RE: How to get the RoleManager
Uh, try using the shared session attribute (orion-web.xml) + the same realm name for the login config (web.xml) HTH, JP -Original Message- From: David Potts [mailto:[EMAIL PROTECTED]] Sent: Miércoles, 10 de Octubre de 2001 8:02 To: Orion-Interest Subject: RE: How to get the RoleManager -Original Message- From: Mike Cannon-Brookes [mailto:[EMAIL PROTECTED]] I have a feeling if you made app2 the parent app of app1 it might work (they'd probably be the same RoleManager - can't confirm that though). Thanks for the suggestion. We tried it, but it doesn't work. When we go to the second app the login form comes up again. This is a non-standard solution (if a solution at all! ;)), then again if you're using RoleManager you're already using Orion specific code so you probably don't mind too much. At the moment we are looking for *any* solution that will do form-based single signon across two apps on Orion. What is the standard? Cheers, Dave.
RE: What's in 1.5.3?
Orion 1.5.3? Yeah? Where? Usually alongside the .jar there's a changes.txt describing... err... the _changes_. Still, the current bleeding edge version is 1.5.2 -Original Message- From: Brendan McKenna [mailto:[EMAIL PROTECTED]] Sent: Martes, 09 de Octubre de 2001 6:47 To: Orion-Interest Subject: What's in 1.5.3? Hi, Since 1.5.3 is in beta, is there anywhere where we can find a list of the changes that will be present in 1.5.3? In particular, will the changes that have recently been made by Oracle in their version of Orion be rolled into 1.5.3? Thanks, Brendan -- Brendan McKenna Email: [EMAIL PROTECTED] Development Strategist Phone: +353-61-338177 Taringold Ltd. Fax: +353-61-338065
RE: New Release????
no new release... always check out http://www.orionserver.com/orion/changes.txt also, you can download orion.jar from http://www.orionserver.com/orion/orion.jar (that's what autoupdate does, BTW) No new release or further comments from magnus yet. -Original Message- From: Stephen Davidson [mailto:[EMAIL PROTECTED]] Sent: Miércoles, 03 de Octubre de 2001 10:22 To: Orion-Interest Subject: New Release My original post never appeared, so I am reposting... -Steve
RE: Displaying errors in JSP
BTW, if you use IE, disable 'friendly HTTP error messages'. This option, in its active state will prevent the error page to display in the browser. JP -Original Message- From: The elephantwalker [mailto:[EMAIL PROTECTED]] Sent: Miércoles, 03 de Octubre de 2001 13:21 To: Orion-Interest Subject: RE: Displaying errors in JSP for the terminal, you can use System.out.println(e.getMessage()) in the catch phrase for the jsp, you will need to initialize some string variable in the catch block and then use in the html ... % String error = ; try { } catch (Exception e){ error = e.getMessage(); } % ...html stuff p%=error%/p But this isn't really always necessary. Orion will spit out the error in the jsp if you don't catch it...since there is a try/catch built around every jsp page. Try it...do something silly in the jsp page to create a Null Pointer Error, and watch the fireworks in the browser. As long as you don't have a 500 error page, your jsp Null Pointer Error will be in the browser. regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of EXT-Vaze, Vinay G Sent: Wednesday, October 03, 2001 9:09 AM To: Orion-Interest Subject: Displaying errors in JSP If I have a code block such as % try { } catch (Exception e) { } % inside a JSP, how do I output error to either the browser or to the server console ? -- Vinay Vaze M/S : 7H-80 Phone : (425)-865-2929 Email : [EMAIL PROTECTED]
RE: questions on legacy transaction support
Knowing how the legacy handles transactions would help. Particulary interested if rollbacks are accomplished by 'compensating' transactions, which would make the whole process straightforward. JP -Original Message- From: Reason [mailto:[EMAIL PROTECTED]] Sent: Lunes, 24 de Septiembre de 2001 20:23 To: Orion-Interest Subject: questions on legacy transaction support I'm attempting to use Orion pretty much for the easy custom authentication/user management and very little else. That all works pretty well -- as an ex-JBoss user, let me say that I like the straightforward approach. So I have a bunch of BMP beans that wrap some legacy software. The legacy software comes complete with legacy transactions and I'm trying to figure out the best way to deal with this such that: 1) I can reliably pick up the right legacy transaction at the right time in my bean methods 2) a given user can have more than one transaction on the go at once in separate threads Now, I can write any old middle layer I choose to associate specific legacy transactions with some object/value/concept from the EJB layer (in a hashtable, for example), but I don't have a good enough grasp on the Orion container to figure out which of the following items are going to be constants between different threads or method calls to the server: a) EJBContext (EntityContext, SessionContext): these would seem to be out of consideration, as they are reused between beans and threads, and a transaction might extend throughout several method calls in both session and entity beans. b) UserTransaction: I could associate a UserTransaction instance with a legacy transaction instance. If I start a transaction in a session bean, which then calls entity bean methods, is the same UserTransaction instance going to result from calls to context.getUserTransaction() in the contexts for the various beans? c) Principal name: I could associate a legacy transaction with a principal name if not for wanting to allow each principal the option of multiple concurrent transactions in different threads. d) Thread: a legacy transaction could be associated with a specific server thread. Is this going to work? Are UserTransactions associated with a specific thread throughout their lifetime? Is this thread the same thread that is used for separate method calls that fall within the transaction? So, any suggestions or ideas from the list on this one? Reason http://www.exratio.com/
RE: Microsoft releases SQL Server 2000 JDBC driver
Here! I evaluated Merant's drivers 'bout a year ago and they were... err... not as good as I expected(hadn to go for I-Net's ones). They couldda improve a lot in a year, tough. JP -Original Message- From: Darren Gibbons [mailto:[EMAIL PROTECTED]] Sent: Martes, 25 de Septiembre de 2001 14:45 To: Orion-Interest Subject: Microsoft releases SQL Server 2000 JDBC driver Microsoft just announced that they are releasing a Type 4 JDBC driver for SQL Server 2000. It's based on code licensed from Merant. http://www.microsoft.com/presspass/press/2001/Sep01/09-25MerantPR.asp Download the beta here: http://www.microsoft.com/sql/downloads/default.asp Haven't tested it yet, but will soon. I'm glad that Microsoft has done this as I know a fair number of people using SQL Server to back their Java applications. Does anyone have any experience with Merant's drivers? Darren. -- Darren Gibbons[EMAIL PROTECTED] OpenRoad Communications ph: 604.681.0516 Internet Application Development fax: 604.681.0916 Vancouver, B.C. http://www.openroad.ca
RE: HELP !!! SECURITY
lo que? the orionconsole is run with: $orion# java -jar orionconsole.jar HTH, JP PS: mail me (in Spanish if you like) if that's not what you're looking for. An extended explanation would be appreciated -Original Message-From: David Bonilla [mailto:[EMAIL PROTECTED]]Sent: Viernes, 21 de Septiembre de 2001 11:23To: Orion-InterestSubject: HELP !!! SECURITY Ok... I have understand all about security but know, how and where can I activate a option to use a Orion-Based console or something else to control de User Name and Password ? __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6 B28036 MadridSPAINTel.: (+34) 914 577 747Mvil: 656 62 83 92Fax: (+34) 914 586 176__
RE: Questions about Orion
all inline -Original Message- From: Vlad Vinogradsky [mailto:[EMAIL PROTECTED]] Sent: Jueves, 20 de Septiembre de 2001 23:22 To: Orion-Interest Subject: Questions about Orion I am evaluating the Orion server for use in a production web site which would be hosted by a hosting services provider. It would run on a Windows 2000 box alongside other web sites serviced by IIS and will manage data in SQL Server 2000 database. I have a few questions I wasn't able to find answers to and I wonder if you can help me with them. 1. I wonder if anybody had any negative experience using Orion server on Windows 2000 or with SQL Server 2000? I-Net jdbc products are going to be used. I'm using W2k. Runs neat. SQL Server 2000, I used I-Net's drivers and everything worked fast and smooth. However I haven't used it intensly. 2. Any comments on performance, scalability and availability of the Orion server on Windows 2000? As with any W2k, use the lastest SP and hotfixes. The maximun number of _true_ threads W2k manages is 250 (1 uP, 1 GB RAM); about 75 are used by services, and if you'll have IIS there, you can't have more than 75-100 threads running without severe problems. Of course, If you'd ever have 100 concurrent users on a single orion, you'd be using a cluster(won't ya?). 3. What VM is best to use to run Orion server? For W2k, Sun's latest is the fastest. Have proof (and an NDA, so I can't reveal it). You can test, the results are almost humanly measurable. It's amazing how much Sun's VM has changed since 1.2.2. 4. Does it have auto start and restart features? Do you have to have an interactive logon session to start it? There are some utilities that allow you to run orion(or any java app) as a service. Search the list archives. 5. What security context does it run in? I think the elephantwalker covered that. You can implement your own UserManager; if you're thinking of auth against the PDC, yes, it can be done. You'd have to write your own UserManager, and then use JNI or J-Integra to call upon ADSI objects. 6. What is Orion server security track record? Has it ever been compromised or taken out by DOS attacks? There were fixed bugs. Also, dropped connections on long-execution pages do not kill the webserver thread, so there may be DOS vulnerabilities. even so, it's a whole lot better than IIS. And bugs don't have the same amount of press. 7. Any comments on IronFlare's technical support? It looks like there is no live tech support - just email. All input is welcome. Thanks, Vlad HT, JP
RE: Transaction question ?
No-- they're invoked in different transactions. Transactional activity maps directly to threads-- that is, the thread's id is the transaction id (so to speak). HTH, JP -Original Message- From: Stephen Davidson [mailto:[EMAIL PROTECTED]] Sent: Martes, 18 de Septiembre de 2001 13:32 To: Orion-Interest Subject: Re: Transaction question ? Eddie wrote: Hellu, Please some help on the following transaction scenario ?: I am receing some information through a HTTP post method. The servlet, running as part of a J2EE application, calls a EJB method A. The EJB method does some little processing. After this, it checks some conditions, and might do some more processing in an other EJB method B depending on the conditions (in the same method still). I want to call method B in a thread, such that the client, performing the HTTP request, isn't waiting too long. So I want to start method B in a thread, such that the initial EJB method A returns. How does the transacion model looks like in this case and it is wise to do it like this ? (My transaction attribute is set to Required and I am using CMP). I mean, is EJB method B, that runs in the thread executed in a new transaction, as the initial EJB method A returns, or does it run in the same db transaction as method A ? Eddie Hi Eddie. Launching threads in an EJB is against spec, as you may have noticed. What you may want to consider is using JMS. You would want to set up the EJB as a MessageDrivenBean, and then have the onMessage call method B. My understanding is that you can preserve the transaction/across through a message. -Steve -- Stephen Davidson Java Consultant Delphi Consultants, LLC http://www.delphis.com Phone: 214-696-6224 x208
RE: Using NT Authentication
You could also use JIntegra or JNI to access ADSI objects. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Viernes, 14 de Septiembre de 2001 8:44To: Orion-InterestSubject: Re: Using NT AuthenticationI've seen it down by asking for a FTP connection to the server and using the password. If it goes through then the password it good. It is clunky but it works. Jonathan BrickerLilly Research LabsJava ATG [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 09/14/01 04:08 AM Please respond to Orion-Interest To: Orion-Interest [EMAIL PROTECTED] cc: Subject:Using NT Authentication Hi, I am developing an intranet EJB application and am interested in using the users NT authentication as a means for user authentication. I know it is possible to do this in IIS, but has anyone ever tried doing it with a Java Web App? Any advice or suggestions would be appreciated. Regards, Johnny
RE: Stored procedures and J2EE
I (empirically) reached the same conclusion; but instead of dropping CMP, we provided performance improvements ON TOP of the EJB's (VO's and VO caches). Thank god we did it this way, because the DB can't scale as easily as the app-server cluster. My 2c, JP -Original Message-From: Rian Schmidt [mailto:[EMAIL PROTECTED]]Sent: Jueves, 06 de Septiembre de 2001 12:51To: Orion-InterestSubject: Re: Stored procedures and J2EE I'm interested as to how you cansay this... we just did a series of tests here to see what the effect of pulling out some fairly complex stored procedures into CMP beans, and the performance impact was enormous. We've actually gone the other way, that is, developing stored procedures for each anticipated database. The fallback is that the logic is done in the beans, but that is a worst-case scenario. Now, I realize that this would be considered such bad form in a Sun-controlled world of pure J2EE that I hesitate to even mention it... but in the real world, any significant hit on performance is enough to convince us to denormalize a bit, so to speak. I don't think that you can say "there's absolutely no hit on performance" not to use stored procedures, particularly if that procedure requires repeated queries of the data in a pseudo-recursive way. Do you really think that any performance hit that we've seen is a result of poor design? I'm really interested in your reasoning. Rian - Original Message - From: The elephantwalker To: Orion-Interest Sent: Thursday, September 06, 2001 2:23 AM Subject: RE: Stored procedures and J2EE As for distributing your business logic between the datastore and middle tier...aren't you making your life more complex than it needs to be? There is absolutely no hit on performance if you pull out all of your business logic into a slsb or cmp...there's just no need to use store procedures any more.
RE: Additional invocations to the UserManager
all inline. -Original Message- From: Curt Smith [mailto:[EMAIL PROTECTED]] Sent: Lunes, 03 de Septiembre de 2001 9:31 To: Orion-Interest Subject: RE: Additional invocations to the UserManager I bounced the client, deleted cache/cookies and still saw the auto-login behavior on every request to my UserManager without seeing the login dialogue the 2nd--Nth time. So how could the client be silently supplying the user/pass on every request??? Still looks like the container is calling UserManager with it's cached copy of user/passwd The browser chaches it. Read RFC 1945 (HTTP 1.0), section 11. Here are some quotes: Section 11 The domain over which credentials can be automatically applied by a user agent is determined by the protection space. If a prior request has been authorized, the same credentials may be reused for all other requests within that protection space for a period of time determined by the authentication scheme, parameters, and/or user preference. Unless otherwise defined by the authentication scheme, a single protection space cannot extend outside the scope of its server. /Section 11 So, with BASIC Auth, regardless if the server challenges the user _everytime_ for its username and password, given a realm, the browser sends its authentication. This goes back to the time where the was no session support on web servers(it was 4 or 5 years ago, not THAT long). Instead of asking the user for its username and password everytime, the browser caches a successful user/passwd pair and resends them (provided the challenge comes from the same 'realm'). This is 'legacy' behavior of the browser. And the spec accepts it. I could have run my client through a logging proxy to tattle-tail whether the container was issuing an HTTP challenge on every get/post or not?? Of course, check for WWW-Authenticate; if the server challenges every time, then it should be a part of the response. This is, however, unlikely-- orion must be reading the headers, and reauthenticating the user every time, regardless of challenges. Given that I bounced my client and deleted cookies/cache I'm still mystified about HTTP challenge issues??? Regardless I've moved on to FORM authentication and folks on this list find value in the current HTTP challenge behavior for their development cycle not pestering them for re-login :-/ Yap, and that's the main use I given to BASIC, it speeds up the devel cycle, no matter how many times you restart the server. curt Nope. This is browser, not orion behavior. It complies to the HTTP specs. I saw this too and went to FORM authentication and don't see this anymore. I still use UserManager to receive the user/passwd from the FORM via the Container, but I don't see the UserManager calls on every request. Based on this, I feel it's a bug in orion that BASIC behaves this way. curt
RE: Shared SB reference in Web tier business delegate??
all inline -Original Message- From: Curt Smith [mailto:[EMAIL PROTECTED]] Sent: Martes, 04 de Septiembre de 2001 10:08 To: Orion-Interest Subject: RE: Shared SB reference in Web tier business delegate?? I didn't clearly state my architectural question: What's the view on sharing a single remote SB interface among all servlet threads? I.E. a single Business Delegate in the ServletContext (as apposed to bloating out the Session). Would work but... (continues below) I've not read clear EJB spec / book statements regarding sharing SB or Entity remote interfaces? It's the container resposability to do it. I can (as will you) enumerate a number of reasons why not taking into your own hands somebody's else job. For SB's this should be perfectly ok since the container delagates methods to bean instances, it should not mater whether it's via a single remote interface or separate? Shouldn't, specially in a pure Java App server (and that's one of the things I like 'bout orion you can tweak it) Threaded access to a single Entity might be a problem if reentrant is set to false. I would still believe that the container should simply queue methods against the Entity in that case. And here's the main reason for my objections. The server does queue transactions fired upon the same stub. Clearly, this is very bad if you have a SFSB, but even in the SLSB case, it will _eventually_ clog up the server in a domino effect. Two requests arrive, only the first is attended: R1--SLSB R2---blocks Now, the server serves R2, which was blocked, but in the mean time, two more requests arrive. R1: Finished. R2--SLSB R3---blocks R4---blocks If stressed, the server eventually comes to a halt. What happens if you let the container manage the instances? Let's suppose you set the pool size to 1. R1--SLSB1 (pool instance) R2--SLSB2 (new instance) and then, SLSB1---pool SLSB1---gc R1: Finished R2: Finished. R1--SLSB1 (pool instance) R2--SLSB3 (new instance) And there starts the deployer's job, tweaking the pool size for maximun performance. Thanks for you opinions on the shared reference issue. Just my 2c, Juan Pablo
RE: Additional invocations to the UserManager
Nope. This is browser, not orion behavior. It complies to the HTTP specs. -Original Message- From: Curt Smith [mailto:[EMAIL PROTECTED]] Sent: Sábado, 01 de Septiembre de 2001 10:43 To: Orion-Interest Subject: RE: Additional invocations to the UserManager I saw this too and went to FORM authentication and don't see this anymore. I still use UserManager to receive the user/passwd from the FORM via the Container, but I don't see the UserManager calls on every request. Based on this, I feel it's a bug in orion that BASIC behaves this way. curt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Trujillo, Kris Sent: Friday, August 31, 2001 6:11 PM To: Orion-Interest Subject: Additional invocations to the UserManager I have written a custom UserManager and have setup security-constraints against several JSPs in my application...everything works great..almost. I'm noticing that after the user has successfully been authenticated that my UserManager is being recalled for every page request made by the user. The difference being that the user is not reprompted to enter a username and password. The problem with this is that it causes a lot of additional overhead because the user is reauthenticated and has the group checking revalidated for every request. Is it possible to setup Orion so it won't behave this way? It seems like once the user has been authenticated once that they should not be reauthenticated until their session has expired. Thanks
RE: Shared SB reference in Web tier business delegate??
-Original Message- From: Curt Smith [mailto:[EMAIL PROTECTED]] Sent: Viernes, 31 de Agosto de 2001 9:27 To: Orion-Interest Subject: Shared SB reference in Web tier business delegate?? Greetings, My app is a thick client replacement with J2EE web-ified functionality where 3000+ clients will login and stay logged in all day. I'm wanting to reduce the number of session objects as a result of so many concurrent sessions. I plan on keeping a per session business deligate manager, but make the DAO instances static thus shared amoung all sessions since my DAO's are re-entrant. I'm concerned about sharing a single SB remote interface amoung all sessions (Threads)??? Why not let the container manage the actual number of instances created? That would lead to 3000 proxy instances, but just a handful of SLSB. Of course SSB remote interfaces will need to be tied to that session!! I can't quite follow you here. Do you meaqn the http session? What about the few Entities that might be accessed from the web tier? reentrant vs not reentrant Entities?? Entities that are reentrant, by the EJB 1.1 spec (section 9.1.12), are those that can be called in a loopback WITHIN the same transaction. Different transactional contexts calling the same Entity(by this I mean an entity with equal PK) are not reentrant calls. Basically, this allows for loopbacks in a call thread, but its use is discouraged by the spec. I wish the EJB spec was clearer about reentrancy of the remote interface or maybe someone can shed some light?? Again, check out the same section on the spec; transactional context (sometimes called activity) plays an important role in determining if a call is reentrant. Thanks alot to the orion mail list. curt Curt Smith [EMAIL PROTECTED] (w) 404-463-0973 (h) 404-294-6686
RE: Clustering in Orion
Title: Clustering in Orion Really? Could you share the source (of the rumor)? -Original Message-From: Aaron Tavistock [mailto:[EMAIL PROTECTED]]Sent: Viernes, 31 de Agosto de 2001 16:39To: Orion-InterestSubject: RE: Clustering in Orion As I understand it clustering of session EJBs will soon be available. But thats just the rumor. -Original Message-From: GUNDA, Satish / RSAIFS - IOM [mailto:[EMAIL PROTECTED]]Sent: Friday, August 31, 2001 7:52 AMTo: Orion-InterestSubject: Clustering in Orion Hi all, What is the clustering support provided by Orion? Will my EJBs be replicated across the cluster? The documentation states the following. The HttpSession data (as long as it is Serializable or an EJB reference). Note that if the EJBs are located on a server that fails, the references might become invalid. The ServletContext data. Does it mean EJBs are not replicated acorss a cluster? I don't know how just replication at HTTPSession level can help a production site which requires 99.99 uptime. Any idea when (if) Orion is coming up with this support? Thanks, Satish
RE: Additional invocations to the UserManager
sound a lot like BASIC authentication. If so, then Orion's behavior is as defined by the spec, and presents the same behavior than IIS, Apache and Netscape Enterprise -Original Message- From: Trujillo, Kris [mailto:[EMAIL PROTECTED]] Sent: Viernes, 31 de Agosto de 2001 18:11 To: Orion-Interest Subject: Additional invocations to the UserManager I have written a custom UserManager and have setup security-constraints against several JSPs in my application...everything works great..almost. I'm noticing that after the user has successfully been authenticated that my UserManager is being recalled for every page request made by the user. The difference being that the user is not reprompted to enter a username and password. The problem with this is that it causes a lot of additional overhead because the user is reauthenticated and has the group checking revalidated for every request. Is it possible to setup Orion so it won't behave this way? It seems like once the user has been authenticated once that they should not be reauthenticated until their session has expired. Thanks
RE: Class Reloading
switch to BASIC auth for development only. it's easy to do, just change FORM to BASIC (don't even have to remove the form-login and form-login-error tags). The browser caches any auth that fulfills the Web server's challenge. Therefore, it auto-logins you every-time the web server challenges for auth. It's made my life easier HTH, Juan Pablo -Original Message- From: Teddy Rice [mailto:[EMAIL PROTECTED]] Sent: Miércoles, 29 de Agosto de 2001 1:31 To: Orion-Interest Subject: Class Reloading i have read, and re-read, all of the postings on class (re)loading in relation to deployed applications inside orion. yet, i still have some unanswered questions. in my past experience, compiling classes to the ./WEB-INF/classes directory and touching either the web.xml or application.xml file will cause the new classes to be picked up and used. all objects that are in session are serialized and available after the application is re-deployed without having to re-start orion. however, i am now experiencing a situation wherein i'm losing my session information and being forced to re-login to my application to continue development. is there a set of criteria or implemenation details i'm missing. all objects are obviously serializable or they would not be able to be stored in a session. yet, my latest encounters with class reloading makes me doubt this assertion. any ideas/paths i can explore to making my development life less hell-like? thanks, ted rice
RE: UserManager / BASIC auth; orion caching username/password ????
inline -Original Message- From: Curt Smith [mailto:[EMAIL PROTECTED]] Sent: Martes, 28 de Agosto de 2001 18:04 To: Orion-Interest Subject: UserManager / BASIC auth; orion caching username/password I've got a confusing issue that I'm observing: I'm using BASIC authorization and installed my subclass of AbstractUserManger into orion-application.xml. I get the HTTP challeng login dialogue the first time, and get into the protected site when my um.checkPassword ( user, pw ) returns true. Problems are: - After 3 failures I get sent to the 401 screen. I'd like to loop forever in the login dialog. non standard, check HTTP RFC ??? - The Security context seems to be cached and survives re-starts of orion ?? The browser does that; once a basic auth works, the same browser process will keep sending the same auth to the server for each auth challenge. I see the um.checkPassword () method being called with the successful username password in my log4j logs. Is the container supplying the user/passwd without challenging client This works for both IE and NS and I've turned the auto-loggin features off for IE. On one hand this is great for resilience, especially if the session object is serialized too. I haven't found any files that might be performing this feature though??? On the down side, I can't force a session / Security Context invalidation to force a new login for debugging purposes. Stopping IE / NS and restarting the client even jumps back into the session without a HTTP challeng ??? I've never seen this before? Why can't I find how to flush cookies in IE and NS... ; but this appears to be solely an orion behavior and not using cookies to persist the Security context??? Anybody have an explanation of what's going on with this appearance of auto-login behavior via my UserManager.checkPassword() method? very confused, curt
RE: State Replication
I don't think there is replication of SFSB's in orion. All replication I'm aware of is http-session's; you could achieve similar (but not identical) behavior by storing the SFSB's handle in the session object(provided you enabled http-session replication). However, this would achieve scalability, not reliability. My 2c, Juan Pablo -Original Message-From: Matthew Pullen [mailto:[EMAIL PROTECTED]]Sent: Lunes, 27 de Agosto de 2001 14:48To: Orion-InterestSubject: State Replication Hola, I sent a question to the mailing-list last week, but I did not see it sent back to me from the list, nor any responses, so I am assuming it didn't make it. This is the re-transmittal: I am trying to get replication of a Sate-full SessionBean across a replicated cluster. The loadbalancer is working well, and when one server is shut down, the balancer does direct the requests to another back-end server. However, session state is not being replicated between the two back-end orion instances. If it is not intended to work in this fashion, what is the intended functionality of "replication"? Are there any white papers or detailed documentation of the intended behavior? Thank you, Matthew Pullen
RE: List rant (was RE: Virtual DirecTory -- Help)
Hani is in PST time zone too? Maybe it took 11 minutes tu be delivered (pretty fast for an email in a list). BTW Hani, you're posting to orion-interest Sunday at 6 am? I'm getting REALLY worried. Juan Pablo. -Original Message- From: Alex Paransky [mailto:[EMAIL PROTECTED]] Sent: Domingo, 26 de Agosto de 2001 11:28 To: Orion-Interest Subject: RE: List rant (was RE: Virtual DirecTory -- Help) You are missing the point. The list is broken most of the time. You send your message at 6:21am, I get it at 7:32am. More than 1 hour later. Sometimes, I get at 2 hours later, 20 hours later, 24 hours later. Many times I don't get it at all. What good is it to have a list that you cannot rely on. If you have a problem which needs addressing fast, you don't want to wait for 24 or 48 hours while the list sends the question to all the people. Sometimes, it does not send at all. So many of us have been making 1, 2, 3, or more postings to the list, just to PUSH the damn message through. Furthermore, I hate having to type a long detailed response, only to not have it go through on the list. It's a waste of my time. So, I think, this list should be closed, and people redirected to the Yahoo list. By the way, I just posted to the Yahoo list and I see the message in my mail box 3 minutes later. That's response time! -AP_ PS: Let's see how long it takes this message to get propagated. It's Sunday, August 26th, 2001 8:28am PST. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hani Suleiman Sent: Sunday, August 26, 2001 6:21 AM To: Orion-Interest Subject: List rant (was RE: Virtual DirecTory -- Help) I have to add my voice to this. This is just an example of the problems that can happen when a lot of well meaning and eager people do what seems to be a good idea, yet turns out to do nothing beyond make the problem they're trying to fix even worse. The people who end up suffering are those who need actual help with Orion, as every new mailing list further dilutes the pool of competent knowledgable people present on any given resource that can provide help. I for one will NOT be joining any orion related mailing lists other o-i, and I would go so far as asking you all to likewise resist the temptation of 'encouraging' these other lists, for the following reasons: - Any individual list is 'worth less', as it's only a subset of the community. - The barrier of entry to Orion is higher (who wants to join 4 mailing lists just to ask a simple question?) - Bias that is very likely to occur (MY support site/list/whatever is cooler/better/richer than yours!) - Turf issues. (don't crosspost to our list! Go away and ask *that* list! Oh now you come to us after you failed on *that* list?) - Same old same old. Does anyone truly think the rash of 'is Orion dead/gone/sold out' and 'have Magnus/Karl given up/died/become hermits/taken up fishing/sold out' questions that pop up every couple of months iks going to dimish? On the contrary, now you get per-list threads about the exact same thing! Wheee! Of course, feel free to ignore all this and join six orion related lists and sign up with four orion support websites. More power to you. Hani On Sun, 26 Aug 2001, Mike Cannon-Brookes wrote: Guys, I'm both for and against this new Orion list, but surely we're solving NOTHING other than creating more email if we send support messages to both lists? (Meaning everyone subscribes to both lists, everyone get's everything twice) Is there a sensible way we can resolve this? Personally I'd say use o-i when it's up, only use the egroups list when there's a problem. -mike Mike Cannon-Brookes :: [EMAIL PROTECTED] Atlassian :: http://www.atlassian.com Supporting YOUR J2EE World -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Daniele Arduini Sent: Sunday, August 26, 2001 7:14 PM To: Orion-Interest Subject: Re: Virtual DirecTory -- Help Eddie Post wrote: Hellu, I am trying to exculde my JSP files from the war file, such that the designer can easily change them without my help (withoud deployment, etc...). Anyone any idea/advice how to do that as I tried many things, but appearantly am not able to succeed ? 1. create an orion user and an orion group. 2. chown -R orion:orion /opt/orion 3. Run Orion as orion user from a shell script: ... umask 002 # IMPORTANT! cd /opt/orion java -jar orion.jar $@ ... 4. add your designer to the orion group. in /etc/group: ... orion::204:designer ... 5. use symbolic links to enable access .jsp pages from designer's home. bye, Daniele Arduini
RE: Ant to compile and deploy one file
Title: Ant to compile and deploy one file I have ant and it recompiles only modified .java files (only one). Are you using the latest ant(I think it's 1.3)?. -Original Message-From: Nusairat, Joseph F. [mailto:[EMAIL PROTECTED]]Sent: Jueves, 23 de Agosto de 2001 13:35To: Orion-InterestSubject: Ant to compile and deploy one file Hey if i have one file to update is there an easier way to compile it and re jar it??? I am using ant ... and if i have one i can only seem to recompile them alll which takes some time. Joseph Faisal Nusairat, Sr. Project Manager WorldCom tel: 614-723-4232 pager: 888-452-0399 textmsg: [EMAIL PROTECTED]
RE: Invoke a method on myself in a Stateful Session Bean.
Neat. I've been having similar problems trying to execute a findByPrimaryKey in the ejbCreate method of a bean. Errors, however, just come and go away randomly. -Original Message- From: Mikael Ståldal [mailto:[EMAIL PROTECTED]] Sent: Miércoles, 22 de Agosto de 2001 3:34 To: Orion-Interest Subject: Invoke a method on myself in a Stateful Session Bean. When I try to do like the code below, I get this error: com.evermind[Orion/1.5.2 (build 10460)].server.rmi.OrionRemoteException: Recursive call to non-reentrant bean Is there any other way to do this? I don't want to invoke the methods directly, since I want to make use of container managed transactions. /** * @ejb:ejb-name Foo * @ejb:stateful-session */ public class FooBean extends SessionBean { private Foo me; /** * @ejb:create-method */ public void ejbCreate() { me = (Foo)PortableRemoteObject.narrow( sessionContext.getEJBObject(), Foo.class); } /** * @ejb:remote-method */ public void foo() { // do something interesting me.bar(); // do something interesting } /** * @ejb:remote-method */ public void bar() { // do something interesting } }
RE: PrOperTies ??
Title: SV: Roll-BACK question. env entries in the ejb-jar.xml, web.xml; also, you could create a "load-on-startup" servlet, which is allowed to access disk, to create, say, a singleton which in its constructor opens and loads the properties files. Therefore, you will be paying once per JVM for the initialization, and have it your way. HTH Juan Pablo -Original Message-From: Eddie Post [mailto:[EMAIL PROTECTED]]Sent: Miércoles, 22 de Agosto de 2001 6:32To: Orion-InterestSubject: Re: PrOperTies ?? Noc noc, Can someone please still have some advice on the question I posted below ?? Eddie - Original Message - From: Eddie Post To: Orion-Interest Sent: Tuesday, August 14, 2001 9:18 AM Subject: PrOperTies ?? Hellu, Where do you define your properties/constants which you want to use in your ejb's and servlets (I am using CMP) ?? I am wandering if, putting it all in a property file is the best way to do it (the EJB spec don't 'allow' it), concerning performance and the xml files to store properties. Howcan you define constants in a xml file that are both seen by the servlets and ejb's ?? Some advice on this issue please ? Eddie
RE: j_security_check not redirecting
yes, I get that too. Solved by removing j_security_check from the login page's action, leaving it empty. Regrettably, that's outside of the spec. Also, since that began to happen, whenever there's a failed login, instead of showing the login-error-page, the login-page is shown again. I think one of the guys down here added the bug in bugzilla a month ago. Juan Pablo -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Miércoles, 22 de Agosto de 2001 10:17 To: Orion-Interest Subject: j_security_check not redirecting Hi, I have a problem with securing our web application. I have followed the steps as described in the several documents (like orion security primer). Everything works fine: I enter the URL, the login servlet is called and displays the login web page. However, after entering the login information the real servlet is executed (i see it in the logs) but the browser displays an empty page with the url: http://server/application/j_security_check Two problems here: a) the browser is not redirected to the real page b) the servlets output never finds its way back it seems Question is, does it have to do with our servlet structure. We have a central servlet dispatcher that calls the actual servlet using getNamedDispatcher()... and returns XML data that then is transformed using an XSLTFilter Leo. -- neotis wissensmanagement GmbH EMail : [EMAIL PROTECTED] Telefon: +49 (30) 6392 3591 Telefax: +49 (30) 6392 3595
RE: When user hits STOP..any way to trap that and terminate an ongoin g request..
Title: Ayuda Kevin, tough I value the trouble you've been taking to hack around this orion bug, it is a BUG, and therefore should be corrected. AFAIK, this is the only exploit that orion exposes, and it is VERY problematic. DoS attacks are very easy to perform... just pick any "heavy" page on a site, open a socket, send a very short HTTP header, then drop the connection. Do it quickly and orion will choke up. Most IDS and Firewalls can't block this kind of attack with their default settings, and when programmed to block, they cannot be efficient. -Original Message-From: Duffey, Kevin [mailto:[EMAIL PROTECTED]]Sent: Lunes, 13 de Agosto de 2001 16:23To: Orion-InterestSubject: When user hits STOP..any way to trap that and terminate an ongoin g request.. Hi al, I am almost positive the answer is no, but I thought I'd see if anyone has come up with a solution. All too often, we have some users that submit a large query, then hit the STOP button on the browser, then change something and submit again. In the meantime, their original query is still executing on the server-side. Sure..Orion throws an exception when it tries to send the response back and the connection to the browser is gone. But I am wondering if there is any way at all to just kill that particular request. Like..is there some way the app server or web server can send pings every say, 100ms to the browser to make sure its connection is still alive..and if not, just kill the request in some manner. Perhaps by having a special interface that an application can implement, so that a particular method can be called if the server detects that the connection to the browser is dead before the response has gone back. In this way, that method call can get ahold of the session, and perhaps get ahold of a connection being used, close it, etc. Ofcourse, you can use some client-side javascript to "disable" a button after its been clicked. We have done this, and we also inserted a "transition" page in particular areas where long queries might occur. In this case, the user sees an animated gif and a message that tells them not to hit stop or back. Ofcourse..you're still going to get those users that do this. My personal opinion is that if they call in, we tell them they are stupid, they should unplug their computer and quit their job because they can't follow instructions. Ofcourse..that wont fly, especially if they are a big money client. Besides, its ethically wrong to screw your clients over. ;) So, one possible idea I have had is to do the following. Each user has a session when they log in. Upon any request, a "flag" is set in the session of that user, indicating a transaction is starting. If the user hits STOP, then submits while that transaction is still going on, the server will see the flag is set, and send back a response indicating that a transaction is currently happening and they have to wait for it to be done before another submit can occur. There is a plus side to this..it prevents any user to doing more than one thing. The down side is, it is possible using the File - New - Window to open up another window with the same cookie/sessionID and the user could actually go to a different module and do MORE work at the same time. This would allow, for example a large query to be performing in one module and they could go do some work in another module. My method of a flag would prevent this type of multiple-module capability. The solution, ofcourse is to allow one flag per module, thus only one transaction per module could be performed, which is what I intend to implement to at least keep the user experience at a satisfactory level while preventing tons of form submissions from inundating the server. So anyone had this experience and resolve it in some manner? Thanks.
RE: Ayuda
Title: Ayuda tenés que ir a www.orionserver.com, ir a mailing list, ingresar tu email y presionar el botón Unsubscribe HTH Juan Pablo -Original Message-From: "Rodriguez Muñoz, Rosana" [mailto:[EMAIL PROTECTED]]Sent: Viernes, 10 de Agosto de 2001 2:37To: Orion-InterestSubject: Ayuda Hola atod@s, necesito que alguien me explique como borrarme de esta lista de distribución. Lo he intentado varias veces y me ha sido imposible. Muchísimas gracias a tod@s. -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.- Rosana Rodríguez Muñoz GRUPO IBERMÁTICA Outsourcing Multisectorial Pº Mikeletegi, 5. 20009 San Sebastián (Spain) Phone: (+34) 943 413500 - Fax: (+34) 943 426393 mailto:[EMAIL PROTECTED] http://www.ibermatica.com -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
RE: Transaction question
Bottom line... you can't do that. J2EE doesn't support nested transactions. However, this may work in orion. for info on the descriptors, check out Sun's EJB spec and orion documentation and DTD's. This is a rough draft of how it would have to look like: container-transaction method descriptionTransaction-handling for the SmsManager/description ejb-namenl.unwired.sgs.sms.SmsManager/ejb-name method-intfRemote/method-intf method-name*/method-name /method trans-attributeRequired/trans-attribute /container-transaction container-transaction method descriptionTransaction-handling for the SmsManager/description ejb-namenl.unwired.sgs.sms.SmsManager/ejb-name method-intfRemote/method-intf method-name[YOUR_METHOD_HERE]/method-name /method trans-attributeRequiresNew/trans-attribute /container-transaction therefore, all methods are marked as 'Required' but [YOUR_METHOD_HERE], which is marked as 'RequiresNew' -Original Message- From: Eddie [mailto:[EMAIL PROTECTED]] Sent: Martes, 24 de Julio de 2001 4:47 To: Orion-Interest Subject: Transaction question Hellu, I don't know how to configure the following transaction scenario with CMP. Please some help or maybe a little example: I have two bean methods: A and B. A calls B and I want that when B throws a RemoteException that A intercepts, that B performs a rollback and A not ! I know how to do that in the code (I think): A just catches the remoteException of B and doesn't throw it outside his method. However how do I configure this in the xml file ?? I now have the following in my ejb-jar.xml, which mean that all the methods execute in the same transaction: container-transaction method descriptionTransaction-handling for the SmsManager/description ejb-namenl.unwired.sgs.sms.SmsManager/ejb-name method-intfRemote/method-intf method-name*/method-name /method trans-attributeRequired/trans-attribute /container-transaction As far as I understand it, I have to configure that method B has RequiresNew set, but how do I configure this in the xml file, such that the rest still use Required ?? And is this the correct way to do it ?? Please some help as I can't find anything on the Internet (mail-archive etc..), Eddie
RE: increasing JVM's memory limit
I'm sorry... but... Are you really Bill Clinton? I need help with my RESIDENT VISA. -Original Message- From: Bill Clinton [mailto:[EMAIL PROTECTED]] Sent: Jueves, 26 de Julio de 2001 11:47 To: Orion-Interest Subject: Re: increasing JVM's memory limit hm, the answer to your question has been answered repeatedly in the last few days. Most recently, it was answered in a post submitted less than an hour before yours Check out the thread entitled Re: Orion Performance Testing Peter Peltonen wrote: With jserv I can configure the maximum memory that the JVM can use with this kind of line in jserv.properties file: wrapper.bin.parameters=-mx128m How do I achieve the same with Orion? Regards, Peter
RE: communication among ejbs in different applications
this is what I have in mind yourapp.ear | +yourejb1.jar +yourejb2.jar If ejb-link's are defined correctly, everything should work (works for me) -Original Message- From: Robert Ren [mailto:[EMAIL PROTECTED]] Sent: Martes, 10 de Julio de 2001 18:05 To: Orion-Interest Subject: RE: communication among ejbs in different applications Hi, Juan: Thank for your help. In fact, recently, we tested several combinations of App a and App b. ( Becasue the parent attribute is only for Orion, we gave it up.) And, also we tested the context solution by using JNDI. The results are : Senario 1: If we put the appA.jar in the classPath of appB, and put the appB.jar in the classpath of appA, we can pass the compiling sucessfully, but got Class not defined error when we tried to initialize a context in one EJB in App A to look up the EJB in App B; If we forced the App A to jar with App B, so the appA-ejb.jar file contains both App A classes and App B classes. In this way, we did see the all ejbs in App B via context, but when we cast it, we got CastException error message. Still the old question, can we make this kind call? Thanks! Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Juan Lorandi (Chile) Sent: Monday, July 09, 2001 2:20 PM To: Orion-Interest Subject: RE: communication among ejbs in different applications first, let's get one thing out of the way: 'parent' attribute is a JNDI facility, no more, no less. there still are separate containers for each app (this may not be useful in all apps, specially since transactions may not function as expected) it allows for JNDI properties to propagate BOTH ways (they always propagate from father to son, default father being the default-app) Now, this is where I was aiming to: have apps A, B deployed; do not use parent attribute. connect A B apps using JNDI parameterized contexts (see connecting from applet, application in www.orionsupport.com) Pray for correct transaction enroling/2PC. Juan Pablo PS: Are you sure these errors you get are provoked by each App correctly 'seeing' the other? the dump looks like a bug in orion's JMS implementation -Original Message- From: Robert Ren [mailto:[EMAIL PROTECTED]] Sent: Lunes, 09 de Julio de 2001 13:47 To: Orion-Interest Subject: RE: communication among ejbs in different applications Hi,Juan: Thank you for your suggestion. Do you think this kind of calls will violate any J2EE specs? I mean that one ejb in parent application should have one container, and the ejbs in child app should have thire own container. So, the question: does this kind call violate any container specs? It's pretty interesting, in one ejb of the parent app, when a new context initialized, I already saw the all ejbs in child app, but if I try to instance one of them, the ejb got removed, and the server complained that the class is not defined, although, I put the .jar file including all class in the classpath and import the ejb's remote and home interface also. The error is following: The lookup is=com.evermind.naming.MapNamingEnumeration@28c19b the Name is =com.qmarkets.mas.commerce.ejb.CommerceService the Name is =com.qmarkets.mas.attachments.ejb.AttachmentService the Name is =com.qmarkets.mas.product.ejb.ProductService the Name is =com.qmarkets.mas.user.ejb.UserService the Name is =com.qmarkets.mas.contact.ejb.ContactService the Name is =com.qmarkets.mas.deliveryorder.ejb.DeliveryOrderService the Name is =com.qmarkets.mas.mlcaller.ejb.MLCaller the Name is =java:comp the Name is =com.qmarkets.mas.subscriber.ejb.SubscriberService the Name is =com.qmarkets.mas.object.ejb.ObjectService the Name is =com.qmarkets.mas.permissions.ejb.PermissionService the ref object is Call MLQListenerBean.ejbRemove() MsgReceiverStartup.onMessage: RemoteException was thrown com.evermind.server.rmi.OrionRemoteException: Transaction was rolled back: java. lang.NoClassDefFoundError: com.qmarkets.mas.user.ejb.UserServiceHome at MLQListener_StatelessSessionBeanWrapper2.onMessage(MLQListener_Statel essSessionBeanWrapper2.java:83) at com.qmarkets.ml.qlistener.client.QListenerClient.onMessage(QListenerC lient.java:103) at progress.message.jclient.Session.ew_(progress/message/jclient/Session .java:1313) at progress.message.jclient.QueueSession.run(progress/message/jclient/Qu eueSession.java:623) at progress.message.jclient.sl.run(progress/message/jclient/Session$Sess ionThread.java:1240) Nested exception is: java.lang.NoClassDefFoundError: com.qmarkets.mas.user.ejb.UserServiceHome at com.qmarkets.ml.qlistener.ejb.MLQListenerBean.class$(MLQListenerBean. java:23
RE: communication among ejbs in different applications
first, let's get one thing out of the way: 'parent' attribute is a JNDI facility, no more, no less. there still are separate containers for each app (this may not be useful in all apps, specially since transactions may not function as expected) it allows for JNDI properties to propagate BOTH ways (they always propagate from father to son, default father being the default-app) Now, this is where I was aiming to: have apps A, B deployed; do not use parent attribute. connect A B apps using JNDI parameterized contexts (see connecting from applet, application in www.orionsupport.com) Pray for correct transaction enroling/2PC. Juan Pablo PS: Are you sure these errors you get are provoked by each App correctly 'seeing' the other? the dump looks like a bug in orion's JMS implementation -Original Message- From: Robert Ren [mailto:[EMAIL PROTECTED]] Sent: Lunes, 09 de Julio de 2001 13:47 To: Orion-Interest Subject: RE: communication among ejbs in different applications Hi,Juan: Thank you for your suggestion. Do you think this kind of calls will violate any J2EE specs? I mean that one ejb in parent application should have one container, and the ejbs in child app should have thire own container. So, the question: does this kind call violate any container specs? It's pretty interesting, in one ejb of the parent app, when a new context initialized, I already saw the all ejbs in child app, but if I try to instance one of them, the ejb got removed, and the server complained that the class is not defined, although, I put the .jar file including all class in the classpath and import the ejb's remote and home interface also. The error is following: The lookup is=com.evermind.naming.MapNamingEnumeration@28c19b the Name is =com.qmarkets.mas.commerce.ejb.CommerceService the Name is =com.qmarkets.mas.attachments.ejb.AttachmentService the Name is =com.qmarkets.mas.product.ejb.ProductService the Name is =com.qmarkets.mas.user.ejb.UserService the Name is =com.qmarkets.mas.contact.ejb.ContactService the Name is =com.qmarkets.mas.deliveryorder.ejb.DeliveryOrderService the Name is =com.qmarkets.mas.mlcaller.ejb.MLCaller the Name is =java:comp the Name is =com.qmarkets.mas.subscriber.ejb.SubscriberService the Name is =com.qmarkets.mas.object.ejb.ObjectService the Name is =com.qmarkets.mas.permissions.ejb.PermissionService the ref object is Call MLQListenerBean.ejbRemove() MsgReceiverStartup.onMessage: RemoteException was thrown com.evermind.server.rmi.OrionRemoteException: Transaction was rolled back: java. lang.NoClassDefFoundError: com.qmarkets.mas.user.ejb.UserServiceHome at MLQListener_StatelessSessionBeanWrapper2.onMessage(MLQListener_Statel essSessionBeanWrapper2.java:83) at com.qmarkets.ml.qlistener.client.QListenerClient.onMessage(QListenerC lient.java:103) at progress.message.jclient.Session.ew_(progress/message/jclient/Session .java:1313) at progress.message.jclient.QueueSession.run(progress/message/jclient/Qu eueSession.java:623) at progress.message.jclient.sl.run(progress/message/jclient/Session$Sess ionThread.java:1240) Nested exception is: java.lang.NoClassDefFoundError: com.qmarkets.mas.user.ejb.UserServiceHome at com.qmarkets.ml.qlistener.ejb.MLQListenerBean.class$(MLQListenerBean. java:23) at com.qmarkets.ml.qlistener.ejb.MLQListenerBean.onMessage(MLQListenerBe an.java:89) at MLQListener_StatelessSessionBeanWrapper2.onMessage(MLQListener_Statel essSessionBeanWrapper2.java:53) at com.qmarkets.ml.qlistener.client.QListenerClient.onMessage(QListenerC lient.java:103) at progress.message.jclient.Session.ew_(progress/message/jclient/Session .java:1313) at progress.message.jclient.QueueSession.run(progress/message/jclient/Qu eueSession.java:623) at progress.message.jclient.sl.run(progress/message/jclient/Session$Sess ionThread.java:1240) Thanks! Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Juan Lorandi (Chile) Sent: Friday, July 06, 2001 12:43 PM To: Orion-Interest Subject: RE: communication among ejbs in different applications Robert, the parent attribute is only available in Orion AFAIK. All you need is to setup wire protocols properly. Most are RMI based (like JRMP), and also, each app server uses its own (ORMI, for instance). Similary, IIOP may be available. HTH JP -Original Message- From: Robert Ren [mailto:[EMAIL PROTECTED]] Sent: Viernes, 06 de Julio de 2001 13:43 To: [EMAIL PROTECTED] Subject: communication among ejbs in different applications Hi, Is there anybody had the experience to use EJB A in App 1 to call EJB B in App 2, as long as EJB C in App 2 to call EJB D in App 1. The half of the solution is to use the parent attribute in application tag ( one-way
RE: communication among ejbs in different applications
Robert, the parent attribute is only available in Orion AFAIK. All you need is to setup wire protocols properly. Most are RMI based (like JRMP), and also, each app server uses its own (ORMI, for instance). Similary, IIOP may be available. HTH JP -Original Message- From: Robert Ren [mailto:[EMAIL PROTECTED]] Sent: Viernes, 06 de Julio de 2001 13:43 To: [EMAIL PROTECTED] Subject: communication among ejbs in different applications Hi, Is there anybody had the experience to use EJB A in App 1 to call EJB B in App 2, as long as EJB C in App 2 to call EJB D in App 1. The half of the solution is to use the parent attribute in application tag ( one-way), but I also need another half to form a two-way communication. I tried to parent each other, but failed. I tried to use RMI, but it did not work either. Any suggestion will be highly appreciated! Have a nice weekend! Robert Ren == = To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message signoff EJB-INTEREST. For general help, send email to [EMAIL PROTECTED] and include in the body of the message help. __ __ For your protection, this e-mail message has been scanned for Viruses. Visit us at http://www.neoris.com/
RE: Data source for Sybase with Jconnect 5.2
datasource: data-source class=com.evermind.sql.ConnectionDataSource name=Sybase location=jdbc/SybaseCoreDS xa-location=jdbc/xa/SybaseXADS ejb-location=jdbc/SybaseDS pooled-location=jdbc/SybasePDS connection-driver=com.sybase.jdbc2.jdbc.SybDriver schema=c:\orion\config\database-schemas\sybase.xml username=username password=password url=jdbc:sybase:Tds:Host:Port/Database min-connections=5 max-connections=10 max-connect-attempts=2 inactivity-timeout=30 wait-timeout=0 connection-retry-interval=3 / sample of use: java.sql.Connection conn=null; try { javax.naming.Context ic = new javax.naming.InitialContext(); javax.sql.DataSource ds = (javax.sql.DataSource) ic.lookup(java:comp/env/jdbc/SybasePDS); //acquire conn if (conn==null) conn = ds.getConnection(); ... //use connection ... } catch (Exception e) { //handle error ... } finally { //close conn if (conn!=null) conn.close(); conn = null; } The try-catch-finally is there to ensure errors don't leave connections hanging loose(they would not be returned to the pool, but finally fail due to timeout) HTH JP -Original Message- From: Boris Erukhimov [mailto:[EMAIL PROTECTED]] Sent: Miércoles, 04 de Julio de 2001 3:51 To: Orion-Interest Subject: Data source for Sybase with Jconnect 5.2 I'm trying to ask it second time. Does anyone use Jconnect 5.2 ? If so could you please share your data-source.xml and access code. I'm particularly interested to see how pooled-location works, not ejb-location. Thanks ~boris
RE: Simple Clustering Question
you need a switch which has multicast enabled; (most ethernet switchs have this capability, some just don't have it enabled) -Original Message- From: Oisin Kim [mailto:[EMAIL PROTECTED]] Sent: Sábado, 09 de Junio de 2001 10:11 To: Orion-Interest Subject: Simple Clustering Question Hi, I've spent the last while trying to get clustering to work with orion server 1.5.2 without success. First I tried to follow the instructions at http-clustering-howto.html from the documentation, it said: Setting up the server 1. Install orion and start it. 2. Edit the orion/application-deployments/default/defaultWebApp/orion-web.xml file and add: cluster-config / 3. Repeat 1 and 2 for another (or more) box(es). But when I tried to connect to the server, the server let me know that the file /orion/default-web-app/WEB-INF/web.xml hadn't got the tag distributable/ in it. I then added this tag to all servers /orion/default-web-app/WEB-INF/web.xml file in the cluster, and tried again, this time they actually ran the SessionServlet but as if they were being run individually, i.e. the session wasn't shared as it was supposed to be, I did remember to append ;jsessionid=ID YOU GET ON YOUR BOX1 SCREEN to it and tried both leaving the angle brackets in and out. I know I must be doing some thing wrong but I can't find it, I'd really appreciate some help. I noticed in the http-clustering.html that in the clustering it mentions the default for multicast host/ip to transmit and receive cluster data on is 230.0.0.1, port number 9127, does this mean I have to have a network card listening on this IP/port? What exactly is a network with operational multicast facilities, is plain 100Mbs ethernet running on linux OK? Thanks, Oisin
RE: java.lang.OutOfMemoryError;
inline -Original Message- From: Puthezhath, Rajeev (TWII Boston) [mailto:[EMAIL PROTECTED]] Sent: Viernes, 08 de Junio de 2001 14:42 To: Orion-Interest Subject: java.lang.OutOfMemoryError; Hi , We get java.lang.OutOfMemoryError; on production server frequetly.I know this problem was discussed in this list before. I implemented all the sugestions in this mailing list but still the error keeps on coming .I would like to know the following 1) As an answer to the above mentioned problem I saw a sugestion in this mailing list to limit the # of instances by adding max-instances attribute to orion-ejb-jar.xml which would force orion to passivate less used beans.I downloaded orion 1.5.2 and set the same.But observed that passivation is never called. Is there a way to make sure that orion passivates beans which are not used . 2) Some people have mentioned increasing the memory. Has any body tried this solution and i would like to know whether the problem got solved.How can I increase the memory ? first, by hardware (buy some chips), secondly, by specifying a minimun/maximun heap size of the JVM when you invoke it these are the ones I use (W2K, Sun's JVM 1.3.0) -Xms128m (minimun heap size 128 MB) -Xmx320m (maximun heap size 320 MB) 3)Has anybody solved this problem ? No. There´s always a limit to the amount of memory available on any given system ;-) Let's hope that(buggy orion code) gets fixed soon- don't forget to cast your vote on Bugzilla, that is, if vote casting is finally enabled Any sugestions Thanks in advance Regards Rajeev
RE: proxying orion with IIS or iPlanet Web Server
then again, you could build your own ISAPI filter -Original Message-From: Lachezar Dobrev [mailto:[EMAIL PROTECTED]]Sent: Miércoles, 30 de Mayo de 2001 6:36To: Orion-InterestSubject: Re: proxying orion with IIS or iPlanet Web Server Frankly? Apache is better connected to Tomcat... Faster, and there is no need for those... URL rewrites and so on... Also... I can have the users authenticated at the apache side. I get the username and security things from the apache directly. Quite handy you know... Orion is not so good at handling Apache requests. and if you plan to use prive IPs (like having Apache run on the firewall machine...) than you'll be very sorry... Like I was, because there is a SIGNIFICANT delay while Apache servers the requests, I'm not sure why. I guess it's something to do with the DNS resolving... However... Having Win2k as a firewall/router/Apache server is not the best solution... Believe me. If it was to me... I'll get a SlackWare to do the server job... But it's not up to me... :( Tomcat uses some different protocol to serve requests to Apache (APJ). Well... You can still use Tomcat as HTTP request server, but... Better not :) same goes to Orion. May the shade of the tree strengthen you. Sincerely yours: Lachezar - Original Message - From: Patrik Andersson To: Orion-Interest Sent: Wednesday, May 30, 2001 10:32 AM Subject: SV: proxying orion with IIS or iPlanet Web Server Just for the sake of asking, why do you have tomcat serving jsp/servlets and orion serving ejbs if they're both running on the same machine? For me, that sounds like asking for extra maintenance trouble. And another thing, from having one "single point of failure" you now have 3. If either one if these three applications decide to call it a day your whole application dies and that goes for having two machines running different software aswell. Why not use two or three machines all running orion and having them split the workload by clustering them? regards, Patrik -Ursprungligt meddelande-Från: Lachezar Dobrev [mailto:[EMAIL PROTECTED]]Skickat: den 30 maj 2001 08:50Till: Orion-InterestÄmne: Re: proxying orion with IIS or iPlanet Web Server Hya... Got a reply for you :). I use Apache as a front-end server. I use Orion to store my EJBs, and I use Jakarta-Tomcat to deploy servlets and JSPs. Just put the Tomcat and Orion on one and the same machine, start tomcat with a classpath, that includes the jars of the Orion server. Put a jndi.properties file somewhere (probably the web-inf/classes directory) and specify the jndi properties as for a remote application: java.naming.factory.initial=com.evermind.server.rmi.RMIInitialContextFactory java.naming.provider.url=ormi://127.0.0.1/your application java.naming.security.principal=admin user java.naming.security.credentials=admin pass Than you can safely read the Apache-Tomcat connectivity issues. I have used this with IAS instead of orion also. It worked. Apache and Tomcat are "cheaper" than other web servers :) May the shade of the tree strengthen you. Lachezar - Original Message - From: "Andrew Diederich" [EMAIL PROTECTED] To: "Orion-Interest" [EMAIL PROTECTED] Sent: Wednesday, May 30, 2001 12:46 AM Subject: RE: proxying orion with IIS or iPlanet Web Server I was afraid of that -- ISA is a minimum of $1,500. An expense for the free webserver. I'll look into, iWS, but since iPlanet sells a proxy server, too, I bet their webserver won't do it be default, either. Ah, well. Does this mean folks using Orion on NT/Win2k put Orion in their DMZ? -- Andrew -Original Message- From: Juan Lorandi (Chile) [mailto:[EMAIL PROTECTED]] Sent: Monday, May 28, 2001 13:40 To: Orion-Interest Subject: RE: proxying orion with IIS or iPlanet Web Server Dig into ISA server, It's the M$ reversed proxy solution. Or else, go into the ISAPI filter world (best of luck) JP
RE: bugs in @page extends=.... in Orion implementation?
I believe this could be better modeled differently, because it leaves no room for the web server to implement its callbacks and java doesn't support multiple inheritance. -Original Message- From: Randahl Fink Isaksen [mailto:[EMAIL PROTECTED]] Sent: Martes, 29 de Mayo de 2001 3:01 To: Orion-Interest Subject: RE: bugs in @page extends= in Orion implementation? Well, can anyone confirm that JSP pages can extend your own class when using Orion??? Or has noone been able to use @page extends? I see many good reasons for implementing your own super class for your JSP pages. For instance, such a superclass could do logging of all client activities or it could do security checking. Randahl -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Robert Nicholson Sent: 25. maj 2001 21:15 To: Orion-Interest Subject: RE: bugs in @page extends= in Orion implementation? It's doing you a favour.Please elaborate on why you want to extend that class. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jiuyun Wang Sent: Friday, May 25, 2001 9:20 AM To: Orion-Interest Subject: Re: bugs in @page extends= in Orion implementation? It doesnot work, not matter which one (servlet/jspbase) I extends my jsp, orion jsp compiler just don't support extends -Jiuyun --- SCOTT FARQUHAR [EMAIL PROTECTED] wrote: It looks like your page should extend servlet and not jsppage. Just change JSPBase to extend servlet (and make the required changes). I haven't read the spec, but I imagine that extending OrionHttpJspPage is proprietary, and would not be part of the spec. Scott [EMAIL PROTECTED] 05/23/01 05:42am I create a class called JSPBase class which extends OrionHttpJspPage, and I put the @ page extends=packagename.JSPBase in my JSP file. however, orion give the following error: Superclass of the JSP page does not implement Servlet, invalid extends attribute. Does orion implement @page extends correctly? Any clarification? -Jiuyun __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ = Jiuyun Wang M.Sc. of Computer Sciences Sun Certified Programmer for Java 2 Platform IBM Certified Solution Enterprise Developer Phone: 919-696-0419(cel) Email: [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
RE: Serious problem with Orion transaction processing: multiple c onnecti
This is most likely caused by Orion not recognizing transaction affinity. CMP connections are taken from ejb-location, and the other connections you're using are from either the non transactional pool (location) or XA (xa-location). These pools are unaware of each other. Also, TX affinity is handled on a per thread basis, so issuing JDBC commands directly from the Web Server won't enrole these within the same transaction as the ones fired from the app-server. Eduardo, if you can ellaborate further, we can provide more assistance (and gain some know how in the process ;-) JP -Original Message- From: Andre Vanha [mailto:[EMAIL PROTECTED]] Sent: Viernes, 25 de Mayo de 2001 14:15 To: Orion-Interest Subject: RE: Serious problem with Orion transaction processing: multiple c onnecti Interesting problem. It could be that there is a bug in orion, but since this problem is so likely to happen anytime you use multiple connections I would suspect the problem was taken care of. A couple of hints: From which context are you executing your JDBC calls? Servlet or EJB? How are you retrieving the connection? Dirver Manager or JNDI? You should be using JNDI, and if you are, you should be using the EJBPooled location, to ensure transactional integrity with CMP transactions. Also if you are executing JDBC calls from EJB, you should be defining and using a resource reference in your assembly descriptor. Andre -Original Message- From: Eduardo Estefano [mailto:[EMAIL PROTECTED]] Sent: Friday, May 25, 2001 9:49 AM To: Orion-Interest Cc: Orion-Interest (E-mail) Subject: SV: Serious problem with Orion transaction processing: multiple c onnecti Using 1.4.5 with Oracle 8i and jdk1.3.1 The problem we are finding is that when orion starts a transaction, it does not necessarily executes all DB commands within the same database transaction. The end result is a deadlock in the database. I'm having a problem executing a delete command that does a delete on child tables using JDBC and finally, a delete in the parent table using entityBean.remove(). I tested the code two ways. The first, with no constraints on the database and the delete works fine. The second, with foreign key constraings, causes a deadlock, where the parent delete is waiting on the child deletes to commit. But this commit will not happen until the parent is deleted. I was able to duplicate the problem manually, opening two connections to the database and issuing SQL statements. Off course, if I was doing this manually, I would put both statements in the same transaction. Here are my questions now: - Is it not allowed in EJB to mix JDBC and CMP Entity calls in the same transaction?
RE: proxying orion with IIS or iPlanet Web Server
Dig into ISA server, It's the M$ reversed proxy solution. Or else, go into the ISAPI filter world (best of luck) JP -Original Message- From: Andrew Diederich [mailto:[EMAIL PROTECTED]] Sent: Viernes, 25 de Mayo de 2001 16:37 To: Orion-Interest Subject: proxying orion with IIS or iPlanet Web Server Folks, I've been able to make proxying work with apache, but I wanted to know if you could do the same thing with either IIS or iWS 4.1. I was fooling around with redirects in IIS, but they seem to be truly redirects, and not proxy passthroughs. Has anyone accomplished this successfully? -- Andrew Diederich
RE: Orion 1.5.0? Where do you download it from?
anyway, you can download the latest orion.jar from http://www.orionserver.com/orion/orion.jar -Original Message- From: Ganasen Gounden [mailto:[EMAIL PROTECTED]] Sent: Miércoles, 23 de Mayo de 2001 7:59 To: Orion-Interest Subject: Re: Orion 1.5.0? Where do you download it from? Thanks for all many response. What a great community!!! Unfortunately for me java -jar autoupdate.jar does not work because I am behind a firewall. Orionsupport.com says that if you're behind a proxy, as many users are, you'll need to specify some extra parameters, as so: java -DproxyHost=[proxy name] -DproxyPort=[proxy port] -jar autoupdate.jar My firewall address in ie5.5 is http://firewall:8000/proxy.pac. However I am not quite sure of how to specify the [proxname] and [proxy port]. I tried a few commands as follows but failed. java -DproxyHost=http://firewall:8000/proxy.pac -DproxyPort=8000 -jar autoupdate.jar java -DproxyHost=[http://firewall:8000/proxy.pac] -DproxyPort=[8000] -jar autoupdate.jar java -DproxyHost=[http://firewall:8000/proxy.pac] -DproxyPort=[80] -jar autoupdate.jar java -DproxyHost=http:firewall -DproxyPort=8000 -jar autoupdate.jar java -DproxyHost=firewall -DproxyPort=80 -jar autoupdate.jar etc Could someone please give me the correct format. Many thanks Gan Gounden City of Cape Town Ph (021) 400-2174 Fax (021) 425-1096 Cell 083-63-59-268 e-mail: [EMAIL PROTECTED] ** Any unauthorized use and interception of this e-mail is illegal. If this e-mail is not intended for you, you may not copy, distribute or disclose the contents to anyone. This e-mail does not give rise to any binding legal obligations upon the City of Cape Town unless the City of Cape Town subsequently confirms the content in writing non-electronically. This e-mail may be confidential, legally privileged or otherwise protected by law. Unauthorised disclosure or copying of any or all of it may be unlawful. If you receive this e-mail in error please notify the sender and delete the message **
RE: PetStore - Session State in a Cluster
FACT: Orion's HTTP clustering won't work unless the web site is default-web-site. also, session replication in orion(at least, 1.4.7, which is the version I've used) does survive well server crashes, but not server restarts. I'll explain Environment with a redirector (R) and two orion boxes (A B) session values are replicated. server B goes down server A performs (session values are used) server B goes live again sessions on server A aren't replicated in server B. However, any attributes set in A(setAttribute() ), will be replicated to B in realtime. So, there's an amount of time, when crashed servers go back online, in which they have partial or no session status replication. This is observable when using any tipe of redirector, either software(LoadBalancer) or hardware(Cisco Redirector, Foundry Iron). This could be solved(not easily tough) with a synchronization instance in which server B should get a the bulk of all session state in server A, then proceed normally. Along this line, but diverting, the logged user is replicated only when the user logs in, so sessions in B after the restart have no identity information, which will eventually trigger a login page to be displayed. These issues tend to get worse as the island size(box count) increases. Orion does have a HTTPSessionManager interface exposed as public. It allows Orion to implement a 'normal' HTTPSession and a ClusteredHTTPSession transparently, and is used internally when some attributes are on appropiate xml files (ref: cluster/); I'd wish there was a tag on orion-application.xml that could allow a personalized class which implements HTTPSessionManager to be used, a la UserManager, so some of these problems (and others that arise with mixed sites that use non secure and secure portions) could be worked around without giving up many of orion's session managing abilities(URL rewriting, Management of sessions with the console and so on) My 2c, JP PS: I'm forwarding this to Karl to be entered in the wishlist. -Original Message- From: Marcel Schutte [mailto:[EMAIL PROTECTED]] Sent: Lunes, 21 de Mayo de 2001 5:48 To: Orion-Interest Subject: RE: PetStore - Session State in a Cluster My guess is you stumbled upon a mismatch between the servlet and jsp specifications: a container needs some way to decide when to replicate a session to a cluster. In Orion and Weblogic this is done when session.setAttribute() is called. This works fine for things like the SessionServlet. In jsp's with the jsp:useBean ... scope=session tag, setAttribute is only called upon creation of the bean class. Modifications to the session state are done through calls on the bean class. This doesn't trigger session replication because the container doesn't know about the change. Marcel Hi, I have the (J2EE Blueprint) PetStore application clustered on two Orion instances running on the same machine. When I connect through the LoadBalancer, I can see my session state get replicated across the two nodes. When I kill the primary node, the load balancer automatically connects me to the secondary node and takes me through the rest of the shopping cart experience, however any items I had in my cart (ie. Session state!) aren't there anymore. I know that for clustering to work, objects should be Serializable AND placed in the session/servlet context for it to be replicated. So my *real* questions are: 1) I haven't dived into the PetStore code - but is this a design issue with the PetStore or do I need some configuration pointers? 2) Has ANYBODY got PetStore working properly in a Clustered environment where you can kill the primary server and continue shopping (with your existing cart) on the secondary node? My Environment:Win2K, JDK 1.3, PetStore 1.1.2, Orion 1.4.5 NB: The SessionServlet example works FINE for me. When the primary goes down, the secondary node picks up with the same counter number as before the failure. __ ___ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
RE: How to enable UserManager support for arbitrary user...
As noted in previous posts, You wouldn't need to make a lot of what you write. The User field of HTTPSessions is undocumented BECAUSE it should(as per the spec) be transparent. Orion usually creates a session implicitly, that is, a session exists even if you still haven't authenticated. However, resource constraints require authentication, and that auth is stored for convenience reasons into HTTP sessions. SOAP is really a good option. Apache's SOAP is based on soap4j, originally made in IBM by the same guy that did XML-RPC; Don Box, the ultimate COM evangelizer is behind it, it is a IETF controlled protocol (so there's less vendor lockout liability than with J2EE itself, as it's all the time under Sun's control). Anyway, I'd go for it if services to be provided are really complicated (number of services and parameters in them), and, SOAP or not, you'd be better off constructing some proof of concept samples. Here's what I'd do: 1. A initiate.jsp with two purposes: a. Obtain a session id b. Set a user's identity (a) is accomplished by orion automatically. In every JSP page, there's a 'session' variable wich holds a javax.servlet.http.HTTPSession instance (it may be an simple implementation or a clustered one, with all of orion's http session clustering features built in) (b) is accomplished by using RoleManager.login(username, password) method sample of invocation: HTTP GET: GET /[YOURAPPPATHHERE]/initiate.jsp?username=JPLorandipassword=rambalanga on the response header you'd get a cookie(it wouldn't disable them) Set-Cookie: JSESSIONID=JGASDHUIGSAIAIHBH (or something along these lines) from here on, every request posted should either (a) contain on its header a cookie field: Cookie: JSESSIONID=JGASDHUIGSAIAIHBH (b) be URL rewritted (postfix to the URL): ;jsession=JGASDHUIGSAIAIHBH example: http://[YOURHOST]/[YOURAPPPATHHERE]/[a-given-action-page]?param1=somevalue;j sessionid=JGASDHUIGSAIAIHBH No need to set form auth, but even if you want to do it, just leave initiate.jsp unprotected(i.e.: not in any resource collection), both (browser based form auth VB client auth) will work just fine. I hope this, altough may not solve Alex's at-hand problem, will help someone. I sure would have liked someone gave this explanation to me instead of having to decompile all orion to find out how the GHU"$%"@ it works. Regards, JP -Original Message- From: Alex Paransky [mailto:[EMAIL PROTECTED]] Sent: Monday, April 16, 2001 4:47 PM To: Orion-Interest Subject: RE: How to enable UserManager support for arbitrary user... I belive we *are* using Orion/J2EE sessions. We are not doing any of our own session management stuff. All our HTTP session is done through standard J2EE interfaces. You mentioned that there is a field in the HTTPSession that we can set to tell Orion what user is using this session? Is this documented anywhere on the Orion site? If not, can you give a little more detail on this field. What type of object should be stored into this attribute. As I understand it, after an object is stored into this "user" attribute in the session, Orion will use a UserManager to validate and retrieve group/rights information about this user for every HTTP call. So all I would have to do then, is write my own custom, UserManager and tell Orion to use it. Thanks for your help, I think I am getting closer, here is what I plan to do: 1. Create a specific login .JSP page which will: a. validate the user b. create a session c. configure the "user" attribute to the user object d. return session id to the client 2. Client passes the session id on every call as a part of the url Again, the only part of the above which I am not sure about is 1c... Thanks. -AP_ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Juan Lorandi (Chile) Sent: Monday, April 16, 2001 11:26 AM To: Orion-Interest Subject: RE: How to enable UserManager support for arbitrary user... Alex, I have a few questions and comments, 1. Which HTTPSession are you using? Orion's or your own? I recommend Orion's, tough one on the developments here uses a home-brewn session management. This forces us to include a few lines of code (with a taglib) in almost every page. Also, this renders Orion's J2EE security useless (Orion's HTTPSession has a User field where it stores either null (not authenticated) or a User reference to know the session Identity. 2. How are you authenticating a user? I presume you aren't right now. I would go with this: a. A Custom UserManager(for DB persistence, kinda like DataSourceUserManager, but yours) b. No custom SessionManager. (Orion has this declared as a public interface, but has no means to know which is the desired implementation; pity, session management,URL rewriting, and session + auth
RE: Usage of the Service console...
I use the console for remote monitoring, and shutdown. I also use the console to remote monitoring of sessions. DB support is now available (I'm using Orion 1.4.7) so I touch records if needed. Editing user profiles is built in, also, but relatively buggy. It's helpful, if you don't get your hopes too high. JP -Original Message- From: Jeff Schnitzer [mailto:[EMAIL PROTECTED]] Sent: Saturday, April 14, 2001 1:32 AM To: Orion-Interest Subject: RE: Usage of the Service console... My advice is to ignore all the GUI tools that come with Orion and stick to Ant as a build-and-deploy tool. It is my strong suspicion that nobody is using, testing, or actively developing the GUI tools. It is my personal opinion (probably shared by many on this list) that this is a good thing. I would rather see the Orion team's limited resources focused on the server core. Not that I think pretty GUI tools don't have a place, but there really is no limit to the amount of time one can sink into getting a GUI app working properly. Ant works just fine. Jeff -Original Message- From: Chaya Ramanujam [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 12, 2001 12:10 PM To: Orion-Interest Subject: Usage of the Service console... I've been playing with the Service console. It took me way longer to create, install and deploy a J2ee app using the console than it did when I did everything myself on the command line (creating the directory structures, creating very simple deployment descriptors, creating the jar and war files and finally editing the server.xml and default-web-site.xml files). I know the console is said to be "alpha" quality - but was just curious - is any one out there using the console on a regular basis? Do you find it really useful? In what scenarios do you find this more useful - while creating and deploying apps or for monitoring or for redeploying apps? There seems to be a great deal of functionality in the console, however the lack of documentation/help is a big drawback. --Chaya. _ Get your FREE download of MSN Explorer at http://explorer.msn.com
RE: How to enable UserManager support for arbitrary user...
Alex, I have a few questions and comments, 1. Which HTTPSession are you using? Orion's or your own? I recommend Orion's, tough one on the developments here uses a home-brewn session management. This forces us to include a few lines of code (with a taglib) in almost every page. Also, this renders Orion's J2EE security useless (Orion's HTTPSession has a User field where it stores either null (not authenticated) or a User reference to know the session Identity. 2. How are you authenticating a user? I presume you aren't right now. I would go with this: a. A Custom UserManager(for DB persistence, kinda like DataSourceUserManager, but yours) b. No custom SessionManager. (Orion has this declared as a public interface, but has no means to know which is the desired implementation; pity, session management,URL rewriting, and session + auth integration is not complaint to standards but purely propietary) c. a custom login action jsp/servlet. It takes username and password paramters and returns a session ID; this might be a cookie or URL rewriting (you can disable cookies in orion-web.xml) d. every new call has either a cookie field set on the HTTP header or a URL rewrite in the form of: http://somehost/somepath/somepage.jsp?a_Whole_Lotta_Params;jsessionid=SOMESE SSIONID That's it. 3. Are the client and the server in a LAN? Why not using JIntegra, J2EE CAS or SOAP4j + SOAP Toolkit to integrate them? I think basically your problem is that your HTTP Session is propietary and not seamlessly integrated with Orion. All we all would need to implement a SessionManager of our own without recompiling Orion is a SessionManager tag much like the UserManager tag in orion-application.xml. Then whenever a custom SessionManager is needed(in our case, to share sessions between Orion and IIS) would benefit of many neat things orion does, such as automatic URL rewriting, transparent session management(the session object available in JSP) and declarative security, to name a few. My 2c, JP -Original Message- From: Alex Paransky [mailto:[EMAIL PROTECTED]] Sent: Sunday, April 15, 2001 1:03 AM To: Orion-Interest Subject: RE: How to enable UserManager support for arbitrary user... Here is the problem that I am not sure how to really fix. Our EJB application is wrapped with a number of "command" URL's which return XML results. For example: http://localhost/getAccountInformation.jsp?account=2234 would return an XML representation of an account. An http://localhost/addUserToAccount?account=2234userName=test.. . would add a user to a particular account. A Visual Basic client, then uses these "command" URLs and resulting XML to present a user interface. Given the above scenario, what would be your recommendation for authenticating the user starting right after I accept the user/password from the VB form (I don't much care for VB specifics, just the part which deals with EJB/JSP/J2EE security). After accepting user authentication information from a VB dialog, what should I do next. How do I get this information "registered" with Orion or any j2ee application server so that the deployment descriptor information works correctly. Is this the way J2EE security was meant to be used. A non super-user account, cannot execute a setSuperuser(boolean) function on the User bean. Is this how I should be controlling this? Is this the proper method? I was reading the J2EE EJB spec which states that coding security should be the last resort. I am not clear on how to execute the above scenario. Thanks to all the people who have already posted in regards to this issue. -AP_ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Schnitzer Sent: Friday, April 13, 2001 10:09 PM To: Orion-Interest Subject: RE: How to enable UserManager support for arbitrary user... I suggest using an MVC (aka "Model 2") approach, separating your view from your controller. One of the controller's responsibilities can be to check for authentication and provide to the user either the requested page or the login page. If you use a dispatcher-servlet-action framework for your controller, you typically will only need to put the authentication checking code in a base action class from which all protected action classes derive. If you use JSPs as controllers you'll need some sort of code in every one (you can use @include for this). You will be much happer if you use an MVC appraoch, trust me. The J2EE automatic form-based authentication is very crude and fails to accomodate simple use cases like automatically logging in new users. You might want to look at WebWork: http://www.sourceforge.net/projects/webwork. BTW, if you use the Orion UserManager (and RoleManager), you should not do your own database lookup. Calling RoleManager.login() causes methods to be called on
RE: Friendly error messages from Microsoft get in the way (was Error pages defined in web.xml not found / activated)
the error code is sent on the very first line of the response header-- and orion doesn't allow you to control that -Original Message- From: Frank Eggink [mailto:[EMAIL PROTECTED]] Sent: Monday, April 02, 2001 3:56 AM To: Orion-Interest Subject: Friendly error messages from Microsoft get in the way (was Error pages defined in web.xml not found / activated) Well ... How can you spend your weekend?!? The problem I described looks to be caused by wat's called 'friendly error messages' from the Internet Explorer. All runs fine with Netscape. Microsoft replaces standard 404 'can not find page' errors with their own page, which is considered (by them) to be more user friendly. Still I do not understand how the Explorer gets the information there is a 404 error. Could this be somewhat less wanted feature of Orion? I certainly would like to have control over this error message. FE On Friday, March 30, 2001 5:48 PM, Frank Eggink [SMTP:[EMAIL PROTECTED]] wrote: Hi, I'm having a problem. I have defined error pages in my web.xml I've defined: error-page error-code404/error-code location/errors/error404.jsp/location /error-page Now I expect to see the error page when I request a non existing page like http://localhost/my-app/non-existing-page.html, which does not happen. I'm obviously overlooking something, but what?? [When I define the error page in a jsp page with %@ errorpage=/errors/error404.jsp % it does work. So it can find the page, which gives me the impression I've setup something wrong. What?? FE Frank Eggink Swift Applications [EMAIL PROTECTED] +31 6 28847325 (voice) +31 33 4532464 (fax)
RE: Paged search results
With all browsers, session cookies are usually shared within a OS process The default IE behavior is to share the process whenver new windows are opened with CTRL-N. If you execute a shortcut to IE, it will open a window attached to a different process. Netscape 4.x in both Windows and Linux always runs different windows within the same process. Changing this behavior needs a rebuild in Linux. I don't know how Netscape 6 behaves. Opera is a MDI application, and also, session cookies are always shared within an Opera instance. Corollary: If a user logs off in a browser window, he'll be logged off in (practically) every other browser window. P.S. : this stands only for FORM based auth. Basic Auth is sent by the browser as needed and doesn't require http session capabilities on the server side. -Original Message- From: Trevor Squires [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 29, 2001 12:49 PM To: Orion-Interest Subject: Re: Paged search results On Wed, 28 Mar 2001, Gary Shea wrote: It seems to me that if you have multiple browsers open and they're sharing an application like Netscape does, they will all have the same session unless you're using URL rewriting. My experience with Netscape and Konqueror (sorry I don't know anything about IE) is that once a cookie is established on any one browser, all the rest will begin submitting it. As a result, if you're using cookie-based sessions, then your browsers are all in the same session. If you're using URL rewriting they'll all have independent sessions. In IE (perhaps only on NT, dunno) you can configure it so that all browser windows are in a separate process space. This means that non-persistent cookies are *not* shared between windows AFAIK. Trevor
RE: Who's wrong?
ciao ingenieri, %= % is the jsp literal, it shows an expression; if it ends with a semicolon (";"), then it is a statement HTH JP -Original Message-From: Ing. Nicola Folino [mailto:[EMAIL PROTECTED]]Sent: Wednesday, March 28, 2001 12:19 PMTo: Orion-InterestSubject: Who's wrong? Orion don't agree on this line of code in a jsp page: %=variable;% The semicolon is an error? But JRun accepts it! Who's wrong? Thanx...
RE: Removing SBs when expiring HttpSessions ... the challenge continues.
Just a tought: impersonate a role within the SB's method remove instead of reliying on interactive login: public void remove() { //get UserManager UserManager um = ic.lookup("java:comp/UserManager"); um.login("mySecuritySafeUser","thePassWd"); this.myejbref.remove(); } I haven't tried this, but I guess it should work, specially if auto-sessions are on... HTH, JP -Original Message- From: Gerald Gutierrez [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 22, 2001 3:05 PM To: Orion-Interest Subject: Removing SBs when expiring HttpSessions ... the challenge continues. When an HttpSession expires, it calls valueUnbound() on all session-bound variables that implement the HttpSessionBindingListener interface. So this provides a way for expiring HTTP sessions to remove session beans that would otherwise stay active and eventually consume all resources and cause the server to crash. The reasonable thing to do is to call ejb.remove() (and whatever other methods) within the valueUnbound() method so that the SB can clean up and be removed on the event. HOWEVER, if the SB is protected by security constraints, calling methods on the SB causes either NullPointerExceptions, or SecurityExceptions. In my case, I have a HttpSession which has bound an SB, which in turn has a reference to an EB. When the session expires, I need to remove the SB, which in turn must call a method on the EB. If I attempt to just call sb.remove(), the ejbRemove() method is called but a NullPointerException is thrown in the EB's wrapper. If I call getCallerPrincipal() in the SB first (which returns me the "guest" user), then call the EB, a SecurityException is thrown. Ignoring the fact that the different exceptions may be an Orion bug, the fact still remains that the "guest" user is calling the SB when calling through the valueUnbound() method. SO, the question, once again, is: When an HttpSession expires, what's the proper way to cleanup and remove the EJBs that are bound to that session? Gerald.
RE: Customizing the web authentication service
Title: Customizing the web authentication service Sun specifically leaves security mapping to each vendor/platform. The only thing that's specified is roles, but how do they map really it's up to the vendor and more than often is platform dependant (especially with Windows Auth) HTH JP -Original Message-From: elephantwalker [mailto:[EMAIL PROTECTED]]Sent: Monday, March 19, 2001 11:49 PMTo: Orion-InterestSubject: RE: Customizing the web authentication service Ben, Sun has specified the way security should behave, but not the implementation. Each j2ee vendor has chosen a different method, so it is truly one pain in the "arse" (forgive my old english). Regards, Elephantwalker -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ben WarnerSent: Monday, March 19, 2001 6:41 PMTo: Orion-InterestSubject: RE: Customizing the web authentication service Thanks, my passwords in the database are encrypted by a one way hash algorithm so I don't think this DataSourceUserManager will do all that I want. I have found and read the thread on "Custom UserManager" in this list and have deciphered the hard truth that I will have to implement my own UserManager... RoleManager... User etc From this and other threads on similar topics I have also concluded that there is no J2EE standard for defining and using your own Authentication module. Is someone able to confirm this for me with certainty? regards, bw. -Original Message-From: Magnus Rydin [mailto:[EMAIL PROTECTED]]Sent: Monday, March 19, 2001 5:51 PMTo: Orion-InterestSubject: SV: Customizing the web authentication service Take a look at http://www.orionsupport.com/articles/datasourceusermanager.html WR -Ursprungligt meddelande-Från: Ben Warner [mailto:[EMAIL PROTECTED]]Skickat: den 18 mars 2001 20:00Till: Orion-InterestÄmne: Customizing the web authentication service Hi, I'm trying to do something simple but I'm frustrated by my lack of success in finding information about it. I have scoured the list, the web, J2EE doco and would appreciate any information that may help me. Thanks in advance. I'm running a J2EE application in orion using form based authentication. The problem is that users are authenticated by the webserver according to the contents of the principals.xml file for my application. In my application users (including username password) are stored in the database and I don't want to use the principals.xml file to store all my user logins. What I want is for the webserver to call my own custom authentication method to authenticate the user and let me decide if the login is valid or not and set the appropriate user principal in the session if it is valid. I'm sure this has been done a million times... I must be looking in the wrong places... Thanks again, bw.
RE: Why Entity EJBs?
I'm using EJB 1.1 CMP; It gives me as much DB independence as I need. I have to rewrite some finders when porting from DB to DB; hopefully EQL will remove this burden too. Orion performs caching of instances, check out exclusive-write-access and validity-timeout atrributes for entity-deployment tag in orion-ejb-jar.xml. However, if you have a distributed environment, cache's like the one in Orion are a threat to data integrity-- so they *must* be deactivated. Also, an orion-dependant feature, the boolean isModified(), which in WLS is called boolean isDirty(), plus a correct use of declarative transactions allow to minimize the impact on the DB. I believe CMP is the way to go, but it is very much server-dependant. The (apparent) poor performance of CMP is due to the need for this solution to address many things we all want from the server, such as data integrity, distribution across hosts of the business logic, declarative transactions and security. There's a price inherent to all this features, and the larger the spec, the higher the price we all must pay, basically, by leveling down. MS's single vendor approach actually levels up, but when they don't have the answers pre-packaged, all crumbles down and somehow we(as developers) must pay for the loses. Eventually, the servers *will* perform as expected, but until the spec matures, we will be stuck with some minor problems. I'm now living in Chile, and the budgets are pretty tight here, but still, the customer'd rather pay for an extra box to scale up than to pay extra to the programmers to do a more optimized job and scale out. I'm aware that this is vastly simplifying the issue, but the point still stands. Perhaps the true problem is that we, all the J2EE developer community, are pushing it too far *and* too broad. This is what happened with CORBA, leaving us with very little common ground. Some servers implement mor of the spec, some less. Some scale(but forbid Singleton's, for instance) and some don't. And there is no single way of making two OTS from two different vendors to cooperate. CORBA was even taller than the Everest, so nobody climbed it. Of course, I also have those rush moments where I wonder why I quitted my older job, but that's definitely not the time to contribute to anything. My 2c, JP -Original Message- From: Jeff Schnitzer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 20, 2001 1:31 PM To: Orion-Interest Subject: RE: Why Entity EJBs? I also am questioning entity beans, after 5 months of intensive development with them. If you run Hypersonic in server mode and watch the sql output to the console, it should be readily apparent why... CMP produces *WAY* too many queries for fine-grained entity beans. The biggest problem is finder methods. Since all beans are lazy-loaded, iterating through the finder results of 1000 beans will produce 1001 SQL calls. There isn't any reason specwise that beans cannot be eager-loaded, but few (if any) appservers seem to support this. Does anyone know if there is any support for eager-loading of finder results in Orion? There doesn't appear to be from the documentation. I'm really disappointed in the entity bean concept. CMP should give us faster development times, faster code (with caching), and database independence, but at the moment we get *none* of the above. By stating in the blueprints that entity beans should only model course-grained objects and _not_ "one row of the table" they are effectively saying DO NOT USE CMP, because what is a CMP bean if not one row of a table? I noticed that most of the new J2EE patterns Sun recently posted are aimed at BMP. Sun's schizophrenia on this really pisses me off; with one face they like to show off entity beans and CMP because MS doesn't have it, with another they tell us to go back to the bronze age of handwritten SQL because the technology doesn't work. Gr. Jeff -Original Message- From: Dan North [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 20, 2001 4:41 AM To: Orion-Interest Subject: Fwd: Why Entity EJBs? Hi Johan. two-pence-worth I've been developing EJBs in a very (a) intensive and (b) short development cycle for about 5 months now. I've found that my methodology has leant towards what the JRF guys are talking about, but in a less formal way. From the backend forwards: I tend to use entity beans for storing/retrieving and most manipulation of data - ie. I have quite "fat" beans rather than just purely getters and setters. I then use session beans for workflow that doesn't seem to belong with any particular single bean, such as generating reports or anything that requires a few home interfaces' finders. I also use session beans for their transactional integrity when populating new beans from an HTML (JSP) form, especially when several beans will be created from a single form's contents and I want the whole lot to be atomic. We
RE: Why Entity EJBs?
somebody suscribed a whole lotta of criticalmass people to this list; can't we have a subscribe/unsubscribe confirmation?? JP -Original Message- From: Carla Marcyniuk [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 20, 2001 5:53 PM To: Orion-Interest Subject: RE: Why Entity EJBs? Please take me off this list as I have no interest in this conversation. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Juan Lorandi (Chile) Sent: Tuesday, March 20, 2001 12:11 PM To: Orion-Interest Subject: RE: Why Entity EJBs? I'm using EJB 1.1 CMP; It gives me as much DB independence as I need. I have to rewrite some finders when porting from DB to DB; hopefully EQL will remove this burden too. Orion performs caching of instances, check out exclusive-write-access and validity-timeout atrributes for entity-deployment tag in orion-ejb-jar.xml. However, if you have a distributed environment, cache's like the one in Orion are a threat to data integrity-- so they *must* be deactivated. Also, an orion-dependant feature, the boolean isModified(), which in WLS is called boolean isDirty(), plus a correct use of declarative transactions allow to minimize the impact on the DB. I believe CMP is the way to go, but it is very much server-dependant. The (apparent) poor performance of CMP is due to the need for this solution to address many things we all want from the server, such as data integrity, distribution across hosts of the business logic, declarative transactions and security. There's a price inherent to all this features, and the larger the spec, the higher the price we all must pay, basically, by leveling down. MS's single vendor approach actually levels up, but when they don't have the answers pre-packaged, all crumbles down and somehow we(as developers) must pay for the loses. Eventually, the servers *will* perform as expected, but until the spec matures, we will be stuck with some minor problems. I'm now living in Chile, and the budgets are pretty tight here, but still, the customer'd rather pay for an extra box to scale up than to pay extra to the programmers to do a more optimized job and scale out. I'm aware that this is vastly simplifying the issue, but the point still stands. Perhaps the true problem is that we, all the J2EE developer community, are pushing it too far *and* too broad. This is what happened with CORBA, leaving us with very little common ground. Some servers implement mor of the spec, some less. Some scale(but forbid Singleton's, for instance) and some don't. And there is no single way of making two OTS from two different vendors to cooperate. CORBA was even taller than the Everest, so nobody climbed it. Of course, I also have those rush moments where I wonder why I quitted my older job, but that's definitely not the time to contribute to anything. My 2c, JP -Original Message- From: Jeff Schnitzer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 20, 2001 1:31 PM To: Orion-Interest Subject: RE: Why Entity EJBs? I also am questioning entity beans, after 5 months of intensive development with them. If you run Hypersonic in server mode and watch the sql output to the console, it should be readily apparent why... CMP produces *WAY* too many queries for fine-grained entity beans. The biggest problem is finder methods. Since all beans are lazy-loaded, iterating through the finder results of 1000 beans will produce 1001 SQL calls. There isn't any reason specwise that beans cannot be eager-loaded, but few (if any) appservers seem to support this. Does anyone know if there is any support for eager-loading of finder results in Orion? There doesn't appear to be from the documentation. I'm really disappointed in the entity bean concept. CMP should give us faster development times, faster code (with caching), and database independence, but at the moment we get *none* of the above. By stating in the blueprints that entity beans should only model course-grained objects and _not_ "one row of the table" they are effectively saying DO NOT USE CMP, because what is a CMP bean if not one row of a table? I noticed that most of the new J2EE patterns Sun recently posted are aimed at BMP. Sun's schizophrenia on this really pisses me off; with one face they like to show off entity beans and CMP because MS doesn't have it, with another they tell us to go back to the bronze age of handwritten SQL because the technology doesn't work. Gr. Jeff -Original Message- From: Dan North [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 20, 2001 4:41 AM To: Orion-Interest Subject: Fwd: Why Entity EJBs? Hi Johan. two-pence-worth I've been developing EJBs in a very (a) intensive and (b) short development cycle for about 5 months now. I've fou
RE: Custom UserManager.
I have a fully functional home-brewn imp. of UserManager and I do nothing in the setParent method. Just for you to know, HTH JP -Original Message- From: Michael Gantz [mailto:[EMAIL PROTECTED]] Sent: Friday, March 16, 2001 9:24 AM To: Orion-Interest Subject: Re: Custom UserManager. Slight progress update. I'm convinced now I don't have something configured correctly. In my UserManager, when setParent is called I did a setParent(this) on the parent that was passed in. After that, my manager started receiving method calls to things like getUser. I also noticed that my setParent was being called with an XMLUserManager as it's parameter. Hopefully somebody can shine some light on this situation for me. Thanks... Original Message On 3/16/01, 12:40:06 AM, Michael Gantz [EMAIL PROTECTED] wrote regarding Custom UserManager.: Server : Orion-1.4.5 I've created a custom UserManager and referenced it in application.xml, I've taken out the principal tags in all the other files. Here is my problem: my custom user manager loads up and the init method gets called but that's it. The server never calls getUser on my user manager. I'm very sure I'm missing something really silly and simple but I can't find it due to the complete lack of adequate documentation. Thanks in advance. Michael L. Gantz
RE: Stateless Session Bean Initialization Pattern
Inside the servlet, declare a public static synchronized (uf) field. Then declare a public static method, to retrieve the field public static MessageBundle ms; public static synchronized getMS() { return ms; } then inside your SLSB: private MessageBundle ms; //it could even be static?? public void ejbCreate() { if (ms==null) ms = MyServley.getMS(); } HTH JP -Original Message- From: Neal Kaiser [mailto:[EMAIL PROTECTED]] Sent: Sunday, March 11, 2001 9:25 PM To: Orion-Interest Subject: Stateless Session Bean Initialization Pattern Hi. I have a framework as follows: A startup servlet reads in an XML file and creates a message bundle. This message bundle will be used by Servlets and EJBs to pull resources from it. I somehow need a way to initialize the stateless session bean by passing the message bundle to it. When the startup servlet starts, I get a reference to the session bean and call init(MessageBundle). However, this does not work because other instances of the session bean will not be initialized. I need some sort of static variable, or environment, or some way I can get the original MessageBundle passed in from the startup servlet. Any suggestions on how I should handle this? I suppose one solution would be to use JNDI and store the object in there. Are there any Orion examples of how to do this?
RE: Session cookie and https. PLEASE HELP!!!!
basically, cookies are URL spec (as per the spec, check it out in Netscape Central) URL dependant; if you send a cookie for a URL http://www.yahoo.com then that cookie is valid for that URL only; that cookie won't show up for URL https://www.yahoo.com (note the different protocol, https, instead of http); there's a way to make a cookie public for all URL's, but of course, that might compromise security; that's what orion does when you set 'shared="true"'. A good log would surely help (may I suggest log4j, http://jakarta.apache.org) HTH JP -Original Message- From: Sergio Socarras [mailto:[EMAIL PROTECTED]] Sent: Friday, March 09, 2001 2:59 PM To: Orion-Interest; [EMAIL PROTECTED] Subject: RE: Session cookie and https. PLEASE HELP Juan, Thanks for responding to my email! Yes sessions working correctly is truly critical to our app. Basically we have about 14 machines running in our environment behind an alteon. The alteon selects a machine the first a person comes in, a session is created, and that person is made sticky to that machine because we are not currently replicating sessions. On and off we have reports of sessions being lost. I'm not sure if operations is making a mistake in regards to the stickiness or if I'm dealing with another issue here. What I have noticed is what I mention in my previous email, that under https I never see the cookie get set and sometimes and only sometimes URLs get rewritten. Someone in another email suggested I use the shared=true setting in the secure-site.xml but I'm not sure how this would help. The documentation is rather vague in this area so any help would be appreciated. Thanks for all your help! Sergio in our application it is truely critical that --- "Juan Lorandi (Chile)" [EMAIL PROTECTED] wrote: Under SSL, the (preferred) method for session-tracking is SSL session id. I think orion tries this, and falls back to URL rewriting if needed. HTH JP PS: Is this truly critical to your app? We are implementing our own Session Management here and perhaps we'll run into the same problems you will? -Original Message- From: Sergio Socarras [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 07, 2001 5:01 AM To: Orion-Interest Subject: Session cookie and https. PLEASE HELP Hi I'm running into some strange behavior with sessions when running under https. I notice that when I set my browser to prompt me when a cookie is to be set and hit my application with regular http, I get a prompt for the session cookie. If I hit the same page running a secure connection I'm never prompted. I also notice that under the secure connection some of my URLs get rewritten. Interesting enough the first page, which is where I initially create the session, doesn't have any of its URLs rewritten. However, the second, third, and forth pages do. Can someone please explain what's going on. Does the setting of the session cookie not work under secure connections? PLEASE PLEASE HELP!!! Thanks Sergio __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ __ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/
RE: Orion 1.4.7?
also for those with complicated proxies, try http://www.orionserver.com/orion/orion.jar -Original Message- From: Robert Krueger [mailto:[EMAIL PROTECTED]] Sent: Friday, March 09, 2001 8:18 AM To: Orion-Interest Subject: Re: Orion 1.4.7? At 15:50 09.03.2001 , you wrote: Hello Anyone could tell me where I can download Orion 1.4.7 java -jar autoupdate.jar Thanks in advance (-) Robert Krger (-) SIGNAL 7 Gesellschaft fr Informationstechnologie mbH (-) Brder-Knau-Str. 79 - 64285 Darmstadt, (-) Tel: 06151 665401, Fax: 06151 665373 (-) [EMAIL PROTECTED], www.signal7.de
RE: Using Orion with Apache...
basically, Apache will handle all SSL; orion won't notice SSL is being used(which IMHO is really not good). HTH JP -Original Message- From: Alex Paransky [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 07, 2001 11:32 PM To: Orion-Interest Subject: RE: Using Orion with Apache... I am trying to put a together a proposal for a client using OrionServer, and not sure about how SSL will work. The client is already running Apache and would like to continue using it. Is it Apache, that's going to encode/decode the SSL communication, or is it still the job of Orion do this? Thanks for your help. -AP_ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alex Paransky Sent: Wednesday, March 07, 2001 12:10 AM To: Orion-Interest Subject: Using Orion with Apache... If I follow the documentation on http://orionsupport.com and configure Apache as reverse proxy, how do I deal with SSL? In other words, if user is trying to access https://www.bigcorp.com/myapp/index.jsp which is configured to proxy to ORION, do I still need to install the SSL on the Orion server, or would Apache handle the SSL encryption when it forwards the request to Orion? Thanks. -AP_
RE: Session cookie and https. PLEASE HELP!!!!
Under SSL, the (preferred) method for session-tracking is SSL session id. I think orion tries this, and falls back to URL rewriting if needed. HTH JP PS: Is this truly critical to your app? We are implementing our own Session Management here and perhaps we'll run into the same problems you will? -Original Message- From: Sergio Socarras [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 07, 2001 5:01 AM To: Orion-Interest Subject: Session cookie and https. PLEASE HELP Hi I'm running into some strange behavior with sessions when running under https. I notice that when I set my browser to prompt me when a cookie is to be set and hit my application with regular http, I get a prompt for the session cookie. If I hit the same page running a secure connection I'm never prompted. I also notice that under the secure connection some of my URLs get rewritten. Interesting enough the first page, which is where I initially create the session, doesn't have any of its URLs rewritten. However, the second, third, and forth pages do. Can someone please explain what's going on. Does the setting of the session cookie not work under secure connections? PLEASE PLEASE HELP!!! Thanks Sergio __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/
RE: JSP Session setting
session-config tags in web.xml should do it... HTH JP -Original Message- From: Jim Carroll [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 06, 2001 12:44 PM To: Orion-Interest Subject: JSP Session setting I'm not sure if this is the correct place to ask this question but is there a way to turn off the session tracking in the jsp compiling in orion? Currently, no matter how you set the session-tracking tag in the configuration, when jsps are compiled the following line are ALWAYS there: HttpSession session; session = request.getSession(true); It seems that this will hinder performance in a clustered environment where only some of the applications require sessions. Is there a way to turn this off at a page or application level? Thanks Jim
RE: How to set orion to perform a timely task.. (CRON???)
you can use wget in some *nix'es I have a java based tool that does basically the same work that wget does; I'll post it tomorrow -Original Message- From: Joseph B. Ottinger [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 06, 2001 3:40 PM To: Orion-Interest Subject: Re: How to set orion to perform a timely task.. (CRON???) Sure you can. * * * * * lynx --dump http://myhost/hiteveryminute.jsp /dev/null This submits something to hiteveryminute.jsp every, um, minute. On Tue, 6 Mar 2001, Robert S. Sfeir wrote: Someone suggesting hitting a JSP with a cron... how can you hit a URL with a CRON or AT command, I didn't think you could do that! Perhaps I misunderstood the explanation? R Robert S. Sfeir Director of Software Development PERCEPTICON corporation San Francisco, CA 94123 w - http://www.percepticon.com/ e- [EMAIL PROTECTED] t - (415) 749-2900 x205 --- Joseph B. Ottinger [EMAIL PROTECTED] http://epesh.com/ IT Consultant
RE: ResultSet chaching
resultset or entity? if entity caching is troubling you, de-activate entity caching by setting the entity-deployment attribute exclusive-write-access to true. HTH JP PS:ResultSet caching is done with RowSet's persistance (serializable RowSet's) -Original Message-From: Luis Javier Beltran [mailto:[EMAIL PROTECTED]]Sent: Friday, March 02, 2001 6:12 PMTo: Orion-InterestSubject: ResultSet chaching Hi, Does Orion do resultset caching? because althought the database data has changed it still shows me the same data it showed before adding information to the db... If it does, how can I disable it? thanks a lot! Luis Javier
RE: Clustering and Multicasting
are you connecting everything to the same switch (hub)??? multicasting in a LAN is usually done by the switches, so hooking into a different hub may be problematic with some switches HTH JP -Original Message- From: Jesse Schoch [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 28, 2001 7:32 PM To: Orion-Interest Subject: Clustering and Multicasting I have installed a 3 node orion cluster(2 on windows2k and 1 on linux) and have it working just dandy, the replication seems to work and so does the loadbalancer but... I also have a bsdi box, and recently upgraded to the 4.2 version which has a JDK and JVM on which orion runs fine, but when I try to put into the cluster orion will not start and complains that it can't bind to the multicast address. any ideas why this is happening?
RE: How to set orion to perform a timely task..
Or you could start a daemon thread in a servlet to perform as cron; we do that to initialize services we need. Flux is great too, but it's out of my budget... ;-) -Original Message- From: Mike Sick [mailto:[EMAIL PROTECTED]] Sent: Saturday, March 03, 2001 3:19 PM To: Orion-Interest Subject: Re: How to set orion to perform a timely task.. We use Flux. It was easy to integrate and it's reliable. see: http://www.simscomputing.com/ http://www.simscomputing.com/products/ - Original Message - From: [EMAIL PROTECTED] To: "Orion-Interest" [EMAIL PROTECTED] Sent: Saturday, March 03, 2001 12:43 PM Subject: How to set orion to perform a timely task.. Hello, I need to have my EJB perform some DB operation at midnight everyday. How do I do that? In PC, I could create a timer object to do that with VC++, but in Java it does not seem to have such a functionality. And I think it's ideal to handle it in the server side rather than play with Java. In other words, orion may have such a cron function built in to do something in a timely manner. If anyone has any experience with this, please tell me how. Thank you very much in advance. Simon
RE: login security include file
andjsp:forward closes the outputstream too -Original Message-From: Manne Fagerlind [mailto:[EMAIL PROTECTED]]Sent: Thursday, March 01, 2001 6:20 AMTo: Orion-InterestSubject: RE: login security include file Strangely enough, jsp:include always flushes the writer - i.e. the flush="false" is ignored. This is in the JSP 1.1 spec. Don't ask me why... /Manne -Original Message-From: Vaskin Kissoyan [mailto:[EMAIL PROTECTED]]Sent: 28 February 2001 22:36To: Orion-InterestSubject: login security include file I'm trying to do a response.sendRedirect() from an include file jsp:include and wanted to avoid doing a directive.include (preparser), I keep getting "Response has already been committed, be sure not to write to the OutputStream or to trigger a commit due to any other action before calling this method." I have been very careful as to put this include at the very top of the file, and to specify autoFlush=false and flush=false on the include tag. Again, the intention of this include file would be to be place at the top of the jsp file to secure it by redirecting to a login page if credentials in a session based UserBean do not allow access to the page for some reason. -Vaskin
RE: signoff EJB-INTEREST
should you use the form in http://archives.java.sun.com ??? if you wnat to unsubscribe from EJB-INTEREST, that is -Original Message- From: Randahl Fink Isaksen [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 01, 2001 5:53 AM To: Orion-Interest Subject: RE: signoff EJB-INTEREST Please use the form at www.orionserver.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lu, Michael Sent: 28. februar 2001 20:47 To: Orion-Interest Subject: signoff EJB-INTEREST signoff EJB-INTEREST
RE: Servlet Cache - How do I purge it
$orion\application-deployments\YOUREAR\YOURWAR\persistance kill every file, the orion will recompile HTH, JP -Original Message- From: Paul G. Markovich [mailto:[EMAIL PROTECTED]] Sent: Sunday, February 25, 2001 11:07 PM To: Orion-Interest Subject: Servlet Cache - How do I purge it Hi, I am using servlets in the orion default web app. My dir: Orion/defaul-web-app/Web-inf/classes/(and then my files) I have the output of my compiler set to the same directory. I start orion like: java -jar orion.jar and I stop orion with a ctrl C I have reloaded my class files and I can't ever get the new files to load. I am working on NT4, jdk1.3, orion 1.4.5 Should I start stop differently??? Is there a physical location and file that I can delete that is storing this information??? Help, Paul
RE: Got SecurityException, bu shouldn't it be NamingException?
you're right... please report this to bugzilla in www.orionserver.com TIA JP -Original Message- From: Eduardo Estefano [mailto:[EMAIL PROTECTED]] Sent: Mircoles, 21 de Febrero de 2001 13:57 To: Orion-Interest Subject: Got SecurityException, bu shouldn't it be NamingException? I was looking up a bean using: JndiContext.lookup("ContactManager"); And I was getting a security exception: User Admin does not have permissions to ContactManager. However, there is no ContactManager in the jndi tree. The bean name in the tree was ContactManagerHome. I changed it and it worked fine. The question is: Shouldn't I get a NamingException instead of a SecurityException? - Eduardo Estefano Integrated Information Systems 480.317.8549
RE: Customer User Manager problems
have you got a login error page? that's why the three times, also, if a user doesn't belong to a sr_guest group, you won't have access -Original Message- From: Ernie Phelps [mailto:[EMAIL PROTECTED]] Sent: Jueves, 22 de Febrero de 2001 12:36 To: Orion-Interest Subject: Customer User Manager problems I am having difficulties getting a custom user manager to work. Here are the steps I have taken: Implemented User (as TMUser) Implemented Group (as TMGroup) Extended AbstractUserManager (as TMUserManager) Added the following to orion-application.xml: user-manager class="com.trademotion.security.TMUserManager"/ namespace-access read-access namespace-resource root="" security-role-mapping name="lt;jndi-user-rolegt;" group name="administrators" / /security-role-mapping security-role-mapping name="sr_guest" group name="ug_default" / /security-role-mapping /namespace-resource /read-access write-access namespace-resource root="" security-role-mapping name="lt;jndi-user-rolegt;" group name="administrators" / /security-role-mapping security-role-mapping name="sr_guest" group name="ug_default" / /security-role-mapping /namespace-resource /write-access /namespace-access Added the following to web.xml: security-constraint web-resource-collection web-resource-nameMain/web-resource-name url-pattern/*/url-pattern url-pattern/list.jsp/url-pattern /web-resource-collection auth-constraint role-namesr_guest/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nameTM/realm-name /login-config security-role role-namesr_guest/role-name /security-role Here is the result: 1. I start Orion. It calls TMUserManager Init. 2. I start the browser, direct it to my controller. It pops the basic authentication dialog. I enter username and password. TMUserManager.getUser is called. TMUser.authenticate is called and returns true. 3. The basic authentication dialog pops again. This happens 3 times then fails. Any idea what I am missing here? I feel I have missed something basic, but can't put my finger on it. TIA, - Ernie
RE: Customer User Manager problems
ok. Some pointers: 1. I have my own imp. of UserManager and it's deliciously good 2. No need for principals.xml at this stage 3. When you add a security constraint, some pages require something 'extra' to be seen, in the case, this extra is that the user login'd belongs to a group sr_guest [Excerpt from your mail] security-constraint web-resource-collection web-resource-nameMain/web-resource-name url-pattern/*/url-pattern url-pattern/list.jsp/url-pattern /web-resource-collection auth-constraint role-namesr_guest/role-name /auth-constraint /security-constraint if the user tries to get some pages (in this case, ALL), then it must belong to a group sr_guest. Does the user you login with belong to the group user? (and I don't mean the DB... if you issue a UserImp.isMemberOf(UserManagerImp.getGroup("sr_guest") does it return true? If not, then something is not quite right). If I'd was to test this, I would try the following: create a user; say, 'jlorandi' then, try some (pseudo) code: User usr = UserManagerImp.getUser("jlorandi"); System.out.println("User:"+usr.getName); Group grp = UserManagerImp.getGroup("sr_guest"); System.out.println("Group:"+grp.getName); System.out.println("isMember?"+usr.isMemberOf(grp)); let me see how it comes JP -Original Message- From: Ernie Phelps [mailto:[EMAIL PROTECTED]] Sent: Jueves, 22 de Febrero de 2001 15:51 To: 'Juan Lorandi (Chile)'; 'Orion-Interest' Subject: RE: Customer User Manager problems Juan, I have tried putting the user into the principals.xml file, although the eventual goal is to not use this file at all (provide custom groups from the database via our UserManager). This does not seem to have any effect. I am not currently using a login error page, but I am not that worried about the login repetition for failure at the moment. My main concern is what is failing in the process, since authenticate is returning true from TMUser. There is presumably other code that I have to modify to get this to work, any idea's would be appreciated. Thanks. - Ernie -Original Message- From: Juan Lorandi (Chile) [mailto:[EMAIL PROTECTED]] Subject: RE: Customer User Manager problems have you got a login error page? that's why the three times, also, if a user doesn't belong to a sr_guest group, you won't have access -Original Message- From: Ernie Phelps [mailto:[EMAIL PROTECTED]] Subject: Customer User Manager problems I am having difficulties getting a custom user manager to work. Here are the steps I have taken: Implemented User (as TMUser) Implemented Group (as TMGroup) Extended AbstractUserManager (as TMUserManager) Added the following to orion-application.xml: user-manager class="com.trademotion.security.TMUserManager"/ namespace-access read-access namespace-resource root="" security-role-mapping name="lt;jndi-user-rolegt;" group name="administrators" / /security-role-mapping security-role-mapping name="sr_guest" group name="ug_default" / /security-role-mapping /namespace-resource /read-access write-access namespace-resource root="" security-role-mapping name="lt;jndi-user-rolegt;" group name="administrators" / /security-role-mapping security-role-mapping name="sr_guest" group name="ug_default" / /security-role-mapping /namespace-resource /write-access /namespace-access Added the following to web.xml: security-constraint web-resource-collection web-resource-nameMain/web-resource-name url-pattern/*/url-pattern url-pattern/list.jsp/url-pattern /web-resource-collection auth-constraint role-namesr_guest/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nameTM/realm-name /login-config security-role role-namesr_guest/role-name /security-role Here is the result: 1. I start Orion. It calls TMUserManager Init. 2. I start the browser, direct it to my controller. It pops the basic authentication dialog. I enter username an
RE: Any way to forward to j_security_check?
that's what I've been doing... whenever there's a sec-constraint, orion forwards to my login page; when I want login without securing, I simple use the login form(or some other functionally equal) and then login the user programatically (by changing the action field of the form) It works, just like MCB said. JP -Original Message- From: Mike Cannon-Brookes [mailto:[EMAIL PROTECTED]] Sent: Jueves, 22 de Febrero de 2001 11:23 To: Orion-Interest Subject: RE: Any way to "forward" to j_security_check? This is very simple to do. Just grab the RoleManager from java:comp/env/RoleManager I think and then the method if just RoleManager.login(username, password) - see the Orion API docs for more info. Alas there is no standard way to do this defined in the spec. -mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Thursday, February 22, 2001 11:27 PM To: Orion-Interest Subject: Any way to "forward" to j_security_check? Does anyone know a way to "forward" to the j_security_check processing in Orion ? We use form-based login but have our own processing to do ahead of the standard j_security_check. On J2EE Reference Implementation (and e.g. Weblogic) we post the form to our own servlet instead of j_security_check, then forward from this to j_security_check. This doesn't seem to work on Orion i.e. j_security_check doesn't seem to be something one can get a request dispatcher for. Of course, the servlet spec doesn't mandate anything about how the server should implement the j_security_check mechanism, so potentially it doesn't have to have anything that can be referenced and invoked from application code. But it would be useful to be able to. I've also thought about programmatically simulating a post to j_security_check instead of trying to forward to it, but doesn't look simple and not sure this would work on Orion either. Might be helped by Servlet 2.3 but can't move to that yet. Am I just missing some trick to this, or is it not possible on Orion? Or is it related to a bug somewhere ? (n.b. even a normal post to j_security_check seems to fail, and to get sign-on to work I have to use Orion's non-standard feature of leaving the action unspecified). *** NIG The National Insurance Guarantee Corporation PLC Reg. Office : Crown House 145 City Road London EC1V 1LP Registered in England Wales No : 42133 *** Legal disclaimer : This message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. NIG does not accept responsibility for changes made to this message after it was sent.
RE: Orion Server compared to Oracle AS
OAS only supports Session Beans (Stateless and Stateful) OAS has reached it's end of life. It's no longer a product. It has been superceeded by IAS. IAS only supports Session Beans (Stateless and Stateful). *AS functionality is replicated by the DB engine (arghhh) If you have a Oracle *i db (8.1.5 and above), you have app server capabilities; Oracle 9i supports entity beans (they may solely run in the db) So, oracle's solution looks like this nowadays Apache --- IAS (BL only) --- Oracle 9i (DB, Entities) How all of this works together is still very obscure even inside Oracle. The entity facility inside the DB, on the other hand, is very nice. It should surpass any isolation/locking problems by making the db the bottle neck (as usual). Still, it would require some fooling around to see if it really works. JP -Original Message- From: Bernard Sauterel [mailto:[EMAIL PROTECTED]] Sent: Sbado, 10 de Febrero de 2001 15:23 To: Orion-Interest Subject: RE: Orion Server compared to Oracle AS could you explain more on this ? On Sat, Feb 10, 2001, Juan Lorandi (Chile) [EMAIL PROTECTED] wrote: well, I can tell you that if you need entity beans OAS won't help you. I've had to evaluate OAS 6 months ago and it sure is a total waste of time JP -Original Message- From: John Hogan [mailto:[EMAIL PROTECTED]] Sent: Viernes, 09 de Febrero de 2001 1:12 To: Orion-Interest Subject: Orion Server compared to Oracle AS Has anyone done/know of a comarison of these two products? I know Oracle sits on Apache and JServ, and that bench marks on the Orion site show that Orion has some clear advantages vs Apache. I'm hoping someone has some first experiences they can share. TIA. JohnH _ Get your free E-mail at http://www.ireland.com +--++ | Bernard Sauterel | sauterel.net | +--++ email | [EMAIL PROTECTED]
RE: Orion Server compared to Oracle AS
well, I can tell you that if you need entity beans OAS won't help you. I've had to evaluate OAS 6 months ago and it sure is a total waste of time JP -Original Message- From: John Hogan [mailto:[EMAIL PROTECTED]] Sent: Viernes, 09 de Febrero de 2001 1:12 To: Orion-Interest Subject: Orion Server compared to Oracle AS Has anyone done/know of a comarison of these two products? I know Oracle sits on Apache and JServ, and that bench marks on the Orion site show that Orion has some clear advantages vs Apache. I'm hoping someone has some first experiences they can share. TIA. JohnH _ Get your free E-mail at http://www.ireland.com
RE: Client site HttpSession simulating
Inline -Original Message- From: Boris Erukhimov [mailto:[EMAIL PROTECTED]] Sent: Martes, 06 de Febrero de 2001 15:41 To: Orion-Interest Subject: Re: Client site HttpSession simulating Thanks a lot Juan, it's working. Is it possible for https session ? Uh, I don't know, but I'd guess not. SSL has it's own kind of session tracking that is very similar to a cookie. This is the preferred way of doing it; and it will work on browsers that don't accept cookies I've also found out that URL rewriting syntax is server specific, which means it's not part of the spec ? it isn't part of the spec, but I think tomcat perfoms equal than orion. "Juan Lorandi (Chile)" wrote: you have to postfix any URL with ";JSESSIONID=id" NOTE THE SEMICOLON JP -Original Message- From: Boris Erukhimov [mailto:[EMAIL PROTECTED]] Sent: Lunes, 05 de Febrero de 2001 10:45 To: Orion-Interest Subject: Client site HttpSession simulating I have a site which stores user profile in HttpSession after user gets in supplying user id and password. I need to provide some client site batch operation on the site using standalone java client. I remember old servlet spec which allowed you to embed session ID into URL if there is no way to use cookies to handle HttpSession. The scenario is: 1. My client java program creates HttpURLConnection for the site login response URL with valid user ID and password. 2. Then client gets HTML response proving successful login. According to the application logic a new session has been created and client receives "Set-Cookie" response header with some value like "JSESSIONID=BGDBPNFMPDGO; Path=/". 3. Assuming JSESSIONID is a name Orion wants to identify session id I include JSESSIONID=BGDBPNFMPDGO into query string for my next client request. 4. Client gets HTML response such as in case session was not established yet - new session has been created. So, Orion does not recognize "JSESSIONID=BGDBPNFMPDGO" in request pointing to existing HttpSession. Am I missing something obvious ? Or it might be some time/racing issues ? I need thins functionality very much. Any help would be greatly appreciated Thanks ~boris
RE: Secured Page?
That depends more on your app design than nothing else; both ways are pretty much costless (in orion). JP -Original Message- From: Korosh Afshar [mailto:[EMAIL PROTECTED]] Sent: Lunes, 05 de Febrero de 2001 18:08 To: Orion-Interest Subject: RE: Secured Page? which one would be a viable option for a client base of 3000-4000 users? can declaritive security be used in this fashion? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steve Loftis Sent: Monday, February 05, 2001 12:07 PM To: Orion-Interest Subject: RE: Secured Page? There are two ways to handle this login solution: programatic and declarative security. With programatic security you could have your welcome.jsp check to see if a user variable (such as a username) has been set on the session object for a client, if it hasn't (i.e is null) then forward them to the login page. (you could also stick the string welcome.jsp into the session as the referer so you can redirect the login page back it after a successful login). With declarative security you can specify which pages are secure in your deployment descriptor for the application, and access to the pages, in relation to security, will be handled at container rather than application (as above) level. check the orion reference docs for how to do this. Hope this moves you in the right direction :) Steve -Original Message- From: Roland Dong [mailto:[EMAIL PROTECTED]] Sent: 05 February 2001 10:36 To: Orion-Interest Subject: RE: Secured Page? I remember someone posted Login-related question recently. I have a newbie question on this. In my web application, I have login1.jsp which calls login2.jsp to handle the actual login process. I use JDBC-ODBC-Oracle to handle the database connection. If successfully logged in, the user will be "forwarded" to a welcome.jsp. I am wondering how could I secure welcome.jsp so that a user can ONLY access welcome.jsp by a successful login? I mean a user could just type in http://localhost:8080/examples/jsp/welcom.jsp, for example, to access it. Someone has metioned the secured page. Could someone explain? Where can I get the information or code example? Thanks a lot, Roland ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com **
RE: Download Orion version 1.4.7
autoupdate.jar looks for orion in http://www.orionserver.com/orion/orion.jar that URL sure is handy if you don't know what your proxy is JP -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Martes, 06 de Febrero de 2001 8:38 To: Orion-Interest Subject: RE: Download Orion version 1.4.7 To anyone trying to autoupdate trought proxy, use: java -DproxySet=true -DproxyHost=myProxyHostIP -DproxyPort=myProxyPort -jar autoupdate.jar Obvious, you need to be in /orion folder... My2c Edson Richter
RE: Form-based authentication not working right
gerald, I have a configuration matching yours and it's working; May I suggest a test? If you will, add a user called 'jlorandi' and make it part of group 'myuser', and add an user 'dummy' but DON'T make him part of group 'myuser' ,then, could you please edit SecuredPage.jsp so it executes these printouts: System.out.println("User:" + request.getRemoteUser() ); System.out.println("Role OK:" + request.isUserInRole("myuser") ); then browse your app: open browser, login as 'jlorandi', note results, close browser open browser, login as 'dummy', note results, close browser open browser, login INCORRECTLY, note results, close browser JP -Original Message- From: Gerald Gutierrez [mailto:[EMAIL PROTECTED]] Sent: Lunes, 05 de Febrero de 2001 20:52 To: Orion-Interest Cc: [EMAIL PROTECTED] Subject: Form-based authentication not working right Recently I asked about form-based authentication. I appreciate the help several people gave, but from the responses I got it seems that I might have miscommunicated somehow. I'm going to try again, this time explaining myself better. I'm using Orion 1.4.5 on Windows 2000. The same thing happens on Orion 1.3.8. I have a number of JSP pages in the directory /app: MainMenu.jsp -- the main menu SecuredPage.jsp -- a secured page, see only when authenticated LoginForm.jsp -- form for logging in LoginError.jsp-- form displayed when there's an error The user goes to MainMenu.jsp, where there is a link to SecuredPage.jsp. To view this page, the user must be authenticated. The authenticated is form-based. This is what should (CORRECTLY) happen: 1) User goes to MainMenu.jsp. 2) User clicks on link to SecuredPage.jsp. 3) User is presented with LoginForm.jsp. 4) User types in username and password. 5a) Login succeeds and SecuredPage.jsp is shown to user. 5b) Login fails and LoginError.jsp is shown to user. HOWEVER, this is the (INCORRECT) sequence of events that I actually get: 1) -- as before -- 2) -- as before -- 3) -- as before -- 4) -- as before -- 5a) Login succeeds and directory contents is shown to user. 5b) Login fails and directory contents is shown to user. Note the same (WRONG) thing happens whether or not the user authenticates properly. The directory contents is the list of JSP files that I have in /app. So ... what's wrong here? It redirects to my login form correctly. It just doesn't behave properly when I actually do the login (hit "j_security_check" with "j_username" and "j_password"). This is the relevant section of my web.xml file: security-constraint web-resource-collection web-resource-nameLoginTrigger/web-resource-name descriptionLoginTrigger/description url-pattern/SecuredPage.jsp/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namemyuser/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-pageLoginForm.jsp/form-login-page form-error-pageLoginError.jsp/form-error-page /form-login-config /login-config security-role role-namemyuser/role-name /security-role
RE: Client site HttpSession simulating
you have to postfix any URL with ";JSESSIONID=id" NOTE THE SEMICOLON JP -Original Message- From: Boris Erukhimov [mailto:[EMAIL PROTECTED]] Sent: Lunes, 05 de Febrero de 2001 10:45 To: Orion-Interest Subject: Client site HttpSession simulating I have a site which stores user profile in HttpSession after user gets in supplying user id and password. I need to provide some client site batch operation on the site using standalone java client. I remember old servlet spec which allowed you to embed session ID into URL if there is no way to use cookies to handle HttpSession. The scenario is: 1. My client java program creates HttpURLConnection for the site login response URL with valid user ID and password. 2. Then client gets HTML response proving successful login. According to the application logic a new session has been created and client receives "Set-Cookie" response header with some value like "JSESSIONID=BGDBPNFMPDGO; Path=/". 3. Assuming JSESSIONID is a name Orion wants to identify session id I include JSESSIONID=BGDBPNFMPDGO into query string for my next client request. 4. Client gets HTML response such as in case session was not established yet - new session has been created. So, Orion does not recognize "JSESSIONID=BGDBPNFMPDGO" in request pointing to existing HttpSession. Am I missing something obvious ? Or it might be some time/racing issues ? I need thins functionality very much. Any help would be greatly appreciated Thanks ~boris
RE: Error messages from Orion have invalid XML format - bug?
about the error codes... have you defined an error page? that is a page that is executed to show a bug, and the br StackTrace are generated by the default error page JP -Original Message- From: Randahl Fink Isaksen [mailto:[EMAIL PROTECTED]] Sent: Lunes, 05 de Febrero de 2001 4:40 To: Orion-Interest Subject: RE: Error messages from Orion have invalid XML format - bug? Thanks for your reply JP. I am aware of this possibility, and I am certain that using Orion this way speeds up development. I guess my focusing on finding out about the deployment features has gotten me to this point where I prefer to _deploy_ my application during my development. Is this not what the IDE's would do too? Maybe it is a matter of taste, but it seems a little less elegant to me to develop my JSPs directly in the middle of Orions file tree. Actually I thought most people had their files in a development file tree and then debugged by either moving the files to Orion through packaging and deployment or through simple file copying. Randahl -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Juan Lorandi (Chile) Sent: 4. februar 2001 20:02 To: Orion-Interest Subject: RE: Error messages from Orion have invalid XML format - bug? Randahl look in $orion\applications\YOUREAR\YOURWAR\yourpage.jsp if you edit a .jsp in that dir and browse it, orion will recon the change, recompile for you, voila! no need to rebuild anything JP -Original Message- From: Randahl Fink Isaksen [mailto:[EMAIL PROTECTED]] Sent: Sbado, 03 de Febrero de 2001 8:05 To: Orion-Interest Subject: Error messages from Orion have invalid XML format - bug? My JSPs return XML which is transformed using XSL. When Orion locates syntax errors or encounters Exceptions it produces som HTML which contains the error message AND some HTML markup which presents the error message. This Orion markup happens to contain standalone br tags. In case of an exception it looks like this: brat com.evermind.server.http.d3.sw(JAX) brat com.evermind.server.http.d3.su(JAX) brat com.evermind.server.http.ef.s1(JAX) brat com.evermind.server.http.ef.do(JAX) brat com.evermind.util.f.run(JAX) As everybody knows, using standalone br tags compromises XML syntax - XML would expect either br/ or br/br. Unfortunately this forces you to follow this debugging process: 1. Remove the lines in the JSP which links it to the stylesheet: ?xml version = "1.0"? ?xml-stylesheet href = "/tool.xsl"? 2. Rebuild the web application 3. Have Orion deploy the new build 4. Invoke the JSP and read the error 5. Correct the error in the JSP 6. Rebuild and redeploy 7. Check the error was corrected 8. Reinsert the line in the JSP which links it to the stylesheet. A rather long way to go, I think. This raises the question of whether this could be made easier. I have a feeling, I am not the only developer using XML, so maybe it would be a great idea if Orion Server presented Exceptions using tags which are valid in both HTML and XML. If the br tag was replaced with br/br, errors would be visible in both HTML and XML results. Moreover, if the whole error was enclosed in a valid XML tag you can have your XSL deliver the error as output. For instance p id = "OrionError" br/br at com.evermind.server.http.d3.sw(JAX) br/br at com.evermind.server.http.d3.su(JAX) br/br at com.evermind.server.http.ef.s1(JAX) br/br at com.evermind.server.http.ef.do(JAX) br/br at com.evermind.util.f.run(JAX) /p This is valid HTML and one can easily write XSL which checks for the occurance of this error and produces a result which can be seen in the output to the browser. This is just one quick idea of how to accomplish both valid HTML and valid XML - there are probably many other ways to accomplish this aswell. Of course, there might be a good reason why things are the way they are, but any comments to these thoughts would be welcomed. And should anyone at Ironflare have the time to comment on this too, I would be very grateful. Thanks Randahl -Original Message- From: Randahl Fink Isaksen [mailto:[EMAIL PROTECTED]] Sent: 2. februar 2001 11:32 To: Orion-Interest Subject: Source XML Error: Expected "/br" to terminate element starting on line 51. Occasionally I get a strange result when there are syntax errors in my JSPs. If I have a JSP that works fine I can make Orion return a weird result by introducing a line like the following into the JSP: % rubishrubishrubish % I would expect Orion to compile the JSP and give me back a syntax error somewhere. Instead I get the following in my browser when
RE: Anyone know how to def Data-type in cmp-field???
Quick and dirty... create your own class String (say ar.com.rifleman.String) package ar.com.rifleman public class String extends java.lang.String {} then map it to a varchar(30)... type-mapping type="ar.com.rifleman.String" name="varchar(30)" / that should do it (but again, it's quick and dirty) JP PS: Saludos de Claudio Paul Cannigia ;) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Lunes, 05 de Febrero de 2001 9:58 To: Orion-Interest Subject: Anyone know how to def Data-type in cmp-field??? Hi! Hi people aroud the world!!! I've found info about what I need to run Orion EJB 2.0 sample with Interbase inside our Orion-list. But for now, I'm having following trouble: primary keys, in Interbase, allow only 254 bytes in length. If I configure my datasource to use Interbase, and set schema="interbase.xml", and then mapping Strings to VARCHAR(255), I get errors in deployment time (primary key too long, or something like this). To turn things bad, I want to use all Interbase power, and map Strings to VARCHAR(8000)... How can I configure my primary-keys to use a max of varchar(30), or something like this? And, how I define the datasource that shold be used for deployment (not after deployment)? See, I need to configure inside ejb-jar.xml file the datatype of my cmp-field (not in orion-ejb-jar.xml, because when Orion create orion-ejb-jar.xml tables are created too - so my database will be incorrect - of course, I'll get app not deployed, because interbase will refuse the primary key with more than 254 bytes). Anyone know how to do this??? Thanks
RE: HttpSession question
there was something like that in the original servlet spec, but it's deprecated now; however, i think the (undocumented?) Administrator object(orionconsole says it's in 'java:comp/Administrator') can do that. -Original Message-From: Reid Hartenbower [mailto:[EMAIL PROTECTED]]Sent: Domingo, 04 de Febrero de 2001 3:10To: Orion-InterestSubject: HttpSession question Is there a way, from a client, to iterate through all the open sessions in a web server? I'm looking for something like Context.listBindings(), but for sessions. Ihave the feeling that this would be an unacceptable security hole and so is not possible, but figured someone in 'the constellation' might have the definitive answer. Thanks Reid
RE: Questions about running an EJB client
sorry for the delay, I'll try and explain it again: let's say I (Juan) am a bean developer. Let's say you (Eric) are the application assembler, and let's say Lauren Commons is the deployer. I build a bean. I package the bean in a jar, then pass it on to you. It has some(but not all) of the info needed in ejb-jar.xml . So far it's completly portable across servers. You pick up my bean, add a few of your own, and repackage the .jar . You touch ejb-jar.xml to match your assembly needs(As an example, you want to mark some methods as TX_MANDATORY). You put the .jar in an .ear with the rest of the application modules, and application.xml. This is still PORTABLE across servers (As all in the spec). Now... deployment. A: simple deployment Lauren takes your ear and uses a deploy tool to install the app on a given server. She defines ejb-ref bindings runs required SQL scripts in the DB, maps the security to a given domain etc. To store all of these data(which is server DEPENDANT), the app server creates some files. The app is deployed. B: pre-deployment Deployment is in the corporate HQ of HAL, Inc. If you fuck up there, you're toast. Lauren works with a sturdy, fast server called orion. Regretably, it doesn't include a deploy tool (no, deploytool doesn't work... yet), so she wants to pre-deploy as much as possible about this app in order to have less work to do in the final deployment. So she deploys her app in a test machine. orion-xx.xml files are created. How does she use these files? She REPACKAGES the App, storing the new files alongside its counter-part (orion-application.xml and application.xml go in the same dir), except in the case of ejb-jar.xml, which goes in an orion directory inside the ejb jar. This app is still portable across servers, but it contains now some information on how to deploy on orion-servers. The same process could be done for J2EERI and WLS 6.0, making the actual deployment very accesible. When Lauren deploys this modified .ear, orion will find the orion-xxx files inside the ear, and instead of creating deployment files from scratch, using defaults, it will use the in-ear files to create the actual, $orion\application-deployment resident, orion-xx.xml files. I sure do hope this helps... JP PS: Lauren... may I stick my tongue in your ear? -Original Message- From: Eric Hodges [mailto:[EMAIL PROTECTED]] Sent: Jueves, 01 de Febrero de 2001 19:20 To: Orion-Interest Subject: Re: Questions about running an EJB client - Original Message - From: "Juan Lorandi (Chile)" [EMAIL PROTECTED] To: "Orion-Interest" [EMAIL PROTECTED] Sent: Thursday, February 01, 2001 3:33 PM Subject: RE: Questions about running an EJB client Read the j2ee spec again. orion-x.xml files are deployment info; deployment info is server dependant (in contrast to bean developer info assembly info); deployment info may override complete for j2eeri, files are named j2eeri-.xml basically, there's one of these per every .xml in the specs: SPEC file Orion file packageplace application.xml orion-application.xml \YOURAPP.ear\META-INF\ ejb-jar.xml orion-ejb-jar.xml \YOURAPP.ear\YOUREJB.jar\orion web.xml orion-web.xml \YOURAPP.ear\YOURWAR.war\WEB-INF\ I don't really understand what you just typed. So orion-application.xml gets its info from application.xml? If so, do I just stick this namespace stuff in application.xml?
RE: Error messages from Orion have invalid XML format - bug?
Randahl look in $orion\applications\YOUREAR\YOURWAR\yourpage.jsp if you edit a .jsp in that dir and browse it, orion will recon the change, recompile for you, voila! no need to rebuild anything JP -Original Message- From: Randahl Fink Isaksen [mailto:[EMAIL PROTECTED]] Sent: Sbado, 03 de Febrero de 2001 8:05 To: Orion-Interest Subject: Error messages from Orion have invalid XML format - bug? My JSPs return XML which is transformed using XSL. When Orion locates syntax errors or encounters Exceptions it produces som HTML which contains the error message AND some HTML markup which presents the error message. This Orion markup happens to contain standalone br tags. In case of an exception it looks like this: br at com.evermind.server.http.d3.sw(JAX) br at com.evermind.server.http.d3.su(JAX) br at com.evermind.server.http.ef.s1(JAX) br at com.evermind.server.http.ef.do(JAX) br at com.evermind.util.f.run(JAX) As everybody knows, using standalone br tags compromises XML syntax - XML would expect either br/ or br/br. Unfortunately this forces you to follow this debugging process: 1. Remove the lines in the JSP which links it to the stylesheet: ?xml version = "1.0"? ?xml-stylesheet href = "/tool.xsl"? 2. Rebuild the web application 3. Have Orion deploy the new build 4. Invoke the JSP and read the error 5. Correct the error in the JSP 6. Rebuild and redeploy 7. Check the error was corrected 8. Reinsert the line in the JSP which links it to the stylesheet. A rather long way to go, I think. This raises the question of whether this could be made easier. I have a feeling, I am not the only developer using XML, so maybe it would be a great idea if Orion Server presented Exceptions using tags which are valid in both HTML and XML. If the br tag was replaced with br/br, errors would be visible in both HTML and XML results. Moreover, if the whole error was enclosed in a valid XML tag you can have your XSL deliver the error as output. For instance p id = "OrionError" br/br at com.evermind.server.http.d3.sw(JAX) br/br at com.evermind.server.http.d3.su(JAX) br/br at com.evermind.server.http.ef.s1(JAX) br/br at com.evermind.server.http.ef.do(JAX) br/br at com.evermind.util.f.run(JAX) /p This is valid HTML and one can easily write XSL which checks for the occurance of this error and produces a result which can be seen in the output to the browser. This is just one quick idea of how to accomplish both valid HTML and valid XML - there are probably many other ways to accomplish this aswell. Of course, there might be a good reason why things are the way they are, but any comments to these thoughts would be welcomed. And should anyone at Ironflare have the time to comment on this too, I would be very grateful. Thanks Randahl -Original Message- From: Randahl Fink Isaksen [mailto:[EMAIL PROTECTED]] Sent: 2. februar 2001 11:32 To: Orion-Interest Subject: Source XML Error: Expected "/br" to terminate element starting on line 51. Occasionally I get a strange result when there are syntax errors in my JSPs. If I have a JSP that works fine I can make Orion return a weird result by introducing a line like the following into the JSP: % rubishrubishrubish % I would expect Orion to compile the JSP and give me back a syntax error somewhere. Instead I get the following in my browser when I invoke the JSP: Source XML Error: Expected "/br" to terminate element starting on line 51. I know this sounds weird - that is exactly why I am asking: Has this occured to anyone else on the list? - Do you know why this happens? In hopes it is not my inner CPU which has some kind of bug... R.
RE: Questions about running an EJB client
in orion-application.xml (you can find it in $orion\application-deployments\YOURAPP\) there should be a namespace tag; below is mine's form an app: namespace-access read-access namespace-resource root="" security-role-mapping name="lt;jndi-user-rolegt;" group name="admin" / /security-role-mapping /namespace-resource /read-access write-access /write-access /namespace-access then, whenever the current user belongs to group admin, you have read access for ALL resources. I believe that something on the line of group name="admin" impliesAll="true" / would grant everybody read access; AFAIK Orion's JNDI imp. doesn't support writing, so the write-access part is irrelevant HTH JP -Original Message- From: Eric Hodges [mailto:[EMAIL PROTECTED]] Sent: Mircoles, 31 de Enero de 2001 20:14 To: Orion-Interest Subject: Questions about running an EJB client I'm trying to set up an EJB (my first time) on Orion. I have the .EAR file running, I just need to get the client to test it. When I try to run the client, it fails on the constructor for InitialContext(). Here's the error: java.lang.SecurityException: Not allowed to look up java:comp/ResourceFinder, check the namespace-access tag setting in orion-application.xml for details at com.evermind.server.rmi.bb.f_(JAX) at com.evermind.server.rmi.RMIServer.f_(JAX) at com.evermind.server.rmi.RMIContext.lookup(JAX) at com.evermind.server.administration.LazyResourceFinder.f_(JAX) at com.evermind.server.administration.LazyResourceFinder.getEJBHome(JAX) at com.evermind.server.Application.ap7(JAX) at com.evermind.server.ApplicationClientInitialContextFactory.get InitialContext (JAX) at javax.naming.spi.NamingManager.getInitialContext(NamingManager .java:668) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:246) at javax.naming.InitialContext.init(InitialContext.java:222) at javax.naming.InitialContext.init(InitialContext.java:198) at com.mongoosetech.agent.AgentBase.registerWithServer(AgentBase. java:100) at com.mongoosetech.agent.AgentBase.register(AgentBase.java:71) at com.mongoosetech.agent.AgentBase.init(AgentBase.java:58) at com.mongoosetech.agent.jdbcagent.JDBCAgent.init(JDBCAgent.java:81) at com.mongoosetech.agent.jdbcagent.JDBCFramgent.init(JDBCFramg ent.java:21) at com.mongoosetech.agent.jdbcagent.JDBCFramgent.main(JDBCFramgen t.java:73) The problem is that I don't have a file called "orion-application.xml". From the docs, I get the impression this is an Orion specific version of application.xml. I have that, but I don't see a way to make it let me look up java:comp/ResourceFinder. Any clues?
RE: Questions about running an EJB client
Read the j2ee spec again. orion-x.xml files are deployment info; deployment info is server dependant (in contrast to bean developer info assembly info); deployment info may override complete for j2eeri, files are named j2eeri-.xml basically, there's one of these per every .xml in the specs: SPEC file Orion file packageplace application.xml orion-application.xml \YOURAPP.ear\META-INF\ ejb-jar.xml orion-ejb-jar.xml \YOURAPP.ear\YOUREJB.jar\orion web.xml orion-web.xml \YOURAPP.ear\YOURWAR.war\WEB-INF\ At deployment time, orion creates a counter-part of your SPEC files in $orion\application-deployments\ for this it may use templates bundled in your package (if found in packageplace) HTH JP -Original Message- From: Eric Hodges [mailto:[EMAIL PROTECTED]] Sent: Jueves, 01 de Febrero de 2001 15:50 To: Orion-Interest Subject: Re: Questions about running an EJB client Where did this file come from? I didn't put it in my EJB jar or my EAR file. It doesn't look like yours (there's no name attribute on the security-role-mapping tag), so once I edit it how will I stick it back in my EAR? That sounds odd, doesn't it? Thanks for the help. - Original Message - From: "Juan Lorandi (Chile)" [EMAIL PROTECTED] To: "Orion-Interest" [EMAIL PROTECTED] Sent: Thursday, February 01, 2001 11:51 AM Subject: RE: Questions about running an EJB client in orion-application.xml (you can find it in $orion\application-deployments\YOURAPP\) there should be a namespace tag; below is mine's form an app: namespace-access read-access namespace-resource root="" security-role-mapping name="lt;jndi-user-rolegt;" group name="admin" / /security-role-mapping /namespace-resource /read-access write-access /write-access /namespace-access then, whenever the current user belongs to group admin, you have read access for ALL resources. I believe that something on the line of group name="admin" impliesAll="true" / would grant everybody read access; AFAIK Orion's JNDI imp. doesn't support writing, so the write-access part is irrelevant HTH JP -Original Message- From: Eric Hodges [mailto:[EMAIL PROTECTED]] Sent: Mircoles, 31 de Enero de 2001 20:14 To: Orion-Interest Subject: Questions about running an EJB client I'm trying to set up an EJB (my first time) on Orion. I have the .EAR file running, I just need to get the client to test it. When I try to run the client, it fails on the constructor for InitialContext(). Here's the error: java.lang.SecurityException: Not allowed to look up java:comp/ResourceFinder, check the namespace-access tag setting in orion-application.xml for details at com.evermind.server.rmi.bb.f_(JAX) at com.evermind.server.rmi.RMIServer.f_(JAX) at com.evermind.server.rmi.RMIContext.lookup(JAX) at com.evermind.server.administration.LazyResourceFinder.f_(JAX) at com.evermind.server.administration.LazyResourceFinder.getEJBHome(JAX) at com.evermind.server.Application.ap7(JAX) at com.evermind.server.ApplicationClientInitialContextFactory.get InitialContext (JAX) at javax.naming.spi.NamingManager.getInitialContext(NamingManager .java:668) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:246) at javax.naming.InitialContext.init(InitialContext.java:222) at javax.naming.InitialContext.init(InitialContext.java:198) at com.mongoosetech.agent.AgentBase.registerWithServer(AgentBase. java:100) at com.mongoosetech.agent.AgentBase.register(AgentBase.java:71) at com.mongoosetech.agent.AgentBase.init(AgentBase.java:58) at com.mongoosetech.agent.jdbcagent.JDBCAgent.init(JDBCAgent.java:81) at com.mongoosetech.agent.jdbcagent.JDBCFramgent.init(JDBCFramg ent.java:21) at com.mongoosetech.agent.jdbcagent.JDBCFramgent.main(JDBCFramgen t.java:73) The problem is that I don't have a file called "orion-application.xml". From the docs, I get the impression this is an Orion specific version of application.xml. I have that, but I don't see a way to make it let me look up java:comp/ResourceFinder. Any clues?
RE: RE : JSP TagLibs and UTF8 Encoding - Further Info
aren't cp1252 and UTF-8 actually the same? -Original Message- From: Ted Rice [mailto:[EMAIL PROTECTED]] Sent: Jueves, 01 de Febrero de 2001 8:23 To: Orion-Interest Subject: RE : JSP TagLibs and UTF8 Encoding - Further Info --- Ted Rice APAMA Ltd, 17 Millers Yard, Mill Lane Cambridge CB2 1RQ, United Kingdom Email: [EMAIL PROTECTED] Mobile: +44 (0)7899 876489 Phone: +44 (0)1223 257973 [Histon Office] Fax:+44 (0)1223 51885 A little further information on my encoding problem with the JSP Tags and XML translation. When I remove the JSP BodyTag wrapper around the JSP code producing XML, the XML is shown in the browser and all the UTF8 characters are displayed properly. Meaning that in the processing of the JSP the encoding is being preserved. However, in the JSP Tag Code, I have done the following test: public int doAfterBody() throws JspException { // _xmlContent is a member variable instance if (bodyContent == null){ _xmlContent = ""; } else{ _xmlReader = (InputStreamReader) bodyContent.getReader(); logger.debug("Reader Encoding [ " + _xmlReader.getEncoding() + " ]"); } return SKIP_BODY; } In my log file I see the following line: 2001-02-01 10:12:28,902 [ApplicationServerThread] DEBUG Reader Encoding [ Cp1252 ] Meaning the encoding of the bodyContent reader is where the munging is occurring. Is there a way I can force the reader to use UTF8 encoding? I have circumvented the problem of encoding being lost via a hack. The code was: byte[] utf8Bytes = bodyContent.getString().trim().getBytes("Cp1252"); ByteArrayInputStream stream = new ByteArrayInputStream(utf8Bytes); _xmlReader = new InputStreamReader(stream, "UTF-8"); This is going to be slow! I guess the real problem lies that the Reader of the bodyContent is reading in Cp1252. How can i force the Tag to read in UTF8? Thanks. --- Ted Rice APAMA Ltd, 17 Millers Yard, Mill Lane Cambridge CB2 1RQ, United Kingdom Email: [EMAIL PROTECTED] Mobile: +44 (0)7899 876489 Phone: +44 (0)1223 257973 [Histon Office] Fax:+44 (0)1223 5188599
RE: Session EJB Accessibility
It's tough for container providers to provide Singleton behavior when more than one JVM is involved; I can trace this back to CORBA. That's why it's not in the spec. JP -Original Message- From: Jeff Schnitzer [mailto:[EMAIL PROTECTED]] Sent: Martes, 30 de Enero de 2001 20:29 To: Orion-Interest Subject: RE: Session EJB Accessibility I'm confused by your comments; does it need to manage state, or doesn't it? I'm assuming it does, otherwise you would just use a stateless session bean. Here's some fodder for conversation: I don't think there is an EJB facility which will help you. SLSBs are pooled and can timeout, SFSBs have no lookup mechanism, can timeout, and aren't reentrant (although Orion, despite the spec, serializes calls, which is good), and entity beans will get all wacky because of the multiple instances you will get from an optimistic concurrency model. It seems like what you want is either a SLSB which never times out and is guaranteed to only have one instance in the pool, or a BMP entity bean with a guarantee of serialized transactions. Is it possible to make Orion do either of these? And what would happen in a clustered solution? I propose that the only server-independent way to do what you want is to use an RMI server. The EJB specification really needs a "SingletonBean", preferrably one which allows concurrent calls (and thus reasonable performance). Comments? Jeff -Original Message- From: Mark Bernardinis [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 30, 2001 12:18 AM To: Orion-Interest Subject: Re: Session EJB Accessibility I don't want to do any database activity. I just want this Java Object to be accessible as an EJB accessible by many different clients hosted by an Application Server. The object doesn't have to be stateful either. It sounds like you're describing an entity bean more than a session bean. An entity bean can be called by many clients although access is serialized. And certainly the role of an entity bean is to encapsulate data in a apparently-storage-mechanism-independent manner, from the client's perspective... How does the notion of a session play into what you want the bean to do? Gary Mark Bernardinis ([EMAIL PROTECTED]) wrote: Requirements: An EJB to be Stateful Accessible by more than client Share the same data object and information Summarising the above information, I would like to have an EJB that can be called by many clients yet share the same underlying data within the bean. These clients may be another application running under Orion or a stand-alone application. Is this possible, and if it is, what special requirements do I need to meet. I have looked at SessionContext but does this have anything to do with it? Thanks in advance. Mark
RE: Accessing Orion-EJB-Server on one machine from Orion-web-server on another?
yap, server.xml (add a RMI server ref there) JP -Original Message- From: Globetrot Communications [mailto:[EMAIL PROTECTED]] Sent: Lunes, 29 de Enero de 2001 22:18 To: Orion-Interest Subject: Accessing Orion-EJB-Server on one machine from Orion-web-server on another? What is the best way to configure two installations of Orion, on different machines, so web-server on one can access the EJB-Server on the other? Can this be done through only the configuration files? Thanks Satish Gupta = __ 5.5 cents calls with 6-second billing no fees. Free toll-fre numbers. No other charges 4 cents Domestic calls with no fees: 5 cents per minute International calls also available http://globetrot.hypermart.net e-mail: [EMAIL PROTECTED] __ __ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/
RE: Session EJB Accessibility
why many clients? is that a 'performance enhancement'? (orion's got a pool of objects, so no perf enhancements to do) do you wish to model a singleton? please, elaborate further. JP PS: shoooting from the hip a stateless session bean with its fields set up as public static MyFieldType myfield; won't do? (altough obviously a multi VM solution totally craps this pattern) -Original Message- From: Mark Bernardinis [mailto:[EMAIL PROTECTED]] Sent: Martes, 30 de Enero de 2001 5:18 To: Orion-Interest Subject: Re: Session EJB Accessibility I don't want to do any database activity. I just want this Java Object to be accessible as an EJB accessible by many different clients hosted by an Application Server. The object doesn't have to be stateful either. It sounds like you're describing an entity bean more than a session bean. An entity bean can be called by many clients although access is serialized. And certainly the role of an entity bean is to encapsulate data in a apparently-storage-mechanism-independent manner, from the client's perspective... How does the notion of a session play into what you want the bean to do? Gary Mark Bernardinis ([EMAIL PROTECTED]) wrote: Requirements: An EJB to be Stateful Accessible by more than client Share the same data object and information Summarising the above information, I would like to have an EJB that can be called by many clients yet share the same underlying data within the bean. These clients may be another application running under Orion or a stand-alone application. Is this possible, and if it is, what special requirements do I need to meet. I have looked at SessionContext but does this have anything to do with it? Thanks in advance. Mark
RE: Which version is stable
You're correct... ;) -Original Message- From: Randahl Fink Isaksen [mailto:[EMAIL PROTECTED]] Sent: Martes, 30 de Enero de 2001 9:14 To: Orion-Interest Subject: Which version is stable I am running Orion 1.3.8 seems to work, but I am thinking of upgrading. But which version should one upgrade to? - According to www.orionserver.com the new 1.4.5 is both stable and experimental... which sounds a bit like "stable and unstable". R.
RE: Accessing Orion-EJB-Server on one machine from Orion-web-server on another?
sorry about being elusive here's a (kinda) how to: in$orion\config\rmi.xml server host="the.remote.server.com" password="123" port="23791" username="admin" / then in orion-application.xml (in $orion\application-deployments\yourear\) ejb-module path="myEjbs.jar" remote="true" / that should be it JP-Original Message-From: Satish Gupta [mailto:[EMAIL PROTECTED]]Sent: Martes, 30 de Enero de 2001 14:05To: [EMAIL PROTECTED]Subject: RE: Accessing Orion-EJB-Server on one machine from Orion-web-server on another? Thanks for your answer. ButI'd appreciate it if you couldplease be a little more verbose in your reply. A bit of an explanation will help a newbie like me. Thanks yap, server.xml (add a RMI server ref there)JP-Original Message-From: Globetrot Communications [mailto:[EMAIL PROTECTED]]Sent: Lunes, 29 de Enero de 2001 22:18To: Orion-InterestSubject: Accessing Orion-EJB-Server on one machine from Orion-web-serveron another?What is the best way to configure two installations ofOrion, on different machines, so web-server on one canaccess the EJB-Server on the other? Can this be donethrough only the configuration files?Thanks
RE: Pooled Data Source ADDENDUM! Design question for you :)
paginate your search and cache partial results on the client side: you need N total records... have a query to return J records starting at page K (records between K*J and (K+1)*J) cache these on the client for page 1 whenever a given page K is shown, check in the cache if pages (K-1) (previous) and (K+1) (next) are available on the cache, else load from the server. HTH JP -Original Message- From: Daniel Cardin [mailto:[EMAIL PROTECTED]] Sent: Martes, 30 de Enero de 2001 11:54 To: Orion-Interest Subject: RE: Pooled Data Source ADDENDUM! Design question for you :) I think I have not made myself clear enough. The DataSource access works in the context of the appserver running. What I was trying to do is access a DataSource from the application client side. Now, this is the fix for my problem, but maybe there is a better way to resolve this, so I will explain what I'm trying to accomplish on the client side. I have many requests to the database that return a high number of rows to be displayed in the client application. Now, my current framework allows me to build portable data object and transmit them accross the wire, but you will surely agree with me that building 1 objects and serializing them is NOT efficient. I have then tried using the new CachedRowSet object from Sun on the server side and returning (serializing) the ResultSet directly to the client app. But this process is _still_ very long as the serialization of so many records is very expensive. (ie about 10 seconds, versus less than one second with a local connection object, vs about 500 ms with an ADO.RecordSet) I thus get very good performance if I open up the ResultSet on the client side, but this is something I wanted to avoid. In the very least I figured that if I could get a connection from the server connection pool, I could build up the SQL request on the server and execute it blindly on the client through a generic mechanism. So, I ask you, what should I do to access large number of rows ? And is it possible to use a DataSource from the application client when the beans are deployed as CMP beans ? Thanks! Daniel -Message d'origine- De : Daniel Cardin Envoy : 29 janvier, 2001 11:08 : Orion-Interest Objet : Pooled Data Source Well... it seems I just can't make it work, even though I have read just about all the messages on the subject. datasources : data-source class="com.evermind.sql.DriverManagerDataSource" name="ddsNP" location="jdbc/ddsNP" xa-location="jdbc/xa/ddsXANP" ejb-location="jdbc/ddsNP" connection-driver="com.inet.tds.TdsDriver" username="sa" password="" url="jdbc:inetdae7:theserver:1433?database=test" inactivity-timeout="30" schema="database-schemas\ms-sql.xml" / data-source class="com.evermind.sql.OrionPooledDataSource" name="dds" location="jdbc/ddsDS" xa-location="jdbc/xa/ddsXADS" ejb-location="jdbc/ddsDS" max-connections="2" source-location="jdbc/ddsNP" pooled-location="jdbc/ddsDS" username="sa" password="" inactivity-timeout="30" connection-driver="com.inet.tds.TdsDriver" url="jdbc:inetdae7:theserver:1433?database=test" / the code DataSource ds = (DataSource)ctx.lookup("jdbc/ddsNP"); // have used jdbc/ddsDS as well... the lookup returns an OrionCMTDataSource but the call to getConnection() DatabaseMetaData dmd = ds.getConnection().getMetaData(); raises : java.lang.NullPointerException at com.evermind.sql.OrionPooledDataSource.d8(JAX) at com.evermind.sql.ak.eo(JAX) at com.evermind.sql.ak.ep(JAX) at com.evermind.sql.ap.getMetaData(JAX) at dds_testclient.Frame1.dsTest(Frame1.java:81) Hints anyone ? Thanks! Daniel
RE: Session EJB Accessibility
BTW, you CAN access files, but this also may harm multi-host scalability There's however ways of doing this, for example, a jdbc-file driver (a jdbc driver that fires upon a filesystem instead of a database); I think there's one freely available from an O'Reilly book on servlets (i used to have it while I worked in Argentina, but lost it when moved to Chile) However, have in mind that accessing to the LOCAL filesystems (and not a single fs) will affect your app's scalability I've had this problem and had to solve it by building a distributed service that replicates and synchronizes dirs (sorry guys, can't release it). That's the primary reason fs didn't make the spec; the lack of a good jdbc-fs driver is the other. My $0.02 JP -Original Message- From: Juan Lorandi (Chile) [mailto:[EMAIL PROTECTED]] Sent: Martes, 30 de Enero de 2001 11:26 To: Orion-Interest Subject: RE: Session EJB Accessibility why many clients? is that a 'performance enhancement'? (orion's got a pool of objects, so no perf enhancements to do) do you wish to model a singleton? please, elaborate further. JP PS: shoooting from the hip a stateless session bean with its fields set up as public static MyFieldType myfield; won't do? (altough obviously a multi VM solution totally craps this pattern) -Original Message- From: Mark Bernardinis [mailto:[EMAIL PROTECTED]] Sent: Martes, 30 de Enero de 2001 5:18 To: Orion-Interest Subject: Re: Session EJB Accessibility I don't want to do any database activity. I just want this Java Object to be accessible as an EJB accessible by many different clients hosted by an Application Server. The object doesn't have to be stateful either. It sounds like you're describing an entity bean more than a session bean. An entity bean can be called by many clients although access is serialized. And certainly the role of an entity bean is to encapsulate data in a apparently-storage-mechanism-independent manner, from the client's perspective... How does the notion of a session play into what you want the bean to do? Gary Mark Bernardinis ([EMAIL PROTECTED]) wrote: Requirements: An EJB to be Stateful Accessible by more than client Share the same data object and information Summarising the above information, I would like to have an EJB that can be called by many clients yet share the same underlying data within the bean. These clients may be another application running under Orion or a stand-alone application. Is this possible, and if it is, what special requirements do I need to meet. I have looked at SessionContext but does this have anything to do with it? Thanks in advance. Mark
RE: Developers
uh... search the archives... I think there's mostly one reference to www.netcraft.com for you to find out. Also, there's a list hosted by Jason Rimmer at: http://orion.irth.net/OOPS/oopslist.jsp and if everyone would sign in there, it would increase considerably, allowing many other potential orion users to sell the idea to management more easily. In that page you can enter your site's details HTH JP -Original Message- From: Burr Sutter [mailto:[EMAIL PROTECTED]] Sent: Martes, 30 de Enero de 2001 13:57 To: Orion-Interest Subject: Developers Just downloaded the Orion Server and was wondering what the current userbase thought about the product. Is it stable and scalable enough to deploy a major website using Servlets, JSP and EJB? Better than Resin? JRun? I've used WebSphere, WebLogic and SilverStream. Thanks, Burr [EMAIL PROTECTED]
RE: orion and mysql?
not to mention the total lack of transaction support which makes it impossible to be used with CMP AFAIK JP -Original Message- From: Arno Grbac [mailto:[EMAIL PROTECTED]] Sent: Martes, 30 de Enero de 2001 15:08 To: Orion-Interest Subject: RE: orion and mysql? This doesn't answer your question, but take a serious look at InterBase 6 (IT IS FREE AND OPEN SOURCE!!!). mySQL doesn't have a good locking mechanism yet, ..as well as some missing data types (last time I checked). Good luck, -arno -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Marc Linke Sent: Tuesday, January 30, 2001 11:21 AM To: Orion-Interest Subject: orion and mysql? Hi, is there any simple how-to for setting up mysql with orion available? Or can someone explain me how to do it? thanks
RE: Session EJB Accessibility
nope, shouldn't serve multiple clients concurrently... however, most servers use it (kinda) statically, but won't be true in a cluster JP -Original Message- From: Luong, Tony S322 [mailto:[EMAIL PROTECTED]] Sent: Martes, 30 de Enero de 2001 15:23 To: Orion-Interest Subject: RE: Session EJB Accessibility use stateless session bean, it can serve multiple clients concurrently. -Original Message- From: Mark Bernardinis [SMTP:[EMAIL PROTECTED]] Sent: Tuesday, January 30, 2001 3:18 AM To: Orion-Interest Subject:Re: Session EJB Accessibility I don't want to do any database activity. I just want this Java Object to be accessible as an EJB accessible by many different clients hosted by an Application Server. The object doesn't have to be stateful either. It sounds like you're describing an entity bean more than a session bean. An entity bean can be called by many clients although access is serialized. And certainly the role of an entity bean is to encapsulate data in a apparently-storage-mechanism-independent manner, from the client's perspective... How does the notion of a session play into what you want the bean to do? Gary Mark Bernardinis ([EMAIL PROTECTED]) wrote: Requirements: An EJB to be Stateful Accessible by more than client Share the same data object and information Summarising the above information, I would like to have an EJB that can be called by many clients yet share the same underlying data within the bean. These clients may be another application running under Orion or a stand-alone application. Is this possible, and if it is, what special requirements do I need to meet. I have looked at SessionContext but does this have anything to do with it? Thanks in advance. Mark -- CONFIDENTIALITY NOTICE: If you have received this e-mail in error, please immediately notify the sender by e-mail at the address shown. This e-mail transmission may contain confidential information. This information is intended only for the use of the individual(s) or entity to whom it is intended even if addressed incorrectly. Please delete it from your files if you are not the intended recipient. Thank you for your compliance.
RE: URL Mapping of /*
uh, if nobody replies, please post it in bugzilla TIA JP -Original Message- From: Gerald Gutierrez [mailto:[EMAIL PROTECTED]] Sent: Lunes, 29 de Enero de 2001 15:45 To: Orion-Interest Subject: URL Mapping of "/*" When I map a servlet to /*, and I go to a URL /hello, should not: ServletPath = / PathInfo = hello ??? Instead I get: ServletPath = /hello PathInfo = null If the servlet is not mapped to /*, but instead to /abc/*, then the URL /abc/hello produces: ServletPath = /abc PathInfo = /hello This feels like a bug to me.
Bug #161
Finally! it's being fixed in 1.4.6 Things are in motion again! JP
RE: E_Roman e-commerce application(Mastering Java Beans)Wiley
I believe your last assertion is false. Any entity bean that has a composed key (that is, its key maps to more than one field in the persistence) must have its own PK class check the specs JP -Original Message- From: Oglinda [mailto:[EMAIL PROTECTED]] Sent: Sbado, 20 de Enero de 2001 22:35 To: Orion-Interest Subject: Re: E_Roman e-commerce application(Mastering Java Beans)Wiley At 01:31 AM 1/20/01 +, faisal wrote: Hi -Has any body tried to install Ed Roman e-commerce examples on Orion?. I am studying the book and I have played with some of the EJBs. There are some problems 1. I assume the code was written with the EJB 1.0 specifications because it is using some deprecated methods. 2. The author was using WebLogic to deploy the beans and there are some major differences in the way you deploy the EJBs. -Another question is it possible to do without creating a seperate class for the primary key such as "customerPK.class" I am not an expert but from what I have noticed: * CMBs do not need a PK class * Bean-Managed persistence requires a PK class. Danut _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
RE: Writing user managers
Yes, it is necesary; there isn't a LDAP based UserManager, and DataSourceUserManager doesn't provide all the features I need JP -Original Message- From: Jeff Schnitzer [mailto:[EMAIL PROTECTED]] Sent: Viernes, 19 de Enero de 2001 20:38 To: Orion-Interest Subject: RE: Writing user managers Is it really necessary to have your own user manager? I model my users as entity EJBs. I use the vanilla DataSourceUserManager mapped to the same table that the entities are written to. All manipulation of user data is done through the entity beans. The only trick is that you need to set: property name="staleness" value="0" / in the user-manager block, otherwise entity changes won't show up. This scheme pretty much minimizes the amount of server-specific code I have to deal with. Jeff -Original Message- From: Juan Lorandi (Chile) [mailto:[EMAIL PROTECTED]] Sent: Friday, January 19, 2001 10:32 AM To: Orion-Interest Subject: RE: Writing user managers The RoleManager depends entirely on the Useranager implementation that any given app is using. (If you decompile RoleManager, you'll find that it calls Application.UserManager's methods quite often) Roles in J2EE (RoleManager) map to groups in UserManager. I use three tables; one has user/password info, one has group definitions (roles), and another has user/group relations I will be much clearer once you start coding and testing... Oh, and whenever an app is first deployed, Orion (thru RoleManager then thru UserManager) will attempt to create a group for each declared role in every web.xml ejb-jar.xml that finds within the application. That part of the init is automagical... I've had to make a back-end to the security(to create, edit and remove security data). You will have to create a user with access rights to this backend to start(in my case, a user:"sa" password:"" that was linked to a securityAdmin group). As a side note, this security is also used to access JNDI, and I haven't played much with it, but you'll have to check out the orion-.xml for namespace tags to enable read/write access to Orion's JNDI implementation. (Has a lot to do with the getAdministratorUser() in UserManager) HTH Juan Pablo -Original Message- From: Nick Newman [mailto:[EMAIL PROTECTED]] Sent: Viernes, 19 de Enero de 2001 15:24 To: Juan Lorandi (Chile) Subject: RE: Writing user managers Sounds like it's not too hard. Great! One further question if I may. If Orion supplies its own implementation of the RoleManager which we cannot change, then does that mean we cannot specify the group-role mapping through anything but the xml files? Or is there some way that we could persuade Orion to use group-role mappings that are defined in a DB? Thanks, Nick At 12:51 PM 1/19/01 -0300, you wrote: Group, User, and UserManager. Group and User are almost data transports; UserManager is where the work is, but if you know a little of connectivity (say, you want persisted security information in a DB, the jdbc is a must, or java.naming for LDAP, etc) wouldn't take more than 20 man hours. RoleManager is a class, and it's never implemented by the user. Supposedly, it's the neutral way to use security, it works with roles, etc. If you have a functional UserManager implementation, any code you write firing upon RoleManager will survive a UserManager implementation change (or at least that's the idea) HTH
RE: Sybase experience anyone?
I've used Sybase 11.0.9 running in both W2K and Tru64 Unix(former Digital Unix) it has a jdbc driver called jconnect, you can download it from mysybase; there's a script you must run prior to use the driver (check the manual) Sybase has outperformed Oracle in every test I've done with OrionServer HTH JP -Original Message- From: Christian Sell [mailto:[EMAIL PROTECTED]] Sent: Sbado, 20 de Enero de 2001 14:59 To: Orion-Interest Subject: Sybase experience anyone? Hello, We are about to decide about the database platform on which we will deploy our first J2EE application. Preferrably, it should be a cost-free solution. First I would like to ask if anyone has experience to share about using Sybase 11.0.3 (the one that is free to deploy under Linux). I especially wonder about the JDBC driver (does it come with one?). I have read about people using Interbase and PostgreSQL successfuly. I would still like to conduct a shootout between the following databases: Interbase PostgreSQL Sybase 11.0.3 SapDB anyone? thanks, Christian Sell
RE: OrionCMTConnection not closed, check your code!
sometimes orion doesn't close connection (that's my case, as I solely use CMP), and still see these messages... JP -Original Message- From: Robert Krueger [mailto:[EMAIL PROTECTED]] Sent: Viernes, 19 de Enero de 2001 7:15 To: Orion-Interest Subject: Re: OrionCMTConnection not closed, check your code! At 00:55 19.01.2001 , you wrote: What does this message mean? OrionCMTConnection not closed, check your code! LogicalDriverManagerXAConnection not closed, check your code! (Use -Djdbc.connection.debug=true to find out where the leaked connection was created) it means what it says ;-). you didn't close() all your connections (meaning they were not returned to the pool but the connection object left scope and was probably destroyed while still open). that is a programming error and orion is kind enough to tell you about it. HTH robert []s Guilherme Ceschiatti (-) Robert Krger (-) SIGNAL 7 Gesellschaft fr Informationstechnologie mbH (-) Brder-Knau-Str. 79 - 64285 Darmstadt, (-) Tel: 06151 665401, Fax: 06151 665373 (-) [EMAIL PROTECTED], www.signal7.de