Form-based login
Hi! In WebLogic 6, the j_security_check recognizes a parameter "j_target_url". I don't think this is part of the J2EE spec, but a WebLogic feature instead. Do you know if there's an equivalent to this in Orion? At least, this j_target_url doesn't seem to work. I need this in a website where there is always (at least, when user has not logged in) a small "login form" visible in the left column, and this form should be submitted to j_security_check and then a specific "welcome page" should be displayed. If I just post the form to j_security_check, I get an error message in the browser "You are not authorized to view this page".. The only way I've managed to make the form-based login to work, is by surfing to some page that has a security-constraint. In this case, Orion takes me to the login form and then to the originally requested page, just as it is supposed to do.. Thanks, Juha
RE: Sealing violation?
Here's a solution for this "sealing violation" problem that I had
earlier on. (Quote from mr. Matt Tilchen):
Juha,
OK. I've got it figured out. The "crimson.jar" file included in
the distribution has a manifest file (meta-inf/manifest.mf) that
specifies that it is "sealed". Sealing a package within a JAR file means
that all classes defined in that package must be found in the same JAR
file. This implies that you have a package appearing in your classpath
twice that is also contained in "crimson.jar". Solution: Strip down
your runtime classpath. In order to run my test class, all I need is
orion.jar in my classpath and the project directory. This is because the
manifest in orion.jar specifies classpath extensions for all the other
jars in the root orion directory. I hope this solves your problem. If
you haven't already, try to get the InitialContext without supplying a
principal or credentials in the Properties object. I was quite surprised
as I have not seen this capability in other app server implementations.
Let me know what happens.
-Matt
I have actually got several inquiries from people having the same
problem.. And here's my original post to the Orion-Interest group:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Juha Paananen
Sent: 13. kesäkuuta 2001 22:02
To: Orion-Interest
Subject: Sealing violation?
I get this strange exception when I'm trying to instantiate an
InitialContext in my Orion application client:
java.lang.SecurityException: sealing violation
at java.net.URLClassLoader.defineClass(URLClassLoader.java:234)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:486)
at
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:111)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at
org.apache.crimson.jaxp.DocumentBuilderFactoryImpl.newDocumentBuilder(Do
cumentBuilderFactoryImpl.java:82)
at com.evermind._un.getJavaxDocument(Unknown Source)
at com.evermind.xml.XMLUtils.getDocument(Unknown Source)
at com.evermind.xml.XMLConfig._cg(Unknown Source)
at
com.evermind.server.ApplicationClientInitialContextFactory.getInitialCon
text(Unknown Source)
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:668)
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:246)
at javax.naming.InitialContext.init(InitialContext.java:222)
at javax.naming.InitialContext.(InitialContext.java:198)
at LittleTest.main(LittleTest.java:61)
This is how I construct the InitialContext:
Properties p = new Properties();
p.put("java.naming.factory.initial",
"com.evermind.server.ApplicationClientInitialContextFactory");
p.put("java.naming.provider.url", "ormi://localhost/ums");
p.put("java.naming.security.principal", "admin");
p.put("java.naming.security.credentials", "123");
InitialContext ctx = new InitialContext(p);
It doesn't seem to matter if I use a correct or incorrect
username/credentials.
Also, this problem has never occurred in Orion 1.4.7, but only when I
updated to Orion 1.5.2. Am I possibly missing some jar in my classpath?
(It now includes the orion.jar and j2ee.jar)..
Thanks,
Juha
winmail.dat
Sealing violation?
Title: Sealing violation?
I get this strange exception when I'm trying to instantiate an InitialContext in my Orion application client:
java.lang.SecurityException: sealing violation
at java.net.URLClassLoader.defineClass(URLClassLoader.java:234)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:486)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:111)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at org.apache.crimson.jaxp.DocumentBuilderFactoryImpl.newDocumentBuilder(DocumentBuilderFactoryImpl.java:82)
at com.evermind._un.getJavaxDocument(Unknown Source)
at com.evermind.xml.XMLUtils.getDocument(Unknown Source)
at com.evermind.xml.XMLConfig._cg(Unknown Source)
at com.evermind.server.ApplicationClientInitialContextFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:668)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:246)
at javax.naming.InitialContext.init(InitialContext.java:222)
at javax.naming.InitialContext.(InitialContext.java:198)
at LittleTest.main(LittleTest.java:61)
This is how I construct the InitialContext:
Properties p = new Properties();
p.put("java.naming.factory.initial", "com.evermind.server.ApplicationClientInitialContextFactory");
p.put("java.naming.provider.url", "ormi://localhost/ums");
p.put("java.naming.security.principal", "admin");
p.put("java.naming.security.credentials", "123");
InitialContext ctx = new InitialContext(p);
It doesn't seem to matter if I use a correct or incorrect username/credentials.
Also, this problem has never occurred in Orion 1.4.7, but only when I updated to Orion 1.5.2. Am I possibly missing some jar in my classpath? (It now includes the orion.jar and j2ee.jar)..
Thanks,
Juha
