IFS in J2EE container
Is iFS certified for runniong inside 9i appserver (J2EE container) ?
thx in advance
null
Hi,
J2EE container managed security uses role names to perform authorization. The security role is defined in the web.xml file and can be used in web applications through the isUserInRole("RoleName") method exposed on the Http Request object.
In JSF this method is exposed through
FacesContext.currentInstance().getExternalContext().isUserInRole("RoleName")
As shown in SRDemo, to declaratively use J2EE security roles in JSF, create a managed bean e.g. authzbean and create boolean methods for each of teh roles
public boolean isUserManager(){
return FacesContext.currentInstance().getExternalContext().isUserInRole("Manager")
}This method can then be accessed from EL to e.g. set the displayed property. Note that container managed authorization is different from ADF Security authorization but can be used in combination if the JAZN Realm login module is used
Frank
Similar Messages
-
Java.util.concurrent.ExecutorService inside J2EE Container
I want to use the JDK 1.5 concurrency class ExecutorService for concurrent execution of data-access logic inside my oc4j web-application.
I'm using the Factory Executors.newFixedThreadPool(6) for creating a thread-pool.
I know that it's not a good practice to create new threads inside a j2ee container.
Is there anything I have to think of or beware of??
Perhaps anybody here has experience using the java.util.concurrent.Executor inside OC4J or an other j2ee container.
Thanks, HaraldYes, I have used java.util.concurrent.Executor in weblogic 10 server.
You can really improve the performance of the EJB application if you use the thread pool carefully with limited size say 100 threads, by creating a single instance of thread pool for the whole J2EE application.
You have to control the life cycle of thread pool using the container's life cycle methods, create the thread pool only once and destroy every time you recycle your app.
Good luck with the implementation :) -
PAPI client is running outside a j2ee container
Hi,
I install BPM J2EE 10.3.1 for linux and weblogic 10.3 for linux on Red Hat Linux Enterprise 5. The database' version is 10.2.0.1 for windows and the database is install in window server 2003 sp1 on another machine.
I search this forum and copy and change the code. But I still get error "PAPI client is running outside a j2ee container"
The java code runs in the 3rd machine.
-------------------------java code-------------------------------------------------
Properties configuration = new Properties();
configuration.setProperty(ProcessService.DIRECTORY_ID, "Default");
configuration.setProperty(ProcessService.DIRECTORY_PROPERTIES_FILE, "F:\\share\\192.168.1.103\\directory.xml");
Properties systemProperties = System.getProperties();
systemProperties.setProperty("java.naming.factory.initial", "weblogic.jndi.WLInitialContextFactory");
systemProperties.setProperty("java.naming.provider.url", "t3://192.168.1.103:7001");
ProcessService processService = ProcessService.create(configuration);
ConnectionPassport Conpassport = processService.createPassportWithPreset("container-auth");
Conpassport.setParticipant("jcooper");
Conpassport.setPassword("welcome1");
System.out.println("34");
Conpassport.fillPassport();
System.out.println("36");
ProcessServiceSession session = processService.createSession(Conpassport, null);
System.out.println("38");
String processName = "/processA";
Arguments arguments = Arguments.create();
System.out.println("41");
session.processCreateInstance(processName, "BeginIn", arguments);//
System.out.println("43");
-----------------------error message----------------------------------------------------
D:\JDeveloper11g_20090318\jdk160_05\bin\javaw.exe -client -classpath E:\Jdeveloper10131_20090318\jdev\mywork\GDHZDJDCIntegrationTest\HZGTprocess\classes;D:\BPM_HOME_standalone\client\papi\lib\b1oracle.jar;D:\BPM_HOME_standalone\client\papi\lib\b1util.jar;D:\BPM_HOME_standalone\client\papi\lib\b1base.jar;D:\BPM_HOME_standalone\client\papi\lib\fuegopapi-client.jar hzgtprocess.VM_192_168_1_103_linux
Creating connector [fuego:SQL]
Creating ProcessService with id 'oracle/2009-09-14 13:23:12+08:00'.
********* PAPI (Version 10.3.1.0.0 Mantainance Pack 1 Build # 98982 ) is starting *********
Local folder /tmp\system\Schema3387192-437105321\catalogs found.
Loading catalogs from local folder: /tmp\system\Schema3387192-437105321\catalogs
0 jars found locally.
[CatalogMgrCache] =======================
Registering CatalogMgr [oracle/2009-09-14 13:23:12+08:00] ...CatalogManagerCache 20195943:
Managers:
Counters:
[CatalogMgrCache] =======================
CatalogMgr [oracle/2009-09-14 13:23:12+08:00] REGISTERED!CatalogManagerCache 20195943:
Managers:
{oracle/2009-09-14 13:23:12+08:00=fuego.util.LocalCatalogManager@1cbda0a}
Counters:
ProcessService 'oracle/2009-09-14 13:23:12+08:00' created successfully.
34
36
38
41
Unreachable Engine Tolerance (seconds):
by default: 0
to be used: 0
This papi client will not cache exceptions which imply that an engine could not be reached.
A user transaction provider is not available for reading Papi News received through the JMS Topic (probable reason: PAPI client is running outside a j2ee container). Papi News will be processed anyway. Details: javax.naming.NoInitialContextException: Cannot instantiate class: weblogic.jndi.WLInitialContextFactory [Root exception is java.lang.ClassNotFoundException: weblogic.jndi.WLInitialContextFactory]
The connection to the JMS Topic engine was completed successfully.
Exception in thread "main" fuego.papi.ProcessNotAvailableException: Process '/processA#Default-1.0' not available.
at fuego.papi.impl.AbstractProcessLoader.createProcess(AbstractProcessLoader.java:96)
at fuego.papi.impl.AbstractProcessLoader.createProcess(AbstractProcessLoader.java:36)
at fuego.papi.impl.SessionProcessLoader.load(SessionProcessLoader.java:254)
at fuego.papi.impl.ProcessManager.get(ProcessManager.java:894)
at fuego.papi.impl.ProcessServiceImpl.getProcess(ProcessServiceImpl.java:1380)
at fuego.papi.impl.SessionProcessManager.getProcess(SessionProcessManager.java:143)
at fuego.papi.impl.ProcessServiceSessionImpl.processGet(ProcessServiceSessionImpl.java:2665)
at fuego.papi.impl.ProcessServiceSessionImpl.checkBeginPermissions(ProcessServiceSessionImpl.java:4286)
at fuego.papi.impl.ProcessServiceSessionImpl.processCreateInstance(ProcessServiceSessionImpl.java:3177)
at hzgtprocess.VM_192_168_1_103_linux.main(VM_192_168_1_103_linux.java:42)
Caused by: fuego.papi.impl.EngineNotAvailableException: Cannot reach engine 'bpmengine' at URL: ''.
at fuego.papi.impl.EngineNotAvailableException.wrapConnectionException(EngineNotAvailableException.java:80)
at fuego.papi.impl.j2ee.J2EEEngineAccessImpl.createSecureEngine(J2EEEngineAccessImpl.java:181)
at fuego.papi.impl.ProcessServiceImpl.createSecureEngine(ProcessServiceImpl.java:1111)
at fuego.papi.impl.ProcessServiceSessionImpl$2.run(ProcessServiceSessionImpl.java:3987)
at fuego.papi.impl.ProcessServiceImpl.executeEngineOp(ProcessServiceImpl.java:1693)
at fuego.papi.impl.ProcessServiceSessionImpl.getSecureEngine(ProcessServiceSessionImpl.java:3995)
at fuego.papi.impl.AbstractProcessLoader.createProcess(AbstractProcessLoader.java:48)
... 9 more
Caused by: javax.naming.NoInitialContextException: Cannot instantiate class: weblogic.jndi.WLInitialContextFactory [Root exception is java.lang.ClassNotFoundException: weblogic.jndi.WLInitialContextFactory]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:657)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at fuego.util.InitialContextProvider.create(InitialContextProvider.java:44)
at fuego.papi.impl.j2ee.J2EEEngineAccessImpl.createInitialContext(J2EEEngineAccessImpl.java:492)
at fuego.papi.impl.j2ee.J2EEEngineAccessImpl.getInitialContext(J2EEEngineAccessImpl.java:293)
at fuego.papi.impl.j2ee.J2EEEngineAccessImpl.getEngineHome(J2EEEngineAccessImpl.java:277)
at fuego.papi.impl.j2ee.J2EEEngineAccessImpl.getSecureEngineInterface(J2EEEngineAccessImpl.java:333)
at fuego.papi.impl.j2ee.J2EEEngineAccessImpl.createSecureEngine(J2EEEngineAccessImpl.java:178)
... 14 more
Caused by: java.lang.ClassNotFoundException: weblogic.jndi.WLInitialContextFactory
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:276)
at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:247)
at com.sun.naming.internal.VersionHelper12.loadClass(VersionHelper12.java:46)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:654)
... 23 more
The connectivity to the JMS Topic for the server synchronization information has been temporarily interrupted.
Details:
The connectivity to the JMS Topic has been broken due to a JNDI Context initialization problem.
Details:
javax.naming.NoInitialContextException: Cannot instantiate class: weblogic.jndi.WLInitialContextFactory [Root exception is java.lang.ClassNotFoundException: weblogic.jndi.WLInitialContextFactory]
Caused by: Cannot instantiate class: weblogic.jndi.WLInitialContextFactory
Caused by: weblogic.jndi.WLInitialContextFactory
fuego.papi.impl.j2ee.JMSTopicLookUpException: The connectivity to the JMS Topic has been broken due to a JNDI Context initialization problem.
Details:
javax.naming.NoInitialContextException: Cannot instantiate class: weblogic.jndi.WLInitialContextFactory [Root exception is java.lang.ClassNotFoundException: weblogic.jndi.WLInitialContextFactory]
at fuego.papi.impl.j2ee.J2EEEngineAccessImpl$TopicSubscriberImpl.lookupTopic(J2EEEngineAccessImpl.java:665)
at fuego.papi.impl.j2ee.J2EEEngineAccessImpl$TopicSubscriberImpl.run(J2EEEngineAccessImpl.java:574)
Caused by: javax.naming.NoInitialContextException: Cannot instantiate class: weblogic.jndi.WLInitialContextFactory [Root exception is java.lang.ClassNotFoundException: weblogic.jndi.WLInitialContextFactory]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:657)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at fuego.util.InitialContextProvider.create(InitialContextProvider.java:44)
at fuego.papi.impl.j2ee.J2EEEngineAccessImpl.createInitialContext(J2EEEngineAccessImpl.java:492)
at fuego.papi.impl.j2ee.J2EEEngineAccessImpl.access$1000(J2EEEngineAccessImpl.java:68)
at fuego.papi.impl.j2ee.J2EEEngineAccessImpl$TopicSubscriberImpl.lookupTopic(J2EEEngineAccessImpl.java:660)
... 1 more
Caused by: java.lang.ClassNotFoundException: weblogic.jndi.WLInitialContextFactory
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:276)
at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:247)
at com.sun.naming.internal.VersionHelper12.loadClass(VersionHelper12.java:46)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:654)
... 8 more
Process exited.Could this be a CLASSPATH issue?
Caused by: java.lang.ClassNotFoundException: weblogic.jndi.WLInitialContextFactory
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method) -
JMS setExceptionListener doesn't work in a j2ee container?
I have just upgraded to Oracle SOA suite 10.1.3.1.0 from Oracle BPEL 10.1.2.0.2
I have redeployed a servlet which I had running on my previous oc4j server.
However when my servlet now attempts to send a jms message to the server I get an exception raised:
QueueConnection[Oc4jJMS.Connection.ghc-pc029.5a62f421:10f2ebe2218:-8000.333]: cannot invoke method "setExceptionListener" within the J2EE container.
Please could you explain why the below method can not be invoked in a J2EE container.
javax.jms.QueueConnection#setExceptionListener(ExceptionListener listener)
(retrieved from com.evermind.server.rmi.RMIInitialContextFactory)
Is this a defect? regression? or limitation?
Thanks,
PeterPeter,
Is this a defect? regression? or limitation?Creating exception listeners is explicitely prohibited by the J2EE 1.4 specs (see http://java.sun.com/j2ee/j2ee-1_4-fr-spec.pdf, section 6.6, page 103).
We had to enforce this in 10.1.3.1 to be compliant and pass the Compatibility Test Suite (CTS). The idea is that all connection-related tasks are delegated to the container. WHile making things simpler, it also certainly removes some flexibility.
Hope this makes sense.
/Demed -
Using JCo as an RFCServer in a J2EE Container (Threading Issue)
Hello,
I want to use JCo as an RFCServer in a J2EE Container
(e.g. JBoss, BEA WLS or WAS6.40).
Threrefore I use a the JCo.Server class
as shown in Example5 in the JCo Examples.
But the JCo.Server class starts a thread (JCo.ServerThread) for each Server(Listener).
According to the J2EE specs it is not allowed
to start (user) threads in a J2EE Container,
because the container does the whole thread
manangement/lifecycle.
If JCo creates threads on its own, this might
lead to erros. For Example: BEA WLS stores
information in ThreadLocal variables and if you
call a SessionBean from the JCoServer.handleRequest method
the Container will (perhaps) fail, because the
thread created by JCo does not have the ThreadLocals
needed by the container.
I know that there is the IServerThread interface in JCo,
but I don't know how to use it in a J2EE Container.
What is the correct way to implement a JCo Server
in a J2EE container?
Does anyone know a working solution of a JCo Server
in the BEA Application Server?
Thanks,
JoachimJoachim,
As you wrote, it may not be a good idea to use JCO.Server's inside a J2EE container; i suggest you to build an 'adapter' for this purpose.
An adapter is a program that can listen for any type of event and, once the event has been identified (type and specific data), the adapter will handle it accordingly.
In this case, you can create a program that starts a JCO.Server (as in Example5) and use JMS to send messages (built from the info gathered from the JCO.Function call) to a Message Driven Bean in the J2EE container.
Hope this helps.
RaTB -
ADF Security to J2EE Container Managed Security Problems
Hi al!
I had ADF security enabled in my application. I've added roles and users to embedded OC4J Server Preferences..., configured authorization using pageDefs... (following the Introduction to ADF Security in JDeveloper 10.1.3.2 howto).
For the sake of friendlier user and roles management I decided to go to 2EE Container Managed Security (I want application manager in production environment to be able to manage users in only one place, not in DB table and extra for web app). I followed Frank Nimphius's Database Authentication and Authorization in J2EE Container Managed Security article.
Now I have some problems. I removed users and roles from embedded OC4J Server Preferences... (I believe this are used only for ADF security, am I right?). I can log to application with admin user account (app index page doesn't have any binds and even pageDef), but when trying to access admin pages I get 401 Unauthorized page.
What am I doing wrong, probably I've forgotten something? I'm a bit confused now with users and roles settings and ADF and container managed security.
Part of my web.xml file:
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/faces/app/index.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication/*</url-pattern>
</servlet-mapping>
<security-role>
<description>Admins</description>
<role-name>admin_role</role-name>
</security-role>
<security-role>
<description>Users</description>
<role-name>user_role</role-name>
</security-role>
<security-role>
<role-name>oc4j-administrators</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>AllAdmins</web-resource-name>
<url-pattern>faces/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>AllUsers</web-resource-name>
<url-pattern>faces/app/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user_role</role-name>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>oc4j-administrators</role-name>
<role-name>user_role</role-name>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
Do I have to remove this adfAuthentication tags?
I know I've made things a bit complicated for me now and for anyone to help, but I hope I will get at least some pointers what to do now and maybe some explanation about roles in container managed security? Is it enaugh to have security constraints and roles defined in web.xml file or they have to be defined somewhere else also (beside the database)?
Thank you in advance!
Bye
PS
Maybe stack trace after login:
FINE: LoginConfigProvider.ctr: lmm=[LoginModuleManager: jznCfg=[JAZNConfig null], appConfigEntries={oracle.security.jazn.oc4j.CertificateAuthenticator=[javax.security.auth.login.AppConfigurationEntry@3625d0], oracle.security.jazn.tools.Admintool=[javax.security.auth.login.AppConfigurationEntry@eca6e7], oracle.security.jazn.oc4j.WebCoreIDSSOAuthenticator=[javax.security.auth.login.AppConfigurationEntry@c1c7c4], oracle.security.jazn.oc4j.DigestAuthenticator=[javax.security.auth.login.AppConfigurationEntry@221f81], oracle.security.wss.jaas.SAMLAuthManager=[javax.security.auth.login.AppConfigurationEntry@426e05], oracle.security.jazn.oc4j.JAZNUserManager=[javax.security.auth.login.AppConfigurationEntry@145240a], current-workspace-app=[javax.security.auth.login.AppConfigurationEntry@4120aa], oracle.security.wss.jaas.JAASAuthManager=[javax.security.auth.login.AppConfigurationEntry@1c78f98]}]
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option data_source_name = jdbc/TESTDbDS
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option table = APPLICATION_USER
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option groupMembershipTableName = APPLICATION_ROLE
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option usernameField = USR_EMAIL
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option passwordField = USR_PSW
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option groupMembershipGroupFieldName = ROLE_NAME
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option user_pk_column = USR_EMAIL
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option roles_fk_column = USR_EMAIL
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option pw_encoding_class = null
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option realm_column = null
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option application_realm = null
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option casing = toupper
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]login called on DBTableLoginModule
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Calling callbackhandler ...
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Username returned by callback = admin
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Username changed to case as defined by toupper to ADMIN
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]User query string: select USR_EMAIL,USR_PSW from APPLICATION_USER where USR_EMAIL= (?)
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]User primary key value found = ADMIN
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]Password encoded by: oracle.security.jazn.login.module.db.util.DBLoginModuleClearTextEncoder
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]User ADMIN authenticated successfully
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]Roles query string: select ROLE_NAME from APPLICATION_ROLE where USR_EMAIL= (?)
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]DBUser Principal Name: ADMIN
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]DBRole Principal Name: admin_role
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Logon Successful = true
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Subject contains 0 Principals before auth
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Local LM commit succeeded
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Subject contains 2 Principals after auth
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Cleaning internal state!Hi there!
I have another question about this. I've modified a bit DBRolePrincipal class to see what's going on. At the beginning of the equals(Object another) method I added this lines:
log("method equals start",0);
log("another type = " + another.getClass(), 0);
if (another instanceof Principal)
Principal mine = (Principal)another;
log("Principal mine.getName() = " + mine.getName(), 0);
The result is this output (after navigating to page that gives 401 forbidden):
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
Why is the name of ADFRolePrincipal always anyone? When I sign in with this user the output says:
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User query string: select USERNAME,PASSWORD from ACTIVE_APP_USER_V where USERNAME= (?)
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User primary key value found = admin_user
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Password encoded by: oracle.sample.dbloginmodule.util.DBLoginModuleCearTextEncoder
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User admin_user authenticated successfully
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Roles query string: select ROLE_NAME from ACTIVE_APP_ROLE_V where USERNAME= (?)
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBRole Principal Name: admin_role
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBUser Principal Name: admin_user
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Logon Successful = true
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 0 Principals before auth
07/10/12 08:46:09 [DBUserPrincipal] method equals start
07/10/12 08:46:09 [DBUserPrincipal] another type = class oracle.sample.dbloginmodule.principals.DBRolePrincipal
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Local LM commit succeeded
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 2 Principals after auth
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Cleaning internal state!
Frank, if you haven't given up on this issue yet could you please try to explain this to me? Why doesn't admin_role principal never get compared in [equals[/i] method?
Thank you!
BB -
J2EE Container Security - Duplication inevitable? (Attn: Frank)
Frank:
Just to be clear, so you are saying I will have duplication of roles in "application_roles" table and the web.xml. And, this is the only way I could "authenticate" using "application_users" table data and "authorize" using "application_roles" existing in a totally different database schema!
Hmmm. Almost seems like existence of "application_roles" table is not required in the setup I described. After authentication, I have to hit the web.xml to get the roles for the authenticated users anyway? Why bother with extra work with database? Am I right?
By the way, I am repeating my setup and your answers to refresh your memory because you get many inquiries.
UPDATE as of 14:30 pm. I think I may be showing my ignorance here. I guess user's role is decided by table "application_roles." You then use the isUserInRole() merely to set read/write/view permissions. But, I am not quite sure yet. Hence I will leave this post for your answer. I am not quite done with my analysis before deciding to change this post.
Thanks
To refresh:
My set up. I have ADFBC. I have using SRDemo with a twist. I am using your new doc "Database authentication and Auth in J2EE container managed security."- not ADF security from SRDemo's last chapter. I ignored the ADF Security part in the SRDemo. I have "application_roles" and srdemo tables in one database schema and "application_users" in a totally different schema.
You wrote:
web.xml is used to define authorization based on security constraints expressed in URL patterns. However, for each of the user roles - e.g. PRESIDENT - you need to create a role in web.xml with the same name. When you then call isUserInRole() from the JSF application then it checks web.xml for the security role and then attempts to verify that the user has this role granted. It is not obvious why web.xml needs to have the role defined. There exists a reason that however would add more to your confusion than to your success ;-)
Youcan use the same approach SRDemo uses in that you provide a managed bean with boolean methods like isPresident(), isManager() etc. The methods perform "isUserInRole()"
Then you use EL to access these methods to hide/show componentsHi
Just to be clear, so you are saying I will have duplication of roles in "application_roles" table and the web.xml. And, this is the only way I could "authenticate" using "application_users" table data and "authorize" using "application_roles" existing in a totally different database schema!
The table is the security provider wheras web.xml defines the security roles that you can work with in your program code. The J2EE servlet spec defines a separation of application roles and groups or roles in the security provider. There is an additional step between roles in web.xml and the security provider, which is that you could map the role name in web.xml to a security role name. I never tested this with custom LoginModules and for this reason the two role names match.
The goal of container managed security is that the developer can build the secure web application without having to know about the security roles defined on the security provider.
Note that anything that you call in application code within container managed security - and this is not specific to Oracle - is checked against the web.xml file which is mapped to the security provider. If e.g. you use JBoss then you could configure a database module to handle the authentication and authorization. But still the security role needs to be provided in web.xml
Frank -
How to use EntityManager in a thread inside a J2EE container
Hi,
I'm looking for a usage pattern to use an EntityManager inside a thread of J2EE container. I used injection to inject an EntityManager in a EJB3 service and I can use the em with no problem. But the problem occurs when the service spin a thread and operations of the EntityManager (which is obtained using JNDI lookup ) inside that thread always fails.
What is the correct usage pattern to obtain/use an EntityManager inside a thread of a J2EE container?
Thanks.What you are trying to do should work as long as you are using the Measurement Studio C++ classes in MStudio version 6.0 or later.
What version of Measurement Studio are you using? Could you post a simple program that demonstrates the problem?
There is a fundamental limitation in Windows that prevents you from using a Window handle (HWND) in a different thread than the one that created it. However, the Measurement Studio C++ classes (e.g. CNiGraph) are designed to automatically handle accessing the underlying handle from multiple threads. This is done through standard COM marshaling mechanisms and was implemented in version 6.0 of Measurement Studio.
David Rohacek
National Instruments -
How to run ejb application OC4J J2EE Container
Hi all,
I unable run ejb applications in OC4J J2EE Container.
I have configure following files.
in config directory
Server.xml
I have .ear file if configured in server.xml. this .ear copied into home/application directory
I have create following deployment discriptor file.
in META-INF for ejb.
ejb-jar.xml
application.xml
I have specify all ejb classes details in ejb-jar.xml
Please help me .How to run ejbs with jsp and application client.Which files shall i configure.
Thnaks,Hi all,
I unable run ejb applications in OC4J J2EE Container.
I have configure following files.
in config directory
Server.xml
I have .ear file if configured in server.xml. this .ear copied into home/application directory
I have create following deployment discriptor file.
in META-INF for ejb.
ejb-jar.xml
application.xml
I have specify all ejb classes details in ejb-jar.xml
Please help me .How to run ejbs with jsp and application client.Which files shall i configure.
Thnaks, -
Oracle J2EE container, Web Layout, JSP, Tomcat
Please help me with the next questions:
1)Oracle DB server and Oracle J2EE container are located in different places. The jsp in Oracle report web layout was generated. I put this JSP on the Oracle J2EE container and tried to run this jsp:
http://localhost:port/reports/weblayout.jsp and got the next error:
javax.servlet.jsp.JspException
at oracle.reports.jsp.ReportTag.doStartTag(ReportTag.java:341)
at groups.jspService(_groups.java:55)
at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:56)
at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:302)
at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:407)
at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:330)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:336)
at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:59)
at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:283)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:523)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:269)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:735)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:243)
at com.evermind.util.ThreadPoolThread.run(ThreadPoolThread.java:64)
Do I need to deploy this jsp on Oracle J2EE container and if yes in what way?
2)can I run this jsp in Tomcat?
Thank you.hello,
reports JSPs need the report server environment availabel and can not be deployend to a vanilla J2EE container. you can take a look at our "Tools" section of the reports page here on OTN (go to the reports homepage and click on the "search" link in the news section. there you can look for "tools and utilities" which contain instructions on how what you need to do. keep in mind though, that this is not a supported configuration. the only way to deploy a reports JSP is inside the J2EE container of the EE edition of the appliation server.
at this point we do not provide any instruction for other, non oracle, containers.
thanks,
ph. -
Suspend a method execution inside J2EE container
Hi,
I'm implementing a method that sends and resends payment transactions. The method resides in POJO java class and is going to be called from a Session EJB. When the same transaction has to be resent (accoring to some rules), we have to wait several milliseconds before doing it.
I know that threading should not be used directly inside a J2EE container, so what would be the way to implement the waiting before resending a transaction?
Thank you very much.Yes, I have used java.util.concurrent.Executor in weblogic 10 server.
You can really improve the performance of the EJB application if you use the thread pool carefully with limited size say 100 threads, by creating a single instance of thread pool for the whole J2EE application.
You have to control the life cycle of thread pool using the container's life cycle methods, create the thread pool only once and destroy every time you recycle your app.
Good luck with the implementation :) -
Cannot invoke method "setMessageListener" within the J2EE container.
I use TopicSubscriber.setMessageListener method to convert messages to my own type, but oc4j jms throws following exception:
javax.jms.JMSException: TopicSubscriber[Oc4jJMS.Consumer.ypchang-cn.12da4a6:111d4f12137:-8000.94,Topic[CreatedSponsorTopic],null,null,false]: cannot invoke method "setMessageListener" within the J2EE container.
at com.evermind.server.jms.JMSUtils.make(JMSUtils.java:1072)
at com.evermind.server.jms.JMSUtils.toJMSException(JMSUtils.java:1152)
at com.evermind.server.jms.JMSUtils.toJMSException(JMSUtils.java:1123)
at com.evermind.server.jms.JMSUtils.assertNotContainer(JMSUtils.java:1538)
at com.evermind.server.jms.EvermindMessageConsumer.setMessageListener(EvermindMessageConsumer.java:217)
at com.firepond.bcmf.bus.BusSubscriberImpl.setMessageListener(BusSubscriberImpl.java:397)
OC4J JMS doesn't support user defined MessageListener?????!!!!!!!!!!
Who can help me out?
Thanks!Hi,
I am facing the same problem did you got any solution for it.
I am getting the following error message too:
Exception in Constructor
javax.jms.JMSException: QueueReceiver[Oc4jJMS.Consumer.ssipl-wrkst-139.-7dd2dd24:1122873d95f:-8000.269,Queue[360Transaction]]: cannot invoke method "setMessageListener" within the J2EE container.
at com.evermind.server.jms.JMSUtils.make(JMSUtils.java:1072)
at com.evermind.server.jms.JMSUtils.toJMSException(JMSUtils.java:1152)
at com.evermind.server.jms.JMSUtils.toJMSException(JMSUtils.java:1123)
at com.evermind.server.jms.JMSUtils.assertNotContainer(JMSUtils.java:1538)
at com.evermind.server.jms.EvermindMessageConsumer.setMessageListener(EvermindMessageConsumer.java:217)
at com.skillnetinc.storehub.connector.pos.publisher.ejb.publishTransactionWithSalesAudit.PublishTransactionWithSalesAuditBean.<init>(PublishTransactionWithSalesAuditBean.java:94)
at PublishTransactionWithSalesAuditBean_RemoteProxy_1dpbn83.OC4J_createBeanInstance(Unknown Source)
at com.evermind.server.ejb.StatelessSessionBeanPool.createContextImpl(StatelessSessionBeanPool.java:37)
at com.evermind.server.ejb.BeanPool.createContext(BeanPool.java:418)
at com.evermind.server.ejb.BeanPool.allocateContext(BeanPool.java:244)
at com.evermind.server.ejb.StatelessSessionEJBHome.getContextInstance(StatelessSessionEJBHome.java:25)
at com.evermind.server.ejb.StatelessSessionEJBObject.OC4J_invokeMethod(StatelessSessionEJBObject.java:86)
at PublishTransactionWithSalesAuditBean_RemoteProxy_1dpbn83.invoke(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.evermind.server.rmi.RmiMethodCall.run(RmiMethodCall.java:53)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595) -
Transaction propagation between OC4J to non-OC4J J2EE container
I have a OC4J instance 10.1.3.1 containing a stateless session EJB 2.1. This bean call another session EJB in Websphere EJB container. The call goes through but the transaction is not distributed, meaning I cannot roll the transaction back from the OC4J container.
I have tried all kinds of context factories but it doesen't work. I use a XA datasource to an Oracle DB from the Websphere container.
Does anyone know how to propagate transactions from an OC4J container to another J2EE container:
Thanks
regards
A BastellYou can specify the JNDI properties in your JSP/Java Client to lookup the EJB if it's in a different EJB container than the one provided by the JSP container.
Rob -
How to manage J2EE Container with GUI?
I have used Oracle9i J2EE Container for 6 months. I have managed via command-line (on Win2000). It's not convenient for admin the server. I searched for the documents about manage with GUI, admin tool or Enterprise Manager but I found a few document on Oracle website that didn't help me too much.
Does anybody suggest me about any admin tool or how to use + configure Enterprise Manager or where to find rich documents?
Thank you so muchNarong,
Enterprise Manager is available with Oracle9iAS Release 2 and OC4J is a managed component withiin Oracle9iAS. You have to download Oracle9iAS Release 2 from OTN(may be just J2EE Webcache edition) if you want to use the GUI tool.
You can use the following link to download Oracle9iAS Release2 http://otn.oracle.com/software/htdocs/devlic.html?/software/products/ias/htdocs/winsoft.html
regards
Debu Panda
Oracle -
I unable to run ejb with application client using oc4j j2ee container
Hi,
I have installe oracle9i (1.0.2.2) oc4j j2ee container.
I unable to run the ejbs . please help me how to run ejbs with application client and which files are shall configure.
See the client application is :
public static void main (String []args)
try {
//Hashtable env = new Hashtable();
//env.put("java.naming.provider.url", "ormi://localhost/Demo");
//env.put("java.naming.factory.initial", "com.evermind.server.ApplicationClientInitialContextFactory");
//env.put(Context.SECURITY_PRINCIPAL, "guest");
//env.put(Context.SECURITY_CREDENTIALS, "welcome");
//Context ic = new InitialContext (env);
System.out.println("\nBegin statelesssession DemoClient.\n");
Context context = new InitialContext();
Object homeObject = context.lookup("java:comp/env/DemoApplication");
DemoHome home= (DemoHome)PortableRemoteObject.narrow(homeObject, DemoHome.class);
System.out.println("Creating Demo\n");
Demo demo = home.create();
System.out.println("The result of demoSelect() is.. " +demo.sayHello());
}catch ( Exception e )
System.out.println("::::::Error:::::: ");
e.printStackTrace();
System.out.println("End DemoClient....\n");
When I am running client application I got this type of Exception
java.lang.SecurityException : No such domain/application: sampledemo
at com.evermind.server.rmi.RMIConnection.connect(RMIConnection.java : 2040)
at com.evermind.server.rmi.RMIConnection.connect(RMIConnection.java : 1884)
at com.evermind.server.rmi.RMIConnection.lookup(RMIConnection.java : 1491)
at com.evermind.server.rmi.RMIServer.lookup(RMIServer.java : 323)
at com.evermind.server.rmi.RMIContext.lookup(RMIConext.java : 106)
at com.evermind.server.administration.LazyResourceFinder.lookup(LazyResourceFinder.java : 59)
at com.evermind.server.administration.LazyResourceFinder.getEJBHome(LazyResourceFinder.java : 26)
at com.evermind.server.Application.createContext(Application.java: 653)
at com.evermind.server.ApplicationClientInitialContext.getInitialContext(ApplicationClientInitialContextFactory.java :179 )
at javax.naming.spi.NamingManager.getInitialContext(NamingManger.java : 246)
at javax.naming.InitialContext.getDefaultInitialCtx(InitialContext.java : 246)
at javax.naming.InitialContext.init(InitialContext.java : 222)
at javax.naming.InitialContext.<init>(InitialContext.java : 178)
at DemoClient.main(DemoClient.java : 23)
.ear file is copied into applications directory.
I have configured server.xml file like this
<application name="sampledemo" path="../applications/demos.ear" />
demos.ear file Contains following files
application.xml
demobean.jar
Manifest.mf
demobean.jar file contains following files
application-client.xml
Demo.class
DemoBean.class
DemoHome.class
ejb-jar.xml
jndi.properties
Mainifest.mf
Please give me your valuable suggestions. Which are shall i configure .
Thanks & Regards,
BadriHi Badri,
ApplicationClientInitialContextFactory is for clients which got deployed inside OC4J container..
For looking up EJB from a stand alone java client please use RMIInitialContextFactory..So please change ur code....
Also please check ur server.xml
Since you have specified your ejb domain as "sampledemo"
you have to use that domian only for look up..But it seems that you are looking up for "Demo" domain instead of "sampledemo" domain...So change your code to reflect that..
Code snippet for the same is :
Hashtable env = new Hashtable();
env.put("java.naming.provider.url", "ormi://localhost/sampledemo");
env.put("java.naming.factory.initial", "om.evermind.server.rmi.RMIInitialContextFactory");
env.put(Context.SECURITY_PRINCIPAL, "guest");
env.put(Context.SECURITY_CREDENTIALS, "welcome");
Context ic = new InitialContext (env);
Hope this helps
--Venky
Maybe you are looking for
-
For loops and dynamic sql string syntax
Hi is there a why to loop through a dynamic sql string normally you would have FOR cur IN (select * from emp) LOOP but I have a dynamic sql string called l_sql I have tried the following FOR cur IN l_sql LOOP but I get PLS-00456: item 'L_SQL' is not
-
Can't Access Public Folders Within Outlook, But Can Through Web Access
Hi all, I have an Exchange 2010 Server (V14.02.0387.000) with clients using Outlook 2007-2013. Until recently all users could access all public folders without issue. However, since moving the location of the public and private mailboxes on the serve
-
Vendor Evaluation With Non Standard Main and Sub Criteria
Hi Gurus I have a requirement wherein I have to evaluate a vendor on non stanadard Main Criterias like 1. Productivity with sub criteria as Receipt / Excepected Yield, for which I have used Scoring method 2 2.Quality Standards with Sub Criteria,- G
-
What is the difference between NetWeaver BPM and NetWeaver Business Workflow?
-
How to see all sides of an array
I have this code: ColoringAttributes coloringattributes=new ColoringAttributes(color,1); appearance.setColoringAttributes(coloringattributes); points[0] = new Point3f(-0.5f, -0.9f, -0.5f); points[1] = new Point3