1. Oracle GlassFish Server 3.0.1 Release Notes
What's New in the Oracle GlassFish Server 3.0.1 Release?
Support for Extending GlassFish Server
Support for Scripting Languages
Web Services Interoperability Technologies (WSIT) Support
Enhancements to the appclient Utility
Move of HTTP Service Settings to Network Service
Changes Related to Administrator Authentication
Changes Related to the asadmin Utility
Changes Related to File Layout
Changes Related to Ant Tasks and the asant Utility
Changes Related to domain.xml Validation
Changes Related to Applications
Applications and Generated Directory Layout
domain.xml application Element
Application Client deploy --retrieve and get-client-stubs Commands
Hardware and Software Requirements
Path Settings for the JDK Software
Supported JDBC Drivers and Databases
IPS Online Upgrade No Longer Available (19910200)
Expired Root CA for CN=GTE CyberTrust Root 5, OU=GTE CyberTrust Solutions, Inc. (17405426)
To Delete the GTE CyberTrust Root 5 Certificate From the Truststore
[OWSM] Interop Metro-WLS:NPE WSSECURTIYTOKEN NULL for WSSE:SECURITYTOKENREFERENCE (Issue 9716247)
[JDK_Issue] SSLHandshakeException when using JDK1.6.0_20 (Issue 12041)
[JDK_Issue] Performance degradation caused by invoking setSoLinger or setReuseAddress (Issue 7109)
[JDK_Issue] IO exception: invalid argument during longevity test (Issue 7529)
[JDK_Issue] Richaccess: java.io.IOException: Invalid argument from doSelect (Issue 8573)
GlassFish Server 3.0.1 on HP-UX when using jdk 1.6.0.07 (Issue 12206)
GF b22 failed to startup with JRockit jrmc-4.0.0-1.6.0 (Issue 12265)
File permissions on domain /applications directory can cause NullProcessException (Issue 6545)
Windows installation log file is not readable (Issue 4881)
Uninstallation fails on Windows 7 because of missing JDK error (Issue 12093)
Access to statistics for new virtual servers requires server restart (Issues 6238 and 6422)
[Open Installer] Option -l to relocate log files ignored on Windows (Issue 10693)
Issues occur with ZIP distribution if UAC enabled on Windows Vista (Issue 10755)
Null pointer exception thrown from com.sun.xml.wss.NonceManager.getInstance (Issue 11138)
Standalone Update Tool fails with segmentation fault on Solaris (Issue 11222)
Ruby applications deployed on context root don't work with Admin Console (Issue 10854)
Launching an app client can give ClassNotFound error for the client's main class (Issue 11181)
Change to log file location requires server restart to take effect (Issue 11142)
[Update Center] Non-user directory access fails (Update Center Issue 1583)
Inline help and CLI man page list incorrect servlet version 2.4 in X-Powered-By (Issue 11011)
[Monitoring] Extra monitoring view for connector-connection-pools not available (Issue 11256)
[EclipseLink] Issues with ElementCollections of embeddables (EclipseLink Issue 296606)
Virtual server started twice (Issue 11195)
Problems debugging JPA (Issue 11274)
EJB interop for remote EJBs broken when target EJB is on the same host (Issue 11152)
Cannot send JMS messages between systems (Issue 11254)
Windows system menu is empty (Issue 11239)
Embedded ACC overly strict on current thread context class loader (Issue 11427)
EJB Timer Service config issue for MySQL (Issue 11428)
deploy subcommand fails against secure server (Issue 11439)
Expired certificate in GlassFish Server truststore (Issue 6852796)
GlassFish V3 should allow multiple applications with the same context root (7002834)
Unsupported Options in asadmin Commands
No Support for Client VM on Windows AMD64
GlassFish Server Documentation Set
Features Available Only in the Full Platform Profile
How to Report Problems and Provide Feedback
This section describes known issues in Oracle GlassFish Server 3.0.1 and any available workarounds.
Expired Root CA for CN=GTE CyberTrust Root 5, OU=GTE CyberTrust Solutions, Inc. (17405426)
[OWSM] Interop Metro-WLS:NPE WSSECURTIYTOKEN NULL for WSSE:SECURITYTOKENREFERENCE (Issue 9716247)
[JDK_Issue] SSLHandshakeException when using JDK1.6.0_20 (Issue 12041)
[JDK_Issue] Performance degradation caused by invoking setSoLinger or setReuseAddress (Issue 7109)
[JDK_Issue] IO exception: invalid argument during longevity test (Issue 7529)
[JDK_Issue] Richaccess: java.io.IOException: Invalid argument from doSelect (Issue 8573)
GlassFish Server 3.0.1 on HP-UX when using jdk 1.6.0.07 (Issue 12206)
GF b22 failed to startup with JRockit jrmc-4.0.0-1.6.0 (Issue 12265)
File permissions on domain /applications directory can cause NullProcessException (Issue 6545)
Uninstallation fails on Windows 7 because of missing JDK error (Issue 12093)
Access to statistics for new virtual servers requires server restart (Issues 6238 and 6422)
[Open Installer] Option -l to relocate log files ignored on Windows (Issue 10693)
Issues occur with ZIP distribution if UAC enabled on Windows Vista (Issue 10755)
Null pointer exception thrown from com.sun.xml.wss.NonceManager.getInstance (Issue 11138)
Standalone Update Tool fails with segmentation fault on Solaris (Issue 11222)
Ruby applications deployed on context root don't work with Admin Console (Issue 10854)
Launching an app client can give ClassNotFound error for the client's main class (Issue 11181)
Change to log file location requires server restart to take effect (Issue 11142)
[Update Center] Non-user directory access fails (Update Center Issue 1583)
Inline help and CLI man page list incorrect servlet version 2.4 in X-Powered-By (Issue 11011)
[Monitoring] Extra monitoring view for connector-connection-pools not available (Issue 11256)
[EclipseLink] Issues with ElementCollections of embeddables (EclipseLink Issue 296606)
EJB interop for remote EJBs broken when target EJB is on the same host (Issue 11152)
Embedded ACC overly strict on current thread context class loader (Issue 11427)
Expired certificate in GlassFish Server truststore (Issue 6852796)
GlassFish V3 should allow multiple applications with the same context root (7002834)
GlassFish Server software upgrade from external, online Image Packaging System (IPS) repositories is no longer supported.
Upgrade GlassFish Server software only by following the procedure for extending and updating GlassFish Server inside a closed network. For more information, see Extending and Updating GlassFish Server Inside a Closed Network in Oracle GlassFish Server 3.0.1 Administration Guide.
During startup of a GlassFish Server instance, an expired certificate is reported in the instance's server.log log file as follows:
The "GTE CyberTrust Root 5" certificate expired on August 15th 2013
The log file shows the validity of the certificate as follows:
Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US ... Validity: [From: Fri Aug 14 15:50:00 BST 1998, To: Thu Aug 15 00:59:00 BST 2013]
The solution depends on whether the instance is configured to use a server SSL certificate that uses this certificate as part of its trust path.
If the instance is not configured this way, ignore the warning. The functionality of the instance is unaffected.
If no server certificate has been signed by GTE CyberTrust Root 5 certificate, delete the certificate from the truststore. For instructions, see To Delete the GTE CyberTrust Root 5 Certificate From the Truststore.
Note - In the latest releases of Java SE 6 and Java SE 7, this certificate is no longer present by default. The only GTE certificate has the alias gtecybertrustglobalca and does not expire until August 2018.
Otherwise, contact the issuing certificate authority (CA) to resolve the issue.
The CA will either reissue the certificate with an up to date or alternate root certificate or will provide an updated certificate to install in the truststore.
To determine that the new certificate is correct, confirm that the issuer's subject is as follows:
CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc."
prompt% cd domain-dir/config
prompt% keytool -delete -alias gtecybertrust5ca -keystore cacerts.jks
When prompted, provide the master password of the domain.
Deleting the expired certificate prevents the certificate from being propagated to new domains.
prompt% cd as-install/lib/install/templates
prompt% keytool -delete -alias gtecybertrust5ca -keystore cacerts.jks
When prompted, provide the master password of the domain.
There is an issue with web services communication between GlassFish Server Metro and Oracle WebLogic Server when using the Oracle Web Services Manager (OWSM) wss11_saml_token_with_message_protection_service_policy policy.
The fix for this problem is in Oracle WebLogic Server 11.1.1.4.0. See the Oracle WebLogic product page for more information.
SSL renegotiation fails against JDK 1.6.0_20, but works with JDK1.6.0_18. An exception similar to the following is written to the system.log file:
[#|2010-05-25T13:57:34.512-0700|WARNING|glassfish3.0.1|com.sun.grizzly. \ config.GrizzlyServiceListener|_ThreadID=24;_ThreadName=Thread-1; \ |processorTask.exceptionSSLcert javax.net.ssl.SSLHandshakeException: \ renegotiation is not allowed
This is a known issue caused by the disabling of SSL renegotiation in JDK 6u19 and above. Previously, GlassFish Server was able to perform SSL renegotiation for client certificates through the default HTTPS port (8181). However, a security vulnerability with SSL renegotiation surfaced, and SSL renegotiation was disabled in JDK 6u19.
The security vulnerability was in the TLS protocol (TLS 1.0 or later and SSLv3), and it was discovered that this vulnerability may allow an unauthenticated, remote attacker to conduct man-in-the-middle (MITM) type of attacks, where plain text may be injected as a prefix in a user's TLS session. More details about this vulnerability are available at http://extendedsubset.com/?p=8.
An interim fix was made in JDK 6u19 that disables TLS/SSL renegotiation in the Java Secure Sockets Extension (JSSE) by default. This stops the MITM attack, but applications that require the TLS/SSL renegotiation will not work. The remaining and real fix for this will be done in JDK 6u22. For more information about this, see http://blogs.oracle.com/sunsecurity/.
JDK 6u19 provides a new system property, called sun.security.ssl.allowUnsafeRenegotiation, that enables TLS/SSL renegotiation. For more information, see http://java.sun.com/javase/javaseforbusiness/docs/TLSReadme.html. Setting this property to true in GlassFish Server GlassFish enables the renegotiation. However, it also makes GlassFish Server once again vulnerable to MITM attack.
When the setSoLinger method or the setReuseAddess method is invoked, performance is degraded and the following exception is thrown:
[#|2009-01-26T00:33:56.325-0800|WARNING|sun-appserver9.1| javax.enterprise.system.container.web|_ThreadID=17; _ThreadName=SelectorReaderThread-8084; _RequestID=11ae0030-c392-4217-8408-cfa7efe0a879;|setSoLinger exception java.net.SocketException: Invalid argument
This issue is caused by an issue with the JDK software. This issue is resolved in JDK version 7.
For more information, see Issue report 7109.
None.
During an HTTP longevity test, the following exception is thrown 42 hours into the run:
[#|2009-04-05T17:41:26.537-0700|SEVERE|glassfish|javax.enterprise.system.core| _ThreadID=15;_ThreadName=Thread-1;|doSelect exception java.io.IOException: Invalid argument
The instance and application are still accessible during the run.
This issue is caused by an issue with the JDK software. This issue is resolved in JDK version 7.
For more information, see Issue report 7529.
None.
The following exception is seen:
[#|2009-06-20T06:05:57.942-0700|SEVERE|glassfish| com.sun.grizzly.config.GrizzlyServiceListener| _ThreadID=21;_ThreadName=Thread-2;|doSelect IOException java.io.IOException: Invalid argument
This is a JDK issue, scheduled to be fixed in JDK 1.6.0_18.
For more information, see Issue report 8573.
Increase the maximum number of file descriptors to 10000 or greater (the default on Solaris is 64000). Once JDK 1.6.0_18 becomes available, install it.
Additional configuration information is required when running GlassFish Server 3.0.1 on HP-UX using 64–bit JDK 1.6.0.07. Specifically, the -client option must be replaced with -d64 in the <jvm-options/> section in the domain.xml file.
You can add the -d64 JVM option directly to the domain.xml file. Alternatively, you can use the as-install/bin/asadmin command to add and remove JVM options. In both cases, after making the changes, the GlassFish Server domain must be restarted.
as-install/bin/asadmin start-domain
as-install/bin/asadmin delete-jvm-options "-client"
as-install/bin/asadmin create-jvm-options "-d64"
as-install/bin/asadmin stop-domain as-install/bin/asadmin start-domain
GlassFish Server fails to start with JRockit Mission Critical Console 4.0.0-1.6.0 (JDK 1.6.0_17). Errors similar to the following are displayed at domain startup:
./asadmin start-domain Waiting for DAS to start .Error starting domain: domain1. The server exited prematurely with exit code 1. Before it died, it produced the following output: [WARN ][jrockit] MaxPermSize=192m ignored: Not a valid option for JRockit [WARN ][jrockit] NewRatio=2 ignored: Not a valid option for JRockit Unknown option or illegal argument: -XX:+LogVMOutput. Please check for incorrect spelling or review documentation of startup options. Could not create the Java virtual machine. Command start-domain failed.
Comment out the following two jvm-options in the domain.xml file for the domain:
-XX:+LogVMOutput
-XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log
For example:
<!-- <jvm-options>-XX:+LogVMOutput</jvm-options> --> <!-- <jvm-options>-XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log</jvm-options> -->
If a domain's /applications directory restricts access, or if you use directory deployment from a restricted directory, the server cannot read the files in the expanded directory. A NullProcessException error occurs during deployment.
For more information, see Issue report 6545.
Change the file access settings for such directories to grant the server permission to read the directory contents.
The time-stamp-install.log file cannot be read, because all lines written to the file are concatenated into a single long string.
For more information, see Issue report 4881.
Use a different editor, and manually open the installation log file created under the %TEMP% directory.
Uninstallation of GlassFish Server may fail on Windows 7 systems because Windows cannot find the required JDK installation. The problem may occur when the Java binaries are not installed through a standard Java SDK installer.
Explicitly specify the location of the Java binaries when running the GlassFish Server uninstall utility from the command line. For example:
uninstall.exe -j "C:\Program Files\Java\jre6"
Monitoring statistics about newly added virtual servers are available only after the server is restarted.
For more information, see the reports for Issue 6238 and Issue 6422.
After adding a virtual server, restart the server to view monitoring data for the virtual server.
Option -l to relocate log files is ignored when used with options -a and -s and the log files are created in the default location.
For more information, see Issue report 10693.
None.
Some features will not work well on Windows Vista with User Account Control (UAC) enabled. One example is the Administration Console, which cannot be launched.
For more information, see Issue report 10755.
Disable UAC and reboot.
Testing a JAX-RPC web service, with GlassFish message security provider enabled, throws the following exception in the server logs:
[#|2009-11-23T11:16:58.375+0005|SEVERE|glassfishv3.0| javax.enterprise.resource.webservices.rpc.server.http|_ThreadID=25;_ ThreadName=http-thread-pool-8080-(2);|caught throwable java.lang.RuntimeException: com.sun.enterprise.security.jauth.AuthException
The default value of the nonce property does not work.
For more information, see Issue report 11138.
To use message security with JAX-RPC web services, disable the nonce property in the configuration. See the Issue report for the complete steps for the workaround.
The Start menu group for GlassFish Server is not displayed after installation is first completed. If you log out and then log back in, the menu group is displayed but it is empty.
For more information, see Issue report 5087.
None.
The command asadmin get -m "server.*" returns all monitoring data pertaining to that server. When many applications are deployed, the amount of data is quite large and could take a long time to return. The client might time out with the following client-side error:
./asadmin get --monitor=true "server.*" I/O Error: Read timed out Command get failed.
For more information, see Issue report 11163.
Minimize the amount of data that is returned to the client.
Run the asadmin list -m "server.*" command, which returns the top-level elements.
Select the top-level element for which details are needed, and use this as a filter. For example:
> ./asadmin list -m "server.*" ... server.applications.SPECjAppServer.supplier\.jar.POEnt.bean-cache server.applications.SPECjAppServer.supplier\.jar.POEnt.bean-methods server.applications.SPECjAppServer.supplier\.jar.POEnt.bean-methods. create-int-int-[Lorg\.spec\.jappserver\.supplier\.helper\.ComponentOrder server.applications.SPECjAppServer.supplier\.jar.POEnt.bean-methods. findByPrimaryKey-java\.lang\.Integer server.applications.SPECjAppServer.supplier\.jar.POEnt.bean-methods.generateXml server.applications.SPECjAppServer.supplier\.jar.POEnt.bean-methods.getEJBLocalHome ... >./asadmin get -m "server.applications.SPECjAppServer.supplier\.jar.POEnt.bean-methods.*" ... server.applications.SPECjAppServer.supplier\.jar.POEnt.bean-methods.remove. methodstatistic-name = MethodStatistic server.applications.SPECjAppServer.supplier\.jar.POEnt.bean-methods.remove. methodstatistic-starttime = 1259604209775 ...
The standalone Update Tool started with the updatetool command fails with a segmentation fault on Solaris when installing add-on components.
For more information, see Issue report 11222.
Ensure that your system conforms to the standalone Update Tool patch requirements as defined in the Update Center Release Notes.
Update Tool functionality in the Administration Console uses a different Java-based Update Center API and is not affected by this issue.
If a Ruby application is deployed at contextroot '/' and the Administration Console is then accessed, accessing the Ruby application produces a 404 error.
For more information, see Issue report 10854.
None.
When using Java Web Start to launch an application client, any managed beans in the application client will not be recognized.
For more information, see Issue report 11257.
Launch the application client using the appclient script. Managed beans in the application client will be supported normally.
When you invoke the appclient script on Mac OS X systems with Java from Apple installed, the following stack trace is seen twice (only the first few lines are shown here):
Intentionally suppressing recursive invocation exception! java.lang.IllegalStateException: recursive invocation at java.lang.ClassLoader.initSystemClassLoader(ClassLoader.java:1394) at java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1377) at sun.security.jca.ProviderConfig$1.run(ProviderConfig.java:64) ...
For more information, see Issue report 8644.
None needed.
Despite the warning messages, the client will be launched successfully and run normally. These errors are from an issue in the Apple Java implementation.
A problem occurs when all of the following are true:
The application is an EAR that contains an app client.
The EAR is directory deployed.
The EAR contains an application client module myAppClient.jar, which, because this is a directory deployment, is pre-expanded into myAppClient_jar. (For the purposes of this example, myApp is the name of the EAR. This name can be anything.)
Attempts to launch the application client fail with the following error because one file generated on the server is placed in the wrong server directory and overwrites another generated file:
java.lang.ClassNotFoundException:(main-class-for-the-client)
For more information, see Issue report 11181.
Change the name of the application client so it is not myAppClient.jar; specifically:
Edit myApp/META-INF/application.xml so that the declaration of the client is <java>myClient.jar</java>. Note that you can use any name other than myAppClient.jar.
Rename the directory myApp/myAppClient_jar to myApp/myClient_jar. Note that the client's subdirectory name must be the same as the application client URI in the application.xml file, with the .jar replaced with _jar.
Deploy the application:
asadmin deploy --retrieve localdir myApp
Run the application client:
appclient -client localdir/myAppClient.jar
Changes to server log values on the General tab of the Logger Settings page in the Administration Console do not immediately take effect.
For more information, see Issue report 11142.
Restart the server. All changes to the values on this page require a server restart to take effect.
Installation log files cannot be opened by clicking the links on the Summary page that displays at the end of the installation process in the graphical installer.
For more information, see Issue report 6621.
Access the files manually. The names of the installation log and summary files are timestamp-install.log and timestamp-install-summary.html. On Linux and Mac systems these files are generated under the $TMP directory.
If you reinstall GlassFish Server (with Update Tool) in the same installation directory with the same defaults and invoke Update Tool using the updatetool command, you receive a message saying that Update Tool is not installed and are asked if you want to install it. This occurs on Windows systems only.
For more information, see Issue report 8233.
Following uninstallation, manually remove the remaining .org* directory before reinstalling.
This issue occurs intermittently on Windows and Mac OS systems. pkg(5) does not work on certain systems at certain times.
For more information, see Update Center Issue 1583.
None.
The inline help and CLI man page list servlet 2.4 in the X-Powered-By field. The correct version is servlet 3.0.
For more information, see Issue report 11011.
None.
When using embedded with glassfish-embedded-all-3.0-b73.jar, deployment fails with the following error:
SEVERE: WEB9051: Error trying to scan the classes at /private/var/folders/CV/CVhj8DvqEwGK5bdJKK9TaE TI/-Tmp- /gfembed6991712842235699248tmp/applications/xwiki-enterprise-web-2.0/ WEB-INF/lib/activation-1.1.jar for annotations in which a ServletContainerInitializer has expressed interest java.util.zip.ZipException: error in opening zip file
The issue occurs because embedded uses a folder with plus signs (+), and plus signs in a path are converted into space characters " " when the path is decoded.
For more information, see Issue report 11149.
A system property has been added that enables you to place temporary directories. The property is glassfish.embedded.tmpdir and can be set so the temporary domain directory is not placed in the user directory.
create-service fails to create service without AS_ADMIN_USER in passwordfile on Solaris.
For more information, see Issue report 11119.
None.
GlassFish Server uses a tree structure to track monitorable objects. Within that tree, the following view is not available to obtain connection pool statistics:
server.connector-service.resource-adapter-name.connection-pool-name.* or server.jms-service.connection-factories.connection-factory-name.* (for jms-ra-related pools).
For more information, see Issue report 11256.
Use the server.resources.* view to obtain the statistics.
For more information about Monitoring, see Chapter 8, Administering the Monitoring Service, in Oracle GlassFish Server 3.0.1 Administration Guide.
With weaving enabled, updates on an element collection of embeddables can potentially throw a null pointer exception.
For more information, see EclipseLink Issue report 296606.
Two workarounds are available:
Add the annotation @ChangeTracking(DEFFERED) on the embeddable and set the property eclipselink.weaving.internal to false.
or
Set the following properties to false in persistence XML: eclipselink.weaving.changetracking and eclipselink.weaving.internal.
After starting the domain and accessing localhost:4848, the following messages are seen in the server log:
[#|2009-11-27T16:21:57.091+1100|INFO|glassfishv3.0| javax.enterprise.system.container.web.com.sun.enterprise.web| _ThreadID=20;_ThreadName=Thread-1;|Created virtual server server|#]
[#|2009-11-27T16:21:57.091+1100|INFO|glassfishv3.0| javax.enterprise.system.container.web.com.sun.enterprise.web| _ThreadID=20;_ThreadName=Thread-20;|Created virtual server server|#]
These messages give the impression that the virtual server, server, was started twice. This is not the case. Virtual servers are only started once, but messages are logged multiple times.
For more information, see Issue report 11195.
None.
Debugging JPA is difficult because of limited messages from the server.
For more information, see Issue report 11274.
Add the property org.eclipse.persistence.session.level=INFO to the logging.properties file. You can then use the Administration Console to control EclipseLink loggers.
EJB interoperability for remote EJBs is broken when the target EJB is on the same host (another GlassFish Server domain or another GlassFish Server 3.0.1 instance).
For more information, see Issue report 11152.
Set the following property in jvm-options:
-Dorg.glassfish.orb.iiop.orbserverid=:
By default, the default host name for the JMS service on GlassFish Server is localhost. To access the JMS service from another system, however, you must change the host name. You can change it to either the actual host name or to 0.0.0.0.
For more information, see Issue report 11254.
To make the change, do one of the following:
Use the Administration Console: Expand the Configuration, Java Message Service, and JMS Hosts nodes, select default_JMS_host, and edit the Host field.
or
Use an asadmin subcommand such as the following:
asadmin set server-config.jms-service.jms-host.default_JMS_host.host="0.0.0.0"
asadmin set server-config.jms-service.jms-host.default_JMS_host.host="hostname"
When GlassFish Server is installed using the graphical installer, the installation completes successfully but only the top-level GlassFish Server v3 entry is added in the Windows system menu, and it is empty. This issue occurs with both the localized and English installers.
For more information, see Issue report 11239.
None.
The ACC expects the current thread's context class loader to be an ACCClassLoader. This is overly restrictive. Although this condition is met for appclient script and Java Web Start launches, it might not be met for the embedded case. Other functions inside the ACC require the class loader to be a URLClassLoader (or an instance of a subclass of URLClassLoader), but the loader does not need to be an ACCClassLoader.
For more information, see Issue report 11427.
Two workarounds are available:
Set -Djava.system.class.loader=org.glassfish.appclient.client.acc.ACCClassLoader.
or
In your Java program, instantiate an ACCClassLoader and set it to be the current thread's context class loader using Thread.currentThread().setContextClassLoader before using the embedded ACC classes and interfaces.
Able to create and store EJB timer in MySQL as user, but when trying to configure EJB Timer Service for MySQL, get the following exception (SQLException executing statement):
"CREATE TABLE EJB__TIMER__TBL (TIMERID VARCHAR(255) NOT NULL, BLOB BLOB(64000), INITIALEXPIRATIONRAW BIGINT, SCHEDULE VARCHAR(255), INTERVALDURATION BIGINT, OWNERID VARCHAR(255), STATE INTEGER, LASTEXPIRATIONRAW BIGINT, PKHASHCODE INTEGER, CREATIONTIMERAW BIGINT, CONTAINERID BIGINT, PRIMARY KEY (TIMERID))": com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'BLOB BLOB(64000), INITIALEXPIRATIONRAW BIGINT, SCHEDULE VARCHAR(255), INTERVALDU' at line 1|#]
For more information, see Issue report 11428.
Make sure that the datasource-classname specified for the timer pool represents an XA DataSource.
MySQL-specific steps:
Unpack glassfishv3/glassfish/lib/install/applications/ejb-timer-service-app.war.
Add the following to WEB-INF/classes/__ejb_timer_mappings.xml after <persistence-unit-metadata>:
<persistence-unit-defaults> <delimited-identifiers/> </persistence-unit-defaults>
Repackage the WEB-INF/classes/__ejb_timer_mappings.xml file.
(This step required only if the current installation has already used the EJB Timer Service.) Manually create the EJB__TIMER__TBL in the database using this create statement:
CREATE TABLE `EJB__TIMER__TBL` (`TIMERID` VARCHAR(255) NOT NULL, `BLOB` BLOB(64000), `INITIALEXPIRATIONRAW` BIGINT, `SCHEDULE` VARCHAR(255), `INTERVALDURATION` BIGINT, `OWNERID` VARCHAR(255), `STATE` INTEGER, `LASTEXPIRATIONRAW` BIGINT, `PKHASHCODE` INTEGER, `CREATIONTIMERAW` BIGINT, `CONTAINERID` BIGINT, PRIMARY KEY (`TIMERID`))
The deploy subcommand fails against a secure server unless the --secure option is used.
For more information, see Issue report 11439.
Use the --secure option when issuing the deploy subcommand against a secure server.
One of the authority certificates in the GlassFish Server truststore expired on January 7, 2010. The certificate is cacerts.jks. An error message is generated on startup indicating that the certificate has expired:
Version: V1 Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2 Key: SunPKCS11-Solaris RSA public key, 1000 bits (id 17891456, session object) modulus: public exponent: Validity: [From: Tue Nov 08 19:00:00 GMT-05:00 1994, To: Thu Jan 07 18:59:59 GMT-05:00 2010] Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US SerialNumber: [ 02ad667e 4e45fe5e 576f3c98 195eddc0]
For more information, see Issue report 6852796.
The expired authority certificate was removed in update 18 of Java SE 6. It will also be removed from the GlassFish Server truststore in a future update.
You can ignore the error messages and use the update, or you can eliminate the error messages. To stop receiving the error messages, use keytool to remove the certificate from the GlassFish Server truststore:
=> cd domains/domainX/config => cp cacerts.jks cacerts.jks.save => keytool -delete -keystore cacerts.jks -alias verisignserverca Enter keystore password:
To prevent the expired certificate from reappearing in subsequently created domains, the certificate should also be removed from the template truststore:
=> cd glassfish/lib/templates => cp cacerts.jks cacerts.jks.save => keytool -delete -keystore cacerts.jks -alias verisignserverca Enter keystore password:
For more information about the keystore password, see the information about master passwords and keystores in Authentication in Oracle GlassFish Server 3.0.1 Administration Guide.
The Domain Administration Server (DAS) in versions of GlassFish Server prior to version 2.1.1 did not allow multiple applications to be deployed using the same web context root, even if those applications were targeted for different GlassFish Server instances.
This behavior was changed in GlassFish Server 2.1.1 and has been carried forward to version 3.0.1. The GlassFish Server DAS now supports the deployment of applications using the same context root as long as those applications are deployed to different GlassFish Server instances. However, this new DAS support is not sufficiently documented.
Web Module Deployment Guidelines in Oracle GlassFish Server 3.0.1 Application Deployment Guide states:
Context Root. When you deploy a web module, if you do not specify a context root, the default is the name of the WAR file without the .war extension. The web module context root must be unique within the server.
Similarly, endpoint-address-uri in Oracle GlassFish Server 3.0.1 Application Deployment Guide states:
For servlet endpoints, this value is relative to the web application context root. For EJB endpoints, the URI is relative to root of the web server (the first portion of the URI is a context root). The context root portion must not conflict with the context root of any web application deployed to the same web server.
While both statements are technically accurate, it is useful to add the following further clarification:
The DAS in GlassFish Server versions 2.1.1, 3.0.1, and later support the deployment of multiple web applications using the same web context root as long as those applications are deployed to different GlassFish Server instances. Deploying multiple applications using the same context root within a single GlassFish Server instance will produce a DAS error.
The reference information and examples in The sun-appserv-deploy Task in Oracle GlassFish Server 3.0.1 Application Development Guide refer to an asinstalldir attribute, which is incorrect. In addition, the error message string returned by the sun-appserv-deploy Ant task incorrectly states, “Sepcify either the installDir attribute or the asinstall.dir property.”
Note the following corrections:
asinstalldir should be asinstall.dir.
“Sepcify” in the error message string should be “Specify.”
If you apply patch-03 to GlassFish Server 3.0.1 and use the same domain configuration, the trace-enabled attribute is reset to its internal default value of true. This creates a security vulnerability in which some normally secure information is available without the administrator username and password.
Set the trace-enabled attribute to false. The syntax of the set(1) command is as follows:
asadmin> set config-name.network-config.protocols.protocol.protocol-name.http.trace-enabled="false"
For example:
asadmin> set c1-config.network-config.protocols.protocol.http-1.http.trace-enabled="false"