Borland Enterprise Server 5.2.1 VisiBroker Release Notes (Windows, Solaris, Linux)

This release note contains information specific to the VisiBroker Edition and VisiBroker standalone product. For release note information that applies to all the Borland Enterprise Server 5.2.1 Editions, see the Borland Enterprise Server 5.2.1 Release Notes.

• VisiBroker enhancements
• Upgrading from previous versions
• Compatibility notes
• Known issues
• Platform information
• Printing version information
• VisiBroker redistributables

VisiBroker enhancements

5.2.1 is a maintenance release of the product that addresses most of the customer reported problems and includes minor product enhancements.

VisiSecure for Java

• Added a new property vbroker.security.server.transport.

This property is used on the server side to set the server transport. Possible values are: CLEAR_ONLY, SECURE_ONLY or ALL. The default is SECURE_ONLY. This property enables the client that needs either CLEAR_ONLY or SECURE_ONLY to connect to a server. In order for this property to take effect, the secureTransport property must be set to true.

• SSL support of LDAPLoginModule to connect to LDAP.
• Userdbadmin is enhanced to support pre-existing schema. The following new entries are available in 5.2.1 when executing the userdbadmin tool.
  

  Entry	Description
  o dbusertable	User table name followed by (optional) name field, password field. For example, USERTABLE,USERNAME,PASSWORD
  o dbgrouptable	Group table name followed by (optional) user name field, user group field. For example, GROUPTABLE,USERNAME,GROUPNAME
  o dbpassworddigest	The digest algorithm for password hashing SHA1 (default) or MD5.

  
  
• The following additional attributes are supported in BasicLoginModule configuration.
  

  Attribute	Description
  port:	Specifies a port for remote URLs (default : 24470). For example, port = 24400
  digesttype:	Specifies the message digest algorithm used for hashing a password in the table (default : MD5). This value can be any value passed to the java.security.MessageDigest.getInstance method. Examples of valid values are: MD5 and SHA.

  
  
• In BasicLoginModule, the TYPE attribute is now deprecated. TYPE=BASIC will translate to digesttype=SHA.
• The new property vbroker.security.support.gatekeeper.reply.ForSAS has been added. This property is used with GateKeeper and with security enabled. When set to true, the username and password will not be delegated to the backend server for authentication. By default, this property is set to false.

Upgrading from previous versions

Upgrading from BES 5.2 VisiBroker Edition/VisiBroker standalone to 5.2.1 requires no additional work on the part of the user.

Compatibility notes

VisiBroker for C++

Compatibility with VisiBroker for C++ 5.2:

VisiBroker 5.2.1 maintains binary and source compatibility.

Compatibility with VisiBroker for C++ 3.x and 4.x:

For the most part, VisiBroker 5.x is not binary- or source-compatible with releases 4.x and earlier. Please regenerate your stubs and recompile your applications.

VisiBroker for Java

As per OMG Specification 2.5, org.omg.PortableServer.POAOperations.create_reference_with_id() does not throw a WrongPolicy exception. VisiBroker 5.2.1 is compatible to this definition. However, for source code back-compatibility we have created a JAR file called javabackcompat.jar, that contains the older definition to throw the WrongPolicy exception.

If you require the older definition, do the following before building and running your applications:

• JDK 1.3.x users: Prepend <install_dir>/lib/backcompat/vbjbackcompat.jar in the classpath.
• JDK 1.4.x users: Manually place the <install_dir>/lib/backcompat/vbjbackcompat.jar file in the <install_dir>/lib/endorsed directory.

Compatibility of previous versions with VisiBroker for Java 5.2.1

If any of the following three types:

• java.util.Hashtable
• java.util.HashMap
• java.util.TreeMap

are exchanged across the wire between 5.2.1 and any older versions, you must set vbroker.rmi.alternativeMarshall=false on the older VisiBroker for Java side for back compatibility.

VisiTransact

Previous OTS clients versus OTS 5.2.1 servers

• Previous OTS clients can safely call methods on the objects at OTS52 servers provided that those server objects have ADAPTS OTS policy values in their IORs.

  If the objects obtained from OTS52 servers have REQUIRES OTS policy values in their IORs, any invocation on those objects must happen within the scope of an active transaction. Also, if the objects obtained from OTS52 servers have FORBIDS OTS policy values in their IORs, any invocation on those objects must happen outside the scope of an active transaction.

Previous OTS servers versus OTS 5.2.1 clients

• OTS52 clients can work fine with previous OTS servers. However, in contrast to the previous OTS clients, OTS52 clients do not unconditionally propagate the transaction context.
• In cases where call-backs are used, if the client wants the transaction context to be propagated with the call back from the previous OTS server, the call-back object an OTS52 client passes to a previous OTS server must be of type TransactionalObject.
• The transaction log files created by ITS 1.2 are not compatible with VisiTransact 5.2
• For Java servers/clients of ITS 1.2, VisiTransact 5.2 can be used after making the following changes:

  start servers/clients with:

  -Dvbroker.orb.dynamicLibs=com.visigenic.services.
  CosTranscations.TSServiceLoader
  

  This class is packaged in asrt.jar, xmlrt.jar.

• All command line options are now be compliant to ORB command line options. The ITS 1.2 command line options are replaced with:

  -OTSname -Dvbroker.ots.name
  -OTScurrent_name -Dvbroker.ots.currentName
  -OTScurrent_timeout -Dvbroker.ots.currentTimeout
  -OTScurrent_host -Dvbroker.ots.currentHost
  -OTScurrent_factory -Dvbroker.ots.currentFactory
  -OTSexit_on_shutdown -Dvbroker.ots.exitOnShutdown
  -OTSdefault_timeout -Dvbroker.ots.defaultTimeout
  -OTSdefault_max_timeout -Dvbroker.ots.defaultMaxTimeout
  -OTSlog_dir -Dvbroker.ots.logDir
  -OTSlog_purge_transactions -Dvbroker.ots.logPurgeTransactions
  -OTSlog_sleep -Dvbroker.ots.logSleep
  -OTSlog_cache -Dvbroker.ots.logCache
  -OTSlog_unit -Dvbroker.ots.logUnit
  

• When a user uses ^C to shutdown ITS, the log file now does not log the information that the ITS is interrupted by a user.

VisiSecure for Java

Security is on-the-wire compatible with previous BES 5.x versions.

The following changes, which affect back-compatibility, have been made to the Security implementation:

• In 5.1, IdentityWallet and CertificateWallet had a set of accessors that provided access to information that was used to construct these objects. Since this information is already available to clients as they provide the information during construction, these methods are superfluous and have been removed.
• In 5.2.1, the vault file has a different format making it incompatible with previous versions.
• For other incompatibilities, please refer to Migrating from Borland Security Service 5.1.

Known issues

The following are known VisiBroker issues with this release.

Note: For information on known issues with the 5.2 release, please see the VisiBroker 5.2 Release Notes for Windows, Solaris, and Linux.

VisiBroker for Java

Namespaces and IDL

The Java compiler now rejects import statements that import a type from the unnamed namespace. According to the Java Language specification, you cannot have a simple name in an import statement, nor can you import from the unnamed namespace (http://java.sun.com/j2se/1.4/compatibility.html#source). This change impacts applications with IDLs that do not have their definitions in a module.

Security and Naming Service (VisiNaming)

When security is enabled in a BES 5.2.1 Partition using the vbroker.security.disable property, the Naming Service in that Partition is not secure. This is due to the default value (true) for the vbroker.naming.security.disable property. To enable security, set vbroker.naming.security.disable=false.

RequestAgent

The current version of the Request Agent is not security-enabled. If the Request Agent is being used in mixed JDK environments, then the Request Agent should be started with the same JDK as that of the server.

Using OAD to start RequestAgent

To start the RequestAgent with OAD, you have to:

• Register the RequestAgent as a shared server using the following command.

  Note: This assumes that VBROKER_ADM is set to point to the adm directory which contains the license files.

  UNIX:

  oadutil reg -i IDL:borland.com/NativeMessaging/RequestAgent:1.0 -o RA -java
   com.borland.vbroker.MessageBroker.MessageBroker -e
  
  vbroker.orb.admDir=$VBROKER_ADM
  

  Windows:

                 
  oadutil reg -i IDL:borland.com/NativeMessaging/RequestAgent:1.0 -o RA -java com.borland.vbroker.MessageBroker.MessageBroker -e
  vbroker.orb.admDir=%VBROKER_ADM%
  

Propagation of client side QoS policies to RequestAgent

In the current release, client side QoS policies, for example the RebindPolicy, are not propagated to the RequestAgent.

RequestAgent interop with VisiBroker for C++ 4.5 and VisiBroker for Java 4.0/4.1/4.1.1 servers for WChar and WString Data

This issue occurs when:

1. The client is a VisiBroker for Java 4.5.x or VBE 5.x application,
2. The server is VisiBroker for C++ 4.5 or VisiBroker for Java 4.0,4.1, or 4.1.1 application, and
3. Client tries to invoke an operation through the RequestAgent that contains WChar or WString arguments/return values.

A DATA_CONVERSION or MARSHAL exception will be raised by the client as a result of this invocation. This issue will be resolved in a future release.

RMI-over-IIOP

It is the RMI-IIOP application server's responsibility to instantiate the ORB instance and call the run() method explicitly to have the server wait for client connections.

VisiBroker for C++

A new client side property vbroker.se.default.local.listener.doorMaxMsgSize has been added. This property controls the maximum message size, which will be sent through the fast IPC (door) mechanism in Solaris when the client and server are running on the same machine. The default value is 1,000,000. If the message size is greater than this value, it will not be sent using the door IPC and will default to the next available mechanism (UNIX domain socket or TCP/IP socket).

Note: Setting this property to a very high value can cause the server application to core.

VisiNotify

• The reserved run-time variable $curtime used to return the current time of day is not currently supported. This will be supported in the next release.

VisiTransact

• Java support for OMG OTS 1.2 specification is not implemented in this release.
• If you do not want to remove the TransactionObject interface from the existing client/server code and still want to compile them with new OTS52, do not use the BY_POA policy to create POAs on which such objects are to be created. Instead, you should use the BY_INSTANCE or NONE bind support policy. If you need the BY_POA policy, you should set an explicit ADAPTS policy for the POA on which an object of TransactionsalObject type is to be created.
• InvocationPolicy presently does not support UNSHARED mode.
• When using the CurrentHost option, you will not be able to use the IPv6 address format.

VisiSecure for Java

• Global setting of ServerQoPConfig will not be applied for POAs already created. This happens when the POAs are created at post_init() of ORBInitializers or init_completed() of ServiceLoaders.
• The Borland Security Service (BSS) cannot support clients with U/P and clients with Public Key simultaneously on one server socket. When transport level trust-in-client is enabled, clients must have certificates, even if they want only U/P identities. This is due to a JSSE limitation that will be fixed with J2SE 1.4.
• Authentication with InterBase using Basic and JDBC LoginModules does not work.
• Securecart example: To successfully run pk server, you need to add the following into the ejb-borland.xml file just after the definition of the authorization domain:

  <property>
  <prop-name>ejb.security.realms</prop-name>
  <prop-value>NONE</prop-value>
  </property>
  

• With JDK 1.4.1 or JDK 1.4.0, when the trustpoint directory contains files that are in a format other than a valid certificate such as keystore, due to Sun JDK 1.4.1 bug number 4806811 it will throw an IOException when it parses the keystore. However, this does not affect the behavior. The following is a sample of the exceptions thrown:

  vbj -DORBpropStorage=client_pk.properties com.borland.appclient.Container
   cart_beans_client.jar java.io.IOException:
   DerInputStream.getLength(): lengthTag=109, too big.
       at sun.security.util.DerInputStream.getLength(DerInputStream.java:502)
       at sun.security.util.DerValue.init(DerValue.java:333)
       at sun.security.util.DerValue.<init>(DerValue.java:289)
       at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:340)
       at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:240)
       at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:511)
       at com.inprise.security.trust.TrustpointsWrapper.addTrustPoint(TrustpointsWrapper.java:211)
       at com.inprise.security.trust.TrustpointsWrapper.refresh(TrustpointsWrapper.java:163)
       at com.inprise.security.CORBAsec.SecurityCurrentImpl.complete_init(SecurityCurrentImpl.java:179)
       at com.borland.security.core.Init.pre_init(Init.java:475)
       at com.inprise.vbroker.orb.ORB.initialize(ORB.java:1138)
       at com.inprise.vbroker.orb.ORB.set_parameters(ORB.java:1310)
       at org.omg.CORBA.ORB.init(ORB.java:337)
       at com.inprise.j2ee.Init.orb(Init.java:78)
       at com.inprise.j2ee.jndi.CtxFactory.getInitialContext(CtxFactory.java:29)
       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
       at javax.naming.InitialContext.init(InitialContext.java:219)
       at javax.naming.InitialContext.<init>(InitialContext.java:175)
       at com.inprise.j2ee.utils.JndiUtils.registerEjbRefsInJndi(JndiUtils.java:328)
       at com.inprise.j2ee.utils.JndiUtils.registerInJndi(JndiUtils.java:468)
       at com.borland.appclient.Container.main(Container.java:136)
  

JVM

On Windows 2000, due to a potential bug in the license manager (LM), an error may occur in the VisiBroker C++ application resulting in the following message:

The application failed to initialized properly (0xc0000005).
Click OK to terminate the application.

To workaround this problem, use either short or quote ("") qualified folder names for the USERPROFILE environment variable. For example, c:\"Documents and Settings"\Administrator.

When using Sun's J2SE 1.3.1 on Linux, the client application may hang in com.inprise.vbroker.orb.SocketSCM.shutdown() while exiting. This is due to bug 4344135 in the JVM. To workaround this problem, set the J2SE_PREEMPTCLOSE environment variable to 1 when running the application. That is,

J2SE_PREEMPTCLOSE=1
export J2SE_PREEMPTCLOSE

For more information, see the J2SE 1.3 release notes from Sun Microsystems.

Platform information

Important: For information on minimum hardware requirements, certified operating systems, JDKs, and compilers, please refer to the Product Platforms Page.

C++ 64-bit security support

The VisiBroker Edition 64-bit port does not provide a C++ security component.

VisiTransact 64-bit support

The VisiBroker Edition 64-bit port does not provide a VisiTransact component.

JDK

On Solaris, Windows and Linux, JDK 1.4.1_01 and JDK 1.3.1_06 are supported.

Printing version information

The product provides mechanisms for printing version information for the binaries and libraries included in this release. In general, use the executable vbver followed by the file to query version information.

For example vbver osagent.exe prints:

Information for:      osagent.exe
Product Name:         VisiBroker for C++ (Windows NT4.0, Windows 2000)
Version:              05.02.01.C1.02
Copyright:            (C) 1996, 2002
Company:              Borland Software Corporation
Build Date:           04/11/2002 14:40:29

Similarly, vbver vbjorb.jar prints:

Information for:      vbjorb.jar
Product Name:         VisiBroker Developer for Java
Version:              05.02.01.C1.02
Copyright:            (C) 1996-2002
Company:              Borland Software Corp.
Build Date:           04/11/2003 14:40:22

To obtain version information for the utilities (such as idl2java, irep, and idl2ir), pass the -version argument to the utility.

VisiBroker redistributables

The following list identifies those VisiBroker components that are redistributable on Windows. Please see the VisiBroker license agreement for general terms that apply to compiled programs and redistributables.

Note: VBROKER_HOME denotes the full path to the directory where Visibroker was installed.