Switching from HTTP to HTTPS in an Application
Where can I find some examples of switching an application from http to https? I've got Orion running Sun's JPS 1.0 with http and https but needed some guidance. I think it would be reasonable once they log into the application it would be in secure mode from then on, but I've also heard others just secure individual pages. Thanks in Advance, Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group
ORION and SSL
Any place I can go to get more information on SSL and how it works? I've seen https displayed in the URL and assumed that I was using SSL between the server and the browser. Is that correct? How would you activate SSL? Via a page or login? Thanks, Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group
Orion Business Model
Just curious about the Orion business model. Are they looking for another venture capital round, offer, etc? What are Orion's plans for the future? Any insights would be appreciated. Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group
RE: Server stability, performance
We evaluated several application servers before deciding on Orion. Our main interest has been using Orion to develop expertise and experience with application servers with an eye to using it in a production environment. Although Orion has tons going for it there are some things that I would consider necessary before using it a production environment: 1. Stress testing in your environment, regardless of what you've heard. 2. What are your performance requirements? Does Orion meet them? Does anybody? 3. A more formal support structure from Orion. I'm not sure what the plans are for Orion and I think that warrants consideration. We expect a few bumps in the road but the verdict isn't in on Orion. Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group -Original Message- From: thm [SMTP:[EMAIL PROTECTED]] Sent: Saturday, June 24, 2000 08:03 To: Orion-Interest Cc: Orion-Interest Subject: Re: Server stability, performance I am also interested by the comparaison with the others Application Server like Weblogic and Gemstone. Thanks ThM [EMAIL PROTECTED] http://www.idocw.com Jason Rowland a écrit : I have been using Orion to develop for about two months now and love it. Soon I will need to deploy my application. I have two main concerns that I need answered before I can use Orion in a production environment. These two are performance and stability. Performance: I have read in Orion's literature about how they intend for Orion to outperform everything else on the market. On the benchmark page, they show how they outperform ASP. I think most of the people using Orion already know that Java is a better solution than ASP. What I really want to know is how does Orion compare to other Java solutions available. The ones I am personally most interested in is Orion vs. (IBM WebSphere or BEA WebLogic). Has anyone done comparisons between Orion and other commercial products? Stability: How reliable is Orion in a production environment? I am not concerned with minor bugs in the product, as I haven't had problems with it in development for the features I use. What I am more interested in is how robust is the application server after running for 30 days without a restart? I know that if I deploy on WebLogic, it will work without problems. I know this because they have been out quite a while and have been tested in the market place. Unfortunately, Orion has just been released. I have never let Orion run for days on end and had thousands of clients making requests of it. Has anyone done this kind of testing? If so, what were your results. I would really like to use Orion as it is a MUCH less expensive solution then any other commercially available product. Thanks in advance for your help! Jason Rowland
RE: Pet Store and UserManager problems
Brian: I'm also looking at the same issue. I've search the archive/FAQ's and there are a few items referring to UserManger but nothing that provides a clear path to implementing it. From the archive I understand some folks were trying to roll their ownr. Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group -Original Message- From: Brian Cunningham [SMTP:[EMAIL PROTECTED]] Sent: Thursday, June 22, 2000 18:13 To: Orion-Interest Subject: Pet Store and UserManager problems RE login in the petstore: It seems like I would need something like the following in application-deployments/estore/orion-application.xml in order to give OrionSecurityAdapter something to reference when calling addUser(). "ejb-module remote="false" path="usermanager" / user-manager class="com.evermind.ejb.EJBUserManager" property name="home" value="com.evermind.ejb.EJBUser" / property name="defaultGroups" value="users" / /user-manager" But I get "Error updating application estore: Error initializing userManager 'com.evermind. ejb.EJBUserManager': NamingException: com.evermind.ejb.EJBUser not found" when I try it. I need to understand how to get a UserManger functioning for the petstore...any help on this would be appreciated. Related to this I may also need to understand how to get demo/ejb/usermanager to redeploy, including retrying the autogeneration of tables...orion tried to deploy that app once and failed because of datasouce issues... now that I have fixed the datasources I need it to try again fresh). If tried opening and saving everything I can think of... OrionSecurityAdapter uses RoleManager, but I get UserManager naming exceptions from it so I assume it just proxies the requests through RoleManager to a UserManager...but to_which_ UserManager is totally unclear to me. My current (and I think/hope final) petstore error is: com.evermind.server.rmi.OrionRemoteException: Transaction was rolled back: java.lang.RuntimeException: NamingException: system/UserManager not found at StatefulSessionBeanWrapper10.handleEvent(StatefulSessionBeanWrapper10.java , Compiled Code) at com.sun.estore.control.web.ShoppingClientControllerWebImpl.handleEvent(Sho ppingClientControllerWebImpl.java:143) at com.sun.estore.control.web.RequestProcessor.processRequest(RequestProcesso r.java:106) at __jspPage0_Main_jsp._jspService(__jspPage0_Main_jsp.java:80) at com.evermind.server.http.EvermindHttpJspPage.service(JAX) at com.evermind.server.http.df.o3(JAX) at com.evermind.server.http.df.forward(JAX) at com.evermind.server.http.dm.o9(JAX, Compiled Code) at com.evermind.server.http.dm.o8(JAX, Compiled Code) at com.evermind.util.e.run(JAX, Compiled Code) Nested exception is: java.lang.RuntimeException: NamingException: system/UserManager not found at OrionSecurityAdapter.addUser(OrionSecurityAdapter.java) at com.sun.estore.control.ejb.StateMachine.handleAccountEvent(StateMachine.ja va:151) at com.sun.estore.control.ejb.StateMachine.handleEvent(StateMachine.java:74) at com.sun.estore.control.ejb.ShoppingClientControllerEJB.handleEvent(Shoppin gClientControllerEJB.java:116) at StatefulSessionBeanWrapper10.handleEvent(StatefulSessionBeanWrapper10.java , Compiled Code) at com.sun.estore.control.web.ShoppingClientControllerWebImpl.handleEvent(Sho ppingClientControllerWebImpl.java:143) at com.sun.estore.control.web.RequestProcessor.processRequest(RequestProcesso r.java:106) at __jspPage0_Main_jsp._jspService(__jspPage0_Main_jsp.java:80) at com.evermind.server.http.EvermindHttpJspPage.service(JAX) at com.evermind.server.http.df.o3(JAX) at com.evermind.server.http.df.forward(JAX) at com.evermind.server.http.dm.o9(JAX, Compiled Code) at com.evermind.server.http.dm.o8(JAX, Compiled Code) at com.evermind.util.e.run(JAX, Compiled Code) Also: When everything above is finally "right" there should be no user entries in principals.xml, true? All username/passwords should be persisted in a DBMS? Thanks! Brian Cunningham
RE: Pet Store and UserManager problems
I noticed that the Orion Team has the UserManager implemented on their web site demo of the PetStore. Any chance of getting some feedback from them on how they it up? Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group
RE: several questions and comments
Ari: Good comments. I had noticed this behavior also but thought fixing it was more a convenience item at this point and hoped these issues would be addressed in later releases. Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group -Original Message- From: Ari Halberstadt [SMTP:[EMAIL PROTECTED]] Sent: Friday, June 23, 2000 10:58 To: Orion-Interest Subject: several questions and comments I have been using Orion 1.0 to develop an application over the last month. I like the way Orion works as a simple Java application: add a few lines to the config files, run it, and it automatically does all the deployment stuff. It is much easier to use than the other application servers I tried. Following are several questions and comments. - The load-on-startup tag in the web.xml file for a servlet does not seem to work for me. The servlet runs fine if I access its URL, but it is not loaded on startup by Orion. The web application is part of a j2ee application. What am I doing wrong? From web.xml: ... servlet servlet-nameTaskLsdServlet/servlet-name servlet-classcom.lycos.ni.task.request.lsd.TaskLsdServlet/servlet-class load-on-startup-1/load-on-startup /servlet ... - Automatic reloading of j2ee applications doesn't work the way I would expect it to. While developing, it is much easier to work on an expanded EAR, i.e., a regular directory hierarchy. Currently, JSP files are automatically reloaded by Orion after being edited. However, if I recompile any of my classes (servlets or EJBs) then Orion does not notice the changes. I must kill Orion (^C), then remove the deployment directory from the application-deployments directory, and then restart Orion. This forces Orion to redeploy the entire application, but is is slow and tedious and it only gets slower the more EJBs I add. I would expect Orion to notice the changed class or jar files and automatically reload them, similar to the way programs like Apache JServ and Resin work. - Automatic reloading of EAR files breaks if the EAR file is being written to. When Orion notices a j2ee application deployed in an EAR file has been modified, it immediately tries to redeploy the application. However, if the EAR is still being written to, then Orion reads an incomplete file and reports an error. It would be useful for Orion to wait a few seconds after the file has stopped changing before trying to redeploy (whether a file is "changing" can be ascertained by looking at its access and modification times and at its size and waiting until they do no change for several seconds). - Currently, I must add all libraries for all applications to Orion's lib directory. I would much rather be able to specify a classpath for each web application, along with a global classpath for Orion. Copying jar files into a directory is not my preferred way for loading libraries, since it means having multiple copies of jar files separate from the full set of files with which the jar file is distributed. For instance, Resin lets you specify a classpath for each application, and a global classpath can be set using the CLASSPATH environment variable. Orion ignores the global CLASSPATH variable when running applications. - How can I specify different config and libraries directories for Orion? I would like to keep these directories and files separate from the Orion distribution directory so that upgrading to later versions is easier. - Orion currently requires copying the tools.jar file from the JDK into the Orion directory. Can't Orion infer the location of the tools.jar file from the JDK's home directory? Couldn't this be specified using the system CLASSPATH rather than copying a file into Orion? - Could the mailing list be changed to include "[ORION-INTEREST]" in the subject of each message? This would make scanning for messages in my inbox easier.
Orion 1.0 PetStore Demo DB
What is the datasource for Orion's website implentation of the PetStore? I've been using hsql but the catalog query doesn't execute properly. I've been using JDBCTest to test the query stmt but something isn't quite right. Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group
RE: PetStore Demo for Orion
Additionally the PetStore Demo on the Orion web site has both of these features working properly. Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group -Original Message- From: Kirk Kalvar [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, June 14, 2000 05:59 To: Orion-Interest Subject: PetStore Demo for Orion Has anyone successfully run the Pet Store Demo under Orion? The installation instructions for Pet Store for Orion weren't exactly accurate and I think this maybe the reason the login feature as well as catalog search feature is not working properly. Thanks, Kirk S. Kalvar
RE: EJB 2.0
An observation and a dumb question. First I looked extensively at application servers and was amazed at how much marketing hype was applied and how little real technical information they contained on how exactly how they conformed to the J2EE standard. Additionally I was looking for a server that also supported a web container. Most of the products I reviewed didn't support this. I have no doubt that Orion will continue to comply with the J2EE standard in its entirety. And the dumb question. Does BEA Weblogic support a web container in its server? Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group -Original Message- From: Nathan Phelps [SMTP:[EMAIL PROTECTED]] Sent: Thursday, June 08, 2000 01:10 To: Orion-Interest Subject: EJB 2.0 BEA Systems website says "BEA Delivers Industry's First Enterprise JavaBeans 2.0 Implementation." Does the Orion team have plans to release a version of Orion with an implementation of EJB 2.0 based upon the latest draft specification?
RE: connection reset by peer problems
I've been working with the PetStore application on Orion 1.0 and have been seeing "connection reset by peer" messages. These messages are appearing directly on the console and not in the orion application logs. The orion server and the browser acessing the application where located on the same machine. Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group -Original Message- From: Robert Krueger [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, June 07, 2000 11:01 To: Orion-Interest Subject: connection reset by peer problems hi, has anyone experienced problems with orion and post requests that resulted in "connection reset by peer" messages by netscape? we have had reports from customers that experience errors like these but we don't see anything in the server logs. another thing that has happened was that the response to a POST request was truncated on the client side (the server logs record the proper content-length). in both cases we suspect it's their proxy but I'm just checking if anyone has had similar problems. we have tested the applications and have never been able to reproduce the problems accessing the site ourselves even with a squid proxy inbetween. any similar experiences anyone? thanks, robert (-) Robert Krüger (-) SIGNAL 7 Gesellschaft für Informationstechnologie mbH (-) Brüder-Knauß-Str. 79 - 64285 Darmstadt, (-) Tel: 06151 665401, Fax: 06151 665373 (-) [EMAIL PROTECTED], www.signal7.de
RE: connection reset by peer problems
Additionally browser was IE 5.0 Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group -Original Message- From: Robert Krueger [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, June 07, 2000 11:01 To: Orion-Interest Subject: connection reset by peer problems hi, has anyone experienced problems with orion and post requests that resulted in "connection reset by peer" messages by netscape? we have had reports from customers that experience errors like these but we don't see anything in the server logs. another thing that has happened was that the response to a POST request was truncated on the client side (the server logs record the proper content-length). in both cases we suspect it's their proxy but I'm just checking if anyone has had similar problems. we have tested the applications and have never been able to reproduce the problems accessing the site ourselves even with a squid proxy inbetween. any similar experiences anyone? thanks, robert (-) Robert Krüger (-) SIGNAL 7 Gesellschaft für Informationstechnologie mbH (-) Brüder-Knauß-Str. 79 - 64285 Darmstadt, (-) Tel: 06151 665401, Fax: 06151 665373 (-) [EMAIL PROTECTED], www.signal7.de
RE: connection reset by peer problems
I agree there are some serious short comings in PetStore and I hope Sun sees fit to address them. But Its the first application I've seen that attempts to implement the Model View Controller architecture. Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group -Original Message- From: Victor A. Salaman [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, June 07, 2000 13:08 To: Orion-Interest Subject: RE: connection reset by peer problems This is a design issue in PetStore... PetStore is an extremely badly written application :) If you look at their source, you'll find the source of the "Connection Reset by peer". Most of the bugs present in PetStore have been documented by Magnus, and can be found orion/applications/estore-bugs.txt. If you look at this file, in item 12, you'll see why... "12. The code catches IOExceptions without rethrowing them (instead it prints them, IOExceptions occur whenever there's a HTTP-layer error like a client disconnecting etc, should only be propagated)." I guess that those using PetStore as a Reference Implementation are in for big surprises as PetStore needs serious work. Best Wishes, Victor Salaman -Original Message----- From: Kalvar, Kirk [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 07, 2000 12:34 PM To: Orion-Interest Subject: RE: connection reset by peer problems I've been working with the PetStore application on Orion 1.0 and have been seeing "connection reset by peer" messages. These messages are appearing directly on the console and not in the orion application logs. The orion server and the browser acessing the application where located on the same machine. Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group -Original Message- From: Robert Krueger [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, June 07, 2000 11:01 To: Orion-Interest Subject: connection reset by peer problems hi, has anyone experienced problems with orion and post requests that resulted in "connection reset by peer" messages by netscape? we have had reports from customers that experience errors like these but we don't see anything in the server logs. another thing that has happened was that the response to a POST request was truncated on the client side (the server logs record the proper content-length). in both cases we suspect it's their proxy but I'm just checking if anyone has had similar problems. we have tested the applications and have never been able to reproduce the problems accessing the site ourselves even with a squid proxy inbetween. any similar experiences anyone? thanks, robert (-) Robert Krüger (-) SIGNAL 7 Gesellschaft für Informationstechnologie mbH (-) Brüder-Knauß-Str. 79 - 64285 Darmstadt, (-) Tel: 06151 665401, Fax: 06151 665373 (-) [EMAIL PROTECTED], www.signal7.de
RE: Look up a EJB from a JSP?
If you're interested in looking at other schemes, look at Sun's Model View Controller (MVC) for their Pet Store Demo. http://developer.java.sun.com/developer/Books/DesignEntApps/ Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group -Original Message- From: Rick Horowitz [SMTP:[EMAIL PROTECTED]] Sent: Monday, May 22, 2000 21:04 To: Orion-Interest Cc: Orion-Interest Subject: Re: Look up a EJB from a JSP? I am also trying to work out an overall architecture using JSP and EJB. Although I cannot answer your question directly, here's what I'm thinking for my system. Perhaps others will comment on this. I'm planning to use a servlet to handle all http requests from browsers. The servlet will dispatch the request internally to a processing object for that request. The processing object will make a request or requests to the EJB layer, sometimes to SessionBeans and sometimes to EntityBeans. The servlet will then forward the request to a JSP for display of the output. In order to communicate the response to the display JSP, the servlet will add one or more response objects to the servlet session so they can be used as beans by the JSP. AFAIK (but I haven't tried this yet) it shouldn't matter whether the bean is a local JavaBean that is created by the servlet from its response obtained from the EBJ layer, a remote object communicated back from EJB as the response using serialization, or an EntityBean remote object. As long as it adheres to the JavaBean requirements of JSP, the JSP page should be able to display the response. btw, I'm using a servlet to process responses because I think it provides a more unified way of dealing with what responses are legal in whatever state the user's session happens to be in, and what next page should be displayed. I'm sure that custom tags have a place in this architecture, as well, to further insulate the html generation done by the JSPs from the Java code used to process responses and generate dynamic content, but I haven't gotten this far as yet. Hope this helps, and I'd be interested in hearing some comments about my proposed architecture. Thanks, Rick Horowitz Tung Bui wrote: Hi, as part of my learning, I tried to implement a dynamic page as follow: JSP-Java Bean-EJB-JDBC. I got it works as intended however with a hack. Within the my Java Bean, in order to look up the EJB bean successfully, I have to hard code the context info as follow: Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.evermind.server.ApplicationClientInitialContextFactory"); env.put(Context.PROVIDER_URL,"ormi://localhost/linkcontent"); env.put(Context.SECURITY_PRINCIPAL,""); env.put(Context.SECURITY_CREDENTIALS,""); Context ctx = new InitialContext(env); Which is not an ideal way. I'm having trouble from figuring out how to set these information up so that I do not have to hard code this way. Any idea? Thanks, Tung
ATM Demo: auto-creating database tables
Install Hypersonic SQL, modify the config files, then start Orion. The demo does auto-create the database if you install in this order. Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group
ATM Demo Hypersonic SQL Database not found
Great product! I've spent weeks looking at app servers (both commerical and open source) and was impressed with what I've seen. I have the app server up and running (whew! that was easy) and installed Hypersonic SQL. When registering with the ATM demo I receive the following error below. It looks as if the table hadn't been created. Looking through Orinon-interest couldn't determine if the database was created on the fly or had to be gen'd in advance. There is a defaultdb* in the orion directory. 5/10/00 3:01 PM atm-web: Servlet error com.evermind.server.rmi.OrionRemoteException: Transaction was rolled back: Database error: java.sql.SQLException: Table not found: COM_ACME_ATM_EJB_ACCOUNTOWNER in statement [select * from com_acme_atm_ejb_AccountOwner where (username = '[EMAIL PROTECTED]')] at StatelessSessionBeanWrapper20.addAccountOwner(StatelessSessionBeanWrapper2 0.java:262) at /doAddUser.jsp._jspService(/doAddUser.jsp.java:57) (JSP page line 6) at com.evermind.server.http.EvermindHttpJspPage.service(JAX) at com.evermind.server.http.HttpApplication.sz(JAX) at com.evermind.server.http.JSPServlet.service(JAX) at com.evermind.server.http.de.o0(JAX) at com.evermind.server.http.de.forward(JAX) at com.evermind.server.http.dl.cd(JAX) at com.evermind.util.e.run(JAX) 5/10/00 3:06 PM atm-web: Stopped 5/10/00 3:06 PM Stopped ?xml version="1.0" ? !DOCTYPE data-sources (View Source for full doctype...) - data-sources data-source name="Default data-source" class="com.evermind.sql.ConnectionDataSource" location="jdbc/DefaultDS" pooled-location="jdbc/DefaultPooledDS" xa-location="jdbc/xa/DefaultXADS" ejb-location="jdbc/DefaultEJBDS" url="jdbc:HypersonicSQL:defaultdb" connection-driver="org.hsql.jdbcDriver" username="sa" password="" schema="database-schemas/hypersonic.xml" / /data-sources Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group
Orion defaultdb create table entries
Does anyone have the "create table" entries needed for defaultdb.script? If you could post them I would appreciate it. Thanks, Kirk S. Kalvar, Software Engineer DRS Electronic Systems Group