Re: Various levels of security, how do you do it?
Hi Alex, AFAIK, the only things you have when using JSDK specified security are those you mention: Defining roles in web.xml and using isUserInRole() inside your code. We thought it could have done better and we pointed out the shortcomings, like your second option, to the spec guys. They answered that that was right, but as pretty much nobody was complaining about it, they assumed it was a feature that was not required. So we ended up implementing our own security architecture that handles this kind of things nicely. Our system allows you to specify the security requirements per-request, so you can specify a different domain depending on the parameters (like which object the operation is going to be performed upon) and the environment (like which user is authenticated). These settings are specified through interfaces and abstract classes, so it wouldn't be too hard to create a specificacion using them. There are some other shortcomings that forced us to implement our own solution, but I won't get into detail. Sorry about the long answer, the short one that I was told by the spec guys was no, that's everything that you have. regards, D Alex Paransky wrote: We are in a process of developing an application, and are looking for ways to implement security, we have the following requirements: 1. There are operations that certain members cannot perform in general 2. There are operations that certain members cannot perform relative to an object (owner vs non-owner) What are some of the mechanims that you are using to deal with these problems. I assume, in the first case you can use deployment descriptor. Also isInRole query can be made to determine if particular option should be shown to the user during the .JSP processing. The second option is a bit more difficult to implement, since a particular user can be an owner of some objects but not others. How can this requirement be implemented? Thanks. -AP_
HTTP response help please ?
Hellu,
Please some HTTP response help as it drives me grazy.
I have a tiny java program (originaly it is part of the EJB but I extrated
it to a stand-alone program for testing) that opens a Url connection and
sends something through a Stream. It then reads the response from the input
stream.
The strange thing is that some a jsp, and asp give me an error when trying
to open the input stream when to get the respons. I am a bit confused and
don't know the exact requirements of the receiving side to not receive this
respons error.
When I make connection to an empty asp I don't have any error, but to an asp
that has some code, I do get an error. When calling my servlets I don't get
any error. it looks like the called page should return something in a proper
way otherwhise the receiving side doesn't understand it... or something like
that. Search a lot on the web. nothing :(
Please some help on this.
Here is the code snap, used trying to solve the problem :
-
public static void main(String[] args) {
HttpURLConnection connection=null;
DataOutputStream out=null;
if (args.length!=1) {
System.out.println(To less input parameters detected);
System.exit(-1);
}
String url=args[0];
try {
System.out.println(Trying to connect to +url);
URL urlCon = new URL(url); // open connection with remote server
connection = (HttpURLConnection) urlCon.openConnection();
connection.setDoOutput(true); // indicate the we want to write output.
connection.setDoInput (true); // indicate the we expect input.
connection.setUseCaches (false); // no cache.
String bla=SOMETHING;
connection.setRequestProperty(CONTENT_LENGTH, + sms.length());
out = new DataOutputStream(connection.getOutputStream());
System.out.println(Trying to send: +bla);
out.writeBytes (bla);
out.flush ();
out.close(); // free shared resources.
// Getting response code/string from remote server.
DataInputStream input;
InputStream resStrm = connection.getInputStream ();
// HERE IS WERE
COMPLAINS.
int res = connection.getResponseCode();
System.out.println(Return: +res);
input = new DataInputStream (resStrm);
String str;
while (null != ((str = input.readLine(
System.out.println (str);
-
The error:
--
java.io.FileNotFoundException: http://10.17.17.213/m2u/interfaces/g
aap.asp at sun.net.www.protocol.http.HttpURLConnection.getInputStre
am(Unknown Source) at java.net.HttpURLConnection.getResponseCode(Unknown
Source)
at connect2Url.main(connect2Url.java:49)
---
The test jsp to receive it, that doesn't work:
System.out.println(Receiving something);
BufferedReader in = new BufferedReader(new
InputStreamReader(request.getInputStream()));
String inputLine = ;
String totLine = ;
while ((inputLine = in.readLine()) != null) {
totLine = totLine + inputLine;
}
in.close(); // close input stream.
System.out.println(Received: +totLine);
response.setContentType(text/html);
response.setStatus(200);
When I call an empty asp page it all goes well ... :(
Regards,
Ed Bras
RE: User exceptions from EJB
What is the superclass of DocumentSecurityException?
If not Exception, try with superclass as Exception.
I think if the exception inherits RuntimeException or
EJBException, you may find that it doesn't reach client.
Tell me if I am wrong!
Hope it helps... seeya.
- UnicMan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Sergey G.
Aslanov
Sent: Tuesday, November 13, 2001 12:41 PM
To: Orion-Interest
Subject: User exceptions from EJB
Hello All
I try to throw business exception from finder method of my entity EJB:
public Collection ejbFindByUniLinks(int obj2, int n2)
throws FinderException, DocumentSecurityException
^
but it doesn't reach the client level.
In home interface wrapper I found this lines:
==
...
java.util.Collection response = null;
...
try
{
response =
((ru.cboss.components.document.ejb.DocumentEJB)finderContext.objec
t).ejbFindByUniLinks(argument0, argument1);
// My finder method is called, here exception is thrown.
// response was not initialized!
}
catch(ru.cboss.components.document.exceptions.DocumentSecurityException e)
{
methodException = e;
// Exception is catched here
}
catch(javax.ejb.FinderException e)
{
methodException = e;
}
catch(Throwable e)
{
if(thread.transaction != null)
setRollbackOnly(thread.transaction, e.toString(), e);
this.log(e);
methodException = EJBUtils.getUserException(e, !created);
}
java.util.Collection collection = new java.util.ArrayList();
Iterator iterator = response.iterator();
// Because finder method throwed exception, response variable was not
// initialized and was left null,
// so this line cause NullPointerException, wich comes to the
// client level!
...
==
Is it a bug?
How can I deliver error message from finder method in a different way?
--
Best regards,
Sergey G. Aslanov mailto:[EMAIL PROTECTED]
Re[2]: User exceptions from EJB
U What is the superclass of DocumentSecurityException?
U If not Exception, try with superclass as Exception.
DocumentSecurityException inherits Exception...
U I think if the exception inherits RuntimeException or
U EJBException, you may find that it doesn't reach client.
U Tell me if I am wrong!
U Hope it helps... seeya.
U - UnicMan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Sergey G.
Aslanov
Sent: Tuesday, November 13, 2001 12:41 PM
To: Orion-Interest
Subject: User exceptions from EJB
Hello All
I try to throw business exception from finder method of my entity EJB:
public Collection ejbFindByUniLinks(int obj2, int n2)
throws FinderException, DocumentSecurityException
^
but it doesn't reach the client level.
In home interface wrapper I found this lines:
==
...
java.util.Collection response = null;
...
try
{
response =
((ru.cboss.components.document.ejb.DocumentEJB)finderContext.objec
t).ejbFindByUniLinks(argument0, argument1);
// My finder method is called, here exception is thrown.
// response was not initialized!
}
catch(ru.cboss.components.document.exceptions.DocumentSecurityException e)
{
methodException = e;
// Exception is catched here
}
catch(javax.ejb.FinderException e)
{
methodException = e;
}
catch(Throwable e)
{
if(thread.transaction != null)
setRollbackOnly(thread.transaction, e.toString(), e);
this.log(e);
methodException = EJBUtils.getUserException(e, !created);
}
java.util.Collection collection = new java.util.ArrayList();
Iterator iterator = response.iterator();
// Because finder method throwed exception, response variable was not
// initialized and was left null,
// so this line cause NullPointerException, wich comes to the
// client level!
...
==
Is it a bug?
How can I deliver error message from finder method in a different way?
--
Best regards,
Sergey G. Aslanov mailto:[EMAIL PROTECTED]
--
Sergey G. Aslanov
CBOSS Group,
Web-technologies department
mailto:[EMAIL PROTECTED]
tel: +7 095 7555655
Re: How can I start Orion Server as a service in WindowsNT/2000 ?
I recently went through the Orion on NT ordeal (I usually work on Unix/Linux) and found some new info, so I thought I would pass it along. To masquerade Orion as a service, I'm using SRVSTART.EXE from Nick Rozanski ( http://www.nick.rozanski.com/software.htm http://www.nick.rozanski.com/binaries/srvstart_run.v110.zip). The software is open source and has lots of nice startup shutdown options. Here is my config: [Orion] env=JAVA_HOME=C:\jdk1.3.1 path=C:\jdk1.3.1\bin;C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\WINNT\system32\nls;C:\WINNT\system32\nls\English startup=C:\jdk1.3.1\bin\javaw.exe -Xrs -jar orion.jar -out log\orion.out -err log\orion.err startup_dir=c:\orion shutdown_method=command shutdown=C:\jdk1.3.1\bin\javaw -Xrs -jar c:\orion\admin.jar ormi://localhost/ admin 123 -shutdown force auto_restart=y restart_interval=15 Another thing I found is that JDK 1.3.1 has a command line option (-Xrs) that disables console signals, so the JVM will not shutdown when the user logs out. Hope this helps, Bob From: Vu Le Hung [EMAIL PROTECTED]@orionserver.com on 11/14/2001 10:00 AM ZE7 Please respond to Orion-Interest [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] cc: Subject: Re: How can I start Orion Server as a service in Windows NT/2000 ? Dear all, I tried many ways as some of you proposed 1. Use JNT 2. Use JVMI2 3. Use RunExecSvc What I got is that I had Orion service added to my system (as a Automatic service) but - This service does not start automatically when my computer boots up. - Even after I start it by hand successfully, the Http Server doesn't start with the Orion service. (i.e. I can't get to my home page installed in my computer by typing my IP address in IE) Any one know why ??? Please give me an idea. Thanks. By the way, my system configuration is + PIII 667MHz 128MB RAM + Win2000 Advanced Server + JDK1.3 + Orion 1.4.5 demo version. My website work fine when I start Orion manually. Yours, Vu Le Hung - Original Message - From: Justin Crosbie To: Orion-Interest Sent: Monday, November 12, 2001 4:49 PM Subject: RE: How can I start Orion Server as a service in Windows NT/2000 ? Hi Vu, You need the JNT application from http://www.eworksmart.com/JNT/ Install this and type a command similar to the following, from where you installed Orion: jnt /InstallAsService:Orion Application Server /SD[ORION_HOME] -jar orion.jar where [ORION_HOME] is where you installed Orion. Worked for me, anyway. I had a job getting other java apps to run using this tool though :( This has come up in the list before, so do a search on the archive for more info. One thing I have noticed is that Orion runs slower this way than if you start it from a command prompt. Anyone know anything about this? I've asked this before. Cheers, Justin -Original Message- From: Vu Le Hung [mailto:[EMAIL PROTECTED]] Sent: 12 November 2001 04:38 To: Orion-Interest Subject: How can I start Orion Server as a service in Windows NT/2000 ? Dear all, I'm trying to find a way to start Orion Server as a service in WindowsNT/2000 ( i.e. Orion will be started automatically when my computer startup without any user interaction). Any one know how to do this ? I tried this as below but it failed 1. Write an small Win32 application startorion.exe that calls java -jar orion.jar 2. Register it as a automatic service (named MyService) with Win2000 using Service Installation Wizard tool in the Windows 2000 Server Resource Kit. 3. Restart my computer. Then I can find item MyService in the list of all available services in my computer. But this service can not be start. Any idea ??? Thanks in advance. Vu Le Hung
Re: Using a Message Driven Bean to put in another Queue does not work with 1.5.2 / OC4J
Title: Using a Message Driven Bean to put in another Queue does not work with 1.5.2 / OC4J
There is a serious problem in queueconnections in
orion. If you try to obtain queueconnection in MDB you will run into some
kind of deadlocks. I am not even sure what is the behaviour of this It
gave me the exactly same problem when I tried to implement.
The alternate to this is write a Session Bean for
submitting messages to queue. I wrote a SessionBean which just submits
given message to specified queue. You can write all queueconnection and
queue lookups in ejbCreate of the session bean.
Kesav Kumar
- Original Message -
From: [EMAIL PROTECTED]
To: Orion-Interest
Sent: Tuesday, November 13, 2001 3:20 PM
Subject: Using a Message Driven Bean to put in another Queue does
not work with 1.5.2 / OC4J
We have a MDB that processes messages, we need it to put the
results in ANOTHER queue.
This does not work right now, as per a couple of examples I
found on the web this is what we are trying
public void ejbCreate() throws EJBException,
CreateException { try {
InitialContext context = new InitialContext();
QueueConnectionFactory conFactory = ( QueueConnectionFactory )context.lookup(
CONNECTION_FACTORY ); //
^ //
Create a JMS connection
this.connection = conFactory.createQueueConnection(); //
Create a JMS session object
this.session = connection.createQueueSession( false, Session.AUTO_ACKNOWLEDGE
); //
Start the connection so we can use it
this.connection.start(); //
Lookup a JMS queue
this.searchResultsQueue = ( Queue )context.lookup( QUEUE_NAME );
//
Create a JMS sender
this.sender = session.createSender( this.searchResultsQueue );
} catch ( Exception e )
{ //
error is logged by our logging service }
the line that looks up the connection factory fails
if we move this to onMessage() it works, where should this go
to avoid creating this on EVERY message.
ejbCreate() is the "CORRECT" place as per all the examples and
everything else.
Jarrod Roberson
RE: Using a Message Driven Bean to put in another Queue does not work with 1.5.2 / OC4J
Title: RE: Using a Message Driven Bean to put in another Queue does not work with 1.5.2 / OC4J
We figured out what the problem is.
The beans are being deployed before the JNDI tree is initialized or something.
As long as the QueueConnectionFactory is gotten in the onMessage() it works.
I just put an if() block around the try/catch block to see if this.connection == null
if it is I initialize everything, else I just use the static methods.
This needs to be FIXED. ejbCreate it the place to put this code and ejbRemove is where the clean up
code should be.
Thanks for all the replies.
-Original Message-
From: Kesav Kumar [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 14, 2001 10:07 AM
To: Orion-Interest
Cc: [EMAIL PROTECTED]
Subject: Re: Using a Message Driven Bean to put in another Queue does not work with 1.5.2 / OC4J
There is a serious problem in queueconnections in orion. If you try to obtain queueconnection in MDB you will run into some kind of deadlocks. I am not even sure what is the behaviour of this It gave me the exactly same problem when I tried to implement.
The alternate to this is write a Session Bean for submitting messages to queue. I wrote a SessionBean which just submits given message to specified queue. You can write all queueconnection and queue lookups in ejbCreate of the session bean.
Kesav Kumar
- Original Message -
From: [EMAIL PROTECTED]
To: Orion-Interest
Sent: Tuesday, November 13, 2001 3:20 PM
Subject: Using a Message Driven Bean to put in another Queue does not work with 1.5.2 / OC4J
We have a MDB that processes messages, we need it to put the results in ANOTHER queue.
This does not work right now, as per a couple of examples I found on the web this is what we are trying
public void ejbCreate() throws EJBException, CreateException
{
try
{
InitialContext context = new InitialContext();
QueueConnectionFactory conFactory = ( QueueConnectionFactory )context.lookup( CONNECTION_FACTORY );
// ^
// Create a JMS connection
this.connection = conFactory.createQueueConnection();
// Create a JMS session object
this.session = connection.createQueueSession( false, Session.AUTO_ACKNOWLEDGE );
// Start the connection so we can use it
this.connection.start();
// Lookup a JMS queue
this.searchResultsQueue = ( Queue )context.lookup( QUEUE_NAME );
// Create a JMS sender
this.sender = session.createSender( this.searchResultsQueue );
}
catch ( Exception e )
{
// error is logged by our logging service
}
the line that looks up the connection factory fails
if we move this to onMessage() it works, where should this go to avoid creating this on EVERY message.
ejbCreate() is the CORRECT place as per all the examples and everything else.
Jarrod Roberson
RE: How can I start Orion Server as a service in Windows NT/2000 ?
Most likely you have not shut down another HTTP server which is listening on the same port (probably IIS). Either disable the other service, or use the Orion HTTP server on a different port. -Original Message-From: Vu Le Hung [mailto:[EMAIL PROTECTED]]Sent: Tuesday, November 13, 2001 7:00 PMTo: Orion-InterestSubject: Re: How can I start Orion Server as a service in Windows NT/2000 ? Dear all, I tried many ways as some of you proposed 1. Use JNT 2. Use JVMI2 3. Use RunExecSvc What I got is that I hadOrion service added to my system (as a Automatic service) but - This service does not start automatically when my computer boots up. - Even after I start it by hand successfully, the Http Server doesn'tstart withtheOrion service. (i.e. I can't get to my home page installed in my computer by typing my IP address in IE) Any one know why ??? Please give me an idea. Thanks. By the way, my system configuration is : + PIII 667MHz 128MB RAM + Win2000 Advanced Server + JDK1.3 + Orion 1.4.5 demo version. My website work fine when I start Orionmanually. Yours, Vu Le Hung - Original Message - From: Justin Crosbie To: Orion-Interest Sent: Monday, November 12, 2001 4:49 PM Subject: RE: How can I start Orion Server as a service in Windows NT/2000 ? Hi Vu, You need the JNT application from http://www.eworksmart.com/JNT/ Install this and type a command similar to the following, from where you installed Orion: jnt "/InstallAsService:Orion Application Server" "/SD[ORION_HOME]" -jar orion.jar where [ORION_HOME] is where you installed Orion. Worked for me, anyway. I had a job getting other java apps to run using this tool though :( This has come up in the list before, so do a search on the archive for more info. One thing I have noticed is that Orion runs slower this way than if you start it from a command prompt. Anyone know anything about this? I've asked this before. Cheers, Justin -Original Message-From: Vu Le Hung [mailto:[EMAIL PROTECTED]]Sent: 12 November 2001 04:38To: Orion-InterestSubject: How can I start Orion Server as a service in Windows NT/2000 ? Dear all, I'm trying to find a way to start Orion Server as a service in WindowsNT/2000( i.e.Orion will be started automatically when my computer startup without any user interaction). Any one know how to do this ? I tried this as below but it failed : 1. Write an small Win32 application "startorion.exe" that calls "java -jar orion.jar" 2. Register it as a automatic service (named MyService) with Win2000 using "Service Installation Wizard" tool in the Windows 2000 Server Resource Kit. 3. Restart my computer. Then I can find item "MyService" inthe list of all available services in my computer. But this service can not be start. Any idea ??? Thanks in advance. Vu Le Hung
JDBC Driver for DB2/400
Hi , I am looking for JDBC driver which can be used in orion server for DB2/400 (i.e for AS/400). I tried to find on web but I was not able to find it. I am looking for JDBC Driver for DB2 where DB2 is on AS400 and client is Windows NT/2000. Any Help is appriciated. Thanks Ritesh Shah
load-on-startup
It seems that orion loads a servlet only when load-on-start in the web.xml is present and also the load-on-startup is set to true in the default-web-site.xml file. My understanding was that it should be sufficient to set the load-on-startup in the web.xml. Has anybody has a similar experience? -roman _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Re: Message Driven Beans
Are you new to this mailing list? There are countless postings regarding Orion MDBs. IMHO, you can't get much more bleeding edge than Orion. Check the archives... - Joe -Original Message- From: El Jeffo [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] Date: Wednesday, November 14, 2001 8:59 PM Subject: Message Driven Beans I must have totally missed it, does orion or will orion support message driven beans soon? If so, could you provide a few details to just point me in the right direction? If orion won't support this in the next month, would you recommend another server which might do the job well? I like orion for its simplicity, but sometimes I need more bleeding edge stuff too. Jeff
Mapping entity bean with ldap objects
Hi, I'm using LDAP as my backend instead of database. I've written BMP for this application. I've couple of queries here. I would like to have some kind of pooling just like db connection pool. Also, is there any plan to support LDAP for CMP ? Thanks In Advance, - Chetan __ Do You Yahoo!? Find the one for you at Yahoo! Personals http://personals.yahoo.com
load-on-startup
romen, have you ever resolved the load-on-startup problem (message below)?. My server freezes all together. -rr ello, If I use the load-on-startup in web.xml under my startup servlet, orion will correctly start it up automatically. What I found strange was that when this is done I cannot shutdown orion any more by using admin.jar or ctrl-C. If I comment out the load-on-startup line, everything will be fine. I am using orion 1.5.2 + JDK 1.3.0 + W2K Has anyone encountered this? cheers romen _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Remote RMI access problem!
500 Internal Server ErrorServlet error: Unable to get home interface: java.lang.ClassCastException: areacodeHome_StatelessSessionHomeWrapper1 was not an instance of interface com.areacode.areacodeHome, the interfaces it implements is [Ljava.lang.Class;@a396d28c
SV: load-on-startup
When you set your Servlet to autostart, it will be autostarted as soon as the Web-module is started. Normally, this would be when a user makes a request to this Web-module. Is is therefore also needed to set the Web-module to autostart so that the Web-module is started when the Server is started. WR -Ursprungligt meddelande- Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]För Namor Taror Skickat: den 15 november 2001 04:12 Till: Orion-Interest Ämne: load-on-startup It seems that orion loads a servlet only when load-on-start in the web.xml is present and also the load-on-startup is set to true in the default-web-site.xml file. My understanding was that it should be sufficient to set the load-on-startup in the web.xml. Has anybody has a similar experience? -roman _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Re: Message Driven Beans
Are you new to this mailing list? No just usually deaf :) and blind... does it surprise you? There are countless postings regarding Orion MDBs. I hate it when my brain filters out this stuff... must have passed right under my nose while I wasn't interested in MDBs. Then suddenly I get interested, but can't find how to make orion dance. But this is good news, must mean MDBs do work in orion. Unless your countless postings are about MDBs not working ;) IMHO, you can't get much more bleeding edge than Orion. Check the archives... right on thanks... don't get me wrong, if other products worked as well as orion, I'd consider using them as well. Not the case though... so now I'm just trying to make sure orion has the features. Thanks, Jeff smime.p7s Description: S/MIME Cryptographic Signature
