RE: Can't get taglibs to work in orion
It's not Sun. XML IS ordered, and if you don't follow the order specified in the DTD, the document won't validate. On Tue, 12 Jun 2001, Aaron Tavistock wrote: Might be something to do with the fact that the web.xml dtd requires a certain ordering. I've run into this before and it was extremely difficult to figure out exactly what happened. After I discovered the problem I then could not fathom Sun wrote the dtd to require a particullaar order. Either way, try putting the taglib lines before your security constraint. -Original Message- From: Tim Pouyer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 12, 2001 3:30 PM To: Orion-Interest Subject: Can't get taglibs to work in orion I downloaded the custom tags provided on orion's site and installed them on my orion 1.5.2 server. But when I try to go to the jsp page that uses them I get a 'page cannot be displayed error'. I can run jsp's that do not utilize orion's taglibs so I think it might have something to do with my deployment descriptors. In my web.xml file in web-inf directory i have the following tags: ?xml version=1.0? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.2//EN http://java.sun.com/j2ee/dtds/web-app_2_2.dtd; web-app display-nameHolder Project/display-name login-config auth-methodBASIC/auth-method /login-config taglib taglib-uriutiltags/taglib-uri taglib-location/WEB-INF/lib/utiltags.jar/taglib-location /taglib /web-app and I put %@ taglib uri=utiltags prefix=util % at the top of my jsp. With all subsequent code referenced like this util:sometag if someone could please explain what I am doing wrong I would greatly appreciate it.
RE: A connection with the server could not be established error ...
this has nothing to do with show friendly http error messages - they are not enabled in my browser. the problem is, i dont even get a connection to Orion - the same result, as if you enter an www adress in your browser, which doesnt exist. and this is just temporary - very temporary - normally a push on the reload button, gets a new connection. if I sit and press reload hundreds of times, suddently the server stops returning the dummy page, and after a seconds or so, it beginds to return a result again. wierd, ehhh ? Regards, Tony -Original Message- From: elephantwalker [mailto:[EMAIL PROTECTED]] Sent: 12. juni 2001 22:07 To: Orion-Interest Subject: RE: A connection with the server could not be established error ... Tony, ie is a little flakey with its 'friendly' messages. Try using ns to see what the exact error is, or turn-off the 'friendly' messages from ie. regards, the elephantwalker
Orion at port 80 with IIS
Hi All, I have Orion running on an Windows NT system with MSSQL and IIS 4.0 installed. Orion is running on port 8090; IIS on port 80. I found out that a lot of users can't access 8090 via their firewall. Is it possible to configure Orion so that it works via the IIS, or the other way around? The IIS is serving another site build with Magic 8.3, which uses the IIS to connect. The Orion server is running the Enformia EIP 4.0 solution. thanks! Peter Langela
SV: Oracle deal gag... but on a different note.
Title: SV: Oracle deal gag... but on a different note. Please, drop this damn thread. The list is obviosly not censured, just a bit sucky. No one will wake up next to a swedish meatball smeared with cowberry jam and mashed potatoes.. Stop accusing people of being paranoid etc, it only floods my mailbox. Im sure IF will respond to the original issues given time (are they back from JavaOne yet?). WR -Ursprungligt meddelande- Från: Joseph B. Ottinger [mailto:[EMAIL PROTECTED]] Skickat: den 12 juni 2001 10:57 Till: Orion-Interest Ämne: RE: Oracle deal gag... but on a different note. On Tue, 12 Jun 2001, Jay Armstrong wrote: Sure, I can understand this -- good thing we have orionsupport.com, which isn't affiliated with Ironflare. This is why I've never been willing to advertise anything on orionsupport, and why I'm not directly affiliated in any way with Ironflare - because I want the freedom to some day post something like Orion totally sucks in area XYZ (not mentioning anything like JMS, for example, am I?) without worrying about receiving a warning from the Swedish Mafia. You see, Joseph, it's this kind of humor that makes people think of waking up next to their favorite racehorse's head. Not sure what your point is, here, pardner. After all, I was saying this is why Orionsupport isn't directly affiliated, so that we wouldn't have to worry about that in any case... and then you say something that leads me to believe you took the exact wrong meaning. You've been doing that a lot; this kind of dedication takes a peculiar sort of effort. The buck stops here sign is on Karl's and Magnus' desk, right? I hope they don't usually ride in the same car together all time. :) Well, I didn't know they HAD desks - I can see Satan doing all his work on a futon for some reason - but at this point, we don't know how much responsibility Oracle has taken. *shrug* We'll see. They may not have desks yet, but they can probably afford to order big, hand-carved, mahogony ones now. I hope so! They deserve them. At any rate, I have a little more information about the deal now than I did; your dire warnings are, IMHO, unfounded. Sure, there are some nasty implications for those poor souls still waiting for Godot^WIronflare to provide Oracle-level support for Orion, but even those are merely implications and not a fomral reality yet. From your previous comment about looking at Oracle, let me cite an example about supporting integrated products. A couple of years ago, I found an error in Adrian Cockroft's book, Sun Performance and Tuning regarding the formulas for shared memory and semaphore settings in etc/system. Of course, Adrian (creator of the VirtualAdrian tools) is a god and I'm just a troll (as someone recently pointed out), but even trolls get lucky now and then. Are you a BLIND troll, that's the real question. [snip, snippety snip snip snip!] My point is that the dance between Orion and Oracle could be just as complex. Sure, could be. But isn't. :) I'm not trying to hold some special knowldge over your head, and it's quite possible that what I know is public knowledge, but until I confirm that, I ain't saying. Karl/Magnus have not, apparently, hired the people on the Ironflare side to free them up to address such questions. Just because Oracle has a support infrastucture, call center, help desk, etc, does not mean that Oracle has anyone who can deal with the really tough problems. Doubt THAT - the whole reason they licensed Orion is because they found that they were getting the real tough problems and their lousy infrastructure wasn't set up for it. Not a matter of THEIR SKILL, mind you, but of the original thought that went into their misbegotten app server crap. Before getting flamed again, I am NOT picking on Orion/Oracle here. I believe orion-interest and orionsupport are more responsive and accurate, generally, than the big companies. I would still have great confidence in just about any Orion/Oracle combination. We shall, as you say, *shrug* see. You sure? Why do you? I would like to see Oracle at least attempt to hire some of the people around the world who contributed their valuable time to debugging Orion free of charge. NOT ME. I'm not looking for a job with Orionacle. Me either... but I'm not sure if this is your actual gripe. If it is, hey, um, wow... you're over-reacting by a lot, IMHO. --- Joseph B. Ottinger [EMAIL PROTECTED] http://adjacency.org/ IT Consultant
problem with POST (bug?)
Hello everyone!
I have very strange problem with my servlet.
When I deploy servlet packed in war, servlet never recive POST request. It
receive only GET (in HTML is POST).
But when I put servlet class in default-web-app everything iw working fine.
Do I need to put something in web.xml or somewhere else that I want to use
POST?
I have used few other servers and I never had similar problem.
Here is servlet code:
package isvu.studomat.web;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.util.*;
public class TestOrion extends HttpServlet {
private static final String CONTENT_TYPE = "text/html";
public void init(ServletConfig config) throws ServletException {
super.init(config);
}
public void doGet(HttpServletRequest request, HttpServletResponse
response) throws ServletException, IOException {
response.setContentType(CONTENT_TYPE);
PrintWriter out = response.getWriter();
out.println("html");
out.println("head");
out.println("titleUntitled Document/title");
out.println("meta http-equiv=\"Content-Type\" content=\"text/html;
charset=windows-1250\"");
out.println("/head");
out.println("body bgcolor=\"#FF\"");
out.println("form method=\"post\" action=\"http://" +
request.getServerName() + ":" +
request.getServerPort() + request.getContextPath() + "\"");
out.println(" input type=\"text\" name=\"text\" value=\"bla bla
bla\"");
out.println(" input type=\"submit\" name=\"Submit\"
value=\"Submit\"");
out.println("/form");
out.println("/body");
out.println("/html");
}
public void doPost(HttpServletRequest request, HttpServletResponse
response) throws ServletException, IOException {
response.setContentType(CONTENT_TYPE);
PrintWriter out = response.getWriter();
out.println("html");
out.println("headtitleTestOrion/title/head");
out.println("body");
out.println("pPOST request/p");
out.println("pYou wrote '" + request.getParameter("text") + "'p");
out.println("/body/html");
}
public void destroy() {
}
}
Thanks in advance
Denis Kranjcec
RE: Security bug with application clients? (More Info)
Hello.
Here I want to provide more
information on the problem.
Just for clarification.
The problem is NOT the security
itself. It works just fine.
The problem lies IMHO in caching or
something.
It is also seen only in the RMI
connection.
EXAMPLE: Consider following
situation:
We have machine OrionA and
OrionB, both running Orion.
Both have a deployed
TestEjb.
TestEjb is:
TestEjbHome -
Home interface
TestEjbBean
- Bean class
TestEjb -
Remote interface.
TestEjb.doTheJob() - returns a String containing
the
name of the machine the
bean
was executed on
(OrionA
or OrionB)
We have a standalone
client:
public class ResourceTest
{
public static void
main(String[] args){
Context CTX;
Hashtable CtxParams;
TestEjbHome TheHome;
TestEjbTheBean;
// Connect to OrionA and
execute the TestEjb bean.
CtxParams = new HashTable();
CtxParams.put (Context.INITIAL_CONTEXT_FACTORY,
"com.evermind.server.rmi.RMIInitialContextFactory");
CtxParams.put (Context.SECURITY_PRINCIPAL, "admin");
CtxParams.put (Context.SECURITY_CREDENTIALS, "123);
// Provider is
the OrionA machine CtxParams.put
(Context.PROVIDER_URL, "ormi://OrionA/TestAPP");
CTX = new InitialContext
(CtxParams);
TheHome =
PortableRemoteObject.narrow(
CTX.lookup("TestEjb"), TestEjbHome.class);
TheBean =
TheHome.create();
System.out.println( "First
execution on: " + TheBean.doTheJob() );
// Conect to OrionB and execute the TestEjb bean.
CtxParams = new HashTable();
CtxParams.put (Context.INITIAL_CONTEXT_FACTORY,
"com.evermind.server.rmi.RMIInitialContextFactory");
CtxParams.put (Context.SECURITY_PRINCIPAL, "admin");
CtxParams.put (Context.SECURITY_CREDENTIALS, "123);
// Provider is
the OrionB machine
CtxParams.put (Context.PROVIDER_URL, "ormi://OrionB/TestAPP");
CTX = new InitialContext
(CtxParams);
TheHome =
PortableRemoteObject.narrow(
CTX.lookup("TestEjb"), TestEjbHome.class);
TheBean =
TheHome.create();
System.out.println( "Second
execution on: " + TheBean.doTheJob() );
}
}
Running the above with the
propper libraries should yeld:
First execution on:
OrionA
Second execution on:
OrionB
HOWEVER! The real sitch
returns:
First execution on:
OrionA
Second execution on:
OrionA
Another test:
Modify the code, so that the
bean returns the user name;
Modify the client, so that it
connects to one and the same provider, but with different
user_names.
Code should yeld:
First execution on:
user1
Second execution on:
user2
However it returns:
First execution on:
user1
Second execution on:
user1
In other words. Connecting once
means, that till the end you are connected to the same provider with the same
user/pass.
That's it.
Lachezar.
RE: Orion at port 80 with IIS
Orion has announced support for AJP13. It is not working yet, but once it will, you can use the tomcat3.3 ISAPI plugin to connect IIS to Orion. Marcel -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Karin KeurSent: Wednesday, June 13, 2001 9:26 AMTo: Orion-InterestSubject: Orion at port 80 with IIS Hi All, I have Orion running on an Windows NT system with MSSQL and IIS 4.0 installed. Orion is running on port 8090; IIS on port 80. I found out that a lot of users can't access 8090 via their firewall. Is it possible to configure Orion so that it works via the IIS, or the other way around? The IIS is serving another site build with Magic 8.3, which uses the IIS to connect. The Orion server is running the Enformia EIP 4.0 solution. thanks! Peter Langela
Error in deploying CMP bean in 1.5.2
Hi All, I am new to Orion app. server. I am trying to deploy a CMP Entity Bean on 1.5.2. The server gives the following error: Auto-deploying employee-ejb.jar (No previous deployment found)... Error compiling E:\orion\applications\employee\build\employee/employee-ejb.jar: Variable contained illegal space Any help would be highly appreciated. Thanks, Deepak
Re: Dynamic finders
Title: SV: Dynamic finders Dear Magnus, The question is: does ORION provide some kind of mechanism (like a callback function), that could be implemented by a programmer and return a query string upon request, instead of making them 'final'? One way to do that is to make a BMP, but i want container to do all the JDBC job for me, while being able to flexibly generate queries for finder methods. Generating finder methods for all possible queries doesn't sound like a good option. WBR, Sergei - Original Message - From: Magnus Rydin To: Orion-Interest Sent: Monday, June 11, 2001 9:41 AM Subject: SV: Dynamic finders Yes. If you want to go pure, you could do something like: a) get them all and then filter them in your code b) get the largest hit first, then filter them with the collections returned by your other finders (requires one finder per dynamic value of original query). This filterting should probably be located in a Session bean. c) generate finder methods for all possible queries and have a Session bean select the one you want Having been in your shoes, I dropped religion and went with tech. :) WR -Ursprungligt meddelande- Frn: Dvornikov Victor [mailto:[EMAIL PROTECTED]] Skickat: den 10 juni 2001 00:03 Till: Orion-Interest mne: RE: Dynamic finders Although it may be technically correct, but from conceptual database modeling point of view the comparison ($1 is null... ) is questionable.-Original Message- From: Magnus Rydin [SMTP:[EMAIL PROTECTED]] Sent: ??? 08 2001 14:37 To: Orion-Interest Subject: SV: Dynamic finders something like .. ($1 is null OR $1=$field) AND ... -Ursprungligt meddelande-Fran: Stefan Paun [ mailto:[EMAIL PROTECTED]] Skickat: den 8 juni 2001 07:16 Till: Orion-InterestAmne: Dynamic finders Does anybody have a solution for implementing a finder that takes some parameters, but searches taking into account only the ones that are notnull? Basically, this would be used to support a search page inwhich the user can choose to fill or not some fields of the search criteria.I know that probably the best way to do this is using aSession Bean and JDBC, but is there a way to implement it using CMP Entity finders (inEJB1.1)? Thanks, Stefan
Why was the default value for max-tx-retries changed to 3?
It seems that Orion 1.5.2 writes max-tx-retries=3 in the dynamically generated orion-ejb-jar.xml when deploying new beans. According to the docs the default value should be 0, and that is the way it worked in previous releases. I haven't found any mention of this change in the release notes for Orion 1.5.2... Why was this changed from 0 to 3? Is it possible to change this? I know it is possible to change for each specific bean by creating my own orion-ejb-jar.xml and overriding the max-tx-retries setting, but is it possible to change the fact that 3 is used as the global default for all new beans? Regards, /Henrik begin:vcard n:Kniberg;Henrik tel;cell:+46 70 492 5284 tel;fax:+46 8 555 172 01 tel;home:+46 8 560 24788 tel;work:+46 8 555 172 30 x-mozilla-html:TRUE url:http://www.goyada.com org:Goyada adr:;;Löjtnantsgatan 25;Stockholm;;115 50;Sweden version:2.1 email;internet:[EMAIL PROTECTED] x-mozilla-cpt:;28976 fn:Henrik Kniberg end:vcard
RE: Oracle deal gag... but on a different note.
On Tue, 12 Jun 2001, Jay Armstrong wrote: Joseph, You see, Joseph, it's this kind of humor that makes people think of waking up next to their favorite racehorse's head. Not sure what your point is, here, pardner. After all, I was saying this My point is that some slow people, like me, can't always tell right away when you are kidding (remember A Swedish Idea). Mafia-Godfather I-horsehead in movie director's bed. Get it? But I wasn't kidding... Anyway, enough of that. I hope so! They deserve them. At any rate, I have a little more information about the deal now than I did; your dire warnings are, IMHO, unfounded. Sure, there are some nasty implications for those poor souls still waiting for Godot^WIronflare to provide Oracle-level support for Orion, but even those are merely implications and not a fomral reality yet. Okay. Somehow, I don't think Karl is going to ever teach me the secret Ironflare handshake. Me either. Although I'm betting it involves lutefisk somehow. Those silly Finns! course, Adrian (creator of the VirtualAdrian tools) is a god and I'm just a troll (as someone recently pointed out), but even trolls get lucky now and then. Are you a BLIND troll, that's the real question. [snip, snippety snip snip snip!] BLIND and DUMB. You're slipping, not snipping, Joseph. Nah, I'm trying to have fun. That's an unfair critique of a phrase-based pun, you might say, and you're offending me greatly! I'm going to add you to my kill-file, report you to the FBI (in addition to the FBI, the CIA, and the NSA, and the local police), and send you a bottle of glue, because I can't afford a horse and that's the closest I can get. My point is that the dance between Orion and Oracle could be just as complex. Sure, could be. But isn't. :) I'm not trying to hold some special knowldge over your head, and it's quite possible that what I know is public knowledge, but until I confirm that, I ain't saying. Secret handshake and secret decoder ring... Well, okay - maybe I have a slight advantage because I talk to them online every so often, and I'm the guy who said Hey, I've got a server, orion needs support, they ain't doing it, so I will. Maybe that gets me a little more info every now and then, especially when I ask directly. In addition, I eat a LOT of Captain Crunch, and they have those neatoriffic toys... Doubt THAT - the whole reason they licensed Orion is because they found that they were getting the real tough problems and their lousy infrastructure wasn't set up for it. Not a matter of THEIR SKILL, mind you, but of the original thought that went into their misbegotten app server crap. Maybe so. What about Karl's pledge 6 months ago that hiring the right people was Ironflare's first order of business? They've hired one recently, or so I've heard. And I don't know who they hired, but I've heard the same thing. OTOH, maybe their hiring critieria is very strict - which I can understand. I'm really more or less on your side on this particular issue, but more on this later... I have confidence; however, most of my major (Fortune 500) clients have not shown confidence in products where the only two people in the world who understand the guts of it live 8,000 miles away and might get hit by a bolt of lightening at the same time. Something like, Oops, we regret to inform you that we cannot support your $30M startup because the only two people who can answer that question are unavailable. Ah ha! And this is where Oracle turns out to be a HUGE win for us (and Ironflare). Now, you don't have to rely on an inconsistent mailing list and two (maybe three) developers. Now you can say, Hey, got $40K? Buy Oracle, and you'll be off and running with a full support network. While it's possible OC4J could fork from Orion's codebase, the chances of a severe fork are very slim. (Yes, the chances are there, from what I understand.) Slim chances, of course, mean that it will definitely happen, and the sky will fall, and I *will* win a game of Civ:CTP before... um... the day ends. You seem to have inside knowledge about this. Does Oracle (or anyone besides Karl and Magnus) have a copy of the Orion Server source code? I'll leave that answer to the principals involved. I don't know WHAT they have, exactly. I would like to see Oracle at least attempt to hire some of the people around the world who contributed their valuable time to debugging Orion free of charge. NOT ME. I'm not looking for a job with Orionacle. Me either... but I'm not sure if this is your actual gripe. If it is, hey, um, wow... you're over-reacting by a lot, IMHO. It's a big part of my gripe. There's some sort of idea that there was/is a quid pro quo between free use of Orion and free testing/debugging by the user community. I don't agree with that, but let's say there is. Well, the game has now changed, that is, big bucks from Oracle. Let's play pretend, shall we? (This is called a
RE: Orion at port 80 with IIS
You could do a port translation at your firewall so that your.orionserver.com is on port 80 for the users, but really runs on port 8090 on your machine. /Jason -Original Message-From: Karin Keur [mailto:[EMAIL PROTECTED]]Sent: Wednesday, June 13, 2001 9:26 AMTo: Orion-InterestSubject: Orion at port 80 with IIS Hi All, I have Orion running on an Windows NT system with MSSQL and IIS 4.0 installed. Orion is running on port 8090; IIS on port 80. I found out that a lot of users can't access 8090 via their firewall. Is it possible to configure Orion so that it works via the IIS, or the other way around? The IIS is serving another site build with Magic 8.3, which uses the IIS to connect. The Orion server is running the Enformia EIP 4.0 solution. thanks! Peter Langela
Force Logon after X minutes
I am custom user-authentication. The user and groups are in a database and I am using BASIC authentication. How can I allow users to logoff w/o them closing their browser? How can I force them to logon again after x minutes? Thxs, Jason
Getting rid of stale files in a deployment
Lets say I have the file foo.jsp in my web.war file. On deployment, orion expands the .ear and the .war and I can access the file. If I later remove the foo.jsp file and redeploy the application, foo.jsp is still in the expanded directory. I can use the preview admin console to delete the app and the files, but I don't see any way to automate the deletion. I'm using Ant to build and deploy and would prefer a way to keep the deployed directory consistant even with file removals. Thoughts or suggestions? (btw: orion wasn't even on my radar screen of J2EE containers until Oracle licensed it.. Good job!) -- Rupa
Re: Can't get taglibs to work in orion
hey, finaly got taglibs to work. It was the ordering of the nodes in the web.xml file. I feel realy stupid now. Thanks for your help. tim - Original Message - From: Aaron Tavistock To: Orion-Interest Sent: Tuesday, June 12, 2001 10:02 PM Subject: RE: Can't get taglibs to work in orion Might be something to do with the fact that the web.xml dtd requires a certain ordering. I've run into this before and it was extremely difficult to figure out exactly what happened. After I discovered the problem I then could not fathom Sun wrote the dtd to require a particullaar order. Either way, try putting the taglib lines before your security constraint. -Original Message-From: Tim Pouyer [mailto:[EMAIL PROTECTED]]Sent: Tuesday, June 12, 2001 3:30 PMTo: Orion-InterestSubject: Can't get taglibs to work in orion I downloaded the custom tags provided on orion's site and installed them on my orion 1.5.2 server. But when I try to go to the jsp page that uses them I get a 'page cannot be displayed error'. I can run jsp's that do not utilize orion's taglibs so I think it might have something to do with my deployment descriptors. In my web.xml file in web-inf directory i have the following tags: ?xml version="1.0"? !DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd" web-app display-nameHolder Project/display-name login-config auth-methodBASIC/auth-method /login-config taglib taglib-uriutiltags/taglib-uri taglib-location/WEB-INF/lib/utiltags.jar/taglib-location /taglib /web-app and I put %@ taglib uri="utiltags" prefix="util" % at the top of my jsp.With all subsequent code referenced like this util:sometag if someone could please explain what I am doing wrong I would greatly appreciate it.
clustering and class/jar visibility
we have a 'dev' instance on box 1...we can deploy a web app using the 'exploded directory structure', and put our sybase jdbc driver zip file in lib under j2ee/home...works great. we have a 'test' instance on box 2...with 2 instances of orion running in a load-balanced cluster. We set an auto-deploy directory in our server xml files pointing to a shared file space (afs). We than .ear up the web app we had in 'dev' and deploy...it looks like deployment worked, but the sybase jdbc drivers are not visible..I get class not found...even tho the jconnect40.zip file is in the same j2ee/home/lib directory as on 'dev'is there some catch to distributing web apps to a cluster that effects the visibility of .jar files placed in j2ee/home/lib? I saw some messages about starting orion with a classpath directive in the java command explicitly mapping jar files, such as is done when starting jserv manually...is this the 'gotcha' of this type of config? Any help appreciated... Regards, Mike Conway UNC-Chapel Hill
Re: Please help me
Hi, tio me it seems as the data-sources.xml is incorrect. It should be something like this: data-source class=com.evermind.sql.DriverManagerDataSource name=OracleDS location=jdbc/OracleCoreDS xa-location=jdbc/xa/OracleXADS ejb-location=jdbc/OracleDS connection-driver=oracle.jdbc.driver.OracleDriver username=scott password=tiger url=jdbc:oracle:thin:@localhost:1521:orcl inactivity-timeout=30 / I have following data-source data-source class=oracle.jdbc.pool.OracleDataSource name=Oracle location=jdbc/devDS xa-location=jdbc/xa/devXA ejb-location=jdbc/devDS connection-driver=oracle.jdbc.driver.OracleDriver url=jdbc:oracle:thin:system/manager@station-one:1521:application username=system password=manager inactivity-timeout=30 schema=database-schemas/oracle.xml / _ Get your FREE download of MSN Explorer at http://explorer.msn.com
Deployment descriptors autocopy?
I guess... I'll ask just for the sake of it. I have a complete J2EE Application. EJBs, WebClient and an ApplicationClient... However. I have orion-application.xml. I also have predefined data-sources.xml and principals.xml. So. I have them registered in the orion-application.xml, but... The do not get copied. Instead Orion cries-out that i have specified invalid names for data-sources and for principals. Trying I found, that after copying the orion-application.xml to the deployment directory Orion starts to search for the principals.xml and the data-sources.xml in the deployment directory, without first copying them there. Is there a way to make Orion autocopy them? BTW. I HAVE to use 1.4.5 for many reasons, so answers like "Fixed in 1.5.0" or something like that are not options. W8ingForward2Hearing4mU.soon Lachezar
Re: Security bug with application clients? (More Info)
Lachezar's second example is exactly what I tried,
and I got the same results.
I started looking at the docs related to web
clients, trying to figure out if there was something different between
web-client security and application-client security. (First, I need to
mention that I know next to nothing about web cliens or servlets.) The
Orion security primer on jollem.com seems only to set up permissions per jsp,
not actual ejb security. Is this correct, or does anybody have actual ejb
security working with web clients? (If so, is this using orion's web
server, or apache/tomcat?)
Additionally, I tried using the
RoleManager... First of all, you cannot get a role manager from a
client. It is only available inside EJBs. No problem, I
figured, I can have a "login" account, which will allow the user to connect to
an "authentication" bean to do a "RoleManager.login". Within the context
of the "authentication" bean, this seemed to work. However, on return of
the function call, the principal reverted to the "login" account. (I
suppose you could pass username password to every method call and
"RoleManager.login" for each one... But what a hack that would be.)
Mike
- Original Message -
From:
Lachezar
Dobrev
To: Orion-Interest
Sent: Wednesday, June 13, 2001 2:31
AM
Subject: RE: Security bug with
application clients? (More Info)
Hello.
Here I want to provide more
information on the problem.
Just for
clarification.
The problem is NOT the security
itself. It works just fine.
The problem lies IMHO in caching
or something.
It is also seen only in the RMI
connection.
EXAMPLE: Consider following
situation:
We have machine OrionA and
OrionB, both running Orion.
Both have a deployed
TestEjb.
TestEjb is:
TestEjbHome
- Home interface
TestEjbBean
- Bean class
TestEjb
- Remote interface.
TestEjb.doTheJob() - returns a String containing
the
name of the machine the
bean
was executed on
(OrionA
or OrionB)
We have a standalone
client:
public class ResourceTest
{
public static
void main(String[] args){
Context CTX;
Hashtable CtxParams;
TestEjbHome TheHome;
TestEjbTheBean;
// Connect to OrionA and
execute the TestEjb bean.
CtxParams = new HashTable();
CtxParams.put (Context.INITIAL_CONTEXT_FACTORY,
"com.evermind.server.rmi.RMIInitialContextFactory");
CtxParams.put (Context.SECURITY_PRINCIPAL, "admin");
CtxParams.put (Context.SECURITY_CREDENTIALS, "123);
// Provider
is the OrionA machine
CtxParams.put (Context.PROVIDER_URL, "ormi://OrionA/TestAPP");
CTX = new InitialContext
(CtxParams);
TheHome =
PortableRemoteObject.narrow(
CTX.lookup("TestEjb"), TestEjbHome.class);
TheBean =
TheHome.create();
System.out.println( "First
execution on: " + TheBean.doTheJob() );
// Conect to OrionB and execute the TestEjb
bean.
CtxParams = new HashTable();
CtxParams.put (Context.INITIAL_CONTEXT_FACTORY,
"com.evermind.server.rmi.RMIInitialContextFactory");
CtxParams.put (Context.SECURITY_PRINCIPAL, "admin");
CtxParams.put (Context.SECURITY_CREDENTIALS, "123);
// Provider
is the OrionB machine
CtxParams.put (Context.PROVIDER_URL, "ormi://OrionB/TestAPP");
CTX = new InitialContext
(CtxParams);
TheHome =
PortableRemoteObject.narrow(
CTX.lookup("TestEjb"), TestEjbHome.class);
TheBean =
TheHome.create();
System.out.println( "Second
execution on: " + TheBean.doTheJob() );
}
}
Running the above with the
propper libraries should yeld:
First execution on:
OrionA
Second execution on:
OrionB
HOWEVER! The real sitch
returns:
First execution on:
OrionA
Second execution on:
OrionA
Another test:
Modify the code, so that the
bean returns the user name;
Modify the client, so that
it connects to one and the same provider, but with different
user_names.
Code should yeld:
First execution on:
user1
Second execution on:
user2
However it returns:
First execution on:
user1
Second execution on:
user1
In other words. Connecting once
means, that till the end you are connected to the same provider with the same
user/pass.
That's it.
Lachezar.
RE: A connection with the server could not be establishederror ...
I just finished doing some load testing with Orion, WebLogic, and WebSphere (via IBM Apache). All the servers but WebSphere/Apache eventually had connection failures. I chalk it up to all the object creation/destruction going on for a connection. Apache, having it's C heritage does not have as much overhead this way. My guess is that I could put any of the servers behind Apache and not have the connection failures. The question is, does adding the infrastructure and support for Apache in your environment make sence? Connection failures don't become an issue until you reach a certain level (different for each server load type). Do you need to worry about it? BTW, Orion did the best when it came to throughput and connection failures. Enjoy, Bob From: Tony Fonager [EMAIL PROTECTED]@orionserver.com on 06/13/2001 09:10 AM ZE2 Please respond to Orion-Interest [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] cc: Subject: RE: A connection with the server could not be established error ... this has nothing to do with show friendly http error messages - they are not enabled in my browser. the problem is, i dont even get a connection to Orion - the same result, as if you enter an www adress in your browser, which doesnt exist. and this is just temporary - very temporary - normally a push on the reload button, gets a new connection. if I sit and press reload hundreds of times, suddently the server stops returning the dummy page, and after a seconds or so, it beginds to return a result again. wierd, ehhh ? Regards, Tony -Original Message- From: elephantwalker [mailto:[EMAIL PROTECTED]] Sent: 12. juni 2001 22:07 To: Orion-Interest Subject: RE: A connection with the server could not be established error ... Tony, ie is a little flakey with its 'friendly' messages. Try using ns to see what the exact error is, or turn-off the 'friendly' messages from ie. regards, the elephantwalker
RE: Force Logon after X minutes
%
if (session != null) {
session.invalidate();
}
%
--peter
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Smith Jason
Sent: Wednesday, June 13, 2001 6:38 AM
To: Orion-Interest
Subject: Force Logon after X minutes
I am custom user-authentication.
The user and groups are in a database and I am using BASIC authentication.
How can I allow users to logoff w/o them closing their browser?
How can I force them to logon again after x minutes?
Thxs,
Jason
Re: Error in deploying CMP bean in 1.5.2
Hi. Check your deployment descriptor ejb-jar.xml in the META-INF directory in the jar file. I think you have a property (variable) that containg some whitespace (space, tab, enter). That is not permitted. Lachezar Hi All, I am new to Orion app. server. I am trying to deploy a CMP Entity Bean on 1.5.2. The server gives the following error: Auto-deploying employee-ejb.jar (No previous deployment found)... Error compiling E:\orion\applications\employee\build\employee/employee-ejb.jar: Variable contained illegal space Any help would be highly appreciated. Thanks, Deepak
RE: clustering and class/jar visibility
try placing the jar file in the web app WEB-INF/lib directory. Remember when you deploy an application it has its own sandbox. Thats my best bet. it should be visible if it is in that directory though. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mike Conway Sent: Wednesday, June 13, 2001 10:38 AM To: Orion-Interest Subject: clustering and class/jar visibility we have a 'dev' instance on box 1...we can deploy a web app using the 'exploded directory structure', and put our sybase jdbc driver zip file in lib under j2ee/home...works great. we have a 'test' instance on box 2...with 2 instances of orion running in a load-balanced cluster. We set an auto-deploy directory in our server xml files pointing to a shared file space (afs). We than .ear up the web app we had in 'dev' and deploy...it looks like deployment worked, but the sybase jdbc drivers are not visible..I get class not found...even tho the jconnect40.zip file is in the same j2ee/home/lib directory as on 'dev'is there some catch to distributing web apps to a cluster that effects the visibility of .jar files placed in j2ee/home/lib? I saw some messages about starting orion with a classpath directive in the java command explicitly mapping jar files, such as is done when starting jserv manually...is this the 'gotcha' of this type of config? Any help appreciated... Regards, Mike Conway UNC-Chapel Hill
SV: Resin and OC4J (The server formerly known as Orion)
Title: SV: Resin and OC4J (The server formerly known as Orion) Why would you want to use resin? -Ursprungligt meddelande- Från: Kemp Randy-W18971 [mailto:[EMAIL PROTECTED]] Skickat: den 13 juni 2001 20:02 Till: Orion-Interest Ämne: Resin and OC4J (The server formerly known as Orion) Has anyone connected Resin with the new OC4J technology (the server formerly known as Orion) in Oracle 9IAS? Is it the same procedure as for Orion, as documented in Resin?
Sealing violation?
Title: Sealing violation? I get this strange exception when I'm trying to instantiate an InitialContext in my Orion application client: java.lang.SecurityException: sealing violation at java.net.URLClassLoader.defineClass(URLClassLoader.java:234) at java.net.URLClassLoader.access$100(URLClassLoader.java:56) at java.net.URLClassLoader$1.run(URLClassLoader.java:195) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:297) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286) at java.lang.ClassLoader.loadClass(ClassLoader.java:253) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313) at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:486) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:111) at java.net.URLClassLoader.defineClass(URLClassLoader.java:248) at java.net.URLClassLoader.access$100(URLClassLoader.java:56) at java.net.URLClassLoader$1.run(URLClassLoader.java:195) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:297) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286) at java.lang.ClassLoader.loadClass(ClassLoader.java:253) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313) at org.apache.crimson.jaxp.DocumentBuilderFactoryImpl.newDocumentBuilder(DocumentBuilderFactoryImpl.java:82) at com.evermind._un.getJavaxDocument(Unknown Source) at com.evermind.xml.XMLUtils.getDocument(Unknown Source) at com.evermind.xml.XMLConfig._cg(Unknown Source) at com.evermind.server.ApplicationClientInitialContextFactory.getInitialContext(Unknown Source) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:668) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:246) at javax.naming.InitialContext.init(InitialContext.java:222) at javax.naming.InitialContext.init(InitialContext.java:198) at LittleTest.main(LittleTest.java:61) This is how I construct the InitialContext: Properties p = new Properties(); p.put(java.naming.factory.initial, com.evermind.server.ApplicationClientInitialContextFactory); p.put(java.naming.provider.url, ormi://localhost/ums); p.put(java.naming.security.principal, admin); p.put(java.naming.security.credentials, 123); InitialContext ctx = new InitialContext(p); It doesn't seem to matter if I use a correct or incorrect username/credentials. Also, this problem has never occurred in Orion 1.4.7, but only when I updated to Orion 1.5.2. Am I possibly missing some jar in my classpath? (It now includes the orion.jar and j2ee.jar).. Thanks, Juha
Re: Force Logon after X minutes
The problem is that with BASIC authentication the *browser* remembers the
logon information and resends it whenever needed. Hence things like
invalidating the session will not work, since the browser will simply log
the user in again without their intervention.
So far as I know, there is no solution to this problem. If you use BASIC
authentication, the user has to shut down the browser to log off.
If someone knows differently, I too would certainly love to hear the answer.
Nick
At 03:18 PM 6/13/01 -0400, you wrote:
is it too obvious to say:
send out the pages w/ an expire time
set the http session expiration to a desired interval to prevent use after x
minutes...create a logoff function that invalidates their session...
is that too simplistic?
regards,
Mike Conway
cybermaster wrote:
%
if (session != null) {
session.invalidate();
}
%
--peter
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Smith Jason
Sent: Wednesday, June 13, 2001 6:38 AM
To: Orion-Interest
Subject: Force Logon after X minutes
I am custom user-authentication.
The user and groups are in a database and I am using BASIC authentication.
How can I allow users to logoff w/o them closing their browser?
How can I force them to logon again after x minutes?
Thxs,
Jason
Re: Force Logon after X minutes
Hello Smith, Create a class that implements HttpSessionBindingListener. In the valueUnbound(HttpSessionBindingEvent event) put whatever code you need to logout . When you create the session, store an object of that class, so when the session expires the user logout. -- Best regards, Rafaelmailto:[EMAIL PROTECTED]
RE: Resin and OC4J (The server formerly known as Orion)
Title: RE: Resin and OC4J (The server formerly known as Orion) Should be same unless OC4J messup with something. Kesav Kumar Software Engineer Voquette, Inc. 650 356 3740 mailto:[EMAIL PROTECTED] http://www.voquette.com Voquette...Delivering Sound Information -Original Message- From: Kemp Randy-W18971 [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 13, 2001 11:02 AM To: Orion-Interest Subject: Resin and OC4J (The server formerly known as Orion) Has anyone connected Resin with the new OC4J technology (the server formerly known as Orion) in Oracle 9IAS? Is it the same procedure as for Orion, as documented in Resin?
using ejb-ref-mapping in orion-web.xml?
g'afternoon all - Has anyone ever used the ejb-ref-mapping tag in the orion-web.xml file? From reading the doc on the Orion website, it appears that you can modify the JNDI name used by an ejb-ref-mapping entry for an EJB home as described in the standard web.xml file. I've got the following in my web.xml to reference a SFSB: ejb-ref descriptionbenefit manager/description ejb-ref-nameEmployeeBenefitManager/ejb-ref-name ejb-ref-typeSession/ejb-ref-type homebenefit.ejb.manager.EmployeeBenefitManagerHome/home remotebenefit.ejb.manager.EmployeeBenefitManager/remote /ejb-ref From a servlet, I can successfully lookup the EJB using the name java:comp/env/EmployeeBenefitManager If I wanted to modify the JNDI name of the EmployeeBenefitManager without messing with the web.xml, it looks like I can use the orion-web.xml file and supply an alternate ejb-ref-mapping such as : ejb-ref-mapping location=XXX name=EmployeeBenefitManager / At deployment time, I can see that this entry is added to the generated orion-web.xml in the application-deployments directory. However when I try to do a lookup for this object in the servlet, using the java:comp/env/XXX or even just XXX, I get a NameNotFoundException. Am I doing something wrong? What name should I be using to locate the remapped object? Has anyone else ever used this? Grateful for any advice. -buttso- __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/
Counting CMP entities
Is it possible to count the number of records in a table with a CMP? WBR, Sergei
response.sendRedirect problem
Hi all, this is the scenary: I have a 2 jsp pages and 2 servlet. The flow is: pag1.jsp --(via Post)-- --servlet1 --(via forward) -- --servlet2 --(via response.sendRedirect) -- -- pag2.jsp when viewed using some browsers in Mac (IE and Netscape alike), the redirect sends the url http://hostname/servlet/servlet2/http//hostname/servlet/servlet2 and I got a 400 Bad Request Error, no matter which url I use in the response.sendRedirect (as I recall, my last was foobar/whatever) On windows and unix browsers works fine. Any ideas? -- Best regards, Rafaelmailto:[EMAIL PROTECTED]
RE: Counting CMP entities
Sergei, Doa findAll() ,you get a collection. Then do a result.size(), that should do it. Regards, the elephantwalker -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sergei BatiukSent: Tuesday, June 13, 2000 3:25 PMTo: Orion-InterestSubject: Counting CMP entities Is it possible to count the number of records in a table with a CMP? WBR, Sergei
RE: Force Logon after X minutes
Title: RE: Force Logon after X minutes
The browser remembers the Authorization header for that realm. There are couple of ways you can force browser to relogin.
Option 1)In your code have a kind of check for time interval after time interval if you get a request send the 401 response.
I use the following simple logic for this.
int counter = 0;
try
{
counter = ((Integer)session.getAttribute(Counter)).intValue();
} catch(Exception ex)
{
session.setAttribute(Counter, new Integer(counter));
}
counter++;
session.setAttribute(Counter, new Integer(counter));
if(counter =6)
{
session.removeAttribute(Counter);
response.setHeader(WWW-Authenticate, Basic realm=\My Realm\);
response.sendError(response.SC_UNAUTHORIZED);
return;
}
In the above if the counter is after 5 times I am forcing the user to login. The conditional logic you can implement based on time.
Option 2) Theorotically the browser should cache the Authorization information till the Max-Age of the page. In orion the cache-control is private to the orion server and I am not sure how the Max age redirective work with orion. You can read the section 14.8 Authorzation on rfc2616.
If any one can get succeeded in option 2 plz let me also know.
Here is full code of my sample jsp file. works.
%@page language=java%
%
if(request.getHeader(Authorization) == null)
{
response.setHeader(WWW-Authenticate, Basic realm=\My Realm\);
response.sendError(response.SC_UNAUTHORIZED);
return;
}
int counter = 0;
try
{
counter = ((Integer)session.getAttribute(Counter)).intValue();
} catch(Exception ex)
{
session.setAttribute(Counter, new Integer(counter));
}
counter++;
session.setAttribute(Counter, new Integer(counter));
String auth = request.getHeader(Authorization);
if(counter =6)
{
session.removeAttribute(Counter);
response.setHeader(WWW-Authenticate, Basic realm=\My Realm\);
response.sendError(response.SC_UNAUTHORIZED);
return;
}
%
html
body
h1I received: %=auth%/h1
Counter: %=session.getAttribute(Counter)%br
A href="%=response.encodeURL(Auth.jsp)%Retry/A
/body
/html
Kesav Kumar
Software Engineer
Voquette, Inc.
650 356 3740
mailto:[EMAIL PROTECTED]
http://www.voquette.com
Voquette...Delivering Sound Information
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Smith Jason
Sent: Wednesday, June 13, 2001 6:38 AM
To: Orion-Interest
Subject: Force Logon after X minutes
I am custom user-authentication.
The user and groups are in a database and I am using BASIC authentication.
How can I allow users to logoff w/o them closing their browser?
How can I force them to logon again after x minutes?
Thxs,
Jason
order of tags in xml configuration files
Group, This is just a heads-up. I don't see it referred to anywhere in the documents, but a bad tag order in the j2ee xml configuration tags or in the orion xml configuration tags can break an application. In particular, we often have to create orion-*.xml files for security or clustering. The role-mapping tags can be easily be put out of order if you are writing these yourself. This will break the various usermanager security options, if you use them. The order of the tags does matter in xml, you can examine the various dtd's for orion by going to http://www.orionserver.com/dtds/orion-web.dtd or orion-application.dtd, etc to download the various dtd's. These dtd's can give good insight into what is going on behind the scenes, and what is the proper order. You can also check your xml by starting orion with the -validateXML option, or rewrite you xml with the -validateXML and -rewriteXML options: java -jar orion.jar -validateXML this will give you errors for each bad xml file. java -jar orion.jar -validateXML -rewriteXML this will rewrite 'well-formed' xml...this can be treacherous if you have badly formed xml (tag closing '' missing, for example). An example of a broken orion-application.xml file follows ... can anybody spot the error?: ?xml version=1.0? !DOCTYPE orion-application PUBLIC -//Evermind//DTD J2EE Application runtime 1.2//EN http://www.orionserver.com/dtds/orion-application.dtd; orion-application deployment-version=1.5.2 ejb-module remote=false path=myejbs.jar / ejb-module remote=false path=usermanager / web-module id=mysite path=mysite.war / security-role-mapping name=some-users group name=some-users / /security-role-mapping user-manager class=com.evermind.ejb.EJBUserManager property name=defaultGroups value=users / property name=home value=com.evermind.ejb.EJBUser / /user-manager persistence path=persistence / principals path=principals.xml / log file path=application.log / /log namespace-access read-access namespace-resource root= security-role-mapping name=lt;jndi-user-rolegt; group name=administrators / /security-role-mapping /namespace-resource /read-access write-access namespace-resource root= security-role-mapping name=lt;jndi-user-rolegt; group name=administrators / /security-role-mapping /namespace-resource /write-access /namespace-access /orion-application Its the user-manager tag. It must go after the principals tag, or this apps security won't work! Here is the element definition for orion-application.dtd: !ELEMENT orion-application (ejb-module*,web-module*,client-module*,security-role-mapping*, persistence?, library*, principals?, mail-session*, user-manager?, log?, data-sources?, namespace-access?) the elephantwalker
Re: using jDriver from BEA WebLogic
Title: using jDriver from BEA WebLogic You can't. Justen Stepka - Original Message - From: Ta Nguyen Binh Duong To: Orion-Interest Sent: Tuesday, June 12, 2001 8:32 PM Subject: using jDriver from BEA WebLogic Hi all, How can I use the WebLogic jDriver for MS SQL Server 7 in jsp pages with Orion? This driver has a license file, and when I start the jsp page, there's an error: LicenseNotFoundException. How can I show the server way to the license file? I've changed my system classpath toward the license file, but it did not affect. Does Orion use the system classpath or it has another one? Thanks Binh Duong [EMAIL PROTECTED]
Re: order of tags in xml configuration files
Adding to the following you can get all dtds which are used by orion are packaged in orion.jar. If you open the orion.jar using any zip utility you can see all the dtd files(sort by Type). Extract them and have a reference of these dtds for your comparision. I use XmlSpy for editing my XML files, XML Spy is a nice tool which let you know immediatly whether you have added wrong tag etc. - Original Message - From: elephantwalker [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] Sent: Wednesday, June 13, 2001 6:12 PM Subject: order of tags in xml configuration files Group, This is just a heads-up. I don't see it referred to anywhere in the documents, but a bad tag order in the j2ee xml configuration tags or in the orion xml configuration tags can break an application. In particular, we often have to create orion-*.xml files for security or clustering. The role-mapping tags can be easily be put out of order if you are writing these yourself. This will break the various usermanager security options, if you use them. The order of the tags does matter in xml, you can examine the various dtd's for orion by going to http://www.orionserver.com/dtds/orion-web.dtd or orion-application.dtd, etc to download the various dtd's. These dtd's can give good insight into what is going on behind the scenes, and what is the proper order. You can also check your xml by starting orion with the -validateXML option, or rewrite you xml with the -validateXML and -rewriteXML options: java -jar orion.jar -validateXML this will give you errors for each bad xml file. java -jar orion.jar -validateXML -rewriteXML this will rewrite 'well-formed' xml...this can be treacherous if you have badly formed xml (tag closing '' missing, for example). An example of a broken orion-application.xml file follows ... can anybody spot the error?: ?xml version=1.0? !DOCTYPE orion-application PUBLIC -//Evermind//DTD J2EE Application runtime 1.2//EN http://www.orionserver.com/dtds/orion-application.dtd; orion-application deployment-version=1.5.2 ejb-module remote=false path=myejbs.jar / ejb-module remote=false path=usermanager / web-module id=mysite path=mysite.war / security-role-mapping name=some-users group name=some-users / /security-role-mapping user-manager class=com.evermind.ejb.EJBUserManager property name=defaultGroups value=users / property name=home value=com.evermind.ejb.EJBUser / /user-manager persistence path=persistence / principals path=principals.xml / log file path=application.log / /log namespace-access read-access namespace-resource root= security-role-mapping name=lt;jndi-user-rolegt; group name=administrators / /security-role-mapping /namespace-resource /read-access write-access namespace-resource root= security-role-mapping name=lt;jndi-user-rolegt; group name=administrators / /security-role-mapping /namespace-resource /write-access /namespace-access /orion-application Its the user-manager tag. It must go after the principals tag, or this apps security won't work! Here is the element definition for orion-application.dtd: !ELEMENT orion-application (ejb-module*,web-module*,client-module*,security-role-mapping*, persistence?, library*, principals?, mail-session*, user-manager?, log?, data-sources?, namespace-access?) the elephantwalker
