At my workplace we are about to start with migrating a decent amount of users from Exchange/Outlook to Notes 9. Yes, this still happens and I am quite excited about that ;-)
After a user has been migrated we want to provide access to useful information. What we already have is explaining general things like FAQs about using Mail and Calendar, enable Out of Office, Signature etc...
On top of that, I thought it would be helpful if we provided a jump-start guide explaining a few key differences between Notes and Outlook. I have to admit that in the 18 years of my Notes & Domino carreer I haven't really touched Outlook - neither at work not for personal reasons... In other words: I have no experience with Outlook and therefore I cannot be very helpful in depicting differencs between both systems.
So I would like to ask you to share your experience in what Outlook users struggle most with when switching over to Notes & Domino.
How do users work with Outlook and what adjustment problems do they have when using Notes?
What is missing in Notes and what can we offer as a substitute (public folders...)?
Looking forward to your feedback :-)
Wednesday, 18 March 2015
Tuesday, 17 March 2015
Apply Java Permissions to Domino Agents at runtime - again ;-)
This post is supposed to be read by developers only. Admins, please move on ;-)
I have an agent which is used to make SFTP file transfers from Domino to our corporate SAP system. It's an interesting project and I am exploring new stuff on a daily basis :-)
One technical issue I had to solve was this:
The agent opens an SFTP session on a remote host. Unfortunately this is forbidden by Java Policies specified in the java.policy file of the JVM of the Domino server.
The error is
java.lang.SecurityException: not allowed to make a socket connection to MYHOST.MYDOMAIN.COM,-1
So I started to dig into java.policy and java.pol files. And to be honest I was not that much pleased about the whole thing. At first I started to grant ANY permissions in the global section of my policy file:
This works but it goes a bit over the top for a productive environment... Therefore I started to tweak the policies to only allow one specific application the network operations required to do the job. Honestly, it's been painful... I think I got it more or less configured properly. But given the fact that we run the application in three different environments (DEV/TEST/PROD) on multiple servers I hardly could imagine a proper rollout scenario. I always thought one of the major strengths of domino and NSF was that usually the design and resides in a single database - and the configuration usually resides in the application, a few system databases (+ notes.ini).
There must be an easier way to grant my code the execution rights it needs.
I finally found a solution to grant my code the needed execution rights at runtime of the agent. There is a whole Java package for handling the permissions - and in my particular case I was looking for SocketPermissions. The code to grant a socket permission is pretty straight forward:
This will allow my code to make a network connection to the specified host on the specified port. There might be neater solutions to that problem and not every admin would be happy about that. In my opinion it is not very consistent for what you need to grant permissions in policy files (like network connects) but on the other hand file handling can be allowed on the agent security (Allow restricted operations).
I have an agent which is used to make SFTP file transfers from Domino to our corporate SAP system. It's an interesting project and I am exploring new stuff on a daily basis :-)
One technical issue I had to solve was this:
The agent opens an SFTP session on a remote host. Unfortunately this is forbidden by Java Policies specified in the java.policy file of the JVM of the Domino server.
The error is
java.lang.SecurityException: not allowed to make a socket connection to MYHOST.MYDOMAIN.COM,-1
So I started to dig into java.policy and java.pol files. And to be honest I was not that much pleased about the whole thing. At first I started to grant ANY permissions in the global section of my policy file:
grant {
...
permission java.security.AllPermission;
...
};
This works but it goes a bit over the top for a productive environment... Therefore I started to tweak the policies to only allow one specific application the network operations required to do the job. Honestly, it's been painful... I think I got it more or less configured properly. But given the fact that we run the application in three different environments (DEV/TEST/PROD) on multiple servers I hardly could imagine a proper rollout scenario. I always thought one of the major strengths of domino and NSF was that usually the design and resides in a single database - and the configuration usually resides in the application, a few system databases (+ notes.ini).
There must be an easier way to grant my code the execution rights it needs.
I finally found a solution to grant my code the needed execution rights at runtime of the agent. There is a whole Java package for handling the permissions - and in my particular case I was looking for SocketPermissions. The code to grant a socket permission is pretty straight forward:
String hostAndPort = "myhost.mydomain.com:22";
SocketPermission p = new SocketPermission(hostAndPort,
"accept,connect,resolve");
This will allow my code to make a network connection to the specified host on the specified port. There might be neater solutions to that problem and not every admin would be happy about that. In my opinion it is not very consistent for what you need to grant permissions in policy files (like network connects) but on the other hand file handling can be allowed on the agent security (Allow restricted operations).
Labels:
Coding,
Configuration,
Domino,
IBM,
Java,
java.policy,
Security
Subscribe to:
Posts (Atom)