users@glassfish.java.net

RE: AppClient/JWS/Derby/Security problems

From: Martin, Ray <armart3_at_tycho.ncsc.mil>
Date: Mon, 18 Sep 2006 15:59:48 -0400

well, in that case, i did REALLY good...

i am almost afraid to ask, but here goes.

when i was able to follow instructions and get derby.jar into JRE's lib/ext
directory, appclient was able to run my app. what does it take now for
appclient/JWS to do the same thing - it is still getting the "No suitable
driver" error.

i probably shouldn't tell you this, but i was parallel tasking, and in
between testing my app with appclient, i was also using a Linux console to
prepare for rebuilding the kernel to include a TPM driver, when i pressed
the wrong buttons to get back to my xterm - instead i rebooted my machine,
closing over thirty windows, some with Netbeans and Glassfish, others with
various test scenarios. man, i am having a great day...


-----Original Message-----
From: Marina.Vatkina_at_Sun.COM [mailto:Marina.Vatkina_at_Sun.COM]
Sent: Monday, September 18, 2006 3:49 PM
To: users_at_glassfish.dev.java.net
Subject: Re: AppClient/JWS/Derby/Security problems


Sometimes it's good to ask strange questions ;)

-marina

Martin, Ray wrote On 09/18/06 12:40,:
> i am duly embarrassed
>
> org.apache.derby.jdbc.EmbeddedDriver is in derby.jar
>
> i am using persistence.xml, which has url/usr/pwd
>
> i place derby.jar into JRE's lib/ext (as i was originally told to do) and
> appclient works GREAT - no error.
>
> i was definitely in the Twilight Zone - sorry.
>
> -----Original Message-----
> From: Marina.Vatkina_at_Sun.COM [mailto:Marina.Vatkina_at_Sun.COM]
> Sent: Monday, September 18, 2006 3:16 PM
> To: users_at_glassfish.dev.java.net
> Subject: Re: AppClient/JWS/Derby/Security problems
>
>
> Ray,
>
> Can you send us a stack trace (with all nested parts available in the
log)?
>
> But this statement surprises me: "driver is in toplink-essentials.jar" -
> there is no database driver in that jar.
>
> Also, do you look up a database by jndi name, or provide url/usr/pwd as
> toplink... properties?
>
> thanks,
> -marina
>
> Martin, Ray wrote On 09/18/06 11:28,:
>
>>i tried - it didn't like me - SOS (that last word would be stuff - yea,
>>that's it - Same Old Stuff)
>>
>>the driver is in toplink-essentials.jar - which i copied into JRE's
>
> lib/ext
>
>>like you said.
>>
>>running appclient with my app (KART) results in the "No suitable driver"
>>error.
>>
>>
>>i then tested KART outside of appclient - it too failed with "No suitable
>>driver".
>>
>>i removed toplink-essentials.jar from JRE's lib/ext and KART would run
>
> stand
>
>>alone (but still would not run using appclient). i have never experienced
>>anything like this one. by taking toplink-essentials.jar out of JRE's
>>lib/ext, my app would run, but putting toplink-essentials into JRE's
>
> lib/ext
>
>>causes the app to fail with "No suitable driver". ooohhhh boy.
>>
>>so, i tried a second app (DrawingAddon) just to make sure i was not in the
>>Twilight Zone. same thing - the app fails with toplink-essentials.jar
>>placed into JRE's lib/ext directory and runs ggggreat when JRE's lib/ext
>>does not contain toplink-essentials.jar. okay - this is starting to make
>
> me
>
>>feel like a crazy person - what in the world am i doing wrong?
>>
>>
>>
>>-----Original Message-----
>>From: Sanjeeb.Sahoo_at_Sun.COM [mailto:Sanjeeb.Sahoo_at_Sun.COM]
>>Sent: Monday, September 18, 2006 1:44 PM
>>To: users_at_glassfish.dev.java.net
>>Subject: Re: AppClient/JWS/Derby/Security problems
>>
>>
>>Put the JDBC drivers in $JAVA_HOME/jre/lib/ext and try.
>>
>>Thanks,
>>Sahoo
>>Martin, Ray wrote:
>>
>>
>>>here is a snippet of Main.java
>>>
>>> ...
>>> public class Main {
>>>33 //_at_PersistenceUnit(unitName="SVG_drawings");
>>>34 private static EntityManagerFactory emf;
>>>
>>> private EntityManager em;
>>>
>>> pubic Main() {
>>> ...
>>>
>>>48 emf =
>>>Persistence.createEntityManagerFactory("SVG_drawings");
>>>49 em = emf.createEntityManager();
>>>
>>> ...
>>> }
>>>
>>>1) if i use line 33 and remove line 48 - i get the error:
>>>org/osgi/framework/BundleActivator
>>>
>>>2) use line 48 and 49 - i get the error: "No suitable driver"
>>>
>>>3) use line 48 and remove 49 - JWS occurs and the app stands up (but, of
>>>course, not useful because there is no EntityManager
>>>
>>>How can i get past #2 above?
>>>i know you said "...the driver is not in the classpath..." - what am i
>>>supposed to do about that?
>>>
>>>How does appclient 'see' Persistence?
>>>
>>>i include derby.jar, pastry.jar, xmlpull_1_1_3_4a.jar, and
>>>xpp3-1.1.3.4d_b2.jar in my application jar, which is KART.jar. KART.jar
>>
>>is
>>
>>
>>>deployed to Glassfish as an AppClient Module.
>>>
>>>i know that these jars can be 'seen' because PASTRY runs, therefore, the
>>>pastry.jar is visible.
>>>
>>>i have not included javaee.jar - so, i do not understand how Persistence
>>
>>is
>>
>>
>>>'seen'.
>>>
>>>just one more little bit of help, please.
>>>
>>>
>>>
>>>-----Original Message-----
>>>From: Martin, Ray [mailto:armart3_at_tycho.ncsc.mil]
>>>Sent: Wednesday, September 13, 2006 6:17 PM
>>>To: 'users_at_glassfish.dev.java.net'
>>>Subject: RE: AppClient/JWS/Derby/Security problems
>>>
>>>
>>>i put derby.jar into KART.jar. derby.jar is not included in any addon
>>
>>jar.
>>
>>
>>>is including derby.jar into the KART.jar a bad thing? this runs nicely
>>>outside of appclient.
>>>
>>>-----Original Message-----
>>>From: Marina.Vatkina_at_Sun.COM [mailto:Marina.Vatkina_at_Sun.COM]
>>>Sent: Wednesday, September 13, 2006 6:16 PM
>>>To: users_at_glassfish.dev.java.net
>>>Subject: Re: AppClient/JWS/Derby/Security problems
>>>
>>>
>>>You can have EMF anywhere in the code where you can do a lookup
>>>if you want to use a container-managed EMF. Now, if you use app-
>>>managed EMF, you can create it by yourself via
>>>Persistence.createEntityManagerFactory("...") as you would
>>>do in a Java SE environment.
>>>
>>>If you would like to use injection to create it, the rules
>>>of the main class apply.
>>>
>>>The "No suitable" error means that the driver is not in the
>>>classpath. Tim, how this can be checked?
>>>
>>>thanks,
>>>-marina
>>>
>>>Martin, Ray wrote On 09/13/06 14:55,:
>>>
>>>
>>>
>>>>KART.jar is deployed to Glassfish as an AppClient Module. There is no
>>>>enterprise archive file relative to KART. When an AppClient Module is
>>>>deployed, there are two pages in the Web Admin Console. The first page
>>>>has a check box for Java Web Start enabled. I check that box.
>>>>Thereafter, the following URL in Firefox causes KART to stand up:
>>>>http//:gateway:8080/KART?prop=DBHome=/usr/local/dbHome
>>>>
>>>>I also have a JSP available from an enterprise app deployed to
>>>>Glassfish. But, this is probably a 'don't care' relative to our
>>>>discussion - just wanted to make sure.
>>>>
>>>>So what is the next step? Should I send something? test something?
>>>>your wish is my command...
>>>>
>>>>I reviewed the stack trace below before hitting the send button and I
>>>>thought of something else that may be relevant.
>>>>
>>>>There is a web app, Addons.war, that is deployed to Glassfish. In that
>>>>war file are simply three jar files - ChatAddon2.jar, DrawingAddon.jar,
>>>>and SecurityAuditor.jar
>>>>
>>>>After JWS has launched KART, the substrate, a GUI is available - the
>>>>user can select a button, "VisitAddon Store". This button points to the
>>>>URL of Addons.war in Glassfish. The resulting HTTP response is parsed
>>>>and the three jar files are shown in a Swing Listbox. The user can
>>>>select an addon one at a time.
>>>>
>>>>If I select ChatAddon2 from several different computers (each from a
>>>>KART launched via JWS) then the chat GUI stands up and a chat session
>>>>can occur between the collaboration nodes of the structured overlay
>>>>network. This is working.
>>>>
>>>>If I select the addon, SecurityAuditor, the GUI stands up - but, this
>>>>addon is immature and does not do much just yet (but, eventually, it
>>>>will need data persistence). This addon is working to its current level
>>>>and does not crash.
>>>>
>>>>If I select the addon, DrawingAddon, then the bold lines below occur -
>>>>and crash.
>>>>
>>>>What is happening is that when the user selects an addon from the list,
>>>>KART asks that addon if it has a DataAccess layer. Both ChatEditor2 and
>>>>SecurityAuditor respond with a null signifying that they do not have a
>>>>DataAccess layer. DrawingAddon responds with the name of the class that
>>>>is its DataAccess layer. KART then uses its AddonClassLoader to
>>>>retrieve the DataAccess class, in this case, DataAccessImpl, from
>>>>DrawingAddon.jar not from KART.jar. After DataAccessImpl has been
>>>>instantiated, KART passes emf (EntityManagerFactory). In the method
>>>>that DataAccessImpl receives emf, it then has the line: em =
>>>>emf.createEntityManager();
>>>>
>>>>We discussed that EntityManagerFactory needed to be in the main class of
>>>>KART. But, we did not discuss that EntityManager needed to be in the
>>>>main class of KART. But, I will go ahead and test passing EntityManager
>>>
>>>>from KART to the DataAccessImpl - just as easy to do - just did not
>>>
>>>>happen to do it that way.
>>>>
>>>>Before sending the email, I moved: em = emf.createEntityManager(); - the
>>>>main class of KART and re-tested. The error moved for both 'appclient
>>>>only' and appclient/JWS as can be seen in the attached traces.
>>>>
>>>>
>>>>
>>>>I would like to have EntityManager and EntityManagerFactory in my
>>>>addon.DataAccessImpl class and not in kart.Main class. Also, I would
>>>>like to utilize persistence.xml from the addon jar not the KART jar.
>>>>PLEASE.
>>>>
>>>> -----Original Message-----
>>>> *From:* Timothy.Quinn_at_Sun.COM [mailto:Timothy.Quinn_at_Sun.COM]
>>>> *Sent:* Wednesday, September 13, 2006 4:19 PM
>>>> *To:* users_at_glassfish.dev.java.net
>>>> *Subject:* Re: AppClient/JWS/Derby/Security problems
>>>>
>>>> Hi, again, Ray.
>>>>
>>>> In the stack trace related to the permission problem launching via
>>>> Java Web Start (in Thread-25 as excerpted below) I suspect the error
>>>> occurs because, although the TopLink code itself has been granted
>>>> elevated permissions and would be allowed to read the property, the
>>>> SecurityManager will not permit it to do so unless all intervening
>>>> methods in the call stack also have that permission. I suspect that
>>>> the kart... classes are not being granted permissions (bolded in the
>>>> stack trace).
>>>>
>>>>
>>>> With that in mind - and if you have already described this earlier
>>>> in the mail thread I apologize for asking again - can I ask how,
>>>> physically, are the kart.* classes made available to the client?
>>>> Are they packaged in the app client itself, or in a JAR within the
>>>> containing EAR? The Java Web Start-aware app client container (ACC)
>>>> should be making sure, within the Java Web Start security model,
>>>> that adequate permissions are granted to the code downloaded in the
>>>> app client JAR. If this is not happening then we need to find out
>>>>
>>>
>>>why.
>>>
>>>
>>>
>>>> - Tim
>>>>
>>>>
>>>> Exception in thread "Thread-25" java.lang.ExceptionInInitializerError
>>>> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
>>>> Method)
>>>> at
>>>>
>>>>
>>>
>
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAcces
>
>>>sorImpl.java:39)
>>>
>>>
>>>
>>>> at
>>>>
>>>>
>>>
>
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstruc
>
>>>torAccessorImpl.java:27)
>>>
>>>
>>>
>>>> at
>>
>>java.lang.reflect.Constructor.newInstance(Constructor.java:494)
>>
>>
>>>> at java.lang.Class.newInstance0(Class.java:350)
>>>> at java.lang.Class.newInstance(Class.java:303)
>>>> * at kart.Model.setDataAccessLayer(Model.java:326)
>>>> at
>>>>
>>>>
>>>
>>>kart.addon.loader.AddonClassLoader.loadAddon(AddonClassLoader.java:223)
>>>
>>>
>>>
>>>> at
>>>>
>>>>
>>>
>>>kart.addon.loader.AddonClassLoader.beginLoad(AddonClassLoader.java:264)
>>>
>>>
>>>
>>>> at
>>>> kart.addon.loader.AddonClassLoader.start(AddonClassLoader.java:256)
>>>> at kart.Model.execAddon(Model.java:230)
>>>> at kart.KARTgui$11$1.run(KARTgui.java:592)*
>>>> at java.lang.Thread.run(Thread.java:595)
>>>> Caused by: java.security.AccessControlException: access denied
>>>> (java.util.PropertyPermission toplink.validation-only read)
>>>> at
>>>>
>>>>
>>>
>
java.security.AccessControlContext.checkPermission(AccessControlContext.java
>
>>>:264)
>>>
>>>
>>>
>>>> at
>>>>
>>>>
>>>
>>>java.security.AccessController.checkPermission(AccessController.java:427)
>>>
>>>
>>>
>>>> at
>>>> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>>> at
>>>>
>>>>
>>>
>>>java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
>>>
>>>
>>>
>>>> at java.lang.System.getProperty(System.java:627)
>>>> at
>>>>
>>>>
>>>
>
oracle.toplink.essentials.ejb.cmp3.EntityManagerFactoryProvider.getConfigPro
>
>>>pertyAsStringLogDebug(EntityManagerFactoryProvider.java:295)
>>>
>>>
>>>
>>>> at
>>>>
>>>>
>>>
>
oracle.toplink.essentials.internal.ejb.cmp3.EntityManagerSetupImpl.isValidat
>
>>>ionOnly(EntityManagerSetupImpl.java:567)
>>>
>>>
>>>
>>>> at
>>>>
>>>>
>>>
>
oracle.toplink.essentials.internal.ejb.cmp3.EntityManagerSetupImpl.shouldGet
>
>>>SessionOnCreateFactory(EntityManagerSetupImpl.java:577)
>>>
>>>
>>>
>>>> at
>>>>
>>>>
>>>
>
oracle.toplink.essentials.ejb.cmp3.EntityManagerFactoryProvider.createEntity
>
>>>ManagerFactory(EntityManagerFactoryProvider.java:130)
>>>
>>>
>>>
>>>> at
>>>>
>>>>
>>>
>
javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:83
>
>>>)
>>>
>>>
>>>
>>>> at
>>>>
>>>>
>>>
>
javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:60
>
>>>)
>>>
>>>
>>>
>>>> at
>>>> draw.resources.dal.DataAccessImpl.<clinit>(DataAccessImpl.java:62)
>>>> ... 13 more
>>>>
>>>>
>>>>------------------------------------------------------------------------
>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
For additional commands, e-mail: users-help_at_glassfish.dev.java.net