Orion 1.5.2 and JSP @page errorPage
Our JSPs use the @page errorPage mechanism. This worked fine on Orion 1.4.5, and still works fine on J2EE reference implementation. But on Orion 1.5.2 we get 404 page not found instead of our error page. I know there's also an error page mechanism in web.xml, but we haven't specified anything there, and the JSP 1.1 errata clarifies that the @page takes precedence over web.xml anyway. Anyone else hit this? Is it a bug? Thanks, Mike p.s. Loved the news about Oracle... I think Orion's the best J2EE server I've seen but our infrastructure guys have "Oracle wherever possible" strategy. Now instead of having to do difficult evaluation of Oracle solution and fight my own case about how poor it is, I've been able to just move our J2EE code across and show it all running fine on Oracle's recommended J2EE solution. Magic. *** NIG The National Insurance & Guarantee Corporation PLC Reg. Office : Crown House 145 City Road London EC1V 1LP Registered in England & Wales No : 42133 *** Legal disclaimer : This message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. NIG does not accept responsibility for changes made to this message after it was sent.
RE: Any way to "forward" to j_security_check?
Thanks to everyone for the replies, useful info on Orion apart from anything else ! Main ideas seem to be: a). Programmatic login using RoleManager - Had looked at this, very useful but the authentication isn't really the problem. What's needed after some code of our own is the normal j_security_check behaviour, in particular go to the originally requested page if sign-on succeessful. To use programmatic login we'd need a way to identify the original url that triggered the sign-on page. At worst one could program the entire security onself, but this seems undesirable. b). Servlet filter - Good idea, but have similar problems of what URL pattern will select the post to j_security_check. Haven't yet found a pattern that selects it. But more generally, I'm finding I can't even use j_security_check by giving it as the form action as per Servlet spec. If sign-on fails, the failed page is displayed ok, but if sign-on succeeds, I get page not found with a url of ...appcontext.../j_security_check. I suspect this is the real problem, or at least part of the story. By the way, I gather from the Sun java forums that they're aware of the limitations of the sign-on and user-admin aspects of the spec but have deferred enhancements till after Servlet 2.3 so it can be looked into properly rather than rushing minor tweaks into 2.3. For info, I'm on Orion 1.4.5, just evaluating it as one of the possible alternatives to our current IBM Websphere. Trying to keep to a single code-base for both Websphere and J2EE-compliant servers, extending to allow for any others we try. Thanks Mike ! *** NIG The National Insurance & Guarantee Corporation PLC Reg. Office : Crown House 145 City Road London EC1V 1LP Registered in England & Wales No : 42133 *** Legal disclaimer : This message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. NIG does not accept responsibility for changes made to this message after it was sent.
Any way to "forward" to j_security_check?
Does anyone know a way to "forward" to the j_security_check processing in Orion ? We use form-based login but have our own processing to do ahead of the standard j_security_check. On J2EE Reference Implementation (and e.g. Weblogic) we post the form to our own servlet instead of j_security_check, then forward from this to j_security_check. This doesn't seem to work on Orion i.e. j_security_check doesn't seem to be something one can get a request dispatcher for. Of course, the servlet spec doesn't mandate anything about how the server should implement the j_security_check mechanism, so potentially it doesn't have to have anything that can be referenced and invoked from application code. But it would be useful to be able to. I've also thought about programmatically simulating a post to j_security_check instead of trying to forward to it, but doesn't look simple and not sure this would work on Orion either. Might be helped by Servlet 2.3 but can't move to that yet. Am I just missing some trick to this, or is it not possible on Orion? Or is it related to a bug somewhere ? (n.b. even a normal post to j_security_check seems to fail, and to get sign-on to work I have to use Orion's non-standard feature of leaving the action unspecified). *** NIG The National Insurance & Guarantee Corporation PLC Reg. Office : Crown House 145 City Road London EC1V 1LP Registered in England & Wales No : 42133 *** Legal disclaimer : This message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. NIG does not accept responsibility for changes made to this message after it was sent.