2. About Sun GlassFish Enterprise Server
3. Known Issues and Limitations
Enterprise Server does not detect conflicts with the heartbeat port of a cluster (Issue number 1967)
Domain creation stops on NFS server running 64-bit Linux (Issue Number 1961)
Performance degradation seen when a huge log file is rotated (6718611)
Failed to Deploy Generic RA Resource Adapter against IBM MQ (Issue 6605)
Standalone instances sometimes obtain files from other instances (6698604)
Startup Message from the start-cluster command are too verbose (6728317)
Failed to Deploy Generic RA Resource Adapter against IBM MQ (Issue 6605)
The package-appclient script does not work if domain1 is not present (6171458)
Starting the Server with additional JMX Agent is not supported (6200011)
.asadmintruststore file not described in the Enterprise Server documentation (6315957)
Clustered instances fail to start due to a timeout in reaching the JMS broker (6523663)
Cannot display jmaki chart in Netscape 8.1.3, Mozilla 1.7 and Safari 2.0.4 browsers (6543014)
Default ports changing in each AS major release (6566481)
The create-domain command fails with custom master password in AIX (6628170)
Solution: (AIX) To Create a Domain With a Custom Master Password
AIX: 0403-027 The parameter list is too long (6625591)
(AIX) To Increase the Maximum Length of the Command Line
Apache and Load Balancer Plugin
SGES 2.1.1 Patch 2 LB plugin on WS7u8 crashes the web server on SUSE Linux 10 SP2 (6928066)
Must start Apache Web Server as root (6308021)
Library JAR packaged in Application Client Archive overwrites MANIFEST file (6193556)
ACC always tries to connect to localhost:3700 (6527987)
Unable to start domain , missing sunpkcs11.jar (6571044)
PreparedStatement errors (6170432)
Java DB is not started after machine reboot or server start (6515124)
Autodeployment fails on a cluster sometimes (6610527)
Bundled ANT throws java.lang.NoClassDefFoundError (6265624)
Application specific classloader not used by JSP compilation (6693246)
Javadoc Inconsistencies (various IDs)
GlassFish 2.x documentation referring to invalid create-session-store command (6935976)
HTTP Service Statistics attributes discrepancies (7018903)
Glassfish GFv2 Mod_JK AJP listens to all interfaces (7008190)
[UB]The *Global Transaction support box* is nowhere to be found (7536)
Misleading Documentation for Configuring JMS Physical Destinations
Upgrade Procedure is Confusing
Resouce Injection does not work in HandlerChain (6750245)
HADB Configuration with Double Networks (no ID)
HADB Database Creation Fails (no ID)
hadbm set does not check resource availability (disk and memory space) (5091280)
Heterogeneous paths for packagepath not supported (5091349)
hadbm createdomain may fail (6173886, 6253132)
Starting, stopping, and reconfiguring HADB may fail or hang (6230792, 6230415)
The management agent terminates with the exception "IPV6_MULTICAST_IF failed" (6232140)
clu_trans_srv cannot be interrupted (6249685)
hadbm does not support passwords containing capital letters (6262824)
Install/removal and symlink preservation (6271063)
Management agents in global and local zones may interfere (6273681)
Non-root users cannot manage HADB (6275319)
The Management Agent should not use special-use interfaces (6293912)
Reassembly failures on Windows (6291562)
Session state not maintained if the browser has another cookie with / path (6553415)
LB does not work with IIS 6; SASL32.DLL and ZLIB.DLL missing under as-install/lib (6572184)
DAS creation/startup and HA package propagation issues in Global Zone (6573511)
Enable/disable LB for an instance/cluster should show correct status (6595113)
Installer decoration image shows old product version (6862674)
The start-domain Command Times Out on OpenSolaris 2008.11 (6820169 and 6741572)
Enterprise profile installation is not supported with a 64-bit JVM on a 64-bit platform (6977626)
Installation with 64-bit JDK Fails (6796171)
Enterprise Server installer crashes on Linux (6739013)
Installation shutdown hanging on some Linux systems after clicking the "Finish" button (5009728)
On Windows, the imq directory needs to be created during installation (6199697)
IFR. Was not able to install AS in the sparse local zone, MQ packages issue. (6555578)
After upgrade, the following exceptions are seen in the log when a domain is started. (6774663)
TopLink expects my Collection field/property to be cloneable (Issue Tracker 556)
GenerationType.IDENTITY and DataDirect Driver with SyBase (Issue Tracker 2431)
Setting ejb-timer-service property causes set command to fail (6193449)
Error thrown when list JMS physical destinations within non-DAS config (6532532)
Win2003 only: Non-paged pool leak memory, breaking tcp stack and richaccess test (6575349)
Setting debug statement for access,failure causes hang in server startup (6180095)
Log level Setting for Persistence Cannot Be Made Persistent (13253247)
Enterprise Server Does Not Start If MQ Broker is Not Started (6740797)
MQ broker fails to start with cluster profile on Linux (6524871)
Mismatch of old and new classes is created when imqjmsra.jar is loaded before upgrade (6740794)
Open JNDI Browsing from Admin UI dumps a huge amount of exceptions in the server.log (6591734)
AIX: monitor command doesn't work on AIX (6655731)
Solution: To Install the Missing libcliutil.so Library File
Installation Log Shows Failures for Samples Installation (6802286)
After upgrade Enterprise Server samples and JES5 portal samples compete on derby port 1527 (6574563)
Expired Root CA for CN=GTE CyberTrust Root 5, OU=GTE CyberTrust Solutions, Inc. (17405362)
To Delete the GTE CyberTrust Root 5 Certificate From the Truststore
Modify Policy Files for Existing Domains (17419736 and 17574160)
CA Certificate bundled with Enterprise Server v2.1.1 has expired (12287499)
OutofMemory Error in SSL Scenarios During Heavy Stress (JDK 6 Issue 23)
AIX: WSS dynamic encrypt key test failed due to server side certification validation error (6627379)
SSL termination is not working (6269102)
Socket connection leak with SSL (6492477)
General Vulnerability Assessment (Issue 17287)
Different domains are lost during upgrade when different build combinations are used (6546130)
Localized Online Help for asupgrade GUI Does Not Exist (6610170)
Solution: To Preserve All Node Agents in a Side-by-Side Upgrade of Multiple Domains
In-place upgrade does not update the index.html file of existing domain (6831429)
Unable to compile JSP page on resource constrained servers (6184122)
Enterprise Server does not support auth-passthrough Web Server 6.1 Add-On (6188932)
AS 9.1 b50e.Linux. Can not start WS after AS LB installation: libjvm.so:cannot open shared (6572654)
Ant task wsimport fails with Java EE SDK b33d (using JDK 1.6) with NoClassDefFoundError (6527842)
publish-to-registry commands fail in IFR EE builds (6602046)
wscompile fails with "package javax.xml.rpc does not exist" on JDK6 u4 b3 (6638567)
This section describes known web container issues and associated solutions.
If you request precompilation of JSPs when you deploy an application on Windows, later attempts to undeploy that application or to redeploy it (or any application with the same module ID) will not work as expected. The problem is that JSP precompilation opens JAR files in your application but does not close them, and Windows prevents the undeployment from deleting those files or the redeployment from overwriting them.
Note that undeployment succeeds to a point, in that the application is logically removed from the Application Server. Also note that no error message is returned by the asadmin utility, but the application's directory and the locked jar files remain on the server. The server's log file will contain messages describing the failure to delete the files and the application's directory.
Attempts to redeploy the application after undeploying fail because the server tries to remove the existing files and directory, and these attempts also fail. This can happen if you try to deploy any application that uses the same module ID as the originally deployed application, because the server uses the module ID in choosing a directory name to hold the application's files.
Attempts to redeploy the application without undeploying it first will fail for the same reasons.
If you attempt to redeploy the application or deploy it after undeploying it, the asadmin utility returns an error similar to the one below.
An exception occurred while running the command. The exception message is: CLI171 Command deploy failed : Deploying application in domain failed; Cannot deploy. Module directory is locked and can't be deleted.
If you specify --precompilejsps=false (the default setting) when you deploy an application, then this problem will not occur. Be aware that the first use of the application will trigger the JSP compilation, so the response time to the first request will be longer than for later requests.
Note also that if you do precompile, you should stop and restart the server before undeploying or redeploying the application. The shutdown frees the locked JAR files so the undeployment or redeployment after the restart can succeed.
The optional load-on-startup servlet element in a web.xml indicates that the associated servlet is to be loaded and initialized as part of the startup of the web application that declares it.
The optional content of this element is an integer indicating the order in which the servlet is to be loaded and initialized with respect to the web application's other servlets. An empty <load-on-startup> indicates that the order is irrelevant, as long as the servlet is loaded and initialized during the startup of its containing web application.
The Servlet 2.4 schema for web.xml no longer supports an empty <load-on-startup>, meaning that an integer must be specified when using a Servlet 2.4 based web.xml. If specifying an empty <load-on-startup>, as in <load-on-startup/>, the web.xml will fail validation against the Servlet 2.4 schema for web.xml, causing deployment of the web application to fail.
Backwards compatibility issue. Specifying an empty <load-on-startup> still works with Servlet 2.3 based web.xml.
Specify <load-on-startup>0</load-on-startup> when using a Servlet 2.4 based web.xml to indicate that servlet load order does not matter.
The JSP page is accessed but fails to compile, and the server log contains the error message "Unable to execute command" with the following stack trace:
at org.apache.tools.ant.taskdefs.Execute$Java13CommandLauncher. exec(Execute.java:655) at org.apache.tools.ant.taskdefs.Execute. launch(Execute.java:416) at org.apache.tools.ant.taskdefs.Execute.execute(Execute.java:427) at org.apache.tools.ant.taskdefs.compilers.DefaultCompilerAdapter. executeExternalCompile(DefaultCompilerAdapter.java:448) at org.apache.tools.ant.taskdefs.compilers.JavacExternal.execute (JavacExternal.java:81) at org.apache.tools.ant.taskdefs.Javac.compile(Javac.java:842) at org.apache.tools.ant.taskdefs.Javac.execute(Javac.java:682) at org.apache.jasper.compiler.Compiler.generateClass(Compiler.java:396)
Set the JSP compilation switch "fork" to "false."
This can be done either of two ways:
Globally, by setting the fork init parameter of the JspServlet in domain-dir/config/default-web.xml to false:
<servlet> <servlet-name>jsp</servlet-name> <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class> .... <init-param> <param-name>fork</param-name> <param-value>false</param-value> </init-param> .... </servlet>
On a per-web application basis, by setting the fork JSP configuration property in sun-web.xml to false:
<sun-web-app> <jsp-config> <property name="fork" value="false" /> </jsp-config> </sun-web-app>
Either setting will prevent ant from spawning a new process for javac compilation.
The Sun GlassFish Enterprise Server v2.1.1 adds support for the functionality provided by the auth-passthrough plugin function available with Sun GlassFish Enterprise Server Enterprise Edition 7.1. However, in Enterprise Server v2.1.1, the auth-passthrough plugin feature is configured differently.
The auth-passthrough plugin function in Enterprise Server Enterprise Edition 7.1 has been useful in two-tier deployment scenarios, where:
Application Server instance is protected by a second firewall behind the corporate firewall.
No client connections are permitted directly to the Application Server instance.
In such network architectures, a client connects to a front-end web server, which has been configured with the service-passthrough plugin function and forwards HTTP requests to the proxied Application Server instance for processing. The Application Server instance can only receive requests from the web server proxy, but never directly from any client hosts. As a result of this, any applications deployed on the proxied Application Server instance that query for client information, such as the client's IP address, will receive the proxy host IP, since that is the actual originating host of the relayed request.
In Application Server Enterprise Edition 7.1, the auth-passthrough plugin function could be configured on the proxied Application Server instance in order to make the remote client's information directly available to any applications deployed on it; as if the proxied Application Server instance had received the request directly, instead of via an intermediate web server running the service-passthrough plugin.
In Enterprise Server v2.1.1, the auth-passthrough feature may be enabled by setting the authPassthroughEnabled property of the <http-service> element in domain.xml to TRUE, as follows:
<property name="authPassthroughEnabled" value="true"/>
The same security considerations of the auth-passthrough plugin function in Application Server Enterprise Edition 7.1 also apply to the authPassthroughEnabled property in Enterprise Server v2.1.1. Since authPassthroughEnabled makes it possible to override information that may be used for authentication purposes (such as the IP address from which the request originated, or the SSL client certificate), it is essential that only trusted clients or servers be allowed to connect to an Enterprise Server v2.1.1 instance with authPassthroughEnabled set to TRUE. As a precautionary measure, it is recommended that only servers behind the corporate firewall should be configured with authPassthroughEnabled set to TRUE. A server that is accessible through the Internet must never be configured with authPassthroughEnabled set to TRUE.
Notice that in the scenario where a proxy web server has been configured with the service-passthrough plugin and forwards requests to an Enterprise Server instance with authPassthroughEnabled set to TRUE, SSL client authentication may be enabled on the web server proxy, and disabled on the proxied Enterprise Server instance. In this case, the proxied Enterprise Server instance will still treat the request as though it was authenticated via SSL, and provide the client's SSL certificate to any deployed applications requesting it.