Container Manager and firewall
There doesn't appear to be any documentation on this aspect of SCM so I'm hoping somone here will be able to help.
Essentially, I have two servers separated by a firewall. The usual SunMC ports are accessible between server and agent,
but unless the firewall rules are dropped I'm unable to create/copy zones in container manager.
Looking at the firewall logs, a number of server ports are accessed from the agent machine via UDP - one in the 10000
range and multiple packets to the 8900 range. Does anyone have a defacto list?
I responded earlier today to your question about malware. I have no idea why the host chose to delete it, but if you will come to the ClamXav Forum I can help you there. Please start with the following detailed information concerning what was found:
To get detailed infomation on what ClamXav has found, click in the top pane of the ClamXav window showing the Infection / File Name / Status to make sure it's in front and type the key combinations command-A, command-C (or choose "Select-All", "Copy" from the "Edit" menu) to copy the information to your clipboard, then come back here and type command-V or choose "Paste" to show us what was found where.
Similar Messages
-
Is DeviceManager.app a standard app in Mountain Lion, and if so, should it be included as a Login Item in Users and Groups, as it currently is in my MacBook? I thought that was the name in Windows products, and I don't have any Windows OS on my Mac. Also, is it OK to set "deny incoming connections" for Device Manager in my FIrewall? Thanks!
I responded earlier today to your question about malware. I have no idea why the host chose to delete it, but if you will come to the ClamXav Forum I can help you there. Please start with the following detailed information concerning what was found:
To get detailed infomation on what ClamXav has found, click in the top pane of the ClamXav window showing the Infection / File Name / Status to make sure it's in front and type the key combinations command-A, command-C (or choose "Select-All", "Copy" from the "Edit" menu) to copy the information to your clipboard, then come back here and type command-V or choose "Paste" to show us what was found where. -
Container-managed / bean-managed transaction demarcation
I am trying to make sure I understand container-managed and bean-managed transaction demarcation and in particular where you have one bean calling another bean. What happens where one of the beans has container-managed transaction demarcation and the other bean-managed transaction demarcation. In fact the initial question to ask is, is this allowed?
Lets use an application scenario to illustrate the issue. The application has a payment transaction. Payments can be received in one of two ways:
1. As a payment at a branch where the individual payment is processed on a client application and resulting in the processing of a single payment transaction.
2. As a batch of payments received from a bank containing, potentially, thousands of payment transactions.
The proposed implementation for this uses two session beans. The first is a Payment session bean that implements the business logic as appropriate calling entity beans to persist the change. The second is a BatchPayment session bean. This processes the batch of payment transactions received from the bank. The BatchPayment reads through the batch of payments from a bank calling the Payment session bean for each payment transaction.
Lets look at the transactional properties of both session beans. In order to support the client application the Payment session bean can implicitly enforce transactional integrity and is therefore set to container-managed transaction demarcation. However the BatchPayment session bean will want to explicitly specify transaction demarcation for performance reasons. The transactional "commit" process is relatively expensive. When processing a large batch of transactions rather than performing a commit after every transaction is processed we want to perform the commit after a number of transactions have been processed. For example, we may decide that after every 100 transactions have been processed we commit. The processing will have a shorter elapsed time as we have not had to perform 99 commit processes. So the BatchPayment session bean will want to explicitly specify its transaction demarcation and will therefore be defined with bean-managed transaction demarcation.
How would this be implemented? A possible solution is:
Payment session bean implemented with container-managed transaction demarcation with transaction scope set to Required.
BatchPayment session bean implemented with bean-managed transaction demarcation with transaction scope set to Required.
When the client application is run it calls the Payment bean and the container-managed transaction demarcation ensures the transactional integrity of that transaction.
When a BatchPayment process is run it explicitly determines the transaction demarcation. Lets say that after every 100 Payment transactions (through 100 calls to the Payment session bean) have been processed the BatchPayment bean issues a commit. In this scenario however we have mixed container-managed and bean-managed transaction demarcation. Hence my original question. Can container-managed and bean-managed transaction demarcation be mixed? If not how is it possible to implement the requirements as described above?
Thanks for any thoughts.
PaulBatchPayment session bean implemented with bean-managed transaction demarcation with transaction scope set to Required.Didn't quite understand this sentence.... if it's BMT it has no declarative transaction attributes such as "Required"....
Anyway, first of all I'll have to ask, Why at all would you want to commit in the middle of the business method? to get as much through as possible before a potential crash? :-)
Can container-managed and bean-managed transaction demarcation be mixed?Yes, of course. Just remember that the "direction" you are refering to ->
a BMT SB that propagates it's transaction to a method in a CMT SB that is demarcated with "Required" is the simplest case. If it were "reversed", or for that matter any BMT that might be called within an active transaction context must perform logic to manipulate the transaction state. For instance(and most common case), checking to see if a transaction is active and if so not to do anything(just use the one that is already active).
If not how is it possible to implement the requirements as described above?You could also implement this scenario with CMTs all the way through. your BatchPayment SB could consist of two methods, one (say, execute(Collection paymentsToExecute) ) with "Supports", and another(say executeBatchUnit(Collection paymentsToExecute, int beginIndex, int endIndex) ) with "RequiresNew".
then have the first just call the other with indexes denoting each time a group of payments.
Still, it does seem more suitable using BMT for these kind of things.....
Hope this helped.... -
MDB Container Managed Transaction and Log4J
Hi,
I'm programming and MDB that reads and updates a database then sends out an HTTP Post and logs using log4j. I've read that when an MDB is configured as CMT or container managed transaction and the OnMessage method executes without errors, the transaction is implicitly commited. You can rollback the transaction by explicitly calling setRollbackOnly() or when a RuntimeException has been thrown. My worry is that after I have sent out an HTTP POST (a transaction has been completed) I would have to log a transaction completion using log4j. My problems is if log4j throws a RuntimeException thereby rolling back my transaction which shouldn't be the case. What I have done is to catch all Exceptions (and swallow them) whenever I log using log4j after I have sent out an HTTP POST succesfully (since my transaction should be complete by then). Is this a correct workaround?
Thanks :)Your approach is correct. If you think, Log4J might throw errors, swallow the exceptions and try not to roll back.
-
EJB 3.0 Security with ACEGI and not with Container Managed Security
Hi,
Currently we are using EJB 2.0 in our project, We want to use EJB 3.0
But for security we want to use Spring ACEGI Security and we don�t want to use container managed security (No Portability, Difficult, �)
ACEGI supports Servlet/JSP security very well (I am able to call isUserInRole(), getUserPrincipal() because ACEGI implements by ServletRequestWrapper in a filter)
But for EJB, it lacks this feature. (There is no standard EJB interceptor API as there is with servlets (using filters), so there's no generic way of modify in the EJB context for the invocation)
Without using container managed security, Is there any way to propogate my security context from Servlet Layer to EJB Layer, So that I can use EJB Declartive security and getCallerPrincipal(), isCallerInRole() API.
For more info please see this thread http://forum.springframework.org/showthread.php?t=26514
Why don�t you provide standard EJB interceptor API as there is with servlets (using filters), so there I am able add security identity to EJB context.
I am eagerly waiting for the replyReason: javax.naming.NameNotFoundException: jdbc not bound
Although i am quite new to this as well i would say that there is a problem with your connection with the database.
It seems it cannot connect to Mysql.
have you download the mysql package library and imported it ?
Also in your deploy folder in you Jboss
have you altered the jdbc to connect to you database in your dataset ? ( i am not sure about mysql, but postgre reguired this)
Most probably it would be the same in mysql.
<connection-url>jdbc:postgresql://127.0.0.1:5432/Dissertation</connection-url>
Not sure if this is what you reguire, i am new at this my self -
About Container-managed Transactions and Bean-managed Transactions
as the document of weblogic7.0 describe the differents of Container-managed
Transactions and Bean-managed Transactions,and in the document,It tell us
details of using Bean-managed Transactions,such as \:
import javax.naming.*;import javax.transaction.UserTransaction;.....
import java.sql.*;import java.util.*;
UserTransaction tx = (UserTransaction)
ctx.lookup("javax.transaction.UserTransaction");tx.begin();
tx.commit() //or tx.rollback
but how to use Container-managed Transactions?
what is EJB's deployment descriptor? can someone tell me?
i wonder someone will show me an example of how to use Container-managed
Transactions.
thanks
fish
Many if not all of the WLS EJB examples use container-managed
transactions. That's a good place to start.
I'd also recommend that you pick up a decent EJB book. There's several
on the market right now.
-- Rob
fish wrote:
> <ejb-jar>
> <enterprise-beans>
> <session>
> <ejb-name>testbean</ejb-name>
> <home>test.test.TestHome</home>
> <remote>test.test.Test</remote>
> <ejb-class>test.test.TestBean</ejb-class>
> <session-type>Stateful</session-type>
> <transaction-type>Container</transaction-type>
> </session>
> </enterprise-beans>
>
> <assembly-descriptor>
> <container-transaction>
> <method>
> <ejb-name>EmployeeRecord</ejb-name>
> <method-name>*</method-name>
> </method>
> <trans-attribute>Required</trans-attribute>
> </container-transaction>
> </assembly-descriptor>
> </ejb-jar>
> ----------------------------------------------
> seems i have to write ejb-jar.xml like this,am i right?
> what about <ejb-client-jar>? is it needed in this xml file?
>
> thanks
>
> fish
>
>
-
Container Managed Entity Beans and Client Identifier in Oracle
Is it possible to use Container Managed Entity Beans (EJB with CMP)
in a way that the Oracle database sessions still know the
individual Client Identifiers of the actual users
(not just the Identifier of the proxy user defined in the
Connection Pool)?
If Yes: How?
If No: The consequence would be that the
technologies EJB with CMP cannot be user together with
Oracle Virtual Private Databases (VPN) because VPN requires
some kind of Client Identifier.
I am grateful for any hint.
Regards,
Martin Siepmann
+49 (0)163 / 7765328Not quite an auto-incrementing PK, but it is managed by the container. the following is from the turorial
Generating Primary Key Values
For some entity beans, the value of a primary key has a meaning for the business entity. For example, in an entity bean that represents a phone call to a support center, the primary key might include a time stamp that indicates when the call was received. But for other beans, the key's value is arbitrary--provided that it's unique. With container-managed persistence, these key values can be generated automatically by the EJB container. To take advantage of this feature, an entity bean must meet these requirements:
* In the deployment descriptor, the primary key class is defined as a java.lang.Object. The primary key field is not specified.
* In the home interface, the argument of the findByPrimaryKey method must be a java.lang.Object.
* In the entity bean class, the return type of the ejbCreate method must be a java.lang.Object.
In these entity beans, the primary key values are in an internal field that only the EJB container can access. You cannot associate the primary key with a persistent field or any other instance variable. However, you can fetch the bean's primary key by invoking the getPrimaryKey method, and you can locate the bean by invoking its findByPrimaryKey method.
Maybe that is good enough
christina -
Port 135 and 25913 and how to run Solaris Container Manager?
What are these ports 135 and 25913 and how to I run Solaris Container Manager .
thanksHi Zeealee,
zeealee wrote:
What are these ports 135 and 25913 and how to I run Solaris Container Manager .I haven't heard of those ports being used with SunMC before, sorry (but maybe my memory is just bad). The features of Solaris Container Manager (SCM) have now almost been entirely superseded by [Oracle Enterprise Manager Ops Center|http://www.oracle.com/us/products/enterprise-manager/opscenter/index.html] (forum here), but if you're still looking to try SCM, the manual can be found here, and if you said "yes" to SCM when you installed your SunMC Server, then you should see it in your SunMC web interface:
https://<sunmc_server>:6789 --> SunMC 4.0 --> Manage Solaris Container
If you'd like a demo of how you perform Container/LDOM operations in Ops Center, let me know and I'll set it up.
Regards,
[email protected] -
Sending message to a JMS queue and making DB update through a single container managed transaction
Can we use container managed transactions to send message to JMS queue and make DB updates in a sigle transaction. If yes then do we need 2pC license. I am using weblogic 6.0 SP2 and my database driver do not supports XA
If your JMS provider is XA compliant, you can.
If you are using WebLogic 6.0 JMS, it supports 2PC.
The JDBC resource that does not support XA can participate in the global transaction
creating a TXDataSource and setting "enable two-phase commit"=true in the Configuration
panel.
About the JMSConnectionFactory, on the console, in WebLogic 6.0, in the "Transaction"
tab folder, set "User Transactions Enabled"=true.
In your code, use non-transacted sessions.
For 2pc protocol, you need a license or you'll get an exception.
Sergi
Manoj Bansal <[email protected]> wrote:
Can we use container managed transactions to send message to JMS queue and
make DB updates in a sigle transaction. If yes then do we need 2pC license.
I am using weblogic 6.0 SP2 and my database driver do not supports XA -
My computer crashed and I cant reload firefox.. I have tried the task manager and deleting uninstalling and installing program again. I click on icon and nothing appears although it appears to start and is running in task manager, but the browser wont open.
See:
*http://kb.mozillazine.org/Browser_will_not_start_up
A possible cause is security software (firewall) that blocks or restricts Firefox or the plugin-container process without informing you, possibly after detecting changes (update) to the Firefox program.
Remove all rules for Firefox from the permissions list in the firewall and let your firewall ask again for permission to get full unrestricted access to internet for Firefox and the plugin-container process and the updater process.
See:
*https://support.mozilla.com/kb/Server+not+found
*https://support.mozilla.com/kb/Firewalls -
Problem with non-container managed entity manager
i am working on a project, in which i am using entity beans.i use netbeans, glassfish as application server and toplink as persistence provider .
i created a java class that handles all the operations with the entitys, which means i using non-container managed entity manager.
in the constructor
try{
EntityManagerFactory emf = Persistence.createEntityManagerFactory("voidPU");
entityManager = emf.createEntityManager();
catch(Exception ex){
throw new EJBException(ex.getMessage());
}then i call a function in this class from a servlet
the code of the function
List users = null;
try {
ProgLanguages progLanguage = entityManager.find(ProgLanguages.class, languageId);
users = (List) progLanguage.getUserIdCollection();
catch(IllegalStateException illegalStateException){
throw new EJBException(illegalStateException.getMessage());
catch(IllegalArgumentException illegalArgumentException) {
throw new EJBException(illegalArgumentException.getMessage());
}i got an IllegalArgumentException saying Unknown entity bean class: class vanguard.server.entity.ProgLanguages, please verify that this class has been marked with the @Entity annotation
what confuses me is that sometimes it works and most of the time it does not work, have i made anything wrong?, or there is a problem with any of the tools netbeans, glassfish, or toplink?Is it always the same entity that is reported as 'unknown' ? You mention that it works sometimes but is it the same deployment and the same code that works? The first thing I would verify is that the ear is being created as expected by netbeans. Check the persistence.xml file and verify that all of the classes are listed that will be used as entities.
--Gordon -
Container Managed Persistence entity bean relationship fields
I want to ask something that until now still confuse. Did Relationship fields in Container Managed Persistence entity beans declare , inside Database table or only Persistence fields .
If Relationship fields not declare inside database table ,how if SQL calls the relationship fields between related entity bean.
did container handle this task.
example: I have 2 entity bean with CMP(Container Managed Persistence)version 2.0
call Player and Team. every entity bean have own relationship fields and persistence fields.
player has playerId(primary key),name,position,age persistence fields and teams is relationship fields.
team has teamId(primary key),name,city and players is relationship fields.
I know that all persistence fields is declare in own database table but how about relationship fields.
can you tellme, How SQL calls can access relationship fields if relatiosnship fields is not declare in database table.
I use J2EE RI SDK version 1.3
and deploytool .
thank's .thank's for your reply .Now I have another problem
I use J2EE RI from java.sun .I try to follow example in j2eetutorial about CMP Example call RosterApp.ear .
I dont'change anything code inside RosterApp.ear but when I deploy and runclient command thereis syntax error :
java.rmi.ServerException: Remote exception occured in server thread :nested exception is java.rmi.ServerException :exception thrown from bean :nested exception is : java.ejb.EJBException :nested exception is :java.sql.SQLException :syntax error or access violation ,message from server: "you have an error in SQL syntax near "
"leagueBeanTable" WHERE "leagueId" = 'L1' at line 1
in example ,RosterApp.ear use Cloudscape database ,but I try to use Mysql database for RosterApp.ear ,is there any different syntax SQL from Cloudscape to Mysql .
if like that ,so I must edit first SQL calls from Cloudscape to MYSQL . I think because relationship fields is for entity beans only ,so how if mysql database want to access foreign key another table because foreign key isn't declare in databse table.
example : I have 3 entity bean call player, team, league .
1. PlayerEJB have persistence fields name, position, playerId(primary key), cmr fields is teams
2. TeamEJB have persistence fields name, city, teamId (primary key) , cmr fields is players and leagues .
3. LeagueEJB have persistence fields name ,sport, leagueId(primary key), cmr fields is teams
so table is
PlayerEJB <--->TeamEJB<--->LeagueEJB
Player have some finder method call findBySport(String Sport) .
because Sport is persistence fields for LeagueEJB
so PlayerEJB must traverse TeamEJB first before LeagueEJB
EJB QL : SELECT distinct object(p) FROM Player (p) IN (p.teams) AS t
WHERE t.league.sport = ?1
I know that Container will translates EJB QL to SQL calls ,but default is only for cloudscape database and I use for MYsql .
so can you helpme how to query method findBySport(String sport) to Mysql calls .
thereis no foreign key between table in database table there is only Relationship fields in entity bean. -
Using container managed form-based security in JSF
h1. Using container managed, form-based security in a JSF web app.
A Practical Solution
h2. {color:#993300}*But first, some background on the problem*{color}
The Form components available in JSF will not let you specify the target action, everything is a post-back. When using container security, however, you have to specifically submit to the magic action j_security_check to trigger authentication. This means that the only way to do this in a JSF page is to use an HTML form tag enclosed in verbatim tags. This has the side effect that the post is not handled by JSF at all meaning you can't take advantage of normal JSF functionality such as validators, plus you have a horrible chimera of a page containing both markup and components. This screws up things like skinning. ([credit to Duncan Mills in this 2 years old article|http://groundside.com/blog/DuncanMills.php?title=j2ee_security_a_jsf_based_login_form&more=1&c=1&tb=1&pb=1]).
In this solution, I will use a pure JSF page as the login page that the end user interacts with. This page will simply gather the input for the username and password and pass that on to a plain old jsp proxy to do the actual submit. This will avoid the whole problem of having to use verbatim tags or a mixture of JSF and JSP in the user view.
h2. {color:#993300}*Step 1: Configure the Security Realm in the Web App Container*{color}
What is a container? A container is basically a security framework that is implemented directly by whatever app server you are running, in my case Glassfish v2ur2 that comes with Netbeans 6.1. Your container can have multiple security realms. Each realm manages a definition of the security "*principles*" that are defined to interact with your application. A security principle is basically just a user of the system that is defined by three fields:
- Username
- Group
- Password
The security realm can be set up to authenticate using a simple file, or through JDBC, or LDAP, and more. In my case, I am using a "file" based realm. The users are statically defined directly through the app server interface. Here's how to do it (on Glassfish):
1. Start up your app server and log into the admin interface (http://localhost:4848)
2. Drill down into Configuration > Security > Realms.
3. Here you will see the default realms defined on the server. Drill down into the file realm.
4. There is no need to change any of the default settings. Click the Manage Users button.
5. Create a new user by entering username/password.
Note: If you enter a group name then you will be able to define permissions based on group in your app, which is much more usefull in a real app.
I entered a group named "Users" since my app will only have one set of permissions and all users should be authenticated and treated the same.
That way I will be able to set permissions to resources for the "Users" group that will apply to all users that have this group assigned.
TIP: After you get everything working, you can hook it all up to JDBC instead of "file" so that you can manage your users in a database.
h2. {color:#993300}*Step 2: Create the project*{color}
Since I'm a newbie to JSF, I am using Netbeans 6.1 so that I can play around with all of the fancy Visual Web JavaServer Faces components and the visual designer.
1. Start by creating a new Visual Web JSF project.
2. Next, create a new subfolder under your web root called "secure". This is the folder that we will define a Security Constraint for in a later step, so that any user trying to access any page in this folder will be redirected to a login page to sign in, if they haven't already.
h2. {color:#993300}*Step 3: Create the JSF and JSP files*{color}
In my very simple project I have 3 pages set up. Create the following files using the default templates in Netbeans 6.1:
1. login.jsp (A Visual Web JSF file)
2. loginproxy.jspx (A plain JSPX file)
3. secure/securepage.jsp (A Visual Web JSF file... Note that it is in the sub-folder named secure)
Code follows for each of the files:
h3. {color:#ff6600}*First we need to add a navigation rule to faces-config.xml:*{color}
<navigation-rule>
<from-view-id>/login.jsp</from-view-id>
<navigation-case>
<from-outcome>loginproxy</from-outcome>
<to-view-id>/loginproxy.jspx</to-view-id>
</navigation-case>
</navigation-rule>
NOTE: This navigation rule simply forwards the request to loginproxy.jspx whenever the user clicks the submit button. The button1_action() method below returns the "loginproxy" case to make this happen.
h3. {color:#ff6600}*login.jsp -- A very simple Visual Web JSF file with two input fields and a button:*{color}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root version="2.1"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:jsp="http://java.sun.com/JSP/Page"
xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
<jsp:directive.page
contentType="text/html;charset=UTF-8"
pageEncoding="UTF-8"/>
<f:view>
<webuijsf:page
id="page1">
<webuijsf:html id="html1">
<webuijsf:head id="head1">
<webuijsf:link id="link1"
url="/resources/stylesheet.css"/>
</webuijsf:head>
<webuijsf:body id="body1" style="-rave-layout: grid">
<webuijsf:form id="form1">
<webuijsf:textField binding="#{login.username}"
id="username" style="position: absolute; left: 216px; top:
96px"/>
<webuijsf:passwordField binding="#{login.password}" id="password"
style="left: 216px; top: 144px; position: absolute"/>
<webuijsf:button actionExpression="#{login.button1_action}"
id="button1" style="position: absolute; left: 216px; top:
216px" text="GO"/>
</webuijsf:form>
</webuijsf:body>
</webuijsf:html>
</webuijsf:page>
</f:view>
</jsp:root>h3. *login.java -- implent the
button1_action() method in the login.java backing bean*
public String button1_action() {
setValue("#{requestScope.username}",
(String)username.getValue());
setValue("#{requestScope.password}", (String)password.getValue());
return "loginproxy";
}h3. {color:#ff6600}*loginproxy.jspx -- a login proxy that the user never sees. The onload="document.forms[0].submit()" automatically submits the form as soon as it is rendered in the browser.*{color}
{code}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
version="2.0">
<jsp:output omit-xml-declaration="true" doctype-root-element="HTML"
doctype-system="http://www.w3.org/TR/html4/loose.dtd"
doctype-public="-W3CDTD HTML 4.01 Transitional//EN"/>
<jsp:directive.page contentType="text/html"
pageEncoding="UTF-8"/>
<html>
<head> <meta
http-equiv="Content-Type" content="text/html;
charset=UTF-8"/>
<title>Logging in...</title>
</head>
<body
onload="document.forms[0].submit()">
<form
action="j_security_check" method="POST">
<input type="hidden" name="j_username"
value="${requestScope.username}" />
<input type="hidden" name="j_password"
value="${requestScope.password}" />
</form>
</body>
</html>
</jsp:root>
{code}
h3. {color:#ff6600}*secure/securepage.jsp -- A simple JSF{color}
target page, placed in the secure folder to test access*
{code}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root version="2.1"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:jsp="http://java.sun.com/JSP/Page" xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
<jsp:directive.page
contentType="text/html;charset=UTF-8"
pageEncoding="UTF-8"/>
<f:view>
<webuijsf:page
id="page1">
<webuijsf:html id="html1">
<webuijsf:head id="head1">
<webuijsf:link id="link1"
url="/resources/stylesheet.css"/>
</webuijsf:head>
<webuijsf:body id="body1" style="-rave-layout: grid">
<webuijsf:form id="form1">
<webuijsf:staticText id="staticText1" style="position:
absolute; left: 168px; top: 144px" text="A Secure Page"/>
</webuijsf:form>
</webuijsf:body>
</webuijsf:html>
</webuijsf:page>
</f:view>
</jsp:root>
{code}
h2. {color:#993300}*_Step 4: Configure Declarative Security_*{color}
This type of security is called +declarative+ because it is not configured programatically. It is configured by declaring all of the relevant parameters in the configuration files: *web.xml* and *sun-web.xml*. Once you have it configured, the container (application server and java framework) already have the implementation to make everything work for you.
*web.xml will be used to define:*
- Type of security - We will be using "form based". The loginpage.jsp we created will be set as both the login and error page.
- Security Roles - The security role defined here will be mapped (in sun-web.xml) to users or groups.
- Security Constraints - A security constraint defines the resource(s) that is being secured, and which Roles are able to authenticate to them.
*sun-web.xml will be used to define:*
- This is where you map a Role to the Users or Groups that are allowed to use it.
+I know this is confusing the first time, but basically it works like this:+
*Security Constraint for a URL* -> mapped to -> *Role* -> mapped to -> *Users & Groups*
h3. {color:#ff6600}*web.xml -- here's the relevant section:*{color}
{code}
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description/>
<url-pattern>/faces/secure/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name/>
<form-login-config>
<form-login-page>/faces/login.jsp</form-login-page>
<form-error-page>/faces/login.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>User</role-name>
</security-role>
{code}
h3. {color:#ff6600}*sun-web.xml -- here's the relevant section:*{color}
{code}
<security-role-mapping>
<role-name>User</role-name>
<group-name>Users</group-name>
</security-role-mapping>
{code}
h3. {color:#ff6600}*Almost done!!!*{color}
h2. {color:#993300}*_Step 5: A couple of minor "Gotcha's"_ *{color}
h3. {color:#ff6600}*_Gotcha #1_*{color}
You need to configure the "welcome page" in web.xml to point to faces/secure/securepage.jsp ... Note that there is *_no_* leading / ... If you put a / in there it will barf all over itself .
h3. {color:#ff6600}*_Gotcha #2_*{color}
Note that we set the <form-login-page> in web.xml to /faces/login.jsp ... Note the leading / ... This time, you NEED the leading slash, or the server will gag.
*DONE!!!*
h2. {color:#993300}*_Here's how it works:_*{color}
1. The user requests the a page from your context (http://localhost/MyLogin/)
2. The servlet forwards the request to the welcome page: faces/secure/securepage.jsp
3. faces/secure/securepage.jsp has a security constraint defined, so the servlet checks to see if the user is authenticated for the session.
4. Of course the user is not authenticated since this is the first request, so the servlet forwards the request to the login page we configured in web.xml (/faces/login.jsp).
5. The user enters username and password and clicks a button to submit.
6. The button's action method stores away the username and password in the request scope.
7. The button returns "loginproxy" navigation case which tells the navigation handler to forward the request to loginproxy.jspx
8. loginproxy.jspx renders a blank page to the user which has hidden username and password fields.
9. The hidden username and password fields grab the username and password variables from the request scope.
10. The loginproxy page is automatically submitted with the magic action "j_security_check"
11. j_security_check notifies the container that authentication needs to be intercepted and handled.
12. The container authenticates the user credentials.
13. If the credentials fail, the container forwards the request to the login.jsp page.
14. If the credentials pass, the container forwards the request to *+the last protected resource that was attempted.+*
+Note the last point! I don't know how, but no matter how many times you fail authentication, the container remembers the last page that triggered authentication and once you finally succeed the container forwards your request there!!!!+
+The user is now at the secure welcome page.+
If you have read this far, I thank you for your time, and I seriously question your ability to ration your time pragmatically.
Kerry RandolphIf you want login security on your web app, this is one way to do it. (the easiest way i have seen).
This method allows you to create a custom login form and error page using JSF.
The container handles the actual authentication and protection of the resources based on what you declare in web.xml and sun-web.xml.
This example uses a statically defined user/password, stored in a file, but you can also configure JDBC realm in Glassfish, so that that users can register for access and your program can store the username/passwrod in a database.
I'm new to programming, so none of this may be a good practice, or may not be secure at all.
I really don't know what I'm doing, but I'm learning, and this has been the easiest way that I have found to add authentication to a web app, without having to write the login modules yourself.
Another benefit, and I think this is key ***You don't have to include any extra code in the pages that you want to protect*** The container manages this for you, based on the constraints you declare in web.xml.
So basically you set it up to protect certain folders, then when any user tries to access pages in that folder, they are required to authenticate.
--Kerry -
MDB container managed transaction demarcation not working in wls 6.1 beta
I have an MDB which sends the messages it receives onto another JMS
destination within the onMessage method. These messages are not sent to
the JMS destination unless I explicitly use a transacted session for the
destination and subsequently commit the session. If I set the transacted
parameter to Session as false the messages are sent. If I set the
transacted parameter to true the messages will only be output if the
session is committed. This is the standard behaviour for a JMS session
but this is not the correct behaviour for an MDB running with
container-managed transaction demarcation.
For a start the transacted parameter to session should be ignored when
run in the context of a container transaction and the commit method
should thrown an exception as it is not allowed within the context of a
container transaction.
This is the MDB code and the deployment descriptor: -
public class MessageBean implements MessageDrivenBean, MessageListener
private String topicName = null;
private TopicConnectionFactory topicConnectionFactory = null;
private TopicConnection topicConnection = null;
private TopicSession topicSession = null;
private Topic topic = null;
private TopicPublisher topicPublisher = null;
private TextMessage textMessage=null;
private transient MessageDrivenContext messageDrivenContext = null;
private Context jndiContext;
public final static String
JMS_FACTORY="weblogic.examples.jms.TopicConnectionFactory";
public final static String
TOPIC="weblogic.examples.jms.exampleTopic";
public MessageBean()
public void setMessageDrivenContext(MessageDrivenContext
messageDrivenContext)
this.messageDrivenContext = messageDrivenContext;
public void ejbCreate()
public void onMessage(Message inMessage)
try
jndiContext = new InitialContext();
topicConnectionFactory =
(TopicConnectionFactory)jndiContext.lookup(JMS_FACTORY);
topic = (Topic) jndiContext.lookup(TOPIC);
topicConnection =
topicConnectionFactory.createTopicConnection();
topicConnection.start();
// The transacted parameter should be ignored in the context of a
container tx
topicSession = topicConnection.createTopicSession(true,
Session.AUTO_ACKNOWLEDGE);
topicPublisher = topicSession.createPublisher(topic);
textMessage = (TextMessage)inMessage;
topicPublisher.publish(inMessage);
// this is illegal in a container transaction
topicSession.commit();
topicConnection.close();
catch (JMSException je)
throw new EJBException(je);
catch (NamingException ne)
throw new EJBException(ne);
public void ejbRemove()
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Enterprise
JavaBeans 2.0//EN' 'http://java.sun.com/dtd/ejb-jar_2_0.dtd'>
<ejb-jar>
<enterprise-beans>
<message-driven>
<display-name>MessageBean</display-name>
<ejb-name>MessageBean</ejb-name>
<ejb-class>MessageBean</ejb-class>
<transaction-type>Container</transaction-type>
<message-driven-destination>
<destination-type>javax.jms.Queue</destination-type>
</message-driven-destination>
<security-identity>
<description></description>
<run-as>
<description></description>
<role-name></role-name>
</run-as>
</security-identity>
</message-driven>
</enterprise-beans>
<assembly-descriptor>
<container-transaction>
<method>
<ejb-name>MessageBean</ejb-name>
<method-name>*</method-name>
</method>
<trans-attribute>Required</trans-attribute>
</container-transaction>
</assembly-descriptor>
</ejb-jar>
Please see the response in the EJB newsgroup.
Also, could you kindly only post to a single newsgroup?
Thanks.
"Jimmy Johns" <[email protected]> wrote in message
news:[email protected]...
> I have an MDB which sends the messages it receives onto another JMS
> destination within the onMessage method. These messages are not sent to
> the JMS destination unless I explicitly use a transacted session for the
>
> destination and subsequently commit the session. If I set the transacted
>
> parameter to Session as false the messages are sent. If I set the
> transacted parameter to true the messages will only be output if the
> session is committed. This is the standard behaviour for a JMS session
> but this is not the correct behaviour for an MDB running with
> container-managed transaction demarcation.
>
> For a start the transacted parameter to session should be ignored when
> run in the context of a container transaction and the commit method
> should thrown an exception as it is not allowed within the context of a
> container transaction.
>
> This is the MDB code and the deployment descriptor: -
>
> public class MessageBean implements MessageDrivenBean, MessageListener
> {
> private String topicName = null;
> private TopicConnectionFactory topicConnectionFactory = null;
> private TopicConnection topicConnection = null;
> private TopicSession topicSession = null;
> private Topic topic = null;
> private TopicPublisher topicPublisher = null;
> private TextMessage textMessage=null;
> private transient MessageDrivenContext messageDrivenContext = null;
>
> private Context jndiContext;
>
> public final static String
> JMS_FACTORY="weblogic.examples.jms.TopicConnectionFactory";
> public final static String
> TOPIC="weblogic.examples.jms.exampleTopic";
>
> public MessageBean()
> {
> }
>
> public void setMessageDrivenContext(MessageDrivenContext
> messageDrivenContext)
> {
> this.messageDrivenContext = messageDrivenContext;
> }
>
> public void ejbCreate()
> {
> }
>
> public void onMessage(Message inMessage)
> {
> try
> {
> jndiContext = new InitialContext();
> topicConnectionFactory =
> (TopicConnectionFactory)jndiContext.lookup(JMS_FACTORY);
> topic = (Topic) jndiContext.lookup(TOPIC);
> topicConnection =
> topicConnectionFactory.createTopicConnection();
> topicConnection.start();
> // The transacted parameter should be ignored in the context of a
> container tx
> topicSession = topicConnection.createTopicSession(true,
> Session.AUTO_ACKNOWLEDGE);
> topicPublisher = topicSession.createPublisher(topic);
> textMessage = (TextMessage)inMessage;
> topicPublisher.publish(inMessage);
> // this is illegal in a container transaction
> topicSession.commit();
> topicConnection.close();
> }
> catch (JMSException je)
> {
> throw new EJBException(je);
> }
> catch (NamingException ne)
> {
> throw new EJBException(ne);
> }
> }
>
> public void ejbRemove()
> {
> }
> }
>
>
>
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <!DOCTYPE ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Enterprise
> JavaBeans 2.0//EN' 'http://java.sun.com/dtd/ejb-jar_2_0.dtd'>
>
> <ejb-jar>
> <enterprise-beans>
> <message-driven>
> <display-name>MessageBean</display-name>
> <ejb-name>MessageBean</ejb-name>
> <ejb-class>MessageBean</ejb-class>
> <transaction-type>Container</transaction-type>
> <message-driven-destination>
> <destination-type>javax.jms.Queue</destination-type>
> </message-driven-destination>
> <security-identity>
> <description></description>
> <run-as>
> <description></description>
> <role-name></role-name>
> </run-as>
> </security-identity>
> </message-driven>
> </enterprise-beans>
> <assembly-descriptor>
> <container-transaction>
> <method>
> <ejb-name>MessageBean</ejb-name>
> <method-name>*</method-name>
> </method>
> <trans-attribute>Required</trans-attribute>
> </container-transaction>
> </assembly-descriptor>
> </ejb-jar>
>
>
>
>
>
>
>
>
-
Lost connection between ovm-manager and ovm-server (ovm 3.1)
Hi,
I have a manager as a VM on my laptop and a physical server as an ovm-server. Everything is fine when i boot the server but after some time, the manager stop to show the information from the server. in the ovs-agent log file the following messages are repeated regulary
[2013-08-29 13:06:19 6160] DEBUG (notification:289) Trying to connect to manager.
[2013-08-29 13:06:20 6160] DEBUG (notification:291) Connected to manager.
[2013-08-29 13:06:20 6160] ERROR (notification:316) No manager Core API server object for 10:60:4b:88:bc:24:10:60:4b:88:bc:25:fe:ff:ff:ff.
[2013-08-29 13:06:34 6171] ERROR (notification:64) Unable to send notification: (111, 'Connection refused')
I did not reboot neither the server nor the manager. No IP change. Rebooting the manager has no effect.
The only way to restore communication is to restart the ovs-agent on the server, but this restart disable the network card. I must be physical on the server to restart the network.
any help will be very helpful
best regards
Jean-MarcHi,
The are many steps to verify:
Verify with your firewall on the Oracle VM Manager system (service iptables stop).
Verify with a ping between OVM Manager and OVM Server using the IP Address and using the hostname for each one (from OVM Manager : ping ovm-server ; and from OVM Server: ping ovm-manager).
I hope this can help you
Best Regards
Maybe you are looking for
-
Badi ISU_PRODUCT_CHANGE and creation of a new contract line item
Hello Gurus; I have this requirement: Once a contract gets close the ending date (30 days before) i need to automatically renew the contract. In order to do that i thought that an action in the Contract Item might get the job done and browsing i foun
-
Code is working fine with OIM9102 BP14 patch but not in OIM9102 BP20.
Using OIM API calls, I am able to fetch usr_key and ugp_key succesfully when utilityFactory is initialized with system admin login. When utilityFactory is intialized with non system admin ID, usr_key and ugp_key is returning as "0". This code is work
-
hi i have unixtime format 1075329297.572 how do i store it in database.that is with what datatype.i tried to store unixtime using date, timestamp but it does not work. but with varchar2 it works. but ifi store with varchar2 i cant perform conversion
-
Hello , I have querry regarding Form 24. TXC pc00_m40_f24 after this txc on selection screen "User parameter"there are two emplyer types Goverment and Other. When I m selecting Employer type"Other", then in form outprint it is showing me deductor nam
-
Hello, I am a begginer with web dynpro for java. I want to create a application which connects to two different SAP backend systems. How can I do that? The application needs to use the same user interface to make a search on both systems.