Re: Forwarding *.jsp from Apache to Orion

[Daniel López]

Hi Manish,

What we do in Apache, is a combination of mod_rewrite and mod_proxy, as
the latter is just able to proxy "directories" on its own.
Something like that:

...
RewriteEngine on
RewriteRule ^(.*)\.jsp$ /proxy_orion_server/$1.jsp [P]
...
ProxyRequests On
ProxyPass/proxy_orion_server/ http://www.orion.host:8080/
ProxyPassReverse /proxy_orion_server/ http://www.orion.host:8080/
...

I hope it helps,
D.

"Manish M. Shah" wrote:
> 
> Hi guys,
> 
> We have to use Apache as our web server and Orion as the application
> server. As a result, I need to forward all *.jsp files from Apache to
> Orion. I know about the proxy setup in Apache. I also know about
> forwarding *.html/*.jpg/etc files from Orion to Apache, but we need to
> forward from Apache to Orion. Has anyone had any luck or success with
> that?
> 
> Thanks.
> 
> Manish

Re: [announce] Log4J Appender for Orion's application.log

[Daniel López]

Hi Curt,

I agree with you, and that's why long ago we developed our own logging 
library, which rolls log files, logs to DB and can be configured "per 
web application". Now we are looking to migrating to Log4J, even though 
we still have to check if it will be worthwhile for us.
I had a look at the new logging classes that are being included now in 
the JDK1.4, and it seems the tendence is to centralise everything, which 
I don't like. I understand though, that for maintenance reasons it might 
look very attractive. In our case, log configuration files are always 
located in the same place "/WEB-INF" and follow the same name pattern 
"*.logger.conf". We then redirect all the log files to the same 
directory, which is outside the deployed application directory, and you 
can have all the log files in one place while you know where everything 
is configured. Easy to find information, easy to mantain and, as 
configuration changes are detected in runtime, pretty useful.
D.
PD: I would also add that IMHO, web app security in the J2EE spec is 
very poorly defined, as specifying mappings in static files and letting 
containers implement role-users mappings makes applications rigid and 
non-portable. But that's another story ;).

Curt Smith wrote:

> 
> 
> Geoff Soutter wrote
> 
>>
>>
>> I've hacked up an Orion Appender to allow you to log to the
>> application.log file, via the Logger instance that Orion installs at
>> java:comp/Logger. Here it is in all it's glory, use it however you wish.
>>
>> Cheers
>>
>> Geoff
>>
>> PS, did anyone figure out if it's possible to get orion to roll it's log
>> files when they get too big? ;-)
>>
> How about Orion logs to a log4j output device instead of apps logging to 
> Orion's log
> files?   Or did I miss understand this functionality??
> 
> Personally I feel the new log4j 1.3 features that make it easier for 
> each application
> to have it's xml config file in the .war / .ear so that apps can have 
> their own (separate)
> log files from each other to be a very useful choice.
> 
> My view of the problem of deploying and supporting a j2ee app is the few 
> features j2ee
> put in the spec (a big zero) to allow debugging and logging of app, 
> feature, bean operations.
> I feel we need to drill on the debugging problem until we have a 
> facility that supports
> logging based on session ID, so that we can follow a particular user's 
> actions and
> failures across a cluster and set of services.
> 
> To me, moving to one log file for the universe is the wrong direction? 
> Any opinions?
> 
> curt

Re: how to allow certain IPs to access my directory

[Daniel López]

Hi Takeo,
Wehn we came across this issue, we wrote our own servlet filter as IP 
based security is not defined in the JDK spec and then, even if you fin 
a solution like the one you ask, it will be orion-specific and 
non-portable. On the other hand, if you write your filter carefully, you 
can have a pretty flexible tool to do what you want (In our case we 
define the IP/Hostname masks through an XML document that can be loaded 
through the network, filesystem...).
regards,
D.

Takeo Kameda wrote:

> Hi All.  This is my first post.
> I would like to allow only certain IPs to access some of my site.  I know
> that
> can be done in orion-web.xml using "access-mask/ip-access", but I believe
> it can only be applied to the whole application.  What I want to do is to
> block
> IPs only to a certain directory.  Is there any easy way to do that, like
> using
> .htaccess for apache?  or, do I have to write my own servlet filter for
> that?
> thanks in advance.

Re: hot redeployment - how to preserve session state?

[Daniel López]

Hi Peter,
We use hot-deployment in production, to be able to update the 
application without losing all the sessions. But you have to configure 
Orion explicitly to keep the session state, as it is disabled by 
default. On the other hand, we also us it during development, but if you 
update the ear file very often, you usually ends up complaining with an 
OutOfMemoryException or some sort of decompression problems. So it is 
not very stable when used very often in a short period of time. That's 
why we try no to hot-deploy the ears in production very often, as it 
might cause a kaa-boum.
I hope it helps,
D.

Peter Beck wrote:

> I tried to use the hot-deploy just for development to not always have to 
> restart Orion and log in.
> To only have to restart the server when classes change which are stored 
> in the session would be better than on every little change during bug 
> fixing...
> 
> On this list I read about people using this, and the problem they were 
> talking about most of the time was that classes have to be serializable...
> Now I tried that with a few objects in the session, and all of them were 
> lost after touching application.xml.
> 
> Peter
> 
> Aaron Tavistock wrote:
> 
>> I'm not currently doing hot-deploy, but I've always wonder how it could
>> posibly work given that a serialized class might have the underlying base
>> class changed during hot-deploy (e.g. the classic 'run instance' is
>> different than a 'new instance' problem that java throws a
>> ClassCastException from).  Its also theoretically problematic (I'm not 
>> sure
>> if instanceof or reflection will work properly).
>>
>> Since this is a very low-level issue (e.g. Java simply doesn't have the
>> facilities to really handle this), how does hot-deply work?  The only
>> reliable strategy would appear to be to preserver primatives (since they
>> don't change), maybe preserve 'well-defined' objects (java.util.* is
>> unlikely to change), and discard all the rest.
>>
>> Any thoughts?
>> AT
>>
>> -Original Message-
>> From: Peter Beck [mailto:[EMAIL PROTECTED]]
>> Sent: Tuesday, January 29, 2002 7:41 AM
>> To: Orion-Interest
>> Subject: hot redeployment - how to preserve session state?
>>
>>
>> After a forced redeployment of an application on Orion 1.5.3 by 
>> touching application.xml
>> my session state seemst to be completely lost.
>>
>> I have set development=true in my global-web-application.xml, and the 
>> switch is present in the orion-web.xml in the application- deployment 
>> directory.
>> The variables I try to serialize implement the Serializable interface. 
>> Some of them are simple JavaBeans, others just Strings.
>>
>> For testing I use a JSP which prints the variables in the session. 
>> Before the redeployment everything is there.
>> and when a user is logged in, request.getRemoteUser() gives me the 
>> correct user name.
>> After the redeployment session.toString() still gives me the same ID 
>> as before, but all variables in the session are gone.
>> Even request.getRemoteUser() == null.
>>
>> What am I missing?
>>
>> Peter

Re: hot redeployment - how to preserve session state?

[Daniel López]

Hi Aaron,

We preserve session state through hot and cold deploys with no problem, 
unless you explicitly change the objects involved in keeping the session 
state, or any object that is stored in the context. However, it is not 
impossible to modify these objects while preserving your state, as long 
as you know how to handle serialisation issues. If you are careful with 
the classes you put in sessions and the context ( make them serializable 
and take into account the possible evolution of classes ) then you will 
minimize your problems.
Have a look at the "Object Serialization" part of the Java SDK 
Documentation to learn more about that.

BTW: The attribute to get persistence to work in Orion is not 
development=true but persistence-path="../temp/persistence.ser". So your 
  global-web-application.xml should look something like...

...

I hope it helps,
D.

Aaron Tavistock wrote:

> I'm not currently doing hot-deploy, but I've always wonder how it could
> posibly work given that a serialized class might have the underlying base
> class changed during hot-deploy (e.g. the classic 'run instance' is
> different than a 'new instance' problem that java throws a
> ClassCastException from).  Its also theoretically problematic (I'm not sure
> if instanceof or reflection will work properly).
> 
> Since this is a very low-level issue (e.g. Java simply doesn't have the
> facilities to really handle this), how does hot-deply work?  The only
> reliable strategy would appear to be to preserver primatives (since they
> don't change), maybe preserve 'well-defined' objects (java.util.* is
> unlikely to change), and discard all the rest.
> 
> Any thoughts? 
> 
> AT
> 
> -Original Message-
> From: Peter Beck [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, January 29, 2002 7:41 AM
> To: Orion-Interest
> Subject: hot redeployment - how to preserve session state?
> 
> 
> After a forced redeployment of an application on Orion 1.5.3 by touching 
> application.xml
> my session state seemst to be completely lost.
> 
> I have set development=true in my global-web-application.xml, and the 
> switch is present in the orion-web.xml in the application- deployment 
> directory.
> The variables I try to serialize implement the Serializable interface. 
> Some of them are simple JavaBeans, others just Strings.
> 
> For testing I use a JSP which prints the variables in the session. 
> Before the redeployment everything is there.
> and when a user is logged in, request.getRemoteUser() gives me the 
> correct user name.
> After the redeployment session.toString() still gives me the same ID as 
> before, but all variables in the session are gone.
> Even request.getRemoteUser() == null.
> 
> What am I missing?
> 
> Peter

Re: JSP, Frames and Browser reload

[Daniel López]

Hi,

AFAIK, it depends on the browser. When you have frames and hit reload, 
some browsers refresh the original set of frames and some refresh the 
current state of the frames. I can't say that one of the options is bad, 
as both of them can be interpreted as "reloading the page". Sometimes 
one option can be useful, sometimes the other. But I think there's not 
much that we can do from the server side, unless you get into storing 
the clients' state in a session value and redirect to the appropriate 
page when you "think" you detected a problem like the one you mentioned. 
   You'll have to evaluate if this is such a big problem that you have 
to invest the effort to control the clients' state.
regards,
D.

Juan Andres Chau Li wrote:

> Hi,
> I have a top.jsp with:
> 
> 
> 
> " id="menu" border="0"
> frameborder="0" framespacing="0" noresize scrolling="no" name="menu">
> 
> " border=0 frameborder=0
> framespacing=0 noresize id="main" name="main">
> 
> 
> 
> 
> 
> Inside main.jsp, there is a link to miapp.jsp, so I can go to it.
> 
> The problem is that when I reload the browser (F5), instead of loading
> miapp.jsp, it loads main.jsp.
> 
> This situation happens in IE 5, but in NS 6 no.
> 
> Does someone know how to solve it? Is it a browser configuration?
> 
> Thank you very much,
> Andres.

Re: Orion & JSDK2.3

[Daniel López]

Hi,

Thanks, I stand corrected, as I did not try witht the last release of 
Orion and I didn't remember reading this IMHO important fact anywhere. 
But it could be me not paying attention, so... ;). Anyway, how about the 
classloader issue? Is that solved in 1.5.3 as well? I remember trying to 
install cocoon 2 on Orion1.5.3 just some days ago and I had to hack the 
XML parser in Orion lib directory, which shouldn't be necessary if 
WEB-INF/lib took precedence.
Thanks for the info,
D.


The elephantwalker wrote:

> 1.5.3 uses the jsdk2.3 spec, not the pfd 2, which was in 1.5.2. You can
> check this by looking in the orion.jar distribution in 1.5.3, and see that
> the filter interface in javax.servlet.Filter uses the proper methods jsdk2.3
> methods for Filter, destroy(), doFilter() and init().
> 
> The old pdf 2 spec had the methods doFilter(), setFilterConfig() and
> getFilterConfig(), which is what you find in the 1.5.2 distribution.
> 
> Regards,
> 
> the elephantwalker
> www.elephantwalker.com
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Daniel Lopez
> Sent: Monday, January 14, 2002 8:25 AM
> To: Orion-Interest
> Subject: Orion & JSDK2.3
> 
> 
> Hi,
> There are two things that are quite annoying in the current version of Orion
> and that have been defined/changed  in the final JSDK2.3 spec. First one is
> that the name of the methods defined in the servlet filters are now
> diferent, thus pure JSDK2.3 filters don't work in Orion. Second one is that
> classloader order/precedence has been more clearly specified and it is not
> necessary to hack XML parsers, for example anymore. Any news about when is
> the JSDK2.3 final spec going to be implemented in Orion? Does the OC4J
> version already implement it?
> I have some customers who are considering going to Resin, just for those
> very reasons, and I can't find any sound proof to confront their reasoning,
> as we are ourselves considering migrating to other containers. Even Tomcat 4
> implements now a more current spec than Orion!
> From the outside, nobody would say that Orion keeps going on, but just OC4J.
> 
> regards,
> D

Re: Apache/SSL or Stronghold as Orion Frontend

[Daniel López]

Hi David,

We do have a mod_ssl enabled apache in front of our several orion 
instances and we've had no problems so far. It could be that we have 
them in the same host, even though they have been for a while in 
different hosts with no problems at all. Or that we don't specify the 
 portion, as we've had no problems with firewalls or load 
balancers, and we can forward requests inside our code (I'm pretty sure, 
as we use a Controller Servlet who forwards lots of requests).
good luck,
D.


David Kenzik wrote:

> Is it possible to successfully have Stronghold (ssl) proxy requests to a
> non-ssl Orion on the backend?
> 
> I can proxy all day long http --> http, but it seems that Orion has no
> mechanism in the  portion to say "the protocol is https, not http
> when you need to do a redirect". If I say "port=443" it tries to use http on
> port 443. This is bad and breaks things.
> 
> The Stronghold side is trivial with mod_rewrite or mod_proxy, it's just that
> Orion is failing to use the right protocol when doing redirects, be them
> internal (to make /foo turn into /foo/) or be it within a Java program.
> 
> ASCII for those who like visuals:
> 
> [https://ssl.server/foo] --(rewrite)--> [http://private.orion/foo]
> 
> Is this possible without setting Orion up with ssl support?
> 
> Help.

Re: How do you shut down orion after it's initialized

[Daniel López]

Hi James,

Is 8080 your HTTP port, specified in your x-web-site.xml descriptor, or 
is it the RMI port described in the rmi.xml one? It HAS to be the RMI 
one, as you admin.jar connects through RMI to tell the orion server to 
stop, so you cannot do it through the port HTTP is used for.
regards,
D.


James Beeson wrote:

> This is what I get when I start Orion:
> 
> C:\orion>java -jar orion.jar
> Warning: Error reading transaction-log file
> (/C:/orion/persistence/transaction.state) for recovery: premature end of
> file
> Forced or abrubt (crash etc) server shutdown detected, starting recovery
> process
> ...
> Recovery completed, 0 connections committed and 0 rolled back...
> Orion/1.5.2 initialized
> 
> I immediately opened a new DOS window and did this:
> 
> C:\WINDOWS\Profiles\James\Desktop>cd c:\orion
> 
> C:\orion>java -jar admin.jar ormi://localhost:8080 admin pswd -shutdown
> Error: javax.naming.NamingException: Lookup error: java.io.EOFException:
> Disconnected; nested exception is:
>java.io.EOFException: Disconnected
> 
> C:\orion>
> 
> 
> 
> 
> From: "Setlur, Atul (MED)" <[EMAIL PROTECTED]>
> Reply-To: Orion-Interest <[EMAIL PROTECTED]>
> To: Orion-Interest <[EMAIL PROTECTED]>
> Subject: RE: How do you shut down orion after it's initialized
> Date: Tue, 18 Dec 2001 11:16:11 -0600
> 
> Are you sure you are running this from the directory where orion is
> installed. Verify admin.jar is in the directory that you are running
> this script. Alternatively, "cd" to the orion directory and run it from
> there.
> 
> -Atul
> 
> -Original Message-
> From: James Beeson [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 18, 2001 9:41 AM
> To: Orion-Interest
> Subject: Re: How do you shut down orion after it's initialized
> 
> 
> 
> I did not have the admin user deactivated (althought that was a good
> tip-
> thanks!)
> 
> When I use the command:
> 
> java -jar admin.jar ormi://localhost:8080/ admin pswd -shutdown
> 
> I get:
> 
> Exception in thread "main" java.util.zip.ZipException: The system cannot
> 
> find the file specified
> at java.util.zip.ZipFile.open(Native Method)
> at java.util.zip.ZipFile.(Unknown Source)
> at java.util.jar.JarFile.(Unknown Source)
> at java.util.jar.JarFile.(Unknown Source)
> 
> And then Orion is left running. Could that be related to the error it
> prints
> out when Orion starts (here it is):
> 
> Warning: Error reading transaction-log file
> (/C:/orion/persistence/transaction.state) for recovery: premature end of
> 
> file Forced or abrubt (crash etc) server shutdown detected, starting
> recovery process
> ...
> Recovery completed, 0 connections committed and 0 rolled back...
> Orion/1.5.2 initialized
> 
> But then the app runs fine. I currently don't have a transaction.state
> file.
> 
> Why won't it let me shut down Orion?
> Thanks

Standalone applications

[Daniel López]

Hi,

In the System.exit(1) thread, I've read that some people was using some 
auto-executable files to start up some standalone applications, but I 
haven't been able to find some clear documentation about it. I've tried 
with the Sun J2EE tutorials and the J2EE spec but it does not get to the 
details. Is there any place where I can get more specific documentation? 
And Orion specific documentation?
My problem is that I can move my web applications from one host to 
another very easily, but I have to modify each time the standalone 
application startup scripts, so I was wondering if there was a standard 
way to miminize it. I guess you have to use the  tag in the 
application.xml descriptor... but how do you execute the application, 
where do you specify properties like the classpath, -D properties...
Thanks in advance,
D.

Re: Announcement of new doc

[Daniel López]

Hi Curt,

I don't know if it will help you, but we deploy multiple web components 
inside and orion instance using different .ear. But I guess that if they 
all had to be inside the same .ear, things wouldn't be that different.
What we do is:
in file server.xml, we first define the applications and their origin
...

  




in file web-site.xml (what by default is default-web-site.xml), we 
define the mappings to the applications:
...

 


...
And that's pretty much all. Having different .ear for different modules, 
allows us to update each module independently. And we have an orion 
instance for every two-three modules, so they are even more independent 
in case we have to stop an instance (if the DB goes down, for example).
Supposedly, if you want the different modules inside the .ear file, you 
would just define the different web modules (.war files) and their 
mappings inside the application.xml descriptor, and then define one 
application in orion. Orion should then extract the information from the 
descriptor and define the mappings apropriately, or at least that's what 
I would expect. I haven't verified that, though.
Good luck,
D.



Curt Smith wrote:

>>> My 2 cents worth is this is the order of importance of documentation 
>>> that is
>>> needed right now to do REAL professional deployments and developments 
>>> with Orion/OC4J
>>>
>>>
>>> 1) Orion specific deployment settings explained
>>> these are not really explained anywhere right now.
> 
> My configuration challeng that I haven't figured out is; how to support 
> multiple
> web components.
> 
> I'm prefering the expanded tree deployment where I'd have multiple
> web/WEB-INF/web.xml  trees.   All need to be in the same restricted
> single-signon scope.  I.E.
> 
> root/web1/WEB-INF/web.xml
>  /web2/WEB-INF/web.xml
> 
> 
> 
> The confusion between default-web-site.xml, orion-web.xml, 
> application-name, name
> ...  :-/
> 
> Anybody have configuration to share of multiple .ear in one application 
> or multiple
> web directories??
> 
> Thanks and have a great TG holidays,
> 
> curt

Re: Various levels of security, how do you do it?

[Daniel López]

Hi Alex,

AFAIK, the only things you have when using JSDK specified security are
those you mention: Defining roles in web.xml and using isUserInRole()
inside your code. We thought it could have done better and we pointed
out the shortcomings, like your second option, to the spec guys. They
answered that that was right, but as pretty much nobody was complaining
about it, they assumed it was a feature that was not required. So we
ended up implementing our own security architecture that handles this
kind of things nicely.
Our system allows you to specify the security requirements per-request,
so you can specify a different domain depending on the parameters (like
which object the operation is going to be performed upon) and the
environment (like which user is authenticated). These settings are
specified through interfaces and abstract classes, so it wouldn't be too
hard to create a specificacion using them. There are some other
shortcomings that forced us to implement our own solution, but I won't
get into detail.
Sorry about the long answer, the short one that I was told by the spec
guys was "no, that's everything that you have".
regards,
D


Alex Paransky wrote:
> 
> We are in a process of developing an application, and are looking for ways
> to implement security, we have the following requirements:
> 
> 1. There are operations that certain members cannot perform in general
> 2. There are operations that certain members cannot perform relative to an
> object (owner vs non-owner)
> 
> What are some of the mechanims that you are using to deal with these
> problems.  I assume, in the first case you can use deployment descriptor.
> Also isInRole query can be made to determine if particular option should be
> shown to the user during the .JSP processing.
> 
> The second option is a bit more difficult to implement, since a particular
> user can be an owner of some objects but not others.  How can this
> requirement be implemented?
> 
> Thanks.
> -AP_

Re: Monitoring web apps

[Daniel López]

Hi Eddie,

Here it goes:

.- Environment -> An apache web server configured with mod_proxy and
SSI, running in port 80. Several orion instances with applications
running in other ports.
.- in httpd.conf ->
...

ProxyVia On
# Proxy configuration for the different applications

# Application X
ProxyPass /nameX http://hostx.com:portX/nameX
ProxyPassReverse /nameX http://hostx.com:portX/nameX

# Application Y
ProxyPass /nameY http://hostx.com:portY/nameY
ProxyPassReverse /nameY http://hostx.com:portY/nameY

# Error configuration for the "Cannot establish connection case"
ErrorDocument 502 /SSIErrorHandler.shtml

...
.- Then the SSIErrorHandler.shtml looks like ->





...















And that's pretty much all. Just some catches:
.- In the Error pages, ALL the links have to be absolute and start with
a different name than the proxied path. Otherwise you get an infinite
loop between the proxied page and the error page. So make sure that
nameX and localApacheDirX are ALWAYS different and that all links in
localApacheDirX/index.html start with /localApacheDirX or http://.
.- If inside the applications you want to get the real remote IP instead
of the proxy one, then you can use, for example, the mod_proxy patch
written by Bjoern Hansen which includes the original IP in an http
header (X-Forwarded-For). We used it because we needed to implement IP
based security restrictions, which are not defined in the JSDK spec. We
also used this IP based security restrictions to prevent acces to the
applications by-passing the proxy, which is very important with SSL
protected applications.
.- It also works with ssl.
.- To improve performance, you can also use the apache proxy as
proxy-cache, to get the static content faster, but then be careful not
to allow it to cache the dynamic pages you don't want to be cached. And
make sure you have enough disk space ;).
.- We haven't specified and ErrorDocument directive for the code 500
(internal server error) because we wanted to be able to see this kind of
messages, but you can put it later on to show more graceful messages.
.- We use SSI to define the error hanlding page, but you could use a JSP
if you wished. We just did it to have a light weight proxy with no
special add ons.

I hope it helps,
D.




Eddie wrote:
> 
> Daniel,
> 
> The way you do this with Apache sounds very nice.
> I like to know how you configure Apache to redirect to another page when
> something goes wrong.
> Could you submit a little example please ?
> 
> Eddie
> 
> - Original Message -
> From: "Daniel López" <[EMAIL PROTECTED]>
> To: "Orion-Interest" <[EMAIL PROTECTED]>
> Sent: Monday, November 12, 2001 2:23 PM
> Subject: Re: Monitoring web apps
> 
> > Hi David,
> >
> > We don't have a sophisticated system, but it works well for us. What we
> > do is put an Apache web server, acting as a proxy, in front of the orion
> > server. Then, in the proxy configuration you can specify a redirect page
> > in case something goes wrong, and we use it to redirect to a SSI script
> > that determines which application is down and which page should be shown
> > as an error message. This way you show automatically an error message,
> > just by shutting down orion or by returning a 500 code from your
> > application.
> > I hope it helps,
> > D.
> >
> >
> > David Pérez Villanueva wrote:
> > >
> > > Hi!
> > >
> > > We have several applications running  in  an Orion web server. Our
> > > server is allocated in a hosting corporation. They have a program that
> > > queries our PCs with an url , calling us if there is the word 'error'
> > > (or similar) in response.
> > >
> > > What is the problem? We need something that will check our applications
> > > and will build a html page (or plain text, or anything) with the check
> > > result. Does anybody know any good software to do this? (We have two
> > > PCs: one with Windows 2000 server and  another with Linux).
> > >
> > > Thankyou for your support.
> >
> >

Re: Monitoring web apps

[Daniel López]

Hi David,

We don't have a sophisticated system, but it works well for us. What we
do is put an Apache web server, acting as a proxy, in front of the orion
server. Then, in the proxy configuration you can specify a redirect page
in case something goes wrong, and we use it to redirect to a SSI script
that determines which application is down and which page should be shown
as an error message. This way you show automatically an error message,
just by shutting down orion or by returning a 500 code from your
application.
I hope it helps,
D.


David Pérez Villanueva wrote:
> 
> Hi!
> 
> We have several applications running  in  an Orion web server. Our
> server is allocated in a hosting corporation. They have a program that
> queries our PCs with an url , calling us if there is the word 'error'
> (or similar) in response.
> 
> What is the problem? We need something that will check our applications
> and will build a html page (or plain text, or anything) with the check
> result. Does anybody know any good software to do this? (We have two
> PCs: one with Windows 2000 server and  another with Linux).
> 
> Thankyou for your support.

Error restoring application state

[Daniel López]

Hi,

Lately I'm getting this error when I update my web applications and
hence the application state is not restored and I lose all my sesions.
The complete error message is:
---
Error restoring application state: java.io.WriteAbortedException
(Writing aborted by exception; java.io.NotSerializableException:
com.evermind.server.http.HttpApplication)
---

It might be that I'm storing a reference to some object that cannot be
serializable, but it used to work and I can't see the problem. Besides,
the problem comes from an orion internal class so I don't know where to
start looking. Is there any way to get a more detailed error message?
Has anybody come across this message before? Any hits?

Thanks in advance?,
D.

Re: Stored procedures and J2EE

[Daniel López]

Hi,

I think I might add our 2c, even though they are completely against the
trend ;). In fact, we don't use EJBs at all, unsing instead Stored
Procedures to perform the business logic. When we started, EJB was an,
IMHO, inmature technology that forced people to write lots of
intermediate classes to get to the point, it forced you to write vendor
dependent code, it had a "everything is remote" philosophy that was
pretty inconvenient and good god! it didn't even took into account
relationships between tables! After testing EJB with some projects, we
dropped it because the tediousness of typing so much code, the need to
write embedded SQL or use vendor dependent features and the development
cycle of using EJB, which we don't actually enjoy. We ended up using
XML, and even though we can generate it from anything that we please
(action classes, JSP, even EJB, if we please) we use, most of the time,
stored procedures to generate it. Why? Because it's the place closest to
the database, so it "travels" with it, you have compile-time
dependencies between your code and the database schema and you have the
appropriate tools to acces/manipulate the database. In case we want/need
to do some special pre-/post-processing, then Java comes to the rescue
and it is used to further refine the request/response. Besides, that
means our business logic, based on XML, is independent of ever changing
standards and interfaces. We are quite happy with it, and it has also
allowed us to divide the work pretty nicely, as I have had some people
working on the project, programming the business logic, who didn't know
a single word about Java, HTML or the like. And our designer doesn't
know what is a table, a bean, the context or anything like that.
Warning!! I'm not saying that this is a universal solution and that EJB
should be dropped. No. I'm just saying that they are not the only
solution and that sometimes, for example in our case, using stored
procedures is better for our overall development. We know we might lose
some performance in some cases, but we prefer the easiness of
development and the independence of our code.
Just my 2c,
D.

PD: I follow the EJB spec anyway, and I know EJB2.0 solves partially
some issues that where some of the reasons why we dropped it, but I for
us it's still too little to late.

Re: Orion and JMS: javax.naming.NameNotFoundException]

[Daniel López]

n = null;
>  qSender = null;
>  requestQ = null;
>  
>  if (tConnect != null)
>  tConnect.close();
>  tConnect = null;
>  tSession = null;
>  publisher = null;
>  requestT = null;
> }
> catch (JMSException jex)
> {
> }
> }
>  
> 
>  private void writeObject(java.io.ObjectOutputStream out) throws IOException
> {
> try
> {
>  if (qConnect != null)
>  qConnect.close();
>  qConnect = null;
>  qSession = null;
>  qSender = null;
>  requestQ = null;
>  
>  if (tConnect != null)
>  tConnect.close();
>  tConnect = null;
>  tSession = null;
>  publisher = null;
>  requestT = null;
> }
> catch (JMSException jex)
> {
> throw new IOException("MessageSender:  writeObject:  " + 
>jex.getMessage());
> }
> }
>  
> protected String queueName = null;
> protected transient QueueConnection qConnect = null;
> protected transient QueueSession qSession= null;
> protected transient QueueSender qSender  = null;
> protected transient Queue requestQ   = null;
>  
> protected String topicName = null;
> protected transient TopicConnection tConnect = null;
> protected transient TopicSession tSession= null;
> protected transient TopicPublisher publisher  = null;
> protected transient Topic requestT   = null;
> }
>  
> You will need to define the JNDINames interface with the appropriate values for its 
>attributes.
> Then any class that needs to send messages can extend MessageSender and use the 
>appropriate attributes
> This works for me. Let me know if you still have problems or questions
> 
> Dave
> 
> 
>  -Original Message-
>  From: Kesav Kumar [mailto:[EMAIL PROTECTED]]
>  Sent: Wednesday, August 22, 2001 3:17 PM
>  To: Orion-Interest
>  Subject: RE: Orion and JMS: javax.naming.NameNotFoundException]
> 
>  If you want to get any resource in your Servlet/jsp you got define resource-ref 
>in your web.xml.  
>  One basic information as long as you are in the same container you don't need 
>any parameters to JDNI context.  
>  You need jndi.properties only when you try to access from outside the 
>container.  Your
>  servlets/jsp/ejb/applicationclient
> 
>  are in the same orion container so in all these components you can directly get 
>JNDI context by 
>  Context ctx = new InitialContext(); 
>  As long as you are in the same container there is no need for jndi.properties. 
> 
>  Regarding the JMS you got define resource-ref in your web.xml.  Any container 
>resource of ejb resource you want to
>  use in web tier i.e in servlets/jsp you have to define resource-ref and ejb-ref 
>correspondingly. For JMS which is a
>  resource so you have to declare resource-ref in your web.xml like the following.
> 
>   
>  jms/theQueueConnectionFactory 
>  javax.jms.QueueConnectionFactory 
>  Container 
>   
>   
>  jms/myQueue 
>  javax.jms.Queue 
>  Container 
>   
> 
>  Inside your servlet/jsp for connection factory lookup for 
>jms/theQueueConnectionFactory and for queue lookup for
>  jms/myQueue.
> 
> 
> 
>  > - Original Message - 
>  > From: "Daniel Lopez" <[EMAIL PROTECTED]> 
>  > To: "Orion-Interest" <[EMAIL PROTECTED]> 
>  > Sent: Wednesday, August 22, 2001 8:48 AM 
>  > Subject: [Fwd: Re: Orion and JMS: javax.naming.NameNotFoundException] 
>  > 
>  > 
>  > > Hi (third try to the list, first ones didn't make it), 
>  > > 
>  > > I haven't got a single answer, so I'm wondering if nobody 
>  > is using Orion 
>  > > 
>  > > JMS or this mailing list is playing funny with me. Has anybody 
>  > > configured and used Orion JMS? Could somebody please 
>  > elaborate on the 
>  > > steps necessary to get this thing working? 
>  > > Thanks in advance, 
>  > > D. 
>  > > 
>  > > Daniel López wrote: 
>  > > > 
>  > > > Hi, 
>  > > > 
>  > > > I know this topic has been discussed a lot in here, but I 

Re: Orion and JMS: javax.naming.NameNotFoundException]

[Daniel López]

Hi Kesav,

Thank you very much for your help, it was as simple as that.
Thanks again,
Dan

> Kesav Kumar wrote:
> 
> If you want to get any resource in your Servlet/jsp you got define
> resource-ref in your web.xml.
> One basic information as long as you are in the same container you
> don't need any parameters to JDNI context.
> You need jndi.properties only when you try to access from outside the
> container.  Your servlets/jsp/ejb/applicationclient
> 
> are in the same orion container so in all these components you can
> directly get JNDI context by
> Context ctx = new InitialContext();
> As long as you are in the same container there is no need for
> jndi.properties.
> 
> Regarding the JMS you got define resource-ref in your web.xml.  Any
> container resource of ejb resource you want to use in web tier i.e in
> servlets/jsp you have to define resource-ref and ejb-ref
> correspondingly. For JMS which is a resource so you have to declare
> resource-ref in your web.xml like the following.
> 
> 
> 
> jms/theQueueConnectionFactory
> javax.jms.QueueConnectionFactory
> Container
> 
> 
> jms/myQueue
> javax.jms.Queue
> Container
> 
> 
> Inside your servlet/jsp for connection factory lookup for
> jms/theQueueConnectionFactory and for queue lookup for jms/myQueue.
> 
snip...

Re: Orion and JMS: javax.naming.NameNotFoundException]

[Daniel López]

Hi Michael,

I apologize if any of the facts that I exposed on my mail seemed to you
to be a complain. My intention was to explain that I had sent two
messages to the list that I had not seen, just to warn people so if they
got too copies, they would know it was not intentional. And the second
part to let people know that I was not sure whether nobody was reading
my messages, or no one was actually using Orion JMS. I the way I
expressed it offended you, I apologize but I don't think it deserved
such a harsh response.
regards,
D.

"Michael J. Cannon" wrote:
> 
> What browser/MTA?
> 
> Alos check the Oracle knowledge bank on OTN.oracle.com
> 
> The server is up, the server is down...so what?  Your messages eventually
> make it here and you eventually get an answer.  You didn't pay anything for
> your answer, so quit complaining, or go to a support company (or switch and
> get a slower server or pay upwards of USD$6000 minimum for it.
> 
> Your problem is that JMS and the agents for it aren't yet mature and,
> besides commercial ISVs, few use the libs.  Try the Sun and usenet lists,
> 
> If you're having probs w/ Orion's JMS, perhaps you should try JBoss (slower)
> or Jakarta's or the Sun RI.
> 
> Michael J. Cannon

Orion and JMS: javax.naming.NameNotFoundException

[Daniel López]

Hi,

I know this topic has been discussed a lot in here, but I haven't been
able to find the answer in the archive or in the documentation. The
problem is: I decided to have a go with JMS but I can't even start to
play with it, as all I get is "javax.naming.NameNotFoundException".
These are the steps I have followed:
.- Configure server.xml with the following line:
...

...
.- Configure jms.xml with this content:



A dummy queue





.- Add jndi.properties to my application's classes(WEB-INF/classes),
with the following content:

java.naming.factory.initial=com.evermind.server.ApplicationClientInitialContextFactory
java.naming.provider.url=ormi://localhost/
java.naming.security.principal=admin
.- Then in my servlet, I just try to see if the objects are there:
...
Context ctx = new InitialContext();
QueueConnectionFactory queueConnectionFactory =  
(QueueConnectionFactory)
ctx.lookup("java:comp/env/jms/QueueConnectionFactory"); 
// Exception is thrown in the line above
...
The facts:
.- JMS Server seems to have been started, as I can see the jms.log file
and reads (Date 1.4.5 Started)
.- I have tried with various names, with and without java:comp/env, and
with various methods (list, listBindings...) with no look. I cannot get
a single object to be looked up.
.- Platform is WinNt 4.0, JDK1.3.0-c hotspot, Orion 1.4.5 (I also tried
1.5.2 with the same results)

So, what have I forgotten to do? It seems like I just forgot to do some
essential step. I tried to find the JMS how to by Kesav Kumar but I
couldn't find it. Anybody, please?
Thank you in advance,
D.

PD: On a side note, I have seen man people trying to use external JMS
providers with Orion, is that so because Orion JMS is buggy? Would it be
better to use some external tool like OpenJMS or so? I had thought it
would be nice to have everything in the same place, this way you just
have to take care of one server. Comments?







-- 
---
Daniel Lopez Janariz ([EMAIL PROTECTED])
Web Services
Computer Center
Balearic Islands University
---

Re: multiple instances of a servlet?

[Daniel López]

Hi Ville,

Do you, by any chance, have different names defined for your controller
servlet in the web.xml file? I also have my own ControllerServlet
framework and I just have a single instance, unless I define more than
one name for the same servlet. If you define different web applications
you would also have different instances, even if you use the same name,
so have a look at your web.xml files to see if the problem is in there.
Just my 2ec,
D.


Ville Rinne wrote:
> 
> Kevin, let me know how your tests came out. I did some more testing myself
> and I found it strange that when I created a specific simple test-servlet
> for this case I didn't manage to get more than one instance of it created.
> I'll do some more testing tomorrow but there is definitely something
> strange going on. Obviously the amount my testservlet takes to complete a
> request is smaller than the amount of time my request-controller takes but
> at this point I honestly don't have a clue :P
> 
> Anyhow, since servlets aren't synchronized in any way by default, how
> would it increase performance even if there was more than one instance of
> them in existance?
> 
> cheers,
> Ville Rinne
> 
> Of course it isn't a huge problem
> 
> On Tue, 7 Aug 2001, Duffey, Kevin wrote:
> 
> > Keep in mind that every app server is allowed to implement the spec in their
> > own manner. It does sound peculiar, but it is very possible that Orion gets
> > its performance by pooling a few servlet instances even without the single
> > threaded model. I don't know for sure, but that seems logical. By having
> > even two or three instances, it could increase the ability to handle ore
> > requests..although myself I thought that a single instance would be plenty
> > fast to have literally thousands of requests per second hit it. Each time a
> > request comes in, the container should create a new thread for that request
> > then send it on its way to the servlet instance. A PIII600 system can run
> > over 1billion instructions per second. Figure that with the JVM interpreter,
> > your code and any resources, you should still be able to iterate thousands
> > of requests per second, unless object creation in a servlet (and depending
> > on what it is doing) slows things down. The one factor I am not sure of is
> > how many "threads" a JVM can handle at one time. I have heard of single
> > servers handling 1000's of hits per second, and if each request goes to a
> > JSP or servlet, that should equate to one new thread per request..even if
> > the session id is the same (for example, the user somehow opened a new
> > window from the browser window..and could possibly submit two (or more)
> > requests at the same time).
> >
> > At any rate, it sounds to me like perhaps either there is a bug, or that
> > Orion is doing this pooling automatically to increase performance.
> > Interesting though..I will now check out to see if my MVC framework does the
> > same thing.
> >
> >
> >
> > -Original Message-
> > From: Ville Rinne [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, August 07, 2001 7:59 AM
> > To: Orion-Interest
> > Subject: multiple instances of a servlet?
> >
> >
> > We've implemented the request-controller pattern using a servlet as the
> > entry-point of all our jsp-pages. For some reason Orion creates multiple
> > instances of this servlet even though it isn't implementing
> > SingleThreadModel and there isn't anything peculiar about it. I have the
> > servlet printing to System.out every time init() is run and every time it
> > receives a request, it also prints the memory address of the instance that's
> > handling it. For some reason with this servlet there are multiple instances
> > (up to 3 so far) that handle these requests. There doesn't seem to be any
> > larger logic in which instance gets to handle the request. It's not a
> > problem per se but I just find it rather strange since I assumed that only
> > one instance of a servlet would be created. Anyone else ran into this ?
> >
> > cheers,
> > Ville Rinne

Re: getRemoteAddr() - APACHE as proxy !! HMMMMM

[Daniel López]

Hi Eddie,

It works for me because I'm not replacing the original address. As I
have my own authentication routines, I check the X-FORWARDED-FOR header
when it is available, else the usual one. So I never tried to do what
you are trying to do, hence I can't help you much, I'm sorry about that.
On the other hand, you might try to get in touch with the author of the
module, Ask Bjoern Hansen([EMAIL PROTECTED]). He was the one who kindly
pointed me to the URL I gave you and he was quite helpful.
But if you are trying to do what I think, you might have run out of
luck. If you change the original IP inside Apache with mod_perl, or any
other module, this doesn't mean that the Orion server will use it when
creating the request object. Orion has its own way of constructing the
request and it probably uses the IP of the originating call to it, the
proxy in this case. To be able to change the way the request is
constructed, you should have access to the orion source, as somebody
else pointed out, or you might ask the Ironflare guys to add this
feature. From the Java point of view, somebody has to read the
X-FORWARDED-FOR header IN THE ORION SIDE and take into account, because
from the Apache side, you cannot influence the way the Java requests are
built on the orion side. If you could modify the request somehow, this
would be a nice job for a JSDK2.3 filter.
Good luck,
D.

Eddie wrote:
> 
> Daniel,
> 
> Thanks for you solutionit almost works... ;)
> 
> I installed the module and indeed I do get the X-FORWARDED-FOR name as
> header with the client's ip address.
> ---
> HEADER NAME: X-FORWARDED-FOR
> HEADER value: 10.0.0.62
> 
> 
> I only have problem using a perl handler to replace the ip address that java
> reads (in the header) with the above header (Until now I only did simple
> things with mod_perl).
> 
> I tried it like the example in the source code of the mod_proxy_add_forward
> suggested: including a subroutine in the startup.pl script and calling it
> with an PerlPostReadRequestHandler..
> Hoewer this doesn't work. I tried some other stuff but... no luck..
> Can you tell me who you did this ?? what did you put in you httpd.conf ?,
> what script did you use ? and where did you put it ?
> 
> Thanks,
> Eddie
> 
> - Original Message -
> From: Daniel López <[EMAIL PROTECTED]>
> To: Orion-Interest <[EMAIL PROTECTED]>
> Sent: Wednesday, June 06, 2001 7:49 AM
> Subject: Re: getRemoteAddr() - APACHE as proxy !!
> 
> > Well,
> >
> > I have some partially good news: There is a way around that using
> > Apache. I'm also using it as a proxy, to concentrate all the services on
> > the standard HTTP port while keeping different Orion instances running,
> > and as some of our security requirements take into account the IP from
> > the client, so  I run onto the same problem. I queried the mod_proxy
> > list and I got a patch that includes, as an extra HTTP header, the
> > client original IP. This solves the problem for our own custom
> > authentication, as we check first if this header is available or not, if
> > it is, then we check the IP agains this value.
> > The problem here would be if you use some authentication mechanism that
> > you cannot modify so it checks for this extra header.
> > Here it is, the URL I was given and from where you can download the
> > patch: http://develooper.com/code/mpaf/
> > I hope this helps,
> > D.
> >
> >
> > elephantwalker wrote:
> > >
> > > Andre,
> > >
> > > Sorry, but the loadbalancer.jar has the same problem. For example, the
> > > access logs for the various orion servers only report the ip of the
> > > loadbalancer...not very interesting.
> > >
> > > Regards,
> > >
> > > the elephantwalker
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]On Behalf Of Andre Vanha
> > > Sent: Tuesday, June 05, 2001 12:55 PM
> > > To: Orion-Interest
> > > Subject: RE: getRemoteAddr() - APACHE as proxy !!
> > >
> > > I've run into the same problem.  I don't think there is any way around
> this,
> > > since the Apache module is a simple proxy.
> > > It would be necessary to improve the Apache plugin to send some extra
> > > headers, and then have orion interpret them.
> > > However without an open API through which to construct the HTTP requests
> > > coming into orion, you would have to interpret these headers in your own
> > > code.
> > >
> > > One possible avanue is Orion's load balancer.  I haven't had a chanc

Re: getRemoteAddr() - APACHE as proxy !!

[Daniel López]

Well,

I have some partially good news: There is a way around that using
Apache. I'm also using it as a proxy, to concentrate all the services on
the standard HTTP port while keeping different Orion instances running,
and as some of our security requirements take into account the IP from
the client, so  I run onto the same problem. I queried the mod_proxy
list and I got a patch that includes, as an extra HTTP header, the
client original IP. This solves the problem for our own custom
authentication, as we check first if this header is available or not, if
it is, then we check the IP agains this value.
The problem here would be if you use some authentication mechanism that
you cannot modify so it checks for this extra header.
Here it is, the URL I was given and from where you can download the
patch: http://develooper.com/code/mpaf/
I hope this helps,
D.


elephantwalker wrote:
> 
> Andre,
> 
> Sorry, but the loadbalancer.jar has the same problem. For example, the
> access logs for the various orion servers only report the ip of the
> loadbalancer...not very interesting.
> 
> Regards,
> 
> the elephantwalker
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Andre Vanha
> Sent: Tuesday, June 05, 2001 12:55 PM
> To: Orion-Interest
> Subject: RE: getRemoteAddr() - APACHE as proxy !!
> 
> I've run into the same problem.  I don't think there is any way around this,
> since the Apache module is a simple proxy.
> It would be necessary to improve the Apache plugin to send some extra
> headers, and then have orion interpret them.
> However without an open API through which to construct the HTTP requests
> coming into orion, you would have to interpret these headers in your own
> code.
> 
> One possible avanue is Orion's load balancer.  I haven't had a chance to
> test it, but does it suffer from the same problem?
> It may already have an API that allows it to pass through the original IP
> address (and other info) to the actual server, which could be emulated by a
> web server plugin.
> 
> Andre
> 
> -Original Message-
> From: Eddie [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 05, 2001 10:30 AM
> To: Orion-Interest
> Subject: Re: getRemoteAddr() - APACHE as proxy !!
> 
> OK,
> In the meantime I found out what is wrong:
> I am using apache as a proxy server, and therefore I do get the IP address
> of the server.
> How can I overcome this ?? Such that getRemoteAddr() does return the
> client's IP address in my servlets.
> 
> Eddie
> 
> - Original Message -
> From: Eddie 
> To: Orion-Interest 
> Sent: Tuesday, June 05, 2001 2:12 PM
> Subject: getRemoteAddr()
> 
> Hellu there,
> 
> If I use getRemoteAddr()  to get the IP address of the client the makes the
> servlet requests it return the IP address of the server ?? (also
> getRemoteHost() returns the server name).
> 
> Any idea how come ??
> I am running jdk 1.3 and the servlets run on the application server Orion
> 1.5.1
> (OS: Linux redhat 7.0)
> 
> (I can remember that a JSP on JSERv on apache didn't had this problem, so I
> quess it's Orion .. not ??)
> 
> Eddie

Using JAAS for authentication (Was: bugs in <@page extends="...)

[Daniel López]

Hi Joni,

That sounds pretty interesting, however, I still have some doubts.
Let's see:
.- Where do you get the user from (the one you use with
user.getSubject()). Can these users be specified dynamically through a
standard interface? Or do they have to be specified in a container
specific way?
.- Can the policy file be specified on a "per web application basis" or
does it just exist one policy file for the whole system? This way I
could specify the security of my applications independendently. And
could this information be extracted from a database/URL instead of a
system file?

Just curious to see how I could use this standard API without losing all
the flexibility and dynamicity that I've already accomplished with my
own implementation.

Regards and thanks for the info,
D.

Joni Suominen wrote:
> 
> Hi Daniel,
> 
> JAAS is not necessarily tied to the OS user. Actually you can tie it to
> the OS user by using proper login modules which can authenticate if a
> user is already logged into an OS. However, in a true Java spirit, JAAS
> is much more generic. In fact it is just a framework to implement
> versatile authentication and authorization schemes. For instance, I
> authenticate user's against a relational database (some might use LDAP).
> The JAAS provides abstractions to represent user's identity and
> permissions. It also provides algortihms to check if configured security
> policy implies certain permission.
> 
> Some sample code:
> 
> PagePermission pagePermission = new
> PagePermission("admin");
> PermissionCollection pc =
> Policy.getPolicy().getPermissions(user.getSubject(), null);
> 
> if (pc.implies(pagePermission)) {
> // authorization succeeded...
> }
> else {
> // authorization failed, the current user don't have a permission to
> view a page on this domain.
> }
> 
> Then on policy file I might have:
> 
> grant Principal org.shiftctrl.framework.security.SCGroupPrincipal
> "admin" {
>permission
> org.shiftctrl.framework.security.permissions.PagePermission "admin";
> };
> 
> This way it is easy to implement multiuser Java applications where
> accesses are controlled on per-user or per-group level. JAAS is also
> integrated to the JDK 1.4, like the new logging API you mentioned.
> 
> --
> Joni
> [EMAIL PROTECTED]
> 

Re: bugs in <@page extends="...."> in Orion implementation?

[Daniel López]

Hi Joni,

I agree it can be done. My situation is that I just don't log requests
but I can log everything that happens in the environment, security
settings, internationalization issues, XML/XSLT performance... so my
logging code is tightly integrated with the framework and I can control
it from a single point. I could use a filter to check things before the
request is served, but as the rest of the parts are going to use it,
what do I win by externalising it. Anyway, I hope to be able to discard
this part of the environment as soon as JDK1.4 logging features become a
reality. With security is more or less the same, we implemented our own
security library because we are not satisfied with the standard and we
don't want to get container specific. I agree I could externalise this
as a filter but I wouldn't really win much, as it is also quite tightly
integrated with the rest of the things. IMO, things that are standard
and can be switched on/off and replaced with another implementation
without a hitch are candidates to be externalised, otherwise, it's not
that it cannot be done with filters, it's that I don't see a big win in
doing so. Of course, that's my situation because I can control the MVC 2
implementation and I can tightly integrate these parts.

Just a question. I thought JAAS was used to control if the OS user that
was executing the Java code was/was not allowed to perform such
execution. If the OS user that executes the servlet code is supposedly
always the same, how is this thing related to the application user that
performs the request? I didn't think this standard could be used for
that, if it is, I might go for it ;).

regards,
Dan

Joni Suominen wrote:
> 
> Hi!
> 
> I have implemented these features as "externalized" filters. The reason
> for this was that I use a MVC 2 product which is developed independently
> (Jakarta Struts http://jakarta.apache.org/struts/). Like Marcel said the
> beauty of filters is that they are independent from the rest of the
> application. The filters allow me to plug in these services to the
> application without any integration code. So, I have a LogFilter which
> logs the requests using log4j (http://jakarta.apache.org/log4j/). After
> that there's an AuthorizationFilter which checks if the current user has
> priviledges to execute the request. AuthorizationFilter utilizes the
> forthcoming Java Authentication and Authorization service
> (http://java.sun.com/products/jaas/). All in all, I have a pretty
> flexible system with a very little own code.
> 
> Joni
> [EMAIL PROTECTED]
> 
> Daniel López wrote:
> >
> > Hi,
> >
> > I've also used filters, but in this case to filter requests by IP, as I
> > don't want certain IP's to be able to access certain URLs. On the other
> > hand, I implemented security, logging and other features inside my own
> > servlet Controller, following a Model 2 approach. I thought about
> > "externalizing" this services as filters, but that would mean that the
> > web.xml file will grow too much and that I would have to put too much
> > things in the request object each time. It's not that I've discarded the
> > idea, but I don't see any compelling reason to implement everything as
> > filters. We don't use servlets, but ONE controller servlet and action
> > classes and we use JSP as view-only, creatures (actually, we seldom use
> > them as we use XML/XSLT), so as anyway all the requests go through my
> > controller servlet... We implemented IP filtering as a filter because we
> > also wanted to use it in other applications, as well as with static
> > content.
> > Just my 2c,
> > D.
> > ---
> > Daniel Lopez Janariz ([EMAIL PROTECTED])
> > Web Services
> > Computer Center
> > Balearic Islands University
> > ---
> >
> > Marcel Schutte wrote:
> > >
> > > Hi Randahl,
> > >
> > > I've used a filter to do gzip encoding for specific file types. Starting
> > > with the tutorial at http://www.orionserver.com/tutorials/filters/lesson5/,
> > > I've changed some things to get the hang of it and also to reduce the amount
> > > of buffering used. It works fine, haven't had a problem with this
> > > (intranet)site.
> > >
> > > The beauty of filters is that they are completely independent from your
> > > application, just edit your web.xml and you are set.
> > >
> > > Let me know if you wnat some more info.
> > >
> > > Marcel
> > >
> > > > -Original Message-
> > > > Fro

Re: bugs in <@page extends="...."> in Orion implementation?

[Daniel López]

Hi Robert,
Let's see, we follow two different aproaches to get to the XML. If we
are using Oracle, we pretty much always do, we produce XML directly from
PLSQL using some sentences like that:
...
 for v_user in cursor_users(condition) loop
 XMP.P('');
 end loop;
...
The result is then forwarded to an XSLT processor (TRaX API compatible)
that produces the HTML. Precompiled XSLT sheets are cached so
performance is greatly improved.

If we are not using Oracle, or we need to use some Java, then we format
the XML using JSPs like that:
<%@ taglib uri="/leafTag.jar" prefix="leaf" %>

...
<%
 for(int i = 0; i< users.length; i++)
 {
%>
 
<%
 }
%>
...


After the XML has been produced, the XSLEval tag passes its body to the
same XSLT processor as above and then result is substituted by the HTML
result. PLSQL-generated XML can be also included inside the JSPs with
another tag, in case of need. As it uses the same XSLT processing
facilities, PLSQL-generated XML and JSP-generated share the XSLT cache.
That's basically how we do it. We are not using EJB as
programming/mantaining the database code in PLSQL is like heaven,
compared to programming it with Java. We might get to use them but if we
do, we will format them with JSPs or pseudo-generate it with
introspection.
It's not perfect and not every like it but we are quite happy with it
and we have implemented around a dozen applications with the system so
far.
If your question was specifically about the HTML produced from the XML,
it's exactly the same that it would be produced with a JSP, or by hand.
The result is exactly the same. It's the way to accomplish it that is
different. We though that, instead of creating a huge library of taglibs
that perform loops, conditionals, basic operations..., it would be much
simpler to use XSLT that already has all these features and allows you
to easily reuse them. And it is also a standard with several
implementations available so...
regards,
D.

Robert Nicholson wrote:
> 
> Can you elaborate on how you are using XSL and XSLT ... I assume you're
> using Tag libraries but can you show an example of HTML markup derived from
> XML?
> 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Daniel Lopez
> > Sent: Wednesday, May 30, 2001 6:05 AM
> > To: Orion-Interest
> > Subject: Re: bugs in <@page extends=""> in Orion implementation?
> >
> >
> > Hi,
> >
> > I've also used filters, but in this case to filter requests by IP, as I
> > don't want certain IP's to be able to access certain URLs. On the other
> > hand, I implemented security, logging and other features inside my own
> > servlet Controller, following a Model 2 approach. I thought about
> > "externalizing" this services as filters, but that would mean that the
> > web.xml file will grow too much and that I would have to put too much
> > things in the request object each time. It's not that I've discarded the
> > idea, but I don't see any compelling reason to implement everything as
> > filters. We don't use servlets, but ONE controller servlet and action
> > classes and we use JSP as view-only, creatures (actually, we seldom use
> > them as we use XML/XSLT), so as anyway all the requests go through my
> > controller servlet... We implemented IP filtering as a filter because we
> > also wanted to use it in other applications, as well as with static
> > content.
> > Just my 2c,
> > D.
> > ---
> > Daniel Lopez Janariz ([EMAIL PROTECTED])
> > Web Services
> > Computer Center
> > Balearic Islands University
> > ---
> >
> > Marcel Schutte wrote:
> > >
> > > Hi Randahl,
> > >
> > > I've used a filter to do gzip encoding for specific file types. Starting
> > > with the tutorial at
> > http://www.orionserver.com/tutorials/filters/lesson5/,
> > > I've changed some things to get the hang of it and also to
> > reduce the amount
> > > of buffering used. It works fine, haven't had a problem with this
> > > (intranet)site.
> > >
> > > The beauty of filters is that they are completely independent from your
> > > application, just edit your web.xml and you are set.
> > >
> > > Let me know if you wnat some more info.
> > >
> > > Marcel
> > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Randahl Fink
> > > > Isaksen
> > > > Sent: Wednesday, May 30, 2001 9:39 AM
> > > > To: Orion-Interest
> > > > Subject: RE: bugs in <@page extends=""> in Orion implementation?
> > > >
> > > >
> > > > Hi Marcel
> > > >
> > > >
> > > > I looked it up, and I definately see your point about the
> > > > filter mechanism.
> > > > Have you any experience with this on Orion? Does it work
> > > > well? And what have
> > > > you used it for?
> > > >
> > > > Of course if anyone else have tried it out, I would very much
> > > > like to hear
> > > > from you too.
> > > >
> > > >
> > > > Yours
> > > > Randahl
> > > >
> > > > 

Re: SV: SV: proxying orion with IIS or iPlanet Web Server

[Daniel López]

Hi Patrick,

We thought about that and that is a possibility but we haven't got yet
to the "failover setup".
The possibility we are studying is to cluster the application servers
"behind" the proxy and let the proxy be as simple as possible. The
failover would be in this case, transparent. Another possibility would
be to let the SSI script issue a redirect to another place, but this
would mean an external redirect (not transparent to the user). If you
want this thing to be transparent, you would have to modify the Apache
configuration to modify your proxy settings to point to the new
location. I haven't tried but I'm not sure this can be done dynamically
. That's what we do manually when we modify an application server
location but I wouldn't call this failover ;). In the end, you would be
kind of replicating, through Apache and SSI, what container-clustering
is already supposed to give you so... why?
Next step I want to try is to use the proxy also as a cache for static
content, hence improving the speed of the content that doesn't need to
be dynamically generated. I already tried but I have to find the proper
settings as it is caching more than what I need. Then we would just have
the extra trip for the dinamically generated content.

Dan

> Patrik Andersson wrote:
> 
> Ok,
> 
> very interesting to hear ways to setup large applications. But in
> other
> words, the SSI script that shows the "For maintenence reasons..."
> message could also be used as some kind of fail over?
> 
> Patrik
> 
> -Ursprungligt meddelande-
> Från: Daniel López [mailto:[EMAIL PROTECTED]]
> Skickat: den 30 maj 2001 15:15
> Till: Orion-Interest
> Ämne: Re: SV: proxying orion with IIS or iPlanet Web Server
> 
> Hi Patrick,
> 
> I agree with you, in our case we are using Apache as a proxy for other
> 
> reasons. One reason is that the Apache SSL certificate that we have
> doesn't work with Orion (quite easy to fix) but the main reason is
> that
> we use several instances of Orion, one per set of related
> applications,
> and we use the proxy to "concentrate/redirect" the traffic from the
> port
> 80 to the appropriate application port. This way we have one single
> point of failure, the proxy, but orion instances are independent of
> each
> other and we can start/stop/move them without bothering the other
> applications. Besides, we also have an SSI script inside the proxy
> that,
> in case an application server is down, redirects the request to the
> appropriate "For maintenance reasons..." page. Right now the proxy and
> 
> the orion instances are, some of them, in the same host, but in the
> future I guess they won't be as next step for us is clustering.
> Anyway,
> no Tomcat anywhere and no plans for it, at least as it is now.
> We are quite happy with this set up, but we are in a situation were
> our
> main worry is not speed, so we don't care about the small extra trip
> between the proxy and the orion instance, but the number of
> applications. With hot deployment you are supposed not to have to stop
> 
> the orion server but sometimes...
> Just my 2ec,
> D.
> ---
> Daniel Lopez Janariz ([EMAIL PROTECTED])
> Web Services
> Computer Center
> Balearic Islands University
> ---
> 
> > Patrik Andersson wrote:
> >
> > Just for the sake of asking,
> >
> > why do you have tomcat serving jsp/servlets and orion serving ejbs
> if
> > they're both running on the same machine? For me, that sounds like
> > asking for extra maintenance trouble. And another thing, from having
> 
> > one "single point of failure" you now have 3. If either one if these
> 
> > three applications decide to call it a day your whole application
> dies
> > and that goes for having two machines running different software
> > aswell. Why not use two or three machines all running orion and
> having
> > them split the workload by clustering them?
> >
> > regards,
> > Patrik
> >

Re: Setting up a new web-application

[Daniel López]

Hi Kevin,

Kevin Jones wrote:
> 
> > I'm using Xalan 2 in my framework and I've had the same problem with
> > pretty much all the containers that I've tried playing with. With Orion,
> > substituting xalan.jar and xerces.jar in the Orion directory did the
> > trick for me in 1.4.*.
> 
> This is an ugly hack though :-) If another app using the same server and
> relies on Xalan-1 functionality, they're screwed.

I know, I know, and it also breaks our "application atomicity" as it is
not enough to pack our applications in .ear files, we also have to make
sure Xalan 2 is manually installed in the container :(. But we jumped to
JAPX as soon as it implemented the TRaX API to finally become
independent of the XSLT processor and as all our applications use the
same XML/XSLT framework, based in JAXP and TRaX... We've run into some
troubles with some external applications but in this case, I'd rather
have another orion instance with another classpath than downgrading my
whole framework to become parser-dependent again. I hope JSDK2.3 allows
us to get rid of this "ugliness"

> 
> > with Resin and I never tried with Tomcat.
> 
> Tomcat 4 fixes this (mostly)

Mostly? That sounds scary! ;) (Warning! Warning! that was meant to be a
joke ;) )

> > The problem seems to be
> > something like "the first XML library to be used is the one to be used
> > for everything" and as all the containers have nowadays XML
> > configuration files and use an XML parser as soon as they start up, then
> > the XML library that is used is the one that the container uses,
> 
> Yes, sort of. The problem is that the same classloader used by your web-app
> can also 'see' the global 'classpath ' set by Orion, and, as classloaders
> delegate, when the web-app CL tries to use an XML parser, or Xalan or
> something that is shared then the 'global' one gets used first.

I see. I guess that's the reason why the 2.3 spec says talks about
application classpath "taking precedence" over the global one.

> > hence
> > the need to put your desired library in the global CLASSPATH. This can
> > lead to problems that can't be solved, if the container and your
> > application can only use incompatible versions of a parser. As somebody
> > mentioned,
> 
> That was me
> 
> > I think JSDK 2.3 tries to solve this, specifically,
> > Point SRV.9.7.2 Web Application Classloader (Page 63 JSDK2.3 PFD2)
> > states:
> > "...
> > It is recommended, however, that the application classloader be
> > implemented so that classes and resources packaged within the WAR are
> > loaded in preference to classes and resources residing in container-wide
> > library JARs.
> > "
> 
> Yes, we put this in because of these sorts of problems.

Oh, so you are one of them ;). You can bet everybody will appreciate it
if you can specify things so this issue is solved. From my experience,
this is number one source of problems when using todays containers (not
talking about code bugs or similar problems).

Now that we are at it. Have you thought about improving security so the
mappings are a bit more dynamic and   that user-role mapping is not
container-dependent? These are the reasons that lead us to develop our
own library but I would have lived happier if I needn't have to do it.

Thanks for your comments,
D.
---
Daniel Lopez Janariz ([EMAIL PROTECTED])
Web Services
Computer Center
Balearic Islands University
---

> Kevin Jones
> DevelopMentor
> www.develop.com

Re: SV: proxying orion with IIS or iPlanet Web Server

[Daniel López]

Hi Patrick,

I agree with you, in our case we are using Apache as a proxy for other
reasons. One reason is that the Apache SSL certificate that we have
doesn't work with Orion (quite easy to fix) but the main reason is that
we use several instances of Orion, one per set of related applications,
and we use the proxy to "concentrate/redirect" the traffic from the port
80 to the appropriate application port. This way we have one single
point of failure, the proxy, but orion instances are independent of each
other and we can start/stop/move them without bothering the other
applications. Besides, we also have an SSI script inside the proxy that,
in case an application server is down, redirects the request to the
appropriate "For maintenance reasons..." page. Right now the proxy and
the orion instances are, some of them, in the same host, but in the
future I guess they won't be as next step for us is clustering. Anyway,
no Tomcat anywhere and no plans for it, at least as it is now.
We are quite happy with this set up, but we are in a situation were our
main worry is not speed, so we don't care about the small extra trip
between the proxy and the orion instance, but the number of
applications. With hot deployment you are supposed not to have to stop
the orion server but sometimes...
Just my 2ec,
D.
---
Daniel Lopez Janariz ([EMAIL PROTECTED])
Web Services
Computer Center
Balearic Islands University
---

> Patrik Andersson wrote:
> 
> Just for the sake of asking,
> 
> why do you have tomcat serving jsp/servlets and orion serving ejbs if
> they're both running on the same machine? For me, that sounds like
> asking for extra maintenance trouble. And another thing, from having
> one "single point of failure" you now have 3. If either one if these
> three applications decide to call it a day your whole application dies
> and that goes for having two machines running different software
> aswell. Why not use two or three machines all running orion and having
> them split the workload by clustering them?
> 
> regards,
> Patrik
> 
>  -Ursprungligt meddelande-
>  Från: Lachezar Dobrev [mailto:[EMAIL PROTECTED]]
>  Skickat: den 30 maj 2001 08:50
>  Till: Orion-Interest
>  Ämne: Re: proxying orion with IIS or iPlanet Web Server
> 
> Hya...
> Got a reply for you :).
> I use Apache as a front-end server. I use Orion to store
>  my EJBs, and I use Jakarta-Tomcat to deploy servlets and
>  JSPs. Just put the Tomcat and Orion on one and the same
>  machine, start tomcat with a classpath, that includes the
>  jars of the Orion server. Put a jndi.properties file
>  somewhere (probably the web-inf/classes directory) and
>  specify the jndi properties as for a remote application:
> 
> 
>  java.naming.factory.initial=com.evermind.server.rmi.RMIInitialContextFactory
>java.naming.provider.url=ormi://127.0.0.1/  application>
>java.naming.security.principal=
>java.naming.security.credentials=
> 
> Than you can safely read the Apache-Tomcat connectivity
>  issues.
> I have used this with IAS instead of orion also. It
>  worked.
> Apache and Tomcat are "cheaper" than other web servers :)
> 
> May the shade of the tree strengthen you.
> Lachezar
> 
> 
>  - Original Message -
>  From: "Andrew Diederich" <[EMAIL PROTECTED]>
>  To: "Orion-Interest" <[EMAIL PROTECTED]>
>  Sent: Wednesday, May 30, 2001 12:46 AM
>  Subject: RE: proxying orion with IIS or iPlanet Web Server
> 
>  > I was afraid of that -- ISA is a minimum of $1,500.  An
>  expense for the free
>  > webserver.  I'll look into, iWS, but since iPlanet sells a
>  proxy server,
>  > too, I bet their webserver won't do it be default,
>  either.   Ah, well.
>  >
>  > Does this mean folks using Orion on NT/Win2k put Orion in
>  their DMZ?
>  >
>  > --
>  > Andrew
>  >
>  > -Original Message-
>  > From: Juan Lorandi (Chile)
>  [mailto:[EMAIL PROTECTED]]
>  > Sent: Monday, May 28, 2001 13:40
>  > To: Orion-Interest
>  > Subject: RE: proxying orion with IIS or iPlanet Web Server
>  >
>  >
>  > Dig into ISA server, It's the M$ reversed proxy solution.
>  Or else, go into
>  > the ISAPI filter world (best of luck)
>  >
>  > JP

Re: bugs in <@page extends="...."> in Orion implementation?

[Daniel López]

Hi,

I've also used filters, but in this case to filter requests by IP, as I
don't want certain IP's to be able to access certain URLs. On the other
hand, I implemented security, logging and other features inside my own
servlet Controller, following a Model 2 approach. I thought about
"externalizing" this services as filters, but that would mean that the
web.xml file will grow too much and that I would have to put too much
things in the request object each time. It's not that I've discarded the
idea, but I don't see any compelling reason to implement everything as
filters. We don't use servlets, but ONE controller servlet and action
classes and we use JSP as view-only, creatures (actually, we seldom use
them as we use XML/XSLT), so as anyway all the requests go through my
controller servlet... We implemented IP filtering as a filter because we
also wanted to use it in other applications, as well as with static
content.
Just my 2c,
D.
---
Daniel Lopez Janariz ([EMAIL PROTECTED])
Web Services
Computer Center
Balearic Islands University
---

Marcel Schutte wrote:
> 
> Hi Randahl,
> 
> I've used a filter to do gzip encoding for specific file types. Starting
> with the tutorial at http://www.orionserver.com/tutorials/filters/lesson5/,
> I've changed some things to get the hang of it and also to reduce the amount
> of buffering used. It works fine, haven't had a problem with this
> (intranet)site.
> 
> The beauty of filters is that they are completely independent from your
> application, just edit your web.xml and you are set.
> 
> Let me know if you wnat some more info.
> 
> Marcel
> 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Randahl Fink
> > Isaksen
> > Sent: Wednesday, May 30, 2001 9:39 AM
> > To: Orion-Interest
> > Subject: RE: bugs in <@page extends=""> in Orion implementation?
> >
> >
> > Hi Marcel
> >
> >
> > I looked it up, and I definately see your point about the
> > filter mechanism.
> > Have you any experience with this on Orion? Does it work
> > well? And what have
> > you used it for?
> >
> > Of course if anyone else have tried it out, I would very much
> > like to hear
> > from you too.
> >
> >
> > Yours
> > Randahl
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Marcel Schutte
> > Sent: 30. maj 2001 00:22
> > To: Orion-Interest
> > Subject: Re: bugs in <@page extends=""> in Orion implementation?
> >
> >
> > That's right, the two examples Randahl gives can be easily
> > solved using the
> > servlet2.3 filter mechanism, giving a very loose coupling of
> > these features
> > with your actual application.
> >
> > Marcel
> >
> > - Original Message -
> > From: "Juan Lorandi (Chile)" <[EMAIL PROTECTED]>
> > To: "Orion-Interest" <[EMAIL PROTECTED]>
> > Sent: Tuesday, May 29, 2001 10:45 PM
> > Subject: RE: bugs in <@page extends=""> in Orion implementation?
> >
> >
> > > I believe this could be better modeled differently, because
> > it leaves no
> > > room for the web server to implement its callbacks and java doesn't
> > support
> > > multiple inheritance.
> > >
> > > > -Original Message-
> > > > From: Randahl Fink Isaksen [mailto:[EMAIL PROTECTED]]
> > > > Sent: Martes, 29 de Mayo de 2001 3:01
> > > > To: Orion-Interest
> > > > Subject: RE: bugs in <@page extends=""> in Orion
> > implementation?
> > > >
> > > >
> > > > Well, can anyone confirm that JSP pages can extend your own
> > > > class when using
> > > > Orion??? Or has noone been able to use "@page extends"?
> > > >
> > > > I see many good reasons for implementing your own super class
> > > > for your JSP
> > > > pages. For instance, such a superclass could do logging
> > of all client
> > > > activities or it could do security checking.
> > > >
> > > >
> > > > Randahl
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Robert
> > > > Nicholson
> > > > Sent: 25. maj 2001 21:15
> > > > To: Orion-Interest
> > > > Subject: RE: bugs in <@page extends=""> in Orion
> > implementation?
> > > >
> > > >
> > > > It's doing you a favour.Please elaborate on why you want to extend
> > > > that class.
> > > >
> > > >
> > > > > -Original Message-
> > > > > From: [EMAIL PROTECTED]
> > > > > [mailto:[EMAIL PROTECTED]]On Behalf Of
> > > > Jiuyun Wang
> > > > > Sent: Friday, May 25, 2001 9:20 AM
> > > > > To: Orion-Interest
> > > > > Subject: Re: bugs in <@page extends=""> in Orion
> > implementation?
> > > > >
> > > > >
> > > > > It doesnot work, not matter which one (servlet/jspbase)
> > I extends my
> > > > > jsp, orion jsp compiler just don't support extends
> > > > >
> > > > > -Jiuyun
> > > > > --- SCOTT FARQUHAR <[EMAIL PROTECTED]> wrote:
> > > > > > It looks like your page should extend servlet and not jsppage.
> > > > > >
> > > > > > Jus

Re: Setting up a new web-application

[Daniel López]

Hi Kevin,

I'm using Xalan 2 in my framework and I've had the same problem with
pretty much all the containers that I've tried playing with. With Orion,
substituting xalan.jar and xerces.jar in the orion directory did the
trick for me in 1.4.*. I think I remember I had to do something similar
with Resin and I never tried with Tomcat. The problem seems to be
something like "the first XML library to be used is the one to be used
for everything" and as all the containers have nowadays XML
configuration files and use an XML parser as soon as they start up, then
the XML library that is used is the one that the container uses, hence
the need to put your desired library in the global CLASSPATH. This can
lead to problems that can't be solved, if the container and your
application can only use incompatible versions of a parser. As somebody
mentioned, I think JSDK 2.3 tries to solve this, specifically,
Point SRV.9.7.2 Web Application Classloader (Page 63 JSDK2.3 PFD2)
states:
"...
It is recommended, however, that the application classloader be
implemented so that classes and resources packaged within the WAR are
loaded in preference to classes and resources residing in container-wide
library JARs.
"
That should mean that the parser installed in the application classpath
should be used in your applications over the one installed in the global
classpath, but unfortunately it is just a recommendation so who knows
what will happen :).
Just my 2c,
D.

Kevin Jones wrote:
> 
> and the point is that I shouldn't need to put the classes/jar in the Orion
> lib. I should be free to put  whatever classes/jars I need in my own
> application.
> 
> The only thing about this is that it is not an easy problem to solve (ask
> the Jakarta/Tomcat team), and for some reason it always seems to happen with
> XML/XSLT processors :-(
> 
> Kevin Jones
> DevelopMentor
> www.develop.com
> 
...