December 2005
These Release Notes contain important information available at the time of release of Version 6.0 Service Pack (SP) 10 of Sun ONE ™ (Open Net Environment) Web Server. Known issues and limitations, and other information are addressed here. Read this document before you begin using Web Server 6.0 SP10.
Web Server 6.0 SP10 can be installed on the following platforms: AIX, HP-UX, Red Hat Linux and Red Hat Linux Advanced Server 2.1, Sun Linux, Windows and Solaris™ Operating Environment (Solaris OE). For operating system version details, refer to the section Web Server 6.0 SP10 Supported Platforms in these release notes.
Check the Web site prior to installing and setting up your software, and then periodically thereafter to view the most up-to-date release notes and manuals.
These release notes contain the following sections:
Features Supported in Web Server 6.0 SP10
Required Patches
JRE/JVM Versions
Installation, Upgrade, and Migration Information
Resolved Issues
Known Problems and Solutions
Platform-Specific Information
Corrections to Documentation
How to Report Problems and Provide Feedback
Additional Sun Resources
Third-party URLs are referenced in this document and provide additional, related information.
Web Server 6.0 SP10 offers the following features:
JDK™ Software Support
Sun™ ONE Active Server Pages Support
NSS 3.3.4.7 Support
NSPR 4.1.6 Support
LDAP SDK Support
VeriSign Support
Support for Sun Linux
Sun™ ONE Studio 3.0 Support
magnus.conf Directive Enhancement
Keep-Alive Subsystem Enhancement
Virtual Server Report Generation
Web Application Deployment and Management User Interface
Role Mapping Support
web-apps.xml Data Type Descriptor
Single Sign-on Across Multiple Web Applications with FORM Login
Support for Arbitrary Custom Headers
Support for Response Header Encoding
PHP Compatibility
Changing HTTP Versions
Modifying the Maximum Upload Size while Deploying a WAR File from a Remote Machine
Setting Up Java HotSpot™ Server Virtual Machine With JDK 1.3.1
Securing Access Control With Distributed Administration
This section outlines the JDK software support on Web Server 6.0 SP10.
Web Server 6.0 SP10 supports the 32-bit JDK 1.4.2_04 (supported via binary compatibility) software on the following platforms:
Solaris ( JDK 1.4.2_04)
Linux ( JDK 1.4.2_04)
Windows 2000 ( JDK 1.4.2_04)
HP-UX ( JDK 1.4.2_04)
For details, see JRE/JVM Versions.
Web Server 6.0 SP10 supports the 32-bit JDK 1.4.1 software on the following platforms:
Solaris (JDK 1.4.1_01 and JDK 1.4.1_02)
Linux (JDK 1.4.1_01 and JDK 1.4.1_02)
Windows NT SP6a and Windows 2000 (JDK 1.4.1_01 and JDK 1.4.1_02)
HP-UX ( JDK 1.4.1_01)
For details, see JRE/JVM Versions.
Web Server 6.0 SP10 supports the 32-bit JDK 1.4.0 software on the following platforms:
Note: The specific version is indicated in brackets. See JRE/JVM Versions for more details.
Solaris (JDK 1.4.0_01 and JDK 1.4.0_02)
Linux (JDK 1.4.0_01 and JDK 1.4.0_02)
Windows NT SP6a and Windows 2000 (JDK 1.4.0_01 and JDK 1.4.0_02)
HP-UX ( JDK 1.4.0_01)
For details, see JRE/JVM Versions.
For either JDK version, ensure that all the jar files specified in the default bootclasspath are included in the server-root /https-admserv/start-jvm file.
The default bootclasspath settings for different platforms are listed below:
For more information, see the Note on bootclasspath settings.
Web Server 6.0 SP10 supports JDK 1.4.1 or JDK 1.4.0 on AIX 5.1.
On AIX 5.1 the start-jvm
needs to be
modified due to changes in IBM JDK 1.4.0 and 1.4.1.
In the in server-root/https-admserv/start-jvm
change the line that reads:
NSES_JDK_RUNTIME_CLASSPATH=${NSES_JRE}/lib/ext/iiimp.jar:${NSES_JRE}/lib/i18n.jar:${NSES_JRE}/lib/rt.jar:${NSES_JDK}/lib/tools.jar:${NSES_JDK}/lib/dt.jar;export
NSES_JDK_RUNTIME_CLASSPATH
to the following:
For JDK 1.4.0:
NSES_JDK_RUNTIME_CLASSPATH=${NSES_JRE}/lib/ext/iiimp.jar:${NSES_JRE}/lib/charsets.jar:${NSES_JRE}/lib/core.jar:${NSES_JRE}/lib/graphics.jar:${NSES_JRE}/lib/security.jar:${NSES_JDK}/lib/xml.jar:${NSES_JRE}/lib/server.jar:${NSES_JDK}/lib/tools.jar:${NSES_JDK}/lib/dt.jar;
export NSES_JDK_RUNTIME_CLASSPATH
For JDK 1.4.1:
NSES_JDK_RUNTIME_CLASSPATH=${NSES_JRE}/lib/ext/iiimp.jar:${NSES_JRE}/lib/charsets.jar:${NSES_JRE}/lib/core.jar:${NSES_JRE}/lib/graphics.jar:${NSES_JRE}/lib/security.jar:${NSES_JRE}/lib/server.jar:${NSES_JDK}/lib/tools.jar:${NSES_JDK}/lib/dt.jar;
export NSES_JDK_RUNTIME_CLASSPATH
Note:xml.jar
should not be included in theNSES_JDK_RUNTIME_CLASSPATH
for JDK 1.4.1. If you includexml.jar
, server fails to start on JDK 1.4.1
Note: JDK 1.4 is not supported on AIX 4.3.3
Sun™ ONE Active Server Pages (formerly, Sun™ Chili!Soft ASP) version 3.6.2 now supports the Web Server on the Solaris, Windows, Linux, and HP-UX platforms. Sun ONE Active Server Pages software is a server-side scripting and runtime environment for the cross-platform deployment of Active Server Pages (ASP or .asp) Web sites and Web applications.
Web Server 6.0 SP10 bundles Sun ONE Active Server Pages 3.6.2 on the following platforms:
A license is not required for Sun ONE Active Server Pages if you are installing to the Web Server.
The Sun ONE Active Server Pages installer is available in the /plugins/chilisoft directory in the Web Server 6.0 SP10 download. When you install Web Server 6.0 SP10, the Sun ONE Active Server Pages installer is written to the directory:
%server_root%/plugins/chilisoft/
For more information on Sun ONE Active Server Pages, refer to http://wwws.sun.com/software/chilisoft/.
NSS support in Web Server 6.0 SP10 has been upgraded from NSS 3.3.4.5 to 3.3.4.7. NSS is a set of libraries designed to support cross-platform development of security-enabled server applications.
NSPR support in Web Server 6.0 SP10 has been upgraded to NSPR 4.1.6.
Web Server 6.0 SP10 supports Lightweight Directory Access Protocol (LDAP) Software Development Kit (SDK) version 5.08.
Web Server 6.0 SP10 supports VeriSign, the Certificate Authority (CA) system for issuing digital certificates throughout the enterprise. VeriSign, which uses the VICE protocol for simplifying the certificate request process, has the advantage of being able to return their certificate directly to your server.
Web Server 6.0 SP10 supports the Sun Linux 5.0 platform on Sun Linux systems. For more details, see Installation, Upgrade, and Migration Information.
Web Server 6.0 SP10 supports Sun™ ONE Studio 3.0 (formerly, Forte™ for Java™ 3.0). Forte for Java™ technology is Sun's powerful, extensible, integrated development environment (IDE) for Java technology developers. It is based on NetBeans™ software, and it is integrated with the Sun ONE platform.
Sun ONE Studio 3.0 support is available on the following platforms:
To use Sun ONE Studio 3.0 to debug remote servlets on Solaris OE and Linux, make the following changes:
Solaris:
1) Edit the server-instance/start file to specify the following:
2) Edit the server-id/https-admserv/start-jvm file to point the NSES_JRE_RUNTIME_LIBPATH variable to ${NSES_JDK}/lib/sparc.
Linux:
1) Edit the server-instance/start file to specify the following:
2) Edit the server-id/https-admserv/start-jvm file to point the NSES_JRE_RUNTIME_LIBPATH variable to ${NSES_JDK}/lib/i386.
For information on remote debugging on the Windows platform, see iPlanet Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets. For more information and documentation on using Sun ONE Studio 3.0, see http://www.sun.com/software/sundev/previous/ffj.
A number of enhancements have been added to the magnus.conf directive that provide greater control over Web Server 6.0 SP10. Edit the magnus.conf file for the following:
Tuning keep-alive subsystem performance
Changing the server header in a response
Setting an upper limit to the time slept after polling keep-alive connections
Handling standard output and error log messages
The magnus.conf directive KeepAliveQueryMeanTime can be used to tune keep-alive subsystem performance. KeepAliveQueryMeanTime specifies the desired keep-alive latency in milliseconds. The default value of 100 is appropriate for almost all installations. Note that CPU usage will increase with lower KeepAliveQueryMeanTime values.
A magnus.conf directive ServerString has been added to allow administrators to change the Server header in a response. The String none, will cause the header to not be sent at all. Example:
A new magnus.conf directive KeepAliveQueryMaxSleepTime has been added to set an upper limit to the time slept after polling keep-alive connections for further requests. Values can range from 0 to 5000 milliseconds. If you do not specify a value, by default, the value of KeepAliveQueryMaxSleepTime is set to the value of the KeepAliveQueryMeanTime directive. The default value is recommended for most real-world use cases.
Web Server 6.0 SP10 introduces four new magnus.conf directives that determine how the server handles standard output and error messages, including System.out and System.err messages from Java programs. The directives are described in the following table:
|
|
The magnus.conf directive AcceptTimeout specifies the number of seconds the server waits for data to arrive from the client before closing the connection. For more details, see the Note in the Corrections to Documentation section. |
|
|
The keep-alive subsystem has been enhanced to handle thousands of persistent connections.
This user interface allows you to generate reports for specific virtual servers. You can access this page from the Logs tab of the Virtual Server Manager.
You can deploy Web applications from the user interface as well as from the command line using wdeploy. New user interfaces have been added to the server manager to facilitate:
Web application deployment on a local machine or remote server machine
Web application editing for a virtual server
Web Server 6.0 SP10 supports roles if the underlying LDAP server supports roles. If you wish to authenticate roles for Web applications, you need to add the following to the server-id /config/web-apps.xml file:
For more information about role authentication provided by Directory Server 5.0 SP1, see iPlanet Directory Server Administrator's Guide.
Web Server 6.0 SP10 allows you to enable or disable a Web application. You can do so in either of the following ways:
Using the Application GUI: If you have already deployed a Web application:
At the web-apps level: By default, an application is automatically enabled with the value set to true in the server-id/config/web-apps.xml file. You can disable the application by setting the value to false.
<web-app uri="/catalog" dir="/export/apps/catalog" enable="false">
For more information on Web Server 6.0 DTD, see http://developer.sun.com/.
Web Server 6.0 SP10 allows single sign-on across multiple Web applications using FORM login configuration. You can enable this feature in two ways.
Configuring a session manager at the virtual server level
Configuring a virtual-server form-login session manager in a separate HTTP session
This is the easiest approach, but the session and session attributes are shared across all applications.
Example:
<vs>
<!-- configure a VS-level session
manager -->
<session-managerclass='com.netscape.server.http.session.IWSSessionManager'>
<init-param>
<param-name>maxSessions</param-name>
<param-value>
1024 </param-value>
</init-param>
<init-param>
<param-name>reapInterval</param-name>
<param-value>
8 </param-value>
</init-param>
<init-param>
<param-name>timeOut</param-name>
<param-value>
300 </param-value>
</init-param>
</session-manager>
</vs>
In this case, all form-login sessions are created using this VS-wide form-login session manager, and the container uses a separate cookie to track the sessions. These sessions are available across all applications within the virtual server.
The VS-wide form-login session manager is created when a form-login-session element is present under the vs element in the server-id/config/web-apps.xml file. You can customize the underlying session manager, cookie name, and the session timeout using the form-login-session element.
Example:
<vs>
<!-- configure form login session
timeout to 300 secs (5 min), with
MMapSessionManager -->
<form-login-session timeOut="300">
<session-managerclass='com.netscape.server.http.session.MMapSessionManager'>
<init-param>
<param-name>maxSessions</param-name>
<param-value>10000</param-value>
</init-param>
<init-param>
<param-name>reapInterval</param-name>
<param-value>8</param-value>
</init-param>
</session-manager>
</form-login-session>
</vs>
The advantages of configuring a virtual-server form-login session manager in a separate HTTP session are:
The form-login session manager can be different from the per-web application or VS-wide session manager.
Session data is not shared across web applications when single sign-on is enabled, since a separate session manager is used for FORM login.
The user principal is not available as a session attribute, since it is stored in a private session.
The disadvantages of configuring a virtual-server form-login session manager in a separate HTTP session are:
Session tracking via URL does not work; only cookie tracking is supported.
Per-web application session timeout and session cookie configuration are not supported by the form-login session
You cannot implement logout using session.invalidate().
In Web Server 6.0 SP10, the set-variable SAF (Server Application Function) can be used to add custom headers to the server's HTTP responses. For example, consider the following server-id /config/obj.conf directive:
AuthTrans
fn="set-variable"
insert-srvhdrs="P3P:policyref=\"http://hostname/P3P/policy.xml\""
This directive instructs the server to add the following HTTP header to each response:
P3P:policyref="http://hostname/P3P/policy.xml"
Web Server 6.0 SP10 supports two byte character response header encoding in HTTP header and plugin programs.
Web Server 6.0 SP10 is compatible with PHP version 4.3.x or 4.3.8, the versatile and widely-used Open Source general-purpose Web cripting language that allows server-side scripting, command line scripting, and client-side GUI scripting. PHP runs on all major operating systems. The following section tells you where you can find PHP-specific installation and configuration information:
For platform-specific installation instructions, refer to the following sites:
Linux - http://www.php.net/manual/en/install.linux.php
Solaris - http://www.php.net/manual/en/install.solaris.php
Windows - http://www.php.net/manual/en/install.windows.php
HPUX - http://www.php.net/manual/en/install.hpux.php
AIX - To configure PHP smoothly on the AIX platform, complete the following steps:
Ensure that the location of the compiler file makeC++SharedLib on your system matches the path specified in the relink_36plugin script, available in the following location: <server-root>/plugins/nsapi/examples/relink_36plugin
Relink the <server-root>/bin/libphp4.so file using the relink_36plugin script. This will create a file named libphp4.so.new.
Rename the newly created libphp4.so.new file to libphp4.so.
Make the necessary configuration changes to the files magnus.conf, obj.conf and mime.types, as specified in http://www.php.net/manual/en/install.netscape-enterprise.php, keeping in mind the Note given below.
Restart the server instance.
For general installation instructions, see http://www.php.net/manual/en/installation.php.
For installation and configuration information that is specific to the Web Server installs of PHP, refer to http://www.php.net/manual/en/install.netscape-enterprise.php.
|
|
The configuration information in the site http://www.php.net/manual/en/install.netscape-enterprise.php, is accurate for iPlanet Web Server 4.x. For Sun ONE Web Server 6.0 and above however, you need to make the specified changes to the Init function in the server-id/config/magnus.conf file, and not the server-id/config/obj.conf file. |
|
|
For more information on PHP, see the following sites:
PHP Home page at http://www.php.net/
PHP manual at http://www.php.net/manual/en/
Use the following methods to downgrade the HTTP version to 1.0:
To downgrade requests for Microsoft Internet Explorer to HTTP/1.0 version, add the following to the obj.conf file:
AuthTrans fn="match-browser" browser="*MSIE*" http-downgrade="1.0"
To downgrade all requests to HTTP/1.0 version, add the following to the magnus.conf file:
When you deploy a Web application using the Administration Server from a remote machine, by default the maximum upload size is 10 MB. This can be changed by editing the install-root /bin/https/webapps/instance-app/WEB-INF/web.xml file. In the servlet webappdeploy, insert an init param named maxUploadSize with a value in bytes specifying the maximum upload size.
Example:
<param-name>maxUploadSize</param-name>
<param-value>90000000</param-value>
If you choose to use the JDK 1.3.1 server JVM, you must change the path order of NSES_JRE_RUNTIME_LIBPATH in the server-id /https-admserv/start-jvm file, otherwise the default client JVM will be invoked even if you have set the value of jvm.option to -server in the jvm12.conf file. To configure the server so that the server JVM is loaded, edit the server-id /https-admserv/start-jvm file, so that the line ${NSES_JRE}/lib/sparc/server occurs before the line ${NSES_JRE}/lib/sparc.
This section lists the additional tasks you need to perform in order to secure access control with Web Server 6.0 SP10, after enabling distributed administration. The related problem identifiers are 4650463, 4744325, and 4536739.
The order in which the PathCheck directive occurs in the https-server-id object tag in the generated.https-server-id.acl file might grant undesired access to resources. To prevent this, edit the < server-root>/generated.https-server-id.acl file, specifying a comma-separated list of program groups for which access control is required, as shown below:
user=<username> and program=<program group, program group...>;
user=<username> and program!=<program group, program group...>;
To configure Web Server 6.0 SP10 to control access to server instances, edit the < server-root >/httpacl/*.https-admserv.acl files to specify the user to whom you want to grant access control privileges.
Example:
deny absolute (all) user != "UserA";
If the access control entry that refers to the ip attribute is located in the Administration Server related ACL files (gen*.https-admserv.acl), then complete steps (1) and (2) below.
Edit the < server-root >/httpacl/gen*.https-admserv.acl files to add ip to the authentication list, in addition to user and group, as shown below:
Required patches are listed for the following platforms:
If you are using a JRE that is different from the one bundled with Web Server 6.0 SP10, or if you are using a JDK, you might need additional patches.
The following patches are recommended for Solaris OE users of Web Server. In addition, you should have the latest patches in Sun's recommended patch list. For Sun's recommended patch list, see http://sunsolve.sun.com/pubpatch. You can download the patches from http://sunsolve.sun.com.
For each patch, use the listed revision or a higher revision. For example, if you need patch 111111-01, the later revision 111111-03 will also work.
The following patch is required to run Web Server 6.0, on Solaris 2.6 OE:
105591-09
Use the latest Solaris patches for Solaris 7 OE.
Patch 108727-05 is required for Solaris 8 OE users with NFS volumes.
The following Solaris 2.6 OE patch is recommended when using the CC 4.2 compiler:
The following HP-UX 11i Patches are required for Web Server 6.0:
HP-UX 11i Operating Environment Component B.11.11.0203
Required patch bundle for 11i, June 2003 - B.11.11.0306.1
Gold Base patches for HP-UX 11i, June 2003 - B.11.11.0306.4
Gold Application patches for HP-UX 11i, June 2003 - B.11.11.0306.4
Pthread enhancement and fixes - PHCO_29109
Pthread.h fix and new enhancement - PHCO_27633
libc manpage cumulative patch - PHCO_29328
libc cumulative patch - PHCO_29495
In addition to using the General-Release Patch Bundles (XSWGR1100), the following operating system patch (applicable and specific to HP-UX 11i, 11.11 only) must be installed: PHNE_23645.
You can find a list of patches for Java 1.2.2.07 at http://us-support.external.hp.com/.
Ensure that you are running a complete installation of AIX, including the latest update and maintenance patches.
Windows NT 4.0 SP6a is required for running Sun ONE Web Server 6.0.
Windows 2000 Server SP2 or later is required for running Web Server 6.0 SP10.
The following versions of JRE and JVM are bundled with Web Server 6.0 SP10:
Comment out -Xrs flag in config/jvm12.conf to generate stack traces. For JVMPI based profiling or debugging purposes (such as with hprof or dbx) purposes, use the reference implementation. Note: To run JDK 1.3.1_03, JDK 1.4.0_01, JDK 1.4.0_02, and JDK 1.4.1_01 on Solaris OE, you must edit the magnus.conf file to include the following immediately after the line that specifies the RqThrottle value: Supported JDK software versions: JDK 1.3.1_03, JDK 1.4.0_01, JDK 1.4.0_02, JDK 1.4.1_01, 1.4.2_04* *Supported via binary compatibility. |
||
Sun ONE Web Server 6.0 SP10 is certified to work with Sun Linux 5.0 using JDK1.2.2_10 and JDK 1.2.2_013 Supported JDK software versions: JDK 1.3.1_03, JDK 1.4.0_01, JDK 1.4.0_02, JDK 1.4.1_01 RED HAT LINUX 6.2, 7.1, and 7.2 Supported JDK software versions: JDK 1.2.2_010, JDK 1.3.1_03, JDK 1.4.0_01, JDK 1.4.0_02, JDK 1.4.1_01 Note: For optimal performance, use JDK 1.3.1 RED HAT LINUX ADVANCED SERVER 2.1 JDK 1.2.2_010, JDK 1.3.1, JDK 1.4.0_01, JDK 1.4.0_02, JDK 1.4.1_01, JDK 1.4.2_02 Note: The JDK mentioned above refers to Sun's JDK. |
||
Supported JDK software versions: JDK 1.2.2_010, JDK 1.3.1_03, JDK 1.4.0_01, JDK 1.4.0_02, JDK 1.4.1_01, , JDK 1.4.2_02* *Supported via binary compatibility. |
||
Java version 1.2.2 Classic VM (J2RE 1.2.2 IBM build ca122-20001206 (JIT enabled: jitc)) |
Supported JDK software versions: JDK 1.3.1 (Developer Kit, Java 2 Technology Edition, Version 1.3.1, 32-bit version for POWER for AIX) |
|
Java version 1.2.2.10 HotSpot VM (1.0.1fcs, mixed mode, PA2.0 build 1.2.2.10-01/09/14-PA_RISC2.0) |
The Sun ONE Web Server 6.0 SP10 download also contains Java version 1.2.2.10 Classic VM. (build 1.2.2.10-01/09/14-PA_RISC2.0, native threads, HP) For more information on the HotSpot VM, see http://www.hp.com/products1/unix/java/java2/sdkrte/downloads/license_sdk_1-2-2-10.html Supported JDK software versions: JDK 1.3.1_02, JDK 1.4.0_01, JDK 1.4.0_02, JDK 1.4.2_02* *Supported via binary compatibility. |
http://java.sun.com/j2se/1.4.2/download.html
For more information about JVM/JRE version 1.2.x for Solaris OE, go to http://www.sun.com/software/solaris/java/download.html.
This section includes information for installing, upgrading, and migrating your Web Server.
|
|
When you install Web Server 6.0 SP10 over an existing installation of Sun ONE Web Server, the installer automatically detects and carries out the upgrade. |
|
|
The following table summarizes the supported platforms for Web Server 6.0 SP10. To successfully run Sun ONE Web Server 6.0 SP10 on Windows 2000, at least 512 MB of memory and 2 GB of disk space are required.
Windows 2000 SP4 (for both Server, Advanced Server, and Professional Edition) |
||
*Supported via binary compatibility.
**As of Web Server 6.0, older SPARC CPUs are not supported. Web Server 6.0 SP10 continues to support the UltraSPARC architecture.
|
|
If you are running Web Server 6.0 SP10 on Red Hat Linux 7.2 or above, for optimal performance, you must tune kernel initialization parameters after you install the server. |
|
|
If you are running a 4.x version of iPlanet Web Server, in order to move to Web Server 6.0 SP10, you must migrate your existing server. However, if you have a 6.x version of Web Server, you can directly upgrade to Web Server 6.0 SP10.
This section contains list of issues resolved in the following service pack releases:
Issues Resolved in SP10
Issues Resolved in SP9
Issues Resolved in SP8
Issues Resolved in SP7
Issues Resolved in SP6
Issues Resolved in SP5
Issues Resolved in SP4
Issues Resolved in SP3
Issues Resolved in SP2
Issues Resolved in SP1
This section lists issues resolved in Web Server 6.0 SP10.
The timeout value in seconds for ldapsession bind and ldap search can be mentioned in server_root/userdb/dbswitch.conf as below. By default there is no timeout. Sample dbswitch.conf:
default:binddn cn=Directory Manager
default:encoded bindpw ODg4ODg4ODg=
default:timeout 60
This section lists issues resolved in Web Server 6.0 SP9.
This section lists issues resolved in Web Server 6.0 SP8.
uxwdog
process crashes on multiple
CPUs machine during shut down.
compat=5
option.To resolve this issue, libCld.so has to be LD_PRELOAD, for this, edit the start script for that instance and add the following line:
LD_PRELOAD=${SERVER_ROOT}/bin/https/lib/libCld.so;
export LD_PRELOAD
Replace with the directory where the Web Server is installed. Then restart the server.
jvm.trace=7
does not send exception
details to client browser.
getContextPath()
call violates servlet
2.2 spec in default root context.
*
for UID
in basic authentication.
htconvert
not converting wildcard
patterns correctly.
SSLCacheEntries
, SSLSessionTimeout
,
and SSL3SessionTimeout
are accepting negative values.
htconvert
perl script does not
parse obj.conf
and document-root
path
properly.
KeepAliveTimeout
,
MaxKeepAliveConnection
, and KeepAliveThreads
error.
obj.conf
processing in NameTrans.When a servlet is accessed for the first time, it is processed through ServletByExt NameTrans, however, subsequent request goes through "servlet" NameTrans.
<Object name="default">
NameTrans from="/*"
fn="assign-name" name="WSL-Protect"
NameTrans
fn="NSServletNameTrans" name="servlet"
NameTrans
fn="pfx2dir" from="/servlet"
dir="/space/iws/41sp11/docs/servlet" name="ServletByExt"
==================== access /servlet/TestRequestObject
[09/Dec/2002:09:04:18] info (22539): for host 129.158.224.47 trying
to GET /servlet/TestRequestObject,
printer reports: printing
location : I am in ServletByExt
[09/Dec/2002:09:04:18] info
(22539): for host 129.158.224.47 trying to GET
/servlet/TestRequestObject,
printer reports: printing location : I
am in WSL-Protect
[09/Dec/2002:09:04:18] info (22539): Internal
Info: loading servlet /servlet/TestRequestObject
[09/Dec/2002:09:04:18] info (22539): /servlet/TestRequestObject:
init
==================== shift + reload /servlet/TestRequestObject
[09/Dec/2002:09:04:27] info (22539): for host
129.158.224.47 trying to GET /servlet/TestRequestObject,
printer
reports: printing location : I am in servlet
[09/Dec/2002:09:04:27]
info (22539): for host 129.158.224.47 trying to GET
/servlet/TestRequestObject,
printer reports: printing location : I
am in WSL-Protect
NameTrans fn="pfx2dir" from="/servlet" ... name="ServletByExt" comes before NameTrans fn="NSServletNameTrans" name="servlet"
This section lists issues resolved in Web Server 6.0 SP7.
A problem has been identified in the implementation of the SSL protocols used by the Web Server that may be exploited as a Denial Of Service attack. Web Server 6.0 SP7 fixes this problem. If you use the Web Server to host sites that utilize SSL version 3 or TLS, you are strongly encouraged to install this Service Pack.
Error pages in Sun ONE Web Server are customizable and may be configured in the WEB-INF/web.xml file. In previous versions of the Web Server, invoking a customized error page could sometimes lead to a “File Not Found” error. As of Web Server6.0 SP7, this problem has been fixed.
Web Server 6.0 SP7 fixes problems related to IP-based access control. Enabling IP-based access control on a server instance requires no additional configuration steps. However, if you use distributed administration, you would need to perform certain additional configuration tasks. For more information about what you need to do, refer to Securing Access Control With Distributed Administration.
This section lists issues resolved in Web Server 6.0 SP6.
If you add more than 22 language tag entries in the accept-language header, an HTTP 400 error message is generated by the Web server.
If you are running the Web Server on either the Solaris 8 OE with the Patch-ID# 111297-01 (SunOS 5.8: /usr/lib/libsendfile.so.1 patch) installed or the Solaris 9 OE, the ns-httpd process continues to hold files until the server is restarted. To avoid this, set the value of the TransmitFile parameter to false in the nsfc.conf file, as shown below:
TransmitFile=false
The ACL_LDAPSessionAllocate method did not work in previous releases of the Web server. The problem is resolved in Web Server 6.0 SP6. Further, the dbname parameter in the ACL_LDAPSessionAllocate method corresponds to the id attribute of the USERDB element in the server.xml file. For more information, see the install-dir/plugins/nsacl/api-notes.html file.
The DN attribute Serial Number was not being recognized by previous releases of the Web server due to the version of NSS used. (Note that Web Server 6.0 SP9 uses NSS version 3.3.4.5.)
To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.
Sun ONE Web Server does not support the use of shared ClassCache directories. Each instance directory, including the ClassCache directory, must be created on a local file system and not on an NFS volume.
To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.
To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.
To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.
To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.
To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.
To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.
This upgrade fixes the problem reported at on Vaudenay Timing Attack on CBCmode block ciphers.
This section lists issues resolved in Web Server 6.0 SP5.
If your browser uses a Java plugin supporting JRE 1.3 or higher (for example, Netscape Navigator™ 6.0 and above, or Internet Explorer configured with JRE 1.3 and above) to run applets, then, while accessing an applet, you will be prompted for your user name and password by the browser. This is because of extra security checks performed by JRE 1.3 and above.
If you are running version 6.x of Netscape Navigator browser on Windows, the browser might crash when you perform certain operations using the Restrict Access page. This is not the case with the 7.x version of Netscape Navigator browser. The problem is due to a browser-related issue that is more fully documented in the Release Notes for Netscape 6 Review Release 1.
Web Server 6.0 SP5 supports custom methods used by WebDAV clients. In case of problems with the OPTIONS method, edit the obj.conf file to set method="*" in the Service directive, as follows:
Service method="*" fn="NSServletService"
or
Service method="*" fn="NSServletService" servlet=<servletname>
This is applicable only in the case of web applications and not in the case of legacy servlets.
As of Web Server 6.0 SP5, the ClassLoader has been modified so that a client call to the getResources function returns all available URLs for a resource.
As of Web Server 6.0 SP5, an additional parameter content-type has been added to the SHTML tag in the #config directive. By configuring the #config directive, you can now specify the content-type a .shtml file will return. Example:
<!--#config content-type="text/vnd.wap.wml"-->
As of Web Server 6.0 SP5, the problem of URL forwarding when "/" is used for redirection, is resolved.
If you are running Web Server 6.0 SP5 on a secured server (with SSL), you can start the server only if you have logged in as a user with Local System Account (Administrator) privileges.
As of Web Server 6.0 SP5, in the case of web applications, the web-apps.xml file can be edited to set the value of the configuration parameter redirect-to-absolute-url to either true or false. When the value is set to true, the absolute path is appended to the URI for the location parameter in the response header. Example:
<config-param>
<param-name>redirect-to-absolute-url</param-name>
<param-value>true</param-value>
</config-param>
Note however, that this fix does not apply to legacy servlets.
As of Web Server 6.0 SP5, this issue is resolved on Internet Explorer 5.0 SP2, and on Internet Explorer 5.5 and above.
This issue is resolved as of Web Server 6.0 SP5. For more details, see magnus.conf Directive Enhancement.
As of Web Server 6.0 SP5, the bootclasspath setting can be changed by editing the config/jvm12.conf file to set the value of jvm.option to the following:
-Xbootclasspath
-Xbootclasspath/a
-Xbootclasspath/p
Example:
jvm.option=-Xbootclasspath:<path...>
Here <path...> specifies the path that will override the runtime classpath in start-jvm.
jvm.option=-Xbootclasspath/p:<path...>
Here <path...> specifies the path that is to precede the runtime classpath in start-jvm or the overridden bootclasspath in (1).
jvm.option=-Xbootclasspath/a:<path...>
Here <path...> specifies the path that is to be appended to the runtime classpath in start-jvm or the overridden bootclasspath in (1).
In Sun ONE Web Server, the magnus.conf directive AcceptTimeout achieves the functionality of what has been documented as the IOTimeout directive. For more details, see the Note in the Corrections to Documentation section..
Duplicate group IDs within a defined scope could lead to the logging of internal errors if the group occurs in an ACL.
The Administration Server and the cron daemon must be run as root for cron-based log rotation to function properly.
As of Web Server 6.0 SP5, this authentication-related security issue for users of Directory servers has been resolved.
This section lists issues resolved in Web Server 6.0 SP4.
As of Web Server 6.0 SP4, you cannot use the search pattern “..” in either a URL or in the path of a pattern file.
The security problem due to buffer overflow with chunked encoding has been resolved in Web Server 6.0 SP4.
This section lists issues resolved in Web Server 6.0 SP3
The runtime error message was specific to Internet Explorer 5.5, which is no longer available for download. It does not appear with IE 5.5 Service Pack 2 or any other version of Internet Explorer.
As of Web Server 6.0 SP3, even if access control is disabled at the server level, virtual servers irrespective of what class they are under, function properly.
As of Web Server 6.0 SP3, if the CA certificate is properly installed, Distributed Administration works smoothly with LDAP over SSL. For more information on installing the CA certificate, see iPlanet Web Server, Enterprise Edition Administrator's Guide.
As of Web Server 6.0 SP3, you can add a server to the cluster under SSL.
Web Server 6.0 SP3 enables proper monitoring of the current activity of SSL-enabled servers.
As of Web Server 6.0 SP3, you can enable response header encoding at either the web-app level or the virtual server level by setting the value of the configuration parameter use-responseCT-for-headers to any of the values, yes, true, or on, in the server-id/config/web-apps.xml file. The web-app setting overrides the virtual server level setting.
In the following example, response header encoding is disabled at the web-app level by setting the parameter value to false:
<param-name>use-responseCT-for-headers</param-name>
<web-app uri="/jakarta" dir="/export/home/ramach/Rtm1026/ns/server/work/B1/Sun
OS5.6_DBG.OBJ/docs/jakarta" enable="true">
<param-name>use-responseCT-for-headers</param-name>
<param-value>false</param-value>
Due to a browser issue, when you use the Korean character set, a version 4.7 or later Netscape browser, on Solaris 2.8 fails to display characters properly in the “File Save” dialog box. A bug has been filed with Netscape Communications Corporation.
As of this release, setting the value of the urlencoding parameter in the function index-common in the server-id/config/obj.conf file to off, enables index listing of encoded directories. Example:
Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common urlencoding="off"
If your Sun ONE Web Server installation is configured to use an SSL LDAP server, you must also ensure that it has at least one of the following:
As of Web Server 6.0 SP3, in case of a bind failure, you will receive an LDAP bind error message.
As of Web Server 6.0 SP3, the iPlanet Web Server, Enterprise Edition NSAPI Programmer's Guide contains a new section titled “Changes to Function Flow” which discusses conditions that cause changes in the normal request handling process. Additionally, the section on the request data structure in the appendix on data structures has been updated.
As of Web Server 6.0 SP3, if you do not specify the name of a web-apps file associated with a web application, when you delete the web application, the corresponding web-apps file is automatically deleted, and its associated entry in the server.xml file removed. Before deletion, however, you must ensure that no other server instance is referencing the web-apps file associated with the application you want to delete.
As of Web Server 6.0 SP3, in a .htaccess file, if the number of require directives exceeds 50, or if the number of entries under the allow or deny directives exceeds 50, subsequent entries are ignored, and an error is logged in the error log file located in https-server_name/logs/errors in the server root directory.
As of Web Server 6.0 SP3, the values allowed for the jvm.verboseMode parameter are gc, class and jni, with the default being gc. Please note that the parameter values are case-sensitive.
If Web Server 6.0 SP3 is running on a Windows system using the multibyte character set, when you specify a URI, ensure that the path component of the URI (that is, the path, the filename, and the path-info, but not including the query) is less than or equal to 257 bytes.
For example, in the URI /cgi-bin/printenv.pl/foo/bar?name=value, the path to the resource (/cgi-bin/printenv.pl) and the path-info (/foo/bar) together must not exceed 257 bytes.
As of Web Server 6.0 SP3, the parameter jvm.stickyAttach is by default set to 1 in the jvm12.conf file, and the memory footprint growth is under control.
Web Server 6.0 SP3 has been enhanced to provide robust and secure SNMP trap handling and request handling support. For more details, see the following Cert Advisory number:
CA-2002-03: Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP).
Buffer overflow issues with the Search functionality have been resolved in Web Server 6.0 SP3.
This section lists issues resolved in Web Server 6.0 SP2.
As of Web Server 6.0 SP2, latencies under very light load have been reduced while increasing throughput under very heavy load. For more details, see Release Notes for iPlanet Web Server, Enterprise Edition Version 6.0SP2.
As of Web Server 6.0 SP2, the <Client> tag can be used in obj.conf files to customize behavior for specific browsers. For example, the following obj.conf directives instruct Web Server to serve different content based on whether the user is using a Microsoft Internet Explorer (MSIE) browser:
<Client browser="*MSIE*">
NameTrans
fn="document-root" root="$docroot/MSIE"
</Client>
NameTrans fn="document-root"
root="$docroot"
The way Microsoft Internet Explorer (MSIE) handles SSL version 3 (SSLv3) and Transport Layer Security (TLS) keep-alive connections causes interoperability problems with non-Microsoft web servers such as Web Server. When accessing a web server over SSL (https://) connections, Internet Explorer may inappropriately display error messages or blank pages.
Web Server 6.0 SP2 introduces new functionality to work around this problem. Two remedies are possible:
Add the following line immediately below the <Object name="default"> line in the server's obj.conf files:
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
This line instructs the server to not send a close_notify alert when it closes SSLv3 connections from MSIE browsers. The close_notify packet is a required component of the SSLv3 and TLS specifications, but it is misinterpreted by MSIE.
Note that the close_notify packet is used in SSLv3 and TLS connections to inform the other party in the transaction that the connection is being closed. Instructing Web Server to not send the close_notify packet may make MSIE vulnerable to a truncation attack.
Add the following line immediately below the <Object name="default"> line in the server's obj.conf files:
AuthTrans fn="match-browser" browser="*MSIE*" keep-alive="disabled"
This line instructs the server to disable keep-alive connections for Internet Explorer browsers. Disabling keep-alive connections may decrease your server's performance.
This section lists issues resolved in Web Server 6.0 SP1.
In previous versions of the server, CGI programs that wanted to redirect a browser to another location were forced to supply a URL, for example http://server/index.html, or an absolute URI, such as /index.html. Starting with SP1, relative URIs, such as index.html, are also accepted.
Prior to SP1 there was no way to log time the server spent processing requests. A new flex-log format variable, %duration%, has been added. %duration% records the time in microseconds the server spent handling the request. Statistics must be enabled for the server instance before %duration% can be used. See the iPlanet Web Server, Enterprise Edition Administrator's Guide for information on enabling statistics. For more information on log file formats, refer to the iPlanet Web Server, Enterprise Edition NSAPI Programmer's Guide and the iPlanet Web Server, Enterprise Edition Administrator's Guide.
Prior to SP1 there was no way to track when the keep-alive subsystem was full. The server now tracks the number of times a connection was not added to the keep-alive subsystem because the keep-alive subsystem was full. This information is presented as KeepAliveRefusals in .perf output. For more information on .perf, refer to the iPlanet Web Server 6.0 Performance Tuning, Sizing, and Scaling Guide.
Prior to SP1 it was not possible to use an arbitrary server resource, such as a JSP or SHTML page, as the error page. As of SP1, the parameter uri has been added to the send-error Error SAF. uri specifies the URI of a resource to use when an error is encountered.
Consider the following line from obj.conf:
Error fn="send-error" reason="Not Found" uri="/notfound.jsp" path="/usr/iplanet/servers/docs/notfound.html"
This line instructs send-error to behave as though the client had requested /notfound.jsp when the client requests a URI that does not exist. If an error is encountered when accessing /notfound.jsp, the HTML file at /usr/iplanet/servers/docs/notfound.html will be displayed instead. For more information on the send-error Error SAF, refer to the iPlanet Web Server, Enterprise Edition NSAPI Programmer's Guide.
This section lists known problems. Information is organized into the following areas:
While installing Web Server 4.1, if the user selected 1,2 and 8 (i.e. not selected java support), jvm12.conf, rules.properties, and servlets.properties files will not be created.
If the user then migrates this instance to Web Server 6.0, the migrated server will also not get these files. Web Server 6.0 does not support this configuration (without java support).
If the user installs Web Server 4.1 without Java, and then migrates to Web Server 6.0, they have to copy the three files (jvm12.conf, rules.properties, and servlets.properties) from the Web Server 60 instance to the migrated server.
Errors are logged from NSS after the DBM's in-memory cache reaches the maximum allowable size. When this behavior happens, DBM will try and create temporary files in order to expand its memory space. If it fails to create temporary files, it starts logging the following errors:
[11/Dec/2003:10:52:54]
failure (20073): Error receiving connection (SEC_ERROR_BAD_DATABASE -
Problem using certificate or key database)
[11/Dec/2003:10:52:54]
failure (20073): Error receiving connection (SEC_ERROR_BAD_DATABASE -
Problem using certificate or key database)
[11/Dec/2003:10:52:54]
failure (20073): Error receiving connection (SEC_ERROR_BAD_DATABASE -
Problem using certificate or key database)
This in turn results in the SEC_ERROR_BAD_DATABASE
errors.
Set $TMP in the start script of web server to point to a file system (dir) writable by webserver user.
According to the Sun ONE Web Server 6.1 Administrator's Guide, the ‘list’ right is required to obtain directory listings from directories that do not contain an index file. However, it is possible to obtain a directory listing even if the applicable ACLs deny the ‘list’ right. For this reason, if you need to restrict directory indexing, it is recommended that you do so by disabling indexing as documented in the Content Management chapter of the Administrator’s Guide, apart from or in addition to, denying the ‘list’ right.
Access control applets do not work on browsers on the Mac OS since the LiveConnect feature, which allows Java methods to be invoked from JavaScript™ methods, is not supported. This is due to an inherent problem in the browser plugins bundled with the Mac OS. To use the Administration Server user interface to perform restrict access operations, you must use a browser on a different platform.
Certificate migration from Netscape Enterprise Web Server 3.6 to Sun ONE Web Server 6.x is not supported.
Edit the install-dir/plugins/search/common/style/pdf/style.ddd file in the following way:
Remove the comment from the line: $include style.sfl
Comment out the line: $include style.ufl
During migration from a version 4.1 release to the 6.0 release of the Web Server, the Address directive from the magnus.conf file is also unnecessarily migrated. This leads to the following warning message at server startup: “Warning ( ): Address directive ignored.”
The iPlanet Web Server, Enterprise Edition Installation Guide states that if your iPlanet Web Server 4.x Web application specified MMapSessionManager as the class name for the session manager, the application would remain unchanged after migration. However, this is incorrect because the package name of the SessionManager has been changed from com.netscape.server.http.session in the 4.1 version to com.iplanet.server.http.session in the 6.0 version of the Web Server.
The Web Server file that defines international character encoding is named i18n.jar; in the JDK 1.4 however, this file is named charsets.jar. Because of this discrepancy, the character encoding of Web resources cannot be resolved against the correct file.
Rename the file i18n.jar, located in the <install-dir>/https-admserv/start-jvm directory to charsets.jar, and restart the server.
The server-id/https-admserv/start-jvm file bundled with Web Server 6.0 SP5 allows you to configure JVM environment settings. The server assumes that any file in the server-id/https-admserv directory with a name that begins with start- is a configuration file. So, for custom configuration activity, you can add more configuration files to the server-id/https-admserv directory taking care that the file names begin with start-.
In order to enable perfdump, ensure that the .perf nametrans directive is specified before the document-root nametrans directive in the default object. Example:
NameTrans fn=assign-name from="/.perf" name="perf"
NameTrans fn=document-root root=/usr/server1/docs
As of Web Server 6.0 SP5, if you are writing an NSAPI program that reads binary data, using the netbuf_getc function would cause a significant performance overhead in case of network error. You can use the netbuf_getbytes function instead to read binary data.
Syntax:
NSAPI_PUBLIC int netbuf_getbytes(netbuf *buf, char *buffer, int size)
Returns
The total number of bytes read from a network buffer. If an error occurs, it returns NETBUF_EOF or NETBUF_ERROR.
Parameters:
netbuf *buf: the network buffer from which to retrieve bytes.
char *buffer: the character array from where to retrieve bytes.
int size: the initial size of the character array.
As of Web Server 6.0 SP5, when you reconfigure the server dynamically either by executing the reconfig command on the command line or by applying the Load Configuration option through the Administration Server, additional informational messages appear on the console. These messages are identified by the "info:" prefix and can be safely ignored.
If you are using the Cisco Content Services Switch (CSS) with Sun ONE Web Server and have set the value of the sticky bit setting in CSS to on, the following error is logged periodically in the error logs:
failure ( 2210): Error accepting connection -5928, oserr=130 (Connect aborted)
This is caused not by a defect in Sun ONE Web Server but by the setting of the sticky bit in CSS. To avoid the error logging, set the value of the sticky bit in CSS to off.
As of Web Server 6.0 SP5, to index a new document root directory, use the Administration Server to go to <server instance> | Virtual Server Class | Default Class | Content Mgmt | Additional Document Directories, and create a mapping for the new directory. The new directory will now appear listed in the Search -> New Collection directory index options.
Before enabling distributed administration, create a user with the name and password of the local superuser (the user name and password you specified during installation), and add it to the distributed administration group.
Do not use reserved URIs to deploy web applications; for example, because /search is a reserved URI, do not use it as a URI for deployment, otherwise you will not be able to access the Search functionality. For a list of reserved URIs, see the obj.conf file directives in the iPlanet Web Server, Enterprise Edition NSAPI Programmer's Guide.
Because stack size requirements of different JDK versions are different, if you are using a JDK version that is different from the default JDK bundled with Web Server 6.0 SP5, you might experience stack overflow problems. In case you do, edit the StackSize directive in the server-id/config/magnus.conf file to modify the stack size for the request handling thread. The stack size limits for JDK 1.2.2 (for Solaris) and JDK 1.3.1 are as follows:
JDK 1.2.2 (on Solaris)
Minimum allowed Java stack: 1000 bytes
Minimum allowed Native stack: 24 kb
JDK 1.3.1
Minimum allowed stack: 64 k
Default stack size: 512 k
To prevent default cookie encoding, change the value of the context.global.enableCookieEncoding property in the server-root/server-instance/config/contexts.properties file to false.
If you need to run the admin server with a non-root userid, invoke setup with the same userid.
During login, ensure that your user name does not contain any white spaces, otherwise the authentication attempt will fail and an error will be logged in the server's /logs/errors file.
A new optional parameter, acptlang, has been added for creating a virtual server class. You must add [-acptlang] to the command line to enable accept language header parsing for your server. The default is ‘off’ if this parameter is not added.
As of SP1, the set-user-ID-on-execute (suid) Cgistub will not allow a non-root user to execute programs owned by root. This change enhances the security of the suid Cgistub system.
If you require pre-SP1 functionality, log in as ‘root’ and perform the following steps from a command line to modify the suid Cgistub for instance https-instance in server root server_root:
Change to the instance directory:
cd server_root/https-instance
Stop the server
./stop
Change to Cgistub's private directory
cd private
Allow root to write to the private directory
chmod 700
Tell Cgistub to trust programs owned by user 0 (root)
./Cgistub -s "trusted_uid 0"
Disallow writes to the private directory
chmod 500
Change to the instance directory
cd ..
Restart the server
./start
Adding more than 1000 software virtual servers under one class slows the loading of the Class Manager Members page.
Files are transferred by the master of the cluster requesting the remote machine's admin to run clxfer. The clxfer process of the remote machine requests the master to transfer the file, and the master runs clxfer to return the file. The master receives the host name of remote machine from the request, and finds the required file in /cluster/hostname/instance-names. If, for example, a remote machine named ‘charis’ is added to a cluster named ‘charis.india.sun.com’, the request header with ‘charis’ as host name will fail to find the file in ‘cluster/charis’. The remote machine will receive a 0 byte file due to the error.
Ensure that all machines have the full name. To do that go to control panel -> system ->network identification -> property in your remote machine. Enter the primary DNS suffix to match the master machine.
When using version 5.0 or higher of the Sun/Forte WorkShop C++ compiler to create an NSAPI plug-in that throws exceptions, the -compat=4 option should be specified. This is necessary because, by default, WorkShop 5.0 generates object code that is not binary compatible with WorkShop 4.2 object code. Specifying -compat=4 makes newer WorkShop versions behave like version 4.2.
If you are unable to specify -compat=4, add shlib_flags="(default|parent|group)" to your plug-in's Init fn="load-modules" line in magnus.conf. For example:
Init fn="load-modules" funcs="my-plugin" shlib="myplugin.so"
shlib_flags="(default|parent|group)"
Doing this will place your plug-in in its own dynamic link group. As a result, it will also be necessary to explicitly specify all your plug-in's shared object dependencies at link time. For example, your plug-in's CC command line might look like this:
CC -G -lCrun -lm -DXP_UNIX -I/usr/iplanet/servers/plugins/include
-o myplugin.so myplugin.cpp
The following is an issue for NSAPI plug-in developers or for users of third party NSAPI plug-ins that have not been certified with iWS 6.0 by their developers.
If you are the developer of an NSAPI Init function, here is the technical information needed to check if your plug-in suffers from this problem and if so, how to correct it:
The use of the NSAPI conf_getglobals() function, or the various macros in the nsapi.h header file that refer to conf_getglobals(), is not recommended within NSAPI Init functions in iWS 6.0. conf_getglobals() can only return the properties of a single virtual server. In iWS 6.0, a single web server may have many virtual servers defined with completely distinct properties, such as port, hostname, and security. Also, the configuration of any virtual server in iWS 6.0 can dynamically change over time. Therefore, a plug-in should not attempt to retrieve and store the server configuration information during NSAPI Init time, but rather retrieve the configuration in an ephemeral way during request processing time, when the server configuration information is actually needed (e.g., to build links in a dynamic web page).
The default behavior of conf_getglobals(), if called during Init in iWS 6.0 is to leave the following fields initialized with a default value (e.g., 0 , NULL): Vport, Vaddr, Vserver_hostname, Vsecurity_active, Vssl3_active, Vssl2_active, and Vsecure_auth. If your Init function relies on the values of these global fields but does not have error checking, it could crash and prevent the web server from coming up; or it could cause crashes at a later time if these null values are saved and later reused in other plug-in functions.
If you are currently calling conf_getglobals() in your Init function, you should modify your code to eliminate any such calls. This will ensure proper operation of your plug-in in iWS 6.0 when multiple virtual servers exist. The conf_getglobals() NSAPI function will only return the proper values corresponding to the connection and virtual server on which the request was made if called during an NSAPI request processing phase - e.g., during an NSAPI AuthTrans, NameTrans, Service, or other NSAPI request processing phases.
iWS 6.0 supports a compatibility mode for older plug-ins suffering from this problem. As noted in the user section, it requires the NSAPI Init functions to be marked as LateInit. When called
from a LateInit Init function, conf_getglobals() will return the properties of the default virtual server of the default connection group of the legacy listen socket. In terms of the new XML configuration attributes, this means that conf_getglobals() now returns the properties of the defaultvs of the defaultgroup of the legacyls of the SERVER. It is recommended that the server should only have that single virtual server defined in this case to ensure consistent server and plug-in operation.
If you are the user of an NSAPI Init function of a plug-in developed by a third party, you should contact the plug-in developer to find out if it is compatible with iWS 6.0 based on the technical information for developers stated in 1. Many Init functions will not be affected and are expected to continue to function unmodified with iWS 6.0, however, the determination of compatibility and possible need for an update should be made by the plug-in developer.
If your plug-in vendor does not certify their Init function for use with iWS 6.0, and the function is found to suffer from the specific programming problem described in 1., you may work around the problem if:
you only have a single listen socket, connection group, and virtual server in your iWS instance.
you configure the problem Init function as LateInit in magnus.conf. This is done by adding the LateInit = yes argument to the Init line.
you do not dynamically reconfigure the server after it is started.
If the above conditions are met, the Init function will be executed in an NSAPI context compatible with previous releases of iWS where only a single virtual server exists, and where this problem will not occur.
For the magnus.conf TempDir directive, the TempDir directory must be located on a local file system in order for the server to function correctly. If the TempDir directory is on an NFS mount, the server may fail to function correctly.
When using Micosoft’s Internet Explorer web browser, version 5.0 is supported for end users only. For administrators, changes to the Sun ONE Web Server Administration Server configuration can be saved only when using Internet Explorer version 5.5.
When editing a Connection Group Settings value from the Edit Listen Sockets Groups Page, a server update occurs when the OK button is pressed. Following this, if you go to Edit Listen Sockets page again and change another property, such as the Security value from Off to On, then click OK, an error message may appear that states, ‘Please refresh your screen, data update by another user.’ The Security value has not changed.
To change a property on the Edit Listen Sockets page after changing a property on the Edit Listen Sockets Groups page, click the OK button twice to effect the change.
After administrative actions lead to changes in magnus.conf (e.g., enabling Search capabilities), the Load Configuration Files button cannot be used.
Use the Apply Changes button to load the changes applied to magnus.conf.
After installing a certificate and clicking OK, the Add Certificate page (or Replace Certificate page) appears. Clicking the Help link here takes you to the wrong area: Add Certificate Revocation List Page, instead of Add Other Certificate page.
From the add CRL/CKL link, you can select the CKL file to display the ADD Compromised Key List page. The Help button on this page is linked to help for the CRL page.
Scroll down the help window until you see the help for ‘Add CRL.’
This problem shows up inconsistently and will be addressed in a future release.
POST method is permitted on static content by default.
If you have only one web application deployed, and you are trying to edit the URI, the URI cannot be empty.
Set the minHeapSize to 3.5 M and maxHeapSize to 64M.
Ignore the following error message when using the command line tools wdeploy and HttpServerAdmin: “A nonfatal internal JIT (3.10.107(x)) error 'Relocation error: NULL relocation target' has occurred in: 'org/apache/crimson/parser/Parser2.maybeComment (Z)Z': Interpreting method. Please report this error in detail to:
http://java.sun.com/cgi-bin/bugreport.cgi.
The version 6.0 SP1 release of Web Server supports JDK 1.3.1. Use /usr/lib/lwp threads for Java applications on Solaris 8. Most JVM and heap tuning are application specific.
For JDK1.2.2_07 use jvm.options = -Xgenconfig:64m,64m to tune heapsize depending on memory availability and application requirements.
For JDK1.3.1
jvm.option=-XX:MaxNewSize=512m
jvm.option=-XX:NewSize=512m
You can find more details about these flags and other flags from:
http://java.sun.com/docs/hotspot/VMOptions.html
http://java.sun.com/docs/hotspot/gc/
Some of GC tuning flags are applicable to JDK1.2.2_07 as well.
Please refer to JDK 1.3.1 debugging documentation:
For NT: http://java.sun.com/j2se/1.3/docs/tooldocs/win32/jdb.html
For Unix: http://java.sun.com/j2se/1.3/docs/tooldocs/solaris/jdb.html
You will need to configure Web Server 6.0 SP5 to use JDK instead of JRE before you can debug.
On Unix platforms only, make the following changes to the start-jvm script in the https-admserv directory:
Add ${NSES_JDK}/lib/$arch substituting $arch with the appropriate string corresponding to the machine you are running on, for example sparc for SPARC boxes, to the end of the NSES_JRE_RUNTIME_LIBPATH variable.
Make the following changes have to jvm12.conf:
jvm.enableDebug=1
java.compiler=NONE
jvm.option=-classic
jvm.option=-Xnoagent
jvm.option=-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=<port> where <port> should be replaced by an arbitrary unused port number to which the debugger will connect, such as address=5000
Start the Web Server.
Connect to the web server using jdb specifying the port number configured above.
jdb -attach <port>
for example: jdb -attach 5000
You are now ready to debug your servlet or JSP.
JSP compilation errors, such as incorrect JSP syntax, have resulted in an increase in memory (heap memory) on Solaris.
To work around this problem, pre-compile JSPs offline to catch such errors, or remove the offending JSP if the error logs contain compilation error messages for that JSP.
HP-UX operating system has two cache spaces called Page Cache and Buffer Cache for acessing files. Normally, when the application performs the mmap function, the file is mapped to Page Cache. However, currently the operating system has no responsibility to synchronize the date between the Page Cache and Buffer Cache, if the mmap is performed as PRIVATE option.
Even if the user copys the file, the operating system refreshes the cached data only in the Buffer Cache.
Use a vi editor to update the contents each time.
This section describes platform-specific known problems and workarounds for the following platforms:
If you are running Web Server 6.0 SP10 on Windows 2000, we recommend that you have the Windows Service Pack 3 installed on your system.
It is recommended that you use the Internet Explorer 5.X browser with Windows 2000 SP2 or later Server Edition.
If you are migrating a 4.x version of the Web Server to version 6.0 or a Service Pack release of version 6.0, ensure that the newly migrated instance has a unique name.
If the migrated instance has the same name as the older instance of the server, you must take care not to delete either of the two instances; deleting any one instance would disable the other.
When using Cluster Management on Web Server 6.0 SP5 on the Windows 2000 SP2 platform, the master Administration server hangs during file transfer. (See also the description of Problem 4552549.)
To resolve this problem, perform the following tasks:
Ensure that all machines have the full name. To do so, on your remote machine, go to Control Panel -> System -> Network Identification -> Properties -> More -> and enter the primary DNS suffix to match the master machine.
Configure kernelthreads property to set its value to on in the master administration server’s magnus.conf file.
Example:
KernelThreads on
If you are using CGIs on the Windows platform, edit the magnus.conf file to set the KernelThreads parameter to 1, as follows:
KernelThreads 1
For more information, see http://docs.sun.com/source/816-5686-10/07_magnu.htm#17315.
To monitor server activity with the Simple Network Management Protocol (SNMP) on Web Server 6.0 SP6, use the native SNMP master agent available on the AIX platform, and not the SNMP master agent that is bundled with Web Server 6.0 SP6.
Refer to the section Reconfiguring the SNMP Native Agent in the Administrator's Guide, for more information on running SNMP on AIX.
This problem does not occur on Solaris 2.8 with the following patches installed:
108528-15 kernel patch
108827-25 and related patches
However, it does occur on Solaris 2.6 because the corresponding patch for Solaris 2.6 is not available. To avoid the problem, you must upgrade to Solaris 2.8.
The Search page cannot be accessed in a localized installation of Sun ONE Web Server 6.x on the HP-UX platform.
Corrections to SP9 Documentation
Corrections to SP8 Documentation
Corrections to SP5 Documentation
Corrections to SP3 Documentation
Corrections to SP2 Documentation
Corrections to SP1 Documentation
A note added in the Sun ONE™ Web Server Release Notes 6.0 SP10 to clarify JDK vendors for Linux.
The iPlanet Web Server, Enterprise Edition Programmer's Guide documents an invalid keyword in dbswitch.conf. The valid keyword is `sessions'.
JDK support information for HPUX is rectified in Sun ONE™ Web Server Release Notes 6.0 SP10.
The last line of the first paragraph says "To change
thread pool settings once you've added the pool, edit obj.conf
."
The instructions should specifymagnus.conf
instead ofobj.conf
.
web-apps.xml
web-app
element's uri
attribute.
The uri
attribute of the web-app entry in
the web-apps.xml Element Reference section in "Chapter 2, Web
Applications," of the iPlanet
Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets
should read as follows:
Web Server 6.0 SP5 does not support the magnus.conf directive chroot on the server instance.
The online help for the Edit Access Control Page does not include a description of the up arrow and down arrow glyphs that are used to swap access control restrictions. Clicking on the up arrow glyph swaps the access control restriction with the access control restriction preceding it. Clicking on the down arrow glyph swaps the access control restriction with the access control restriction succeeding it.
In the iPlanet Web Server, Enterprise Edition Administrator's Guide, the section titled Installing the SNMP Master Agent states that you cannot use the Server Manager to install and start the master SNMP agent unless the server is running as root. This is incorrect and should read as follows:
“To configure the SNMP master agent you must install the Administration Server instance as the root user. However, even a non-root user can accomplish basic SNMP tasks, such as MIB browsing, on a web server instance by configuring the SNMP sub-agent to work with the master agent.”
In the online help for Sun ONE Web Server 60 SP5, the online help page for server-id | Class Manager | Content Management | URL Forwarding incorrectly states that the URL Prefix setting forwards requests to a URL prefix, keeping the absolute path, and substituting one prefix for another. In fact, if the URL prefix you specify is /info and the forwarded URL Prefix is www.sun.com, then /info/movies gets redirected to www.sun.com/movies.
Step 6 in the section titled Exporting with pk12util in the iPlanet Web Server, Enterprise Edition Administrator's Guide contains an error in the example that illustrates the use of the pkutil command in Unix. The command should read as follows:
pk12util -o certpk12 -n Server-Cert [-d /server/alias] [-P https-test-host-]
The iPlanet Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets incorrectly states that the iwsstats.xml file that reports server performance statistics is written to disk at the following location:
server_root/https-server_id/stats-xml/iwsstats.xml
The iwsstats.xml file is not written to disk but is dynamically generated only for URL access at the following URL:
http://server_id:port/stats-xml/iwsstats.xml
The Error Responses Page in the Web Server 6.0 SP5 online help is ambiguous about the conditions under which the web server returns the “Unauthorized” and “Forbidden” error responses.
The “Unauthorized” error response occurs if the client fails to send certain authorization headers that the server needs for authenticating the client against access control rules. It also occurs if the user name and password details sent by the client are incorrect. The “Forbidden” error response occurs when the client requests a resource that is denied access due to access control restrictions. It may also occur because the server does not have permission to access the requested resource.
In the iPlanet Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets, the section that describes remote debugging, Using Forte For Java to Debug Servlets and JSPs, incorrectly states that the jvm.conf file must be edited differently if JDPA is installed on the system.
Irrespective of whether JDPA is installed, Step 7 in this section should read as follows:
The online help for the Performance Settings | Magnus Editor page does not contain a description of the User parameter. For a complete description of the User parameter, see Table 2-1 (magnus.conf directives) in the iPlanet Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets.
The online help for the Administration Server’s Restrict Access Page incorrectly refers to the help instructions for restricting access on the instance server. The correct instructions can be found at the following location on your machine: http://hostname.domain-name:administration_port/https-admserv/manual/ag/esprefs.htm#1006194
The online help for the Class Manager | Manage Virtual Server | Styles | Edit a Style page incorrectly lists Cache Control, Require Stronger Security, Restrict Access, Dynamic Configuration, and Symbolic Links as style configuration categories supported by Sun ONE Web Server while the option for .htaccess Configuration is not documented.
The "Selecting Ciphers" section of the iPlanet Web Server, Enterprise Edition Administrator's Guide omits to mention that irrespective of any changes made to the security settings of the Listen Socket, clicking the Cipher Default link configures the server with default cipher settings.
The Server Identifier used by the Administration Server to identify a server instance must be specified using ASCII and not Latin-1 characters.
The user you use to run the Sun ONE Web Server should, but not necessarily must, be in the same group as the user you use to run the Administration Server. The iPlanet Web Server, Enterprise Edition Installation Guide incorrectly specifies this as a mandatory requirement.
The iPlanet Web Server, Enterprise Edition Installation Guide omits to mention that during migration, multi-line Init directives are compressed to single-line directives in the server-id/config/magnus.conf file
In Chapter 15 of the iPlanet Web Server, Enterprise Edition Administrator's Guide, Step 5 under the section “Deploying Web Applications” should read as follows:
“Enter the absolute path to the directory on the server machine into which the contents of the WAR file will be extracted. If the directory does not exist, one will be created.”
In the same chapter, the command parameter incorrectly specified as idirectory should read directory.
In the iPlanet Web Server 6.0 Performance Tuning, Sizing, and Scaling Guide, the section “Using the Solaris Network Cache and Accelerator” omits to mention that if you are using a version of Solaris that is lower than Solaris 8 Update 5, you would need the following additional patches:
The documentation for the net_read function in the iPlanet Web Server, Enterprise Edition NSAPI Programmer's Guide should read as follows: “The net_read function returns the number of bytes read, which will not exceed the maximum size, sz. A negative value is returned if an error has occurred.”
In the online help, operations allowed for the SNMP Master Agent Community should read as follows: “Allow ALL Operations”, “Allow GET Operations”, and “Allow SET Operations.”
The <Limit> directive in the section titled “Example of a .htaccess File” of the iPlanet Web Server, Enterprise Edition Administrator's Guide has been incorrectly documented. The text should read <Limit GET POST> instead of <Limit> GET POST, and <Limit PUT DELETE> instead of <Limit> PUT DELETE.
The iPlanet Web Server, Enterprise Edition Administrator's Guide incorrectly states that the Sun ONE Web Server can be extended to support Microsoft FrontPage webs. Third-party server extensions that extend server-side support for Microsoft FrontPage webs are not supported by Sun ONE Web Server.
The “Adding Variables” section in the chapter “Managing Server Clusters” in the iPlanet Web Server, Enterprise Edition Administrator's Guide does not adequately describe how variables are transferred within a cluster. The paragraph at the end of the specified section should read as follows:
“The variable must also be added to the server’s configuration file you are transferring to the slave. For example, if you are transferring the variable port, the variable should be declared in a server configuration file, say server.xml, as shown below:
<SERVER legacyls="ls1" qosactive="no" qosmetricsinterval="30" qosrecomputeinterval="100">
<LS id="ls1" ip="0.0.0.0" port="$port" security="off" acceptorthreads="1" blocking="no">
You can set variables with different values for each slave in the configuration file. Once added, variables can also be edited and deleted using the drop-down Option list in the Add Variables page.”
The instructions for remote servlet debugging as documented in the iPlanet Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets require the use of JDK 1.2.
The configuration file obj.conf has been incorrectly spelled as obj.con in the online help page for Cluster Management | Cluster Control.
By default, the server sends the requested file to the client by calling the send-file function. The directive that sets the default should read:
Service method="(GET|HEAD)" type="*~magnus-internal/*" fn="send-file"
Removal of the web-apps.xml column of Restore Configuration page in the Server Manager causes the online help for that page to be inaccurate.
A new column for ‘State’ has been added to the ‘Edit Web Application’ page of the Virtual Server Manager, which displays whether the installed application is ‘Enabled’ or ‘Disabled’, depending on the enable value (enable=TRUE/FALSE) in the web application file for that application (URI). This screen change was made after Web Server 6.0 SP1, and is not reflected in the Administrator’s Guide or online help.
The AIX platform is listed as a supported platform in some documents; however, it is not supported at this time.
The default value for StrictHttpHeaders was changed from ‘on’ to ‘off’ in SP2b.
Numerous chapters refer to themselves as “in this appendix.”
jvm.compiler found twice on page 52 under ‘Debugging Servlets and JSPs’ is not a recognized parameter in VM. jvm.compiler should read java.compiler.
The steps on page 234 ‘Configuring the SNMP Master Agent’ are a duplication of ‘Installing the SNMP Master Agent’ on page 230, and are inaccurate. The steps should read ‘Configuring the SNMP Subagent’:
From the Administration Server, select the server instance and click Manage.
Select the Monitor tab.
Select SNMP Subagent Configuration.
(Unix only) Enter the name and domain of the server in the Master Host field.
Enter the Description of the server, including operating system information.
Enter the Organization responsible for the server.
Enter the absolute path for the server in the Location field.
Enter the name of the person responsible for the server and the person’s contact information in the Contact field.
Select On to Enable the SNMP Statistics Collection.
Click OK.
Click Apply.
Select Apply Changes to restart your server for changes to take effect.
If you have problems with Sun ONE Web Server, contact Sun customer support using one of the following mechanisms:
Sun Software Support services online at http://www.sun.com/service/sunone/software.
This site has links to the Knowledge Base, Online Support Center, and ProductTracker, as well as to maintenance programs and support contact numbers.
The telephone dispatch number associated with your maintenance contract
So that we can best assist you in resolving problems, please have the following information available when you contact support:
Description of the problem, including the situation where the problem occurs and its impact on your operation
Machine type, operating system version, and product version, including any patches and other software that might be affecting the problem
Detailed steps on the methods you have used to reproduce the problem
Any error logs or core dumps
Useful Sun ONE information can be found at the following Internet locations:
Documentation for Web Server 6.0 and Service Packs
http://docs.sun.com/db/coll/S1_ipwebsrvree60_en
Sun ONE Documentation
http://docs.sun.com/prod/sunone
Sun ONE Professional Services
http://www.sun.com/service/sunps/sunone
Sun ONE Software Products and Service
http://www.sun.com/software
Sun ONE Software Support Services
http://www.sun.com/service/sunone/software
Sun ONE Support and Knowledge Base
http://www.sun.com/service/support/software
Sun Support and Training Services
http://www.sun.com/supportraining
Sun ONE Consulting and Professional Services
http://www.sun.com/service/sunps/sunone
Sun ONE Developer Information
http://sunonedev.sun.com/
Sun Developer Support Services
http://www.sun.com/developers/support
Sun ONE Software Training
http://www.sun.com/software/training
Sun Software Data Sheets
http://wwws.sun.com/software
Copyright © 2004 Sun Microsystems, Inc. All rights reserved.
Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.sun.com/patents and one or more additional patents or pending patent applications in the U.S. and in other countries.
U.S. Government Rights - Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements.
Use is subject to license terms.
This distribution may include materials developed by third parties.
Portions may be derived from Berkeley BSD systems, licensed from U. of CA.
Sun, Sun Microsystems, the Sun logo, Java and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries.
Copyright © 2004 Sun Microsystems, Inc. Tous droits réservés.
Sun Microsystems, Inc. détient les droits de propriété intellectuels relatifs à la technologie incorporée dans le produit qui est décrit dans ce document. En particulier, et ce sans limitation, ces droits de propriété intellectuelle peuvent inclure un ou plus des brevets américains listés à l'adresse http://www.sun.com/patents et un ou les brevets supplémentaires ou les applications de brevet en attente aux Etats - Unis et dans les autres pays.
Propriété de SUN/CONFIDENTIEL.
L'utilisation est soumise aux termes du contrat de licence.
Cette distribution peut comprendre des composants développés par des tierces parties.
Des parties de ce produit pourront être dérivées des systèmes Berkeley BSD licenciés par l'Université de Californie.
Sun, Sun Microsystems, le logo Sun, Java et Solaris sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc. aux Etats-Unis et dans d'autres pays.
Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC International, Inc. aux Etats-Unis et dans d'autres pays.