Turning on Secure for ATG Applications

Closed for business | FlickrClosed for business by maistora’s Photostream | Flickr

Almost all web applications have some parts of their site they want to be secure such as login and profile pages.

To enable security ATG has a ProtocolSwitchServlet, located at /atg/dynamo/servlet/dafpipeline/ProtocolSwitchServlet. Set the enable property to true and configure the other properties appropriately.

The only other properties that you will need to configure are the secureList property and the ignoreList property.  Examples of how these properties would be configured follow.

secureList=/myapp/account,/myapp/checkout
ignoreList=/myapp/css,/myapp/javascript

Optionally you might want to change the secureHostName and the httpsPort but typically it would be better to change siteHttpServerName and httpsPort respectively in /atg/dynamo/Configuration.

The default values for the other properties should be fine.

Enabling non-XA Resources in JBoss 4.2 with ATG

a dog and it's boss on Flickr
(Photo: a dog and it’s boss by Pixel Addict)

ATG documents how to enable non-XA resources in JBoss 4.2 for SOLID.  We ended up following the same instructions to work with Oracle.

JBoss Note: JBoss 4.2 by default assumes XA drivers, which some ATG applications use; however, there are no XA drivers for SOLID. To enable multiple non-XA resources in JBoss 4.2, add the property to the jbossjta-properties.xml file, under the “arjuna” property tag:

[xml]<property depends="arjuna" name="jta">
<property name="com.arjuna.ats.jta.allowMultipleLastResources" value="true"/>[/xml]

You may still see warnings in your log file, but ATG applications will run correctly. To suppress these warnings, add the following to your jboss-log4j.xml file:

[xml]<category name="com.arjuna.atg.jta.logging">
<priority value="ERROR"></priority>
</category>[/xml]

For further reading please see Starting the SOLID SQL Database document in the Running Nucleus-Based Applications section of the ATG Installation and Configuration Guide.

Configuring ATG to Send Email via Comcast SMTP

When you are developing at home you will probably need to configure your ATG application to send email via your ISP’s SMTP server.  Here is how I configured ATG to send email via Comcast’s SMTP server.

First you need to update ATG’s configuration to point to the Comcast SMTP server by modifying {ATG}/home/localconfig/atg/dynamo/Configuration.properties.

emailHandlerHost=smtp.comcast.net
emailHandlerPort=587

Typically you don’t need to set the emailHandlerPort, it is by default set to port 25.  But Comcast has recently been switching over to use port 587 because email viruses use port 25 on infected computers.

Next you need to update ATG’s SMTP Email service configuration by modifying {ATG}/home/localconfig/atg/dynamo/service/SMTPEmail.properties.

defaultFrom=betweengo@comcast.net
username=betweengo@comcast.net
password=betweengo

These values used to be optional but now are required because Comcast requires authentication as part of its increased security.

NameNotFoundExceptions during start up of ATG application on JBoss

When you start up your ATG application on JBoss and see NameNotFoundExceptions like the following it could be because you did not configure your ATG datasources correctly.

Unable to start service "/atg/dynamo/service/jdbc/JTDataSource":
 atg.nucleus.ServiceException:
 Unable to resolve reference to JNDI component:
 java:/atgcore_ds
ERROR [nucleusNamespace.atg.dynamo.service.jdbc.JTDataSource]
javax.naming.NameNotFoundException: atgcore_ds not bound

To properly configure it create an atg-oracle-ds.xml file. I have a sample one below. atgcore_ds is the datasource for most of the ATG repositories. You will probably need to configure datasources for Catalog A and Catalog B if you are doing eCommerce, e.g. atgcataloga_ds and atgcatalogb_ds. The atg-oracle-ds.xml file will go into your server’s configuration, e.g. <jboss>/server/betweengo/deploy.

<?xml version="1.0" encoding="UTF-8"?>
<datasources>
 <local-tx-datasource>
  <jndi-name>atgcore_ds</jndi-name>
  <!-- <connection-url>jdbc:oracle:oci:@Dynamo</connection-url> -->
  <connection-url>jdbc:oracle:thin:@localhost:1521:orcl</connection-url>
  <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
  <user-name>foo</user-name>
  <password>bar</password>
  <min-pool-size>1</min-pool-size>
  <max-pool-size>4</max-pool-size>
 </local-tx-datasource>
</datasources>

Note that the connection URL should be the same as what you configured in your tnsnames.ora file.  If you installed Oracle with a Microsoft Loopback Adapter and pointed the host in your tnsnames.ora configuration to the loopback connection, e.g. 192.168.1.200, then you should do the same in your atg-oracle-ds.xml file.

For further reading please see Getting Started with ATG – jBoss and Oracle and Create Additional JBoss Application Server Configurations.

Could Not Install ATG 2007.1

Today I began a contract with Bell Canada on an eCommerce project.  This project is using ATG 2007.1 with Oracle 10g (supported environments for ATG 2007.1).

I downloaded the installer from ATG’s product downloads page which is only available if you have purchased a Standard or Premium Support contract.  Previously this page was publicly available but now it is hidden.  Fortunately I found the link at ATG’s Google group ATG_Tech where they announced that ATG 2007.1 is available.

ATG Support quickly responded to my email to support@atg.com and within a few hours fixed the installer and made available a new installer on the product downloads page.

Lesson learned: Contact ATG Support.  They’re good.

Recurring Illegal Access Errors in JBoss when running ATG

illegal access

I recently installed ATG 2007.1 with no patches on JBoss 4.0.5.GA.  When I started it up I continually saw these illegal access errors.

16:01:24,296 INFO  [WebappClassLoader] Illegal access: this web application instance has been stopped already.  Could not load org.apache.log4j.Level.
  The eventual following stack trace is caused by an error thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access, and has no functional impact.
java.lang.IllegalStateException
        at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1241)
        at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1201)
        at org.apache.commons.logging.impl.Log4jProxy$1.run(Log4jProxy.java:66)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.commons.logging.impl.Log4jProxy.threadContextClassLoader(Log4jProxy.java:88)
        at org.apache.commons.logging.impl.Log4jProxy.(Log4jProxy.java:94)
        at org.apache.commons.logging.impl.Log4JLogger.(Log4JLogger.java:39)
        at sun.reflect.GeneratedConstructorAccessor22.newInstance(Unknown Source)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
        at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:529)
        at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:235)
        at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:372)
        at atg.nucleus.logging.commons.CommonsLoggingLogListener.logEvent(CommonsLoggingLogListener.java:106)
        at atg.nucleus.GenericService.sendLogEvent(GenericService.java:291)
        at atg.nucleus.GenericService.logInfo(GenericService.java:737)
        at atg.nucleus.GenericService.logInfo(GenericService.java:715)
        at atg.ui.j2edit.model.CachingJ2eeArchiveDirectoryAgent.updateCacheData(CachingJ2eeArchiveDirectoryAgent.java:513)
        at atg.ui.j2edit.model.CachingJ2eeArchiveDirectoryAgent.performScheduledTask(CachingJ2eeArchiveDirectoryAgent.java:573)
        at atg.service.scheduler.ScheduledJob.runJobs(ScheduledJob.java:441)
        at atg.service.scheduler.Scheduler$2handler.run(Scheduler.java:760)

Fortunately this is a common problem and there are many support incidents about it.  Problem Report #144586 says that the problem occurs if:

  1. say “Yes” to deploying Quincy Fund during installation
  2. use startDynamoOnJBoss to run any other application

The work around is to remove Quincy Funds.ear from the JBoss deployment directory.  Or just don’t install Quincy Funds.

If you need to run the Quincy Funds demo then the Error running Quincy Funds demo on JBoss document suggests:

  1. stop the server
  2. delete the ATGDAF.ear from the JBoss installation
  3. start JBoss with the run.bat|sh command; the Quincy Funds demo is automatically started

For further reading please see How to use the startDynamoOnJBOSS script and JBoss configurations to run an application.  You may need to have an active ATG support contract to view these and other ATG support documents referenced in this article.

Log SQL on ATG

Dudley Zoo Sarah the Sumatran Tiger (Life Of Pi) on FlickrDudley Zoo Sarah the Sumatran Tiger (Life Of Pi) by donebythehandsofabrokenartist

To log SQL turn on logging debug for your Repository component.

For example, set /betweengo/repository/Repository.loggingDebug to true.

Note that a lot of SQL statements are outputted. If you want to selectively turn it on and off you can put this in your JSP where you want to start logging SQL.

<dspel:setvalue bean="/betweengo/repository/Repository.loggingDebug"  value="true"/>

And then put this in your JSP where you want to stop logging SQL.

<dspel:setvalue bean="/betweengo/repository/Repository.loggingDebug"  value="false"/>

Note I think this solution only works if you are using a javax.sql.DataSource like in a JBoss configuration.

For ATG’s atg.service.jdbc.FakeXADataSource there are special properties for logging SQL.

Property Description
loggingSQLError logs SQL exceptions as errors
loggingSQLWarning logs SQL warnings received by the pool
loggingSQLInfo logs SQL statements sent by the pool
loggingSQLDebug logs JDBC method calls made by the pool

For debugging purposes most of the time you will just want to set loggingSQLInfo=true.

For further reading please see Configuring ATG Data Sources for Data Import in the ATG Installation and Configuration Guide.

Updating ATG after installing new Java SDK

Recently I upgraded my Java SDK from 1.5.0_08 to 1.5.0_11 to resolve a long path name issue for compiled classes. After doing this I updated the following ATG configuration files to reflect this change.

  1. home/installconfig/config.xml
  2. home/installconfig/configXMLproperties.txt
  3. home/localconfig/dasEnv.bat
  4. uninstall/.ASE2006.3_uninstall/installvariables.properties

locallib classes not loading

To override the classes that would run on the ATG server, one simply copies your new classes into the locallib directory under the correct directory which corresponds to the package. To learn more, Modifying the Environment Settings.

However on an ATG Dynamo 4.5.1 server running on FreeBSD I found the locallib classes were not loading no matter how many times I restarted the ATG Dynamo server. I realized finally by accident that the reason these classes weren’t being loaded was because another ATG Dynamo server was running and because of this the Java process was not releasing its understanding of the CLASSPATH. Only after killing the second ATG Dynamo server process was I finally able to get the ATG Dynamo server to load the new classes.