working with the Sun J2EE RI. What is the Orion analog to the Swing deployment application for Orion. Mainly I am looking for a tool to (semi-) automate the creation of EARS, WARS, the various .xml files etc. Thanks, Pito
Re: mySQL
Hi gurus, I have databases created in MS Access and using JDBC-ODBC for connection which is not great. My application have to hold under 30 connections. I tested my PC to run 20 instances of the program, and it worked. Does this mean that it will be working when installed on shared drive? I tried to switch to mySQL, butcannot yet find the JDBC driver for WindowsNT(only Linux). Also I need to export my databases from Access to MySQL which I have not found as well. May be there are some free JDBC drivers for Access which I am not aware. I make this program for non=profitable organization which has no money to buy drivers. Any help will be appreciated. Emeline From: Michael J. Cannon [EMAIL PROTECTED] Reply-To: Orion-Interest [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: Orion Security (WAS:RE:Questions About Orion) Date: Fri, 21 Sep 2001 15:27:42 -0500 Vlad, As in any App Server environment on the Web, the security vulnerabilities of the Orion App Server are on two fronts: Server-side: Orionserver Security Primer: http://www.jollem.com/~ernst/orion-security-primer/ Java Best Practices for Server-side Security: From Sun: J2EE: The Tutorial: http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Security.html The Security Blueprint: http://java.sun.com/j2ee/blueprints/eis_tier/security/index.html Platform Spec for v.1.3 (go to the Security Bookmark in the .pdf) http://java.sun.com/j2ee/j2ee-1_3-pfd4-spec.pdf Additionally, there are potential vulnerabilities in the HTTP server, the plug-in architecture (especially when using CGI and PHP, Python, Perl or Jpython scripts/executables - allowed in Orion and rather easy to do, as well as being very fast). There was a general discussion about Java-based HTTP webservers at the WWW Mobile code forum (link:http://www.securityfocus.com/templates/archive.pike?end=2001-09-22tid =196606start=2001-09-16list=107threads=0), but it didn't resolve anything. Bottom line: in general, currently both the HTTP and Java/J2EE functionality of the Orion Server is safe from all known exploits and vulnerabilities in the wild, with the possible exception of a DoS due to transparent proxying on the server (Cisco Routers and Xerox Printers, as well as most Cable and DSL modems are similarly vulnerable). Orion is no more vulnerable than Apache/Tomcat or IIS, and, as recent history has proven, is actually far less vulnerable than the Microsoft products for similar functionality (as well as being FAR faster and easier to develop for - Link: http://www.orionserver.com/benchmarks/benchmark.html , sadly, the BEAst will not allow Orion to continue to publlish stats, but you can read about that following the links:). The second major place that any J2EE AppServer is in the database. 'Nuff said, separate issue and separate practices. Use a secured (wrappered or tunneled with encruyption) HTTP or RMI connection to the database all JDBC connections. Secure the JDBC datastream and securew the database according to the best practices you may choose. The final place on the server-side that any J2EE or other App server is vulnerable is the environment. Nail down the ACLs for your specific environment and pay attention to the OS and the various other sevices and apps you are running on the box (including the security services - just had to repair a Symantec-installed hole left when they put their IDS tools on the production box!). Pay attention to domain and network issues, and keep the network clean and properly configured. Most Orion or Oracle penetrations I've seen/heard of were actually BIND exploits or port53 DNS issues. With the advent of NIMDA, we see another vector for attacks: the client program. With a few exceptions, Java AppServers are uniquely invulnerable to this new vector. Sun Client-side Security Note: http://java.sun.com/j2se/1.3.0/docs/guide/security/spec/security-specTOC.fm. html So, keep aware of general security threats, code to best practices, test developers' code for exploits before putting it into production (85% of all losses in the IT enterprise space are inside jobs) and be aware of normal security precautions. For Solaris tools see: http://www.solaris4you.dk/sunsolaris.html and, I'm testing the Astaro Security Linux implementation (and have installed it for 3 clients who use Orion or Oracle 9AS with OC4J) so far successfully. I include a few additional patches and configuration changes, but, in general it seems to work well. Link: http://www.astaro.com and http://www.astaro.org Comes with Enterprise VPN and AV support, too. Also having luck with Net Screen http://www.netscreen.com/products/index.html Hope all this was of assistance. Contact me offline if you have any more specific questions on Oracle, OAS or Orion Security. We also test Enterprise domain-level security and manage PKI infrastructures. Michael J. Cannon [EMAIL PROTECTED] PM/COO-hsqldb.org, Inc. http://hsqldb.org President, Ubiquicomm
I can't connect www.orionsupport.com site
Hi, all. I could connect orionsupport site a few days ago. but, I can't now. why? Did theserver down?
Orion 1.5.2 and Java 2 SDK 1.3.1
Do they work together? Thanks, Vlad
RE: Orion 1.5.2 and Java 2 SDK 1.3.1
Vlad, Its tough to get linux to work on a laptop, but we get Orion an Sun jdk1.3.1 working together on a Windows 98 laptop all of the time. Works fine. I would have to say Sun jdk1.3.1 is better than the previous release on windows systems. There have been issues with the client and server hot spot vm's with earlier versions, but 1.3.1 seems to have cleared this up. regards, the elephantwalker -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vlad Vinogradsky Sent: Friday, September 21, 2001 9:22 PM To: Orion-Interest Subject: Orion 1.5.2 and Java 2 SDK 1.3.1 Do they work together? Thanks, Vlad
RE: I can't connect www.orionsupport.com site
I think it is down at the moment - a more stable US mirror is being organised, please accept our apologies as this gets underway. As always you can try the mirrors: UK -uk.orionsupport.com Australia - au.orionsupport.com Germany- de.orionsupport.com Cheers, Mike Mike Cannon-Brookes :: [EMAIL PROTECTED] Atlassian :: http://www.atlassian.com Supporting YOUR J2EE World -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Á¤¿¹ÁöSent: Saturday, September 22, 2001 10:34 AMTo: Orion-InterestSubject: I can't connect www.orionsupport.com site Hi, all. I could connect orionsupport site a few days ago. but, I can't now. why? Did theserver down?
Re: I can't connect www.orionsupport.com site
orionsupport ¿ø·¡ ÀÌ»çÀÌÆ®´Â °¡²û ´Ù¿î µÇ´õ±º¿ä °ÅÀÇ ÁÖ±âÀûÀ¸·Î... - Original Message - From: Á¤¿¹Áö To: Orion-Interest Sent: Saturday, September 22, 2001 9:34 AM Subject: I can't connect www.orionsupport.com site Hi, all. I could connect orionsupport site a few days ago. but, I can't now. why? Did theserver down?