Form-based login
Hi! In WebLogic 6, the j_security_check recognizes a parameter "j_target_url". I don't think this is part of the J2EE spec, but a WebLogic feature instead. Do you know if there's an equivalent to this in Orion? At least, this j_target_url doesn't seem to work. I need this in a website where there is always (at least, when user has not logged in) a small "login form" visible in the left column, and this form should be submitted to j_security_check and then a specific "welcome page" should be displayed. If I just post the form to j_security_check, I get an error message in the browser "You are not authorized to view this page".. The only way I've managed to make the form-based login to work, is by surfing to some page that has a security-constraint. In this case, Orion takes me to the login form and then to the originally requested page, just as it is supposed to do.. Thanks, Juha
RE: Sealing violation?
Here's a solution for this "sealing violation" problem that I had earlier on. (Quote from mr. Matt Tilchen): Juha, OK. I've got it figured out. The "crimson.jar" file included in the distribution has a manifest file (meta-inf/manifest.mf) that specifies that it is "sealed". Sealing a package within a JAR file means that all classes defined in that package must be found in the same JAR file. This implies that you have a package appearing in your classpath twice that is also contained in "crimson.jar". Solution: Strip down your runtime classpath. In order to run my test class, all I need is orion.jar in my classpath and the project directory. This is because the manifest in orion.jar specifies classpath extensions for all the other jars in the root orion directory. I hope this solves your problem. If you haven't already, try to get the InitialContext without supplying a principal or credentials in the Properties object. I was quite surprised as I have not seen this capability in other app server implementations. Let me know what happens. -Matt I have actually got several inquiries from people having the same problem.. And here's my original post to the Orion-Interest group: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Juha Paananen Sent: 13. kesäkuuta 2001 22:02 To: Orion-Interest Subject: Sealing violation? I get this strange exception when I'm trying to instantiate an InitialContext in my Orion application client: java.lang.SecurityException: sealing violation at java.net.URLClassLoader.defineClass(URLClassLoader.java:234) at java.net.URLClassLoader.access$100(URLClassLoader.java:56) at java.net.URLClassLoader$1.run(URLClassLoader.java:195) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:297) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286) at java.lang.ClassLoader.loadClass(ClassLoader.java:253) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313) at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:486) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:111) at java.net.URLClassLoader.defineClass(URLClassLoader.java:248) at java.net.URLClassLoader.access$100(URLClassLoader.java:56) at java.net.URLClassLoader$1.run(URLClassLoader.java:195) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:297) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286) at java.lang.ClassLoader.loadClass(ClassLoader.java:253) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313) at org.apache.crimson.jaxp.DocumentBuilderFactoryImpl.newDocumentBuilder(Do cumentBuilderFactoryImpl.java:82) at com.evermind._un.getJavaxDocument(Unknown Source) at com.evermind.xml.XMLUtils.getDocument(Unknown Source) at com.evermind.xml.XMLConfig._cg(Unknown Source) at com.evermind.server.ApplicationClientInitialContextFactory.getInitialCon text(Unknown Source) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:668) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:246) at javax.naming.InitialContext.init(InitialContext.java:222) at javax.naming.InitialContext.(InitialContext.java:198) at LittleTest.main(LittleTest.java:61) This is how I construct the InitialContext: Properties p = new Properties(); p.put("java.naming.factory.initial", "com.evermind.server.ApplicationClientInitialContextFactory"); p.put("java.naming.provider.url", "ormi://localhost/ums"); p.put("java.naming.security.principal", "admin"); p.put("java.naming.security.credentials", "123"); InitialContext ctx = new InitialContext(p); It doesn't seem to matter if I use a correct or incorrect username/credentials. Also, this problem has never occurred in Orion 1.4.7, but only when I updated to Orion 1.5.2. Am I possibly missing some jar in my classpath? (It now includes the orion.jar and j2ee.jar).. Thanks, Juha winmail.dat
Sealing violation?
Title: Sealing violation? I get this strange exception when I'm trying to instantiate an InitialContext in my Orion application client: java.lang.SecurityException: sealing violation at java.net.URLClassLoader.defineClass(URLClassLoader.java:234) at java.net.URLClassLoader.access$100(URLClassLoader.java:56) at java.net.URLClassLoader$1.run(URLClassLoader.java:195) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:297) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286) at java.lang.ClassLoader.loadClass(ClassLoader.java:253) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313) at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:486) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:111) at java.net.URLClassLoader.defineClass(URLClassLoader.java:248) at java.net.URLClassLoader.access$100(URLClassLoader.java:56) at java.net.URLClassLoader$1.run(URLClassLoader.java:195) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:297) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286) at java.lang.ClassLoader.loadClass(ClassLoader.java:253) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313) at org.apache.crimson.jaxp.DocumentBuilderFactoryImpl.newDocumentBuilder(DocumentBuilderFactoryImpl.java:82) at com.evermind._un.getJavaxDocument(Unknown Source) at com.evermind.xml.XMLUtils.getDocument(Unknown Source) at com.evermind.xml.XMLConfig._cg(Unknown Source) at com.evermind.server.ApplicationClientInitialContextFactory.getInitialContext(Unknown Source) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:668) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:246) at javax.naming.InitialContext.init(InitialContext.java:222) at javax.naming.InitialContext.(InitialContext.java:198) at LittleTest.main(LittleTest.java:61) This is how I construct the InitialContext: Properties p = new Properties(); p.put("java.naming.factory.initial", "com.evermind.server.ApplicationClientInitialContextFactory"); p.put("java.naming.provider.url", "ormi://localhost/ums"); p.put("java.naming.security.principal", "admin"); p.put("java.naming.security.credentials", "123"); InitialContext ctx = new InitialContext(p); It doesn't seem to matter if I use a correct or incorrect username/credentials. Also, this problem has never occurred in Orion 1.4.7, but only when I updated to Orion 1.5.2. Am I possibly missing some jar in my classpath? (It now includes the orion.jar and j2ee.jar).. Thanks, Juha