Oracle Application Server

(1)

Oracle® Application Server

Overview of Oracle Application Server

Release 4.0

(2)

Overview of Oracle Application Server Part No. A60115-01

Release 4.0

The programs are not intended for use in any nuclear, aviation, mass transit, medical, or other inherently dangerous applications. It shall be licensee's responsibility to take all appropriate fail-safe, back up, redundancy and other measures to ensure the safe use of such applications if the Programs are used for such purposes, and Oracle disclaims liability for any damages caused by such use of the Programs.

This Program contains proprietary information of Oracle Corporation; it is provided under a license agreement containing restrictions on use and disclosure and is also protected by copyright, patent and other intellectual property law. Reverse engineering of the software is prohibited.

The information contained in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. Oracle Corporation does not warrant that this document is error free. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Oracle Corporation

If this Program is delivered to a U.S. Government Agency of the Department of Defense, then it is delivered with Restricted Rights and the following legend is applicable:

Restricted Rights Legend Programs delivered subject to the DOD FAR Supplement are "commercial computer software" and use, duplication and disclosure of the Programs shall be subject to the licensing restrictions set forth in the applicable Oracle license agreement. Otherwise, Programs delivered subject to the Federal Acquisition Regulations are "restricted computer software" and use, duplication and disclosure of the Programs shall be subject to the restrictions in FAR 52..227-14, Rights in Data -- General, including Alternate III (June 1987). Oracle Corporation, 500 Oracle Parkway, Redwood City, CA 94065. Oracle is a registered trademark, and the Oracle logo, NLS*WorkBench, Pro*COBOL, Pro*FORTRAN, Pro*Pascal, SQL*Loader, SQL*Module, SQL*Net, SQL*Plus, Oracle7, Oracle Server, Oracle Server Manager, Oracle Call Interface, Oracle7 Enterprise Backup Utility, Oracle TRACE, Oracle WebServer, Oracle Web Application Server, Oracle Application Server, Oracle Network Manager, Secure Network Services, Oracle Parallel Server, Advanced Replication Option, Oracle Data Query, Cooperative Server Technology, Oracle Toolkit, Oracle MultiProtocol Interchange, Oracle Names, Oracle Book, Pro*C, and PL/SQL are trademarks or registered trademarks of Oracle Corporation. All other company or product names mentioned are used for identification purposes only and may be trademarks of their respective owners.

(3)

Web Servers and Application Servers... 1-1 Web Servers ... 1-2 Application Servers ... 1-2 Common Object Request Broker Architecture (CORBA) ... 1-2 Application Logic in the Thin-Client Model ... 1-2 Types of Applications... 1-4 Common Gateway Interface (CGI) Applications... 1-4 Cartridge Servers ... 1-4 JCORBA Applications... 1-5 Enterprise JavaBeans Applications ... 1-5 Application Development... 1-6 Tools Provided with Oracle Application Server ... 1-7 Application Deployment... 1-7 Oracle Application Server 4.0 Features... 1-8 Cartridges ... 1-8 CORBA Applications ... 1-9 Oracle Application Server Administration... 1-9 Resource Management... 1-10 Security... 1-10 Oracle Wallet Manager ... 1-10 Monitoring and Site Management ... 1-10 Failure Recovery ... 1-11

(4)

Apache Listener ... 1-11 Inter-Cartridge Exchange Service... 1-11 Session Service... 1-11 Features New to the 4.0 Release ... 1-12 Oracle Application Server 4.0 Enterprise Edition Features... 1-13 Transaction Service... 1-13 Content Service ... 1-13 Load Balancing... 1-13 ODBC Cartridge... 1-14

2

Oracle Application Server Architecture

Clients... 2-1 Sites... 2-2 Listeners... 2-3 Dispatchers... 2-3 Cartridges Servers and Cartridge Instances... 2-3 Resource Manager Proxy... 2-4 Request Handling... 2-4 Life Cycle of an HTTP Request... 2-5 Life Cycle of a CORBA/IIOP Request ... 2-6

(5)

Preface

Audience

This book is an overview of Oracle Application Server 4.0 for a general audience.

The Oracle Documentation Set

This table lists the Oracle Application Server documentation set.

Title of Book Part Number

Oracle Application Server Administration Guide A60172-01 Oracle Application Server Developer’s Guide A60121-01 Oracle Application Server Installation Guide for Sun SPARC Solaris 2.x A58755-01 Oracle Application Server Installation Guide for Windows NT A58756-01 Oracle Application Server Cartridge Management Framework A58703-01 Overview of Oracle Application Server 4.0 A60115-01 Oracle Application Server Performance and Tuning Guide A60120-01 Oracle Application Server PL/SQL Web Toolkit Quick Reference A60119-01 Oracle Application Server PL/SQL Web Toolkit Reference A60123-01 Oracle Application Server Security Guide A60116-01 Oracle Application Server C API Reference A60122-01 Oracle Application Server C API Quick Reference A60118-01 Oracle Application Server JWeb Toolkit Quick Reference A65162-01

(6)

Conventions

This table lists the typographical conventions used in this manual.

The term “Oracle Server” refers to the database server product from Oracle Corpo-ration.

The term “oracle” refers to an executable or account by that name. The term “oracle” refers to the owner of the Oracle software.

Technical Support Information

Oracle Worldwide Customer Support (WWCS) can be reached at the following numbers:

■ In the USA: Telephone: 1.650.506.1500 ■ In Europe: Telephone: +44 1344 860160 ■ In Asia: Telephone: +81. 3 5717. 1850

Convention Example Explanation

bold oas.h

owsctl wrbcfg

www.oracle.com

Identifies file names, utilities,

processes, and URLs

italics file1 Identifies a variable in text; replace this place holder with a specific value or string.

angle brackets <filename> Identifies a variable in code; replace this place holder with a specific value or string.

courier owsctl start wrb Text to be entered exactly as it appears. Also used for functions.

square brackets [-c string] [on|off]

Identifies an optional item.

Identifies a choice of optional items, each sep-arated by a vertical bar (|), any one option can be specified.

braces {yes|no} Identifies a choice of mandatory items, each separated by a vertical bar (|).

ellipses n,... Indicates that the preceding item can be repeated any number of times.

(7)

Please prepare the following information before you call, using this page as a check-list:

❏ your CSI number (if applicable) or full contact details, including any special project information

❏ the complete release numbers of the Oracle Application Server and associated products

❏ the operating system name and version number

❏ details of error codes and numbers and descriptions. Please write these down as they occur. They are critical in helping WWCS to quickly resolve your prob-lem.

❏ a full description of the issue, including:

■ What - What happened? For example, the command used and its result. ■ When -When did it happen? For example, during peak system load, or

after a certain command, or after an operating system upgrade.

■ Where -Where did it happen? For example, on a particular system or

within a certain procedure or table.

■ Extent - What is the extent of the problem? For example, production

sys-tem unavailable, or moderate impact but increasing with time, or minimal impact and stable.

❏ _{Keep copies of any trace files, core dumps, and redo log files recorded at or} near the time of the incident. WWCS may need these to further investigate your problem.

For installation-related problems, please have the following additional information available:

❏ _{listings of the contents of $ORACLE_HOME (Unix) or %ORACLE_HOME%} (NT) and any staging area, if used.

❏ _{installation logs (install.log, sql.log, make.log, and os.log) typically stored in} the $ORACLE_HOME/orainst (Unix) or %ORACLE_HOME%\orainst (NT) directory.

Documentation Sales and Client Relations

In the United States:

(8)

■ For shipping inquiries, product exchanges, or returns, call Client Relations:

1.650.506.1500. In the United Kingdom:

■ To order hardcopy documentation, call Oracle Direct Response:

+44 990 332200.

■ For shipping inquiries and upgrade requests, call Customer Relations:

(9)

Reader’s Comment Form

Overview of Oracle Application Server 4.0

Part No. A60115-01

Oracle Corporation welcomes your comments and suggestions on the quality and usefulness of this publication. Your input is an important part of the information used for revision.

• Did you find any errors?

• Is the information clearly presented?

• Do you need more information? If so, where?

• Are the examples correct? Do you need more examples? • What features did you like most about this manual?

If you find any errors or have suggestions for improvement, please indicate the topic, chapter, and page number below:

Please send your comments to:

Oracle Application Server Documentation Manager Oracle Corporation

600 Oracle Parkway Redwood Shores, CA 94065

If you would like a reply, please provide your name, address, and telephone number below:

(10)

(11)

1

What is Oracle Application Server?

Oracle Application Server is a collection of middleware services and tools that pro-vide a scalable, robust, secure, and extensible platform for distributed, object-ori-ented applications. Oracle Application Server supports access to applications from both Web clients (browsers) using the Hypertext Transfer Protocol (HTTP), and CORBA clients, which use the Common Object Request Broker Architecture (CORBA) and the Internet Inter-ORB Protocol (IIOP).

Contents

■ Web Servers and Application Servers ■ Types of Applications

■ Application Development ■ Application Deployment

■ Oracle Application Server 4.0 Features

■ Oracle Application Server 4.0 Enterprise Edition Features

Web Servers and Application Servers

Client/server computing architectures are commonly described as having two or more tiers according to how application logic is distributed between client and server. Minimally, a client/server architecture must have a client tier and a server tier. Oracle’s Network Computing Architecture (NCA) is a three-tier computing model in which Oracle Application Server functions as a middle tier, or application tier.

(12)

Web Servers and Application Servers

Web Servers

The World-Wide Web has historically used a two-tier, fat-server model, in which application logic is stored almost entirely on the server side. In this model, Web browsers form the client tier, and HTTP servers with their static HTML pages and Common Gateway Interface (CGI) applications form the server tier. Similarly, cli-ent/server database applications have traditionally been separated into a relatively thin client tier, and a server tier (the database) containing both the application data and the application logic in the form of stored procedures.

Application Servers

Recently, a new three-tier model has emerged that isolates much of the application and “glue” logic in a new middle tier between the client tier and the server tier (database). Oracle Application Server implements this middle tier using CORBA to go beyond the traditional two-tier models of the World-Wide Web and of client/ server database applications.

Common Object Request Broker Architecture (CORBA)

CORBA is an industry-standard model for distributed object-oriented program-ming. It is defined and maintained by the Object Management Group (OMG), an industry consortium.

CORBA specifies the behavior of Object Request Brokers (ORBs). An ORB is respon-sible for routing requests from clients and other ORBs to CORBA objects. Clients communicate with ORBs using the Internet Inter-ORB Protocol (IIOP), instead of HTTP. Oracle Application Server provides a CORBA 2.0-compatible ORB that cli-ents can use to communicate with server-side applications implemented as CORBA objects.

Application Logic in the Thin-Client Model

This diagram shows Oracle Application Server as the middle tier of Oracle’s three-tier Network Computing Architecture (NCA):

(13)

Web Servers and Application Servers

Figure 1–1 Three-tier Oracle Application Server architecture

In this thin-client three-tier architecture, client software (the client tier) is light-weight enough to be downloaded on demand, and does little but present the user interface for a server-side application. The bulk of the application logic is imple-mented either in the middle (application) tier, or is stored in the database, as in the case of PL/SQL procedures.

As the middle tier in a three-tier architecture, Oracle Application Server allows application logic to be implemented in the form of cartridges and cartridge servers (described below in“Types of Applications” on page 1-4).

HTTP clients CORBA clients Dispatcher RM Proxy HTML Documents CGI Applications Cartridge Servers JCORBA Objects IIOP HTTP

TIER 1 TIER 2 TIER 3

RDBMS

The Client Tier The Application Tier The Database

Listener

ORB

(14)

Types of Applications

Oracle Application Server supports the following types of applications:

■ Common Gateway Interface (CGI) Applications ■ Cartridge Servers

■ JCORBA Applications

■ Enterprise JavaBeans Applications

Common Gateway Interface (CGI) Applications

When an HTTP server receives a request for a CGI application, the server launches the application and uses the CGI to deliver the application any accompanying query data. Oracle Application Server fully supports this kind of application. CGI applications are most useful for processing simple forms on a small scale. This type of application, however, has many disadvantages. Every time the HTTP server receives a request for a CGI application, it must start a new process to run the appli-cation. Each CGI application is also restricted to running on a single machine. While this approach is adequate for small-scale deployment, it does not accommo-date a large number of clients without seriously degrading performance.

Cartridge Servers

Oracle Application Server provides a more powerful and efficient kind of server-side application, called a cartridge server. A cartridge server is a shared library that either implements program logic or provides access to program logic stored else-where, such as in a database. A cartridge server is a process in which one or more cartridge instances run. Cartridge instances and cartridge servers are CORBA objects. Unlike CGI programs, cartridge servers do not have to be restarted for each

request. The Oracle Application Server listener and dispatcher components route incoming requests to running cartridge servers based on the current server load. The cartridge server that handles the request does not have to run on the same machine that initially received the request, allowing the dispatcher to distribute the request load across multiple machines. These features allow applications imple-mented as cartridge servers to scale easily and automatically to meet heavy demand.

Applications implemented as cartridge servers also take advantage of the car-tridges bundled with Oracle Application Server, such as the PL/SQL cartridge, which provides access to PL/SQL procedures stored in a database. This approach

(15)

Types of Applications

makes sense for sophisticated, large-scale applications that can benefit from the built-in functionality of Oracle Application Server.

For more information about cartridges and cartridge servers, see the Developer’s Guide.

JCORBA Applications

Oracle Application Server supports CORBA applications in the form of JCORBA applications and Enterprise JavaBeans (EJB) applications. EJB applications are described in the next section.

In the JCORBA model, you deploy components written in Java as CORBA compo-nents. These components, called JCORBA objects (JCO), are Java classes that you package together to form JCORBA applications running in an Oracle Application Server environment. A JCORBA application consists of one or more JCORBA objects.

Instances of JCORBA objects can be instantiated and accessed from different types of CORBA clients such as Java applets, Java applications, web cartridges, and CORBA applications.

JCORBA objects provide the business logic for distributed applications, which run on the server and therefore do not a have GUI or other visual representation. The objects define methods that CORBA clients can invoke to perform some operation. CORBA clients (such as Java applets running on browsers or Java applications) use ORBs to obtain object references for JCORBA object instances. Once a client has an object reference to a JCORBA object instance, it can invoke methods on the instance. You would generally deploy this kind of application with a client applet, or a web front end. In this model, the client uses a Web browser to download and run the applet. The applet uses the ORB built into the browser to communicate with the server-side application using IIOP.

For more information about JCORBA applications, see the Developer’s Guide.

Enterprise JavaBeans Applications

Enterprise JavaBeans (EJB) is a standard introduced by JavaSoft that enables devel-opers to create custom component applications. These applications consist of enter-prise beans developed by yourself or by third parties. The beans provide the business logic in EJB applications.

EJB applications are flexible in that you can use different components from differ-ent vendors. For example, you can use the configuration and managemdiffer-ent software

(16)

Application Development

from one company, the bean container from another company, and the beans from yet another company.

In the application server, EJB applications run in a CORBA environment. This means that the beans themselves are CORBA objects and they can communicate with other CORBA objects. The containers for the beans are also CORBA objects, and they interact with other components of the application server.

EJB applications are managed by the application server. You configure them like you would any other application in the application server. You use the Oracle Application Server Manager to provide values such as the minimum and maxi-mum number of bean instances, the machines on which the applications can run, and the level of logging that is enabled for the application.

For more information about EJB applications, see the Developer’s Guide.

Application Development

Oracle Application Server provides several options for developing applications. The cartridges described in“Cartridges” on page 1-8 provide deployment plat-forms for cartridges written in a particular language.

If you have a large investment in PL/SQL procedures stored in your Oracle data-base, you can use the PL/SQL cartridge to provide clients easy access to these pro-cedures.

If you prefer to develop in Java, you can use the JWeb cartridge to develop Web applications, taking advantage of the JWeb Toolkit to respond to HTTP requests, and the pl2java utility to access PL/SQL procedures stored in the database. If you need to support CORBA/IIOP clients, you can use Java to develop JCORBA objects or EJB objects and deploy them on Oracle Application Server. CORBA objects can be accessed from different types of CORBA clients such as Java applets, Java applications, and CORBA applications.

If you prefer to write Perl scripts, both the Perl and LiveHTML cartridges allow Web clients to access these scripts using HTTP.

If you need to extend the capabilities of your Oracle Application Server installation, you can write applications in the C language and use C cartridges that run in the context of the Oracle Application Server. When you do this, you make use of the WRB (Web Request Broker) API, which enables you to access the features of the application server.

For detailed information about developing cartridges for Oracle Application Server, see Developer’s Guide.

(17)

Application Deployment

Tools Provided with Oracle Application Server

Bundled with Oracle Application Server are the following third-party tools:

■ Symantec Visual Page—HTML editor (single-user license)

■ VitalSigns Net.Medic—Performance monitoring client (30-day trial version) ■ Wallop Build-IT—Web authoring integration tools (single-user license) ■ WebTrends Log Analyzer, Professional Suite, and Enterprise Suite—Usage

tracking and reporting software (60-day trial versions of each product)

■ JavaSoft JDK—Java Development Kit

Application Deployment

Oracle Application Server offers the following features relevant to application deployment:

■ Robustness and fault tolerance—By distributing request handling among many

machines, and among many processes running on those machines, Oracle Application Server avoids single points of failure; sophisticated error detection and automatic recovery features help to minimize the effects of failures when they do occur.

■ Scalability—The distributed architecture and load-balancing capabilities of

Ora-cle Application Server allow you to deploy applications on a large scale, using multiple machines to handle client requests.

■ Security—Oracle Application Server supports security standards such as the

Secure Sockets Layer (SSL) 3.0 and X.509 digital certificates, and provides a flex-ible authentication service for authenticating clients. Oracle Application Server 4.0 Enterprise Edition also supports using a Lightweight Directory Access Pro-tocol (LDAP) directory for certificate-based authentication.

■ Extensibility—You can extend Oracle Application Server’s capabilities by

(18)

Oracle Application Server 4.0 Features

Cartridges

This table describes the cartridges available in Oracle Application Server 4.0. You create applications based on these cartridges.

Table 1–1 Cartridges

Cartridge Description

PL/SQL cartridge Runs PL/SQL stored procedures in Oracle databases. It uses a Database Access Descriptor (DAD) to locate the database to which to connect. The cartridge runs files that contain PL/SQL source code; it loads the contents of the file into the database and exe-cutes the code.

The PL/SQL cartridge comes with the PL/SQL Web Toolkit, which enables you to get information about the request, specify values for HTTP headers such as the content type and cookies, and generate HTML tags.

JWeb cartridge Runs Java applications. The JWeb cartridge contains a Java Virtual Machine that interprets the bytecodes for the Java application. When you configure the cartridge, you specify where the class files for the applications are located.

You can also use the JWeb cartridge to connect to and access data from databases in two different ways: (1) You can use the pl2java utility, which generates Java methods for procedures and func-tions in the database. You can then invoke the methods from your Java application just like regular Java methods; (2) You can use the JDBC interface, which enables you to execute SQL statements. The JWeb cartridge comes with the JWeb Toolkit, which enables you to get information about the request, connect to the database, specify values for HTTP headers such as the content type and cookies, and generate HTML tags.

C cartridge Runs C applications. Use this cartridge to implement callback functions that are invoked by the application server.

The C cartridge comes with the WRB API, which contains func-tions and data structures that you can use to get information about the request, specify values for HTTP headers such as the content type and cookies, and send requests to other cartridges.

(19)

CORBA Applications

Oracle Application Server also supports CORBA applications. See“JCORBA Appli-cations” on page 1-5 and“Enterprise JavaBeans Applications” on page 1-5 for a brief overview; see the Developer’s Guide for details.

Oracle Application Server Administration

Oracle Application Server 4.0 introduces a new management interface, the Oracle Application Server Manager, for administration, configuration, and management. The new interface uses both HTML forms and Java navigation applets to allow an administrator to maintain an entire Oracle Application Server site.

The new administration tools use a Java-based navigational tree to provide a view of the entire site configuration at a glance. To view the navigation applet, your Web browser must be configured to run Java applets.

For more information about the Oracle Application Server Manager, see the Admin-istration Guide.

LiveHTML cartridge Interprets Server-Side Includes (SSI) documents. SSI is a standard that allows you to retrieve dynamic data in an otherwise static HTML document. You use special tags in your document to mark the places where the cartridge will substitute dynamic data. You can also embed Perl scripts in documents for the LiveHTML cartridge to generate dynamic data. This feature lets you generate more complex dynamic data than what is supported by SSI, and embeds programming logic in LiveHTML pages.

LiveHTML Web application objects allow you to reference applica-tion server components in an object oriented manner. You can also invoke methods and change the attributes of objects.

Perl cartridge Runs Perl scripts. The Perl cartridge also comes with several Perl modules including the DBI/DBD, which enables you to access Oracle databases.

Table 1–1 Cartridges

(20)

Resource Management

Oracle Application Server resource management services make applications scal-able by providing automatic load-balancing and failure recovery. Oracle Applica-tion Server 4.0 Enterprise EdiApplica-tion offers more advanced, configurable load-balancing features. See“Load Balancing” on page 1-13.

Security

Oracle Application Server provides authentication and encryption capabilities that enable you to protect applications and static HTML pages from unauthorized users. It supports the following security features:

■ Basic, digest, basic_oracle, and crypt authentication schemes. These

authentica-tion schemes prompt the user to enter a username and password before the requested page is returned or the application is run.

■ IP address and domain name restriction schemes. These restriction schemes

allow only authorized machines to access the page or application.

■ Certificate authentication scheme. The application server connects to a

direc-tory server to verify clients against certificates in the direcdirec-tory server.

For more information on authentication, authorization, and security, see the Secu-rity Guide.

Oracle Wallet Manager

The Oracle Wallet Manager is a Java application that security administrators use to manage public-key security credentials on clients and servers.

Public-key cryptography requires that parties who want to communicate in a secure manner possess certain security credentials. This collection of security cre-dentials is stored in a wallet. A wallet is an abstraction used to store and manage security credentials for the client or the server.

For more information about Oracle Wallet Manger, see the Security Guide.

Monitoring and Site Management

Oracle Application Server provides tools and built-in support for monitoring your site, listeners, and applications. Applications can use the Logging service API to record information in log files. Oracle Application Server also provides support for Common Logfile Format (CLF) and Extended Logfile Format (XLF) system mes-sage formats. The Oracle Application Server Manager provides tools for analyzing

(21)

log files and for tracking and viewing statistics for specific sites, listeners, and appli-cations. These tools also allow you to generate reports on these statistics.

For more information about site management, see the Administration Guide.

Failure Recovery

Oracle Application Server provides enhanced mechanisms for detecting and recov-ering from failures of individual components, such as listeners or cartridge servers. When a component fails, Oracle Application Server detects the failure and restarts the failed component, restoring any preserved state information when possible.

Apache Listener

Oracle Application Server augments Apache sites with improved database, transac-tional, and CORBA services. The application server works with Apache sites to selectively deploy Apache modules as application server cartridges with improved scalability, reliability, and lifecycle management. Apache modules can also run unchanged with cartridges.

Inter-Cartridge Exchange Service

The Inter-Cartridge Exchange (ICX) service enables cartridges to issue requests to and receive responses from other cartridges using a transport-independent, state-less protocol that mimics HTTP. You can use ICX in cases where you can isolate common functionality in one cartridge; other cartridges can use ICX to invoke this cartridge.

For more information about the ICX service, see the Developer’s Guide.

Session Service

The Session service allows cartridges to be set up so that successive requests from a particular client are handled by the same cartridge instance. This allows you to write your cartridge to maintain state across requests submitted by a specific client. For example, if you are creating a shopping cart cartridge, you can enable sessions in the cartridge so that it can remember the items that the client has in his or her shopping cart. Each client has its own cartridge instance, and cartridge instance data is not shared across clients.

(22)

You can enable and manage sessions in two ways:

■ Using the Oracle Application Server Manager. This is called “configurable

ses-sions.”

■ Using the session API to manage sessions. This is called “programmatic

sions.” Programmatic sessions give you more control than configurable ses-sions.

Sessions work with all listeners supported by Oracle Application Server. For more information about the Session service, see the Developer’s Guide.

Features New to the 4.0 Release

Oracle Application Server 4.0 supports these features in addition to those described above:

■ Lightweight Directory Access Protocol (LDAP) support—Oracle Application

Server uses an LDAP directory for certificate-based authentication and role-based authorization. See the Security Guide.

■ WDBC API—You can use this API, based on the C cartridge API, to write a

cus-tom PL/SQL cartridge. See the Developer’s Guide.

■ Single Management Console—Enables you to manage all the nodes on your

site from the same front-end. You do not need to connect to different machines, including listeners on remote nodes.

■ Collapsed Process Model—Allows you to run your system in two modes:

non-collapsed where all OAS system objects run as processes, or non-collapsed where all Oracle Application Server objects run in the same process.

■ Navigational Tree—You can easily move from one configuration page to

another by simply clicking.

■ Multi-Level Management Commands—Use this feature to manage Oracle

Application Server at any level, including a single command to start or stop your entire site, all components on a node, all listeners, or to stop all applica-tions.

■ Monitoring—Allows you to check the status of Oracle Application Server

pro-cesses and objects.

■ Configuration Reload—Enables you to add or delete applications, or change

configuration parameters without restarting the system.

■ Remote Management—Allows you to manage Oracle Application Server from

(23)

Oracle Application Server 4.0 Enterprise Edition Features

In addition to the above features, the Enterprise Edition of Oracle Application Server provides these features:

Transaction Service

The Transaction service enables applications to perform two-phase-commit data-base transactions. The service implements an extended version of the Object Trans-action Service (OTS) model using Java TransTrans-action Service (JTS). OTS is defined by the Object Management Group (OMG), and JTS is defined by JavaSoft. In addition, the application server also supports the Distributed Transaction Processing model, defined by The Open Group.

The transaction model that you use depends on the cartridge you are using. For example, if you are developing applications using the JWeb cartridge, you would use the JTS APIs.

For more information about the Transaction service, see the Developer’s Guide.

Content Service

The Content service provides an API that applications can use to store persistent content data in an Oracle database, or in a file system. For simplicity, this API is similar to the standard UNIX library functions for file system access. Storing con-tent data in a database enhances scalability by allowing multiple cartridge servers running on multiple hosts to access the same content, while relying on the database to resolve access contention.

For more information about the Content service, see the Developer’s Guide.

Load Balancing

In addition to the load-balancing features provided by the Standard Edition (described in the Administration Guide), Oracle Application Server 4.0 Enterprise Edition allows you to configure the following types of load balancing using the Ora-cle Application Server Manager:

■ Weighted Node— Use the HostServerWeight parameter to specify the

percent-age of cartridge servers that should run on each node. For example, if node A is a large, fast machine, you might specify that it run 50% of cartridge servers. If nodes B and C are smaller, less powerful machines, you might assign each 25% of the cartridge server load.

(24)

Oracle Application Server 4.0 Enterprise Edition Features

■ Host Maximum—Use the HostMaxServers parameter to limit the number of

cartridge instances that you run on a per host basis. The limits on each host can be different.

■ Host Minimum—Use the HostMinServers parameter to monitor and adapt to

changes in the cartridge server load, and to distribute the cartridge server load evenly across the nodes.

■ Adding Hosts at Runtime—This features also allows you to add new nodes to

a running system to handle additional loads.

■ Adapting to System Resource Usage— Oracle Application Server monitors

sys-tem resources on each node such as CPU, memory, and swap space usage, and adjusts the cartridge server load on each node accordingly.

For more information about configuring load balancing, see the Administration Guide and the Performance and Tuning Guide.

ODBC Cartridge

The ODBC cartridge allows clients to use HTTP to issue SQL queries to ODBC data-bases such as Sybase or Informix. The cartridge formats and returns query results in the form of HTML tables. Other cartridges can use the ODBC cartridge with the Inter-Cartridge Exchange service.

(25)

2

Oracle Application Server Architecture

This chapter describes how the major components of Oracle Application Server interact to provide a middle tier for server-side applications.

Sites

A site is a collection of Oracle Application Server machines that together form a dis-tributed platform for server-side applications. For each site, a single machine, called the primary node, hosts the broker and Resource Manager (RM) proxy and stores configuration data for the entire site. The other machines that comprise the site are called remote nodes.

Figure 2–1 Oracle Application Server site

For more information about sites, see the Administration Guide.

Remote Node Remote Node Remote Node

Primary Node Remote Node

RM Proxy Cartridge Server Cartridge Server Dispatcher Dispatcher Cartridge Server Cartridge Server Dispatcher Dispatcher Broker

(27)

Cartridges Servers and Cartridge Instances

Listeners

A listener is an HTTP server; Oracle Application Server supports the following lis-teners:

■ Oracle Web Listener (included with Oracle Application Server) ■ Netscape FastTrack Server

■ Netscape Enterprise Server

■ Microsoft Internet Information Server (IIS)

■ Apache

Oracle Application Server provides adapters for each type of listener that allow lis-teners to work together with dispatchers in a tightly integrated way, optimizing performance. Note that the documentation refers to the Oracle Application Server listener as the Web Listener and all other listeners as third-party listeners. Both types of listeners are considered HTTP listeners.

For more information about listeners, see the Administration Guide.

Dispatchers

A dispatcher manages a pool of cartridge instances running on one or more nodes; each cartridge server instance runs one or more cartridge instances (Figure 2–2). There is one dispatcher associated with each listener on each node of a Web site. When a listener receives an HTTP request that does not identify a static HTML page or CGI program, it passes the request to its dispatcher, which assigns a request to a cartridge instance of the appropriate type. This process is described in more detail inRequest Handling below.

For more information about dispatchers, see the Administration Guide.

Cartridges Servers and Cartridge Instances

A cartridge is a shared library that either implements program logic or provides access to program logic stored elsewhere, such as in a database. A cartridge server is a process in which one or more cartridge instances run. A cartridge instance is a CORBA object running within the cartridge server process that executes cartridge code.

(28)

Resource Manager Proxy

Figure 2–2 Cartridge server

Most of the cartridges bundled with Oracle Application Server, such as the JWeb cartridge and the PL/SQL cartridge, provide an API in a particular language and platform for custom applications. The PL/SQL cartridge, for example, provides the PL/SQL Web Toolkit, a collection of PL/SQL procedures that custom applications can use to respond to HTTP requests with database content. The JWeb cartridge provides a similar JWeb Toolkit.

For more information about cartridges and cartridge servers, see the Developer’s Guide.

Resource Manager Proxy

The resource manager (RM) proxy component is responsible for obtaining JCORBA object references on behalf of external clients. There is one RM proxy per site.

Request Handling

Oracle Application Server can handle both HTTP requests from Web browser cli-ents, and CORBA/IIOP requests from CORBA clients by way of a client ORB.

Cartridge Server

Cartridge

(29)

Request Handling

Life Cycle of an HTTP Request

This diagram shows the sequence of events when a Web browser client issues an HTTP request to a server-side application:

Figure 2–3 HTTP request life cycle

The dispatcher maintains a cache of available cartridge instances. When a request arrives for a particular cartridge, the dispatcher routes the request to one of its cached cartridge instances of the appropriate type. If the dispatcher has no such car-tridge instance available, it requests that the Oracle Application Server create a new cartridge server and create the appropriate cartridge instance within that cartridge server. The dispatcher then adds this cartridge instance to its cache and assigns the pending request to it. When the request is complete, the new cartridge instance is available to handle a new request.

Cartridge server HTTP Request Response HTTP Request Response Browser Cartridge Instance Dispatcher Listener

(30)

Request Handling

Life Cycle of a CORBA/IIOP Request

This diagram shows the sequence of events when a Java applet issues a CORBA/ IIOP request to a server-side JCORBA object:

Figure 2–4 CORBA/IIOP request life cycle

When a client requests an object reference, the RM proxy instantiates the requested object (if necessary) within a JCORBA server and returns the reference to the client. The client then uses the object reference to call methods on the object directly.

LISTENER

RM proxy

JCORBA Server

4. Object Reference

3. IIOP Request for Object Reference

1. Request Applet 2. Download Applet

6. Method Call Return 5. IIOP Method Call

Java Applet

JCORBA

Browser

(31)

Glossary

A

access control list (ACL)

A list of groups and users authorized for specific access to an object. Or a list of enti-ties, together with their access rights, which are authorized to have access to a speci-fied resource.

ACID characteristics

A transaction, a collection of operations that work toward a goal that satisfies a sin-gle user need that guarantees everything within the transaction either succeeds or fails, is defined as having ACID characteristics: Atomic, Consistent results, Isolated, and Durable. See the Administration Guide for further information.

adapter layer (ADP)

The interface between the WRB and an HTTP listener.

Advanced Networking Option (ANO)

Oracle Advanced Networking Option operates within the framework of the Net-work Computing Architecture to transparently secure the netNet-work layer for all applications using SQL*Net and Net8. The option extends client/server connectiv-ity in the distributed environment to embrace network services for enterprise-wide communications.

(32)

Apache

A public domain HTTP server derived from the National Center for Supercom-puter Applications.

API

Application Program Interface. A set of exposed data structures and functions that an application can use to invoke services on a component.

applet

A Java program that is callable from Web pages. Like images, most applets are dis-played as part of the Web page. Applets can present special effects, including ani-mation and sound, and allows the user to interact via the mouse or keyboard.

application

A collection of cartridges that provides business logic. An application contains one or more cartridges, and within an application, all the cartridges must be derived from the same cartridge type. See the Developer’s Guide for more information. See alsocartridge.

authentication

The process of proving identity, thereby allowing access to an application or docu-ment. When access to an application or document is protected by an authentication scheme, the client sends identification information to the server, which checks if the client is authorized to access the object. Oracle Application Server supports the fol-lowing types of authentication:

■ basic authentication ■ digest authentication ■ basic_oracle authentication ■ certificate authentication ■ crypt authentication

authorization broker

The portion of the authorization server that responds to and evaluates authoriza-tion requests.

(33)

Glossary

authorization provider

An object that specifies all of the realms used to implement a particular security scheme.

authentication server

An object that encapsulates the authentication performed against cartridges. An authentication server consists of one authentication broker and several authentica-tion providers.

B

base directory

The directory to which URL-encoded pathnames addressed to a specific port are appended. For example, if the base directory is /public_html, the URL http:// www.blob.com/file is converted to /public_html/file.

basic authentication

A username/password-based authentication scheme that does not encrypt pass-words when sending them over the Internet. Basic authentication is much less secure than digest authentication. See alsodigest authentication andauthentication.

basic_oracle authentication

An Oracle-specific authentication scheme. In the basic_oracle (or database) authen-tication scheme, you define realms, groups, and users. This is similar to the basic or digest schemes. The difference is that instead of listing the users in each group, you associate a group with an Oracle database. The authentication succeeds if the user-name/password provided by the user can be used to log into an Oracle database associated with the groups in the realm. If the login succeeds, the user is then logged out of the database.

browser client

A client that accesses cartridges via a URL over HTTP.

C

cartridge

A cartridge consists of code that executes application logic, and also configuration data that enable it to locate the application logic.

(34)

For example, the PL/SQL cartridge contains code that enables it to connect to Ora-cle databases and execute PL/SQL stored procedures in the database. The configu-ration data in the cartridge contains information such as which Oracle database to connect to and what username/password to use in order to run that stored proce-dure. Cartridges also enable your application to communicate with other compo-nents of the application server. See the Developer’s Guide for more information. See alsoapplication.

cartridge factory

An object that can start up cartridge instances within the cartridge server.

cartridge server

A process that runs one instance of an application. Each application and its car-tridges runs within a cartridge server process, and each cartridge server process can run only one application. You can equate cartridge servers with applications. See the Developer’s Guide for more information.

cartridge server factory

A process that starts up cartridge servers.

certificate

A formatted data item signed by a trusted third party to attest to the validity of the item’s information. Public-key certificates use a CA’s signature to attest that the enclosed public key belongs to the principal identified by the enclosed name.

certificate authentication

A method of authentication in which users identify themselves using X.509 v3 cer-tificates. The application server reads the certificate and checks if the user specified by the certificate is in the allowed portion of the directory server.

Certificate Revocation List (CRL)

A list of certificates that have been revoked before their scheduled expiration date. CRLs only list current certificates, since expired certificates should not be accepted in any case; when a revoked certificate is past its original expiration date, it is removed from the CRL.

certifying authority (CA)

A trusted third party that vouches for the identity of an individual, company, or server and signs a certificate. For example, VeriSign, Inc. (http://www.veri-sign.com) is such an authority.

(35)

Glossary

CGI

Seecommon gateway interface (CGI).

client

A user, software application (such as a browser), or computer that requests the ser-vices, data, or processing of another application or computer (the “server”).

collapsed process model

You can select a collapsed or non-collapsed process model for running Oracle Application Server. Under the collapsed model, several processes, such as the authentication server (wrbsarv) and monitoring daemon (wrbmon), are combined into one process.

The collapsed model has smaller memory requirements since the number of pro-cesses running is less than when you use the non-collapsed model. For more infor-mation about performance issues while using the collapsed process model, see the Performance Guide.

common gateway interface (CGI)

The industry-standard technique for transferring information between a Web server and any program designed to accept and return data that conforms to the CGI specifications.

common logfile format (CLF)

An industry-standard format for transaction log files. The Web Listener uses this format to log transactions. See alsoinfo file.

common object request broker architecture (CORBA)

An industry standard for allowing code modules called “objects” to communicate with one another regardless of the programming language in which they are writ-ten or the operating system on which they are running. With CORBA, objects are managed by the Object Request Broker (ORB). See alsoObject Request Broker (ORB).

content service

A framework for a document repository where cartridges can store, retrieve, and share documents.

(36)

cookie

A text string that is entered into the memory of a browser. The string contains the domain, path, lifetime, and other variables.The information inserted by the server into the client’s browser tracks what the client has been doing. Cookies can either expire when the user exits the browser or at a date specified by the creator of the cookie.

CORBA cartridge

A cartridge instance which exposes an IDL interface to developers and clients. Such a cartridge is accessed via an object reference over IIOP.

CORBA cartridge server

A cartridge server that hosts one or more instances of CORBA cartridges. The implementation of all CORBA cartridge instances in a CORBA cartridge server must be in the same language.

CORBA object

This is a generic term for a server-side program that conforms to the OMG Com-mon Object Broker Request Architecture specification. Objects can be written in any language, deployed on any machine, and can exist locally or over a wide-area net-work.

crypt authentication

A method of providing UNIX style encryption of usernames and passwords, and to authorize access to static pages and Web cartridges. Crypt reads usernames and encrypted passwords from a user defined file name, for example /tmp/foo, as opposed to the wrb.app file.

D

database access descriptor (DAD)

A set of values that specify how a PL/SQL cartridge connects to an Oracle database server to fulfill an HTTP request. Each PL/SQL cartridge is associated with a DAD. The information in the DAD includes the username (which also specifies the schema and the privileges), password, connect-string, error log file, standard error message, and NLS parameters such as NLS language, NLS date format, NLS date language, and NLS currency.

database authentication scheme

(37)

Glossary

digest authentication

An authentication scheme that encrypts passwords before sending them over the Internet. See alsoauthentication andbasic authentication

digital signature

A “signature” attached to an electronic document that reliably identifies the author or sender, and guarantees that the document has not been tampered with.

dispatcher

A dispatcher manages a pool of cartridge instances running on one or more nodes. There is one dispatcher associated with each listener on each node of a Web site. When a listener receives an HTTP request that does not identify a static HTML page or CGI program, it passes the request to its dispatcher, which assigns a request to a cartridge instance of the appropriate type.

distributed transaction processing (DTP)

The protocol that facilitates a two-phase commit with multiple databases in a trans-action.

domain-based restriction

A restriction scheme that allows or denies access to files based on the client machine’s domain name. See alsorestriction orIP-based restriction.

E

EJB Application

A way of deploying CORBA objects written in Java on Oracle Application Server. Objects deployed in this way have the same management features as cartridges.

encryption

The practice of scrambling (encrypting) data in such a way that only an intended recipient can unscramble (decrypt) and read the data. See alsopublic-key encryp-tion andshared secret-key encryption.

Enterprise JavaBeans (EJB)

This is an industry-standard tool proposed by Sun Microsystems to leverage the component model of JavaBeans for server-side development.

(38)

Extended Logfile Format (XLF)

XLF is an improved format for Web Server login since it is extensible, permitting a wider range of data to be captured. XLF allows you to configure the logger to gener-ate different statistics of HTTP requests such as the IP address of clients, methods of the HTTP requests and response headers such as user agent and accept.

F

failure recovery

A system of failure detection and recovery in Oracle Application Server. Rather than putting the burden on a single component to do the failure detection and recovery of all components, Oracle Application Server uses a distributed failure detection and recovery mechanism. Components of Oracle Application server mon-itor each other so that automatic recovery is possible.

G

genreq

A utility you can use to generate a request for a certificate. You can submit the gen-erated request to acertifying authority (CA).

I

identity-based access control (IBAC)

The use of digital IDs to control access to a resource.

info file

A file to which a Web Listener logs its transactions on a particular port. There is one info file for each port on which the Web Listener accepts connections. The info file is in Common Logfile Format.

inheritance

The process by which one class acquires the properties of another.

initial file

The name of the HTML file that Oracle Application Server returns by default when a URL request specifies only a directory name.

(39)

Glossary

Interface Definition Language (IDL)

A language defined by OMG (www.omg.org) that you use to specify the public interfaces for CORBA objects.

inter-cartridge exchange (ICX)

A service that allows a cartridge to invoke another cartridge. The cartridges can be from the same or a different application.

Internet inter-ORB protocol (IIOP)

An Internet transport protocol used by CORBA objects. In the context of Oracle Application Server, IIOP is used by JCORBA and EJB objects. IIOP is also used between Oracle Application Server components.

IOR

Interoperable Object Reference. This string is unique for each object reference. You may pass this string to an API to determine the actual object reference.

IP-based restriction

A restriction scheme that allows or denies access to files based on the client machine’s IP address. See alsorestriction.

J

JavaBeans

A portable platform-independent component model that enables developers to write reusable components once and run them anywhere. See alsoEnterprise Java-Beans (EJB).

Java IDE

A third-party Java integrated development environment used for developing and debugging non-Oracle Application Server portions of a Java application.

Java Interpreter

A program that interprets and executes Java bytecode independently of a Web browser.

Java Virtual Machine

(40)

JCO objects

SeeJCORBA objects.

JCORBA objects

A way of deploying CORBA objects written in Java on Oracle Application Server. Objects deployed this way have the same management features as cartridges.

JDBC

A package that provides connectivity to databases from within Java.

Java Transaction Service (JTS)

It provides the services necessary for applications and databases to become part of a transaction. JTS is the Java version of OTS.

just-in-time (JIT) compilation

The process by which the Java Virtual Machine keeps a copy of native code that it generates from bytecode the first time a method is encountered. Subsequently, when the method is run, the JIT uses the native code without having to interpret the method, resulting in a boost in performance.

JWeb cartridge

A Web cartridge instance in which the application logic is provided in Java.

JWeb Toolkit

A group of Java classes provided with Oracle Application Server to make it easier to interface to the application server and generate dynamic HTML using Java.

K

key pair

A pair of mathematically related keys (a public key and a private key) associated with a user and used in public-key encryption.

(41)

Glossary

L

light weight directory access protocol (LDAP)

A protocol that allows clients to access information from a directory server. This protocol enables corporate directory entries to be arranged in a hierarchical struc-ture that reflects geographic and organizational boundaries. In the context of Ora-cle Application Server, you can protect URLs by associating them with a certifying authority (CA). The CA accesses a directory server, possibly over SSL, to check if the user has a certificate that allows execution of the URL.

LiveHTML

Oracle’s extension of the industry-standard Server-Side includes (SSI) functionality. LiveHTML files supplement HTML with instructions that the LiveHTML cartridge executes before transmitting the page to the browser. These instructions specify material that is to be included in the generated page. The material can include other Web pages, environment variables, and the output of programs executed on the server. The programs may, but need not, conform to the CGI standard.

M

master agent

The process on an SNMP-managed node that accepts queries from the manage-ment framework and communicates with the elemanage-ments to be managed in order to answer the query.

memory mapping

The practice of mapping an open file directly into the address space of a Web Lis-tener process. This speeds file access and allows multiple clients to access the same file simultaneously without making a separate copy for each client.

migrate

(third-party HTTP servers) To transfer configuration information from a third-party HTTP server to the Oracle HTTP server. If you currently use a third-party HTTP server, such as Netscape, but you want to use the Oracle HTTP server that ships with Oracle Application Server instead, you should migrate your Netscape configu-ration to the Oracle HTTP server.

(new versions of Oracle Application Server) To move from a previous version of Oracle Application Server to the current version.

(42)

MIME

SeeMultipurpose Internet Mail Extensions (MIME).

MIME type

A file format defined by the Multipurpose Internet Mail Extensions standard. Sev-eral RFCs define MIME. See http://www.oac.uci.edu/indiv/ehood/MIME/

MIME.html.

multi-node installation

An Oracle Application Server installation that includes one primary node and at least one remote node. You may install listeners and cartridges on remote nodes for load balancing purposes. See alsoprimary node andremote node (installation).

Multipurpose Internet Mail Extensions (MIME)

A message format used on the Internet to describe the contents of a message. MIME is used by HTTP servers to describe the type of file being delivered.

O

Object Management Group (OMG)

A consortium with a membership of more than 700 companies. The organization’s goal is to provide a common framework for developing applications using object-oriented programming techniques. OMG is responsible for the CORBA specifica-tion. The URL is http://www.omg.org.

Object Request Broker (ORB)

In CORBA, an Object Request Broker (ORB) acts as a “broker” between client request for a service from a distributed object or component and completion of that request. Having ORB support in a network means that a client program can request a service without having to understand where the server is in the distributed net-work or exactly what the interface to the server programming looks like.

Object Transaction Service (OTS)

It provides the services necessary for applications and databases to become part of a transaction. See alsoJava Transaction Service (JTS).

OCI

(43)

Glossary

Open DataBase Connectivity (ODBC)

A standard or open application programming interface for accessing a database. The goal of ODBC is to make it possible to access any data from any application, regardless of which database management system(DBMS) is handling the data. ODBC manages this by inserting a middle layer, called a database driver, between an application and the DBMS. The purpose of this layer is to translate the applica-tion’s data queries into commands that the DBMS understands.

optimal flexible architecture (OFA)

A directory structure which ensures a logical division of product and configuration files. In this structure, you can easily upgrade product files without affecting config-uration files. The basic concept of OFA is to separate data, configconfig-uration files, and executables.

Oracle Application Server Manager

A collection of HTML forms and Java navigational applets to allow an administra-tor to maintain an Oracle Application Server site

ORACLE_HOME

Environment variable that indicates the root of the Oracle Server code tree. This refers to the place where Oracle software is installed.

Oracle Web Agent (OWA)

A term from an earlier release of this product. OWA is now called the PL/SQL car-tridge. For the sake of compatibility, the string “owa” is still used in various places in the product.

OWA

SeeOracle Web Agent (OWA).

P

package

A group of PL/SQL and Java functions and procedures.

parsable file

A file located on Oracle Application Server that contains instructions that the server interprets prior to transmitting the file as a Web page. This is part of the Live-HTML functionality. See alsoLiveHTML.

(44)

PL/SQL cartridge

A cartridge that interfaces to the Oracle Server. The cartridge can run stored proce-dures within the database and return dynamically generated pages that contain data from the database.

PL/SQL Web Toolkit

A bundle of PL/SQL packages, provided with Oracle Application Server, that make it easier to generate HTML using PL/SQL. Applications written for either the PL/SQL cartridge or the JWeb cartridge can use these packages. Also referred to as the PL/SQL Toolkit.

primary node

Where the WRB and configuration files are stored. The host where the WRB and configuration files are stored is called the primary node in a multi-node configura-tion. A primary node contains the same components as a single-node, but a pri-mary node has one or more remote nodes associated with it. See alsoremote node (installation) andmulti-node installation.

private key

A key used by a limited number of communicating parties to decrypt data encrypted with a public key. See alsopublic-key encryption.

public key

A key known to all users, used to encrypt data in such a way that only a specific user can decrypt it. See alsoprivate key andpublic-key encryption.

public-key encryption

A form of encryption that uses a key pair (a public key and a private key) to encrypt and decrypt data.

R

RC4, RC5

RSA encryption algorithms.

realm

A group of users and groups assigned by an authentication scheme to regulate access to specific files or directories.

(45)

Glossary

remote node (installation)

A type of installation that allows you to specify which components of Oracle Appli-cation Server (WRB, listener or cartridges) you want for a specific node. In a distrib-uted multi-node installation, you set up one primary node and one or more remote nodes. Remote nodes can be of one of the following types:

■ Cartridge only node ■ Listener only node

■ Cartridge and listener node

restriction

A security scheme that restricts access to files provided by Oracle Application Server to client machines within certain groups of IP addresses or DNS domains.

S

shared secret-key encryption

A form of encryption that uses a single key both to encrypt and to decrypt a docu-ment. Shared secret-key encryption is much faster than public-key encryption, but is more vulnerable to attack.

secure sockets layer (SSL)

An emerging standard for the secure transmission of hypertext documents over the Internet using HTTP secure (HTTPS). SSL uses digital signatures to ensure that transmitted data is not tampered with.

security scheme

It prevents unauthorized users from accessing protected files or applications. Ora-cle Application Server supports bothauthentication schemes andrestriction schemes.

(46)

Oracle Application Server supports the following types of authentication: ■ basic authentication ■ digest authentication ■ basic_oracle authentication ■ certificate authentication ■ crypt authentication

The following restriction schemes are supported:

■ IP-based restriction ■ domain-based restriction

server

There are two types of servers relevant to this product. The first is Oracle Server, which is a relational database server dedicated to performing data management duties on behalf of clients using any number of possible interfaces. The other is Ora-cle Application Server which is a collection of middleware services and tools that provide a scalable, robust, secure, and extensible platform for distributed, object-oriented applications. Oracle Application Server supports access to applications from both Web clients (browsers) using the Hypertext Transfer Protocol (HTTP), and CORBA clients, which use the Common Object Request Broker Architecture (CORBA) and the Internet Inter-ORB Protocol (IIOP).

server-parsable

Seeparsable file.

session key

A secret key used by SSL to encrypt data transmitted over a secure connection. The client generates the session key after Oracle Application Server authenticates itself and communicates it to Oracle Application Server using public-key encryption.

Simple Network Management Protocol (SNMP)

A set of protocols for managing complex networks. The versions of SNMP were developed in the early 1980s. SNMP works by sending messages, called protocol data units (PDUs), to different parts of a network. SNMP-compliant devices, called agents, store data about themselves in Management Information Bases (MIBs) and return this data to the SNMP requesters.

(47)

Glossary

single-node installation

The installation of an application server on a single machine. Seemulti-node instal-lation.

software upgrade

It overlays binary files preserving the configuration files.

SSL

Seesecure sockets layer (SSL).

stored procedure

A set of PL/SQL instructions that are stored in a database.

subagent

A process that receives queries for a particular managed element from the master agent and sends back the appropriate answers to the master agent.

T

transaction service

A WRB service that enables you to perform transactions that span several HTTP requests. The transaction service is based on the XA open model transactions defined by the X/Open Company.

U

uniform resource identifier (URI)

The generic term for all types of names and addresses that refer to objects on the World Wide Web. A URL is one kind of URI.

uniform resource locator (URL)

A URL, a form of URI, is a compact string representation of the location for a resource that is available via the Internet. It is also the text-string format clients use to encode requests to Oracle Application Server.

(48)

V

virtual machine (VM)

The mechanism Java uses to achieve its high portability. Java bytecode is executable by any Java Virtual Machine running on any actual machine. The VM converts the bytecode to the native code for the machine at hand.

virtual pathname

In a virtual file system, a virtual pathname is a synonym that the virtual file system maps to a file stored in the file system maintained by the host machine’s operating system.

W

Web cartridge

A cartridge instance that does not expose an IDL interface to the cartridge devel-oper or to the client. Currently, such a cartridge is accessible only via a URL.

Web Request Broker (WRB)

A CORBA-based mechanism for dispatching, load balancing, and adding third-party extensions that are independent of and work with a number of HTTP servers. This is the core of Oracle Application Server architecture. The WRB passes HTTP requests that require the running of server programs to various processes (WRB Executable Engines or WRBXs) that continuously run and await such requests. The WRB also includes an open API, so you can run your own server programs under it. The WRB is a more efficient alternative to the industry-standard CGI, but it can process requests that use CGI environment variables.

WRB

SeeWeb Request Broker (WRB).

WRB API

An open API used for writing server-side Web applications using the WRB.

X

XLF