2 Replies Latest reply on May 12, 2005 2:21 PM by Jeff Gordon

    JBoss at ChemConnect

    Jeff Gordon Newbie

      A new security patch that incorporates fixes for:
      JACC incorrect when checking auth for WebResourcePermission
      AbstractWebDeployer doesn't add WebRoleRefPermission to JACC
      Authentication exception, principal=null initially on login
      The previous HttpServletRequest.isUserInRole Security Patch

      is available from here:

      The contents of the tomcat50-service-patch.zip should be unzipped from within the deploy/jbossweb-tomcat50.sar directory of every configuration to create the following entries:

      [starksm@banshee9100 deploy]$ jar -tvf tomcat50-service-patch.zip
      [starksm@banshee9100 deploy]$ jar -tvf tomcat50-service-patch.zip
      148754 Thu Dec 16 20:10:26 PST 2004 tomcat50-service.jar
       0 Thu Dec 16 21:28:54 PST 2004 conf/
       38890 Thu Dec 16 21:28:54 PST 2004 conf/web.xml

        • 2. Re: JBoss at ChemConnect
          Jeff Gordon Newbie

          ----- Original Post -----

          I know this is kind of an obscure area of the forums but these are questions and responses based on a request from the JBoss PR folks quite some time ago and since nothing ever became of it I thought I would share it here.

          JBoss has been an absolutely outstanding product and I continue to look at new ways to integrate it into our architecture. Some of this sounds like advertising, but as I mentioned it's just the responses to questions posed and I figured it's best just to share them in full.

          Jeff Gordon
          Senior Application Architect
          Connectivity Solutions
          ChemConnect, Inc.

          * Can you please provide an overview of your company, product, its target market, etc?

          ChemConnect was founded in 1995, and has since established itself as a leader in helping companies optimize their purchasing and sales processes for chemical feedstocks, chemicals, plastics, and related products through the use of e-commerce. The company is committed to innovating and improving transaction processes for buyers and sellers in multiple industries around the world.

          Using innovative ChemConnect Solutions -- based on a unique combination of market information, industry expertise, e-commerce tools and services, and an active network of trading partners -- more than 9,000 Member companies from 150 countries can access reliable market information, reduce process inefficiencies, and improve profitability.

          * What is your position/title? What are you responsible for?

          I am the Senior Application Architect for the Connectivity Solutions and I'm responsible for architecture and design as well as a hefty amount of coding. The Connectivity Solutions consist of an XML messaging hub (Envera Hub) delivering supply chain documents to and from ERP systems or via an internal account for browser access through a web application called Envera Direct (ED). Additionally, another web application integrated in "ED" is called Customer Self-Serve (CSS) allows customers to see all documents they have sent and received through the Envera Hub.

          * How long have you used JBoss and why did you start using it?

          Our product is built entirely in Java and our development group has long been a fan of open source products. We have chosen and participated in many open source projects such as; Xerces, Xalan, BouncyCastle, Axis, DOM4J, Ant, Junit, and of course JBoss. We started early in our product life cycle (about 5 years ago) evaluating various application servers to deploy our product on, and at least for the past few years JBoss stood out as favorite among the developers. However, our corporate climate and customer expectations dictated that a "name brand" product be used, but a development version running on JBoss was always around and well tested.

          Around 2 or 3 years ago we deployed our web application entirely on an early version of 2.x JBoss and it has been a rock solid performer ever since. The web application is now running 2.4.x on Solaris with an Apache front end and we have not had any problems to speak of.

          The hub application consists of a set of DMZ and application servers all running JBoss 3.0.x under Java 1.4.1 on Solaris. This architecture has been in place in our QA environment since April 2003 and was in production four months later. In evaluating our DMZ needs, we wanted to use a Java-based web server that could use a standard keystore to provide client authentication for SSL. As digital certificates for new or existing customers change or get added to our "Certificate Store", new keystore files are generated and deployed to the DMZ boxes to drastically reduce the maintenance inherent in certificate-based systems. JBoss being bundled with Jetty was a perfect solution for our needs.

          I also started a project to use JBoss to house an "information hub" for our on-line commodities trading application for distribution and retrieval of trading data. The event-driven hub consolidates and delivers information to a variety of subscribers in multiple protocols such as; e-mail and instant message to users watching trading activity, XML to ERP and risk management systems on deal completion, and binary to Bloomberg for real-time and summarized product pricing data. This system has been in production since September 2003 and to date we have had excellent performance and no problems with it.

          * Was anyone else involved in the decision to use JBoss? Did you have to "sell" it to your management team? If so, how did you go about doing this?

          Performance, cost, and ease of code deployment are the key factors that drove the decision to deploy JBoss. The management team was part of the decision, but the judgment of the technical team and problems with the old application server were the driving factors in finally getting JBoss initially deployed to production. Since our initial usage, it sells itself and I wouldn't consider deploying on anything else.

          * What version of JBoss are you using?

          2.4.x for our web application and 3.0.x for our hub application. Nukes is on the table with 3.2.3 for the possibility of porting our CSS/ED application to provide a more easily managed and community oriented place for customers to visit.

          * What integration/application development problem does JBoss help you solve? How important is it to your work?

          A big development plus is that JBoss has such a light footprint and a file system directory is just about all that's required to run it, so our developers can have a local JBoss servers for prototypes, proof of concept, or items that you know may affect other development work.

          * What other software and hardware is JBoss used in conjunction with?

          We typically develop using Solaris servers, but our shop has multiple copies of JBoss running on Windows and Linux desktops as well. Our customer facing communication channel is almost entirely HTTPS so other products are not a big concern. We have customers using webMethods, BizTalk, WebLogic, SAP, and other applications as well as a variety of browsers.

          * What do you think about the software's performance? What are the main benefits of using JBoss?

          Performance is outstanding, and code deployment has become trivial. Not having to restart a production server when new code is deployed solves a major maintenance problem of having to mess with load balancers, deploy code, restart application servers, change the load balancer settings, and so forth until all the servers are updated. For a 24x7 availability goal deploying new code should not add any downtime, and with JBoss it doesn't.

          * How many other employees and what kinds of employees use the product?

          We have a couple development teams across our product lines using JBoss.

          * Did you explore other competing technologies? Did JBoss replace another application server? If so, which one? If not, what were you using before JBoss?

          As described earlier, we evaluated multiple application servers and were using one in particular that was chosen for political reasons. It was a large name brand that wrapped Apache JServ into their own product.

          * Are there any drawbacks?

          We have not found any drawbacks so far. Many critics would probably complain about the absence of technical support with an open source product, but I have yet to come across a problem that a Google search or news group posting can't solve. The JBoss Group has also been more than willing to assist with any issues should a technical support contract be part of a corporate need.

          * Do you have a services contract with JBoss as well? What has been your experience with JBG services? Have you used them to help you with anything significant or specific?

          We have not used these services.

          * Can you estimate the return on investment (ROI) of JBoss and JBoss Group at your organization, either in time or cost savings?

          Cost savings specific to JBoss are difficult to measure. JBoss facilitated much of our savings, but was not solely responsible. I can say that given good-economy prices of some products and licenses that were replaced by our JBoss enabled applications, we are saving around $500,000.00 a year.

          * What publications do you read?

          Lately I seem to read only on-line articles concerning specific technologies or initiatives I am working on or thinking about. I usually end up just searching the web and reading from whatever sites show up in the results.