P. 1
eoug2000_paper60_1.0

eoug2000_paper60_1.0

|Views: 2|Likes:
Published by Karthik_Nallap_6853

More info:

Published by: Karthik_Nallap_6853 on Jul 15, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less

07/15/2012

pdf

text

original

WEB PUBLISHING USING PL/SQL AND JAVA Eric Grancher, Eric.Grancher@cern.

ch CERN (European Organization for Nuclear Research), http://www.cern.ch/, Switzerland

1. Summary
At CERN, as increasingly elsewhere, server based applications using the PL/SQL cartridge and Java are preferred as they make minimum demands on the client and ease maintenance. The PL/SQL cartridge, the original method offered by Oracle, has proved reliable and effective. We have used it to build web applications for more than four years. Newer applications are using Servlets together with the application server. This paper presents the different techniques that we designed and the pitfalls that we encountered in diverse projects such as a technology transfer database, a product management tool and a system to keep track of physics events. Important considerations are security, ease of maintenance, transaction handling and modularity. Most of the experience has been gained using the PL/SQL cartridge and this will be contrasted and compared with the newer Java techniques…

2. Introduction
The Oracle Application Server PL/SQL cartridge is one of the techniques provided by Oracle to publish database-oriented content on the Web. It is based on PL/SQL, Oracle’s proprietary procedural language. First versions have been released in 1995 and it has since had a lot of success. A few years ago, Sun Microsystems introduced Java as a language with the following main characteristics: object orientation, no pointer arithmetic, and compilation into a machine independent bytecode that is executed in a virtual machine. The Java Servlet technology is a standard Java Application Programming Interface defined by Sun for creating dynamic content and for extending the functionality of a web server. In this paper, we will describe the foundations of these two techniques and compare some of the key features for dynamic content oriented sites: security, transaction mechanism and manageability. We will also present some various features only available in the Servlet technology and give some advice, including presentation of some tools. This paper is by no mean a guide to PL/SQL nor to Java/JDBC/Servlet programming, many sites and books are available for this purpose: for the PL/SQL cartridge, I would especially recommend PL/SQL programming (Steven Feuerstein, 1995)1; for Servlet programming, I would advise Professional Java Server Programming (Danny Ayers and al, 1999)2.

2.1. How the PL/SQL cartridge works
The PL/SQL cartridge has been the building block for the Oracle Application Server, it was the only “cartridge” in the Oracle Web Server version 2, which has evolved in Oracle Web Application Server version 3 and that we finally know as Oracle Application Server version 4. The main idea with the PL/SQL cartridge is that the request is mapped into a connection to a database where a procedure is called, the output of the procedure is returned to the navigator. The key component in the PL/SQL cartridge is the Database Access Descriptor, which is the reference of the Oracle account to be called. In the OAS configuration, a virtual path is mapped to a DAD. Default is that a commit operation is issued after the successful execution of the procedure.

PROCEDURE update_and_display(p_factor_num IN NUMBER DEFAULT 1) IS BEGIN htp. . END basic. The HttpServlet class has several methods that can be overridden: init which is called when the Servlet is started.headOpen would generate <HEAD> and htp.catch exception and WHEN OTHERS THEN -. once identified to be a call to a Servlet application. htp.bodyOpen.br.and return an error page rollback. EOUG 2000 2/15 The PL/SQL Web toolkit is made of a set of packages which provide procedures and functions to generate most of the HTML tags. names and salaries. END LOOP.empno||']'||emp_rec. htp.typical HTML element htp.Eric Grancher. htp.title('Employees'). -. -. which writes the data to be returned to the browser into a stream. the service method is a “catchall” method that will be invoked for both GET and POST calls.htmlClose.title(‘Hello’) would generate <TITLE> Hello </TITLE>. htp. htp. CERN Web Publishing using PL/SQL and Java. How the Servlet cartridge works The main idea with the Servlet API is to extend the web server so that a request.ename.htmlOpen. is transformed into the execution of a Java class. destroy which is called to stop the Servlet (these two methods can be used to initialize and free objects which are time consuming to work with). the doGet and doPost functions handle the calls from the HTTP GET and POST. All of these procedures write into a PL/SQL table that is transferred to the client at the end of the call. EXCEPTION -. 2.loop on the cursor htp.multiply the salaries FOR emp_rec IN cur_emp LOOP -.htmlOpen.print('Err update_and_display.bodyClose.sal). htp.print('['||emp_rec.2.1 would raise the salaries by 10% and lists the employees with their salaries.default is to not change the salaries END basic. Here is a simple example that just returns a fixed reply to the requests. htp.ename||'=>'||emp_rec. htp.update_and_display?p_factor_num=1. PACKAGE BODY basic IS CURSOR cur_emp IS select empno. -. A call to http://host:port/basic. htp. For example htp.bodyClose. UPDATE emp SET sal=p_factor_num*sal.sal from emp. '||p_factor_num).headClose. PACKAGE basic IS PROCEDURE update_and_display(p_factor_num IN NUMBER DEFAULT 1).headOpen. END update_and_display. The following is a simple example of a package with a procedure that multiplies the salaries of the employees in the EMP table and then lists the employee identifiers.

Oracle provides a toolkit similar to the one used for years with PL/SQL: the idea is to have a set of classes that will generate HTML tags.org/).html classes also help performance. out_str.getOutputStream()).w3.*. out. These oracle. // directly write onto the stream out. import import import import javax. EOUG 2000 3/15 import javax. oracle. HtmlHead head = new HtmlHead("Title !"). We’ll see how different they are.*.html.2 compliant (as you can check for example using http://validator. HttpServletResponse response) throws ServletException. CERN Web Publishing using PL/SQL and Java.setContentType("text/html").*. public class BasicOracle extends HttpServlet { // implement the Servlet class public void doGet(HttpServletRequest request. as explained later. body).println("<head><title>Title</title></head>").println("Content-type: text/html"). // add items to the body page. // retrieve an output stream out_str.servlet.2 compliant).Eric Grancher. // page is the head plus the body body. in the way they handle transactions and sessions. // get a writer stream out. whereas our two previous examples are not fully compliant.3.io. // flush the ouput to the browser } } In addition to the Java2 Enterprise Edition platform facilities. IOException { ServletOutputStream out_str = response.http. HtmlPage page = new HtmlPage(head.servlet. javax. IOException { response.println("</body></html>").getOutputStream(). HttpServletResponse response) throws ServletException.println("<html>").addItem(new SimpleItem("Some body text")). out.servlet. import javax. } } // print the page // flush output to the browser 2.*. generate non-HTML data.*. Here is a simple example that uses the oracle.servlet. out.http. public class BasicServlet extends HttpServlet { // implement the Servlet class public void doGet(HttpServletRequest request.io. // set the content as web page PrintWriter out = new PrintWriter (response. import java.flush().*. how well they scale… .print(out_str). as they would need a DOCTYPE that is produced by default with the Oracle classes.println("<body>some text in the body"). The good point with this package is that one can hope that a simple upgrade and a recompilation would make your application compliant with the next version of HTML (current toolkit is HTML 3. // generation of an HTML tag HtmlBody body = new HtmlBody(). Similarities and differences These two techniques look very similar on first approach: they both produce data when being called from HTTP and are both handled as cartridges in the OAS.*. note that this page is HTML 3. java.flush(). // indicate the MIME type out_str.html classes and produces a page with a simple fixed content.println().

Non-text It also happens that one needs to send binary information across WAN such as images.createImage(400. but it is almost impossible with the PL/SQL cartridge as it is unpractical to handle binary data due to PL/SQL limitations. EOUG 2000 4/15 3. which currently needs access to a graphical display to work.ITALIC. CERN Web Publishing using PL/SQL and Java. videos. sounds. it is very easy.setFont(new Font("Serif". 50). a common interface to various directories like LDAP -Lightweight Directory Access Protocol. 3. to send a simple image with a few words as a GIF. but increasingly. // set MIME as GIF // binary stream // create an image // draw a string using AWT // encode the image // and send it to the stream One can also use all of the TCP based features of Java to do what was difficult to achieve with PL/SQL. one can extend the following piece of code. Beyond HTML documents Today different types of information can be moved across the Internet or the Intranet via the HTTP protocol which is everywhere. etc. it may be a problem for the Unix type servers. 60). With Servlets. a way to transform XML documents-). Non-HTML text HTTP is mainly used for HTML files. compressed files.3. Graphics g = image. it is also the common protocol to exchange other types of documents such as XML. g. it can be used in a very wide field where text is enough to describe the data such as simple charts based on resizing small images or Coma Separated Value files to be read with an Office suite. One can even use the futurist JINI (connection technology to let devices register on the network and talk with one another) techniques.2. a block of code between <% and %> tags. . Each page is automatically compiled as a Servlet by the JavaServer Page engine the first time it is requested and then executed as a Servlet until it changes.or NDS -Netware Directory Service-). Sending mails (using for example JavaMail). new GifEncoder(image. There are several reasons for this. Font. Frame frame = new Frame(). JavaServer Pages JavaServer Pages (sometimes called JSP which should not be confused with Java Stored Procedure. accessing HTTP URLs (for example to retrieve some XSL file -Extensible Stylesheet Language. FTP (File Transfer Protocol) can be made with Java. res. Thanks to the MIME idea.getOutputStream(). Another reason is that HTTP protocol. can handle complex features if necessary such as connection persistence. Image image = frame. The logic part of the page can be written as a call to a Java Bean or be in scriptlets. albeit very simple. JNDI services (-Java Naming and Directory Interface-. 3.drawString("Hello world!". It makes use of a GifEncoder. Note that these image manipulations are usually built with AWT (Abstract Window Toolkit). ServletOutputStream out = res. the first is for sure the interoperability: HTTP is seen as the protocol that can handle communication in LAN or WAN and all of the software components are increasingly supporting it. g. For example.1. a class from ACME Laboratories 3. as we just need to change the way we retrieve the writer to obtain a binary-capable one and then to use the large number of available libraries to produce the binary data to be transmitted. This has been possible as of Oracle Web Application Server version 3 thanks to the cartridge extensibility framework. out).Eric Grancher. another currently very active topic) is a way to combine markup language (HTML or XML) with pieces of Java code to produce web pages. 3. 48)). It can support textual or binary data.setContentType("image/gif").getGraphics(). 10.encode(). Follows a simple example that just includes the date via a scriptlet.

admin = [AppProt] /shop/owa/ = Administrators = admin 1d0258c2440a8d19e716292b231e3190 Basic(Admin Server) . an important feature is missing in the Oracle Application Server releases that we have available for production (up to 4. there the authorization broker handles the security on a URL pattern-matching basis. Security The security features are some of the most important requirements for web applications as soon as confidential data are made available on the web. .8.0.Admin Server = Group.1): the ability to restrict an application (in the OAS sense) to a specific port. Groups (made of Users) and Realms (made of Groups).2.0. if you define that /shop/plsql/private* has to be protected from a set of users.Date() %> <! Java scriptlet > </B></P> </BODY> </HTML> In essence. EOUG 2000 5/15 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4. the incoming requests will be compared to the pattern and the user prompted for a login / password if necessary.8. . in the end. static users section realm definition group definition user definition protection section . CERN Web Publishing using PL/SQL and Java.2. they were defined as Users. users had to be defined in the Web Request Broker configuration file. JSP is a very handy way to avoid long and errorprone Java programming and to concentrate on the logic (that we advise to implement as Java Beans) and on the presentation. letting the JavaServer Page engine glue both of them with automatic generation of Java code. 4. As this encryption mechanism is done at the listener level. For example. the various listeners that can be plugged in OAS (namely Spyglass.0 Transitional//EN"> <! to be HTML 4. To me. It would be very handy and secure to be able to define a SSL encrypted listener and to indicate that requests to a sensitive application have to go through the SSL port -currently requests may come to the applications via any of the listener’s ports-.1. it is completely independent from the cartridges that will then process the requests and thus is the same for both PL/SQL and the Servlet cartridges. is no more than a Java Servlet and thus one cannot do more or better than with direct Servlet programming.Administrators User. 4. .0 compliant > <HTML> <HEAD> <TITLE> A simple JSP </TITLE> </HEAD> <BODY> <H3> Welcome! </H3> <! standard tags > <P><B> Today is <%= new java. one can see that JSP code.0. OAS access control model The basic access control model is common to all cartridges: the requests are passed from the listener to the dispatcher. but also Apache and IIS) support Secure Socket Layer.util. Confidentiality In the OAS. the default one.1.Eric Grancher. I will describe the functionalities offered by OAS and the PL/SQL cartridge.9. We have read that such an enhancement has been made in 4. all of the requests come from the listener.1. In this chapter. Access control is also a necessity as soon as data modification is allowed through the web. 4. Source of users Up to version 4. [Basic] Realm. 4. .

We will then compare them with the new facilities provided with the Servlet technology: session tracking. optimistic locking and transaction handling. we need to tackle these different issues.0.1.c=US) | (group=ou=marketing. Order of security hints The order in which security hints are defined is important: later defined security hints take precedence of previously defined ones. such Access Control Lists may be used and allow much more flexibility than the previously described fixed set of users. Introduction The web as handled by the HTTP protocol is basically stateless.3.2. release protection for public* 4.2.1. Transaction handling 5. the LDAP server can be an Oracle Internet Directory.2.3. EOUG 2000 6/15 With 4. one can use a LDAP (Lightweight Directory Access Protocol) server. c=US) 4. To workaround this problem.1.o=myCompany. PL/SQL specificities 4. 5. Pitfall The common security pitfall that I have seen in projects using the PL/SQL cartridge is due to the fact that PL/SQL procedure names are case insensitive and thus a protection on /shop/plsql/private_delete would not prevent a user from accessing /shop/plsql/PriVate_DeLeTe. 4. In the following example.3. But how is it possible to do the same on the web? We are now all used to the shopping basket that we can see in the electronic commerce applications. .8. it first asks for an oracle account’s login and password. a restriction to all IP addresses) the public parts of the application. We will look at a few of the facilities offered by the PL/SQL cartridge: cookies. We have used these concepts with Graphical User Interface tools for years (Oracle Forms automatically puts a lock on a record when you start to edit it). for example. The following example would define a Realm for users who are in the finance or marketing groups in myCompany in the US. (group=ou=finance. 1999)4. The Oracle server based authorization is based on the Oracle logins: instead of connecting with a pair (login/password) to the Oracle server and then executing the requested procedure.1. session and application contexts and how to handle transactions in this environment. Special schemes For historical reasons and linked to the way it works (it directly connects to the database). but may also be another corporate LDAP server. /shop/plsql/* = Basic(Shop_Admin) /shop/plsql/public_* = IP(all_ip) . I suggest to protect applications at the root level and then unprotect (indicating. as the source of the users to define a Realm.o=myCompany. later defined protection hint relaxes this restriction for public* matching calls.Eric Grancher. This has been one of the biggest problems to solve when creating a web application (or porting to the web an older application) for which the concepts of locking. even if access is written to be restricted to a Realm with the Shop Administrators. protect everything . the PL/SQL cartridge offers two security features in addition to the OAS standard ones: the custom and the Oracle server based. transaction and session context are important. In order to build such applications. As described in OAS Security Guide (Oracle Corp. a request for a web page does not make reference to the previous one and a connection to the web server is created for each request (the connection can be kept with HTTP 1. but it does not change the underlying stateless mechanism). This also avoids having to reload the configuration file at each change. The custom authorization scheme is based on a user-defined function to authorize or not access to a specific URL. CERN Web Publishing using PL/SQL and Java.

if necessary be placed in a hidden field and thus again transmitted.Eric Grancher. Sessions are implemented using cookies when the navigator supports them. the main idea is to transmit to the browser information that can later be queried by the application. 5. This session can then be used to attach information. we just attach an integer to the session.e. the value being specific to the client (the client is the navigator running on a specific machine for a user). the final action would need to analyze the values passed and concatenate the list of items.ItemCount).1. This mechanism.2. retrieve and increment it at each connection. no information is kept on the server side for the application between the different requests). transmission of object are difficult problems to solve in the CGI and PL/SQL environments. The PL/SQL cartridge can handle cookies in an easy way thanks to the OWA_COOKIE package. this is in clear contradiction with the web idea where users are not captive to one application like in the GUI model. the purpose is to be able to track a user across his or her different operations on the site and to maintain a context for the different operations. 5. is very limited and prone to errors. Servlet only features The Servlet API introduces new features to simplify the development of web application as most of the code previously needed to implement much of the functionality has been transferred to the Servlet implementation itself.3.2. Session management We are talking in this paragraph of web sessions and not Oracle sessions.2. We will have a look at how these facilities are supported in the Java Servlet API.getSession(true).2. CERN Web Publishing using PL/SQL and Java. albeit available with all CGI techniques. HttpSession session = request. The storage and handling of information has to be handled in a programmatic way. it is impossible to follow the user apart from sending him the necessary information and to retrieve it later on.putValue("itemcount".). 5. Session tracking Session tracking is difficult to handle: creation.} session. The Servlet API comes with a facility to retrieve (or create for the first access) a session that will then be tracked across the connections. Another drawback of such a method is that it is non-persistent: if a user visits another site and goes back to the shopping site previously mentioned. it is possible to keep track on the server side of the sessions and variables associated with them. EOUG 2000 7/15 5. It shows that this method can only be used to transmit information between simple actions. As the PL/SQL cartridge is strictly stateless (i. Hidden fields The simplest but very limited way to transmit information across requests is to hide fields in the HTML form and then use the fact that the values placed in this field will be transmitted to the next call (they can. // get session reference Integer ItemCount = (Integer) session.intValue()+1). for example. etc. expiration. // put value in session’s context . As the Servlet system is based on Java classes that keep running across the requests. if one wants to build a list of items to buy. We will have a quick look at these methods: cookies and hidden fields. In the following example.3. Cookies A more sophisticated method that solves the previously mentioned problem is based on a technique called cookies.getValue("itemcount").} else {ItemCount = new Integer(ItemCount. 5. the shopping basket list will be lost.1. It is the basis of almost every Internet application that we currently use.2.2. // retrieve the value from session’s context if (ItemCount == null) {ItemCount=new Integer(0).

5. It works with the already mentioned hidden fields technique and a checksum. all or nothing.3.3. which is not an easy task). one still needs to remember that these data may be modified by several threads so synchronization has to be implemented.3. These transactions are maintained in a declarative way: one needs to define in the configuration that the transaction will begin. 2000)5.2. and keeps track of operations that are within the scope of the transaction. By referring to the Servlet context. but also modify it).3. EOUG 2000 8/15 5. This kind of mechanism is available with other techniques like mod_perl but while it is very errorprone with mod_perl. Two common problems have to be faced when changing the data: the first one is locking. it is possible to enable “real” transactions. one has to check that no code has been written with auto commit in mind and that neither commit nor rollback is done explicitly in the code. One also has to take into account that GUI clients are more or less captive and have to cleanly exit the application at some stage whereas web clients have the possibility to go and look at another site and may never come back. Transaction and Locking All of the interactive web applications are going to manipulate and not only query information. PL/SQL owa_opt_lock The owa_opt_lock package can help the programmer by checking that no other user has updated the record he was also modifying. PL/SQL real transaction For the PL/SQL cartridge. This is especially true for the database applications. } else { ItemCount. one can retrieve attributes and then work with these references (retrieve information. rollbacks. Application context Application context is a feature that allows applications to share data across all of the clients connected to the application. in which case the automatic commit (in case of success) or rollback (for any failure) is not issued at the end of the call to the procedure.2. // operate on the reference } 5. 5. Oracle Application Server contains a Transaction Service and one can configure a PL/SQL cartridge to use it. One can even use this to do real locking on the web. CERN Web Publishing using PL/SQL and Java. see mod_perl Coding Guidelines (Stas Bekman.Eric Grancher.setAttribute("itemcount". it is a very simple way of providing basic check to prevent two persons from modifying the same data. the stateless web interface causes us to loose the gain of the database management system features as the connection is not kept from the client (browser) to the database. Although it is not hundred percent sure (a checksum is just a hash function and thus may be the same for different values). This is impossible to implement with normal CGI or PL/SQL applications without using an external storage mechanism (like a database or a file.increment(). // get reference from the session if (ItemCount==null) { getServletContext(). one needs to avoid other people changing the same data at the same time. . commits.2. Before using this technology. but the application then needs to manage and clean up these temporary data. just issuing some SELECT … FOR UPDATE NOWAIT.new T(0)). commit and rollback with a set of predefined URLs and also to indicate (with the help of wildcards) the scope of the transaction. trapping the exceptions which will indicate that another client has already locked the entry. T ItemCount = (T) getServletContext(). a transaction being a collection of operations that exist as a unit. Although these two features are implemented in the Oracle RDBMS.getAttribute("itemcount"). the second one is transactions so that several changes can be done in an atomic way. the context mechanism is very safe in the Java API.1. The transaction service begins. the transaction is kept by the application server.

URLs have to be sent in a form like http://host:port/servlet/MyServlet?module=mymodule&. Business Applications with Servlets (Oz Lubling and Leonardo Malave. EOUG 2000 9/15 This technology resolves big problems that would have had to be solved programmatically otherwise. but this would slow down the processing of the requests and reduce the benefits of dependencies. This mechanism can be used to alias and cache the complexity of the design into simple names of modules. But the impossibility to join a transaction (for example in the case where the “begin transaction” has not been called and thus the transaction is not initiated) has to be programmatically managed and there is no documentation on how to do it with the current API. one needs to connect to the resource manager.1. and then to connect to the database using a special JDBC driver. request and response). Packages In large applications with tens or hundreds of different actions. CERN Web Publishing using PL/SQL and Java. and calls to PL/SQL stored objects.Eric Grancher. Reliable. These techniques can be implemented in different ways depending on the choices made for the language and the architecture. one has no choice but to call them in the URL. To call these packages with the PL/SQL cartridge. packaging and coding convention. One of these extended functionalities is the compliance with the Java Transaction Service. Oracle JDBC drivers provide extended facilities like LOB access. batch loads.. they are simply the classes themselves. JDBC/JTS Java DataBase Connectivity is the way to access databases from Servlets. Manageability When it comes to developing and maintaining large applications. they are defined as packages. The concept is to have a main entry point that will then dynamically instantiate the requested module and pass to it the different arguments (authentication. the idea suggested in Developing Scalable. API based interfaces. to do some operations on the connection (being direct JDBC calls or calls to PL/SQL stored units) and finally to commit on the resource manager. it is very important to define a hierarchy of sub-programs which can be developed by different persons or teams.3. 6. .3. 1999)6 is to call a main Servlet and pass an argument to it that will help to redirect the call to another class. in PL/SQL. one can have both public and private methods in Java and with PL/SQL. 6. With the JTS API. Here is a skeleton of the technique. all of the modules have to inherit from the same class (called mModule in the example) which has a method to receive the arguments and another to process and create the output. the amount of effort dedicated to plan and document how the application will grow is essential. It uses the same transaction service as the PL/SQL cartridge but in a programmatic way. With the Servlet system. The main Servlet has to implement the doGet and doPost methods. Both PL/SQL and Java provide ways to define packages: in Java... 5. A fully dynamic alias mechanism could be implemented using the “dynamic SQL” facilities (DBMS_SQL in Oracle7 and execute immediate in Oracle8i). Some techniques can be used to help the teams in this work: N-accounts architecture. values given by the user in a form. The advantage over the PL/SQL access to the transaction service is that it is a programmatic approach and thus allows easy catching of problems linked with the resource manager transaction.

Eric Grancher. I would also recommend to add another layer to only present the interface callable from the web. error codes) and even how the code is written (indentation. // and run the request 6.4. another the views which will be used on top of these tables (accessing the tables always using the same SQL statements would help to keep a clean statement cache and thus speed up the application). 6. response. N-accounts architecture Within the database. mm = (mModule) c. but also helps to split the parts that can be separated and eases the maintenance. With the PL/SQL cartridge. EOUG 2000 10/15 mModule mm = null. Sun is providing some coding conventions as described in Code Conventions for the JavaTM Programming Language (Sun Microsystems. like Javadoc). In Developer’s Guide: PL/SQL and ODBC Applications (Oracle Corp. Coding convention may include how to structure different actions made by the program. // pass request parameters to the appropriate module mm.get(module) ). Even in a simple schema like the PL/SQL one. Coding conventions Coding convention is the key point to help maintenance of the code. As an example. 1999)9. one schema may contain the tables. // instantiate an object of the requested module } catch (IllegalArgumentException iaex) { printError(res.setParams(request.process().3. 1999) 8. For the PL/SQL cartridge. log_file). 1999)7. database_connection. a third schema would contain the business logic. For PL/SQL. In a system to manage the results of the Aleph experiment." + (String)appModules. } mm.newInstance(). which –after access control– automatically connects to the database (in the simplest case). during the development process or in the evolution of the code several years later. N-tier architecture The well-known N-tier architecture may also help to create a more maintainable application. see . how errors are handled (exception mechanism. return. choice of the variable names…). the way comments are placed (with some automatic extraction of comments. the conventions for parameter names in the PL/SQL toolkit are briefly described. several schemas can be used to help developers define APIs: a schema can be used for each abstraction. a fourth one the presentation layer. one can split the presentation and documentation levels by using different techniques like having as static pages all of the information that is not related to the database or having the PL/SQL cartridge to produce XML code and then use XSL to generate HTML from the XML (note that it requires an XML aware browser like Internet Explorer 5 to use such a facility). CERN Web Publishing using PL/SQL and Java. For Java. indeed clear and well-observed coding conventions will ease the understanding of the program for a newcomer to the code. 6. I am not aware of a well-defined coding convention that is authoritative in the PL/SQL developer community.2.forName( "mypackage. Using the best appropriate programming languages and tiers does not only improve performance. try { // declare an object to host Class c = Class. "Module not found"). we have very little control over the way calls are made: the browser usually directly calls the application server. Trezzo. One can also find very useful tips to define a coding convention in Oracle PL/SQL Tips and Techniques (Joseph C. user_id. how arguments are passed.

As Servlets generate any text just like PL/SQL cartridge does. migration assistants. the methods mentioned before can be used. debugger.6. This tool allows rapid development of database oriented business logic modules which can then be deployed as Enterprise Java Beans or CORBA distributed objects. but it is even more useful in the maintenance phase to find out why a program stops working. for example. impact analysis study. high end Integrated Development . It means.5. Building Java applications for the Oracle Internet platform with Oracle JDeveloper (Oracle Corporation. EOUG 2000 11/15 http://alephwww. dropped –in Oracle8i– on a table. all objects should be in valid state). the objects that depend on it will be automatically marked as invalid and will then need a recompilation to be again stated as valid. Enterprise Java Beans (a technique based on Remote Method Invocation part of the Java2 Enterprise Edition platform) can be used to implement the business logic while having the presentation layer based on Servlets. a function or a package header). This is a very interesting functionality of PL/SQL. It helped us a lot for various projects to find out that an object (typically a table) had been changed and that the code had to be adapted. in an ideal world. 1999)10 is a good introduction to this technique. The web is a place where you would rather have your application either completely broken or fully functional. automatic generation wizards. the mechanism of dependencies (check USER_DEPENDENCIES) keeps tracks of how the different objects depend on others. but we have seen sub-optimal behaviour of this package and thus have developed a script that does this job. It means that mainly if the dependencies are satisfied. 6.Eric Grancher. for example. If the structure of an object is changed (column added. especially when making programs available to a large community which has no idea about the internals of the application.cern. browsing tools.html. PL/SQL dependencies help developers to have an idea of the impact of the changes they make on tables or stored objects. one has to carefully execute a script that will recompile all of the objects in the RDBMS (or at least the ones called by the PL/SQL cartridge). This functionality will. A point to mention about the PL/SQL dependencies and the PL/SQL cartridge is that most of the Oracle tools try to re-compile an object when it is invalid whereas the PL/SQL cartridge will only fail to execute an invalid procedure or package. This is very useful for the developers during the development phase to check if the dependency diagrams are observed. PL/SQL has been used for years as the procedural language as it has been available since version 6 of the RDBMS and is well integrated with the other schema objects. and associated case tools… PL/SQL has always been a language with very few tools to help developing and debugging. PL/SQL dependencies In the Oracle world. Tools are now coming with several debuggers. Indeed.ch/scanbook/scanbook. CERN Web Publishing using PL/SQL and Java. help to have the application fully functional or not functional at all (but unresolved dependencies are easily visible. Oracle provides such facilities in the DBMS_UTILITY package. But Java also enables more complex architectures.0. source changed for a procedure. version management. Several types of tools can be seen as important for a technology: syntax highlighting. that when upgrading or applying an RDBMS patch. all of the requested objects will be found during the processing. Tools Availability of tools has an impact on the choice of one or another technology and is essential to the success of a project. 6. Oracle is providing Business Component for Java (BC4J) to simplify building reusable server-side modules with JDeveloper 3. the PL/SQL cartridge has been used to produce nonHTML results that are transmitted to a Java application (or an applet) which handles the user interface. view changed. modified.

see Java or PL/SQL? (Guildo Schmutz. Oracle has published the non-supported WebAlchemy tool that helps to migrate static web pages to PL/SQL stored units. it includes a local Servlet server that can be used in the debugging environment. Niemic. often smaller.1. missing indexes or programmatic operations that can be done from SQL and thus avoid data transfers. . projects look at tuning when userwaiting times become unacceptable. For the Servlet cartridge.1 release notes. the Oracle classes (oracle. namely bad database design and poorly written SQL. dynamic SQL. lots of tools are available and many of them include support for Servlets. 7. Unfortunately the Oracle tool to help debugging PL/SQL cartridge application. 7. I have experienced that a very good way of handling database processing in Java is to do it in PL/SQL inside the database and then return the data to Java that will take care of the presentation part. one has to cope with the performance problem. Development of non-windows based tools is on going. 2000)12 for a study on server-side Java transfer versus PL/SQL. 1999)11. some of them being in the Open Source movement. CERN Web Publishing using PL/SQL and Java. Database design and SQL Servlet and PL/SQL cartridge performance problems often come from the lower layer. is no longer accessible. connection pool and threading model With Servlets. Performance Sooner or later. The difference is that threads in single threaded model Servlets will be one to one mapped with instances of the Servlet. I would still think that PL/SQL is more mature and efficient for heavy database access. 8. at the same time. stateless beans will improve performance as they will be easily pooled and reused. Oracle is providing JDeveloper that has some database-oriented features. Other. Initialization.8. programmers should maximize the use of prepared statements to avoid polluting the statement cache.com/. Although feasible.Eric Grancher. A one hundred percent Java based solution could be made from Java stored procedures to handle the data processing and a Servlet for the presentation. it may also help to follow HTML version specifications. Now is the time to summarize the advantages of both technologies and to show how to mix them to interact in the best way with your Oracle data from the web. see http://www. this might introduce a bias. whereas. Most of the problems I had to work on were related to database links.html) may help to avoid managing StringBuffer for performance reasons that are explained in StringBuffer versus String (Reggie Hutcherson. 2000)13 and in the OAS 4. The choice of threading model is an option offered by the Servlet implementation on Oracle Application Server: one can choose to implement or not the SingleThreadModel interface. EOUG 2000 12/15 Environments.0. If an application is using Enterprise Java Beans. A special point has to be checked with Java: as there is no question of static versus dynamic SQL with JDBC database access.olab. if not implementing the single threaded model. For Java. All of this logic is implemented in the application server for the PL/SQL cartridge. one instance will be created for each cartridge server process and several threads assigned to the same instance of the Servlet. 7. PL/SQL versus Servlet As there is a great chance that you are more familiar with PL/SQL than with Java and Servlets. see Oracle Performance Tuning (Richard J. one can declare class member objects and initialize them in the init procedure including opening database connections and taking care of a pool of database connections.2. Some projects target performance in the early phases and make choices accordingly.

1. I think. but for interactive applications like web ones. Here are. PL/SQL is much better integrated with the Oracle database than Java binding (JDBC): just figure out the number of lines to open a cursor and loop around it with both technologies.1. . Oracle being one of the most fervent supporters. connecting to a corporate LDAP server. if you were not before.2. For example. even taking into account that extended functionalities are only available with the programmatic Java/JTS binding. even if the connection has been opened in the init procedure. whereas the programmer has to take care of database connection in the Java Servlet model. one always needs to check (trapping SQLException) that the connection is still valid and working. it is usually better to have the whole application broken rather than having it behave in some unpredictable way. that Java and Servlets are highly extendable and powerful techniques. the pluses from PL/SQL over Java and from PL/SQL cartridge over Servlet. For example in handling transactions. Servlet pros Java2 Enterprise Edition is a major release of the Java API.2. a very valuable asset for PL/SQL.1. sending email. Simpler Servlet programming is much more complex than with the PL/SQL cartridge. as all of the underlying web logic is handled by the application server whereas much more has to be done programmatically with the Servlet. Session and context variables Another asset of Servlet technology is. Of course. including exception handling. 8. the simplicity with which one can manage session and context variables where it is complex and even impossible in some cases with the PL/SQL cartridge. 8. part of a Java based application may continue to work when another part is broken. to find out why.2. spawning tasks across the network… there is almost no limit to such a list: Java opens areas that were not reachable from conventional database programming applications (or only in tricky ways). 8. 8. Tracking web sessions with such facility is a major evolution in web programming.1. reopening it if necessary. Easily maintainable PL/SQL dependencies are.1. PL/SQL code is more compact than its Java equivalent. Database connection is the basis for the PL/SQL cartridge as code gets executed in the database. 8.2. Here are in short the gains of this new release that the whole computing industry embraces today. if a change breaks an application. EOUG 2000 13/15 8. in short. More extendable After reading this article I hope that you are convinced. a compressed file.Eric Grancher. in particular. to me. and it includes technologies specially created for Servlet applications. views or other PL/SQL programs).2. We have seen that it allows things that cannot be done with the PL/SQL cartridge such as returning a dynamically created image. CERN Web Publishing using PL/SQL and Java. They also facilitate finding if a program might stop working with a change and. PL/SQL pros PL/SQL has been the procedural language for Oracle databases for years and is specifically targeted at interacting in a fast and reliable way. They assist development as the compilation checks for the availability and the format of the other stored objects (tables. it is much simpler to realize a transactional PL/SQL cartridge based application than the Servlet equivalent.

One can easily use the advanced features of Servlet. Conclusion: the best of both worlds Some of the PL/SQL pros should also profit Servlets with a later release of Oracle8i as it will integrate a Servlet server. One needs to be very careful as the internal complexity and difficulty of tuning increase when mixing several methods. In this transition phase. breaking the idea of N-tier architecture? Will you open direct access to your database host through the firewall? Communication between Java and PL/SQL in both directions is possible. The other solution being to keep web access through the PL/SQL cartridge and publish Java Stored Procedure in SQL so that they can be used to extend PL/SQL. It can be used to build and choose the most appropriate building blocks for new projects. CERN Web Publishing using PL/SQL and Java. This would add some of the advantages of the PL/SQL cartridge (like an easy management of stored modules and an already authenticated connection) to the facilities and the extensibility of the Java/Servlet solution.Eric Grancher. . Will it be fast and scalable enough to run direct user interaction and Servlet on the database side. EOUG 2000 14/15 9. It also means that developers have to be familiar with both technologies. handle application context or return various types of data. and access the data via an API in PL/SQL: it provides the dependencies system and the advanced functionalities of Servlets to track sessions. Some questions remain on the architectural point. Java and PL/SQL may coexist and complement each other for the development of new web projects. Servlets and JavaServer Pages open new fields for web applications related to databases and it is still evolving quickly.

http://www. http://java. an Oracle white paper. ACME Laboratories http://www.java. O’Reilly and Associates.html Code Conventions for the JavaTM Programming Language by Sun Microsystems.1 Oracle PL/SQL Programming by Steven Feuerstein. Reliable.1 Security Guide by Oracle Corporation.1 Developer’s Guide: PL/SQL and ODBC Applications by Oracle Corporation. ISBN 1-861002-77-7 GifEncoder.com/java/software/ Oracle Application Server 4.0. by Guido Schmutz Trivadis SA. 1999.html?issue=10 Developing Scalable. 2000.com/docs/codeconv/index. by Richard J. 1999. Wrox Press.javaworld. ISBN: 0-07-882434-6 Java or PL/SQL? (French and German). Niemic. Trezzo. by Reggie Hutcherson. ISBN 0-07882-438-9 Building java applications for the Oracle internet platform with Oracle JDeveloper.8. 1999.0.com/developer/technicalArticles/Servlets/Razor/index.8.htm Oracle Performance Tuning. http://developer.perlmonth. 1995. 2000.com/columns/perl_apache/perl_apache.sun. Oracle Press. Osborne McGraw-Hill.trivadis.html 2 3 4 5 6 7 8 9 10 11 12 13 . 1999 mod_perl Coding Guidelines by Stas Bekman. 1999 Oracle PL/SQL Tips and Techniques by Joseph C. http://www.com/products/jdev/htdocs/jds_oip. 1999.acme.ch/ StringBuffer versus String.com/javaworld/jw-03-2000/jw-0324-javaperf. ISBN 1-56592-142-9 Professional Java Server Programming by Danny Ayers and al. 1999. 2000.sun.html Oracle Application Server 4. http://technet. http://www.oracle. Business Applications with Servlets by Oz Lubling and Leonardo Malave.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->