Chris Johnston

Ranch Hand
+ Follow
since Dec 13, 2004
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Chris Johnston


I am currently working on a job where the client is running Websphere 5.1 on Windows 2003 Server inside of a virtual environment. They are using VMWare Server (what version and what release, I am not sure). The host OS is also Windows 2003 Server.

The underlying computer has 32MB of RAM and 4 dual core Xeon 3GHz processors. The virtual machine has been given 2GB of RAM and 1 cpu.

The problem is that with only 6 users hitting the system, the system can sometimes lock up. My team does not have enough access to the box to fully diagnose the problem and we cannot replicate using other computers. We do not have a computer where we can run websphere in a virtual environment though.

I am wondering if anyone else has had problems with websphere running inside of VMWare server? Are there any known issues with this setup?

15 years ago
I apologize if this question has been covered several times over, I tried doing a search on both the forum and Google and came up with nothing. I am not really sure how to search for this particular problem.

Here is the question: we are doing some system testing on our application and the testers have found that if they delete the log file, log4j is not recreating it, or creating and populating a new one, while the application is running. In order to have the file created and populated, the application needs to be restarted.

To me, this seems like a fairly simple no brainer. If the file is deleted, log4j should realize this and create a new file and start populating it. Except that is not what is happening and I cannot seem to find the property config switch to enable this bahviour.

Anyone have any suggestions or links that will point me in the right direction?
[ December 19, 2006: Message edited by: Chris Johnston ]
My organization is looking to standardize on Debain. I am wondering if anyone is running WL 9.2 on Debian and what, if any, problems they may have had.

I have Googled the issue and found that it should run, however, BEA does not support it so don't ask for help with a production server. Also found that there are some issues with running WebLogic using a 2.4 kernel. Although I am not sure if this particular to Debain or not. Only problem is that I could not find many reports on this on either Google or Google Groups and the posts that I did find were all for older version, not for 9.2.

Anyone have any experience running WL on Debian with either the 2.4 or 2.6 kernel? Any issues in the install that I should be aware of?

[ August 10, 2006: Message edited by: Chris Johnston ]
15 years ago
Generally, the JVM will offload the issue of threading and how to handle them to the underlying OS. This allows you to get true multi-process applications that are able to take advantage of multiple cpus.

If you are trying to create an application outside of an app server (i.e., IBM's Websphere or BEA's WebLogic), then you will need to program with threads and make things in your app run asynchronously. This will raise the complexity of you app though.
I would suggest going with Sun if all you want to do is to learn. Get a copy of the Sun Java App Server and the J2EE 1.4 or Java EE 5 Tutorial that is specific to the app server that you downloaded. This will provide you with about 1500 pages of app server specific documentation. Along with the rest of the documentation that comes with the Sun app server.

The biggest problem with JBoss is the complete lack of documentation, so when it comes to learning, you are basically on your own.

Good luck.

P.S. I personally learned on WebLogic, another excellent app server with even better documentation.

I have a quick and simple question: what is the best way of using sockets within an application server (specificaly JBoss or WebLogic)? I have read about JCA, but this seems more geared towards accessing other systems as opposed to simply opening a socket and receiving data.

The general idea is that we have an old system that communicates using sockets, we are thinking about opening a listener socket within a J2EE app server in order to receive information from it. The old system is a home grown one. In addition, I do not think we are looking to send any data across the socket, just receive data from it.

Any ideas or is this just a bad idea all round?

Once again, all of that makes sense. However, I still have a few more questions.

  • If implementing an application frontend to database access is a best practice, how would you give a user, or group of users, direct SQL access to a DB?
  • As for the user explosion problem, would groups and generic user credentials help with this problem?
  • So if understand what is being said, it is better to implement row, or object, based security in the application layer instead of trying to handle it in the DB? If this is the case, then why does Oracle have such stringent security?
  • So would the best solution be to use an LDAP server so both the application and the DB (Oracle) use the same security credentials?
  • Finally, is there anyway to extend Oracle's level based security into a Java application?

  • Thank you for the help so far. I am new to both Java and Oracle/DB security. We are trying to create an application with many forms of database access and trying to create a unified security model for it. We were thinking that if we could just use what is in Oracle, then we would not have to worry about it in the application beyond basic authentication.
    [ July 19, 2006: Message edited by: Chris Johnston ]
    Hmm... I was under the impression that Oracle was able to do row based filtering of data. How would using views introduce holes in the security model and leave some data unsecured?

    Do you know of any best practices papers that relate to handing database/application security?
    The project that I am working on is finally taking a look at doing somekind of Java <--> XML binding. Specifically, we receive XML files that need to be turned into Java objects (our object model). Those objects are then processed and turned into different XML files to be sent off to clients.

    What we are looking for is a framework that allows us to do the marshalling/unmarshalling dynamically. By this I mean without having to worry about any compile time code generation. The ideal would be that, in order to handle a new XML schema, all we would need to do is provide a mapping/binding file, bounce the system, and the system should be able to handle the new schema.

    Is this possible to do?

    We have looked at JAXB, Castor, and JiBX, but all of these libraries require code generation.

    We have also taken a cursory look at TopLink, but I don't think it is free and I am not sure if it can handle this either. Anyone know the pricing model for TopLink?
    [ July 19, 2006: Message edited by: Chris Johnston ]
    15 years ago

    Originally posted by Scott Selikoff:
    A better solution is to build your database schema such that you have a security mechanism in place, possibly through an object access table, then have the system pass the user account id in the query that determines what the user has the ability to access.

    That all makes sense. Can you elaborate more on your solution or provide a good tutorial for it?

  • In many DBMS's user accounts are associated with different database schemas so you actually see different things depending on your user

  • This is exactly what we want though. We want to be able to use the user credentials to do row/column based filtering of the data that the user can see. Even though a user may be able to see a particular table, that doesn't mean they can see all the data in that table. They will be able to see certain rows, but not others. We were hoping that, by being able to use the same user credentials when accessing the database, to have the DB handle this level of security.

    The project that I am working on, one thing we are looking at is the ability to use the same user credentials (username, password) on both the application side and the DB side. This would mean that when someone logs in using a specific username/password, we would turn around and use those credentials when connecting to the RDBMS.

    If we are using straight JDBC, this seems like a fairly simple thing to accomplish. All we would need to do is, when we create the connection, simply pass in the username and password that the user used to login. This would then connect to the DB using that user's credentials and enforce whatever DB security there was to enforce.

    My real question is how to do this with c3p0, Hibernate, and data sources within an app server such as JBoss or WebLogic? Are there ways of programatically changing the username/password that is used to make database connections?
    We are attempting to build an application that allows clients to access data, stored in an Oracle database using the Corporate Information Framework, through a wide variety of means--straight SQL, web services, sockets, etc. Some of these methods would involve going through a Java application (either deployed in an app server or stand alone) and some would involve direct access to the Oracle RDBMS.

    My question is two fold:

    1. Is there anyway to set up both JAAS and Oracle security so that they both use the same users, roles, and groups? I realize that this may be as simple as setting up an LDAP server, but I am wondering if anyone has experience with this.

    2. Is there anyway to programmatically, via Java, interact with the Oracle security infastructure?

    The basic idea is this, whether a user requests data through a java application (thin client, web service, etc) or they access it directly through Oracle, their user permissions, at the row/column level should be the same. Therefore, whether they are interacting with an sql result set or they are interacting with objects, they should only be able to receive the same data.

    Is this possible?
    15 years ago
    I seemed to have fixed the problem, but I don't really understand how. I commented out the following statement in my hibernate.cfg file and the tests passed

    I don't understand why that would make such a big difference. Can someone explain this please?
    This is driving me crazy. Especially since I cannot seem to find any info
    about the problem on Google.

    Here is the deal, I have set up Hibernate and as long as I use its built in
    JDBC connection pooling, everything works fine. However, as soon as I try
    and use c3p0, nothing works. I have a JUnit test class that tests my
    PersistenceDAO against a live MySQL 4.x database. Basically, it tries to
    insert, update, delete a bunch of objects to make sure that Hibernate is
    working correctly. This works fine, all tests pass, if I don't use c3p0. As
    soon as I turn it on, not a single test passes. I have no idea what is going
    on here. In an attempt to answer as many questions as possible, please see

    IDE: NetBeans 5.0

    Hibernate: version 3.1 using the library version that come bundled with it.
    c3p0: version c3p0-0.9.0.jar (I have tried the latest version as well,didn't work)
    MySQL: version 4.1.20 running on CentOS 4.3
    JDBC: mysql-connector-java-3.1.12-bin.jar

    Below are my hibernate config file and, as far as I can tell, the important
    parts from the stack trace. As you can see from the config file, I am using
    what is more or less a default use of c3p0, but nothing is working. Below
    everything, I have also included the source code from one of the methods
    from my PersistenceDao class in case the problem is in the code.

    Thanks for the help with this,


    The stacktrace

    PersistenceDao method

    [ July 03, 2006: Message edited by: Chris Johnston ]
    [ July 03, 2006: Message edited by: Chris Johnston ]
    Thanks for the reply.

    How well does JGuard handle security in the EJB container or for things like web services? Also, can JGuard handle security for stand alone applications? We are really looking for a security model that can handle stand alone applications, web applications, Spring applications, EJB applications and probably web services along with possibly RMI and socket connections. Is this asking too much of a single framework?

    Basically we are building a very big system with multiple ways of accessing it and we need a consist method of securing all of those connections along with securing objects and methods behind those connections. From what I have read of Acegi, it seems to be able to handle all the requirements. However, I need to build a strong case for and against all technologies and I simply cannot find enough information.
    16 years ago