Implement JAAS in App Server Agnostic Way

Similar Messages

• OWA Blank Attachment Preview with Office Web Apps Server

  Environment:  Exchange 2013 CU3 / Office Web Apps Server 2013
  OS:  Windows Server 2012 R2
  After implementing Office Web Apps server per the Integration with Exchange 2013 instructions, attachment previews in OWA show up as blank windows.  The pop up says Opening your mailbox, then goes blank.  I have the WAC endpoint configured in Exchange,
  I can access the discovery URL from the Exchange servers, and I am seeing event 142.  Some forums say that these events should be in the CAS application logs.  I am seeing mine in the Mailbox server app logs.  Has anyone seen a similar issue.
   I have also attempted to view the ULS logs on the Office Web Apps server, but I don't see anything that looks like a rendering request.  But, I also don't know what that request would look like.  The Exchange and Office Web Apps server are
  in the same network with no firewall in between them The local firewalls have also been turned off, so any type of blockage should not be the issue.

  I dont want to be happy too soon, but i think for me this did the trick:
  from time to time, this event appeared in the application eventlog:
  Source: MSExchange Certificate Deployment
  Event ID: 2005
  Task Category: General
  Level: Warning
  Keywords: Classic
  Description:
  Federation or Auth certificate not found: ED2C3E86EBE821AAC2C0DEA85CAB5787E2CAC5F3. Unable to find the certificate in the local or neighboring sites. Confirm that the certificate is available in your topology and if necessary, reset the certificate on the Federation
  Trust to a valid certificate using Set-FederationTrust or Set-AuthConfig. The certificate may take time to propagate to the local or neighboring sites.
  The solution was found here: http://community.spiceworks.com/topic/512374-missing-the-microsoft-exchange-server-auth-certificate
  1. New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn= Microsoft Exchange Server Auth Certificate" -DomainName "*.yourdomain.com" -FriendlyName "Microsoft Exchange Server Auth Certificate" -Services smtp
  Do not accept to replace the SMTP certificate when prompted
  2. Note the thumbprint of the new certificate. Let us assume it is 7A39541F8DF58D4821967DD8F899B27410F7C081
  3. $a=get-date
  4. Set-AuthConfig -NewCertificateThumbprint 7A39541F8DF58D4821967DD8F899B27410F7C081 –NewCertificateEffectiveDate $a
  Accept to continue despite the fact that the certificate effective date is not 48 hours into the future
  5. Set-AuthConfig –PublishCertificate
  6. Make sure to remove any potential reference to the previous certificate (which might not exist anymore) by doing Set-AuthConfig -ClearPreviousCertificate
  Maybe this helps some of you too.

• JAAS + Sun Application Server 9 + Enterprise app Web Module

  Hi!
  I've got a little problem with JAAS in enterprise application (with web module): i've configured SAS 9.0 with my custom security realm. I've 2 classes - one extends AppservPasswordLoginModule and the other one extends AppservRealm. In app-server-domain-dir/config/login.conf i've configured my login module. In SAS -> configuration -> Security -> Realm i've added new entry for my realm (and provide it with my realm class name).
  In configuration of my enterprise application (sun-application.xml) i've a security realm and roles configured.
  Now: everything works fine, if the authentication to my application is done by a jsp file with:
  <form action="j_security_check">
  <input type="text" name="j_username">
  <input type="password" name="j_password">
  </form>
  But i need to implement authentication in a servlet, so i've done this (in servlet):
  LoginContext lc = new LoginContext( NAME, new WebCallbackHandler(username, password);
  lc.login();
  Problem is: if i specify NAME as a name form domain-dir/config/login.config it throws an exception: LoginException: No credentials.
  If i specify NAME as a name from SAS configuration -> security -> realm name, it throws an exception: LoginException: No LoginModules
  Now i'm really confused... anyone has an idea?
  Thanks!

  Hi!
  I've got a little problem with JAAS in enterprise application (with web module): i've configured SAS 9.0 with my custom security realm. I've 2 classes - one extends AppservPasswordLoginModule and the other one extends AppservRealm. In app-server-domain-dir/config/login.conf i've configured my login module. In SAS -> configuration -> Security -> Realm i've added new entry for my realm (and provide it with my realm class name).
  In configuration of my enterprise application (sun-application.xml) i've a security realm and roles configured.
  Now: everything works fine, if the authentication to my application is done by a jsp file with:
  <form action="j_security_check">
  <input type="text" name="j_username">
  <input type="password" name="j_password">
  </form>
  But i need to implement authentication in a servlet, so i've done this (in servlet):
  LoginContext lc = new LoginContext( NAME, new WebCallbackHandler(username, password);
  lc.login();
  Problem is: if i specify NAME as a name form domain-dir/config/login.config it throws an exception: LoginException: No credentials.
  If i specify NAME as a name from SAS configuration -> security -> realm name, it throws an exception: LoginException: No LoginModules
  Now i'm really confused... anyone has an idea?
  Thanks!

• Implementing Oracle DCN with Coherence Cache in a weblogic 10 app server

  I m trying to implements a DCN ( Database change notification ) on oracle to notify a listener of an event of DB so I can update Coherence Cache.
  I followed the tutorial here and it is working fine using a sample program with a main method to execute the listener class and keep it running.
  My question is how would this notification and listener gets implemented on a production environment since my local test was only running a main method to keep the listener running? what technology to use to keep the listener always running on the background and receive the notification from the database )?
  would a [weblogic startup class|http://docs.oracle.com/cd/E13222_01/wls/docs81/ConsoleHelp/startup_shutdown.html] work for this purpose?
  We are using Weblogic 10 as our app server.

  That's a very simple question with (many) potentially complex answers. I think that first uou need to study information on TimesTen to understand what it is and what it does. Then you need to relate that to you current performance bottleneck (I assume you have analysed those). If your bottleneck is database access then maybe TimesTen can help you.
  Please bear in mind that TimesTen is not a 'transparent' drop in performance booster. To implement TimesTen and to realise significant performance improvement you will almost certainly need to make changes to both the application and the overall architecture. The cost/difficulty of doing that also needs to be factored in.
  Chris

• How to design socket client-server app for 2-way communication

  Hi, I am writing a client-server application. I have a single server and many clients. Each client will need the ability to send information to the server at any time. The server will also need the ability to send information to a client at any time. Its this second part that I am not sure how to design. Would I need to create a SocketServer on each client to accept incoming messages, or is there a better way? Thanks

  scranchdaddy wrote:
  Don't my requirements sound a lot like an IM application, where a chat server might need to send a message to a chat client at any time?Not really. If that is what you are designing
  in my opinion one could easily be forgiven for thinking you were deliberately obfuscating your goal...
  How does the server know where the client is? Does it know the IP address of the client?I would imagine the server would contain a directory of IPs? I'm not sure.
  What happens if the client is not running?Then I guess the message would not get delivered.
  What happens if the client is behind a firewall that does not allow incoming connections?How do IM chat clients work? How have people solved this in the past?Typically the server would only care about clients currently connected to the server.
  Maybe you should re-think your design. I don't really have a design, just requirements, that's why I'm writing this post.Your subject says "+How to *design* socket client-server app for 2-way communication+".
  Are you saying you expect someone else to do the design for you?

• How to implement JAAS?�?

  Hi all,
  I'm building a web application using JSP and Sevlet, and I want to design a login page where users enter their name and pass. I heared that if I want to design that page I need to implement JAAS (Java Authentication and Authorization Service) please help me to do that and give me code, links, or articles that talk about design login pages.
  thanx,

  Some examples to help you get started...
  Extracts from web.xml
      <!-- My App uses Struts - declare the struts action servlet -->
      <servlet> 
          <servlet-name>action</servlet-name>
          <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
          <init-param>
              <param-name>config</param-name>
              <param-value>/WEB-INF/config/struts/struts-config.xml</param-value>
          </init-param>
          <init-param>
              <param-name>debug</param-name>
              <param-value>2</param-value>
          </init-param>
          <init-param>
              <param-name>detail</param-name>
              <param-value>2</param-value>
          </init-param>
          <load-on-startup>2</load-on-startup>
          <security-role-ref>
              <role-name>member</role-name>
              <role-link>member</role-link>        
          </security-role-ref>
      </servlet>
      <!-- Standard Action Servlet Mapping -->
      <servlet-mapping>
          <servlet-name>action</servlet-name>
          <url-pattern>*.do</url-pattern>
      </servlet-mapping>
      <security-constraint>
          <!-- Member pages can only be accessed by 'members' -->    
          <web-resource-collection>
              <web-resource-name>Member Pages</web-resource-name>
              <url-pattern>/members/*</url-pattern>
              <http-method>GET</http-method>
              <http-method>POST</http-method>                              
          </web-resource-collection>
          <auth-constraint>
              <role-name>member</role-name>
          </auth-constraint>       
          <!-- Forces SSL -->
          <user-data-constraint>           
              <transport-guarantee>CONFIDENTIAL</transport-guarantee>           
          </user-data-constraint>   
      </security-constraint>
      <!-- Specify Form Based Authentication -->
      <login-config>
          <auth-method>FORM</auth-method>       
          <form-login-config>
              <form-login-page>/displayLogin.do</form-login-page>
              <form-error-page>/displayLoginError.do</form-error-page>
          </form-login-config>
      </login-config>
      <security-role>
          <role-name>member</role-name>
      </security-role>
  Login JSP (Uses Struts specific tags which can be ignored)
  <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
  <%@ taglib prefix="html" uri="http://struts.apache.org/tags-html-el" %>
  <%@ taglib prefix="bean" uri="http://struts.apache.org/tags-bean-el" %>
  <form name="LoginForm" action="j_security_check" method="post">
       <table class="TwoColumnForm">     
          <tr>
              <th><bean:message key="user.username"/></th>
              <td><input type="text" name="j_username" class="Required" size="32" maxlength="32"/></td>
          </tr>
          <tr>
              <th><bean:message key="user.password"/></th>
              <td><input type="password" name="j_password" class="Required" size="32" maxlength="32"/></td>
          </tr>        
           <tr>
               <td Class="Buttons" colspan="2">
                   <html:image styleClass="Button" property="buttons.submit" pageKey="common.img.ok_button.src" alt="common.img.ok_button.alt"/>
                   <html:link page="/displayMain.do"><html:img styleClass="Button" pageKey="common.img.cancel_button.src" altKey="common.img.cancel_button.alt"/></html:link>
               </td>
           </tr>        
       </table>
  <form>
  Configure Tomcat to use custom JAAS login module - add the following to context.xml in META-INF
  <Context reloadable="true">
       <!-- Realms -->
       <Realm className="org.apache.catalina.realm.JAASRealm" appName="MyApp" userClassNames="com.myapp.security.jaas.CustomUserPrincipal"
            roleClassNames="com.myapp.security.jaas.CustomRolePrincipal" debug="1"/>
       <!-- Monitored Resources -->
       <WatchedResource>META-INF/context.xml</WatchedResource>     
       <WatchedResource>WEB-INF/web.xml</WatchedResource>
  </Context>
  Create a file called jaas.config
  MyApp
      com.myapp.security.jaas.CustomLoginModule required;
  Specify the jaas.config file as a system property when you start you app server
  -Djava.security.auth.login.config=="C:/Projects/MyApp/jaas.config"[b]Implement the CustomLoginModule, CustomUserPrincipal and CustomRolePrincipal as shown in the sun tutorials
  These classes need to be deployed where your application server can find them when it starts up, i.e. outside of your WEB-INF/classes and WEB-INF/lib
  You can implement the CustomLoginModule how you like, but if your application maintains it's own user database it may get a bit messy - I didn't like the idea of the app server interogating my application database and becoming responsible for the login logic (e.g. lock the account after 3 incorrect attempts etc). For this reason my CustomLoginModule (running in Tomcat) invokes a remote login method in my web app over RMI. The login method return a User object if successful which is added to the CustomUserPrincipal so it can be retrieved in the web-app.
  Not the nicest of designs I admit. If anyone can suggest a better approach I'd be glad to hear it. I'm also not a JAAS expert. My app is just for testing out things I'm interested in, it's quite possible I may have misunderstood something along the way.

• Office Web App Server 2013: cannot edit word document with own WOPI Server

  Hi all,
  I tried to build our own WOPI Server to connect to Office Web App Server 2013 SP1. Viewing documents
  in IE was possible quite easy to achieve. Now it comes to editing.
  When I try to edit a document, I got a german message “Sie verfügen leider nicht über die Berechtigung zum Bearbeiten dieses Dokuments“.
  This means something like „Sorry, you do not have any permission to modify this document”.
  I enabled editing on the OWAS-Server while setup procedure
  (Until now, I only have an InternalUrl but no ExternalUrl.)
  PS C:\ > New-OfficeWebAppsFarm –InternalUrl “https://win-owas...” 
  –CertificateName "win-owas…" –EditingEnabled
  ULS log shows
  BaseDocument says editing is not supported [WebEditingEnabled: True] [SupportsEditing: True] [PinnedUsersRights: Read] 
  So far, I implemented these three REST service methods:
  [OperationContract]
  [WebInvoke
  "GET":"api/wopi/files/{name}?access_token={access_token}"
  "GET":"api/wopi/files/{name}/contents?access_token={access_token}"
  "POST":"api/wopi/files/{name}/contents?access_token={access_token}"
  Office Web App Server was downloaded from “Microsoft Volume Licensing Center”. I installed latest updates from Microsoft.
  Did anybody succeed in writing to own WOPI an can give me some hints?
  Thank you in advance.

  Hi,
  The discovery xml contains many lines. The one for editing docx is:
  <action
  name="edit"
  urlsrc="https://win-owas.cado.camos.de/we/wordeditorframe.aspx?"<ui=UI_LLCC=""&><rs=DC_LLCC=""&><showpagestats=PERFSTATS=""&>"
  ext="docx" requires="locks,cobalt,update"/>
  I am calling it this way:
  <iframe
  src="https://win-owas.cado.camos.de/we/wordeditorframe.aspx?WOPISrc=http%3a%2f%2fpc-ms.cado.camos.de%3a8000%2fWOPI%2fapi%2Fwopi%2Ffiles%2FAbout_Keyboard_Input.docx&access_token=5268690b-19c6-496d-8ae6-b694f8e7bd0c"
  I’m not sure whether or not I implemented "locks,cobalt,update" correct, but I do not see any ‘edit-’network traffic from OWAS-Server to WOPI-Server. So I cannot debug anything. I will (re)check the articles you mentioned.
  Thank you for your help.

• How to access JDBC Resource registered in Sun Java System App Server ?

  I want to create a stand-alone JDBC application with Java SE using Swing technologies and JNDI technology. The purpose of using JNDI technology is to avoid change of Java Source Code every time I move the database to different location. This Java application will be used in a standalone PC installed with Windows XP Professional with no LAN / WAN connection. Of course, Internet connection is available with the PC.
  I use JavaDB to store the data tables and the location of the database is D:\E-DRIVE\SAPDEV. Tomorrow, if I move this database to C:\SAPDEV or any network drive, I do not want to change the Java Source code. I want to use JNDI which, if I am not wrong, helps developers to avoid manual change of Java source code whenever the database location is changed. Changes have to be made only in the JNDI Name which contains all relevant information about the database in order to get connection no matter where the database SAPDEV is stored; it can be placed under D:\E-DRIVE directory or C:\ directory of the hard disk. To implement my intention, I started developing Java application as per the steps mentioned below:
  Step 1:
  To proceed, first, I sought the help of Sun Java System Application Server Admin Console. I created JNDI object for Connection Pool using the menu path Common Tasks->Resources->JDBC->Connection Pools.
  JNDI Name : ABAPRPY
  Resource Type : javax.sql.DataSource
  Datasource class : org.apache.derby.jdbc.ClientDataSource
  Description : ABAP Program Repository
  The Connection Pool creation has options for General, Advanced and Additional Settings tabs and I made all the settings relevant to the database I created in D:\E-DRIVE\SAPDEV.
  To confirm whether the above settings are correct, I pressed the Ping push button which is available in the General tab of the connection pool creation screen. The system responded with the message Ping Succeeded.
  Step 2:
  I created a JDBC Resource using the menu path Common Tasks->Resources->JDBC->JDBC Resources.
  JNDI Name : jdbc/SAPDEV
  Pool Name : ABAPRPY
  Description : Database Connection for SAPDEV database
  Status : Enabled
  I can see all the above settings recorded in the domain.xml which is placed in the folder
  C:\Sun\AppServer\domains\domain1\config
  Step 3:
  I have made sure that Sun Java System Application Server is up and running in the background with JavaDB server. I created a Java Program making sure the following JAR files are included in the classpath:
  appserv-admin.jar
  appserv-ee.jar
  appserv-rt.jar
  javaee.jar
  fscontext.jar
  Plus, the lib directory of JDK 1.6 & C:\Sun\AppServer\domains\domain1\config
  Source code of the program is as follows: I used NetBeans IDE to create my project file.
  import java.util.logging.Level;
  import java.util.logging.Logger;
  import javax.naming.*;
  import javax.activation.DataSource;
  public class JNDILookup {
  public static void main(String[] args) {
  try {
  InitialContext initCtx = new InitialContext();
  DataSource ds = (DataSource) initCtx.lookup("java:comp/env/jdbc/sapdev>");
  } catch (NamingException ex) {
  Logger.getLogger(JNDILookup.class.getName()).log(Level.SEVERE, null, ex);
  When I attempted to compile the above program in NetBeans IDE ,no compilation error reported. But while executing the program, I got the following run-time error message:
  SEVERE: null
  javax.naming.NameNotFoundException: No object bound for java:comp/env/jdbc/sapdev> [Root exception is java.lang.NullPointerException]
  at com.sun.enterprise.naming.java.javaURLContext.lookup(javaURLContext.java:224)
  at com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:396)
  at javax.naming.InitialContext.lookup(InitialContext.java:392)
  at SAPConnect.JNDILookup.main(JNDILookup.java:21)
  Caused by: java.lang.NullPointerException
  at com.sun.enterprise.naming.java.javaURLContext.lookup(javaURLContext.java:173)
  ... 3 more
  Now, I want to come out of this situation; at the same time, I want to preserve the settings I have made in the Sun Java System Application Server Admin Console. That is, I want to programmatically access the data source using Connection Pool created in Sun Java System Application Server Admin Console.
  I request dear forum members to provide me an appropriate solution.
  Thanks and regards,
  K. Rangarajan.

  jay44 wrote:
  Bare in mind I am attempting the context.lookup() from inside the container (my code is in a session bean). I have accessed the server and have my bean "say hello" first to verify the bean works OK, then I call a method with this rather standard code:
  String jndiDataSourceName ="Second_EJB_Module_DataBase";
  Logger.getLogger(DynamicPU.class.getName()).log(Level.INFO,"Programatically acquiring JNDI DataDource: "+ jndiDataSourceName);
  InitialContext ctx;
  try {
  ctx = new InitialContext();
  ds =(DataSource)ctx.lookup("java:comp/env/jdbc/"+jndiDataSourceName);
  } catch (NamingException ex) {
  Logger.getLogger(DynamicPU.class.getName()).log(Level.SEVERE, null, ex);
  return "Exception generated trying to preform JDBC DataSource lookup. \n"+ex.toString();
  But when I run the code the server log shows the initial context is created Ok, but an exception is thrown becasue the resource name is not found:
  (and i have tried vriations of ctx.lookup("jdbc/"+jndiDataSourceName) etc etc
  You are fine here. It works in container because the InitialContext properties have been supplied already. That was the link I forwarded earlier. The InitialContext you create locally needs to locate the container JNDI. That is what the properties specify.
  Where I am confused is where you indicate the stack below is from the server log. So, you initiate a standalone (java main method) application, create an InitialContext, and you see the results in your app server log?
  LDR5010: All ejb(s) of [EJB_Module_1] loaded successfully!
  Programatically acquiring JNDI DataDource: Second_EJB_Module_DataBase
  The log message is null.
  javax.naming.NameNotFoundException: Second_EJB_Module_DataBase not found
  at com.sun.enterprise.naming.TransientContext.doLookup(TransientContext.java:216)
  at com.sun.enterprise.naming.TransientContext.lookup(TransientContext.java:188)
  at com.sun.enterprise.naming.TransientContext.lookup(TransientContext.java:192)...
  at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:555)
  This is strange since I can see this resource (a JDBC connection named Second_EJB_Module_DataBase) is configured on the server from the server's admin console.
  That is why you can obtain a lookup from within the container (app server).
  For this lookup to work it may be that one must map the name inside an ejb-jar.xml deployed with the application, but I have also read some resources like jdbc connection should have a default name. Does anyone know if my lookup() should work without using an ejb-jar.xml mfile to explcitly map the reource for my application?
  Both EBJ's and data sources can be referenced via JNDI. It's a remote lookup (that is normally optimized if it is running in the same JVM). You should not have any dependencies on a JDBC data source being set-up on ejb-jar.xml. That file can of course impact your EJB's. However, data sources are normally set-up on a container-specific basis (e.g., you probably did it through a console, but there is a spec somewhere about how to set up a data source via a resource the app server looks for; it varies from app server to app server). However, once you have that container-specific data source set-up, JNDI operates vendor-neutral. You should be able to take the code above and move it to JBoss or Weblogic or Tomcat or whatever (this is an ideal, in practice, the vendors sometimes put a data source in a name you would not expect, but again, you can use their JMX console to see what the JNDI name is).
  (As I stated above if I have to use a deployment discriptor to get at this JNDI datasource, then solution is not "programmatic" as newly configured datasources could not be accessed without redeploying the entire application).
  As JSchell alluded to, you will always have at least something vendor-specific. JNDI itself (the code you wrote) is totally portable. However, you have to set the various JNDI environment properties to a given vendor's spec. Ideally, you should not need a vendor's actual InitialContext application, but it's a possibility. Once you can safely cast to Context, you should be vendor-neutral (if not, demand your money back).
  So that is exactly where I am stuck, trying to get the lookup to work and wondering if it should work without and xml file mapping the resource for my app.
  What we ended up doing for standalone was to provide our own JNDI. If you look at the open source project JOTM, there are examples on how to use that with XBean (if integrating with Spring, as we did), you can easily set up a data source that runs standalone exactly as you get in the container. Another benefit is you get full JTA/JTS support and the ability to run XA transactions. (This might all be alphabet soup, but the app server gives it to you, and this is the way we ended up doing the same: JNDI + JTA + JTS + XA). It ends up the same application code uses a "vanilla" InitialContext and all we have to do is write one or two xml files (one for our app server, a couple for JOTM), and our actual code works the same.
  I still think you have a shot at getting to the container's JNDI, just not using their full-blown app server JAR.
  I think there must be a simple way to do this with an ejb-jar.xml, I am no expert in JNDI, I could be missing something simple, I will keep at it and post an answer here if I come up with it.
  Thanks, jayIt is simple to code. Getting it to integrate with your app server, yes, that can be challenging. But it has nothing to do with EJB's. Write a simple test. Using nothing but DataSource and InitialContext. Let us know where you get stuck.
  - Saish

• OAM (10.1.4.3) Integration with WebLogic App Server (10.3.0 or below)

  Hi All,
  Can I use OAM 10.1.4.3 (Authentication Provider & Identity Asserter) to implement SSO with weblogic App Server 10.3.0 or below?
  OAM 10.1.4.3 Authentication Provider & Identity Asserter is the recommended way to configure SSO with Web Logic App server 10.3.1 ( Oracle Middleware 11g).
  And
  OAM 10.1.4.2 uses WebLogic SSPI to configure SSO between OAM 10g and WebLogic App Server 10.3.0 or below.

  Hi,
  This is how the integration goes with different versions of WLS and OAM.
  There is oamAuthnProvider.jar available with OAM 10.1.4.3 downloads. So it provides the assertion functionality.
  Can I use OAM 10.1.4.3 (Authentication Provider & Identity Asserter) to implement SSO with weblogic App Server 10.3.0 or below?
  Mahendra: Yes
  OAM 10.1.4.3 Authentication Provider & Identity Asserter is the recommended way to configure SSO with Web Logic App server 10.3.1 ( Oracle Middleware 11g).
  Mahendra: Yes, this is the recommended and easy approach.
  OAM 10.1.4.2 uses WebLogic SSPI to configure SSO between OAM 10g and WebLogic App Server 10.3.0 or below.
  Mahendra: Yes, older version of OAM uses SSPI connector installation.
  HTH.
  Mahendra.

• How to get error information back from Office Web Apps server?

  I'm developing a web application with an embedded Word iframe that interfaces with an Office Web Apps server; I am trying to implement the MS-FSSHTTPB protocol for my WOPI server.
  More details here. When I send a bad response back to the OWA server it stops making requests to the WOPI server and sends the following error message back to the browser client: "Sorry, there was a problem and we can't open this document. If this
  happens again, try opening the document in Microsoft Word."
  Is there a way I can get additional information about what went wrong so that I can correct it?

  Yes, this is closely related to SharePoint.
  I'm trying to embed a Word editor in our web app. The Word iframe is served from the OWA server. It typically communicates with a SharePoint server to receive information about the document its trying to display.
  I'm trying to implement the SharePoint portion. The servers communicate via the MS-FSSHTTPB protocol (among others) which I'm struggling to implement. When I send a response to the OWA server that it doesn't like then it stops replying. I'm wondering how
  I can retrieve the exact error the occurred.
  I believe I originally posted this question to Open Specifications  >  SharePoint Server Protocols.

• Xaresource and app. server

  Hi everyone,
  i am trying to write a xa-resource. i went through JTA spec. at section
  [3.3.1 Resource Enlistment], spec says
  'for each resource in use by the application, the application server
  invokes the -enlistResource- method and specifies the XAResource object
  that identifies the resource in use. the enlistResource request result
  in TM informing the resource manager to start associating the txn with
  the work performed through the corresponding resource'.
  Q1. how do i 'register' or let the app.server know about my XA Resource?
  Q2. how does app. server knows which xa resources are involved in the
  application?
  thanks,
  -talip

  Hi,
  Application servers and JTA implementations that don't do restart or crash recovery (like virtually all open-source products I know of) don't need you to do anything special for your XAResource.
  It's a bit like driving a car without brakes: it works as long as there are no obstacles on the road.
  On the other hand, a JTA implementation that works the way it should (and therefore does recovery) will typically have a custom mechanism to find out about your resource when it restarts or does recovery.
  For more information, you can download our free developer release, or just download the JtaGuide from the same page:
  http://www.atomikos.com/download.html
  Best,
  Guy
  http://www.atomikos.com - Insure your data

• Use of Xerces Parser in out application with Oracle App Server 9.0.4

  The problem in brief:
  Our product is a web-app that runs under various Application servers.
  One of our customers who uses Oracle App server, recently upgraded from 9.0.2 (9g) to 9.0.4 (10g), and our product no longer works with the latter version.
  Our product uses XML parser Xerces 1.1.
  In 9.02 it was possible to replace the App servers parser with Xerces 1.1. In 9.02 it was possible to replace the App servers parser with Xerces 1.1 (We modified the opmn.xml file, setting the Java options for our oc4j instance bootclasspath with xerces parser). Hence, our product works.
  In 9.0.4, apparently, Oracle moved to a different parser, and it no longer allows the parser to be replaced. If the bootclasspath is modified with XERCES(tested various versions of xerces) parser, rightfully so ORACLE Application server does not start.
  Unlike other prominent Application Servers (such as webshpere etc,) the Oracle application server does not support separate JVMs or namespaces for web-apps either.
  We like, oralce application server, OC4J instance for our application to use the xerces parser version qualified with our product. We understand, replacing the XML parser for the entire Oracle Application Server is not supported function.
  Since, Oracle Application Server is loading the oracle 'xmlparserv2' at system class path, though the applicaton has xerces.jar in application path (either in AppLib or web-inf/lib directory, Its not a class loading issue) it is not getting used (since javax.xml.parsers.documentbuilderFactory is mapped to oracle parser).
  So, it looks like the only option available to us is to modify our product to use Oracle's XML parser. This is a major software change, and we want to keep it as last resort option.
  Any suggestion and help will be higly appreciated.
  Perraju Nadakuduty (raju)
  E-mail:[email protected]

  Raju --
  Thanks for the intelligent posting on a difficult issue for you.
  I wasn't aware of anything specifically being introduced that prevented the bootclasspath technique from working** in the 904 release.
  For 904, the bootclasspath needs to be put in the start parameters tag of the java-options tag.
  <process-type id="home" module-id="OC4J" status="enabled">
  <module-data>
  <category id="start-parameters">
  <data id="java-options" ... -Xbootclasspath/a:/java/lib/xerces.jar"/>
  </category>
  </module-data>
  </process-type>
  You can also try copying the xerces.jar into the jre/lib/ext directory so it's loaded by the system classloader and see if that works**. This will put xerces at the extension level so
  **these workarounds are not supported and will put you in an unsupported situation if a problem occurs.
  The good news is that have taken steps to clearly enable the separation of container versus appplication class spaces in thenext production release (10.1.3) of OC4J. We will be providing a new classloading model which cleanly separates the two namespaces and allows applications to provide their own versions or distributions of class libraries with no collisions with the OC4J runtime libraries.
  I don't know of any easy ways to do what you need -- other than reworking the app to use JAXP so that the parser implementation used is pluggable as you kind of allude to. If it was possible, I'd do that rather than hard coding in the use of the Oracle XML parser.
  But just to reiterate, switching in xerces at the bootclasspath level is not a supported operation since it may have an effect on the OC4J runtime operation.
  cheers
  -steve-

• ResultSet processed at the DB server or App Server???

  Well,
  If I have a ResultSet object that is fetched with a couple of records, where does the actual records stay???
  Are these records fetched into your App server, or they still are with your DB?? So, when I call "rs.next()", evidently does the App server need to fetch each and every record from the DB, if the latter is true??? If the former is true, how do you explain that the ResultSets and other related objects are scarce DB resources???
  Thx for your time.
  fun_one

  A ResultSet is a Java object, so it resides on the application server. A ResultSet is associated with a database cursor, which resides on the database server.
  When you open a cursor, i.e. execute a query, the database figures out which rows match the query. The database servers builds a data structure of some sort in its memory, containing the selected data. The data structure is...cough...don't ask me, I don't know. Must be fairly significant to allow for transaction isolation, sorting, joins, ... If you just do "select * from foo" without a "where" clause, the db server may get by with a simpler data structure.
  The database then sends the first, say, 10 rows to the application server. The db server also says, "here's the data on the newly opened cursor, and let's call this cursor #22."
  After the application server has looped 10 times in while(res.next()), res.next() says to the db server, "dude, I have this cursor, #22, send me more data on it." The db server sends the next batch of 10 rows. This repeats until all rows are processed, or you close the ResultSet (aka close the cursor).
  Closing the ResultSet tells the database server that it can release the data structure that holds the stuff in the cursor. If you don't close the cursor, the data structure needs to stay there, reserving memory, in case you rewind it and start reading it over.
  So, a ResultSet + cursor take space on both the application server and at the db server.
  The number of rows that are fetched at a time can be adjusted; see setFetchSize(). It's a tradeoff between the number of times a round trip has to be made, vs. the memory it takes to keep the 10 or whatever rows in memory before res.next() gets to them.
  All of this depends on how the db server and the JDBC driver are implemented, but I'd guess the above is a pretty typical way of doing it.

• Error in downloading jars through jnlp from Oracle 10.1.3 App Server

  I am working on migrating an application (containing two WARs) from Resin servlet server to Oracle 10.1.3 App Server. The migration was unit tested successfully. One of the WARs was implemented as a web service that downloaded JARs to the client PC through jnlp. When I tried to combine the two WARs into one (application) WAR, some of the JARs failed to download with an error message stating that they were "corrupted". 5 of the 6 "corrupted" contain native code, although two other native code JARs were able to download successfully.
  Most of the time the jnlp failure was accompanied with this error: WARNING: Exception returned by remote server: {0}
  javax.naming.NoPermissionException: Not allowed to look up java:comp/ServerAdministrator, check the namespace-access tag setting in orion-application.xml for details
       at com.evermind.server.rmi.RMIClientConnection.handleLookupResponse(RMIClientConnection.java:819)
       at com.evermind.server.rmi.RMIClientConnection.handleOrmiCommandResponse(RMIClientConnection.java:283)
       at com.evermind.server.rmi.RMIClientConnection.dispatchResponse(RMIClientConnection.java:242)
       at com.evermind.server.rmi.RMIClientConnection.processReceivedCommand(RMIClientConnection.java:224)
       at com.evermind.server.rmi.RMIConnection.handleCommand(RMIConnection.java:152)
       at com.evermind.server.rmi.RMIConnection.listenForOrmiCommands(RMIConnection.java:127)
       at com.evermind.server.rmi.RMIConnection.run(RMIConnection.java:107)
       at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:814)
       at java.lang.Thread.run(Thread.java:595)
  Error: Unexpected error during lookup : Lookup error: javax.naming.NoPermissionException: Not allowed to look up java:comp/ServerAdministrator, check the namespace-access tag setting in orion-application.xml for details; nested exception is:
       javax.naming.NoPermissionException: Not allowed to look up java:comp/ServerAdministrator, check the namespace-access tag setting in orion-application.xml for details
  Why is the jnlp failing when the WARs are part of the (main) application, but OK when it is part of a web service WAR? How can I overcome this problem?
  Thanks for your help.

  Hi Marc ,
  Thanks for your reply.....
  Did you mentioning the script (upgrade_10131_
  10133_oracle.sql) in the orabpel. I had run this script after applying the patch.
  Still iam facing the same issue.
  what need to be done?
  Could you please help me on this, because I need to do the Fault Handling Framework in BPEL and so i need the faultpolicy folder to be present.
  Since I got the folder by applying the patch, but what happend is when i try to check out for the activity status in the BPEL Console Activity tab it is showing the error as mentioned earlier. Any problem with patch implementation or any bug is there. So far i done the patch installation successfully without error and i upgraded the orabpel schema using the mentioned script also. Any other things i need to do?
  Regards,
  Ashok.

• Difference between using app server connection pooling and using the driver

  Hi all,
  How to get connection pooling with out application server and tomcat also?
  What is the difference between using app server connection pooling and using the driver supported connection pooling?
  Regards,
  Murali

  maybe the performance of App server pool is better than the JDBC pool,
  for you don't know wether the implementation of the JDBC interface is good or bad.