method permisions
Hi all,
I have some difficulties setting declarative authorization for ejb methods. (I'm using
orion 1.4.1 on a win2K platform (and ejb1.1))
This is what I've done:
- I have a entity bean named Banks in a application-client named Banks
- I have a session bean named SecurityGod in a application-client named SecurityGod
- I have this bussines logic:
SecurityGodHome sgHome = getSecurityGodHome();
BanksData bd = null; // BanksData is a simple class
try
{
bd = sg.getBankByName(name);
}
catch(BankNotFoundException bnfe)
{
}
- getBankByName() is:
public BanksData getBankByName(String name) throws Exception
{
BanksHome home = this.getBanksHome();
Banks bank;
BanksData bd = null;
Collection banks;
banks = home.findByName(name);
if (!banks.isEmpty())
{
Iterator it;
it = banks.iterator();
bank = (Banks) it.next();
bd = bank.getBanksData();
}
else
{
throw new BankNotFoundException(Bank + name + does not
exists!);
}
return bd;
}
- now the descritors:
ejb-jar.xml from Banks:
assembly-descriptor
security-role
role-namesr_administrators/role-name
/security-role
security-role
role-namesr_banks/role-name
/security-role
method-permission
role-namesr_administrators/role-name
method
ejb-nameBanks/ejb-name
method-intfRemote/method-intf
method-name*/method-name
/method
/method-permission
method-permission
role-namesr_administrators/role-name
method
ejb-nameBanks/ejb-name
method-intfRemote/method-intf
method-namegetBanksData/method-name
/method
/method-permission
/assembly-descriptor
ejb-jar.xml from SecurityGod:
assembly-descriptor
security-role
role-namesr_administrators/role-name
/security-role
security-role
role-namesr_users/role-name
/security-role
method-permission
role-namesr_administrators/role-name
method
ejb-nameSecurityGod/ejb-name
method-intfRemote/method-intf
method-namecreate/method-name
/method
/method-permission
/assembly-descriptor
I log in as a admin (wich is part of security-role sr_administrators) and I cannot
access Banks method getBanksData. The output is something like this:
com.evermind.server.rmi.OrionRemoteException: admin is not allowed to call this EJB
method, check your security settings (method-permission in ejb-jar.xml and
security-role-mapping in orion-application.xml).
at Banks_EntityBeanWrapper0.getBanksData(Banks_EntityBeanWrapper0.java:1234)
at
com.coltronix.fortepay.security.SecurityGodBean.getBankByName(SecurityGodBean.java:696)
at
SecurityGod_StatelessSessionBeanWrapper11.getBankByName(SecurityGod_StatelessSessionBeanWrapper11.java:1138)
at /profile/BanksProfile.jsp._jspService(/profile/BanksProfile.jsp.java:120)
(JSP page line 138)
at com.orionserver.http.OrionHttpJspPage.service(JAX)
at com.evermind.server.http.HttpApplication.xa(JAX)
at com.evermind.server.http.JSPServlet.service(JAX)
at com.evermind.server.http.d3.so(JAX)
at com.evermind.server.http.d3.sm(JAX)
at com.evermind.server.http.ef.su(JAX)
at com.evermind.server.http.ef.dn(JAX)
at com.evermind.util.f.run(JAX)
As you can see, admin can access any method of session bean SecurityGod ( sg.create()
and sg.getBankByName).
Also, admin can acces Banks remote method .create() but admin cannot access Banks
method getBanksData
Why is this happening? Why admin cannot acces a Home interface method?
Something is strage: how can admin acces SecutityGod's home method getBankByName() if
in the descriptor only create() remote method is declared?
Another thing: initially, my descriptors looked something like this:
assembly-descriptor
security-role
role-namesr_administrators/role-name
/security-role
security-role
role-namesr_banks/role-name
/security-role
method-permission
role-namesr_administrators/role-name
method
ejb-nameBanks/ejb-name
method-name*/method-name
/method
/method-permission
REMOVE
SV: Remove
Hi all,
We will soon update the software that is running this list.
At that time we will make sure to include a footer with useful links as well
as subscribe/unsubscribe information.
For now, use the link that Scott gave below and be sure to state the same
email address as you used to subscribe when you try to unsubscribe.
WR
Magnus Rydin
-Ursprungligt meddelande-
Fran: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]For Scott Farquhar
Skickat: den 18 januari 2002 01:45
Till: Orion-Interest
Amne: Re: Remove
Just for everyone's benefit - remove does not work.
Please go to
http://www.orionserver.com/subscribe.html
to unsubscribe from this mailing list.
I have suggested to the Orion guys that they put a sig on every email
suggesting this.
Cheers,
Scott
--
Scott Farquhar :: [EMAIL PROTECTED]
Atlassian :: http://www.atlassian.com
Supporting YOUR J2EE World
Tasso wrote:
- Original Message -
From: Rob Worley [EMAIL PROTECTED]
To: Orion-Interest [EMAIL PROTECTED]
Sent: Thursday, January 17, 2002 7:29 AM
Subject: remove
remove
-Original Message-
From: JoseMa [mailto:[EMAIL PROTECTED]]
Sent: 17 January 2002 08:30
To: Orion-Interest
Subject: Re: Lookup EJB's in another application
Hi Patrik,
I had the same problem and I look for some information about how to
resolv this problem. Although the aplications are in the same server the
connection become as if they was in differents servers. I used the
RMIContextFactory with the next code:
Context context = null;
Hashtable env = new Hashtable();
env.put(java.naming.factory.initial,com.evermind.server.rmi.RMI
InitialCon
textFactory);
env.put(java.naming.provider.url, ormi://localhost:rmi
port/application name);
try
{
context = new InitialContext (env);
context.lookup(EjbName);
}
catch (Exception e) {
System.out.println(Conection error);
}
If you don't change the values of rmi.xml in the Orion config you don't
need
specify the rmi port. The applicacion name is the name that appear in
server.xml and identify the application. Is possible that you need
especify
a username and password for connect to applicacion, I don't need it. For
specify these parametrers you need to put the next:
env.put(Context.SECURITY_PRINCIPAL, admin);
env.put(Context.SECURITY_CREDENTIALS, password);
I hope that this information can help you.
Best regards,
- Original Message -
From: Patrik Strid [EMAIL PROTECTED]
To: Orion-Interest [EMAIL PROTECTED]
Sent: Thursday, January 17, 2002 12:47 AM
Subject: Lookup EJB's in another application
Hi,
If you have two applications in the same orion
container. One application with web components and
another with just EJB's. From the application with web
components, I want to lookup an EJB that is deployed
in the other application - is that possible via the
InitialContext or do I have to call it via an URL and
getting the extra RMI call?
I can get it to work using a provider URL to the other
application, but using the InitialContext, the local
context - it cannot find the bean, or more correct,
the JNDI name could not be found.
Any help is appreciated !
Thanks,
Patrik
__
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/
Naming Exception
I have created a new TestWebApp same as the default-web-app which comes with the application server for my application. I have done it by a) Creating TestWebApp-website.xml and dropping it to config directory. b) Added entry in application.xml and server.xml. My Directory structure goes like this. Myapp --myapp-ejb/classes --myapp-ejb/meta-inf/ejb/ejb-jar.xml --myapp-web/web-inf/classes --myapp-web/*.jsp,*.html --myapp-web/web.xml --meta-inf/application.xml Since my new webapp needs an web.xml, i have given --myapp- web/web.xml for it. The problem comes when i access the ejb through Jsp. I am getting the following exception. javax.naming.NamingException: Error instantiating web-app JNDI-context: No location specified and no suitable instance of the type 'com.acme.bmpapp.Template' found for the ejb-ref ejb/Template Thanking you Ram
RE: Multiply datasources for one application??
Hi, I've just subscribed to this mailing list so sorry if this message is sent out of sync. I was stuck on the earlier point made. I've specified my own orion-application.xml to point to a specified data-sources.xml, however when deploying the ear orion does not seem to be able to find it. I've put both file in the METAFILE folder of the ear. My orion-application.xml looks as follows: orion-application deployment-version=1.5.2 web-module id=nokia-web path=nokia-web.war / persistence path=persistence / library path=lib / log file path=application.log / /log data-sources path=data-sources.xml / /orion-application Thanks, Guy. - RE: Multiply datasources for one application?? * From: The elephantwalker * Subject: RE: Multiply datasources for one application?? * Date: Tue, 15 Jan 2002 16:08:40 -0800 Mike, You can use different data-sources by using a different location name for each data-source. You need to make sure that each data-source within your data-sources file has a distinct location name. You apps can use different data-sources.xml by including the data-sources.xml path in your orion-application.xml of your ear. This way you can have more than one ear, each with its own data-sources.xml. Regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, January 15, 2002 10:57 AM To: Orion-Interest Subject: Multiply datasources for one application?? Hi everyone, if there is anyone that can give me a hand I would really appreciate it. My Problem is that I have an application developed using orion and I works great but we are trying to set up multiply test environments using different database instances. My questions is can you set up one application with multiply datasources and if so how do you go about setting it up. We tried to set it up with different datasource declarations in one datasource but it always reads the last datasource declaration into the driver manager. Please help if you can, Thanks. Mike
remove
SOAP problem with Orion
I was installing SOAP on my Orion 1.5.2 server but get a ClassNotFoundException javax.servlet.http.HttpServlet when I try to run anything from the SOAP admin tool. I've followed the HOWTO from Atlassian for installing and as far as I can tell Orion can find soap.jar. My other applications run fine so I'm guessing that it is something with SOAP's jsp's or a class that or tag that I'm missing. Thanks for the help. Jonathan Bricker Lilly Research Labs Java ATG
Castor JDO + Orion
Hello , Does anybody configured Castor JDO and Oriontogether ? I would like to find way how to configure CastorsDatabaseobject as a datasource. Could You suggest me the best way ? Thank Youin advance. Roman.
Transaction Isolation levels with orion and oracle ... no go
Hi All Just a follow up on my question about using two instances of orion and handeling distributed transactions. Scenario: A customer account object holds the balance for the customer and is a Container Managed Persistance Entity Bean. Customer accesses server 1 and loads customer account with balance = 10 Admin staff accesses server 2 and loads customer account with balance = 10 Customer buys 1 unit and balance is now 9. Admin staff passes a journal correction (ie add 1) and balance is now 11. A check on the database after this seqeunce and yup balance = 11. I have tested orion with the transaction isolation level =serializable which is the only other level that Oracle supports and this occurs. Is this an orion limitation or is there some setting/some way of getting around this ? Any help/input would be greatly appreciated. The only way around this serious problem I can think of is a complete re-write of EJBs to used Container managed persistance and manually control isolation with a version attribute (painful). Regards, Manuel
RE: Remove
thanks.
Gene Fermindoza
Computer Associates
Programmer, Global Information Systems
tel: +1 410 715-7137
fax: +1 410 992-7140
pager: +1 888 BEEP CAI
[EMAIL PROTECTED]
-Original Message-
From: Scott Farquhar [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, January 17, 2002 7:45 PM
To: Orion-Interest
Subject: Re: Remove
Just for everyone's benefit - remove does not work.
Please go to
http://www.orionserver.com/subscribe.html
to unsubscribe from this mailing list.
I have suggested to the Orion guys that they put a sig on every email
suggesting this.
Cheers,
Scott
--
Scott Farquhar :: [EMAIL PROTECTED]
Atlassian :: http://www.atlassian.com
Supporting YOUR J2EE World
Tasso wrote:
- Original Message -
From: Rob Worley [EMAIL PROTECTED]
To: Orion-Interest [EMAIL PROTECTED]
Sent: Thursday, January 17, 2002 7:29 AM
Subject: remove
remove
-Original Message-
From: JoseMa [mailto:[EMAIL PROTECTED]]
Sent: 17 January 2002 08:30
To: Orion-Interest
Subject: Re: Lookup EJB's in another application
Hi Patrik,
I had the same problem and I look for some information about how to
resolv this problem. Although the aplications are in the same server the
connection become as if they was in differents servers. I used the
RMIContextFactory with the next code:
Context context = null;
Hashtable env = new Hashtable();
env.put(java.naming.factory.initial,com.evermind.server.rmi.RMIInitialCon
textFactory);
env.put(java.naming.provider.url, ormi://localhost:rmi
port/application name);
try
{
context = new InitialContext (env);
context.lookup(EjbName);
}
catch (Exception e) {
System.out.println(Conection error);
}
If you don't change the values of rmi.xml in the Orion config you don't
need
specify the rmi port. The applicacion name is the name that appear in
server.xml and identify the application. Is possible that you need
especify
a username and password for connect to applicacion, I don't need it. For
specify these parametrers you need to put the next:
env.put(Context.SECURITY_PRINCIPAL, admin);
env.put(Context.SECURITY_CREDENTIALS, password);
I hope that this information can help you.
Best regards,
- Original Message -
From: Patrik Strid [EMAIL PROTECTED]
To: Orion-Interest [EMAIL PROTECTED]
Sent: Thursday, January 17, 2002 12:47 AM
Subject: Lookup EJB's in another application
Hi,
If you have two applications in the same orion
container. One application with web components and
another with just EJB's. From the application with web
components, I want to lookup an EJB that is deployed
in the other application - is that possible via the
InitialContext or do I have to call it via an URL and
getting the extra RMI call?
I can get it to work using a provider URL to the other
application, but using the InitialContext, the local
context - it cannot find the bean, or more correct,
the JNDI name could not be found.
Any help is appreciated !
Thanks,
Patrik
__
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/
remove
findall()?
i experienced some strange behaviour with finder methods: i made an entity bean with a findByField(intfield) method and a findAll() method. i then deployed it to sqlserver 2000 then i started the sql profiler so i could see what sql was thrown at the database. when i call the findByField method it generates a single sql statement with a where clause as expected, but when i call the findAll() method i generated one select statement for each row in the table. in the orion-ejb-jar.xml the finders look excactly alike except that the query attribute of findAll() is empty. how come it doesn't make one sql statement when i call findAll()? sincerely morten wilken
JSP, Frames and Browser reload
Hi, I have a top.jsp with: frameset rows=90, * BORDER=0 frame SRC=%= response.encodeURL(menu.jsp) % id=menu border=0 frameborder=0 framespacing=0 noresize scrolling=no name=menu frame SRC=%= response.encodeURL(main.jsp) % border=0 frameborder=0 framespacing=0 noresize id=main name=main noframes/noframes /frameset Inside main.jsp, there is a link to miapp.jsp, so I can go to it. The problem is that when I reload the browser (F5), instead of loading miapp.jsp, it loads main.jsp. This situation happens in IE 5, but in NS 6 no. Does someone know how to solve it? Is it a browser configuration? Thank you very much, Andres.
RE: Transaction Isolation levels with orion and oracle ... no go
Hi This may be what you might try. I believe your problem is due to STALE data in one of the clients. This is a problem for all apps, unless you lock rows on read, which is a bad idea. The way to solve it (Just one of many), is like this: - Ensure all your tables have a last_modified date type field (Version number field works to). - Ensure that all clients always load the last_modified date along with the displayed data, and sends it back with the request. (Assuming web app, but it translate to other types of clients) - In your session bean (or whereever you have coded the updates to the entity), have it check the entity beans last_modified date with the one stored in the client, if not the same, data has been modified out from under you, handle this whatever way you like. Hope thats clear. Bye. -Original Message- From: Manuel De Jesus [mailto:[EMAIL PROTECTED]] Sent: Friday, January 18, 2002 8:32 AM To: Orion-Interest Subject: Transaction Isolation levels with orion and oracle ... no go Hi All Just a follow up on my question about using two instances of orion and handeling distributed transactions. Scenario: A customer account object holds the balance for the customer and is a Container Managed Persistance Entity Bean. Customer accesses server 1 and loads customer account with balance = 10 Admin staff accesses server 2 and loads customer account with balance = 10 Customer buys 1 unit and balance is now 9. Admin staff passes a journal correction (ie add 1) and balance is now 11. A check on the database after this seqeunce and yup balance = 11. I have tested orion with the transaction isolation level =serializable which is the only other level that Oracle supports and this occurs. Is this an orion limitation or is there some setting/some way of getting around this ? Any help/input would be greatly appreciated. The only way around this serious problem I can think of is a complete re-write of EJBs to used Container managed persistance and manually control isolation with a version attribute (painful). Regards, Manuel ** THIS MESSAGE IS INTENDED ONLY FOR THE ADDRESSEE, IT MAY CONTAIN PRIVILEGED OR CONFIDENTIAL INFORMATION. ANY UNAUTHORISED DISCLOSURE IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE NOTIFY US IMMEDIATELY SO THAT WE MAY CORRECT OUR INTERNAL RECORDS. PLEASE THEN DELETE THE ORIGINAL EMAIL. THANK YOU **
persistent connections
does anyone know how to set persistent connection timeout time and # transactions per conn in orion. I am trying to use 1.1 persistant connections, but they seem to close. thanx Mike -- ## Michael Weissman e-mail: [EMAIL PROTECTED] Clarent Corporation 303-734-5003 Fax 303-734-4244 1221 W. Mineral Ave. Littleton, Co 80120 In the land of the dark, the ship of the sun is drawn by the grateful dead -- Egyptian Book of the Dead ##
How does Orion load the classes?
Here is the situation (using orion 1.52, windows 2000 OS, jdk1.3.1) I have a jar file, say my.jar which is not part of the ear or war file and it need to be added to the classpath. I tried this: 1. added in application.xml: library path=../lib;c:\tmp\my.jar / 2. and launch the server with java -jar orion.jar This does not work. When a servlet is called, it complains that the memeber name of a class include thing like 0e That is correct, because some class in my.jar is obfuscuted and has a field name like _fld0e. However, if I use the following to launch the server (without the previous step 1) java -cp c:/tmp/my.jar;orion.jar com.evermind.server.ApplicationServer EVERYTHING WORKS! My question is, what is the difference between these two approaches? _fld0e is a totally legal name, is it? Thanks. _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com
FW: Integrating LOG4J into Orion...
One more time, the last one did not show up -Original Message- From: Alex Paransky [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 17, 2002 11:09 AM To: Orion-Interest Subject: Integrating LOG4J into Orion... I have a full EJB/JSP application running with Orion. Is there a preferred method of initializing LOG4J in this situation? Looking at the LOG4J documentation, they mention using a startup servlet to do the initialization. I am concerned as to how this would work with the CLASSLOADER hierarchy. If I initialize my LOG4J at the servlet (WEB) layer, will the EJB's be able to see the initialized LOG4J or will they attempt to re-initialize due to the different classloader? Thanks. -AP_
Re: How does Orion load the classes?
Bill, Try reading: http://kb.atlassian.com/content/atlassian/howto/classloaders.jsp And see if it answers your question. (Using -cp is a baaad idea in general ;)) Another thing to do would be to try it without obfuscation and see if that works first (to see if obfuscation is the cause) Cheers, Mike Mike Cannon-Brookes [EMAIL PROTECTED] Atlassian :: www.atlassian.com Supporting YOUR world On 18/1/02 7:58 PM, Bill Hen ([EMAIL PROTECTED]) penned the words: Here is the situation (using orion 1.52, windows 2000 OS, jdk1.3.1) I have a jar file, say my.jar which is not part of the ear or war file and it need to be added to the classpath. I tried this: 1. added in application.xml: library path=../lib;c:\tmp\my.jar / 2. and launch the server with java -jar orion.jar This does not work. When a servlet is called, it complains that the memeber name of a class include thing like 0e That is correct, because some class in my.jar is obfuscuted and has a field name like _fld0e. However, if I use the following to launch the server (without the previous step 1) java -cp c:/tmp/my.jar;orion.jar com.evermind.server.ApplicationServer EVERYTHING WORKS! My question is, what is the difference between these two approaches? _fld0e is a totally legal name, is it? Thanks. _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com
