Security & Servlet engine and ejb container on different servers
When you have the servlet container and the ejb container on different physical servers,
how is the rmi connection meant to to be done while still maintaining the seucrity
propagation from servlet to ejb tier?
Assume that my user is already authenticated (forms) on the servlet tier. Do we then
create a dedicated connection (InitialContext + url/username/password properties)
to the ejb tier and store this connection in the HttpSession? (basically authenticating
a 2nd time)
OR,
can the servlet container make a generic connection to the ejb container, and pass
the users security context to the ejb tier transparantly?
-Sam
Nick Minutello <[email protected]> wrote:
> Assuming that web container security is being employed, I guess the fundamental question
> is: Is it necessary to create a "connection" (ie. an InitialConext) per user, or
> can a "global" initial context be shared (in the end, the TCP connection is shared
> anyway)?
It doesn't create a 'connection' per user - when you use JNDI authentication (specifying
principal and credentials when constructing InitialContext) it associates security info
with the current thread for the duration of the request. If you cache InitialContext and
use it later on some other thread it will not do anything.
> Does it really matter?
No ;-)
> Thanks,
> Nick
> "Dimitri I. Rakitine" <[email protected]> wrote:
>>Nick Minutello <[email protected]> wrote:
>>
>>
>>> OK, so when I create the InitialContext, I just specify the URL (to call
>>the remote
>>> EJB container). The user ID and credentials are mapped automatically.
>>
>>> I obviously also need to cache the initialContext variable in my HTTPSession
>>object?
>>
>>> What would happen if I had one InitialContext for the whole servlet engine
>>- and
>>> each thread used that. Would the thread (security) context still get passed
>>- or
>>> would the credentials for the original connection get used?
>>
>>If you use web-app security, container will associate security info with
>>the current
>>thread before invoking your servlet. If you do not use it and cache InitialContext,
>>
>>then the current user will always be 'guest' (except for the very first
>>time when
>>application calls 'new InitialContext()' with username/password.
>>
>>
>>> Thankyou.
>>> -Sam
>>
>>
>>> "Vinod Mehra" <[email protected]> wrote:
>>>>
>>>>"Sam the bad cat" <[email protected]> wrote in message
>>>>news:[email protected]...
>>>>>
>>>>>
>>>>> When you have the servlet container and the ejb container on different
>>>>physical servers,
>>>>> how is the rmi connection meant to to be done while still maintaining
>>>>the
>>>>seucrity
>>>>> propagation from servlet to ejb tier?
>>>>>
>>>>> Assume that my user is already authenticated (forms) on the servlet
>>tier.
>>>>Do we then
>>>>> create a dedicated connection (InitialContext + url/username/password
>>>>properties)
>>>>> to the ejb tier and store this connection in the HttpSession? (basically
>>>>authenticating
>>>>> a 2nd time)
>>>>>
>>>>> OR,
>>>>> can the servlet container make a generic connection to the ejb container,
>>>>and pass
>>>>> the users security context to the ejb tier transparantly?
>>>>
>>>>If the user has logged in already, ie the authenticated user is already
>>>>in
>>>>the execute
>>>>thread, the identity should be propgated to the ejb tier transparantly,
>>>>when
>>>>you create the
>>>>new initial context.
>>>>
>>>>--Vinod.
>>>>
>>>>
>>>>>
>>>>> -Sam
>>>>>
>>>>>
>>>>
>>>>
>>
>>--
>>Dimitri
>>
Dimitri
Similar Messages
-
Where should the support classes of servlets, JSPs and EJBs be placed
Hi
Could you please tell me where the support classes (simple
java classes) used by servlets, JSPs and EJBs should be placed.
I find that my application does not work if I place all the
support classes of a servlet under $MYSERVER/clientclasses. I need to place some in $MYSERVER/clientclasses and some in
$MYSERVER/servletclasses. But I figured this out my trial and error and I could not find any logical explanation why some of them should go into $MYSERVER/clientclasses and others into
$MYSERVER/servletclasses.
Thanks
Regards
Pratima
you can put 'em in weblogic classpath
Kumar
Pratima Nambiar wrote:
> Hi
> Could you please tell me where the support classes (simple
> java classes) used by servlets, JSPs and EJBs should be placed.
> I find that my application does not work if I place all the
> support classes of a servlet under $MYSERVER/clientclasses. I need to place some in $MYSERVER/clientclasses and some in
> $MYSERVER/servletclasses. But I figured this out my trial and error and I could not find any logical explanation why some of them should go into $MYSERVER/clientclasses and others into
> $MYSERVER/servletclasses.
>
> Thanks
> Regards
> Pratima
-
Engineering and Manufacturing Org has different name for same item
Dear All,
I have an Engineering department generally Create items and configure bills, routings then, transfer all to Manufacturing org.
My client has typical requirement as follows...
Engineering and manufacturing department has different name for same item.
Eg: Item A in Manufacturing org may be called as Item AA in Engg org. I have to maintain 2 names for same item. How to map this requirement in R12.
Regards,
SaravananCan oyu not make it an organization level item and specify the proce there instead of keeping it a master level item?
Regards,
Utsav. -
Want to run servlets, jsp and ejb
Hi there, I have just installed Oracle9iAS on my PC and want to check how to use OAS with servlets, JSPs and ejbs, so can any one tell me where can I find some worked examples and step by step deployment process, any help would be appreciated, regards, Shabbier
If you have installed Oracle9iAS, you should be able to get to the welcome page at
http://<machine_name>:7778/
You can see J2EE demos off that page.
Also, you can find info about oracle9iAS and documentation
at http://otn.oracle.com/products/ias/content.html
OC4J info can be found at
http://otn.oracle.com/tech/java/oc4j
-Prasad -
Classes, Stateful EJBs and EJB Container
Hi,
We have several doubts about classes, servlets, and EJBs.
We have been told that the instance of non-static classes from JSPs or servlets
can be a problem if we have a big number of clients connecting to weblogic (or
any other app server). Would it be a problem? Is it a better practice to instantiate
those classes from EJBs?
We have been told that EJBs are managed by the EJB container, and it uses a pool
for serving them to clients, passivating and activating them. This would include
the classes instantiated inside them. Is it true?
If all our guesses are true, the better way to implement a search with pagination
would be a stateful EJB, using handlers to save it in the client's session. But
we've heard that stateful EJBs are really bad for server's perfomance. Is it true?
We are using Weblogic 7.0. If so, what are they useful for???
If they can be a problem, how to build that searching using stateless EJBs?
Best regards,
Ignacio SanchezYou're right, the concrete tag to use seems to be:
<replication-type>InMemory</replication-type>
Anyway, do you have any further explanation on Stateful's behaviour with many
clients and pagination implementation?
"Stanley Beamish" <[email protected]> wrote:
>
"Ignacio Sanchez" <[email protected]> wrote in message
news:[email protected]...
Thanks for your replies.
Anyway, I still have some questions about stateful EJBs. In a clusteredenvironment,
we've been told that stateful EJBs are only balanced before create()method. So,
if we have already "created" the Remote interface, we're using it,and the
server
fails and must be balanced to another instance, what will happen? Willwe
lost
that Remote interface and data included in it?
Not necessarily, you can enable replication, which means that your stateful
EJB's state (values of i-vars) can be replicated across nodes in a cluster.
Search through the WLS cluster documentation for details.
SB
And about your suggestion on pagination using stateless. Could youplease
explain
it in more detail? I haven't understood it well.
Thank you very much for your attention.
"Sri" <[email protected]> wrote:
Hi,
Look below for my coments.
S
"Ignacio Sanchez" <[email protected]> wrote:
Hi,
We have several doubts about classes, servlets, and EJBs.
We have been told that the instance of non-static classes from JSPsor
servlets
can be a problem if we have a big number of clients connecting to
weblogic
(or
any other app server). Would it be a problem? Is it a better practice
to instantiate
those classes from EJBs?It all boils down to your architecture. If you have a lot of clients
connecting
to web container then and if each client needs objects stored in session
then
you have to refactor your object distribution. But this could be avoided
by separating
static content from dynamic content (using proxies, load balancersetc),
having
more web containers etc. It's not necessary to instantiate these classes
in EJBs
always (then you are increasing your memory footprint). The generalguidelne
is
to do more heavy duty work as you go deeper into tiers hopefully handling
less
connections etc.
We have been told that EJBs are managed by the EJB container, and
it
uses a pool
for serving them to clients, passivating and activating them. Thiswould
include
the classes instantiated inside them. Is it true?
True.
If all our guesses are true, the better way to implement a search
with
pagination
would be a stateful EJB, using handlers to save it in the client'ssession.
But
we've heard that stateful EJBs are really bad for server's perfomance.
Is it true?
We are using Weblogic 7.0. If so, what are they useful for???
True if misused as stateful EJBs, just like HTTP sessions could bereplicated
and could be activated/passivated.
If they can be a problem, how to build that searching using stateless
EJBs?
You could cache searchs and pass identity and page numbers to theSLSB.
Best regards,
Ignacio Sanchez -
Web container and EJB container
Web Container - EJB Container
What protocol used for communication and how do they communicate with each other?Check out the J2EE blueprints:
http://java.sun.com/j2ee/blueprints/apmTOC.html -
Communicating with other ejb's on different servers not in a cluster
I have a problem and that is that I cannot get to EJB to communicate.
What I do is this
|Klient OK |
|
| call remote method \\ returnAnotherBeansMethod();
|EJB in server1 |
|
| call remote by ordinary client call\\ returnMessage();
|EJB in server2 |
When I tried to use communicate with JONAS
I got a security problem
We innstalled a security manager but we still had the same error
Somethin about not getting socket permission
When I tried the same senario with BEA's T3 protocol I got an error that
told me that t3 was no a valid protocol???
Does anyone have sample kodes for a senario such as this one?
It will not be used or distributed futher...
-RonnyI tried something which worked but it is not recommended because the Workload Manager has trouble with this if you cache the InitialContext over multiple sessions.
What i did was create a hashtable which could hold multiple Initialcontext and were stored based on the JNDI-name, i also had another hashtable which stored objects that held information about the EJB (jndiName, classname, providerURL, caching). So what i did was when you call the ServiceLocator for the first time, 2 hashtables were created and filled based on an xml-file. Then if a client wants to access an EJB all it had to do was give the JNDI name, from one hashtable an object was retrieved, check if that objects holds an providerURL, if not use the standard, if so get the InitialContext from the second hashtable and perform a lookup. Works perfectly but again not recommended.
Cheers,
Maarten -
1 Admin console to manage OSB and SOA installed on different servers
Dear All,
We are planning to have OSB installed on Host 1 and SOA server installed on Host 2. But there will be one Admin console to manage these 2 for the ease of maintenance. When i was trying to install this configuration I had few issues. Hope SOA experts can help me with the configuration.
1)
As SOA and OSB are installed on 2 different host both the servers must have weblogic installed as pre requisite. So I will have
on host 1:
http://host1:7001/console
http://host1:7001/sbconsole
On host 2:
http://host2:7001/console (this is redundant)
http://host2:8001/soa-infra
2) Is it possible to inactivate http://host2:7001/console ? and add SOA server running on host2 to http://host1:7001/console. In the sense, I would like to control the SOA server from host 1.
Issue No :2
When I create a domain on Host 1 I just get the options for OSB and not SOA. It is obvious as SOA is not installed on Host1. but if that is the case, Is it possible to add SOA server running on host2 to host1. Is it going to be a cluster?
Is this configuration seems realistic? Has anyone implemented. Any pointers please.
Reagrds,
AaniHi Aani,
Please go through the blog series -
http://blogs.oracle.com/reynolds/2010/09/installing_an_11g_soa_cluster.html
You may also refer EDG -
http://download.oracle.com/docs/cd/E17904_01/core.1111/e12036/toc.htm
Regards,
Anuj
Edited by: Anuj Dwivedi on Feb 23, 2011 9:14 PM -
Problems with IISProxy Module (IIS and EP6.0 on different servers)
Hi I am trying to configure IIS 6, I have followed all the instructions outlined in the document "Installing the IIS Proxy Module" and followed the note 715303. When i try to access the the link http://ep6idc91.***.com I get the under construction main page to IIS server.
My IIS server is ep6idc91 and the ep6 server is ep6idc92.
Is my XML config correct?
<ISAPI-config version="1.6">
<filter name="IisProxy filter" authentication="forward" log-level="1" log-flags="0" debug-flags="0" priority="high" extension-url="/scripts/IisProxy.dll" remote-address="skip" />
<extension name="IIsProxy irj" log-level="1" log-flags="0" debug-flags="0" access="filter" />
<mapping name="IIsProxy irj" log-level="1" log-flags="0" debug-flags="0" keep-alive="true" use-continue="true" close-socket="true" close-socket-delay="1000" thread-count="100" max-socket-age="37">
<source access="filter">
<protocol>http</protocol>
<prefix>/irj/</prefix>
</source>
<target>
<protocol>http</protocol>
<host>ep6idc92.****.com</host>
<port>50100</port>
</target>
<compress-types min-size="1024">text/html, text/plain</compress-types>
<protocol-header>ClientProtocol</protocol-header>
</mapping>
<config>
<source access="filter">
<protocol>http</protocol>
<host>ep6idc91.*****.com</host>
<prefix>/IISProxy</prefix>
</source>
</config>
</ISAPI-config>
Message was edited by: Anton AnsalmarHi Anton,
Here is sample IIS file of mine.
<ISAPI-config version="1.6">
<filter name="IisProxy filter" authentication="forward" />
<extension name="IisProxy extension" />
<mapping name="IisProxy samples">
<source>
<protocol>http</protocol>
<prefix>/irj/</prefix>
</source>
<source>
<protocol>http</protocol>
<prefix>/irj</prefix>
<new-prefix>/irj/</new-prefix>
</source>
<source>
<protocol>http</protocol>
<prefix>/portal/</prefix>
<new-prefix>/irj/</new-prefix>
</source>
<source>
<protocol>http</protocol>
<prefix>/logon/</prefix>
</source>
<target>
<protocol>http</protocol>
<host><hostname></host>
<port>50000</port>
</target>
<compress-types>text/html, text/plain</compress-types>
</mapping>
<mapping name="Secure IisProxy samples">
<source>
<protocol>https</protocol>
<prefix>/Hello/</prefix>
</source>
<target>
<protocol>https</protocol>
<host>localhost.your.corp</host>
<port>8443</port>
</target>
<keystore-path>c:\sec\SAPSSLC.pse</keystore-path>
</mapping>
<config>
<source>
<protocol>http</protocol>
<host>localhost</host>
<prefix>/IisProxy</prefix>
</source>
<source>
<protocol>https</protocol>
<host>localhost</host>
<prefix>/IisProxy</prefix>
</source>
</config>
</ISAPI-config>
thanks,
Praveen -
MDT Deployment share and SQL Share on different servers
Hello Technet,
I would like help to figure out how to deal with my MDT Deployment share being on a different server than my SQL Share. I am trying to use the MDT Database in MDT 2013 and SQL Server Express 2014. My deployment share is located on a Linux File Server share,
and my MDT Server and SQL Express Server are located on the same Windows Server 2012 VM.My Bootstrap.ini therefore looks like this:
[Settings]
Priority=Default
[Default]
SkipBDDWelcome=YES
DeployRoot=\\192.168.1.10\DeploymentShare$
UserID=user
UserPassword=password
my Customsettings looks like this:
[Settings]
Priority=CSettings, CPackages, CApps, CAdmins, CRoles, Locations, LSettings, LPackages, LApps, LAdmins, LRoles, MMSettings, MMPackages, MMApps, MMAdmins, MMRoles, RSettings, RPackages, RApps, RAdmins, TaskSequenceID,Default
[Default]
CaptureOS=YES
[CSettings]
SQLServer=SQLServer
Instance=SQLEXPRESS
Database=MDT
Netlib=DBNMPNTW
SQLShare=Logs
Table=ComputerSettings
Parameters=UUID, AssetTag, SerialNumber, MacAddress
ParameterCondition=OR
Therefore, the problem is that during winPE Bootup, WinPE connects to the deploymentshare using the provided credentials just fine, and tries to process customsettings. However, I can map a network drive to the SQL Share as seen in the logs by the following
errors:
1.ERROR-Unable to map a network drive to \\SQLServer\Logs
2. ZTI Error opening SQL Connection:[DBNETLIB][ConnectionOpen(Connect()).]SQL Server does not exist or access is denied.
3.Unable to establish database connection using [CAPPS] properties.
In WinPE, as soon as I hot F8, and use net use \\SQLServer\Logs, the deployment works fine and the properties are read from the database during each section process..
Why is MDT Unable to map the \\SQLServer\Logs , and it requires the manual use of net use? Must I move the deployment share to the same server as my SQL Server Server? Thanks so much.Should work, Don't know why it's failing.
Can you post your full bdd.log file to a public site like OneDrive and share the link?
There are some inconsistencies with your written summary above.
Keith Garner - Principal Consultant [owner] -
http://DeploymentLive.com -
MySql database and php code on different servers
I created a table on a MySql database on server A. Now I'm
trying to create
a page to display the contents of the table. I know that the
html code ( and
php) is on a different server (server B). I managed to create
a database
connection however when I try this connection I cannot see
the table I
created. When I click on the Connection name I get the Stored
Procedures,
Tables and View list. I click on the Tables and although I
get a connection
to the server A, no table is displayed.
Am I trying to do something silly here?
any help will be appreciated.
Twanny> Am I trying to do something silly here?
I do it this way all the time. My testing server is local to
my development
LAN, but the MySQL server and database is remote (on the
remote site). To
make this work, you would have to make sure that the remote
server permits
an external connection. If it does, you should be golden.
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go
- DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs,
Tutorials & Resources
==================
"Twanny" <[email protected]> wrote in message
news:gabbu1$ngv$[email protected]..
>I created a table on a MySql database on server A. Now
I'm trying to create
>a page to display the contents of the table. I know that
the html code (
>and php) is on a different server (server B). I managed
to create a
>database connection however when I try this connection I
cannot see the
>table I created. When I click on the Connection name I
get the Stored
>Procedures, Tables and View list. I click on the Tables
and although I get
>a connection to the server A, no table is displayed.
>
> Am I trying to do something silly here?
>
> any help will be appreciated.
>
>
>
>
> --
> Twanny
> -
BI Schedule and Presenation Server on Different Servers Configuration
I'm having a problem getting my iBots to run and deliver the information to the catalog with the following configuration:
2 Presentation Servers on Windows with IIS for NTLM authentication (via a Load Balancer)
OBIEE Server and Scheduler, and Presenation Server on Solaris (the Presentation Server on Solaris will be turned off)
The catalog between the 2 Windows Servers are are shared. When I create an iBot on the Windows the request is sent to the Scheduler on Solaris and errors out with the following message:
[nQSError: 77006] Oracle BI Presentation Server Error: A fatal error occurred while processing the request. The server responded with: Path not found (
/shared/_ibots/Test Email from UAT)^M
Error Codes: U9KP7Q94^M
My question is why does the scheduler send the alert to the Presentation Server on the Solaris box and not the shared Presentation Server with the shared catalog on the Windows Servers. Am I missing something in the configuration?
Thanks,
ChuckI figured it out. I had to re-run the schconfig utility on UNIX and reconfigured the server from localhost:9710 to the actual server name.
-
MOBI with BOE and mobile server on different servers
Hi Experts,
We need to set up a BO MOBI with BOE and Mobile server on two separate servers.
In such a configuration, how does the two servers communicate?
What should be the VAS and VMS server configurations? especially the external hostnames in the files?
We are looking for a non Blackberry(proxy) deployment.
We have installed the software,however the windows services of Authserver and the Job servers are not available in the mobile server instance
Any help would be highly appreciated.I figured it out. I had to re-run the schconfig utility on UNIX and reconfigured the server from localhost:9710 to the actual server name.
-
[beginner] Relationship between app server and JBI container
Hello,
I downloaded the Sun app server as well as the JBI SDK and I would like to understand how they relate to each other. Is the JBI SDK a plug-in in the app server? Does it run on top of it? What part of J2ee are used by JBI?(servlets, ejbs, JCA???).
Thanks in advance,
Julien.
PS
Any answer is welcome. I am a complete beginner in JBI and I am looking for some primer that will help me get started with the spec...JBI is a specification; its up to the implementations to decide how they interact with different application servers. e.g. Sun's RI may work in Sun's app server and, say, JBoss. ServiceMix is already integrated into Apache Geronimo but has deployers for any Servlet engine and JBoss.
Typically a JBI container will use servlets for HTTP bindings and can use EJBs if required. JCA integration is an option too - e.g. ServiceMix can either integrate with the application servers JCA engine or can use its own embedded JCA engine - Jencks (http://jencks.org).
James
http://logicblaze.com/ -
Is tomcat a web server or web container? I got information like this:
web server: Is responsible for receiving request from
client and sending responses to client.
web container: w.c contains Servlet engine and jsp engine,
responsible for executing servlets(JSP) life cycle.
once webserver receivs the request it sends the control to
webcontainer,after execution of servlet(jsp) response will
be sent to web server ,web server will send the response to
client.
I am now totally confused. Your reply will be much helpfulSun's Web Server (which this forum is about - download it here: http://www.sun.com/webserver) is a web server with an embedded web container. So, it is both. That's one of the reasons why it scales so well for Java Servlet content. Give it a try...
Maybe you are looking for
-
I attempted to rent a movie from i-tunes. The download started and toward the end of the process it stopped downloading and it said "processing". Then i went to the video page and the movie was there and the 24hr countdown had already started. So i f
-
Calling Java Android code from XSLT
I am trying to get an XSLT stylesheet to work that invokes Java code at certain points during execution (used to parse RDFa). You can find a very simple example of such code below: <?xml version="1.0" encoding="UTF-8"?> <stylesheet xmlns:xsl ="http:/
-
User is not able to download specific excel file in sharepoint
Hi, Could you please help? thanks srabon
-
SRM PO Pricing condition from SRM to ECC -Extended Classic Sceanrio
Dear SRM experts, We have created couple of conditions in SRM7.0 and ECC 6.0 as per requirement. When we create PO in SRM and If we add any condition in SRM PO, PO is getting transferred with netprice(including condition amount). We would like to see
-
All of a sudden ALL of my Adobe programs stopped working, cannot open, uninstall or reinstall. DW, PS, PE etc. That has brought my productivity to a halt!