This chapter describes known problems and associated workarounds for the Sun Java System Application Server Enterprise Edition 8.1 2005Q2 software. If a summary statement does not specify a particular platform, the problem applies to all platforms. This information is organized into the following sections:
This section describes known administration issues and associated solutions.
This section describes known Apache Web server and load balancer plugin issues and associated solutions.
Bug ID |
Summary |
---|---|
6306784 |
The High-Availability Administration Guide contains incorrect instructions for using openssl with Apache. Solution When compiling and building openssl, run the following commands: cd openssl-0.9.7e config make Also, for Apache 1.3, the directory name of the mod_ssl source will vary depending upon the release of Apache used. For example, for Apache 1.3.33, the name is mod_ssl-2.8.22-1.3.33. |
6307976 |
The High-Availability Administration Guide does not contain instructions for using a certificate for Apache 2.0. Solution To run Apache security, you must use a certificate. For instructions on obtaining a certificate from a certificate authority, see the information on certificates in the modssl FAQ. |
6308021 |
Must start Apache Web Server as root. Solution On Solaris, if your Application Server was installed under root, you must start the Apache Web Server as root. Java Enterprise System installations are installed as root. For Apache 2.0, after starting as root, Apache switches and runs as another user you designate. You designate that user in the /conf/httpd.conf file. To start as root, on many systems you must edit the httpd.conf file to designate the correct group. Replace the line: Group #-1 with Group nobody More information on user/group use is included in the httpd.conf file. |
6308043 |
Addition to instructions for using openssl with Apache Web Server 2.0 on Solaris. After installing Apache 2.0 and the load balancer plug-in, edit ssl.conf and sll-std.conf as follows: Replace the line: <VirtualHost _default_:9191> with <VirtualHost machine_name:9191> Where machine_name is the name of your machine and 9191 is a security port number. |
This section describes known application client issues and associated solutions.
Bug ID |
Summary |
---|---|
6193556 |
Library JAR packaged in Application Client Archive overwrites MANIFEST file. If you have a top level JAR file inside your client JAR (in this case, reporter.jar), when you deploy the client JAR, the MANIFEST file for that JAR overwrites the MANIFEST file for the client JAR. Solution None at this time. |
6373043 |
Dynamic content technologies, such as CGI-bin and SHTML, are no longer supported. Solution Use JSP and Web service technologies instead. |
This section describes known bundled Sun JDBC driver issues and associated solutions.
Bug ID |
Summary |
---|---|
6165970 |
Applications using the TRANSACTION_SERIALIZABLE isolation level with the bundled Sun driver for Microsoft SQL Server may hang when using a prepared statement to update if two parallel transactions are running and one of them is rolled back. To set a desired isolation level for a connection, the corresponding connection pool must be created at that same isolation level. See the Administration Guide for details about configuring connection pools. Solution None at this time. |
6170432 |
PreparedStatement Errors. Description #1 If an application generates more than 3000 PreparedStatement objects in one transaction, the following error may occur with DB2: [sunm][DB2 JDBC Driver] No more available statements.Please recreate your package with a larger dynamicSections value. Solution #1 Add following properties to the connection pool definition to get the driver to rebind DB2 packages with a larger dynamic sections value: createDefaultPackage=true replacePackage=true dynamicSections=1000 See the Administration Guide for details about configuring connection pools. Description #2 Related to the PrepardStatement error above, another error message that may be thrown is: [sunm][DB2 JDBC Driver][DB2]Virtual storage or database resource is not available. Solution #2 Increase the DB2 server configuration parameter APPLHEAPSZ. A good value is 4096. Description #3 Isolation level TRANSACTION_SERIALIZABLE. If your application uses isolation level TRANSACTION_SERIALIZABLE and uses one of the parameters suggested above, it might hang while obtaining a connection. Solution #3 To set desired isolation level for a connection, the corresponding connection pool has to be created at that isolation level. See the Administration Guide for instructions. |
6189199 |
Problems setting isolation level with the bundled Sun driver for Sybase Adaptive Server.
Solution None at this time. |
6247468 |
On Solaris 10 and Enterprise Linux 3.0, the Sun bundled Oracle JDBC driver does not allow the creation of a connection. Solution Set the following property on the JDBC connection pool when using the SUN JDBC oracle datasource (com.sun.sql.jdbcx.oracle.OracleDataSource): <property name="serverType" value="dedicated"/> The value of the property depends upon the way the Oracle server's listener is configured. If it is configured in the "shared" mode, the above value needs to change to "dedicated". |
6554602 |
Starting with JDBC 10.2 drivers, having more than one JDBC jar file in the CLASSPATH may result in a java.lang.SecurityException: Sealing violation exception. Detailed explanation from Oracle is documented in the following Oracle Document ID: Note: 405446 Subject: JDBC Driver 10.2 Uses Sealed JAR files and May Cause Security Exception Sealing Violation Solution (Suggested by Oracle) Make sure that the CLASSPATH includes only one JDBC driver JAR file. |
This section describes known J2EE connector architecture issues and associated solutions.
Bug ID |
Summary |
---|---|
6188343 |
After restarting a DAS instance, undeploying the connector module fails when cascade is set to false. In this scenario, a standalone or embedded connector module is deployed in DAS and connector connection pools, and resources are created for the deployed module. After restarting the DAS instance, undeploying the connector module fails when cascade is set to false with the following exception: [#|2004-10-31T19:52:23.049-0800|INFO|sun-appserver-ee8.1|javax.enterprise.system .core|_ThreadID=14;|CORE5023: Error while unloading application [foo]|#] Solution Use cascaded undeploy (set the cascade option to true) for undeploying standalone and embedded connectors after restart of the DAS instance. |
This section describes known documentation issues and associated solutions.
Bug ID |
Summary |
||
---|---|---|---|
Various IDs |
Javadoc Inconsistencies. The Javadoc for several AMX interfaces and methods is either missing or incorrect:
|
||
6265624 |
Bundled ANT throws java.lang.NoClassDefFoundError. The following exception is thrown in thread "main" java.lang.NoClassDefFoundError: org/apache/tools/ant/launch/Launcher. Solution Use the bundled ANT for things outside the Application Server is not recommended. |
||
6486123 |
Documentation on getting a physical Connection from a wrapped Connection is no longer correct. As a result of other defects (possibly 6295215) the code provided in the Obtaining a Physical Connection from a Wrapped Connection in Sun Java System Application Server Enterprise Edition 8.1 2005Q2 Developer’s Guidesection of Chapter 11, Using the JDBC API for Database Access, in Sun Java System Application Server Enterprise Edition 8.1 2005Q2 Developer’s Guide is not correct. Specifically, the line:
should now read:
|
This section describes known high availability database (HADB) issues and associated solutions.
Bug ID |
Summary |
|||
---|---|---|---|---|
no ID |
HADB Configuration with Double Networks. HADB configured with double networks on two subnets works properly on Solaris SPARC. However, due to problems in the operating system or network drivers on some hardware platforms, it has been observed that Solaris x86 and Linux platforms do not always handle double networks properly. This causes the following problems with HADB:
|
|||
no ID |
HADB Database Creation Fails. Creating a new database may fail with the following error, stating that too few shared memory segments are available: HADB-E-21054: System resource is unavailable: HADB-S-05512: Attaching shared memory segment with key "xxxxx" failed, OS status=24 OS error message: Too many open files. Solution Verify that shared memory is configured and the configuration is working. In particular, on Solaris 8, inspect the file /etc/system, and check that the value of the variable shmsys:shminfo_shmseg is at least six times the number of nodes per host. |
|||
5052548 |
Shared memory segments locked and cannot be paged out. HADB 4.3-0.16 and later is configured to use Intimate Shared Memory when it creates and attaches to its shared memory segments (uses the SHM_SHARE_MMU flag). The use of this flag essentially locks the shared memory segments into physical memory and prevents them from being paged out. This can easily cause problems with installations on low end machines. Therefore if a developer has a machine with 512MB of memory and plenty of swap space available when using Application Server7.0 EE, and then installed 7.1 EE or later, he or she will encounter problems configuring the default clsetup cluster (which creates two HADB nodes, each with a devicesize of 512, which results in there not being enough physical RAM to support the shared memory that both nodes require. Solution Make sure you have the recommended amount of memory when co-locating Application Server and HADB. See HADB Requirements and Supported Platforms for more information. |
|||
5091280 |
hadbm set does not check resource availability (disk and memory space). When increasing device or buffer sizes using hadbm set, the management system checks resource availability when creating databases or adding nodes, but does not check if there are sufficient resources available when device or main-memory buffer sizes are changed. Solution Verify that there is enough free disk/memory space on all hosts before increasing any of the devicesize or buffersize configuration attributes. |
|||
5091349 |
Heterogeneous paths for packagepath not supported. It is not possible to register the same software package with the same name with different locations at different hosts; for example:
Solution HADB does not support heterogeneous paths across nodes in a database cluster. Make sure that the HADB server installation directory (--packagepath) is the same across all participating hosts. |
|||
6173886, 6253132 |
createdomain may fail. If running the management agent on a host with multiple netwrok interfaces, the createdomain command may fail if not all network interfaces are on the same subnet:
The management agents will (if not configured otherwise) use the "first" interface for UDP multicasts ("first" as defined by the result from java.net.NetworkInterface.getNetworkInterfaces()). Solution The best solution is to tell the management agent which subnet to use (set ma.server.mainternal.interfaces in the configuration file, e.g., ma.server.mainternal.interfaces=10.11.100.0). Alternatively one may configure the router between the subnets to route multicast packets (the management agent uses multicast address 228.8.8.8). Before retrying with a new configuration of the management agents, you may have to clean up the management agent repository. Stop all agents in the domain, and delete all files and directories in the repository directory (identified by repository.dr.path in the management agent configuration file). This must be done on all hosts before restarting the agents with a new configuration file. |
|||
6190878 |
Directories need to be cleaned up after deleting an HADB instance. After deleting an HADB instance, subsequent attempts to create new instances with the configure-ha-cluster command fail. The problem is that old directories are left from the original HADB instance in ha_install_dir/rep/* and ha_install_dir/config/hadb/instance_name. Solution Be sure to manually delete these directories after deleting an HADB instance. |
|||
6230792, 6230415 |
Starting, stopping, and reconfiguring HADB may fail or hang. On Solaris 10 Opteron, starting, stopping or reconfiguring HADB using the hadbm command may fail or hang with one of the following errors:
This may happen if there are inconsistencies reading/writing to a file (nomandevice) which the clu_noman_srv process uses. This problem can be detected by looking for the following messages in the HADB history files:
Solution The following workaround is unverified, as the problem has not been reproduced manually. However, running this command for the affected node should solve the problem.
Note that all devices for the node will be reinitialized. You may have to stop the node before reinitializing it. |
|||
6232140 |
The management agent terminates with the exception "IPV6_MULTICAST_IF failed" When starting on a host running Solaris 8 with several NIC cards installed, if there is a mixture of cards with IPv6 and IPv4 enabled, the management agent may terminate with the exception "IPV6_MULTICAST_IF failed." Solution Set the environment variable JAVA_OPTIONS to -Djava.net.preferIPv4Stack=true; for example:
Alternatively, use Solaris 9 or later, which do not exhibit this problem. |
|||
6249685 |
clu_trans_srv cannot be interrupted. There is a bug in the 64-bit version of Red Hat Enterprise Linux 3.0 that makes the clu_trans_srv process end up in an uninterruptible mode when performing asynchronous I/O. This means that kill -9 does not work and the operating system must be rebooted. Solution Use a 32-bit version of Red Hat Enterprise Linux 3.0. |
|||
6262824 |
hadbm does not support passwords containing capital letters. Capital letters in passwords are converted to lowercase when the password is stored in hadb. Solution Do not use passwords containing capital letters. |
|||
6265419 |
Downgrading from HADB Version 4.4.2.5 to HADB Version 4.4.1.7 causes ma to fail with different error codes. When downgrading to a previous HADB version, the management agent may fail with different error codes. Solution It is possible to downgrade the HADB database, however the management agent cannot be downgraded if there changes have been made in the repository objects. After a downgrade, you must keep use the management agent from the latest HADB version. |
|||
6271063 |
Install/removal and symlink preservation. Regarding install/removal of HADB c package (Solaris: SUNWhadbc, Linux: sun-hadb-c) version <m.n.u-p>, the symlink /opt/SUNWhadb/<m> is never touched once it exists. Thus, it is possible that an orphaned symlink will exist. Solution Delete the symlink before install or after uninstall unless in use. |
|||
6273681 |
Management agents in global and local zones may interfere. On Solaris 10, stopping a management agent by using the ma-initd script in a global zone stops the management agent in the local zone as well. Solution Do not install the management agent both in the global and local zone. |
|||
6275103 |
hadbm/ma should give a better error message when a session object has timed out and deleted at MA. Sometimes, a resource contention problem on the server may cause a management client to become disconnected, When reconnecting, a misleading error message "hadbm:Error 22184: A password is required to connect to the management agent" may be returned. Solution Check if there is a resource problem on the server, take proper action (e.g., add more resources), and retry the operation. |
|||
6275319 |
Non-root users cannot manage HADB. Installing with Java Enterprise System (as root) does not permit non-root users to manage HADB. Solution Always login as root to manage HADB. |
|||
6293912 |
The Management Agent should not use special-use interfaces. Special use interfaces with IP addresses like 0.0.0.0 should not be registered as valid interfaces to be used for HADB nodes in the Management Agent. Registering such interfaces may cause problems if HADB nodes are set up on these interfaces by means of a user issuing a hadbm create command using host names instead of IP addresses. The nodes will then be unable to communicate, causing the create command to hang. Solution When using hadbm create on hosts with multiple interfaces, always specify the IP addresses explicitly using DDN notation. |
|||
6291562 |
Reassembly failures on Windows. On the Windows platform, with certain configurations and loads, there may be a large number of reassembly failures in the operating system. The problem has been seen with configurations of more than twenty nodes when running several table scans (select *) in parallel. The symptoms may be that transactions abort frequently, repair or recovery may take a long time to complete, and there may be frequent timeouts in various parts of the system. Solution To fix the problem, the Windows registry variable HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters can be set to a value higher than the default 100. It is recommended that you increase this value to 0x1000 (4096). For more information, see. article 811003 from the Microsoft support pages. |
|||
6303581, 6346059, 6307497 |
When running hadbm start <db_name>, part of the inputted password is displayed without being masked. It is possible when a machine is under load that the masking mechanism fails and some characters from the password being entered are exposed. This poses a minor security risk, and the password should always be masked. Solution Put the passwords in their own password files (the method normally recommended since Application Server 8.1) and refer to these with either the --adminpassword or --dbpasswordfile options. |
This section describes known installation issues and associated solutions.
Bug ID |
Summary |
||
---|---|---|---|
5009728 |
Installation shutdown hanging on some Linux systems after clicking the "Finish" button. This problem has been observed on several Linux systems. It is most common on Java Desktop System 2 but has also been observed on Linux Red Hat distributions. After clicking the "Finish" button on the last installer screen, the installer fails to launch a browser window containing the product About page or product registration page, and hangs indefinitely, not returning the command prompt. Solution Exit the installer by pressing Ctrl+C in the terminal window in which the installer was started. After doing this, browser window containing product About page or registration page will sometimes be launched, but if it does not show up, start the browser and enter following URL in order to review About page:
If you also selected the installation option to register the product, follow the link to registration page available on product About page. |
||
6199697 |
On Windows, the imq directory needs to be created during installation. On Windows, immediately after installing Application Server Enterprise Edition, the Message Queue broker fails on startup with a message saying the directory drive:\as\domains\domain1\imq does not exist. Note that if the broker is started after starting domain1, the directory will be created by the Application Server and the problem will not occur. Solution
|
||
6297837 |
The Application Server installer shows the wrong product release date in the product name, “Sun Java(TM) System Application Server Enterprise Edition 8.1 2005Q4.” Solution The correct product name/date should read “Sun Java(TM) System Application Server Enterprise Edition 8.1 2005Q2.” |
||
6396045 |
Application Server does not support Network File System (NFS). Solution None. |
||
6566913 |
For Java ES 3 installation of Application Server on Windows, apply Java ES 3–to-Java ES 4 migration patches 121528-01 and 121523-01 before applying patch 125069-01. For Java ES 4 installation of Application Server on Windows, patch 125069-01 is required. |
To run the J2EE 1.4 Tutorial on the Sun Java System Application Server Enterprise Edition 8.1 2005Q2 perform these tasks:
When you edit the file examples/common/build.properties as described in the “About the Examples” section of the “About this Tutorial” chapter, also change port 4848 to 4849.
When using Deploytool, add the server localhost:4849 before deploying an example.
When using the Administration Console to create any resource, use the Targets tab to specify the server as the target. If you use the command line or an asant target, the server is the default target, no further action is required.
This section describes known lifecycle management issues and associated solutions.
Bug ID |
Summary |
||
---|---|---|---|
6193449 |
After setting the ejb-timer-service property minimum-delivery-interval to 9000, an attempt to set the ejb-timer-service property redelivery-interval-in-mills to 7000 causes the set command to fail with the following error:
The problem is that the logic that relates the redelivery interval property to the minimum delivery property is incorrect and prevents you from using the GUI or the CLI to set any value where the minimum delivery interval is greater than redelivery interval. The minimum-delivery-interval-in-millis must always be set equal to or higher than ejb-timer-service property redelivery-interval-in-millis. The problem is that there is an erroneous validation check in the Application Server to verify that the value for redelivery-interval-in-millis is greater than the value for minimum-delivery-interval-in-millis. Solution Use the default values for these properties, as follows:
Values other than these defaults will generate an error. |
This section describes known logging issues and solutions.
Bug ID |
Summary |
|
---|---|---|
6180095 |
Setting debug statement for access,failure causes hanging in Application Server startup. Setting the java.security.debug option for the JVM will cause the server instance startup to freeze with a deadlock; for example, setting the following in domain.xml causes the problem:
None at this time. Please avoid setting this flag. |
This section describes known Java message queue issues and associated solutions.
Bug ID |
Summary |
---|---|
6173308, 6189645, 6198481, 6199510, 6208728 |
JMS reconnection does not successfully complete in certain cases that are timing dependent. Failures to reconnect in timing-dependent scenarios can be caused by several problems. Solution You can work around these problems by:
|
6198465 |
Asynchronous message listener behavior changed in appclient from 8.0 to 8.1 Update 2. Due to a recent change, when an asynchronous message listener is the only live thread in the app-client container, the remaining appclient virtual machine exists as a daemon. This behavior is a regression for past applications that perform asynchronous receives in ACC. This problem affects application clients that set a JMS message listener and exit the main thread. Solution Do not exit the main thread. Wait for the message listener to notify the main thread before terminating the main thread. |
This section describes known monitoring issues and associated solutions.
Bug ID |
Summary |
||||||
---|---|---|---|---|---|---|---|
6174518 |
Some of the HTTP Service monitoring statistics do not present useful information and should be ignored. When viewing the monitoring statistics of some elements of the HTTP Service, some values presented do not correspond to current values or are always 0. Specifically, the following HTTP Service statistics do not present information applicable to the Application Server, and should be ignored:
Solution These monitors will be removed in future releases and replaced with more appropriate information. |
||||||
6191092 |
Monitoring MBean for an undeployed EJB module is not removed, even though all statistics under that monitoring name are moved. For example:
This true for both EJB modules and applications. Both programmatically (through MBean API) and through asadmin list/get, an empty monitoring MBean still exists. Diagnostics
You can look at statistics:
Once you undeploy:
If you do a list command, you still see the application:
but it does not contain any monitoring statistics:
To get the valid names beginning with a string, use the wildcard (`*') character. For example, to list the names of all the monitorable entities that begin with server, use list "server.*". Solution This is harmless. Module can be safely redeployed with out any problems. The root monitoring Mbean is not removed, but it is empty. |
This section describes known and associated solutions related to PointBase.
Bug ID |
Summary |
---|---|
6184797 |
Setting the isolation levels on a connection pool for an application causes exceptions in PointBase. For a JDBC connection pool pointing to a PointBase database installation, setting the transaction-isolation-level pool attribute to any value other than the default (Connection.TRANSACTION_READ_COMMITTED) causes an exception. However, setting this same parameter to non-default values for pools pointing to other databases does not throw an exception. Solution For a JDBC connection pool pointing to a PointBase database installation, do not attempt to set the transaction-isolation-level. |
6204925 |
PointBase throws an exception if a network server and embedded drivers are used together. The bundled PointBase sometimes throws an exception if the network server driver and the embedded driver are simultaneously used. Solution Use either the embedded driver or the network server driver, but not both. |
6264969, 6275448 |
Upgrade problem where the default PointBase database is overwritten. When upgrading to Application Server Enterprise Edition 8.1 2005Q2 Update 2, the Update release patch overwrites the Pointbase default database. Solution Recreate or re-enter any scheme or data that existed prior to the upgrade. If you deployed applications with CMP beans with the generate table option, you must undeploy or redeploy the application to have the tables regenerated. |
This section describes known and associated solutions related to the sample code included with the Application Server 8.1 product.
Bug ID |
Summary |
|||||
---|---|---|---|---|---|---|
6195092 |
On Windows, setup-one-machine-cluster hangs but works on Solaris; mqfailover requires Ctrl+C to cancel and then must be re-run. From install_dir\samples\ee-samples\failover\apps\mqfailover\docs\index.html, if you run the following commands:
If you have already executed asant setup-one-machine-cluster-without-ha or asant setup-one-machine-cluster-with-ha for any other Enterprise Edition sample, then execute asant configure-mq otherwise execute asant setup-one-machine-cluster-and-configure-mq. In this case, the command appears to succeed:
But then the system hangs indefinitely. Solution None at this time. This problem similarly affects all Enterprise Edition samples that use this ant target on Windows. A workaround is to Ctrl+C out of the hung process and then rerun it. |
|||||
6198003 |
Documentation does not explicitly state that you need to create JMS resources before running the MQ Failover Sample Application following the asadmin deploy instructions. The error thrown is as follows:
The documentation does not explicitly state that JMS resources must be manually created if manual deployment is done using asadmin deploy commands, and that the provided ant targets to deploy the sample application should be used. Solution Use the asant deploy target for the build.xml script, which creates the required JMS resources to run the application. |
|||||
6198239 |
On Linux, a runtime error is displayed during certificate creation in web services/security samples. When deploying the install_dir/samples/webservices/security sample (basicSSl) on Linux, the certificate is not created and an error similar to the following is thrown:
The problem is that NSS libraries are in different locations on Linux installations than on Solaris installations. You need to make sure that the LD_LIBRARY_PATH points to the proper NSS libraries when deploying on Linux. Either set LD_LIBRARY_PATH in your environment, or set it in the install_dir/bin/asant shell wrapper script. Solution Do one of the following:
|
This section describes known issues and associated solutions related to Application Server and web application security and certificates.
Bug ID |
Summary |
---|---|
6183318 |
Cannot run WebServiceSecurity applications on Enterprise Edition with J2SE 5.0. WebServiceSecurity applications cannot run with J2SE 5.0 because:
The J2SE team has filed "CR 6190389: Add support for the RSA-PKCS1 and RSA-OAEP wrap/unwrap mechanisms" for this bug. Solution Use J2SE 1.4.2 with any other JCE provider (not the one included by default). Note that hardware accelerator support will not be present in this configuration. |
6269102 |
SSL termination is not working; when Load Balancer (Hardware) is configured for SSL termination, the Application Server changes the protocol from https to http during redirection. Solution Add a software load balancer between the hardware load balancer and the Application Server. |
This section describes known Upgrade utility issues and associated solutions.
Bug ID |
Summary |
||
---|---|---|---|
6165528 |
Domains created in custom-path other than install_dir/domains directory are not upgraded directly while upgrading from Application Server Enterprise Edition 8 to Application Server Enterprise Edition 8.1. When running the Upgrade Utility and identifying the install_dir as the source installation directory, the upgrade process upgrades only those domains that are created under install_dir/domains directory. Domains created in other locations are not upgraded. Solution Before starting the upgrade process, copy all the domain directories from their different locations to the install_dir/domains directory. |
||
6207337 |
On some Linux systems, the installer running "Upgrade in place" fails to start upgrade tool after clicking on the "Start Upgrade Wizard" button. This problem has been observed on several Linux systems, it is most common on Java Desktop System 2 but has also been observed on Red Hat distributions. After clicking the "Start Upgrade Tool" button on the final installer screen, the installer fails to launch the upgrade tool to complete the upgrade process, and hangs indefinitely, not returning the command prompt. Solution This issue is not encountered if command line installation mode is used to run upgrade in place.
If you also selected the installation option to register the product, follow the link to registration page available on product About page. |
||
6296105 |
Self-signed certificate is not trusted during and after upgrade from 8.0 Platform Edition (PE) to 8.1 Enterprise Edition (EE) UR2. Solution Remove the following entries from the target domain.xml (after the upgrade) and restart the server: <jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot} /config/keystore.jks</jvm-options>- <jvm-options>Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot} /config/cacerts.jks</jvm-options> |
This section describes known web container issues and associated solutions.
Bug ID |
Summary |
|||
---|---|---|---|---|
5004315 |
On Windows, deploying an application using --precompilejsp=true can lock JAR files in the application, causing later undeployment or redeployment to fail. If you request precompilation of JSPs when you deploy an application on Windows, later attempts to undeploy that application or to redeploy it (or any application with the same module ID) will not work as expected. The problem is that JSP precompilation opens JAR files in your application but does not close them, and Windows prevents the undeployment from deleting those files or the redeployment from overwriting them. Note that undeployment succeeds to a point, in that the application is logically removed from the Application Server. Also note that no error message is returned by the asadmin utility, but the application's directory and the locked jar files remain on the server. The server's log file will contain messages describing the failure to delete the files and the application's directory. Attempts to redeploy the application after undeploying fail because the server tries to remove the existing files and directory, and these attempts also fail. This can happen if you try to deploy any application that uses the same module ID as the originally deployed application, because the server uses the module ID in choosing a directory name to hold the application's files. Attempts to redeploy the application without undeploying it first will fail for the same reasons. Diagnostics If you attempt to redeploy the application or deploy it after undeploying it, the asadmin utility returns an error similar to the one below.
Solution If you specify --precompilejsps=false (the default setting) when you deploy an application, then this problem will not occur. Be aware that the first use of the application will trigger the JSP compilation, so the response time to the first request will be longer than for later requests. Note also that if you do precompile, you should stop and restart the server before undeploying or redeploying the application. The shutdown frees the locked JAR files so the undeployment or redeployment after the restart can succeed. |
|||
6172006 |
Unable to deploy WAR with Servlet 2.4-based web.xml that contains an empty <load-on-startup> element. The optional load-on-startup servlet element in a web.xml indicates that the associated servlet is to be loaded and initialized as part of the startup of the web application that declares it. The optional content of this element is an integer indicating the order in which the servlet is to be loaded and initialized with respect to the web application's other servlets. An empty <load-on-startup> indicates that the order is irrelevant, as long as the servlet is loaded and initialized during the startup of its containing web application. The Servlet 2.4 schema for web.xml no longer supports an empty <load-on-startup>, meaning that an integer must be specified when using a Servlet 2.4 based web.xml. If specifying an empty <load-on-startup>, as in <load-on-startup/>, the web.xml will fail validation against the Servlet 2.4 schema for web.xml, causing deployment of the web application to fail. Backwards compatibility issue. Specifying an empty <load-on-startup> still works with Servlet 2.3 based web.xml. Solution Specify <load-on-startup>0</load-on-startup> when using a Servlet 2.4 based web.xml to indicate that servlet load order does not matter. |
|||
6184122 |
Unable to compile JSP page on resource constrained servers. The JSP page is accessed but fails to compile, and the server log contains the error message "Unable to execute command" with the following stack trace:
Solution Set the JSP compilation switch "fork" to "false." This can be done either of two ways:
Either setting will prevent ant from spawning a new process for javac compilation. |
|||
6188932 |
Application Server does not support auth-passthrough Web Server 6.1 Add-On. The Sun Java System Application Server Enterprise Edition 8.1 2005Q2 Update 2 adds support for the functionality provided by the auth-passthrough plugin function available with Sun Java System Application Server Enterprise Edition 7.1. However, in Application Server Enterprise Edition 8.1 2005Q2 Update 2, the auth-passthrough plugin feature is configured differently. The auth-passthrough plugin function in Application Server Enterprise Edition 7.1 has been useful in two-tier deployment scenarios, where:
In such network architectures, a client connects to a front-end web server, which has been configured with the service-passthrough plugin function and forwards HTTP requests to the proxied Application Server instance for processing. The Application Server instance can only receive requests from the web server proxy, but never directly from any client hosts. As a result of this, any applications deployed on the proxied Application Server instance that query for client information, such as the client's IP address, will receive the proxy host IP, since that is the actual originating host of the relayed request. In Application Server Enterprise Edition 7.1, the auth-passthrough plugin function could be configured on the proxied Application Server instance in order to make the remote client's information directly available to any applications deployed on it; as if the proxied Application Server instance had received the request directly, instead of via an intermediate web server running the service-passthrough plugin. In Application Server Enterprise Edition 8.1 2005Q2 Update 2, the auth-passthrough feature may be enabled by setting the authPassthroughEnabled property of the <http-service> element in domain.xml to TRUE, as follows:
|
|||
|
The same security considerations of the auth-passthrough plugin function in Application Server Enterprise Edition 7.1 also apply to the authPassthroughEnabled property in Application Server Enterprise Edition 8.1 2005Q2 Update 2. Since authPassthroughEnabled makes it possible to override information that may be used for authentication purposes (such as the IP address from which the request originated, or the SSL client certificate), it is essential that only trusted clients or servers be allowed to connect to an Application Server Enterprise Edition 8.1 2005Q2 Update 2 instance with authPassthroughEnabled set to TRUE. As a precautionary measure, it is recommended that only servers behind the corporate firewall should be configured with authPassthroughEnabled set to TRUE. A server that is accessible through the Internet must never be configured with authPassthroughEnabled set to TRUE. Notice that in the scenario where a proxy web server has been configured with the service-passthrough plugin and forwards requests to an Application Server 8.1 Update 2 instance with authPassthroughEnabled set to TRUE, SSL client authentication may be enabled on the web server proxy, and disabled on the proxied Application Server 8.1 Update 2 instance. In this case, the proxied Application Server 8.1 Update 2 instance will still treat the request as though it was authenticated via SSL, and provide the client's SSL certificate to any deployed applications requesting it. |