Alexandre Portugal

Greenhorn
+ Follow
since Jul 11, 2008
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
1
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Alexandre Portugal

Hi Elton,

I did manage to make it work with a database user registry.

Check these links. The first one explains how to configure the custom user registry and the second one is an example of a sample custom user registry java class. From there you should be able to change the functionality to query a database instead of a text file:

http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=%2Fcom.ibm.websphere.express.doc%2Finfo%2Fexp%2Fae%2Ftsec_tbucs.html
http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/topic/com.ibm.websphere.express.doc/info/exp/ae/rsec_frsjf502.html

Although the docs say "The registry should not depend on any WAS components (such as data sources)", I was able to use a data source inside the method "checkPassword(...)". That's because, by the time this method is called (when a user tries to login on the app), WAS has already been completelly initialized. The drawback of that is having to do a lookup of the data source each time a user tries to login. You should check if this is acceptable in your case.

Good luck and let me know how it goes.

Regards,

Alexandre.
12 years ago
Guys, has someone set up an application on WAS 7 to authenticate users from a database?

I've been reading the docs and I'm surprised how hard it is to find out a solution... On JBoss we just need to add some lines to login-config.xml and it's done!

So far, my options seem to be:
- to implement com.ibm.websphere.security.UserRegistry;
- to implement LoginModule (JAAS);
- to leave behind the security provided by the server (!) and implement it programmaticaly (checking info in session...);

Any suggestions?
12 years ago
Thanks, Elisabeth! Good to see there are no big issues concerning browser compatibility. That's a sign HTML5 is now definatelly a must-known technology for web developers.
Hi.

I was taking a look into the preview pages of the book in Amazon wishing to figure out which browsers the book is based on. But unfortunatelly this specific page (28) is missing...

Which browsers (with versions) the autors indicate to run HTML5 tests on?

Hi all,

I need to configure my application to work with Websphere 7.0 container managed security and wish someone can help me out with this task.

Here's a summary of my problem: part of my app's users must be authenticated against an Active Directory, in which their logins and passwords are stored, and another part must be authenticated against a relational database. For both cases, the roles needed for authorization are stored in this same database.

Briefly, I need two different repositories (LDAP and DB) working in a complementary (authentication happens on one OR another) and integrated (login/password and roles retrieved from different sources) way.

After some searching, it seems I need to configure a Federated Repository and use some VMM adapters (PER and ERM).

Can you give me a sign whether I'm on the good path or not? It feels like a painful job...
13 years ago
Hi everybody.

I will use Facelets with JSF 1.2 in my next project.

I'm trying to download Facelets distribution files from http://java.net/projects/facelets/ but it seems it's not available there. Couldn't find any secondary source to download it either.

Am I missing something?

THanks,
13 years ago
JSF

Imagine the system is experiencing problems. For example; it may be under extremely heavy load, experiencing networking problems, recovering from a hardware failure, etc. etc. As a result "transactions" are taking around 6 seconds.



I was told 90% of my transactions should be completed under 5 seconds. The scenario you said is high-realistic and should be taken into account, but that doesn't mean my system should stop processing longer transactions, it's just a question of creating a smarter algorithm for that.

No. You can still use CMT and set transaction timeout. You just do it through the app server.



If we keep my approach, we need to change the transaction timeout dynamically. I don't think we are able to do that through the app server.

Most app servers already have profiling functionality built in. If your system is experiencing problems it's up to the System Administrator to deal with it - that's their job. Besides, if a system is experiencing extremely heavy load, the app server or infrastructure in general may well implement some kind request throttling. That is, refuse some connections in an attempt to prevent the system from failing completely.



I agree with you, but I'm trying to address the requirements in a deterministic manner. Following your suggestion I will improve the performance for sure, but how do I garantee 90% of transactions under 5 secs?

Maybe I didn't get the point of all these non-functional requirements(NFR). Maybe they are just a guideline for performance tests after deploying the system. After all, how would we "architecturally" garantee 200 concorrent users (another NFR example)? But it's hard to believe that...

As far as I know, part 3 depends on your specific design decisions taken on part 2, question of proving it was you who really did it.
Hi Miro.

My assignment has similar requirements as yours and I don't think performance tests are very usefull since none of the diagrams we should deliver will reflect their effects on the resulting architecture.

But I've got some ideas for at least 2 of our requirements:

- No transactions should take more than 10 seconds
"For enterprise beans with bean-managed JTA transactions, you invoke the setTransactionTimeout method of the UserTransaction interface." (JEE 5 Tutorial).
Question: is it really interesting to give up from using CMT in order to garantee your transactions timeout ?

- 90% of transactions must be under 5 seconds
Well, if you can programatically set the timeout for your transactions using the method above, then it would be enough to design a "TransactionProfile" class responsible to log every transaction and, based on this history, determine on runtime which will be the next transaction timeout value needed for the system to address this requirement continuously.

Spring does support concurrency. But, contrarily to EJB, it doesn't take for granted that you actually need such support. In other words, it's up to you to choose the solution for your concurrency problem:

a) Maybe your business objects are thread-safe and simply don't need any concurrency control. Spring "encourages you to configure beans as Singletons" in this case.

b) Maybe your bo's are not initially thread-safe, but you want to turn them thread-safe using Java synchronization mechanism.

c) Maybe you don't want to bother yourself with synchronization code. You can then use the Spring �prototype� approach, which creates a new instance of your business objects for each thread. Spring even offers instance pooling for this case.
Hi Rama Zha.

I doubt this architecture you plan to use (DAO's as Stateless Session Beans) makes sense... Here's what I think:

We should use the Session Bean component model to benefit from the advantages provided by the EJB container, right? I will list here some of these advantages. Do you really need them? If not, why using such a complex model? I would rather implement the DAO's as POJO.

- distribution
Do you plan to distribute your DAO's?

- transaction management
Do your DAO's are aware of transactions? Usually, this would be the Session Facade responsibility...

- thread management / instance pooling
Do you need instance pooling for your DAO's? Aren't they just some very light objects?