| <html><head> |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> |
| <title xmlns:d="http://docbook.org/ns/docbook">Chapter 17. ROP Deployment</title><link rel="stylesheet" type="text/css" href="css/cayenne-doc.css"><meta xmlns:d="http://docbook.org/ns/docbook" name="keywords" content="Cayenne 4.0 documentation"><meta xmlns:d="http://docbook.org/ns/docbook" name="description" content="User documentation for Apache Cayenne version 4.0"><link rel="home" href="index.html" title="Cayenne Guide"><link rel="up" href="cayenne-guide-part3.html" title="Part III. Cayenne Framework - Remote Object Persistence"><link rel="prev" href="implementing-rop-client.html" title="Chapter 16. Implementing ROP Client"><link rel="next" href="current-limitations.html" title="Chapter 18. Current Limitations"><script xmlns:d="http://docbook.org/ns/docbook" type="text/javascript"> |
| var _gaq = _gaq || []; |
| _gaq.push(['_setAccount', 'UA-7036673-1']); |
| _gaq.push(['_trackPageview']); |
| (function() { |
| var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; |
| ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; |
| var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); |
| })(); |
| </script></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div xmlns:d="http://docbook.org/ns/docbook" class="navheader"><table width="100%" summary="Navigation header"><tr><th class="versioninfo">v.4.0 (4.0.M5)</th><th align="center">Chapter 17. ROP Deployment</th><th></th></tr><tr><td width="20%" align="left"><a accesskey="p" href="implementing-rop-client.html">Prev</a> </td><th width="60%" align="center"><a accesskey="u" href="cayenne-guide-part3.html">Part III. Cayenne Framework - Remote Object Persistence </a></th><td width="20%" align="right"> <a accesskey="n" href="current-limitations.html">Next</a></td></tr></table><hr></div><div class="chapter"><div class="titlepage"><div><div><h2 class="title"><a name="rop-deployment"></a>Chapter 17. ROP Deployment</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="section"><a href="rop-deployment.html#deploying-rop-server">Deploying ROP Server</a></span></dt><dt><span class="section"><a href="rop-deployment.html#deploying-rop-client">Deploying ROP Client</a></span></dt><dt><span class="section"><a href="rop-deployment.html#rop-security">Security</a></span></dt></dl></div><div class="section"><div class="titlepage"><div><div><h2 class="title"><a name="deploying-rop-server"></a>Deploying ROP Server</h2></div></div></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Recent versions of Tomcat and Jetty containers (e.g. Tomcat 6 and 7, Jetty 8) contain code |
| addressing a security concern related to "session fixation problem" by resetting the |
| existing session ID of any request that requires BASIC authentcaition. If ROP |
| service is protected with declarative security (see the ROP tutorial and the |
| following chapters on security), this feature prevents the ROP client from attaching |
| to its session, resulting in MissingSessionExceptions. To solve that you will need |
| to either switch to an alternative security mechanism, or disable "session fixation |
| problem" protections of the container. E.g. the later can be achieved in Tomcat 7 by |
| adding the following <span class="emphasis"><em>context.xml</em></span> file to the webapp's META-INF/ |
| directory: |
| </p><pre class="programlisting"><span xmlns="http://www.w3.org/1999/xhtml" class="hl-tag"><Context></span> |
| <span xmlns="http://www.w3.org/1999/xhtml" class="hl-tag"><Valve</span> <span xmlns="http://www.w3.org/1999/xhtml" class="hl-attribute">className</span>=<span xmlns="http://www.w3.org/1999/xhtml" class="hl-value">"org.apache.catalina.authenticator.BasicAuthenticator"</span> |
| <span xmlns="http://www.w3.org/1999/xhtml" class="hl-attribute">changeSessionIdOnAuthentication</span>=<span xmlns="http://www.w3.org/1999/xhtml" class="hl-value">"false"</span><span xmlns="http://www.w3.org/1999/xhtml" class="hl-tag"> /></span> |
| <span xmlns="http://www.w3.org/1999/xhtml" class="hl-tag"></Context></span></pre><p>(The |
| <Valve> tag can also be placed within the <Context> in any other locations |
| used by Tomcat to load context configurations)</p></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title"><a name="deploying-rop-client"></a>Deploying ROP Client</h2></div></div></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title"><a name="rop-security"></a>Security</h2></div></div></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="implementing-rop-client.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="cayenne-guide-part3.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="current-limitations.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 16. Implementing ROP Client </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 18. Current Limitations</td></tr></table></div></body></html> |