re: apache + orion

2002-02-06 Thread Daniel Lopez

Hi,

Yes it is. But you have to play with mod_rewrite as mod_proxy just allows you 
to redirect directories. Combining both modules you can select certaing types 
of files, but be careful as mod_rewite is somtimes tricky.
D.

 Hello,
 
 I recently started up Orion on 127.0.0.1:8090 with apache serving up the
 front end. I have the proxy service working great, but I would like to get
 Orion to answer all .jsp request similar to how I have php setup.
 
 Is this possible?
 
 Thanks in advance.
 
 Justen Stepka
 
 


--
This message was sent using Sake Mail, a web-based email tool from
Endymion Corporation.  http://www.endymion.com/products/sake


Hello,

I recently started up Orion on 127.0.0.1:8090 with apache serving up the
front end. I have the proxy service working great, but I would like to get
Orion to answer all .jsp request similar to how I have php setup.

Is this possible?

Thanks in advance.

Justen Stepka






Re: Auto Class Reloading

2001-10-13 Thread Daniel Lopez

Hi Ted,

Something like that happened to me recently, and it turns development
into a tedious task as you have to re-login every time. The usual cause,
as you mentioned, is that you probably store something in some session
or in the context that is not serializable. The fact that you can store
it in the session or in the context doesn't mean that it is
serializable, and sometimes you don't even get a proper error message.
In my case, I had stored a reference to the servlet context to an object
that was being kept in the context. As the servlet context is not
serializable, all the sessions and application state was being thrashed
every time I redeployed. With orion 1.4.8, I was getting an application
state not serializable: com.orion...HttpApplication error. With orion
1.5.2, I was getting NO ERROR, and it silently ignored the previous
state. In the end, I re-checked all the attributes of all the classes
that were being stored in the sessions and in the context and I found
it. It's not an easy problem to follow, I wish there were better means
to track this down. I queried the list and I got no answer so I guess
there isn't a way of getting more information about the process.
Good luck, it it worked before and now it doesn't, track the changes you
have made to the classes added to the sessions and the context and
remember that a class is only serializable if all its RUNTIME
non-transient members are also serializable (apart of the small detail
of implementing the serializable interface, of course ;) ). Watch out
for hashtables, vectors and the like, they
can hide non-serializable instances.
regards,
D.

Rice, Ted wrote:

 i have read, and re-read, all
 of the postings on class
 (re)loading in relation to deployed
 applications inside orion. yet, i still
 have some unanswered questions.

 in my past experience, compiling classes
 to the ./WEB-INF/classes directory and
 touching either the web.xml or application.xml
 file will cause the new classes to be
 picked up and used. all objects that are
 in session are serialized and available
 after the application is re-deployed without
 having to re-start orion.

 however, i am now experiencing a situation
 wherein i'm losing my session information and
 being forced to re-login to my application to
 continue development.

 is there a set of criteria or implemenation details
 i'm missing. all objects are obviously serializable
 or they would not be able to be stored in a session.
 yet, my latest encounters with class reloading makes
 me doubt this assertion.

 any ideas/paths i can explore to making my
 development life less hell-like?

 thanks,

 ted rice





Re: Design strategy

2001-10-02 Thread Daniel Lopez

Hi George,

I don't know about EJB, as we don't use them, but having an extra table to
represent an n-m relationship is a well stablished technique when designing
relational databases. AFAIK there's no other way to do that while providing
db-enforced consistency and avoiding redundancy. You represent a logical n-m
relationship, you create a new table that implements two real 1-n relationships,
thus creating one extra table. I don't see where you get two extra tables per
relationship from.
regards,
D.

George Mardale wrote:

 Hello Owen,

 Thank you for your kind response. Yesterday, while waiting for a response on
 the Orion mailing list, we thought of a design somehow close to yours. We
 thought that using 3 different tables (ClassRoles, GroupRoles, UserRoles)
 was a good ideea.

 But today, we came up with a solution that we thought would benefit of
 Orion's powerful features. Thanks to Alex Paransky who helped us a lot, we
 tried to redesign the system, using OR mapping. So, we designed something
 like this:

 public class GroupBean implements EntityBean
 {
 ...
 List users; //1..* relationship with UserBean
 }

 public class UserBean implements EntityBean
 {
 
 List groups; //1..* relationship with GroupBean
 }

 Practically, we broke every  *..* relationship (in this case Group(*) -
 User(*)) into two 1..* relationships. And so on, for every relationship that
 we have:
 Class(1) - Group(*)
 User(*) - Role(*)
 Group(*) - Role(*)
 Class(*) - Role(*)

 As far as I know, Orion will create an additional table in the database that
 will store the relationship. For example, for users attribute in GroupBean,
 it will create a new table Group_users, besides the existing Group and User
 tables. Practically, for every *-* relationship will have 2 more tables in
 the database. Is that correct?

 What I want to know is if this design is correct. Are there any drawbacks
 that would make this system work unproperly (may be some OR mapping
 problems)?

 Tkanks,
 George.

 - Original Message -
 From: Owen Fellows [EMAIL PROTECTED]
 To: Orion-Interest [EMAIL PROTECTED]
 Sent: Tuesday, October 02, 2001 10:58 AM
 Subject: RE: Design strategy

  Hello,
 
  We have done a similar thing were we don't know the type of class assign
 the
  role except at runtime.
 
  The solution we used was to have an Object Type table (contain Class,
 Group,
  User).
  Then created a interface which was Roleable (i.e. this class can have a
 role
  assigned).
  In the database you can store each assignment in a different table
  (ClassRoles, GroupRoles, UserRoles),
  or have a generic table that stores Roleable_id, Role_id and
 Object_type_id.
 
  This does have drawbacks e.g. the Database does not have enforced
  consistence as the Roleable_id is not a foreign key on any one table.  It
  may also be slower to retrieve the Roles for a particular (Class, Group,
  User) as you will have to lookup it object type and then its roles.  (You
  could always cache object types as there will not be that many).
 
  I'm sure you can implement a Bean with the above functionality (we haven't
  used beans for this so I can help there).
 
  Hope this is of some help.
 
  Owen
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]]On Behalf Of George Mardale
  Sent: 02 October 2001 06:06
  To: Orion-Interest
  Subject: RE: Design strategy
 
 
  Hello Alex,
 
  Thank you for your prompt response. Your suggestions are excellent.
 
  You're right, the analysis is not correct. I tried to reduce the problem
 to
  a
  simple example. To avoid complexity, I just limited the relationships to
  1..*.
  Maybe the example is not the best, but I only wanted to know if I could
  model
  the Abstract being bean in Orion.
 
  There are still 2 issues we are unclear about:
  1. what are the advantages of dumping entity Class? (Class has specific
  fields
  that Group does not have)
  2. could you please detail the best way to implement  a *-* relationship
 in
  Orion?
 
  Thanks,
  George.
 
 





Re: ORacle db string over 4000 chars

2001-09-08 Thread Daniel Lopez

Hi,
I've implemented a couple of applications that stored files inside the
database using the Oracle thin driver (we never use any driver type but
the thin). To do so we just used LONG RAW columns and getBinaryStream()
and setBinaryStream(). Even though we also used
ZipInputStream/ZipOutputStream to compress/decompress the files as they
were getting in/out of the database, files were pretty much always
bigger than 4K. Now we started using Blobs because of the advantages
they give you on the database side, even though their handling in Java
is not that simple.
Just my 2c,
D.


The elephantwalker wrote:

  the oracle thin driver can't handle any types larger than 4000 char,
 period. It doesn't matter whether you use long raw or whatever. If you
 have larger stuff, you will need to use clob or blob...these require
 reading and writing the character data or the byte[] data, taking care
 to use the empty_clob() and empty_blob() functions before your do your
 writing.We will be posting an example of how to do this with a slsb on
 our site soon...stay tuned...regards,the
 elephantwalkerwww.elephantwalker.com

  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]]On Behalf Of
  Nusairat, Joseph F.
  Sent: Friday, September 07, 2001 12:10 PM
  To: Orion-Interest
  Subject: RE: ORacle db string over 4000 chars

  I do realise oracle has 4000 varchar limits ... but i have
  seen other systems get around this by using LONG or LONG RAW
  data types instead  however when i use those  i
  still have it bug out at 4000 chars  Joseph Faisal
  Nusairat, Sr. Project Manager
  WorldCom
  tel: 614-723-4232
  pager: 888-452-0399
  textmsg: [EMAIL PROTECTED]

   -Original Message-
   From: Nusairat, Joseph F.
   [mailto:[EMAIL PROTECTED]]
   Sent: Friday, September 07, 2001 11:39 AM
   To: Orion-Interest
   Subject: ORacle db string over 4000 chars

   Does anyone know how to handle this oracle 8.x u
   can have a varchar set to 4k ... sooo to do more
   than that i tried using a long and a long raw 
   and inserting it that way ... however whenver i go
   over 4000 chars it bombs  any one come across
   this problem?

   Joseph Faisal Nusairat, Sr. Project Manager
   WorldCom
   tel: 614-723-4232
   pager: 888-452-0399
   textmsg: [EMAIL PROTECTED]






Re: FORM based authentication with form-login-page as a JSP

2001-09-08 Thread Daniel Lopez

Hi,
I've never tried using FORM based authentication, but if orion uses the forward
mechanism to redirect the request to the login page, I think I remember there is
a method to get the original request URL when you do so... let me see... no, I
can't seem to find it in the spec. I've just found something like that if you
use the include mechanism. You might try to check the Attributes of the request,
using getAttributeNames, to see if there's any object that tells you where the
original request was directed to.
good luck,
D.


SAURUGGER,PETER (A-PaloAlto,ex2) wrote:

 Would be interesting to control where a user goes, e.g. always redirecting
 them to the home page. Unfortunately, I don't have an answer to your
 question, just another observation:

 you don't even have to submit the page to j_security_check (see e.g.
 atm/atm-web/login.jsp) - orion -knows- where to send the request from the
 page specified in FORM based authentication. The regular case would be that
 the same page is served (without specifying the ACTION attribute to the
 FORM), but Orion nicely processes your request and does the 'appropriate'
 thing.

 I have not had time to try to look inside orion to find out what they are
 doing internally. If an answer is found to this question, I'd sure like to
 hear about it

 --peter

 -Original Message-
 From: Trujillo, Kris [mailto:[EMAIL PROTECTED]]
 Sent: Friday, September 07, 2001 1:24 PM
 To: Orion-Interest
 Subject: FORM based authentication with form-login-page as a JSP

 Here's some starting context for my question 

 I have a war file that has been configured to use FORM based authentication.
 I have set the form-login-page in the web.xml of the war file to point to
 a jsp file in my war file.  I have setup constraints against different jsps
 in the war file (/foo/foo.jsp, /foo2/foo.jsp, etc).  When a user invokes any
 jsp without being logged in the login jsp is displayed.  The user enters the
 userid/password submits the page to j_security_check, is validated and
 redirected to the requested page.

 My question is ...

 Has anyone ever tried discovering the page that the user is trying to access
 from within the jsp page referenced as the form-login-page?  I have tried
 checking the HTTP headers and session, but have not discovered it being
 saved anywhere.  Usually when a page invokes another page the HTTP header
 REFERER exists with the URL to the previous page.  I have noticed that once
 the user posts the login form on my login.jsp to j_security_check and is
 authenticated they are redirect to the correct location .. correct location
 being back to the page they wanted to access originally.  This would mean
 that it has to be somewhere, but where??





[Fwd: Re: Orion and JMS: javax.naming.NameNotFoundException]

2001-08-22 Thread Daniel Lopez

Hi (third try to the list, first ones didn't make it),

I haven't got a single answer, so I'm wondering if nobody is using Orion

JMS or this mailing list is playing funny with me. Has anybody
configured and used Orion JMS? Could somebody please elaborate on the
steps necessary to get this thing working?
Thanks in advance,
D.

Daniel López wrote:

 Hi,

 I know this topic has been discussed a lot in here, but I haven't been

 able to find the answer in the archive or in the documentation. The
 problem is: I decided to have a go with JMS but I can't even start to
 play with it, as all I get is javax.naming.NameNotFoundException.
 These are the steps I have followed:
 .- Configure server.xml with the following line:
 ...
 jms-config path=./jms.xml /
 ...
 .- Configure jms.xml with this content:
 jms-server port=9127 host=localhost
 queue-connection-factory
 location=jms/QueueConnectionFactory/
 queue name=Demo Queue location=jms/demoQueue
 descriptionA dummy queue/description
 /queue
 log
 file path=../logs/jms.log /
 /log
 /jms-server
 .- Add jndi.properties to my application's classes(WEB-INF/classes),
 with the following content:


java.naming.factory.initial=com.evermind.server.ApplicationClientInitialContextFactory

 java.naming.provider.url=ormi://localhost/
 java.naming.security.principal=admin
 .- Then in my servlet, I just try to see if the objects are there:
 ...
 Context ctx = new InitialContext();
 QueueConnectionFactory queueConnectionFactory =
 (QueueConnectionFactory)
 ctx.lookup(java:comp/env/jms/QueueConnectionFactory);
 // Exception is thrown in the line above
 ...
 The facts:
 .- JMS Server seems to have been started, as I can see the
jms.log file
 and reads (Date 1.4.5 Started)
 .- I have tried with various names, with and without
java:comp/env, and
 with various methods (list, listBindings...) with no look. I cannot
get
 a single object to be looked up.
 .- Platform is WinNt 4.0, JDK1.3.0-c hotspot, Orion 1.4.5 (I
also tried
 1.5.2 with the same results)

 So, what have I forgotten to do? It seems like I just forgot to do
some
 essential step. I tried to find the JMS how to by Kesav Kumar but I
 couldn't find it. Anybody, please?
 Thank you in advance,
 D.

 PD: On a side note, I have seen man people trying to use external JMS
 providers with Orion, is that so because Orion JMS is buggy? Would it
be
 better to use some external tool like OpenJMS or so? I had thought it
 would be nice to have everything in the same place, this way you just
 have to take care of one server. Comments?




Strange problem with JSP

2001-06-28 Thread Daniel Lopez

Hi,

I'm having a pretty strange problem with a JSP page, the error I'm
getting is somethinh like:

500 Internal Server Error

Error parsing JSP page /nav/HOMRSV.jsp

Syntax error in source
/nav/HOMRSV.jsp.java:7330: No variable orionserver defined in class
java.lang.String. (JSP page line 4997)
else
com.orionserver.http.OrionHttpJspPage.writeBytes(out, __staticContent,
105149, 10, ISO-8859-1);
^
/nav/HOMRSV.jsp.java:7336: No variable orionserver defined in class
java.lang.String. (JSP page line 4997)
else
com.orionserver.http.OrionHttpJspPage.writeBytes(out, __staticContent,
105159, 21, ISO-8859-1);
^
...blah blah blah, up to 25 errors.
I decided to try to debug this beasty, hence I set development=true in
the orion-web-app... tag and then I try again the same page. But then,
I'm redirected to the error page and I get a different error, which is
something like...
-
500 Internal Server Error

java.lang.NullPointerException
at com.evermind[Orion/1.5.2 (build 10460)]._rj._xoc(Unknown
Source)
at com.evermind[Orion/1.5.2 (build 10460)]._rj._bb(Unknown
Source)
at com.evermind[Orion/1.5.2 (build
10460)].server.http.JSPPage._bb(Unknown Source)
at com.evermind[Orion/1.5.2 (build 10460)]._ah._bfe(Unknown
Source)
at com.evermind[Orion/1.5.2 (build 10460)]._ah._rad(Unknown
Source)
at com.evermind[Orion/1.5.2 (build
10460)].server.http.JSPServlet.service(Unknown Source)
at com.evermind[Orion/1.5.2 (build 10460)]._cxb._abe(Unknown
Source)
at com.evermind[Orion/1.5.2 (build 10460)]._cxb._uec(Unknown
Source)
at com.evermind[Orion/1.5.2 (build 10460)]._io._twc(Unknown
Source)
at com.evermind[Orion/1.5.2 (build 10460)]._io._gc(Unknown
Source)
at com.evermind[Orion/1.5.2 (build 10460)]._if.run(Unknown
Source)
-
And even though I can have a look at the generated page, I see no
sentence like the ones mentioned previously.
This pages do work under tomcat 3.2 and I was just trying to configure
Orion so I can replace the tomcat server due to some problems.
Has anybody had a problem like that? It might be that the JSP page is
too big? It includes a couple of other pages and they should be around
60K altogether.
I'm using Orion 1.5.2 under linux with IBM- Java 1.3.0
Anybody?
Dan





Re: Using JAAS for authentication (Was: bugs in @page extends=...)

2001-06-03 Thread Daniel Lopez

Hi Joni,

Thank you very much for you info. It actually sounds as I thought it
would when I looked at it, some time ago. Unfortunately, I had already
implemented our own framework and I decided not to go for JAAS until
these points that you mention are solved.
Things that, IMHO, are lacking in order to have a standard, flexible and
dynamic authentication/authorization service are:
.- A standard and DYNAMIC way of specifying users/roles that take part
in the system. Right now this job is left to container-specific
implementations, which breaks portability between containers.
.- A standard, FLEXIBLE and DYNAMIC way of specifying permissions
required for a request. Using URL-Mappings inside a text file is, IMO,
not enough as sometimes I would like to require different permissions
for the same kind of request (URL) depending on the parameters.

Apart from that, the JAAS concept of LoginModules is very interesting so
if I had to start my implementation again, I would use JAAS APIs and add
the forementioned features. As we have it now, we specified those
features using interfaces, which can be implemented anyhow and that are
queried for the appropriate data in Runtime. With that, no security
logic is ever intermixed with business logic, unless the business logic
explicitly requires security information.
JSDK2.3 doesn't seem to make any move towards adding the flexibility and
dynamicity I'm talking about. Let's see what happens with JDK1.4, so far
it seems I'll able to finally get rid of my logging system, which is
also flexible and dynamic ;).
Regards and thanks again, Joni.
Dan


Joni Suominen escribió:
 
 Hi Daniel,
 
 See some answers below.
 
 Daniel López wrote:
 
  Hi Joni,
 
  That sounds pretty interesting, however, I still have some doubts.
  Let's see:
  .- Where do you get the user from (the one you use with
  user.getSubject()). Can these users be specified dynamically through a
  standard interface? Or do they have to be specified in a container
  specific way?
 
 JAAS is not in any way related to user management. Since there's not
 (sadly) yet any standard way to do user management I decided to roll my
 own. However, this approach should work no matter what kind of user
 management is used. Here's some concepts and how the process flows:
 
 - LoginModule (JAAS concept) handles user login. JAAS supports pluggable
 login modules which means that it is possible to user different kinds of
 login modules without affecting to the rest of the application (e.g. at
 some point I could change my login module to use fingerprints instead of
 username and passwords).
 - Principal (Java security concept) represents some identity for a user
 (e.g. Principal(John Doe), GroupPrincipal(user),
 IdPrincipal(12345-12))
 - Subject (JAAS concept) groups one particular user's various Principals
 together. So, the Subject is linked to a user.
 - Permission (Java security concept) represents a permission for
 something. These are usually really simple tag-like objects.
 - Policy (JAAS concept) represents access control policy. To get all the
 permissions for a user you can use: PermissionCollection pc =
 Policy.getPolicy().getPermissions(subject, null);
 - User (my implementation) represents a user in a system.
 
 OK, using these concepts the authentication in my system goes:
 
 1. Authenticate user using a configured LoginModules:
 
 LoginContext lc = new LoginContext(DefaultLoginModule,
new LoginCallbackHandler(username,
 password));
 
 lc.login();  // This is JAAS's abstraction, actually the call is
 eventually dispatched to LoginModule.
 
 2. In the actual LoginModule do the real authentication. This can be
 done for instance against RDBMS, LDAP, Solaris user management etc... I
 currently a UserManager session bean:
 
 UserManager userManager = userManagerHome.create();
 User user = userManager.authenticate(username, new String(password));
 
 3. Fill the user's Subject with the user's Principals if the
 authentication succeeds. I currently use two types of Principals: one
 which uniquely identifies user (UserIdPrincipal) and one which
 represents a group where the user belongs to (GroupPrincipal). I store
 this information in an RDBMS and access them through EJB layer:
 
 // Add the identity which uniquely identifies the user.
 Set principals = subject.getPrincipals(); // Subject is an object which
 created automatically by JAAS.
 principals.add(new UserIdPrincipal(user.getId()));
 
 // Add the identities representing the groups for which the user belongs
 to.
 String[] groupNames = null;
 groupNames = userManager.getGroupNamesForUser(user.getId());
 for (int i = 0; i  groupNames.length; i++) {
 GroupPrincipal p = new GroupPrincipal(groupNames[i]);
 if (!principals.contains(p)) {
 principals.add(p);
 }
 }
 user.setSubject(subject);
 
 4. Then I cache this information to HttpSession so that it is fast to 

Re: Cocoon in Harmony with Orion?

2001-05-14 Thread Daniel Lopez

Hi Holden,

I'm afraid I can't help you much, as I also tried unsuccesfully to get
Cocoon 1.8.2 to work with Orion. In ended up using 1.8.0 which at least
works. I think the problem lies in the different XML parsers that both
products use. With the previous version of Cocoon you had some ways of
avoiding the incompatibility but I couldn't get it to work with 1.8.2.
Anybody has been able to?
regards,
Dan

Holden Glova wrote:
 
 Hello again folks of the list,
 
 I'm sure this must have been asked
 before although my searches on Deja and
 looking on both orionsupport.com and
 orionserver.com have come up pretty much
 empty.
 
 orionsupport.com has some documentation
 on the subject but I can't get the
 cocoon examples to run without getting
 an exception right at the start. I am
 very new to this subject matter and
 would appreciate any direction that can
 be given in this area.
 
 I'm using Orion 1.4.8 along with cocoon
 1.8.2
 
 Thanks very much in advance for any help
 that can be provided.
 
 --
 Holden Glova, [EMAIL PROTECTED]
 Software Engineer
 Alchemy Group Limited
 Level 6 Royal Sun Alliance Bldg
 PO Box 2386
 Christchurch
 New Zealand
 Phone: +64 3 962-0396
 Fax: +64 3 962-0388




Re: Standar Template

2001-05-11 Thread Daniel Lopez

Hi,
I haven't looked much into SiteMesh, but, just looking at the overview,
it seems to me that you still have to generate the content of the
different sites that you want to mesh, and if they look totally
different then you are out of luck.
We are using the same approach that Jeff is talking about and we don't
consider XML/XSL to be that slow, as using precompiled stylesheets we
boosted aour performance by a factor of three and the heaviest
operation is accesing the database. As XSLT implementations improve day
by day, I hope this will be less of a problem in the future. And using
XML as the common ground is, IMHO, a very good approach to integrating
different applications as you can use common stylesheets to integrate
the different sources.
But I won't pretend it is a perfect solution or that everybody should
use it. That's what we use because it fits well into our team and
requirements. And, Jeff, we also created our own framework to basically
allow us to get the XLM content from various sources, including directly
from PLSQL, so if you want we could talk about it privately. We GPLd our
framework but we haven't publicized it as we don't have much time to do
so.
Just my 2c,
Dan



Mike Cannon-Brookes wrote:
 
 Noo - XML/XSL is too slow / fugly to actually use day to day (IMHO)
 
 I'd advise you to check out SiteMesh - it's built for this exact purpose!
 
 http://www.opensymphony.com/sitemesh
 
 Quite simply you provide JSP based decorators which are mapped to URIs.
 
 Download and install the sample app, it's the only way to learn about it.
 
 $10 says you're using it within a week ;)
 
 -mike
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Schnitzer
  Sent: Friday, May 11, 2001 7:12 AM
  To: Orion-Interest
  Subject: RE: Standar Template
 
 
  I've iterated through several solutions to this problem and can offer
  some advice:
 
  I started out using option 1 as you describe.  I quickly noticed that
  *every* page contains the definition of the layout and look of the
  website.  What if I wanted to put the navigation bar on the right
  instead of the left?  I would have to modify *every single page* in my
  website.  Yuck.
 
 
  My next step was to put the container code in separate head/foot JSP
  files and @include them like this:
 
  %@ include file=head_stuff.jsp %
  p
My content
  /p
  %@ include file=foot_stuff.jsp %
 
  Which at least puts all the look and feel stuff in a handful of places.
  But my site has different templates for the logged in user vs the
  welcome/signup screens and a few other special cases as well.  It
  quickly became a pain to keep track of all the different headers and
  footers, and in any case opening tags in one file and closing them in
  another really sucks.  Yuck.
 
 
  Next step was option 2 as you describe.  I created
  template_inside.jsp, template_outside.jsp, etc which contain all the
  layout structure and then include the appropriate content file based on
  a parameter.  Since I'm using an MVC framework, this is pretty easy to
  do.
 
  This is the best option I've described so far, and it works.  But it's
  not very sophisticated, and it doesn't make having multiple layers very
  easy.  Fortunately I'm working on my own time, so now I'm moving on to
  the fourth generation of my website content:
 
 
  This sort of templating is where XSLT really shines.  Rather than
  creating templating layers from the top down, XSLT allows you to start
  at the bottom and build up, successively transforming the input.
  Wrapping (in a layout template) is just one kind of transformation.
  Each step has no need to know anything specific about the previous step;
  it's all just based on transformation rules.
 
  I'm still near the bottom of the XSLT learning curve, but I'm already
  amazed at how powerful it is.  It's also a lot easier to pick up than I
  had expected from first looking at a sample.
 
  The only problem with using XSLT in a web application is the lack of
  framework support.  Cocoon did not make a favorable impression on me (to
  say the least).  I wanted something that provides a simple MVC paradigm
  like WebWork or (not-so-simple) Struts but uses XSLT for the view
  templating.  So I (and a friend) sat down and wrote it.  Tomorrow we'll
  send out a link to the sourceforge site; we're still working on the
  documentation and examples.
 
 
  In summary:  For a simple approach, Option 2 as you describe isn't bad.
  For (IMNSHO) a more elegant and powerful approach, it's worth looking
  into XSLT.
 
  Jeff Schnitzer
  [EMAIL PROTECTED]
  http://www.similarity.com (still using WebWork, but not for long :-)
 
 
   -Original Message-
   From: Dave Ford [mailto:[EMAIL PROTECTED]]
   Sent: Thursday, May 10, 2001 12:17 PM
   To: Orion-Interest
   Cc: Dan Tharp
   Subject: Standar Template
  
  
   I want to create a web app in which every page on the site
   has a standard
   header along 

Re: common practice for configuring orion app/web-site

2001-05-10 Thread Daniel Lopez

I don't know what the others do, but we split different projects in
different servers(orion instances), as we want to be able to stop/start
applications without affecting the rest. Now that hot deployment is
becoming a reality, we might start concentrating them using different
applications inside the same container instance. As we use a proxy
server in the port 80, the external URL will be exactly the same so no
problem.
Of course, in our case we prefer paying the extra step, the proxy,
because our performance requirements are not too high.
Just my 2ec,
D.

darl zero wrote:
 
 Hi,
 
 This might be sort of a newbie question or just a very
 general one. I tried looking through archives before
 posting but no luck, maybe someone has a quick anwser.
 I would like to know if most of you break up your
 projects into a lot of small apps and bind this to a
 web-site, or do most of you just pile all the apps
 into one big one.. so that there is only one
 application running on one default-web-site.
 
 -p




Re: Share sessions????

2001-05-09 Thread Daniel Lopez

Hi Tomas,

AFAIK, you can't do what you want to do, as sessions are not shared
between different applications.
When you try...
disp=context.getRequestDispatcher(/app2/app2.jsp);
disp.forward(request,response);
from inside your app1 application, you are really forwarding to
/app1/app2/app2.jsp, hence the 404 not found. And when you try
sendRedirect(), you are asking the BROWSER to issue a call to the second
page, and the browser knows nothing about server side sessions so that's
why your attribute doesn't get through.
Unless both jsp pertain to the same application, I don't know of any
standard way of directly sharing objects between webapps. You might have
to use something external. I guess the philosophy behind that is if
they have to share, they should be part of the same webapp which can be
seen, IMO, as a security feature and a limitation.
As a non standard way of doing it, you might be able to use the parent
attribute in the orion server.xml configuration
(http://www.orionserver.com/docs/server.xml.html), but I'm not sure it
allows you to do what you want to, as I have never used it.
Does anyone know if there is a standard solution for this? 
regards,
Dan



Tomas Anderson wrote:
 
 Hello.
 I hope someone can help me with this basic question.
 
 I have 2 separate applications, app1 and app2. One jsp
 and one servlet in each.
 From the jsp I send some parameters to the servlet. I
 prosess them and put the answer in a session variable
 like this:
 
 servlet1.java:
   String strP1 = request.getParameter(param1);
   String strP2 = request.getParameter(param2);
 
 ... procsess them
   String strAnswer = strP1 + strP2;
 
 Get the session.
   session = request.getSession(true);
 Put a session variable.
   session.setAttribute(result, strAnswer);
   ...
 
 Now I want to send the session to the other
 application, app2, where the jsp file reads the
 session variable and displays it.
 
 jsp2.jsp:
 %
 String str = (String)session.getAttribute(result);
 out.println(result:  + str);
 %
 
 I have put shared=true in both web-app tags.
  web-app application=App1 name=App1-web
 root=/app1 shared=true /
  web-app application=App2 name=App2-web
 root=/app2 shared=true /
 
 Ok. If I do in sevlet1.java:
 
   disp=context.getRequestDispatcher(/app2/app2.jsp);
   disp.forward(request,response);
 
 I get a: 404 Not Found...
 
 If I use sendRedirect(..,..)  the session is not
 shared, it is empty.
 
 How can I connect the 2 applications? Did I miss andy
 configuration setting? And how to send the session to
 the other application. It seem setting shared=true
 means something else than I thought.
 
 Greatfull for any hint.
 Tomas




Re: Interests sake

2001-05-03 Thread Daniel Lopez

Development on Windows (95/NT) and production on SunOS and Digital Unix,
but we have even tested it on OpenVMS :).
Cheers,
D.

Johan Fredriksson wrote:
 
 Development on win2k and production on Solaris.
 
 Johan
 - Original Message -
 From: Adam Cassar [EMAIL PROTECTED]
 To: Orion-Interest [EMAIL PROTECTED]
 Sent: Thursday, May 03, 2001 7:53 AM
 Subject: Interests sake
 
 
  Hi all,
 
  For interests sake, what OS is everyone on the list running orion on?
 
  Windows 2000?
  WinNT
  Linux?
 
  I would of thought that most people would be using Linux but I think
  from postings on this list
  that I might be mistaken
 
  --
 
  Adam Cassar
  Technical Development Manager
  ___
  NetRegistry http://www.netregistry.au.com
  Tel: +61 2 9641 8609 | Fax: +61 2 9699 6088
  PO Box 270 Broadway NSW 2007 Australia




Re: MVC/XML Framework Comments please

2001-04-30 Thread Daniel Lopez

Hi Jeff,

As I mentioned in a previous post, we are also using XSLT in our
applications (we've implemented around 10 so far). We already tried
different approaches, namely Oracle Application Server PLSQL Cartridge, JDBC
servlets, JSP + JDBC Servlets, JSP + EJB, as things were evolving. The story
then goes like that
Instead of using JSPs directly, we developed, as many people have done, our
own Model 2 - Servlet controller framework. The JSDK specification left a
couple of holes (security, application events...) that we also tried to fix
with our framework.
After that, there are two things that were gibing us headaches when
developing web apps:
.- Implementing the data layer
.- Creating/Modifying the interface without having a programmer handy.

Implementing the data layer using EJB is, unless you have lots of bucks to
invest in a good GUI tool, a PITA. You have dozens of tables and
relationships, bla, bla and you end up replicating this desing with dozens
of JavaBeans and lots of getters/setters that do pretty much nothing new.
And then relationships are not easily handled (it seems that specification
1.0 was created to develop 1-table applications ;)) and complex queries have
to be writen by hand. You end up transforming your data from SQL to Java and
then formatting it with JSP. As we were positive we were going to use
Oracle, we developed a utility that allows us to write the data layer
directly in PLSQL. This way if you specify the XML interface correctly, you
can have a programmer that knows nothing about Java or web applications
implementing your data layer.

In order to modify the interface, you have to choose between making it easy
to designers, or making it flexible. Using JSPs you cannot 100%-isolate the
HTML code and the Java code. Even using custom tags. And telling them you
cannot touch that is not enough in some cases, if they want to change some
weird layouts. You can almost get it if you develop a complete set of custom
tags to allow you to get the data in different orders, conditional code...
but then you end up having pretty much with XSLT already has. It is not that
with JSP you cannot do it but we prefer to have the designer on his own.
That is what he can do with an HTML prototype and the XML specification: he
can work on his own with a test XML file and he won't break any code,
because there's not a single line of logic written by a developer in there.

This is not a perfect solution, as XML/XSLT tools are nowadays quite young
but we hope that tools will improve on that regard. We find it better to
train a designer to use XSLT, which is a standar, than a set of custom tags
that are not really useful outside the JSP scope. But as I said, it is not a
one size fits all solution, but it is quite flexible. If we wanted to use
EJBs with another database, we would then probably use JSPs to format the
XML (still done by the developer) and the designer won't even know that we
have changed the backed, as long as the XML is the same.
Of course, just a personal opinion ;).
D.


Jeff Schnitzer wrote:

 Doh!  Sorry, that wasn't supposed to go to the list.

 But to keep this topic going (because I'm still undecided about what
 direction to go):

 Is anyone here besides Tim using XSLT in their web application?  How do
 you like it?  Is it easy to get designers up and running with it?  How
 do you interface between Java and XML (jsp? building dom nodes in java?
 something else?) ?

 Thanks,
 Jeff

  -Original Message-
  From: Jeff Schnitzer
  Sent: Friday, April 27, 2001 3:38 PM
  To: Orion-Interest
  Subject: RE: MVC/XML Framework Comments please
 
 
  I'm definitely interested in your framework; may I have a copy?
 
  Thanks,
  Jeff
 
  -Original Message-
  From: Duffey, Kevin [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, April 26, 2001 2:39 PM
  To: Orion-Interest
  Subject: RE: MVC/XML Framework Comments please
 
 
  I use my own framework for a couple of sites, and have gotten feedback
  from others using it as well. Its only 15K in size, full source, its
  free to use, modify, etc. If your interested in it, send me
  an email. It
  supports xsl transformations, and is very similar to Struts
  only that I
  found struts too much for my needs, and some features it
  didn't do that
  I needed, so I went that direction.
 
 
  -Original Message-
  From: Vic Cekvenich [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, April 26, 2001 11:53 AM
  To: Orion-Interest
  Subject: MVC/XML Framework Comments please
 
 
 
  We are bout to pick a a framework, and I am looking for are
  comments or
  recommendation on a frameworks, other than Struts. (Don't want to be
  HTML/JSP centric) Any feedback on your experience with a framework, or
  do
  you know of web sites in production that are using a certain
  frame work,
  or
  do you know of friend or someone who has used one.
 
  I would like it to be XML centric, and MVC. For example, the V should
  apply
  the XSL to XML, to make it HTML. It 

Re: MVC/XML Framework Comments please

2001-04-27 Thread Daniel Lopez

Hi,

As we have also rolled our own solution, I'll just add my two cents.
As Tim, we found that the existing frameworks didn't fit quite well into
what we wanted to do, (that was even before Struts was created) and as
we wanted to integrate other features...
Following the Model 2-controller servlet approach, we have a centralised
servlet, driven by an XML file, that specifies XML/XSLT sources for any
given path. However, most of the times we are not generating XML in
Java, but directly from PLSQL. We think that EJB is too much/too painful
to develop for most of our applications so we developed a small library
that allows us to generate the XML content directly from PLSQL. If you
need to handle session values and the like, you can also use JSPs to
generate part of the XML and integrate it with PLSQL generated XML. We
also provide ways to modify the defined sources (XML or XSLT) on a
per-request basis so  it is quite flexible. We also use precompiled
style-sheets, which, last time I checked, boosted our performance
sometimes by a factor of three! Last detail I added to our XSLT cache is
that precompiled stylesheets are stored through Soft References, thus
preventing the cache from eating all the memory and providing a
controlled degradation of service (not sure if that is the english
translation ;))
We included also:
.- a logging system, which we hope to be able to remove as soon as 1.4
provides something similar
.- a flexible security system, which much more flexible that the one the
JSDK spec. provides
.- internationalisation, which allows us to change the config values
depending on the language value
.- browserization which also allows us to change the config values
depending on the browser Agent and Accept strings.
.- Our own connection pools, which we are thinking about replacing with
another library...
All in all... a .jar file of about 294KB
The key point, IMHO, is to stick to standards as much as you can, and 
to allow different parts to be replaced when time comes. For example, we
used to have a module that made the XSLT processing independent of the
XSLT processor, now that JAXP 1.1 has done so, we removed the module and
substituted it with JAXP. The better the standards, the easier to
mantain our library.
On the how to handle such a project side, we also follow the model of
providing the designers with a set of static XML files so they can start
playing with them while other people implement the logic. When logic is
ready, you substitute XML_SOURCE=/.../static.xml with
XML_SOURCE=plsql://.../package.procName and almost voilà ;). Almost
because you still have to check that parameters are passed and things
like that.
We are pretty happy with it, as it allows us to concentrate on the real
application (presentation-XSLT, logic-PLSQL/BDD) and we don't have to
spend that much time developing Beans, interfaces... If we needed to, we
would be able to use EJB, but for us it's been not worthy (so far).
Just my 2ec,
D.
PD: We have had 5-6 applications with this system running production for
a almost 1 year and half. We don't have big ones, but we have lots of
them ;).
Tim Endres wrote:
 
 We rolled our own servlet for this. I found none of the existing frameworks
 to properly address what we needed. It is not a complicated thing to write.
 An XML config file specifies the commands that get executed for any given
 pathinfo. The command is tied to an XSL stylesheet, which processes the XML
 that the command generates.
 
 Precompiled stylesheets are effectively XSL stylesheets that have already
 been parsed from the XML text into the DOM Node tree that is used by the
 XSLT processor. These compiled stylesheets are then Serialized out, and
 then Serialized back in, such that our code can then skip the cost of
 parsing the XSL's XML file, in exchange for the cost of serialization.
 
 tim.
 
  Tim,
  that sounds v.interesting.  Forgive my ignorance but what toolkit are you
  using and what do you mean by precompile the XSL pages?
 
  Thanks,
  Trevor
 
  On Thu, 26 Apr 2001, Tim Endres wrote:
 
   We do exactly what you propose. A servlet drives lightweight commands. The
   commands get XML trees containing the HttpServletRequest information, and
   fill in a subtree with the XML results. This tree is fed into XSLT and the
   resulting HTML is sent down the wire. I prefer it over JSP by miles. We
   precompile the XSL pages, so we get really good performance. And the
   separation of content/presentation could not be better.
  
   tim.
  
  SNIP




Re: Orion support company

2001-04-26 Thread Daniel Lopez

Eummm,

www.orionserver.com works fine for me. OTOH, I haven't heard of
www.orionserver.bea.com. Is this the BEA version of Orion (WebOrionLogic)? ;)
(Warning, that was joke! just in case someone didn't get it :) )
D.

Joseph B. Ottinger wrote:

 Orion's web site is still up? Every time I go to www.orionserver.bea.com,
 it comes back with an error. I knew they didn't update the site often, but
 taking it off the web seems a bit extreme.

 On Wed, Apr 25, 2001 at 02:30:09PM +0200, Bernard Sauterel wrote:
  I wonder if somebody saw on Orion web site,  that
  there's now an official support company: Cadrion.
 
  For me it's good news.
 
  On Mec, 25 avr 2001, Joseph B. Ottinger [EMAIL PROTECTED] wrote:
 
  The list is DEAD? NO MAILS!??!
  
  OH NO! ORION HAS BEEN SOLD TO BEA AFTER ALL!
  
  On Wed, Apr 25, 2001 at 12:56:21PM +0200, Ismael wrote:
   Hi all,
  
   Is the list still running?
  
   The number of mails received have decreased to 0 !!!
  
   Are you still there??
  
  
  --
  ---
  Joseph B. Ottinger   [EMAIL PROTECTED]
  http://epesh.com/ IT Consultant
  
 
 

 --
 ---
 Joseph B. Ottinger   [EMAIL PROTECTED]
 http://epesh.com/ IT Consultant





Re: Building an application

2001-04-11 Thread Daniel Lopez

Olivier,

I have the same setup as you have and it works for me. What are the
error messages that you get in the error log? Just an internal server
error? It sounds like orion is not able to "load" you application
because of a configuration issue and that's why even the index.html
doesn't work.
Good luck with it,
Dan

olivier wrote:
 
 Dan,
 
 The error I have is 500 (http internal server error), when I type
 http://localhost/taskforce
 If I type http://localhost, I have the orion home page.
 
 This the tree of the applications directory, once expanded by orion.
 
 D:\JAVA\ORION\APPLICATIONS
 taskforce.ear
 \---taskforce
 taskforce.war
 userEJB.jar
 +---META-INF
 application.xml
 \---taskforce
 index.html
 +---images
 +---META-INF
 \---WEB-INF
 +---classes
 |   +---net
 |   |   \---tnt
 |   |   +---user
 |   |   |   \---model
 |   |   +---util
 |   |   \---web
 |   |   +---control
 |   |   \---taglib
 |   \---org
 |   \---apache
 |   \---struts
 |   \---resources
 +---lib
 \---tlds
 
 The server.xml and default-web-site.xml have been modified as mentionned at
 the bottom of this mail.
 
 I have tried to modify the context root to "/" but it did not change.
 
 I have just noticed that you can set the root="/taskforce" in
 default-web-site.xml
 web-app application="taskforce" name="taskforce-web" root="/taskforce"/
 and also in the /META-INF/application.xml of you
 ear(context-root/taskforce/context)
 
 I suppose they must be the same (which is the case for me). What is the role
 of each ?
 
 I guess there are 2 possible source of error
 1) the way I have update the server.xml and default-web-site.xml
 (default-web-site.xml)
 web-app application="taskforce" name="taskforceWebApp" root="/taskforce"/
 
 (server.xml)
 application name="taskforce" path="../applications/taskforce.ear" /
 
 2) the directory structure (see above)
 
 Thanks,
 
 Olivier
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]On Behalf Of Daniel Lopez
 Sent: 10 April 2001 07:05
 To: Orion-Interest
 Subject: Re: Building an application
 
 Hi Oliver,
 Last week I was plating with the same thing and I was successful with
 pretty much the same configuration that you have, except that in
 application.xml I set the context root to /
 (context-root//context-root). Which error are you getting ? 404? Can
 you see your .ear file unpackaged?
 regards,
 Dan
 
  olivier wrote:
 
  Hi,
 
  I am new to Orion, and I have recently been trying to build an
  application (ear) with not much success. Basically, Orion seems to
  deploys all the components, but I can't get the first page to open on
  the browser.
  I am using struts as a framework, with the fix I have seen on this
  site (remove the dtd from the jar and put them under classes), and
  struts does not seem to be the problem now (especially since my first
  page is an index.html)
 
  The ear is in orion\applications
 
  userEjb.jar
  taskforce.war
  \META-INF
  application.xml
 
  source of application.xml for the ear
  application
display-nametaskforce/display-name
descriptionApplication description/description
module
  web
web-uritaskforce.war/web-uri
context-root/taskforce/context-root
  /web
/module
module
  ejbuserEjb.jar/ejb
/module
  /application
 
  I put this in default-web-site
   web-app application="taskforce" name="taskforceWebApp"
  root="/taskforce"/
  this in server.xml
   application name="taskforce" path="../applications/taskforce.ear" /
 
 
  I have tried with the news.ear coming with orion, but same problem.
 
  Any clue?
 
  Thanks,
 
  olivier




Re: During development, how to allow only a couple of ips,includingmylocal system, to view the site?

2001-04-11 Thread Daniel Lopez

Hey Kev,

It seems that after that long discussion on the JSP list, each one ended
up building his own MVC framework, remember that? ;) At the beginning, I
also integrated this feature inside my framework but then I realised
that this way I wouldn't be able to re-use it for other applications, or
even for static content. That's the reason why I ended up creating a
filter. But there are some things I don't like about filters: They have
to be configured in the web.xml and they are not easily integrated with
other parts of the framework, unless you share objetcs through the
context or something simliar. What I would love to have is a "feedback"
mechanism to provide the containers with some extra
information/configuration that is not included in the web.xml. This way
I could just configure everything in my own framework configuration file
and then I would give the feedback to the container. Otherwise, if you
use filters for logging, authentication, IP filtering... your web.xml
ends up being extra-large and having the application configured in two
places is error-prone. But well, such a feedback API is not in place
so... ;)
Talking about the IP filter, if you are interested, I can show you my
DTD and even some code as it is nothing extra-complex.
Regards,
Dan


Kevin Duffey wrote:
 
 Hey Daniel,
 
 That is a great idea..DUH! ;) I am using my own simple MVC framework, and I
 should just put in a feature in the web.xml that gets read in as an init
 parameter that designates ips that are allowed/now allowed to access the
 application. Its simple enough to do.
 
 Thanks.
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]On Behalf Of Daniel Lopez
 Sent: Monday, April 09, 2001 3:28 AM
 To: Orion-Interest
 Subject: Re: During development, how to allow only a couple of
 ips,including my local system, to view the site?
 
 Hi Kev,
 
 I had a similar problem but for my production applications. I wanted my
 solution to be flexible and server independent so what I did was create
 a servlet filter, as someone else has already suggested. I've had it for
 production for almost a month and so far so good.
 I have to admit that I went a little further down the road and I allowed
 to specify the IP/hostnames to be allowed denied through an xml file
 that can be read from a file, a URL or a database. That way I got
 maximum flexibility.
 These are the links that I used to create my filter:
 http://developer.java.sun.com/developer/technicalArticles/Servlets/servletap
 i2.3\
 http://www.orionserver.com/tutorials/filters/
 
 I hope this helps,
 Dan
 
 Kevin Duffey wrote:
 
  Hi all,
 
  I would like to block out ALL ips from viewing my site (using my static
 ip)
  except for a few ips, which are from co-workers over the internet. Is this
  possible? If so, how? I read in the orion-web.xml.html file about
 ip-access
  tag, and when I tried it, it did block off all ips. But when I added when
 to
  allow it, such as "localhost" or my direct IP, sometimes it wouldn't allow
  it, and other times the browser sat and spun for about 5 minutes, then
  reported a time out.
 
  Thanks.
 
 --
 -------
 Daniel Lopez Janariz ([EMAIL PROTECTED])
 Web Services
 Computer Center
 Balearic Islands University
 ---

-- 
-------
Daniel Lopez Janariz ([EMAIL PROTECTED])
Web Services
Computer Center
Balearic Islands University
---




Re: During development, how to allow only a couple of ips,including mylocal system, to view the site?

2001-04-09 Thread Daniel Lopez

Hi Kev,

I had a similar problem but for my production applications. I wanted my
solution to be flexible and server independent so what I did was create
a servlet filter, as someone else has already suggested. I've had it for
production for almost a month and so far so good.
I have to admit that I went a little further down the road and I allowed
to specify the IP/hostnames to be allowed denied through an xml file
that can be read from a file, a URL or a database. That way I got
maximum flexibility.
These are the links that I used to create my filter:
http://developer.java.sun.com/developer/technicalArticles/Servlets/servletapi2.3\
http://www.orionserver.com/tutorials/filters/

I hope this helps,
Dan

Kevin Duffey wrote:
 
 Hi all,
 
 I would like to block out ALL ips from viewing my site (using my static ip)
 except for a few ips, which are from co-workers over the internet. Is this
 possible? If so, how? I read in the orion-web.xml.html file about ip-access
 tag, and when I tried it, it did block off all ips. But when I added when to
 allow it, such as "localhost" or my direct IP, sometimes it wouldn't allow
 it, and other times the browser sat and spun for about 5 minutes, then
 reported a time out.
 
 Thanks.

-- 
-------
Daniel Lopez Janariz ([EMAIL PROTECTED])
Web Services
Computer Center
Balearic Islands University
---




Re: Building an application

2001-04-09 Thread Daniel Lopez

Hi Oliver, 
Last week I was plating with the same thing and I was successful with
pretty much the same configuration that you have, except that in
application.xml I set the context root to /
(context-root//context-root). Which error are you getting ? 404? Can
you see your .ear file unpackaged?
regards,
Dan

 olivier wrote:
 
 Hi,
 
 I am new to Orion, and I have recently been trying to build an
 application (ear) with not much success. Basically, Orion seems to
 deploys all the components, but I can't get the first page to open on
 the browser.
 I am using struts as a framework, with the fix I have seen on this
 site (remove the dtd from the jar and put them under classes), and
 struts does not seem to be the problem now (especially since my first
 page is an index.html)
 
 The ear is in orion\applications
 
 userEjb.jar
 taskforce.war
 \META-INF
 application.xml
 
 source of application.xml for the ear
 application
   display-nametaskforce/display-name
   descriptionApplication description/description
   module
 web
   web-uritaskforce.war/web-uri
   context-root/taskforce/context-root
 /web
   /module
   module
 ejbuserEjb.jar/ejb
   /module
 /application
 
 I put this in default-web-site
  web-app application="taskforce" name="taskforceWebApp"
 root="/taskforce"/
 this in server.xml
  application name="taskforce" path="../applications/taskforce.ear" /
 
 
 I have tried with the news.ear coming with orion, but same problem.
 
 Any clue?
 
 Thanks,
 
 olivier




Re: How to run ORION on different ports

2001-04-05 Thread Daniel Lopez

Hi Mohan,

If you mean that you want to have two different orion instances running,
you just have to copy the configuration files to some other directory,
modify the paths and ports appropriately so they don't collide and then
start orion with the option "-config [NEW_CONFIG_DIRECTORY]/server.xml"
where [NEW_CONFIG_DIRECTORY] must be substituted with the directory
where you put your new configuration files.

We have about 9 different instances running with 1-2 web applications
per instance. Why? Because this way when we have to upgrade an
application and we have to tinker with one of the instances, we are
pretty sure nothing is going to happen to the other applications. We
also have different logging directories per instance, blah, blah so
debugging is easier. Now that hot-deployment is becoming a reality, we
might start gathering applications in common instances but in the mean
time, we feel safer with separate instances and development and
production should definitely be in different ones.
The biggest drawback of this solution is that you need more HTTP ports
and the only standard one is 80. We have solved it by using an Apache
instance as a proxy in the 80 port and redirect from there to the
appropriate host/port. This also allows us to show an appropriate
"Application is being manteined" message automatically when an instance
fails, instead of the browser answering "server could be down or not
responding". Another added benefit is that we can distribute our
applications among different hosts just by changing the proxy
configuration: no html links have to be changed, no users have to be
told "the URL was X but now is Y". We know that this means a second trip
but as we proxy all non-dynamic content in the Apache server and our
problem is not traffic and speed but number of applications and
flexibility, then it's a price we are willing to pay.
Just my 2c,
Dan



mohan krishna wrote:
 
 Hello,
 I am interested to run orion on multiple ports...
 
 Consider the following scenario :
 
 There is only one single server for production and development.
 Production sites are represented by virtual hosts, each one runs a
 single web site. Each sites of these only runs it's own "default" web
 application.
 Development is handled by default web site which runs under port 8080.
 Now i want to run one site on 8080 and other one on different port say 80.
 What are the things i have to do to achieve this
 
 Any input would be greatly appreciated
 Thanks
 Mohan Krishna




Re: SV: load-on-startup is not working

2001-03-31 Thread Daniel Lopez

Okey guys,

The load-on-startup="true" inside the web-app tag in the web-site.xml
file did the trick so now everything works as expected. Now that I know
where to look, I found the reference in the documentation even though it
is not very intuitive. Thank you very much to all who responded.
Dan
-------
Daniel Lopez Janariz ([EMAIL PROTECTED])
Web Services
Computer Center
Balearic Islands University
---




Re: Hot deployment

2001-03-29 Thread Daniel Lopez

Hi Marcel,

You're right, I had already tried that and it didn't work. On the other
hand, I tried to pack my .war inside a .ear and everything worked. Of
course that adds another directory and another file to be created but
it's something I can cope with ;). Touching the application.xml file
works fine but I was hoping that auto-detection of new .war files would
be as easy as .ear files, that way a simple ftp with the new war file is
enough but that's not a problem.

Another question, when I perform a hot deployment, all the sessions are
lost. Is there any way I can keep the sessions alive? I mean is there
any setting to persist the sessions across deployments?

Thank you for your help,
Dan
---
Daniel Lopez Janariz ([EMAIL PROTECTED])
Web Services
Computer Center
Balearic Islands University
---


Marcel Schutte wrote:
 
 I'm having the same problem as Daniel. It's not a matter of touching or
 recreating the .war. Daniel wrote that he tried that already.
 
 For me, the automatic redeployment of .ear files works fine. Whenever I
 overwrite the .ear file, orion starts redeploying right away. However, when
 I make my .war part of the global-application by editing the following line
 in orion/config/application.xml:
 
 web-module id="defaultWebApp" path="../default-web-app" /
 
 orion doesn't redeploy my web application when I overwrite the .war.
 Instead, I have to restart the server for it to pick up the changes.
 
 several minutes later
 
 Just occurred to me that perhaps touching the file
 orion/config/application.xml would trigger redeployment. And indeed it
 does, problem solved.
 
 Marcel
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]]On Behalf Of Mike
  Cannon-Brookes
  Sent: Thursday, March 29, 2001 4:02 PM
  To: Orion-Interest
  Subject: RE: Hot deployment
 
 
  Touch the .war file or recreate it - Orion will detect that
  and redeploy it.
  If not, check your date settings etc. Sometimes one machine (if you're
  deploying across a network) may have a different clock to another.
 
  -mike
 
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:[EMAIL PROTECTED]]On Behalf Of
  Daniel Lopez
   Sent: Thursday, March 29, 2001 8:22 PM
   To: Orion-Interest
   Subject: Hot deployment
  
  
   Hi,
  
   I've been using Orion for a while and so far, so good. Now
  I'm trying to
   improve the way we develop/deply applications and I started
  to digg in
   the .war file world. I've created the war file containing
  just the web
   application and it's been auto-unpacked and auto-deployed
  succesfully,
   great! Now I wanted to check what are the steps that I need
  to follow in
   order to deploy a new version of an application. Re-creating the war
   file and substituting it seems not to affect Orion and it's not
   detecting a new version. I even tried to remove the
  deployed application
   directory to see if it would re-unpack it from the new war
  file but it
   didn't work either. So, what am I missing? Do I need to
  create the full
   .ear file blah, blah so hot-deployment works? As I don't
  use EJB, I was
   thinking about just using a plain .war file with just the web
   application. Is that the problem?
   Thank you very much in advance,
   regards
   Dan




Re: Simultaneous Username/Password Detection

2001-03-23 Thread Daniel Lopez

Hi,

Regarding security, the JSDK spec is IMHO too simple and that has forced
many people to reinvent the wheel again and again, or get into
proprietary solutions. We chose to go our own way to be fully portable
and we end up with such a system:
.- As we already have implemented a Model 2 architecture with a servlet
controller, it was quite easy to decide where the security checks would
be performed, that is, the controller servlet.
.- To have an architecture that was also portable between applications
and avoid copy/paste, we developed our security mechanisms(SM) using
basically abstract classes and interfaces. This allows us to secure an
application just by implementing the appropriate classes, which can be
done apart of the business logic.
.- We distinguish two parts: Defining the security environment of the
application(users, roles...) and defining the security requirements of
the applications operations(which roles are required for each request).
.- For the first problem we provide a set of interfaces to define the
users and roles at initialization time, to be stored in a cache (we also
already provide an XML-based implementation that can be used for simple
applications out-of-the-box and works from a file, URL or a database).
.- For the second we wanted the ability to set the security constraints
in runtime. So we implemented the SM so they ask for each request,
through the interfaces, which is the requiered permission to perform
such a request. As the application implementation is passed the request
and the context, it can decide the required permissions depending on the
parameters, the URL, some values stored in the servlet context...
.- We also provide a "dynamic" setting in which we just pass the
username/password and request to the application implementation and it
has to answer back if the request is allowed or not. This feature is
useful when you have too many users and they won't fit in the cache, or
they change very often.

The trickiest part to implement was the cache of sessions as we wanted
to allow basic and form authentication and be able to log out, detect
simultaneous sessions... Handling all that with the various browsers
behaviours was not a simple task, but once done...

But the key point is that it is a proprietary mechanism that we have to
mantain and update, and I don't think we should do it. If the standard
was complete enough, something like that would be specified in a
portable way and every container vendor would provide such a service,
thus making applications really portable. The proof to see that the
standard is not complete is that evey container vendor has its own
implementation. To be truly portable, you have to roll your own, but I
wish I hadn't to.

Just my 2ec,
Dan
PD: BTW, we are not a porn site either ;), just tired of copy/pasting
the same security routines over and over and...
-------
Daniel Lopez Janariz ([EMAIL PROTECTED])
Web Services
Computer Center
Balearic Islands University
---

David Morton wrote:
 
 I am building a system that protects content by username and password.  No
 problem there.  The more complicated part of the system prevents two people
 using the same username and password at the same time on our web site.  I
 have a plan to do this, but I haven't seen if there are any common
 methods/techniques/strategies/design patterns to do this in a jsp
 environment.  Nor do any of our developers have any experience in doing this.
 Currently, I am just going to store server generated sessionId's and
 userId's with other necessary data/time checks..of course the user must
 be able to take over use of that username and password because the browser
 may crash...or they forget to hit logoutand also I must flag when this
 happens too many times in a period of time as a red flagobviously with
 an html web site, there is no 100% accurate way to only have one user using
 the site at once, however, I can build it well enough that 95% of the users
 that are giving out their passwords won't because it is annoying to keep
 re-logging in and being locked out for an hour if you trip one of our red
 flags.thoughts?  experiences?
 This is not for a porn site, however, I bet that porn people have
 something like this.
 
 David




Re: Why xsl:include seems to try to find files in /Orion folder andnotweb-app root?

2001-02-14 Thread Daniel Lopez

Hi,

I've been using Xalan for quite a long time and whenever I used
xsl:import href="fileName.xsl"/, it always used the directory where
the xsl was located as base directory, NOT the the working directory.
This includes Xalan 1.2.x versions as I haven't upgraded to 2.0 yet. So
I would say Xalan follows the specificaction.

Regards,
Dan

Arved Sandstrom wrote:
 
 We have observed this behaviour with Xalan (1.2.x family) both in and
 outside of app servers. Xalan uses the "working directory", according to
 Java, as the base URI. Which is of course wrong.
 
 Dunno about Xalan2. Possibly fixed. In any case I'm planning to switch over
 to Saxon.
 
 Regards,
 Arved Sandstrom
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]On Behalf Of Dan Cramer
 Sent: Tuesday, February 13, 2001 4:54 AM
 To: Orion-Interest
 Subject: RE: Why xsl:include seems to try to find files in /Orion folder
 and not web-app root?
 
 Check out the XSLT spec at http://www.w3.org/TR/xslt#include. According to
 the spec, in an xsl:include tag, a relative URI as the value for the href
 attribute should be interpreted as starting in the same directory as the
 including stylesheet.
 
 Example:
 assume that a stylesheet /www/xsl/A uses the tag: xsl:include href="B",
 then the XSLT engine should include the stylesheet /www/xsl/B.
 
 If this isn't what you're seeing, then your processor has a bug.
 
 This might help more than my suggestion before :-)
 Dan Cramer
 Chief Architect
 Dynamic Resolve, LLC
 Internet Solutions Consulting
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]]On Behalf Of Duffey, Kevin
  Sent: Monday, February 12, 2001 5:47 PM
  To: Orion-Interest
  Subject: Why xsl:include seems to try to find files in /Orion folder and
  not web-app root?
 
 
  Hi,
 
  When I use the xsl:include.. directive, it appears to look in
  server root
  dir, and not the web-app root its deployed in. I am not quite sure if this
  is something to do with Orion, or if all servers operate in this
  manner and
  therefore its an error of the XSLT technology. Or..perhaps its an error of
  the saxon library I am working with. Just wondering if anyone working with
  Orion and XSL have seen this problem or not?
 
  Thanks.




Re: Orion and SSL

2001-02-14 Thread Daniel Lopez

Hi all,

Well, I played a lot with my certificate, test certificates blah, blah,
blah and the final answer is NO. You cannot, AFAIK, use an existing
certificate unless you generated the request with keytool and you kept
the keystore. The key point is that when you generate a certificate
request, public key and private key are generated and stored in the
keystore, if you didn't create your request with keytool you don't have
this information and when you import the real certificate, it is treated
as a trusted certificate (like Verisigns one) but not as valid key to
validate himself. I didn't fin any info on how to import the private key
into the keystore so I asume the answer is that you cannot. Requesting a
new certificate whose request has been generated with the keytool seems
to be the answer but then you have to pay again.
I would suggest this information to be included in the SSL how-to as
this might save other people from getting the headaches I got while
playing with all these buzzwords ;).
Regards and thank you to all the people that offered their advice.
Dan

Rafael Alvarez wrote:
 
 Hello Daniel,
 Sorry for the delay in the answer.
 I had the same trouble migrating a certificate from IIS to orion.
 
 Did you generate the request to Verisign using the keystore where
 you're importing it? If not, you need to request a new certificate.
 Check Verisign to see how that can be done.
 
 Hope this help.
 
 --
 Best regards,
  Rafaelmailto:[EMAIL PROTECTED]




Re: Displaying image files stored in a database

2001-02-13 Thread Daniel Lopez

Hi Paul,

We have already done with Oracle what you are asking for. As someone
else pointed out, we just use a servlet that gets the images from the
database using java.sql.ResultSet.getBinaryStream(). This servlet gets
the image, sets the content type accordingly and then just writes the
image content to the response output stream. You just have to provide
your servlet with enough information to be able to rerieve the image, so
the link in your html page would look something like...:
img src="/servlet/my.ImageServlet?image_code=X" / Then you can alias
your servlet, pass the image code as part of the URL etc to make it
nicer, but I hope you get the basic idea. You might also try to optimise
it by implementing a "cache" of the already extracted images somewhere
in your filesystem but that's lef as an exercise to get a higher grade
;).
regards,
Dan

Paul Kofon wrote:
 
 Hi,
 
 Phew! I think I'll just use my solution for now. In future I'll look at
 yours, perhaps when I get Informix. Hypersonic isn't that sophisticated. As
 far as I know (I have checked it out but I'm not 100% sure) it doesn't
 support BLOBs. Thanks a lot for your help.
 
 Regards,
 
 Paul




Re: Orion and SSL

2001-02-13 Thread Daniel Lopez

As I've got no answer at all. Should I just suppose you cannot get Orion
to work with SSL with an already created certificate by Verisign? Did
the message just get lost somehow? Help, somebody? :)
Thanks,
Dan

Daniel Lopez wrote:
 
 Hi,
 
 I've already browsed the list archive and I've seen that many people
 have had this problem but I didn't find a solution. So my problem is the
 typical "Error listening to SSLServerSocket: No available certificate
 corresponds to the SSL cipher suites which are enabled" I already
 imported the certificate using "keytool -import -trustcacerts -file
 mycert.der -keystore keystore", the certificate has been granted to the
 same hostname which is specified in the mysite-web-site.xml file, the
 certificate is valid until october, created by Verisign, 1024
 public-key..., SSLv1, it works fine with Apache. So, is there any log
 file where I can get a more specific error message? Have I forgotten to
 do something? Any hints?
 TIA,
 Dan




Orion and SSL

2001-02-12 Thread Daniel Lopez

Hi,

I've already browsed the list archive and I've seen that many people
have had this problem but I didn't find a solution. So my problem is the
typical "Error listening to SSLServerSocket: No available certificate
corresponds to the SSL cipher suites which are enabled" I already
imported the certificate using "keytool -import -trustcacerts -file
mycert.der -keystore keystore", the certificate has been granted to the
same hostname which is specified in the mysite-web-site.xml file, the
certificate is valid until october, created by Verisign, 1024
public-key..., SSLv1, it works fine with Apache. So, is there any log
file where I can get a more specific error message? Have I forgotten to
do something? Any hints?
TIA,
Dan
-------
Daniel Lopez Janariz ([EMAIL PROTECTED])
Web Services
Computer Center
Balearic Islands University
---