You are on page 1of 599

Oracle Application Server 10g

:
Administration I

Electronic Presentation

D16508GC11
Production 1.1
April 2004
D39274
®
Author Copyright © 2004, Oracle. All rights reserved.

Sergiy Pecherskyy This documentation contains proprietary information of Oracle Corporation. It is
Shaibal Saha provided under a license agreement containing restrictions on use and disclosure and
Shankar Raman is also protected by copyright law. Reverse engineering of the software is prohibited.
If this documentation is delivered to a U.S. Government Agency of the Department of
Defense, then it is delivered with Restricted Rights and the following legend is
applicable:

Technical Contributors Restricted Rights Legend
and Reviewers Use, duplication or disclosure by the Government is subject to restrictions for
commercial computer software and shall be deemed to be Restricted Rights software
Alexander Hunold under Federal law, as set forth in subparagraph (c)(1)(ii) of DFARS 252.227-7013,
Ashesh Parekh Rights in Technical Data and Computer Software (October 1988).
Christine Chan
Christine Jeal This material or any portion of it may not be copied in any form or by any means
without the express prior written permission of Oracle Corporation. Any other copying
Greg Gagnon is a violation of copyright law and may result in civil and/or criminal penalties.
Heike Hundt
Holger Dindler-Rasmussen If this documentation is delivered to a U.S. Government Agency not within the
Jim Garm Department of Defense, then it is delivered with “Restricted Rights,” as defined in
FAR 52.227-14, Rights in Data-General, including Alternate III (June 1987).
John Watson
Maria Palazzolo The information in this document is subject to change without notice. If you find any
Mark Pare problems in the documentation, please report them in writing to Education Products,
Martijn.van.der.bruggen Oracle Corporation, 500 Oracle Parkway, Box SB-6, Redwood Shores, CA 94065.
Oracle Corporation does not warrant that this document is error-free.
Martin Alvarez
Matt Bowen All references to Oracle and Oracle products are trademarks or registered trademarks
Nicole Haba of Oracle Corporation.
Pavana Jain All other products or company names are used for identification purposes only, and
Paul Burgess may be trademarks of their respective owners.
Peter Kilpatrick
Reinhold Muenzner
Russ Lowenthal
Taj-Ul Islam
Vishal Parashar
William (Cas) Prewitt
Yi Lu

Publisher
Nita K Brozowski
Introduction

Copyright © 2004, Oracle. All rights reserved.
Course Objectives

After completing this course, you should be able to do
the following:
• Describe the role of a Web administrator
• Describe the architecture and components of
Oracle Application Server (OracleAS)
• Install OracleAS Infrastructure and OracleAS
Middle Tier
• Configure and manage OracleAS Middle Tier
components

1-2 Copyright © 2004, Oracle. All rights reserved.
Course Objectives

• Configure and manage OracleAS Infrastructure
components such as:
– Oracle Internet Directory
– OracleAS Single Sign-On server
• Manage and configure OracleAS Certificate
Authority
• Deploy and manage Web applications
• Describe backup and recovery solutions for
OracleAS Infrastructure and OracleAS Middle Tier

1-3 Copyright © 2004, Oracle. All rights reserved.
Course Units

This course has been divided into the following units:
1. Product Overview
2. Installation
3. Basic Management and Configuration Admin I
4. Application Deployment
5. Managing Access Control
6. Distributed Topologies
Admin II
7. Performance and Availability
8. Advanced Deployment

1-4 Copyright © 2004, Oracle. All rights reserved.
Unit 1: Product Overview

This unit covers the following lessons:
• Oracle Application Server: Key Components and
Features
• Analyzing the Oracle Application Server
Architecture

1-5 Copyright © 2004, Oracle. All rights reserved.
Unit 2: Installation

This unit covers the following lessons:
• Installing OracleAS Infrastructure
• Installing the OracleAS Middle Tier

1-6 Copyright © 2004, Oracle. All rights reserved.
Unit 3: Basic Management and
Configuration

This unit covers the following lessons:
• Using OracleAS Management Tools
• Managing Oracle Internet Directory
• Managing and Configuring Oracle HTTP Server
• Managing and Configuring OracleAS Web Cache
• Managing and Configuring OC4J
• Managing the OracleAS Portal Instance
• Configuring OracleAS Portal

1-7 Copyright © 2004, Oracle. All rights reserved.
Unit 4: Application Deployment

This unit covers the following lessons:
• Deploying PL/SQL Applications
• Deploying J2EE Applications

1-9 Copyright © 2004, Oracle. All rights reserved.
Unit 5: Managing Access Control

This unit covers the following lessons:
• Configuring Oracle Application Server
components in Oracle Internet Directory
• Managing Access to Oracle Application Server
Using Delegated Administration Service
• Administering the OracleAS Single Sign-On server
• Managing and Configuring OracleAS Certificate
Authority
• Enhancing Oracle Application Server Components
to Use SSL

1-10 Copyright © 2004, Oracle. All rights reserved.
Unit 6: Distributed Topologies

This unit covers the following lessons:
• Managing Customized OracleAS Topologies
• Distributing OracleAS Infrastructure Components

1-11 Copyright © 2004, Oracle. All rights reserved.
Unit 7: Performance and Availability

This unit covers the following lessons:
• Introducing High Availability Concepts
• Managing and Configuring OracleAS Web Cache
Clusters
• Managing and Configuring OC4J Clusters
• Managing and Configuring OracleAS Clusters
• Ensuring Performance of the OracleAS Middle-Tier
• Backing Up and Restoring OracleAS

1-12 Copyright © 2004, Oracle. All rights reserved.
Unit 8: Advanced Deployment

This unit covers the following lessons:
• Reconfiguring OracleAS Middle-Tier Instance
• Administering OracleAS Business Intelligence
Components
• Deploying XML, Web Services, and Forms
Applications

1-13 Copyright © 2004, Oracle. All rights reserved.
Summary

In this introductory lesson, you should have learned
about the course units and lessons.

1-14 Copyright © 2004, Oracle. All rights reserved.
Oracle Application Server:
Key Components and Features

Copyright © 2004, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Describe the solution areas addressed by Oracle
Application Server (OracleAS)
• Describe some key terminologies used in the
context of Oracle Application Server
• Describe the key components of Oracle
Application Server

2-2 Copyright © 2004, Oracle. All rights reserved.
Oracle Application Server: Overview

Management &
security
HTTP Server,
J2EE, &
Web services

Portal

Wireless

Caching
Business
intelligence
Integration

2-3 Copyright © 2004, Oracle. All rights reserved.
OracleAS Middle-Tier Components and
Solutions
J2EE and Web Services Portal
Oracle HTTP Server OracleAS Portal
OracleAS Containers for J2EE OracleAS Portal Developer Kit
OracleAS TopLink
Oracle Business Components for Java Wireless
OracleAS Web Services
Oracle XML Developer Kit OracleAS Wireless
Oracle PL/SQL
OracleAS MapViewer Caching

Business Intelligence OracleAS Web Cache

OracleAS Reports Services
Integration
OracleAS Forms Services
OracleAS Discoverer OracleAS InterConnect
OracleAS Personalization OracleAS ProcessConnect

2-5 Copyright © 2004, Oracle. All rights reserved.
Oracle Application Server Terminology

OracleAS The set of executables and configuration files that are created
Installation at the time of OracleAS installation
OracleAS An operational OracleAS installation that runs some of the
Instance OracleAS components such as OHS, OC4J, etc.
OracleAS A combination of Metadata Repository, directory server, and
Infrastructure Single Sign-On server
Metadata A preseeded Oracle database that contains metadata required
Repository by Oracle Application Server instances
Directory Defines a hierarchical view of an organization’s employees,
Server units, and other resources
OracleAS Farm A collection of OracleAS instances sharing the same
configuration repository. The repository can be OracleAS
Metadata Repository or a file-based repository.
OracleAS A collection of OracleAS Instances in the same Farm, with
Cluster identical application deployments and functioning as a single
unit.

2-6 Copyright © 2004, Oracle. All rights reserved.
Oracle HTTP Server

Information
source

2-7 Copyright © 2004, Oracle. All rights reserved.
OracleAS Containers for J2EE

HTTP server
OC4J
mod_oc4j

J2EE virtual machine
Web container EJB container

JSP Servlet EJB

Java
JMS JAAS JTA JAXP JDBC
Mail

JNDI JAF Connectors Database

2-8 Copyright © 2004, Oracle. All rights reserved.
OracleAS Web Services

2-9 Copyright © 2004, Oracle. All rights reserved.
OracleAS Enterprise Portal

2-10 Copyright © 2004, Oracle. All rights reserved.
Wireless-Enabled Applications

Using OracleAS Wireless, you can:
• Develop or extend applications to be location-
based, personalized, or voice-enabled and deploy
to all devices
• Provide personalization from PCs or wireless
devices
• Use advanced messaging techniques such as
voice messaging, Short Message Service (SMS),
or e-mail

2-11 Copyright © 2004, Oracle. All rights reserved.
OracleAS Reports Services

With OracleAS Reports Services, you can:
• Build and publish reports from most sources, with
unlimited data formatting
• Access reports from any browser
• Generate a report on demand, or on a schedule
• Generate reports in HTML, PDF, or XML

2-12 Copyright © 2004, Oracle. All rights reserved.
OracleAS Discoverer

• Using OracleAS Discoverer, you can enable your
users to get immediate access to information from
data marts, data warehouses, and online
transaction processing (OLTP) systems.
• OracleAS Discoverer is available in two types of
clients:
– Discoverer Plus
– Discoverer Viewer

2-13 Copyright © 2004, Oracle. All rights reserved.
OracleAS Web Cache

OracleAS Web Cache functions as a front end for the
application servers.
Application
Server

Web Cache

Client

2-14 Copyright © 2004, Oracle. All rights reserved.
Enhancing Performance with Caching

• OracleAS Web Cache enables you to:
– Accelerate the delivery of static and dynamic
content
– Reduce your hardware and administration costs
• You can cluster multiple Web cache instances to
provide
– Ease of configuration and management
– Avoid a single point of failure

2-15 Copyright © 2004, Oracle. All rights reserved.
Oracle Application Server Management

Oracle Application Server provides the following
management tools ready to use:
• Enterprise Manager - Application Server Control
– The preferred browser-based interface, which can
be used from a remote location
• Distributed Configuration Management (DCM)
– Manages the configuration and maintains the
configuration repository
– dcmctl is the command-line interface.
• Oracle Process Management and Notification
Server (OPMN)
– Monitors Oracle Application Server processes, and
restarts them when needed
– opmnctl is the command-line interface.

2-16 Copyright © 2004, Oracle. All rights reserved.
OracleAS Infrastructure

Identity management components
Oracle Delegated Oracle
Single
Internet administration Certificate
Sign-On
Directory service Authority

Directory
integration

Product Identity Configuration
management management

Metadata repositories

2-17 Copyright © 2004, Oracle. All rights reserved.
Oracle Internet Directory and Security

2-18 Copyright © 2004, Oracle. All rights reserved.
Securing the Web Infrastructure

• Secure sockets layer (SSL) encryption can be
used to protect the Web site.
• Oracle Application Server provides a
comprehensive suite of security services,
including OracleAS Single Sign-On.
• The Single Sign-On server validates user
credentials against Oracle Internet Directory,
which is an LDAP directory service.

2-19 Copyright © 2004, Oracle. All rights reserved.
Summary

In this lesson, you should have learned to do the
following:
• Describe the solution areas addressed by Oracle
Application Server
• Describe the key components of Oracle
Application Server and their features

2-21 Copyright © 2004, Oracle. All rights reserved.
Analyzing the Oracle Application Server
Architecture

Copyright © 2004, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Explain the different installation options for Oracle
Application Server
• Explain the installation dependencies of Oracle
Application Server components
• Explain the request flow to various components

3-2 Copyright © 2004, Oracle. All rights reserved.
Oracle Application Server Products

Application Server Control is installed with each Oracle Application Server installation.

3-3 Copyright © 2004, Oracle. All rights reserved.
Oracle Application Server Installation
Types

Each Oracle Application Server product has
installation types that enable you to select the Oracle
Application Server components for your installation.

3-4 Copyright © 2004, Oracle. All rights reserved.
OracleAS Infrastructure Installation Types

• OracleAS Infrastructure components are grouped
into two categories:
– Identity Management components
– OracleAS Metadata Repository components
• During an OracleAS Infrastructure installation, you
can choose to install:
– Identity Management
– Metadata Repository
– Both Identity Management and Metadata Repository
• This provides you with the flexibility to install
different components on different systems or
databases.

3-5 Copyright © 2004, Oracle. All rights reserved.
OracleAS Middle-Tier Components
Installation Type
J2EE and Portal and BI and
Web Wireless Forms
Cache
OracleAS Web Cache X X X
Oracle HTTP Server X X X
Component

OracleAS Containers for J2EE X X X
(OC4J)
Oracle Enterprise Manager X X X
Application Server Control
OracleAS Portal X X
OracleAS Wireless X X
OracleAS Discoverer X
OracleAS Reports Services X
OracleAS Forms Services X
OracleAS Personalization X

3-6 Copyright © 2004, Oracle. All rights reserved.
Installation Types That Require
Infrastructure

• The following installation types need the OracleAS
Infrastructure as a prerequisite:
– Portal and Wireless
– Business Intelligence and Forms
• In a J2EE and Web Cache installation type, you
would require:
– OracleAS Metadata Repository to use Application
Server Cluster managed using database repository
– OracleAS Identity Management to use Single Sign-
On

3-8 Copyright © 2004, Oracle. All rights reserved.
OracleAS Infrastructure Components

Identity management components
Oracle Delegated Oracle
Single
Internet administration Certificate
Sign-On
Directory service Authority

Directory
integration

Product Identity Configuration
management management

Metadata repositories

3-9 Copyright © 2004, Oracle. All rights reserved.
Services and Components of OracleAS
Infrastructure
Service Description Component(s)
Product Metadata Schemas for • OracleAS Metadata
service components such as Repository
Portal and Wireless
Identity A consistent security • Oracle Internet Directory
Management model for all • OracleAS Single Sign-On
service applications. • Oracle Delegated
Single source of Administration Services
security metadata • Oracle Directory Integration
containing all and Provisioning
administration and
user privileges • OracleAS Certificate
Authority
Configuration Schemas containing • OracleAS Metadata
Management OracleAS instance Repository
service configuration

3-10 Copyright © 2004, Oracle. All rights reserved.
Order of Installing OracleAS Infrastructure
Components
• When you choose to install components on
different systems:
– First install the Metadata Repository
– Then install Identity Management components
• When you install both, the Installer uses the
correct order.
Installer

1
2
Metadata Identity
repository management

3-11 Copyright © 2004, Oracle. All rights reserved.
OracleAS Developer Kits

OracleAS Developer Kit enables the user to:
• Develop portlets
• Enable wireless applications
• Integrate Web sites with wireless devices
• Develop application provider Web services
• Create XML applications

3-12 Copyright © 2004, Oracle. All rights reserved.
Introducing OracleAS Deployments

• OracleAS Infrastructure and OracleAS middle tier
components can share the same database.
• Sharing a database for configuration management
and normal activity can become a performance
problem.

3-13 Copyright © 2004, Oracle. All rights reserved.
A Simple Oracle Application
Server Topology
Client tier Middle tier Infrastructure

PC Host Single
J2EE and Web cache
1 sign-on
Portal and wireless

OID
Cell
phone
Host Portal and wireless
2
BI and forms Metadata
repository

PDA

3-14 Copyright © 2004, Oracle. All rights reserved.
Using OracleAS Infrastructure

• The primary purpose of OracleAS Infrastructure is
to provide support for OracleAS Middle Tier
installations.
• OracleAS Infrastructure enables the deployment of
Single Sign-On, OID, and Oracle Application
Server Cluster that are managed using database
repository.

Host 1 Host 2
SSO
Portal and wireless
Metadata
OID
repository

3-15 Copyright © 2004, Oracle. All rights reserved.
Oracle Application Server
and Infrastructure

Two or more installations of Oracle Application Server
can share one OracleAS Infrastructure.

Host 1
Host 3
J2EE and Web cache
Portal and wireless SSO

Host 2
Metadata
OID
Business intelligence repository
and forms

J2EE and Web cache

3-16 Copyright © 2004, Oracle. All rights reserved.
OracleAS Web Cache
OracleAS
instances

Internet

Load OracleAS Data
balancer Web cache

3-17 Copyright © 2004, Oracle. All rights reserved.
OracleAS Portal
Web
providers
Parallel
OracleAS
page
engine
mod_oc4j

Oracle HTTP Server
Portal
cache
mod_plsql

Web
cache

Database
providers

3-18 Copyright © 2004, Oracle. All rights reserved.
OracleAS Wireless
Browsing
Browsers on
Laptops, PDAs, Phones

Voice
Cell Phone
Regular Phone

Messaging
E-mail, SMS, Fax,
Voice, Pager
OracleAS
Wireless
J2ME
J2ME

Wireless Mobile
User Channel connection platform Content

3-19 Copyright © 2004, Oracle. All rights reserved.
Wireless-Enabled Portal

OracleAS
PC Portal

HTTP

HTTP/HTML

Wireless
XML XML

WAP HTTP
Wireless
network
provider WML
HDML
Wireless WAP cHTML OracleAS
client gateway Wireless

3-20 Copyright © 2004, Oracle. All rights reserved.
OracleAS Reports Service

Client Oracle application server Database

OC4J
Oracle reports
HTTP services
server
Reports
servlet Reports
server

3-21 Copyright © 2004, Oracle. All rights reserved.
OracleAS Forms Services

Client Oracle Application Server Database

OC4J Forms

Oracle
HTTP Forms Forms
server listener runtime
(OHS) servlet process

3-22 Copyright © 2004, Oracle. All rights reserved.
OracleAS Discoverer

3-23 Copyright © 2004, Oracle. All rights reserved.
OracleAS Personalization

Requests for
recommendations

Web
application Recommendation
engine
Mobile
application Recommendations
Predictive
Hello! We have recommendations for you. models

Call center
application
Historical data
Campaign
management

3-24 Copyright © 2004, Oracle. All rights reserved.
Summary

In this lesson, you should have learned:
• How the main components build the Oracle
Application Server architecture
• Which Oracle Application Server components are
included with the different installation types
• The dependencies between Oracle Application
Server installation options
• A simple deployment topology for Oracle
Application Server

3-25 Copyright © 2004, Oracle. All rights reserved.
Installing the OracleAS Infrastructure

Copyright © 2004, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Define the installation requirements for OracleAS
Infrastructure
• Describe OracleAS Infrastructure installation
types
• Install OracleAS Infrastructure
• Start and stop OracleAS Infrastructure

4-2 Copyright © 2004, Oracle. All rights reserved.
Services and Components of
OracleAS Infrastructure
Service Description Component(s)
Product Metadata Schemas for • OracleAS Metadata
service components such as Repository
Portal and Wireless
Identity •A consistent security • Oracle Internet Directory
Management model for all • OracleAS Single Sign-On
service applications • Oracle Delegated
•Single source of Administration Services
security metadata • Oracle Directory Integration
containing all and Provisioning
administration and
user privileges • OracleAS Certificate
Authority
Configuration Schemas containing • OracleAS Metadata
Management OracleAS instance Repository
service configuration

4-3 Copyright © 2004, Oracle. All rights reserved.
OracleAS Infrastructure
Installation: Overview

The installation of OracleAS Infrastructure involves the
following steps:
• Preinstallation tasks
– Check Metalink, installation guide, and release notes.
– Check requirements.
– Create OS users and groups as required.
• Installation
– Select the installation type and components to
configure.
– Postinstallation tasks and checks.

4-5 Copyright © 2004, Oracle. All rights reserved.
Minimum Requirements for OracleAS
Infrastructure
Solaris Windows Linux
CPU 296 MHz Pentium 450 MHz Pentium 450 MHz
SPARC
Disk 2.6 GB 3.9 GB 2.6 GB

Memory 1 GB 1 GB 1 GB

Swap/Page Swap 700 MB Page 1GB Swap 700 MB

Temporary 512 MB 512 MB 512 MB

Monitor 256 Color 256 Color 256 Color

Operating Solaris 8 or 9 Windows NT, Red Hat Linux AS
System 2000 2.1

Oracle Application Server 10g is also available on other
platforms such as HP/Ux, AIX, and so on.

4-6 Copyright © 2004, Oracle. All rights reserved.
Setting Up the Environment

• Kernel parameters
• Environment variables:
– TMP
– DISPLAY
– ORACLE_HOME, ORACLE_SID (unset these)
• /etc/hosts file
• Default port for the metadata repository listener is
1521.

4-8 Copyright © 2004, Oracle. All rights reserved.
OracleAS Infrastructure:
Installation Steps

1. Welcome
2. Inventory Location
3. File Location
4. Product to Install
5. Installation Type
6. Preinstallation Requirement
7. Configuration Option
8. Identity Management Realm
9. Certificate Authority
10. Database Identification
11. Infrastructure instance

4-10 Copyright © 2004, Oracle. All rights reserved.
Starting the Installation

To start your installation in UNIX/Linux systems:
• Mount the installation CD-ROM drive.
• Insert your Oracle Application Server 10g Release
9.0.4 media into the drive.
• Run Oracle Universal Installer from the media.

4-12 Copyright © 2004, Oracle. All rights reserved.
Oracle Universal Installer

4-13 Copyright © 2004, Oracle. All rights reserved.
First Installation of Oracle Product

4-14 Copyright © 2004, Oracle. All rights reserved.
Specify File Locations Window

4-15 Copyright © 2004, Oracle. All rights reserved.
Select a Product to Install

4-16 Copyright © 2004, Oracle. All rights reserved.
Select Installation Type

4-17 Copyright © 2004, Oracle. All rights reserved.
Preview of Infrastructure Installation

4-19 Copyright © 2004, Oracle. All rights reserved.
Select Configuration Options

4-20 Copyright © 2004, Oracle. All rights reserved.
Specify Identity Management Realm

4-21 Copyright © 2004, Oracle. All rights reserved.
OracleAS Certificate Authority

4-22 Copyright © 2004, Oracle. All rights reserved.
Database Identification

4-23 Copyright © 2004, Oracle. All rights reserved.
Passwords and Database File Location

4-24 Copyright © 2004, Oracle. All rights reserved.
Database Character Set

4-25 Copyright © 2004, Oracle. All rights reserved.
Specify Instance Details

4-26 Copyright © 2004, Oracle. All rights reserved.
Summary of Installation

4-27 Copyright © 2004, Oracle. All rights reserved.
End of Installation Window

4-28 Copyright © 2004, Oracle. All rights reserved.
Postinstallation Tasks

• Set the ORACLE_HOME and ORACLE_SID variables.
• Include $ORACLE_HOME/bin in your $PATH.
• Verify the status of the following:
– Infrastructure database and its listener
– OracleAS Infrastructure instance and Components
– Application Server Control
• Note the port assignments for your installation.

4-29 Copyright © 2004, Oracle. All rights reserved.
Accessing the OracleAS Instance

4-30 Copyright © 2004, Oracle. All rights reserved.
Application Server Control

4-31 Copyright © 2004, Oracle. All rights reserved.
Verifying OID Server

4-32 Copyright © 2004, Oracle. All rights reserved.
Accessing the SSO Server

4-33 Copyright © 2004, Oracle. All rights reserved.
Starting and Stopping
OracleAS Infrastructure

• To start an OracleAS Infrastructure, start the
components in the following order:
1. Start the database listener.
2. Start the metadata repository database.
3. Start OracleAS Infrastructure instance processes.
4. Start Application Server Control.
• To stop an OracleAS Infrastructure, stop the
components in the following order:
1. Stop Application Server Control.
2. Stop OracleAS Infrastructure instance processes.
3. Stop the metadata repository database.
4. Stop the database listener.

4-34 Copyright © 2004, Oracle. All rights reserved.
Summary

In this lesson, you should have learned how to do the
following:
• Define the installation requirements for OracleAS
Infrastructure
• Describe OracleAS Infrastructure installation
types
• Install OracleAS Infrastructure
• Start and stop OracleAS Infrastructure

4-35 Copyright © 2004, Oracle. All rights reserved.
Installing the OracleAS Middle Tier

Copyright © 2004, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Describe the Oracle Application Server 10g Middle
Tier installation types and their requirements
• Perform preinstallation tasks
• Install the middle tier with BI and Forms
installation type
• Verify completion of the installation
• Access the installed OracleAS middle-tier
components

5-2 Copyright © 2004, Oracle. All rights reserved.
OracleAS Middle-Tier Installation
Phases: Overview

1. Preinstallation
• Check the requirements.
• Create the required OS users and groups.
• Set up the environment.
2. Installation
• Select an installation type and components to
configure.
• Provide required information to connect to OracleAS
Infrastructure.
3. Postinstallation
• Access the component Web pages.
• Verify the installation.

5-3 Copyright © 2004, Oracle. All rights reserved.
Preinstallation: OracleAS Middle Tier
Requirements
Solaris Windows Linux
CPU 296 MHz SPARC Pentium 450 MHz Pentium 450
MHz
Disk 1.5 GB 1.5 GB 1.5 GB

Memory 1 GB 1 GB 1 GB

Swap / Page Swap 1 GB Page 1GB Swap 1GB

Temporary 512 MB 512 MB 512 MB

Monitor 256 Color 256 Color 256 Color

Operating Solaris 8 or 9 Windows NT, Red Hat Linux
System 2000, 2003, XP AS2.1

5-4 Copyright © 2004, Oracle. All rights reserved.
Preinstallation: Setting Up the
Environment

The following must be verified before starting the
Installer:
• The environment variable DISPLAY is set.
– This variable enables you to run the Installer
remotely.
• The OS user installing should have permission to
write to the inventory directory.
• The host name file is configured correctly.
– <hostIP> <hostname.domain> <hostname> <alias>
Example:
– 123.456.789.012 myhost.mydomain myhost

5-5 Copyright © 2004, Oracle. All rights reserved.
Installation: Starting the Installer

To start your installation:
• Insert your Oracle Application Server media into
the drive.
• On Linux/UNIX:
– Mount the installation media
– Run Oracle Universal Installer from the media
• On Windows 2000:
– In the Autorun window that appears, choose
Install/Deinstall Products or run autorun.exe
directly from the AUTORUN directory on your media

5-6 Copyright © 2004, Oracle. All rights reserved.
Installation: Installer Steps Overview

5-7 Copyright © 2004, Oracle. All rights reserved.
Specifying File Locations

5-8 Copyright © 2004, Oracle. All rights reserved.
Selecting a Product

5-9 Copyright © 2004, Oracle. All rights reserved.
Selecting an Installation Type

Application Server Control is installed with each installation.

5-10 Copyright © 2004, Oracle. All rights reserved.
OUI: Selecting Component Configuration

5-11 Copyright © 2004, Oracle. All rights reserved.
Registering with OID

5-12 Copyright © 2004, Oracle. All rights reserved.
Using Metadata Repository

5-13 Copyright © 2004, Oracle. All rights reserved.
Instance Name and
ias_admin Password

5-14 Copyright © 2004, Oracle. All rights reserved.
Installer: Summary

5-15 Copyright © 2004, Oracle. All rights reserved.
Installer: End of Installation

5-16 Copyright © 2004, Oracle. All rights reserved.
Accessing the Application Server Control

5-17 Copyright © 2004, Oracle. All rights reserved.
Application Server Ports Page

5-18 Copyright © 2004, Oracle. All rights reserved.
Accessing the Component Home Pages

5-19 Copyright © 2004, Oracle. All rights reserved.
Accessing the Welcome Page

1

2

3

5-20 Copyright © 2004, Oracle. All rights reserved.
Accessing OracleAS Portal
Welcome Page

• Enter the following URL:
http://hostname.domain:port/pls/portal
• Log in as the portal user with the password used
for ias_admin user.

5-21 Copyright © 2004, Oracle. All rights reserved.
Accessing OracleAS Reports Services

Enter the following URL:
http://hostname.domain:port/reports/rwservlet

5-22 Copyright © 2004, Oracle. All rights reserved.
Accessing OracleAS Forms Services

Enter the following URL:
http://hostname.domain:port/forms90/f90servlet

5-23 Copyright © 2004, Oracle. All rights reserved.
Summary

In this lesson, you should have learned how to:
• Describe the Oracle Application Server installation
types
• Describe the requirements for different installation
types
• Perform preinstallation tasks
• Install BI and Forms type installation
• Verify completion of the installation
• Access the installed OracleAS middle-tier
components

5-24 Copyright © 2004, Oracle. All rights reserved.
Using Oracle Application Server
Management Tools

Copyright © 2004, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Start and stop Application Server Control
• Access OracleAS Component pages of the
Application Server Control
• Start and stop an OracleAS instance or a
component using:
– Application Server Control
– Oracle Process Monitoring and Notification
interface (opmnctl)
• Use dcmctl utility to obtain configuration
information

6-2 Copyright © 2004, Oracle. All rights reserved.
Oracle Application Server: Overview

• The Oracle Enterprise Manager Application Server
Control provides monitoring and administration
capabilities for each instance of Oracle
Application Server.
• Using Oracle Application Server, you can manage:
– Services such as hosts, databases, application
servers, and Web applications
– Hardware and software configurations across your
enterprise
• Oracle Enterprise Manager 10g Application Server
Control enables the management of Oracle
Application Server installations.

6-3 Copyright © 2004, Oracle. All rights reserved.
Application Server Control

OracleAS Installation 1

bi

Mgmt Agent
for OracleAS

OracleAS Installation 2

infra

Mgmt Agent
for OracleAS

6-4 Copyright © 2004, Oracle. All rights reserved.
The emctl Utility

• You can use emctl to start, stop, or check the
status of Application Server Control.

$> emctl start iasconsole
$> emctl stop iasconsole
$> emctl status iasconsole

• When you start or stop Application Server Control,
the management agent for Oracle Application
Server is also started or stopped.

6-5 Copyright © 2004, Oracle. All rights reserved.
Using Application Server Control

• Each Oracle Application Server installation has its
own Application Server Control.
• You should start the Application Server Control
process with the emctl utility before using the
Application Server Control.
emctl start iasconsole
• You can get the Application Server Control port
from the setupinfo.txt file in the
$ORACLE_HOME/install directory.
• Invoke the Web browser and access Application
Server Control using the following URL:
http://<hostname>:<emport>

6-6 Copyright © 2004, Oracle. All rights reserved.
Application Server Control: Home Pages

Application Server Control provides different home
pages:
• OracleAS Farm page:
– One or more OracleAS instances that are
associated with a common configuration repository
• OracleAS Instance Home page:
– A single OracleAS instance, either as a drill down
from the Farm page or an instance that is not
associated with the same configuration repository.
• OracleAS Component Home page: Available as a
drill down from any of the above home pages

6-7 Copyright © 2004, Oracle. All rights reserved.
OracleAS Farm Page

6-8 Copyright © 2004, Oracle. All rights reserved.
OracleAS Instance Home Page

6-9 Copyright © 2004, Oracle. All rights reserved.
Starting, Stopping, and Restarting
OracleAS Instances

6-10 Copyright © 2004, Oracle. All rights reserved.
Oracle Application Server Component
Home Pages

Each Oracle Application Server component has its
own Home page with the following elements:
• General information section:
– Providing state information
– Buttons for starting and stopping
• Status information:
– Showing CPU and memory usage
• Component-specific information
• Links to administrative functions

6-11 Copyright © 2004, Oracle. All rights reserved.
Starting, Stopping, and
Restarting Components

6-12 Copyright © 2004, Oracle. All rights reserved.
Obtaining Common Metrics
About Oracle Application Server

6-13 Copyright © 2004, Oracle. All rights reserved.
Log Viewer

6-14 Copyright © 2004, Oracle. All rights reserved.
Obtaining Information About
the Host Computer

6-15 Copyright © 2004, Oracle. All rights reserved.
OracleAS Host Home Page

6-16 Copyright © 2004, Oracle. All rights reserved.
Enabling SSL for Application Server
Control

You can SSL enable Application Server Control for
better security.
1. Stop Application Server Control

2. Secure Application Server Control

3. Start Application Server Control

6-17 Copyright © 2004, Oracle. All rights reserved.
Oracle Process Management and
Notification Server

• Oracle Process Manager and Notification Server
(OPMN) is the centralized process management
mechanism of Oracle Application Server.
• OPMN manages all Oracle Application Server
component processes except the OracleAS
Metadata Repository or the Application Server
Control.
• OPMN consists of:
– Oracle Process Manager
– Oracle Notification Server
– PM Modules

6-18 Copyright © 2004, Oracle. All rights reserved.
OPMNCTL Command

• opmnctl is the command-line interface of OPMN.
• Use Application Server Control or the opmnctl
command-line utility to start or stop Oracle
Application Server components.
• Some opmnctl command examples:
Purpose Command
Status of all the managed processes opmnctl status
Start the opmn process opmnctl start
Start opmn and the managed processes opmnctl startall

Stop opmn and the managed processes opmnctl stopall

Start the Oracle HTTP Server opmnctl startproc
process-type=HTTP_Server

6-19 Copyright © 2004, Oracle. All rights reserved.
Typical Startup Sequence

Following is a typical order to start up all instances:
1. Start OracleAS Metadata Repository listener.
2. Start OracleAS Metadata Repository database.
3. Use opmnctl to start OracleAS Infrastructure
instance.
4. Use emctl to start the Application Server Control
of OracleAS Infrastructure instance.
5. Use opmnctl from each OracleAS middle tier
instance to start the processes.
6. Use emctl from each OracleAS middle tier
instance to start the Application Server Control.

6-20 Copyright © 2004, Oracle. All rights reserved.
Typical Shutdown Sequence

Following is a typical order to shut down all instances:
1. Use emctl from each OracleAS middle tier
instance to stop the Application Server Control.
2. Use opmnctl from each OracleAS middle tier
instance to stop the processes.
3. Use emctl to stop the Application Server Control
of OracleAS Infrastructure instance.
4. Use opmnctl to stop the OracleAS Infrastructure
instance.
5. Stop OracleAS Metadata Repository database.
6. Stop OracleAS Metadata Repository listener.

6-21 Copyright © 2004, Oracle. All rights reserved.
Distributed Configuration Management

6-22 Copyright © 2004, Oracle. All rights reserved.
DCM and Metadata Repository

• The DCM repository contains the following:
– Topology information on Oracle Application Server
instances, clusters, and farms
– Configuration files for OHS, OC4J, OPMN, and Java
Authentication and Authorization Service
– Deployed J2EE applications
• DCM repository is stored in two ways:
– Database: In the OracleAS Metadata Repository as
DCM schema
– File based: In file structure in the middle tier
instance
• You can access either type of repository using the
dcmctl utility.
6-23 Copyright © 2004, Oracle. All rights reserved.
Using dcmctl

• dcmctl is the command-line utility to manually
manage configuration of your instance.
• Your can use dcmctl to implement scripted
control of your instance.
• Some examples of dcmctl commands:
Purpose Command
List instance components dcmctl listComponents
Refresh configuration information dcmctl resysncInstance
from metadata repository
Refresh configuration information dcmctl updateConfig
to the metadata repository
Create OC4J instance (of name dcmctl createComponent –ct
oc4j_test) oc4j –co oc4j_test

6-24 Copyright © 2004, Oracle. All rights reserved.
Using dcmctl in Batch Mode

• The dcmctl utility can be used to execute multiple
command in a batch mode:
dcmctl shell -f <script_file_name>
• The batch mode of the dcmctl utility can be used
to perform the following non-interactively:
– Deploy applications and validate EAR files.
– Archive instance configuration and deployed
applications.
– Restore instance to a specific configuration.
• Refer to the Oracle Application Server
documentation set to get more information on how
to use dcmctl in batch mode.

6-25 Copyright © 2004, Oracle. All rights reserved.
Management Tasks: Tools
Application dcmctl opmnctl
Server
Control
Start / stop/ restart instance and Yes Yes
components
Start / stop/ restart Clusters Yes Yes
Create OC4J instance Yes Yes
Create / join clusters Yes Yes
Deploy / undeploy / redeploy applications Yes Yes
Enable / disable components Yes
Status (up/down) of instance and Yes Yes
components
Backup and restore configurations Yes
Configure installed (but unconfigured) Yes
components

6-26 Copyright © 2004, Oracle. All rights reserved.
OracleAS Hi-Av Tool
(iHAT)

• iHAT is a monitoring tool that provides a graphic
snapshot of all processes managed by OPMN:
– Grid View: Status of all OracleAS Instances in a
single window
– Instance View: Complete process topology view of
Oracle Application Server
– Routing View: Monitor routing relationships
between OHS and OC4J
• To invoke iHAT, use the command
– java –jar ihat.zip <host>:<port>
• Full list of iHAT options can be obtained with:
– java -jar ihat.zip -h

6-27 Copyright © 2004, Oracle. All rights reserved.
Monitoring with iHAT

6-28 Copyright © 2004, Oracle. All rights reserved.
Summary

In this lesson, you should have learned how to:
• Start and stop Application Server Control
• Access OracleAS Component pages of the
Application Server Control
• Start and stop an OracleAS instance or a
component using:
– Application Server Control
– Oracle Process Monitoring and Notification
interface (opmnctl)
• Use Distributed Configuration Management
Control (dcmctl) utility to manage configuration
information

6-29 Copyright © 2004, Oracle. All rights reserved.
Managing the Oracle Internet Directory

Copyright © 2004, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Explain Directory and LDAP concepts
• Describe Oracle Internet Directory (OID)
• Explain Oracle Internet Directory architecture
• Start and stop Oracle Internet Directory processes
• Identify various OID command-line tools
• Connect to and disconnect from the Directory by
using Oracle Directory Manager

7-2 Copyright © 2004, Oracle. All rights reserved.
What Is a Directory?

A directory is:
• A special-purpose distributed database
• Entry oriented
• Used for storing and retrieving entries
Applications that use directory services include:
• E-mail address books
• Corporate white papers store
• Centralized applications for managing credentials
and privileges
• Applications that configure and manage system
resources

7-3 Copyright © 2004, Oracle. All rights reserved.
Lightweight Directory Access Protocol
(LDAP)

• LDAP is a lightweight implementation of the
Directory Access Protocol (DAP).
• LDAP features include:
– Standards-based protocol
– Distributed servers
– Scalability and extensibility
– Security
– Data consolidation
– Fast searches

7-5 Copyright © 2004, Oracle. All rights reserved.
LDAP Components

An LDAP directory is organized in the form of a simple
hierarchical tree known as Directory Information Tree
(DIT).

Directory
Attributes
Information
Tree

7-7 Copyright © 2004, Oracle. All rights reserved.
Oracle Internet Directory (OID)

• Oracle Internet Directory is Oracle’s
implementation of LDAP version 3 directory
service.
• OID provides directory services to the Oracle
database and the Oracle Application Server.
• OID can support millions of entries and thousands
of concurrent client accesses on a single directory
node.
• OID implements sophisticated security
management with a robust security model for
protecting data from unauthorized access by
LDAP clients.

7-9 Copyright © 2004, Oracle. All rights reserved.
Security Benefits of OID

OID provides the following security benefits:
• Data integrity
• Data confidentiality
• Password protection
• Data access control

7-10 Copyright © 2004, Oracle. All rights reserved.
OID Architecture Overview

Oracle Database

7-11 Copyright © 2004, Oracle. All rights reserved.
OID Server Instance Architecture

LDAP Server Instance
Oracle Net
Oracle
LDAP OID Directory Oracle Net Listener/
Listener/ Server
Requests Dispatcher
Dispatcher

LDAP
Oracle
Clients
Directory Oracle
Server Oracle Net Database

Oracle
Directory
Server Oracle Net

7-12 Copyright © 2004, Oracle. All rights reserved.
OID Node Architecture Components
Oracle
Directory Oracle
Oracle LDAP LDAP Directory
Server
Directory Replication
Instance 1
Manager Server
non SSL
port 389
Oracle OS
OS
Directory
Server OID
OS
Instance 2 Monitor
SSL Enable (oidmon)
port 636
Oracle Net
OID Oracle Net
Oracle Net
Control Oracle
Utility Oracle Net
Database
(oidctl)

7-13 Copyright © 2004, Oracle. All rights reserved.
OID Server Processes

• You can connect to the OID server only if the OID
server instance is running.
• To start the OID server, you must start the OID
server processes in the following sequence:
– Start the OID Monitor utility.
– Start the server Instances using the OID Control
Utility.
• You must stop the OID server by stopping the OID
processes in the following sequence:
– Stop the server instance using OID Control.
– Stop OID Monitor.

7-15 Copyright © 2004, Oracle. All rights reserved.
Starting OID Monitor Process

• The OID Monitor process must be running to
process commands to start and stop the OID
server instance using OID Control utility.
• To start the OID Monitor:
– Set the NLS_LANG to a UTF8 appropriate language
– Set the TNS_CONNECT String

oidmon connect=OID1 sleep=20 start

7-16 Copyright © 2004, Oracle. All rights reserved.
Starting Oracle Internet Directory
Server Instance

• You can start an OID server instance only if the
OID Monitor process is running.
• Use the OIDCTL utility to start the OID server
instance.

oidctl connect=OID1 server=oidldapd instance=2
configset=3
flags='-p 3062 -debug 1024 -l'
start

7-17 Copyright © 2004, Oracle. All rights reserved.
OID Log Files

All the activities of the OID server are logged in the
$ORACLE_HOME/ldap/log/ directory, which includes
the following types of logs:
• oidmon.log from OID Monitor
• oidldapd*.log from OID LDAP servers
• oidrepld*.log from OID replication servers
• *.log from bulk loads

7-19 Copyright © 2004, Oracle. All rights reserved.
Stopping OID Server Instance

• Use the OIDCTL command to stop an OID server
instance.
• You must ensure that the OID Monitor process is
running, before stopping the OID server instance.

oidctl connect=OID1 server=oidldapd
instance=2 stop

7-20 Copyright © 2004, Oracle. All rights reserved.
Stopping OID Monitor Process

You can stop the OID Monitor process by using
the OIDMON utility.

oidmon connect=OID1 stop

7-21 Copyright © 2004, Oracle. All rights reserved.
OID Command-Line Tools

OID command-line tools can be classified as following:
• Bulk tools
• LDAP command-line tools

7-22 Copyright © 2004, Oracle. All rights reserved.
Using Bulk Tools

You can use the following bulk tools to perform bulk
data operation on the OID server:
• bulkload
• ldifwrite
• bulkmodify
• bulkdelete

7-23 Copyright © 2004, Oracle. All rights reserved.
Using LDAP Command-Line Tools

You can create and modify the data stored in the OID
server using the following commands:
• ldapadd
• ldapaddmt
• ldapbind
• ldapcompare
• ldapdelete
• ldapmoddn
• ldapmodify
• ldapmodifymt
• ldapsearch

7-24 Copyright © 2004, Oracle. All rights reserved.
Overview of Oracle Directory Manager

• Oracle Directory Manager (ODM) is a Java-based
GUI tool to maintain and administer Oracle
Internet Directory data.
• You can use ODM for the following tasks:
– Search, view, and maintain object classes
– Search and maintain an attribute
– Create and drop an index on an attribute
– Search, view, and maintain an entry
– Control access to OID entries
– Replication node management

7-25 Copyright © 2004, Oracle. All rights reserved.
Connecting to the OID Server

To connect to an OID server, you must specify:
• OID server host name
• OID server port

7-26 Copyright © 2004, Oracle. All rights reserved.
ODM Connect Dialog Box

7-27 Copyright © 2004, Oracle. All rights reserved.
Using ODM

You can use and navigate through ODM by using the
following controls:
• Menu

• Toolbars

• Navigation pane

7-29 Copyright © 2004, Oracle. All rights reserved.
ODM Navigation Pane

The navigation pane is to the left of the double window
interface, and has a tree-like structure.

7-30 Copyright © 2004, Oracle. All rights reserved.
Disconnecting from the OID Server

Disconnect Tool Button

7-31 Copyright © 2004, Oracle. All rights reserved.
Summary

In this lesson, you should have learned how to:
• Explain Directory and LDAP concepts
• Describe Oracle Internet Directory (OID)
• Explain Oracle Internet Directory architecture
• Start and stop Oracle Internet Directory processes
• Identify various OID command-line tools
• Connect to and disconnect from the Directory by
using Oracle Directory Manager

7-32 Copyright © 2004, Oracle. All rights reserved.
Managing and Configuring Oracle HTTP
Server

Copyright © 2004, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Explain the Oracle HTTP Server processing model
• Describe the Oracle HTTP Server modules
• Configure and manage Oracle HTTP Server using
Oracle Application Server to:
– Specify the server and file locations
– Control the number of processes and connections
– Manage network connections
– Configure and use server log files

8A-2 Copyright © 2004, Oracle. All rights reserved.
Introduction to Oracle HTTP Server

Oracle HTTP Server (OHS) provides a robust, reliable
Web server that is configured to:
• Provide a high availability infrastructure for
process management, death detection, and
failover with OracleAS Containers for J2EE (OC4J)
• Access Oracle components such as Forms,
Reports, Discoverer, and Portal via the Web
• Access database stored procedures with a PL/SQL
engine

8A-3 Copyright © 2004, Oracle. All rights reserved.
Oracle HTTP Server Modules

The Oracle HTTP Server extends the standard Apache
distribution.

mod_access mod_dms mod_oc4j

mod_alias mod_oprocmgr mod_oradav

... mod_ossl

mod_status mod_osso

mod_vhost_alias mod_plsql

Apache modules Oracle modules

8A-4 Copyright © 2004, Oracle. All rights reserved.
HTTP Server Processing Model

The httpd.pid file contains the process ID for the
parent process.
mod_xx
Parent process Child process
mod_xx
Child process

mod_xx
Child process
mod_xx
Child process

8A-6 Copyright © 2004, Oracle. All rights reserved.
Managing Processes and Connections

• On UNIX and Linux:
– StartServers
– MaxClients
– MaxSpareServers / MinSpareServers
– MaxRequestsPerChild
• On Windows NT:
– ThreadsPerChild
• On all operating systems:
– KeepAlive
– KeepAliveTimeout
– MaxKeepAliveRequests

8A-7 Copyright © 2004, Oracle. All rights reserved.
Starting, Stopping, and Restarting OHS

8A-9 Copyright © 2004, Oracle. All rights reserved.
Starting and Stopping the HTTP Server
Manually

• Oracle HTTP Server is managed by OPMN.
• To start and stop the OHS, run:
$> cd $ORACLE_HOME/opmn/bin
$> opmnctl startproc process-type=HTTP_Server
$> opmnctl stopproc process-type=HTTP_Server

• To obtain status information, run:
$> opmnctl status

8A-10 Copyright © 2004, Oracle. All rights reserved.
Directory Structure

Oracle Home

Apache
modplsql
Jserv
jsp
fastcgi
oradav
... htdocs

Apache conf
logs
cgi-bin
libexec
...

8A-11 Copyright © 2004, Oracle. All rights reserved.
Oracle HTTP Server Configuration Files

httpd.conf mod_oc4j.conf

mime.types

# jserv.conf
oracle_apache.conf

aqxml.conf

moddav.conf

plsql.conf

ojsp.conf

xml.conf

8A-12 Copyright © 2004, Oracle. All rights reserved.
Specifying File Locations

The following directives control the location of various
server files and can be specified in the server
configuration context:
• PidFile
• ScoreBoardFile
• CoreDumpDirectory
The following directives can be used in the server
configuration and virtual host contexts:
• DocumentRoot
• ErrorLog

8A-14 Copyright © 2004, Oracle. All rights reserved.
Oracle HTTP Server Home Page

8A-16 Copyright © 2004, Oracle. All rights reserved.
Configuring the Oracle HTTP Server

• Directives are used to configure Oracle HTTP
Server to meet your needs.
• Server-level configuration directives apply to the
Oracle HTTP Server globally.
• Container directives create a limited scope for the
directives that are defined within them.
• Per-directory configuration enables the server to
act like a container with directory scope in the
main configuration files. The default name for the
per-directory configuration file is .htaccess.
• The configuration tiers are applied hierarchically.

8A-17 Copyright © 2004, Oracle. All rights reserved.
Controlling Access to the Application
Server

Server and server administrator options can be set
based on the main server or a virtual host:

Listen
UseCanonicalName On
ServerName
Port

8A-18 Copyright © 2004, Oracle. All rights reserved.
Modifying the Server Properties

8A-20 Copyright © 2004, Oracle. All rights reserved.
Specifying Listener and Port

8A-21 Copyright © 2004, Oracle. All rights reserved.
Administrative Directives

To make sure that the Oracle HTTP Server runs with
appropriate privileges, you must define the following
directives in your server configuration or virtual host
context:
• User
• Group
• ServerAdmin
• Servertokens

8A-22 Copyright © 2004, Oracle. All rights reserved.
Server Logs

$ORACLE_HOME/Apache/Apache/logs

PidFile httpd.pid

TransferLog access_log

CustomLog
ssl_engine_log
SSLLog
ssl_request_log

ErrorLog
error_log
Directives Logs

8A-23 Copyright © 2004, Oracle. All rights reserved.
LogLevel Directive

• The LogLevel directive applies to the context of
the server configuration and virtual hosts.
• It controls the number of messages.
• It can be set to one of the following: Emerg, Alert,
Crit, Error, Warn, Notice, Info, or Debug.
Example from httpd.conf:

### Section 2: 'Main' server configuration
#
ErrorLog logs/error_log
LogLevel warn

8A-25 Copyright © 2004, Oracle. All rights reserved.
Log Formats

The default format is the Common Log Format (CLF):
LogFormat "%h %l %u %t \"%r\" %>s %b" common

• %h: Remote host
• %l: Remote log name, if supplied
• %u: Remote user
• %t: Time in common log format
• %r: First line of request
• %s: Status
• %b: Bytes sent, excluding HTTP headers

8A-26 Copyright © 2004, Oracle. All rights reserved.
Resetting Log Files

• The access.log file grows by 1 MB for each
10,000 requests.
• You can reset log files by moving the log file and
then signaling Oracle HTTP Server to reopen the
log files:
$> mv access_log access_log.old
$> kill -1 'cat httpd.pid'

8A-27 Copyright © 2004, Oracle. All rights reserved.
Changing Error Log Properties

8A-28 Copyright © 2004, Oracle. All rights reserved.
Adding an Access Log File

8A-29 Copyright © 2004, Oracle. All rights reserved.
Managing Client Requests and
Connection Handling

8A-30 Copyright © 2004, Oracle. All rights reserved.
Advanced Server Properties

8A-31 Copyright © 2004, Oracle. All rights reserved.
Editing Server Configuration Files

8A-32 Copyright © 2004, Oracle. All rights reserved.
Getting the Server Status

Change your httpd.conf file to allow access from
specific IP addresses or machine name:
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 123.456.789.123
</Location>

• Set the directive to show extended status to on or
off in Section 1 of httpd.conf:
ExtendedStatus On

• Restart Oracle HTTP Server.

8A-33 Copyright © 2004, Oracle. All rights reserved.
Monitoring Oracle HTTP Server

8A-34 Copyright © 2004, Oracle. All rights reserved.
Summary

In this lesson, you should have learned how to:
• Explain the Oracle HTTP Server processing model
• Describe Oracle HTTP Server modules
• Configure and manage Oracle HTTP Server using
Oracle Application Server to:
– Specify the server and file locations
– Limit the number of processes and connections
– Manage the network connections
– Configure and use server log files
– Edit the server configuration files

8A-35 Copyright © 2004, Oracle. All rights reserved.
Configuring Directives and Virtual Hosts

Copyright © 2004, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Describe the configuration directives and their
scope
• Describe the process of merging containers and
contents
• Configure directories, and enable directory
indexes
• Set up virtual hosts
• Use configuration directives such as Option,
Alias, and ScriptAlias

8B-2 Copyright © 2004, Oracle. All rights reserved.
Configuration Contexts

Server Context Directory Context
httpd.conf 1
.htaccess
<VirtualHost>
AuthConfig
2 <Directory>

3 <Files> Limits

4 Options

FileInfo
<Location>
Indexes
5

8B-3 Copyright © 2004, Oracle. All rights reserved.
Container Directives

• Container directives have opening and closing
tags that surround other directives.
• Every directive within a container's tag affects
only what that container refers to.
• Any directive that does not appear within a
container applies to the entire server.
<VirtualHost>

<Directory>, <DirectoryMatch> <Files>, <FilesMatch>

<Location>, <LocationMatch> <Limit>, <LimitExcept>

8B-5 Copyright © 2004, Oracle. All rights reserved.
Block Directives

Block directives limit the scope of application of other
directives within them.
<IfModule mod_userdir.c>
UserDir public_html
</IfModule>

8B-6 Copyright © 2004, Oracle. All rights reserved.
Merging Containers and Contents

The directives are merged in the following order:
1. Directives inside nonregular expression
Directory containers and .htaccess directives
are processed simultaneously, with the .htaccess
directives overriding the directives of the
Directory container.
2. DirectoryMatch containers are applied.
3. Directives from the Files and FilesMatch
containers are merged.
4. The last ones to be applied are Location and
LocationMatch.

8B-7 Copyright © 2004, Oracle. All rights reserved.
Context Merging and Inheritance

• To match objects at the file-system level, use
<Directory> or <Files>.
• To match URLs, use <Location>.
• <Location> containers are processed last,
although the URL is what the user applies first.
• Using an <Options> directive inside a <Files>
section has no effect.

8B-8 Copyright © 2004, Oracle. All rights reserved.
Where the Directives Can Be Specified

• The directives can be specified within:
– Server-level configuration section
– Virtual host container
– Directory (including Location and Files)
container
– .htaccess file
• Limit or LimitExcept containers may not
include other containers, but may include any
other directive.

8B-9 Copyright © 2004, Oracle. All rights reserved.
<Directory> Directive

The Directory contains a group of directives that apply
to the named directory and subdirectories.

<Directory />
Options none
AllowOverride none
</Directory>

<Directory /home/www/*>
AllowOverride all
</Directory>

8B-11 Copyright © 2004, Oracle. All rights reserved.
<Files> and <Location>

• <Files> matches files instead of directories:
<Directory /ias20/public/images>
<Files *.gif>
SetHandler /cgi-bin/process-image.cgi
</Files>
</Directory>

• <Location> applies to a URL:
<Location /server-info>
SetHandler server-info
</Location>

8B-12 Copyright © 2004, Oracle. All rights reserved.
<VirtualHost> Directive

Allows additional hosts and Web sites to be defined
alongside the main server:
<VirtualHost www.host1.com>
DocumentRoot /usr/virtual/htdocs/customers
ServerName www.host1.com
ErrorLog /usr/virtual/h1/logs/error_log
</VirtualHost>
<VirtualHost www.host2.com>
DocumentRoot /usr/virtual/htdocs/internal
ServerName www.host2.com
ErrorLog /usr/virtual/h2/logs/error_log
</VirtualHost>

8B-14 Copyright © 2004, Oracle. All rights reserved.
Defining Virtual Hosts

• IP-based and name-based virtual hosts are defined
with the VirtualHost container directive.
• The VirtualHost container includes a set of
alternative directives to the main server, such as:

ServerAdmin
ServerName
DocumentRoot
ErrorLog
CustomLog
Directory
Location

8B-15 Copyright © 2004, Oracle. All rights reserved.
Using IP-Based Virtual Hosts

A virtual host can be IP-based:

<VirtualHost 130.35.174.159 205.134.38.199>
ServerName www.oracle.com
ServerAdmin Webmaster@oracle.com
DocumentRoot /oras/oracle/www
ErrorLog /oras/oracle/logs/error_log
TransferLog /oras/oracle/logs/access_log
</VirtualHost>

8B-17 Copyright © 2004, Oracle. All rights reserved.
Using Name-Based Virtual Hosts

A virtual host can be name based:
NameVirtualHost 205.134.38.199
VirtualHost www.host1.com>
DocumentRoot /usr/virtual/htdocs/customers
ServerName www.host1.com
ErrorLog /usr/virtual/h1/logs/error_log
</VirtualHost>
<VirtualHost www.host2.com>
DocumentRoot /usr/virtual/htdocs/internal
ServerName www.host2.com
ErrorLog /usr/virtual/h2/logs/error_log
</VirtualHost>

8B-18 Copyright © 2004, Oracle. All rights reserved.
Configuring Virtual Hosts

8B-19 Copyright © 2004, Oracle. All rights reserved.
Controlling Allowed Features

• Use Options to enable and disable features:

Options ExecCGI FollowSymLinks

• Use AllowOverride to control overrides:
AllowOverride FileInfo Indexes

8B-20 Copyright © 2004, Oracle. All rights reserved.
Options Parameters

• All
• ExecCGI
• FollowSymLinks
• SymLinksIfOwnerMatch
• Includes
• IncludesNOEXEC
• Indexes
• MultiViews
• None

8B-21 Copyright © 2004, Oracle. All rights reserved.
Using Options
Example A
# Using Absolute Options
<Directory /web/docs>
Options Indexes FollowSymLinks
</Directory>
<Directory /web/docs/spec>
Options Includes
</Directory>
Example B
# Using Relative Options
<Directory /web/docs>
Options Indexes FollowSymLinks
</Directory>
<Directory /web/docs/spec>
Options +Includes -Indexes
</Directory>

8B-23 Copyright © 2004, Oracle. All rights reserved.
Enabling Server-Side Includes (SSI)

An example of using Options to enable the execution
of SSI:

<Location /ssidocs>
Options +Includes
AddHandler server-parsed .shtml
</Location>

8B-24 Copyright © 2004, Oracle. All rights reserved.
Overriding Directives
with the Per-Directory Configuration

• Oracle HTTP Server allows the server
configuration to be supplemented with the
following per-directory configuration files:
– .htaccess file
– AllowOverride
All, AuthConfig, Limit, FileInfo,
Indexes, Options, None
• Using directives outside of the standard
configuration files may cause the configuration
repository to be out of sync.

8B-25 Copyright © 2004, Oracle. All rights reserved.
Directory Indexing

• Enable or disable directory indexing:
Options +Indexes

• Use DirectoryIndex to change the default file
displayed:
DirectoryIndex index.html index.htm

• Specify a nonrelative URL as a last resource to
prevent generating an index for the directory.

DirectoryIndex index.html /cgi-bin/error404.cgi

8B-27 Copyright © 2004, Oracle. All rights reserved.
Controlling Directory Listings
with IndexIgnore

Prevent files from appearing in the directory listing
by using the IndexIgnore directive:

IndexIgnore .??* *~ *# *.bak HEADER* README*

8B-29 Copyright © 2004, Oracle. All rights reserved.
Error and Response Handling

Error and response codes:
Category Meaning
100+ Informational
200+ Client request successful
300+ Client request redirected, further action necessary

400+ Client request incomplete
500+ Server errors

The ErrorDocument directive:
ErrorDocument 404 "Sorry, document not found
ErrorDocument 404 /errors/notfound.html
ErrorDocument 500 /errors/fake404.cgi

8B-30 Copyright © 2004, Oracle. All rights reserved.
Expires Header

Expires headers are used to control the caching
behavior for Web content.
• To enable the sending of Expires headers:
ExpiresActive on
• To set a default expiration time:
ExpiresDefault A2419200
ExpiresDefault M86400
ExpiresDefault "access plus 1 month"

• To set expiration times by media type:
ExpiresByType image/gif A2419200

8B-32 Copyright © 2004, Oracle. All rights reserved.
Alias, AliasMatch, and ScriptAlias

Aliases allow accesses to resources from a location
other than the DocumentRoot directory:
• Use Alias to store documents elsewhere:

Alias /soapdocs/ /ias/soap/

• AliasMatch allows you to use regular
expressions:
AliasMatch /images/(.*)\.gif$ /ias/images/$1.gif

• Use ScriptAlias to store scripts elsewhere and
mark them as CGI scripts:
ScriptAlias /cgi-bin/ /ias/Apache/Apache/cgi-bin/

8B-34 Copyright © 2004, Oracle. All rights reserved.
Summary

In this lesson, you should have learned how to:
• Use the configuration directives and their scope
• Configure directories, and enable directory
indexes
• Set up virtual hosts
• Use configuration directives such as Option,
Alias, and ScriptAlias

8B-35 Copyright © 2004, Oracle. All rights reserved.
Configuring mod_rewrite

Copyright © 2004, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Use regular expressions for pattern matching
• Enable mod_rewrite
• Configure mod_rewrite for business operations

8C-2 Copyright © 2004, Oracle. All rights reserved.
Regular Expressions

Regular expressions are used to operate on strings
and can be used for:
• Pattern matching
• Modifying a string
• Extracting a substring

8C-3 Copyright © 2004, Oracle. All rights reserved.
Matching Characters

Meta characters to be used with regular expressions
are:
• . (dot) matches any character
• [] specify a class (set of characters)
Examples:
• [a-z] matches any lowercase letter
• [a-zA-Z0-9] matches any character or any digit
• [abc$] matches "a ", " b ", " c " or " $ "
• [^0-9] matches anything except a digit
Meta characters are not active inside classes.

8C-4 Copyright © 2004, Oracle. All rights reserved.
Rules for Regular Expressions

The following rules apply to regular expressions:
• Regular expressions are case sensitive; “hello”
does not match “Hello.”
• Each character inside the search pattern is
significant including whitespace characters
(space, tab, new line).
• Alternating text can be enclosed in parentheses
and alternatives separated with a pipe (|)
character.
For example, (on|ue|rida) matches " Monday“,
"Tuesday“, or "Friday."

8C-5 Copyright © 2004, Oracle. All rights reserved.
The Metacharacters ^ and $

There are two special characters that can be used to
search for lines starting or stopping with the matching
string:
• ^ matches the start of a line
• $ matches the end of a line
Examples:
• ^apache matches any line which starts with
apache
• apache$ matches any line that ends with
apache
• ^apache$ matches any line which consists of
just the word apache

8C-6 Copyright © 2004, Oracle. All rights reserved.
Quantifiers for Characters

Regular expressions also allow multipliers that modify
the behavior of the previous matching character:
• ? matches zero or one instance of the character.
• + matches one or more instances of the character.
• * matches zero or more instances of the
character.
Examples:
• test? matches tes and test.
• test+ matches test, testt, testtt, and so on.
• test* matches tes, test, testt, testtt, and so
on.

8C-7 Copyright © 2004, Oracle. All rights reserved.
“Escaped” Characters Literals

Characters that have a special meaning inside regular
expressions must be escaped:
• \? matches the ? character.
• \\ matches the \ character.
• \. matches the . character.

8C-8 Copyright © 2004, Oracle. All rights reserved.
Grouping Regular Expressions

• Grouping is useful to build units.
• The pattern
\/(Apache|MyApache|YourApache)\/Apache\/
conf matches the following paths:
– /Apache/Apache/conf
– /MyApache/Apache/conf
– /YourApache/Apache/conf

8C-9 Copyright © 2004, Oracle. All rights reserved.
Introduction to mod_rewrite

The mod_rewrite is a powerful tool to accomplish
URL manipulations:
• Restrict access to directories and files
• Conditional redirection of access
• Relocating servers, file systems, or directories
• Regeneration of static pages based on the HTTP
header variables

8C-10 Copyright © 2004, Oracle. All rights reserved.
Functioning of mod_rewrite

• The mod_rewrite module gets the rule sets from
its configuration structure.
• Rule sets are:
– Created on startup (for per-server context)
– Created during the directory walk of the Apache
kernel (for per-directory context)
• The mod_rewrite processes the rules in the order
they appear.
• The TestString is expanded before the condition is
checked against CondPattern.

8C-11 Copyright © 2004, Oracle. All rights reserved.
Rewrite: Example

1. Browser requests for /demo

2. There is a mod_rewrite directive

3. OHS rewrites URL to /daytime

8C-13 Copyright © 2004, Oracle. All rights reserved.
mod_rewrite Directives

• RewiteEngine [on / off]
– The RewriteEngine directive enables (on) or
disables (off) the runtime–rewriting engine.
– If it is set to off, this module does no run-time
processing.
• RewriteOptions
– The RewriteOptions directive sets inheritance of
the rule sets configuration.
• RewriteLog
– The RewriteLog directive sets the name of the file
to which the server logs rewriting actions.

8C-14 Copyright © 2004, Oracle. All rights reserved.
mod_rewrite Directives

• RewriteBase:
– RewriteBase sets the base URL for per-directory
rewrites.
• RewriteCond:
– RewriteCond defines a rule condition.
– This condition should be true before the
RewriteRule is processed.
– Precede a RewriteRule directive with one or
more RewriteCond directives.
– The rewriting rule is used only if its pattern matches
the current state of the URI and if the RewriteCond
conditions apply.

8C-15 Copyright © 2004, Oracle. All rights reserved.
mod_rewrite Directives

• The RewriteRule directive defines the rewriting
rule.
• The order of the rules is used when applying the
rules at run time.
• The rule contain a regular expression that gets
applied to the current URL.
• Substitution is the string that is substituted for the
original URL for which Pattern matched.
• For details on regular expressions, use the manual
pages: man regex.

8C-16 Copyright © 2004, Oracle. All rights reserved.
Rewrite Rule: Tips

. Any character Single Character
[abc] “a”, “b”, or “c” Single Character
[a-z] “a”, “b” … “z” Single Character
* Any number Many Characters
^ Beginning Position
$ End Position

8C-17 Copyright © 2004, Oracle. All rights reserved.
Redirecting: Examples

• All the documents that are served by the Web
server are moved to another subdirectory.
RewriteEngine on
RewriteRule ^/(.*)$ /newroot/$1 [R,L]

• Redirecting from one directory to another:
RewriteEngine on
RewriteRule ^/oldloc(.*)$ /newloc/$1 [R,L]

• Redirect based on the time of the day:
RewriteEngine on
RewriteCond %{TIME_HOUR}%{TIME_MIN} >1800
RewriteCond %{TIME_HOUR}%{TIME_MIN} <0800
RewriteRule ^/Demo(.*)$ /Offtime$1 [NC,R]

8C-18 Copyright © 2004, Oracle. All rights reserved.
Summary

In this lesson, you should have learned how to:
• Use regular expressions for pattern matching
• Enable mod_rewrite
• Configure mod_rewrite for business operations

8C-19 Copyright © 2004, Oracle. All rights reserved.
Managing and Configuring
OracleAS Web Cache

Copyright © 2004, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Start, stop, and restart OracleAS Web Cache
• Change passwords for administrative users and
listener ports
• Specify site-to-server mappings
• Create and configure caching rules
• Set up basic invalidation mechanism
• Set up expiration rules
• Configure access and event logs
• Obtain basic performance statistics

9-2 Copyright © 2004, Oracle. All rights reserved.
What Is OracleAS Web Cache?
OracleAS

AppSrv1
HTTP/HTTPS
P1

P2 Data

P3 AppSrv2
OracleAS
Web Cache

AppSrv3

9-3 Copyright © 2004, Oracle. All rights reserved.
OracleAS Web Cache Architecture
OracleAS

AppSrv1
HTTP/HTTPS
P1

P2 Data

P3 AppSrv2
OracleAS
Web Cache

AppSrv3

9-4 Copyright © 2004, Oracle. All rights reserved.
How Does OracleAS Web Cache Work?

OracleAS Application
Web Cache server
Web
browser 3 5

4

7 6

IP Address: IP Address:
1
2 144.25.190.240 144.25.190.245

www.mycompany.com
144.25.190.240
DNS Server

9-5 Copyright © 2004, Oracle. All rights reserved.
OracleAS Web Cache Concepts

• Populating OracleAS Web Cache
• Cache freshness and performance assurance
– Expiration (rule based)
– Invalidation (event based)
• Cache hit and cache miss responses
• Caching dynamically-generated content
• Edge Side Include (ESI)
– Partial page caching
– Content assembly

9-6 Copyright © 2004, Oracle. All rights reserved.
Administering OracleAS Web Cache

• Starting and stopping OracleAS Web Cache
• Invalidating documents in the cache
• Evaluating event logs
• Evaluating access logs
• Monitoring Web Cache statistics

9-8 Copyright © 2004, Oracle. All rights reserved.
OracleAS Web Cache Home Page

9-9 Copyright © 2004, Oracle. All rights reserved.
OracleAS Web Cache Manager

9-10 Copyright © 2004, Oracle. All rights reserved.
Using opmnctl to Start and Stop OracleAS
Web Cache

• You can use the opmnctl utility to start, stop, and
restart OracleAS Web Cache processes.

$ opmnctl startproc ias-component=WebCache

$ opmnctl stopproc ias-component=WebCache

$ opmnctl restartproc ias-component=WebCache

• In a stand-alone Web Cache installation, you can
use webcachectl to start and stop Web Cache.
$ webcachectl start

9-11 Copyright © 2004, Oracle. All rights reserved.
Using Application Server Control to Start
and Stop OracleAS Web Cache

9-12 Copyright © 2004, Oracle. All rights reserved.
Modifying Security Settings

3
2
1

9-13 Copyright © 2004, Oracle. All rights reserved.
Configure Listening Ports for Requests

9-15 Copyright © 2004, Oracle. All rights reserved.
Specifying Origin Server Settings

1

2

9-16 Copyright © 2004, Oracle. All rights reserved.
Site Definitions
Application Web server
www. 1st. comp.com:80

Host 1 Host 2

Application Web server www.
Host 3
Browser Web cache 2nd. comp.com:80

Host 4 Host 5
Application Web server
www. *. comp.com:80

9-18 Copyright © 2004, Oracle. All rights reserved.
Configuring Site Definitions

1

2

9-19 Copyright © 2004, Oracle. All rights reserved.
Configuring Site to Server Mapping

2
1

3

9-21 Copyright © 2004, Oracle. All rights reserved.
Caching Rules: Overview

• Caching rules specify whether or not to cache
content, and determine what content to cache:
– Static documents
– Multiple-version URLs
– Personalized pages
– Pages that support session tracking
– HTTP error messages
– URLs that match with regular expressions
– URL trees that contain a document or a subtree
• Caching is based on priority rules (top is highest).
• Rules also specify the caching of static versus
dynamic content.

9-23 Copyright © 2004, Oracle. All rights reserved.
Predefined Caching Rules

9-24 Copyright © 2004, Oracle. All rights reserved.
Rules for Caching, Personalization, and
Compression

The Priority column specifies the order in which the
rules are processed:

9-25 Copyright © 2004, Oracle. All rights reserved.
Creating Caching Rules

9-26 Copyright © 2004, Oracle. All rights reserved.
Edit Cacheability Rules

9-28 Copyright © 2004, Oracle. All rights reserved.
Expiration Rules

• When a cached object has a predictable time for
usefulness, you can specify the expiration rule for
that object.
• There are three options for setting expiration
rules:
– Specified time after entry into cache
– Specified time after the document is created
– Specified as per HTTP Expires header
• Expired objects can be processed in two ways:
– Refresh immediately
– Refresh on demand and no later than the specified
time after expiration

9-30 Copyright © 2004, Oracle. All rights reserved.
Defining Expiration Rules

Expire:
• After cache
entry
• After document
creation
• Based on the
HTTP header
Remove documents:
• Immediately
• Based on
– Stale versus
fresh

9-31 Copyright © 2004, Oracle. All rights reserved.
Invalidation Messages

Trigger

Programmatic

Internet

Origin server Database
Web cache
Web cache
Manual or manager
script

POST /x-oracle-cache-invalidate HTTP/1.0
X-Oracle-Cache-Invalidate-URL-Prefix: /catalog
X-Oracle-Cache-Invalidate-Level: 0

9-32 Copyright © 2004, Oracle. All rights reserved.
Basic Content Invalidation

1

9-34 Copyright © 2004, Oracle. All rights reserved.
Rules for Multiple-Version Documents
Containing Cookies

Cookie Name Value
ec-400-id-acctcat=CUSTOMER
ec-400-id-acctcat=WALKIN

Same URL

9-35 Copyright © 2004, Oracle. All rights reserved.
Performance Assurance
and Surge Protection

Web Cache uses a patent-pending performance
assurance logic to ensure that:
• Invalidation of a large number of objects in the
cache does not result in a surge
• Load on the Web server and database is
dampened
• Capacity heuristics are based on:
– Request queue length
– Document popularity
– Document validity
– Invalidation age

9-36 Copyright © 2004, Oracle. All rights reserved.
Caching Dynamic and Partial Pages

Caching dynamic pages:
• Cookies or embedded URLs enable OracleAS Web
Cache to recognize cacheability rules for pages
with:
– Multiple versions of the same document
– Personalized attributes
– Session information
Caching partial pages:
• OracleAS Web Cache provides dynamic assembly
of Web pages with both cacheable and
noncacheable page fragments, using ESI tags.

9-37 Copyright © 2004, Oracle. All rights reserved.
Specifying Additional Listening Ports

9-39 Copyright © 2004, Oracle. All rights reserved.
Changing Operations Ports

9-40 Copyright © 2004, Oracle. All rights reserved.
Logging Events and Accessing
Information

• The OracleAS Web Cache events and errors are
stored in an event log.
• The access log contains information about the
HTTP requests sent to OracleAS Web Cache.
• You can configure the content of the access log
files by defining the fields to appear for each HTTP
request event.

9-41 Copyright © 2004, Oracle. All rights reserved.
Configuring Access Log

9-42 Copyright © 2004, Oracle. All rights reserved.
Configuring Event Log

9-43 Copyright © 2004, Oracle. All rights reserved.
Configuring Rollover Frequency

• Hourly rollover
• Rollover at specified times of the day
• Allows user to manually rollover access log file
without shutting down Web Cache.

9-44 Copyright © 2004, Oracle. All rights reserved.
Manual Rollover of Logs

9-45 Copyright © 2004, Oracle. All rights reserved.
Web Cache Statistics

• Last Modified - page generation time
• Oracle Web Cache Start Timestamp
• Time Since Start - Web Cache Uptime
• Number of Documents in Cache
• Cache Size (in bytes)
• Total Number of Bytes Written to cache
• Current Number of Open Connections

9-46 Copyright © 2004, Oracle. All rights reserved.
Summary

In this lesson, you should have learned to do the
following:
• Start, stop, and restart OracleAS Web Cache
• Change passwords for administrative users and
listener ports
• Specify site-to-server mappings
• Create and configure caching rules
• Set up basic invalidation mechanism
• Setup expiration rules
• Configure access and event logs
• Obtain basic performance statistics

9-47 Copyright © 2004, Oracle. All rights reserved.
Managing and Configuring OC4J

Copyright © 2004, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Create OC4J instances
• Start and stop OC4J instances
• Enable or disable application start up
• Configure an OC4J Instance properties
• Configure Web site and JSP properties
• Edit OC4J configuration files

10-2 Copyright © 2004, Oracle. All rights reserved.
Introduction to Managing OC4J

You can manage OC4J using:
• Application Server Control:
– Recommended management tool for any Oracle
Application Server installation
– Graphical interface to manage OC4J components,
clusters, and deploy applications
• Command-line utilities:
– opmnctl: Starts and stops OC4J Instance
– dcmctl: Creates OC4J Instance and deploys
applications

10-3 Copyright © 2004, Oracle. All rights reserved.
Creating an OC4J Instance
2

OC4J_Temp 3 4

5

10-4 Copyright © 2004, Oracle. All rights reserved.
Application Server Control: OC4J
Home Page

10-6 Copyright © 2004, Oracle. All rights reserved.
Starting and Stopping OC4J Instance

1

2

3

10-7 Copyright © 2004, Oracle. All rights reserved.
Starting and Stopping OC4J Instances
Using OPMN

• You can use the opmnctl utility to start and stop
all configured OC4J instances from the command
line.
• To start and stop the OC4J_Demos Instance:
$> opmnctl startproc process-type=OC4J_Demos
$> opmnctl stopproc process-type=OC4J_Demos
• To start and stop all OC4J instances:
$> opmnctl startproc ias-component=OC4J
$> opmnctl stopproc ias-component=OC4J

10-8 Copyright © 2004, Oracle. All rights reserved.
Disabling OC4J Instances

1 2

3

10-9 Copyright © 2004, Oracle. All rights reserved.
Enabling OC4J Instances

1

2

3

10-10 Copyright © 2004, Oracle. All rights reserved.
OC4J Configuration Basics

OC4J has three groups of configuration files:
• The mod_oc4j configuration files are:
– Used to administer the mod_oc4j module of the
Oracle HTTP Server
– In $ORACLE_HOME/Apache/Apache/conf
• OC4J Server configuration files are:
– Used to administer the OC4J Server
– In $ORACLE_HOME/j2ee/<instance>/config
• Two types of OC4J Application configuration files:
– J2EE-standard: Stored in /applications/<app-
name>
– OC4J-specific: Stored in /application-
deployments/<app-name>

10-11 Copyright © 2004, Oracle. All rights reserved.
OC4J Instance Configuration Files

OHS Configuration
File
mod_oc4j.conf

OC4J Instance Configuration Files
Server Configuration
server.xml Web site
jazn.xml*
default-web-
jazn-data.xml* site.xml
data-sources.xml
rmi.xml
jms.xml

10-12 Copyright © 2004, Oracle. All rights reserved.
Relationship of Configuration Files

When an application is deployed, an entry is made in the
\config\server.xml file:
<application name="app01"
path="../applications/app01.ear" />

The context root for this entry is defined in
/config/default-web-site.xml:
<web-app application="app01" name="app01"
root="/app01"/>

The modules of the application are defined in
\applications/app01/META-INF/application.xml:
<web><web-uri>webapp1.war</web-uri></web>

10-13 Copyright © 2004, Oracle. All rights reserved.
Sample server.xml File
<application-server
localhostIsAdmin="true"
application-directory="../applications"
deployment-directory="../application-deployments”
connector-directory="../connectors">
<rmi-config path="./rmi.xml" />
<jms-config path="./jms.xml" />
<log><file path="../log/server.log" /></log>
<global-applic ation name="default"
path="application.xml" />
<global-web-app-config
path="global-web-application.xml" />
<web-site path="./default-web-site.xml" />
<application name="app01"
path="../applications/app01.ear" />
...
</application-server>

10-14 Copyright © 2004, Oracle. All rights reserved.
Sample default-web-site.xml File

<web-site port="3301" protocol="ajp13"
display-name="Default OC4J Web Site">
<default-web-app application="default"
name="defaultWebApp" root="/j2ee"/>
<web-app application="default" name="dms"
root="/dmsoc4j"/>
<web-app application="app01" name="app01"
root="/app01"/>
<web-app application="BC4J" name="webapp"
root="/webapp"/>
<access-log
path="../log/default-web-access.log"/>

</web-site>

10-15 Copyright © 2004, Oracle. All rights reserved.
Configuring OC4J Using Application
Server Control

Click the Administration link in the OC4J Home page
to access the OC4J Administration page.

10-16 Copyright © 2004, Oracle. All rights reserved.
Server Properties Page: General Section

Click the Server Properties link in OC4J OC4J
Administration page to access the Server Properties.

10-17 Copyright © 2004, Oracle. All rights reserved.
Web Site Properties

10-18 Copyright © 2004, Oracle. All rights reserved.
JSP Properties

10-19 Copyright © 2004, Oracle. All rights reserved.
Advanced Properties

10-21 Copyright © 2004, Oracle. All rights reserved.
Application Deployment

• Deploying applications to Oracle Application
Server is simple.
• The deployer configures the OC4J Instance with
applications:
– Web, EJB, and J2EE applications
– Uses manual or automatic deployment methods
• The OC4J Instance verifies and deploys the
applications:
– It automatically deploys and redeploys new
applications.
– It generates the required OC4J-specific application
files.
– The OC4J Instance should be restarted.

10-22 Copyright © 2004, Oracle. All rights reserved.
OC4J Applications Page

10-23 Copyright © 2004, Oracle. All rights reserved.
Maintaining Applications

10-24 Copyright © 2004, Oracle. All rights reserved.
Maintaining Web Modules

10-25 Copyright © 2004, Oracle. All rights reserved.
Summary

In this lesson, you should have learned to do the
following:
• Create OC4J instances
• Start and stop OC4J instances
• Enable or disable application start up
• Configure an OC4J Instance properties
• Configure Web site and JSP properties
• Edit OC4J configuration files
• Configure deployed applications and Web
modules

10-26 Copyright © 2004, Oracle. All rights reserved.
Managing the OracleAS Portal

Copyright © Oracle, 2004. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Describe OracleAS Portal administrative services
• Describe tools to monitor the OracleAS Portal
instance
• Manage OracleAS Portal users, groups, and
schemas
• Administer the portlet repository
• Perform export and import of portal content

11-2 Copyright © Oracle, 2004. All rights reserved.
OracleAS Portal Administrative Services:
Overview

OracleAS Portal Administrative Services:
• Enable you to:
– Manage portal users and groups
– Set up security, search, and self-registration
features
– Configure language and mobile support
– Migrate content between OracleAS Portal instances
– Monitor performance of OracleAS Portal instances
• Are provided in the form of:
– Application Server Control
– Administrative portlets
– Configuration scripts

11-3 Copyright © Oracle, 2004. All rights reserved.
Managing the OracleAS Portal Instance
Using Application Server Control

You can use Application Server Control to monitor and
administer the OracleAS Portal instance.

11-4 Copyright © Oracle, 2004. All rights reserved.
OracleAS Portal Instance Home Page

11-5 Copyright © Oracle, 2004. All rights reserved.
Monitoring the OracleAS Portal Instance

Available tools and services:
• Oracle Enterprise Manager 10g Application Server
Control
• OracleAS Portal logging service
• OracleAS Portal activity reports
• mod_plsql performance logging service
• OracleAS Portal performance reports

11-6 Copyright © Oracle, 2004. All rights reserved.
Managing the OracleAS Portal Instance
Using Administrative Portlets
OracleAS Portal administrative portlets are:
• Grouped into three subtabs on the Administer tab
• Integrated with other Oracle Application Server
components

11-8 Copyright © Oracle, 2004. All rights reserved.
Default Portal Users

The following portal users are created upon
installation:
• ORCLADMIN
• PORTAL
OracleAS
• PORTAL_ADMIN Portal
• PUBLIC
Unauthenticated
sessions

PUBLIC

Authenticated
sessions

11-9 Copyright © Oracle, 2004. All rights reserved.
Default Portal Groups

• Basic groups
– AUTHENTICATED_USERS
– DBA
– PORTAL_ADMINISTRATORS
– PORTAL_DEVELOPERS
– PORTLET_PUBLISHERS
• Groups that support OracleAS Reports Services
– RW_BASIC_USER
– RW_POWER_USER
– RW_DEVELOPER
– RW_ADMINISTRATOR

11-10 Copyright © Oracle, 2004. All rights reserved.
OracleAS Portal Schemas

OracleAS metadata repository

OracleAS portal repository

PORTAL_PUBLIC PORTAL
OracleAS Portal OracleAS Portal
access schema product schema

Portal
users PORTAL_DEMO PORTAL_APP
OracleAS Portal OracleAS Portal
demo schema application
schema

11-12 Copyright © Oracle, 2004. All rights reserved.
Managing Passwords for the OracleAS
Portal Schemas

• Passwords are stored in OID.
• You must change the passwords using
Application Server Control.

11-13 Copyright © Oracle, 2004. All rights reserved.
Managing Portal Users and Groups

OracleAS Portal administrative portlets

Portal
administrator DAS
OracleAS
metadata repository
Oracle Internet
Directory (OID) Portal repository

OracleAS
administrator

User Group
User Group profiles profiles

11-14 Copyright © Oracle, 2004. All rights reserved.
Creating Portal Users

• Use the User portlet.
• Specify the following:
– Basic information
– Personal details
– Organizational details
– Photograph
– Telephone numbers
– Home/Office addresses
– Group membership
– Privilege assignment
– Resource access information for
Reports and Forms applications

11-15 Copyright © Oracle, 2004. All rights reserved.
Editing Portal User Profiles

• Use the Portal User Profile portlet.
• Configure the following:
– Enabling access to the portal
– The database schema to use
– The portal page for the user's
personal use
– The default group and style
– The default home page
– The default mobile home page
– Invalidation of the user’s portal
content in the Web Cache
– Global portal privileges

11-16 Copyright © Oracle, 2004. All rights reserved.
Mapping Portal Users to a Custom
OracleAS Portal Access Schema

Portal
administrator
My
Application Custom OracleAS Portal My Application
portal users access schema product schema
(MYAPP_PUBLIC) (MYAPP)

Default OracleAS Portal OracleAS Portal
access schema product schema
(PORTAL_PUBLIC) (PORTAL)
Portal users

11-18 Copyright © Oracle, 2004. All rights reserved.
Creating Portal Groups

• Use the Group portlet
• Specify the following:
– Basic information
– Group information
Public
Private
Enable group to be privileged
– Owners
– Members
– Privilege assignment

11-19 Copyright © Oracle, 2004. All rights reserved.
Editing Portal Group Profiles

• Use the Portal Group Profile portlet
• Configure the following:
– The default home page
– The default Mobile Home Page
– Global portal privileges

11-20 Copyright © Oracle, 2004. All rights reserved.
Assigning Privileges to OracleAS Portal
Users and Groups

You can assign the following privileges:
• Oracle Application Server privileges
– Stored in OID
– Managed using DAS
• OracleAS Portal global privileges
– Stored in the portal user and group profiles
– Managed using the Access page of the Portal User
Profile and Portal Group Profile portlets
• OracleAS Portal object privileges
– Stored in the Portal repository
– Managed using the Access tab of the object’s Edit
page

11-21 Copyright © Oracle, 2004. All rights reserved.
What Is the Portlet Repository?

The portlet repository stores registration information
about providers and their portlets that are available in
the OracleAS Portal instance.
OracleAS Portal repository
Add portlets

My Provider Portlet repository
• portlet1
• portlet2 Portlet1
•… My Provider
Portlet2
Portlet repository Portal
page group administrator

Portal user

11-22 Copyright © Oracle, 2004. All rights reserved.
Accessing the Portlet Repository

You can access the Portlet Repository in the Providers
tab of the Portal Navigator.

11-23 Copyright © Oracle, 2004. All rights reserved.
Displaying the Portlet Repository Page
Group
From the Portal Navigator

From the Portlet Repository portlet

11-24 Copyright © Oracle, 2004. All rights reserved.
Managing the Portlet Repository

You can perform the following management tasks:
• Register providers
• Update provider registration information
• Refresh the portlet repository and individual
providers
• Organize the Portlet Repository page group
• Secure the Portlet Repository page group

11-25 Copyright © Oracle, 2004. All rights reserved.
Registering a Provider

When you register the provider, OracleAS Portal:
• Contacts the provider for its registration
information
• Saves the provider registration information in the
portlet repository
• Grants the Manage privilege on the provider to the
user who registers the provider
• Sets the provider status to ONLINE

11-27 Copyright © Oracle, 2004. All rights reserved.
Updating the Provider Registration
Information

Use the Remote Providers portlet to:
• Change the display name of the provider
• Update connection information of the provider
• Grant and change access to the provider
• Change the provider status
• Clear the Web Cache entries for the provider

11-28 Copyright © Oracle, 2004. All rights reserved.
Organizing the Portlet Repository Page
Group

Organize the Portlet Repository
page group as needed by
• Creating standard pages
• Moving portlet items
between pages
• Rearranging portlet items
on the page
• Editing the Portlet
Repository style
• Editing the Portlet
Repository template

11-29 Copyright © Oracle, 2004. All rights reserved.
Securing the Portlet Repository Page
Group
Secure Portlet Repository pages

Secure individual
portlets

11-30 Copyright © Oracle, 2004. All rights reserved.
Invalidating the Portlet Cache

Invalidate the portlet content in the Web Cache when
you change access to the portlet.

11-31 Copyright © Oracle, 2004. All rights reserved.
Refreshing the Portlet Repository and
Individual Providers

• Updates registration
information about providers
and their portlets
• Updates the Portlet
Repository page group
• Invalidates cache entries in
the Web Cache for pages
that contain updated portlets
Refreshing the
portlet repository

Refreshing
individual
providers

11-32 Copyright © Oracle, 2004. All rights reserved.
Exporting and Importing Objects in
OracleAS Portal

• Use Export/Import utilities to:
– Support staging content on one or more OracleAS
Portal development instances for deployment to
OracleAS Portal production instances
– Consolidate multiple OracleAS Portal instances
– Deploy identical content across multiple OracleAS
Portal instances
• Perform Export/Import process between source
and target OracleAS Portal instances of the same
version

11-33 Copyright © Oracle, 2004. All rights reserved.
Exporting and Importing Objects in
OracleAS Portal
Source OracleAS Target OracleAS
Portal Instance Portal Instance

Saved
Portal transport set
objects Imported
Portal
objects transport
Exported set
transport set

-mode=export -mode=import

FTP transfer
Export/import Dump file Dump file Export/import
script script

11-34 Copyright © Oracle, 2004. All rights reserved.
Creating a New Transport Set

1. In the Navigator, select a portal object and click
the Export action.
2. Enter a meaningful title for the transport set.
3. Save the transport set for future editing or export
the transport set.

Saved Exported
transport set transport set

11-35 Copyright © Oracle, 2004. All rights reserved.
Editing a Saved Transport Set

• To edit a saved transport set from the
Export/Import Transport Set portlet:
– Select a transport set from the list of available
saved transport sets
– Use the wizard-based interface to:
Modify the security of portal objects in the set
Remove nonrequired portal objects from the set
• Add new portal objects to the set by selecting the
Add to An Existing Transport Set option of the
Export action from the Portal Navigator

11-36 Copyright © Oracle, 2004. All rights reserved.
Exporting a Transport Set

Steps to export a transport set:
1. Select a transport set from the list of available
saved transport sets.
2. Export the transport set.
3. View the export log output.
4. Download the export/import script.
5. Run the script in the EXPORT mode to generate a
dump file.
expimp.csh -mode EXPORT
-d mycompany_portal.dmp
-c infra_db -s portal -p fs61qat9

11-37 Copyright © Oracle, 2004. All rights reserved.
Importing the Transport Set

1. Run the script in the IMPORT mode to load the
dump file into the target OracleAS Portal instance.
expimp.csh -mode IMPORT -d mycompany_portal.dmp
-company mycompany
-c infra_db -s portal -p fs61qat9
-pu mc_admin -pp mc123

2. Select the transport set from the list of transport
sets ready for import.
3. Select the import mode.
4. Import the transport set.
5. Analyze the import log for possible errors.

11-39 Copyright © Oracle, 2004. All rights reserved.
Browsing Transport Sets

• View the status of the transport sets in the
OracleAS Portal instance.
• View the log of import and export actions.
• Delete transport sets from the OracleAS Portal
instance.

11-41 Copyright © Oracle, 2004. All rights reserved.
Summary

In this lesson, you should have learned how to:
• Describe OracleAS Portal administrative services
• Describe tools to monitor the OracleAS Portal
instance
• Manage OracleAS Portal users and groups
• List OracleAS Portal schemas
• Administer the Portlet repository
• Perform export and import of portal content

11-42 Copyright © Oracle, 2004. All rights reserved.
Configuring OracleAS Portal

Copyright © Oracle, 2004. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Describe OracleAS Portal configuration tasks
• Configure the Self-Registration feature to enable
users to create their own portal accounts
• Configure OracleAS Portal for WebDAV
• List the configuration modes of the Oracle Portal
Configuration Assistant (OPCA)
• Configure Language support
• Configure the OracleAS Portal instance
dependencies by using the Portal Dependency
Setting file

12-2 Copyright © Oracle, 2004. All rights reserved.
OracleAS Portal Configuration
Tasks: Overview

OracleAS Portal configuration tasks include:
• Setting up self-registration and search features
• Configuring language and mobile support
• Configuring OraDAV support for OracleAS Portal
access
• Relinking the OracleAS Portal instance with other
Oracle Application Server components

12-3 Copyright © Oracle, 2004. All rights reserved.
Self-Registration Feature in OracleAS Portal

4 PR OID

+
1

no
2 Account Details
3
• User name yes
• Password
•…
Portal user Approval Portal
required administrator

12-4 Copyright © Oracle, 2004. All rights reserved.
Configuring the Self-Registration Feature
in OracleAS Portal

1 4

2

3

12-5 Copyright © Oracle, 2004. All rights reserved.
Enabling the Self-Registration Feature in
the Login Portlet

Edit the default settings of the Login portlet to:
• Enable the self-registration feature link
• Define text and URL of the self-registration link

12-6 Copyright © Oracle, 2004. All rights reserved.
OraDAV Architecture

• WebDAV is a protocol extension to HTTP 1.1 that
supports distributed authoring and versioning.
• OraDAV extends implementation of WebDAV to
support connections to an Oracle database.

Oracle HTTP
Server

OraDAV OracleAS
WebDAV client mod_oradav driver Portal

oradav.conf
mod_dav File system
moddav.conf

12-7 Copyright © Oracle, 2004. All rights reserved.
Configuring OraDAV Support for OracleAS
Portal Access

Parameters in the oradav.conf file specify:
• DB connection (required)
• OraDAV driver (required)
• Other
<Location /dav_portal/portal>
DAV Oracle
DAVParam ORASERVICE cn=iasdb,cn=oraclecontext
DAVParam ORAUSER portal
DAVParam ORACRYPTPASSWORD
BQtXpWPMeBG29ifH3Mrw7mQrOtqk0utDvw==
DAVParam ORAPACKAGENAME
portal_schema.wwdav_api_driver
</Location>

12-8 Copyright © Oracle, 2004. All rights reserved.
OracleAS Portal Configuration
Assistant: Overview

OracleAS Portal Configuration Assistant (OPCA):
• Is a Java tool for configuring OracleAS Portal
• Is invoked by the Oracle Universal Installer (OUI)
in the post installation phase
• Can be invoked as ptlasst script from the
$IAS_HOME/assistants/opca directory in the
stand-alone mode

12-9 Copyright © Oracle, 2004. All rights reserved.
Linking an OracleAS Portal Instance

The MIDTIER mode of the OPCA enables you to link an
OracleAS Portal instance with other OracleAS
components. Identity
management
Middle-tier

OHS Registration
information
Web cache SSO Server, OID
Wireless Metadata
repository

OracleAS Portal
repository

12-10 Copyright © Oracle, 2004. All rights reserved.
Configuring Language Support

• OracleAS Portal supports 29 languages.
• OPCA installs supported languages in the
OracleAS Portal repository in the LANGUAGE
mode.
Note: Run the script for each language that you
want to install.

ptlasst.csh -mode LANGUAGE –i custom
Portal DB -c infra.mycompany.com:1521:iasdb
parameters -s portal -sp fs61qat9
Language -lang f
parameters -available

12-12 Copyright © Oracle, 2004. All rights reserved.
Setting Language for a Portal Session

The Set Language portlet enables you to select:
• Language for the current portal session
• Territory for the selected language to determine
localizations, such as date, currency, and decimal
formats (only if enabled by the page designer)

12-14 Copyright © Oracle, 2004. All rights reserved.
Configuring OracleAS Portal
Dependencies

• OracleAS Portal stores its dependencies on Oracle
Application Server components in the Portal
Dependency Setting file, the iasconfig.xml file.
• The Portal Dependency Setting file is located in
the $ORACLE_HOME/portal/conf directory on the
middle-tier machine.
• The Portal Dependency Setting tool, the
ptlconfig script, updates the OracleAS Metadata
Repository with current settings in the
iasconfig.xml file.

12-15 Copyright © Oracle, 2004. All rights reserved.
The Portal Dependency Setting File

The iasconfig.xml file structure:

iASConfig

iASFarm iASInstance PortalInstance

iASInstance WebCacheComponent WebCacheDependency

iASInstance OIDComponent OIDDependency

SSOComponent SSODependency

12-16 Copyright © Oracle, 2004. All rights reserved.
The Portal Dependency Settings Tool

Run the ptlconfig script to:
• Update the OracleAS Metadata Repository for a
specific or all Portal instances defined in the
Portal Dependency Settings file
• Encrypt all plain text passwords in the Portal
Dependency Settings file
• Update OracleAS Web Cache, Oracle Internet
Directory, Oracle Enterprise Manager, and
OracleAS Portal data, as defined in the Portal
Dependency Settings file

12-18 Copyright © Oracle, 2004. All rights reserved.
Summary

In this lesson, you should have learned how to:
• Describe OracleAS Portal configuration tasks
• Configure the Self-Registration feature to enable
users to create their own portal accounts
• Configure OracleAS Portal for WebDAV
• List the configuration modes of the Oracle Portal
Configuration Assistant (OPCA)
• Configure Language support
• Configure the OracleAS Portal instance
dependencies by using the Portal Dependency
Setting file

12-20 Copyright © Oracle, 2004. All rights reserved.
Deploying PL/SQL and CGI Applications

Copyright © 2004, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Configure mod_plsql
• Create a database access descriptor (DAD)
• Define authentication for PL/SQL applications
• Use Oracle PL/SQL Server Pages (PSPs)
• Configure mod_cgi and mod_fastcgi for Common
Gateway Interface scripts
• Configure mod_perl for the use of PERL
• Manage database providers and PL/SQL portlets

13-2 Copyright © 2004, Oracle. All rights reserved.
Overview

Oracle HTTP loadpsp
Server
Oracle PSP
mod_perl OS shell
PERL
interpreter

mod_fastcgi

mod_plsql

Oracle
database

13-3 Copyright © 2004, Oracle. All rights reserved.
The mod_plsql Module

• mod_plsql:
– Is an efficient PL/SQL interface for generating HTML
– Uses standard database security features; users can
be granted access to procedures but not to underlying
tables through the Owner’s/Definer’s Rights Model
– Enables you to reuse existing code and take
advantage of in-house PL/SQL skills
– Is productive; OracleAS Portal and Oracle Designer
have PL/SQL generators
• If you have a lot of HTML pages, you can use Oracle
PL/SQL Server Pages (PSPs) for rapid development
of dynamic content.

13-4 Copyright © 2004, Oracle. All rights reserved.
Communication Flow:
The Path of HTTP Requests
OHS
1
Listener
8
2

Auth. mod.
7
3
6
4 mod_plsql
5

Browser Oracle Application Server Oracle
client database

13-6 Copyright © 2004, Oracle. All rights reserved.
Enabling a PL/SQL Application

1. Configure the mod_plsql parameters.
2. Create a database access descriptor (DAD).
3. Restart Oracle HTTP Server.
4. Create a PL/SQL application.

13-7 Copyright © 2004, Oracle. All rights reserved.
mod_plsql Configuration Files

• The oracle_apache.conf file contains reference to
other mod_plsql configuration files.
• The httpd.conf file includes reference to
oracle_apache.conf file.
httpd.conf under $ORACLE_HOME/Apache/Apache/conf

oracle_apache.conf

plsql.conf under $ORACLE_HOME/Apache/modplsql/conf

dads.conf

cache.conf

13-8 Copyright © 2004, Oracle. All rights reserved.
plsql.conf file

This file contains the main directives to load
mod_plsql into the Oracle HTTP Server:

LoadModule plsql_module \
/ias20/Apache/modplsql/bin/modplsql.so
<IfModule mod_plsql.c>
#
include /ias20/Apache/modplsql/conf/cache.conf
include /ias20/Apache/modplsql/conf/dads.conf
...
</IfModule>

13-9 Copyright © 2004, Oracle. All rights reserved.
dads.conf File

• The dads.conf file contains the configuration
parameters for the PL/SQL database access
descriptor (DAD).
• A DAD is a set of values that specify how
mod_plsql connects to a database server to fulfill
an HTTP request.
<Location /pls/plsqlapp>
SetHandler pls_handler
...
</Location>

13-10 Copyright © 2004, Oracle. All rights reserved.
Configuring mod_plsql

An example of a typical PL/SQL application DAD:

<Location /pls/plsqlapp>
SetHandler pls_handler
AllowOverride None
PlsqlDatabaseUsername scott
PlsqlDatabasePassword tiger
PlsqlDatabaseConnectString host:port:service
...
# PlsqlAuthenticationMode Basic
</Location>

13-11 Copyright © 2004, Oracle. All rights reserved.
Obtaining Information About mod_plsql

13-13 Copyright © 2004, Oracle. All rights reserved.
Configuring DADs Using dads.conf

13-14 Copyright © 2004, Oracle. All rights reserved.
DAD Creation Wizard

13-15 Copyright © 2004, Oracle. All rights reserved.
Invoking a PL/SQL Application

Machine name Virtual path for Stored
and domain DAD location procedure

http://host:port/path/pack.proc?p1=1&p2=2

Network HTTP listener Stored Parameters
protocol port number package for procedure

13-16 Copyright © 2004, Oracle. All rights reserved.
Invoking a PL/SQL Application: Example 1

Oracle HTTP Server is configured with plsqlapp as
the DAD location, and the browser sends the following
URL:
http://myServer:7777/plsqlapp/myproc?p=Hello

13-17 Copyright © 2004, Oracle. All rights reserved.
Invoking a PL/SQL Application: Example 2

Specify a URL without providing a schema, package,
or stored procedure name.

http://myServer:7777/pls/plsqlapp

The location container that enables this behavior:

<Location /pls/plsqlapp>
SetHandler pls_handler
...
PlsqlDefaultPage scott.home
</Location>

13-18 Copyright © 2004, Oracle. All rights reserved.
Preventing the Execution
of PL/SQL Procedures

To exclude access to URLs containing specific
packages, add the following in the dads.conf file:

PlsqlExclusionList sys.*
PlsqlExclusionList dbms_*
PlsqlExclusionList utl_*
PlsqlExclusionList owa_*
PlsqlExclusionList owa.*
PlsqlExclusionList htp.*
PlsqlExclusionList htf.*
PlsqlExclusionList oracle.private.*

13-19 Copyright © 2004, Oracle. All rights reserved.
Mod_plsql Caching

• The mod_plsql can cache repeatedly used SQL
statements and credentials to improve performance.
• Applications such as OracleAS Portal use this
feature.
• Two types of caching is used by mod_plsql:
– PL/SQL Cache
– Session Cookie Cache

13-21 Copyright © 2004, Oracle. All rights reserved.
cache.conf file

This file contains the cache settings for mod_plsql:

# Turn caching on or off
PlsqlCacheEnable On
# Set directory to write the cache files
PlsqlCacheDirectory /ias20/Apache/modplsql/cache
# Set the total size of the cache, this parameter
# takes bytes as the value, for 25 Megabyte:
PlsqlCacheTotalSize 25600000
PlsqlCacheCleanupTime Everyday 2:00
...

13-22 Copyright © 2004, Oracle. All rights reserved.
Troubleshooting

If you have problems connecting to the database:
• Ensure that the network connection is working
• Ensure that the TNS listener and database are
running
• Verify that the configured connection goes through
using OracleNet, or some other tool to connect
directly to the database
• Check the username and password information in
the DAD

13-24 Copyright © 2004, Oracle. All rights reserved.
PL/SQL Server Pages

Example: show_emp_simple.psp

<%@ page language="PL/SQL" %>
<%@ plsql procedure="show_emp_simple"%>
<HTML>
<HEAD><TITLE>Show Contents of HR.EMPLOYEES (Complete
Dump)</TITLE></HEAD>
<BODY>
<%
declare
dummy boolean;
begin

dummy:=owa_util.tableprint('employees','border=1');
end;
%>
</BODY>
</HTML>

13-25 Copyright © 2004, Oracle. All rights reserved.
Introducing the mod_cgi Module

• The Common Gateway Interface (CGI) is a
mechanism to provide dynamic content for a Web
page.
• CGI is not a programming language but a protocol
for scripts.
• When using mod_cgi, CGI scripts are loaded and
executed whenever a request for them is received.
• CGI scripts are handled either by mod_cgi or
mod_fastcgi and can be enabled by either
ScriptAlias or ExecCGI.
• There are CGI security issues.

13-26 Copyright © 2004, Oracle. All rights reserved.
Enabling CGI Scripts
and Improving Security

Using ScriptAlias is the easiest way to enable the
execution of CGI scripts in httpd.conf:

ScriptAlias /cgi-bin/ /ias20/Apache/Apache/cgi-bin
#Prevent the use of .htaccess in this directory
<Directory "/ias/Apache/Apache/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>

13-27 Copyright © 2004, Oracle. All rights reserved.
Working with CGI

• The execution of CGI scripts can also be enabled by
using the ExecCGI directive:
<Directory "ias20/Apache/Apache/cgi-bin">
AllowOverride None
Options ExecCGI
SetHandler cgi-script
order allow,deny
Allow from all
</Directory>

• Use the ScriptLog, ScriptLogLength, and
ScriptLogBuffer directives to obtain useful
information.
13-28 Copyright © 2004, Oracle. All rights reserved.
The mod_fastcgi Module

• FastCGI is a language-independent, scalable, open
extension to CGI that provides high performance by
pooling processes to handle a request rather than
spawning a new one each time a request is made.
• FastCGI consists of two components:
– An Apache module, mod_fastcgi, to route requests to
FastCGI servers.
– A development kit that allows programmers to write
FastCGI servers in C, C++, and PERL.

13-29 Copyright © 2004, Oracle. All rights reserved.
Benefits of FastCGI

This third-party module enhances the capabilities of
CGI, providing:
• Persistent processes for CGI applications
• Easy migration of existing CGI scripts
• Language independence supporting libraries for C,
C++, Java, PERL, and others
• Process isolation
• Portability, because FastCGI is nonproprietary
• Support for distributed computing

13-30 Copyright © 2004, Oracle. All rights reserved.
Enabling the FastCGI Server

FastCGI scripts are handled by mod_fastcgi and can
be enabled by ScriptAlias.

ScriptAlias /fcgi-bin/ /ias20/Apache/Apache/fcgi-bin
#Prevent the use of .htaccess in this directory
<Directory "/ias20/Apache/Apache/fcgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
SetHandler fastcgi-script
</Directory>

13-31 Copyright © 2004, Oracle. All rights reserved.
Overview of the mod_perl Module

• mod_perl is a built-in component of Oracle HTTP
Server.
• mod_perl integrates a complete PERL interpreter
(version 5.004).
• With mod_perl, you can run PERL CGI without
loading a PERL interpreter every time.
• mod_perl works by providing a handler,
perl_script.
• Access control or authentication can be done by a
mod_perl handler.

13-32 Copyright © 2004, Oracle. All rights reserved.
Controlling Dynamic Content
and Security

• Install all CGI and FastCGI scripts in a central
directory.
• Be careful with scripts that are not written by
yourself.
• Do not install scripts for which no source code is
available.
• Never install an interpreter, such as PERL or a shell,
directly in a CGI directory.
• Avoid starting a shell from a CGI script.
• If any external program is called, use a fully
qualified path name.

13-33 Copyright © 2004, Oracle. All rights reserved.
Database Providers and PL/SQL Portlets

• Database providers are PL/SQL packages that
communicate with OracleAS Portal.
• PL/SQL portlets are program units that implement
business logic and produce HTML output.
• Database providers and PL/SQL portlets use APIs
from Portal Developer Kit (PDK) and Web PL/SQL
Toolkit.
PL/SQL
Portlet1
OracleAS Portal
PL/SQL
Portlet2
Portlet repository Database
provider

13-34 Copyright © 2004, Oracle. All rights reserved.
Installing the Database Provider and Its
PL/SQL Portlets

1. Create a schema to store PL/SQL packages.
SQL> CREATE USER ORADBxx IDENTIFIED BY pwd;
SQL> GRANT CONNECT, RESOURCE TO ORADBxx;
2. Create synonyms to OracleAS Portal PL/SQL APIs.
SQL> CONNECT PORTAL/PORTAL_PWD
SQL> @PROVSYNS.SQL ORADBxx
3. Install the PL/SQL packages in the schema.
SQL> CONNECT ORADBxx/pwd
SQL> @MY_PROVIDER.SQL

13-35 Copyright © 2004, Oracle. All rights reserved.
Registering the Database Provider with
OracleAS Portal
1
2

3
4

5

13-36 Copyright © 2004, Oracle. All rights reserved.
Registering the Database Provider Using
OracleAS Portal

7
9

8

6

13-37 Copyright © 2004, Oracle. All rights reserved.
Adding the Portlet to a Portal Page

1

2

3

13-38 Copyright © 2004, Oracle. All rights reserved.
Summary

In this lesson, you should have learned how to:
• Access the configuration files
• Configure mod_plsql for PL/SQL applications
• Create a database access descriptor (DAD)
• Specify authentication for PL/SQL applications
• Enable the execution of CGI and FastCGI scripts
configuring mod_cgi and mod_fastcgi
• Configure mod_perl for the use of PERL
• Manage database providers and PL/SQL portlets

13-39 Copyright © 2004, Oracle. All rights reserved.
Deploying J2EE Applications

Copyright © 2004, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Deploy Web applications to Oracle Application
Server
• Configure data sources to be used with OC4J
• Provide necessary mappings for an Oracle
database
• Deploy J2EE applications
• Deploy and register Web providers

14-2 Copyright © 2004, Oracle. All rights reserved.
Deploying Web Application Modules
Using Application Server Control
1

2

3

14-3 Copyright © 2004, Oracle. All rights reserved.
Deploying Web Application Modules
Using dcmctl

The dcmctl utility allows you to deploy, redeploy, or
undeploy a WAR file manually:

dcmctl deployApplication –file
/private/myapp.war –a myapp –co home –rc
myapp

dcmctl redeployApplication –file
/private/myapp.war –a myapp –co home –rc
myapp

dcmctl undeployApplication –a myapp –co home

14-4 Copyright © 2004, Oracle. All rights reserved.
J2EE Architecture

OC4J server

EJB container
EJB client
Session
SessionBean
Bean Entity
EntityBean
Bean

Web container
Web client Servlet
Servlet Database

Enterprise Services
Naming Service, Transaction
Service, Security

14-5 Copyright © 2004, Oracle. All rights reserved.
Databases and J2EE

• Many J2EE applications use a database.
• J2EE applications are designed to be portable
across application servers, that is, not dependent
on operational details.
• Operational details are supplied by the deployer,
which provides logical-to-physical mappings.
• Data sources provide logical definitions of
databases.

14-6 Copyright © 2004, Oracle. All rights reserved.
Data Sources and the Deployer Role

4 Deploy OC4J

1 "Deploy this."
OC4J Deployed
Mappings J2EE App
Create
mappings
3
2
Consider local
Deployer database schema

14-7 Copyright © 2004, Oracle. All rights reserved.
Specifying Data Sources

• Global data sources for an OracleAS instance are
specified in the data-sources.xml file:
– Each data source is specified using an XML tag.
– Attributes specify values for the data source.
• Application-specific data source files use the
<data-sources> tag in application.xml.

$ORACLE_HOME/j2ee/home

config

application.xml Points to
data-sources.xml

14-8 Copyright © 2004, Oracle. All rights reserved.
Obtaining Data Source Information

14-9 Copyright © 2004, Oracle. All rights reserved.
Sample data-sources.xml File

Configuring a JDBC thin connection data source:
<data-source
class="com.evermind.sql.DriverManagerDataSource"
name="OracleDS"
location="jdbc/OracleCoreDS"
xa-location="jdbc/xa/OracleXADS"
ejb-location="jdbc/OracleDS"
connection-driver="oracle.jdbc.driver.OracleDriver"
username="scott"
password="tiger"
url="jdbc:oracle:thin:@localhost:5521:oracle"
inactivity-timeout="30"
/>

14-10 Copyright © 2004, Oracle. All rights reserved.
Creating a Data Source: General

The Create Data Source page includes the following
regions: General, Datasource Username and
Password, JNDI Locations, Connection Attributes, and
Properties.

14-11 Copyright © 2004, Oracle. All rights reserved.
Creating a Data Source: Username and
Password

14-12 Copyright © 2004, Oracle. All rights reserved.
Creating a Data Source: JNDI Locations

14-13 Copyright © 2004, Oracle. All rights reserved.
Creating a Data Source: Connection
Attributes and Properties

14-14 Copyright © 2004, Oracle. All rights reserved.
Enterprise JavaBeans

• Enterprise JavaBeans (EJB) is the server-side
component architecture for the J2EE platform.
• EJB enables rapid and simplified development of
distributed, transactional, secure, and portable
Java applications.
• EJB applications can be ported across platforms
without much difficulty.
• EJB applications are object oriented to allow
reuse of code.

14-15 Copyright © 2004, Oracle. All rights reserved.
EJB Structure

• EJB modules are packaged as an EJB Java
Archive (JAR) file.
• EJB deployment tools use a standard format for
packaging enterprise beans with their declarative
information.
• The ejb-jar.xml file contains:
– The deployment descriptor as specified by J2EE
– The run-time attributes of the bean
• Using the ejb-jar.xml file, you can specify the
run-time behavior of enterprise beans.

14-16 Copyright © 2004, Oracle. All rights reserved.
EJB and OC4J

• EJB modules can be deployed to any J2EE-
compliant server.
• Although the EJB module does not need to be
modified, the module needs to be mapped to its
server environment.
• The orion-ejb-jar.xml file provides the
mapping for an EJB module to OC4J.
• The EJB modules should be packaged into an
EAR before being deployed to Oracle Application
Server.

14-17 Copyright © 2004, Oracle. All rights reserved.
EJB Module
myApp.ear

ejb.jar

META-INF

ejb-jar.xml

orion-ejb-jar.xml

- OC4J-specific
- System provides it if not
provided by developer

<ejb>.class

<ejb>Bean.class

<ejb>Home.class

14-18 Copyright © 2004, Oracle. All rights reserved.
Specifying CMP Data Source

The files to configure the Data Source details for an
application are provided by the developers.

j2ee

config
application.xml Global Level
application-deployments
myApp
orion-application.xml Application Level
myEJB

orion-ejb-jar.xml EJB Level

14-19 Copyright © 2004, Oracle. All rights reserved.
Binding EJBs to Existing Tables

1. Set autocreate-tables to False.
2. Deploy yourEjb in yourApp.ear.
3. Get the generated orion-ejb-jar.xml file and
reconfigure it to target existing tables.

<orion-ejb-jar>
<enterprise-beans>
<entity-deployment table="yourTable">

14-20 Copyright © 2004, Oracle. All rights reserved.
Deploying J2EE Applications Using
Application Server Control

1. Navigate to the Applications properties page and
click Deploy EAR file.

2. Deploy Application

14-21 Copyright © 2004, Oracle. All rights reserved.
Deploying J2EE Applications Using
Application Server Control

3. URL Mapping for Web Modules page

4. Resource Reference Mappings page

14-22 Copyright © 2004, Oracle. All rights reserved.
Deploying J2EE Applications Using
Application Server Control

5. User Manager Page

14-23 Copyright © 2004, Oracle. All rights reserved.
Deploying J2EE Applications Using
Application Server Control

6. Security Role Mappings Page

7. Publish Web Services Page

8. Summary Page

14-24 Copyright © 2004, Oracle. All rights reserved.
Deploying J2EE Applications
Using dcmctl

• The OC4J instance must be running.
• The application can be deployed locally or to a
remote OC4J instance.
• Examples of deploying applications using dcmctl:
To the current OracleAS instance
$> dcmctl deployApplication \
> –file /export/users/myEAR.ear \
> –a myEAR –co home

To a specific (j2ee01) OracleAS instance
$> dcmctl deployApplication –i j2ee01 \
> - file /export/users/myEAR.ear \
> - a myEAR

14-25 Copyright © 2004, Oracle. All rights reserved.
Accessing Web Providers
Oracle Application
Thin client
Server
1 2
HTTP Oracle Net Services
Portal
6 repository

OC4J_Portal

5 3 Remote J2EE Container

Provider
SOAP
adapter
(XML over HTTP) 4

web.xml
Provider Portlets

14-26 Copyright © 2004, Oracle. All rights reserved.
Testing Web Providers
showTestPage=true

showTestPage=false

14-27 Copyright © 2004, Oracle. All rights reserved.
Registering Web Providers

• Web providers must be registered in OracleAS
Portal.
• The portlet developer should provide the detailed
deployment and registration instructions.

14-28 Copyright © 2004, Oracle. All rights reserved.
Registering Web Providers:
Provider Information

14-29 Copyright © 2004, Oracle. All rights reserved.
Registering Web Providers:
General Properties

• The administrator
defines the URL
property.
• The portlet
developer should
provide the values
for the other
properties in the
provider installation
instructions.

14-30 Copyright © 2004, Oracle. All rights reserved.
Registering Web Providers:
Control Access
• Grant Access
• Provider online
status:
– Online
– Offline
• Cache
invalidation:
– Clear cache: To
ensure that
privilege
changes take
effect
immediately

14-31 Copyright © 2004, Oracle. All rights reserved.
Adding the Portlet to a Portal Page

1

2

3

14-32 Copyright © 2004, Oracle. All rights reserved.
Summary

In this lesson, you should have learned how to:
• Deploy Web applications to Oracle Application
Server
• Identify the configuration file that stores data
sources
• Configure data sources to be used with OC4J
• Provide necessary mappings for an Oracle
database
• Deploy J2EE applications
• Deploy and register Web providers

14-33 Copyright © 2004, Oracle. All rights reserved.
Configuring Oracle Application Server
Components in OID

Copyright © 2004, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Describe identity management
• Explain the default Identity Realm
• Describe the OracleAS Administration Model
• Explain application-specific access control
• Manage users and groups
• Describe relationship between OracleAS Portal
and Oracle Internet Directory
• Identify OracleAS Portal entries in the directory
• Configure OID settings in OracleAS Portal

15-2 Copyright © 2004, Oracle. All rights reserved.
Identity Management: Overview

Identity management describes the set of processes
and strategies by which users are created and
managed in the enterprise application environment.
Web
application

Database

Operating
system

Legacy
system
Users
Directories

15-3 Copyright © 2004, Oracle. All rights reserved.
Benefits of Identity Management

For Administrators:
• Lower costs of user administration
• Improved user provisioning
• Better security through centralized management
of security policies and authorizations
• Scalable administration through delegation
For Users:
• Improved productivity through quicker access to
applications
• Improved usability with single user identity and
credentials, and application personalization

15-4 Copyright © 2004, Oracle. All rights reserved.
Oracle Identity Management

Oracle Identity Management Infrastructure
3rd-Party
OracleAS
Oracle Internet
Directory LDAP
Certificate Integration Directory
Directory
Authority Services

Delegated 3rd-Party
Provisioning OracleAS
Administration
SSO
Authentication
Service
Services Service

JAAS Roles, DB Enterprise Roles E-Biz Responsibility File permissions
Component access VPD Label Security, interpersonal rights,
Controls, Java2 .. secure mail,
Permissions,… service discovery, …

Oracle Oracle Oracle
Application Oracle RDBMS E-Business Collaboration
Server Suite Suite

15-5 Copyright © 2004, Oracle. All rights reserved.
Oracle Identity Management
Infrastructure

Oracle Identity Management Infrastructure

OracleAS Directory
Oracle Internet
Certificate Integration
Directory
Authority Services

Delegated
Provisioning OracleAS
Administration
Service SSO
Services

15-6 Copyright © 2004, Oracle. All rights reserved.
Oracle Application Server Components
and OID

OID enables Oracle Application Server components to:
• Maintain single-user identity
• Store and manage the configuration information

15-7 Copyright © 2004, Oracle. All rights reserved.
OID and Application Environment

ASP IM ABC IM XYZ IM
Realm Realm Realm

ABC Users XYZ Users

ASP
Users
App A App B App C
App App (Shared)
A B
Nonhosted Hosted

15-9 Copyright © 2004, Oracle. All rights reserved.
Default Schema and Directory
Information Tree (DIT)

• Oracle Universal Installer (OUI) installs the default
schema and DIT for the Oracle directory-enabled
products.
• OUI installs the following DIT components:
– Base schema elements
– Root Oracle Context
– Default Identity Management Realm
– Identity Management Realm-Specific Oracle Context
– Default password policy

15-10 Copyright © 2004, Oracle. All rights reserved.
Default Identity Management Realm

The default Identity Management Realm includes the
following:
• Sitewide information
• Discovery mechanism
Root DSE
Identity
Root Oracle Context
Management
Realm-Specific Products
Groups
DIT
Oracle Oracle Oracle
Component Component Component
1 2 3

Component Component Component
Entries Entries Entries

15-11 Copyright © 2004, Oracle. All rights reserved.
Identity Management Realm-Specific
Oracle Context

The Identity Management Realm-specific Oracle
context includes:
• Component information that is specific to an
Identity Management Realm
• Discovery mechanism
• Access policy
• Default password policy

15-12 Copyright © 2004, Oracle. All rights reserved.
Identity Management Realm-Specific
Common Entries

• Identity Management Realm-specific common
entries contain information for locating users and
groups.
• Some of the attributes of the common entries are
as following:
– User Search Base Users Groups
– User Nickname Attribute
– Group Search Base
– orclUserObjectClass
orclCommonUserSearchBase
orclCommonGroupSearchBase
orclCommonUserNickNameAttribute

15-13 Copyright © 2004, Oracle. All rights reserved.
Default Identity Management Realm
Configuration
Site Root

COM Root Context

XYZ

ABC

Users Groups Oracle Context

15-15 Copyright © 2004, Oracle. All rights reserved.
OracleAS Bootstrap Model

OID installation creates the following set of users to
facilitate OracleAS deployment bootstrap:
• OID super user (orcladmin)
• OID enterprise subscriber super user
(cn=orcladmin,cn=users,<Subscriber DN>)

15-16 Copyright © 2004, Oracle. All rights reserved.
OID Administration Delegation Flow
1 Root Oracle Context

1 Id.M Realm-Specific
Oracle Context
1
2
2

3
AS Components
4 OID super user

Id M Realm super user
5
Oracle context admin
Users and
6 AS admin
groups
User and group admin

15-17 Copyright © 2004, Oracle. All rights reserved.
Delegated Directory Administration

You can implement access control using OID at two
levels:
• Authorization of users
• Authorization of administrators

Access controls

15-18 Copyright © 2004, Oracle. All rights reserved.
OID Protection Domains

Following are the OID protection domains:
• Entire directory
• Default subscriber context administrative domain
• Default subscriber context-specific directory
information tree
• Subscriber-specific subtree
• Application-specific footprint in the directory
• User-specific information

15-19 Copyright © 2004, Oracle. All rights reserved.
Directory Roles

OID can have the following roles associated with it:
• OID global administrator
• Subscriber-specific or domain administrator
• Application-specific roles

15-20 Copyright © 2004, Oracle. All rights reserved.
Oracle Application Server Administration
Model

• OracleAS Administrator should be a member of
iASAdmins group in OID to configure various
Oracle Application Server components.
• The DN of the iASAdmins group is:
cn=iASAdmins,cn=Groups,<Oracle Context
DN>

15-21 Copyright © 2004, Oracle. All rights reserved.
User Administration

• All Oracle Application Server users are
represented as user objects in OID.
• The Oracle Application Server administrator can
delegate user management to other users by
adding them to:
– The User Create group to delegate user creation
– The User Edit group to delegate user edit
– The User Delete group to delegate user deletion
• All these groups are created under the groups
container of the Oracle Context.

15-22 Copyright © 2004, Oracle. All rights reserved.
Group Administration

• An Oracle Application Server administrator can
delegate group management to other users by
adding them to:
– Group Create group to delegate group creation
– Group Edit group to delegate group edit
– Group Delete group to delegate group deletion
• All these groups are created under groups node
of the Oracle Context.

15-23 Copyright © 2004, Oracle. All rights reserved.
Administrative Groups

• The Oracle Application Server components read
user and group information from the OID.
• OID enables this by granting privileges to various
administrative groups.
• The administrative groups are as follows:
– Authentication Services
– Users Security Administration
– User Proxy Privilege

15-24 Copyright © 2004, Oracle. All rights reserved.
Administer Users and Groups
in Oracle Application Server

The privileges that are associated with users and
groups administration are:
• Privileges to create a user
• Privileges to edit the properties of a user
• Privileges to delete a user
• Delegate the user administration to other users
• Privilege to create groups
• Privileges to edit the properties of a group
• Privileges to delete a group
• Delegate administration of groups to other users

15-25 Copyright © 2004, Oracle. All rights reserved.
Storage of User Credentials

The user authentication credentials stored in the OID
server are as following:
• Credentials for directory usage
• Credentials for authenticating a user to Oracle
components

15-26 Copyright © 2004, Oracle. All rights reserved.
Password Policies

• Password policies are a set of rules that govern
how the password is used.
• Each Identity Management Realm has its own
Password policy that is applicable for all users
under that Identity Management Realm.
• Password policies are enforced by the OID server
during ldapbind and ldapcompare.
• The OID server checks if the password that is
added or modified using ldapadd and
ldapmodify meets the password policy.

15-27 Copyright © 2004, Oracle. All rights reserved.
Managing Password Policies Using ODM

You can manage password policies using ODM:
• View password policy
• Modify password policy

15-29 Copyright © 2004, Oracle. All rights reserved.
Modifying Password Policies by Using
ODM

You can modify the password policies by performing
the following steps using ODM:
• In the navigation pane, expand Oracle Internet
Directory> directory_server_instance>
Password Policy Management.
• Select the password policy that you want to
modify.
• In the right pane, all the attributes of the password
policy are displayed in the fields.
• Change the editable attributes that you want to
modify.
• When you are finished, click Apply to save the
changes.
15-31 Copyright © 2004, Oracle. All rights reserved.
Managing Password Policies by Using
Command-Line Tools

You can manage the password policies by using the
command-line tools:
• You can view a password policy entry.
ldapsearch -p 4032 -h incq171b -b " "
-s sub "objectclass=pwdpolicy"
• You can modify a password policy entry.
ldapmodify -p 4032 -h incq171b -v
"cn=pwdpolicyentry,cn=common,cn=products,
o=oidc, dc=com"
changetype: modify
replace: pwdMaxAge
pwdMaxAge: 100000

15-32 Copyright © 2004, Oracle. All rights reserved.
Modifying the OID Administrator Password

15-33 Copyright © 2004, Oracle. All rights reserved.
Modifying the Administrator Password

15-34 Copyright © 2004, Oracle. All rights reserved.
Relationship Between OracleAS Portal and
OID

OracleAS Portal requires the following interaction with
OID:
• OracleAS Portal-specific entries stored in the
directory
• Group attributes stored in the directory
• User attributes stored in the directory
• Caching of user and group information from the
directory
• Populating user and group list of values from the
directory through the Delegated Administration
Services

15-35 Copyright © 2004, Oracle. All rights reserved.
OracleAS Portal Directory Entries in OID

DSE Root

dc=com cn=OracleContext

dc=xyz cn=Product

dc=abc orclApplicationCommonN
ame= portal.030703.1433

cn=Users cn=Groups cn=OracleContext

cn=PORTAL cn=portal.030703.1433

cn=PUBLIC cn=AUTHENTICATED_USERS
cn=PORTAL_ADMIN cn=DBA

15-36 Copyright © 2004, Oracle. All rights reserved.
Configuring OID Settings in OracleAS
Portal

15-38 Copyright © 2004, Oracle. All rights reserved.
Caching OID Information in OracleAS
Portal

15-39 Copyright © 2004, Oracle. All rights reserved.
Synchronizing Cached OID Information in
OracleAS Portal

Directory
Integration OracleAS
Platform Portal
Provisioning
Directory
Integration
Synchronization
service
Settings
OID

Portal
Provisioning Cached OID
Profile information
OPCA

15-40 Copyright © 2004, Oracle. All rights reserved.
Enabling Directory Synchronization in the
OracleAS Portal Instance

15-41 Copyright © 2004, Oracle. All rights reserved.
Summary

In this lesson, you should have learned how to:
• Describe Identity Management
• Explain the default Identity Realm
• Describe the OracleAS Administration Model
• Explain application-specific access control
• Manage users and groups
• Describe relationship between OracleAS Portal
and Oracle Internet Directory
• Identify OracleAS Portal entries in the directory
• Configure OID settings in OracleAS Portal

15-42 Copyright © 2004, Oracle. All rights reserved.
Managing Access Using Delegated
Administration Service

Copyright © 2004, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Explain the DAS architecture
• Describe how DAS works
• Start and stop DAS
• Access DAS home page
• OID Self Service Console
• Manage users entries using DAS
• Manage group entries using DAS
• Create Identity Management Realm
• Accessing DAS from OracleAS Portal

16-2 Copyright © 2004, Oracle. All rights reserved.
Delegated Administrative Service

• Delegated Administrative Service (DAS) is a set of
individual, predefined Web-based services called
Delegated Administrative Service units.
• DAS is used to perform directory operations on
behalf of the users.
• DAS includes a Web application called Self-
Service Console.
• You can use DAS to:
– Modify data that you are authorized to manage
– Manage subscriber-level information
– Manage site-level information

16-3 Copyright © 2004, Oracle. All rights reserved.
Benefits of DAS and OID Self-Service
Console

• Faster development and deployment of directory-
enabled applications
• Secure access to directory
• Easy to use for application users
• Ability for sites to delegate directory data
administration

16-5 Copyright © 2004, Oracle. All rights reserved.
Concept and Architecture of DAS

• DAS uses the OC4J on Oracle Web Server that is
enabled for small Java programs called servlets.
• Together, the OC4J and Oracle Web Servers:
– Receive requests from clients
– Process those requests
– Send the HTML page back to the client

16-6 Copyright © 2004, Oracle. All rights reserved.
How DAS Works

Oracle/OC4J
Web Server
1 with
7 mod_osso
3
module
Client 2
browser

OracleAS
Single-Sign
On
4
7

Oracle
5 Internet
6 Directory
DAS

16-7 Copyright © 2004, Oracle. All rights reserved.
DAS Proxy User

OID self service console

Oracle component 1 D
A Proxy
Oracle component 2 S login
OID
End user Third-party application

16-9 Copyright © 2004, Oracle. All rights reserved.
Starting and Stopping DAS

You can start and stop the DAS by using the following
commands:
• To start DAS:
– Oracle_Home/opmn/bin/opmnctl startall
• To stop DAS:
– Oracle_Home/opmn/bin/opmnctl stopall
You can also use the Oracle Enterprise Manager
Application Server Control to start or stop DAS.

16-10 Copyright © 2004, Oracle. All rights reserved.
Verifying that DAS Is Running

You can follow these steps to verify that DAS is
running:
1. Verify that Oracle HTTP server is running.
2. Verify that OC4J JVM is running.
3. Verify that the DAS Web site is running.

16-11 Copyright © 2004, Oracle. All rights reserved.
Configuring the Default Identity
Management Realm-Specific Context

1. Log on to DAS as the administrator.
2. Click the Configuration tab.
3. Enter values for required fields in the:
– Directory section
– Logo Management section
4. Click Submit to save your changes.

16-12 Copyright © 2004, Oracle. All rights reserved.
Configuring User Entries

1. Click User Entry in the Configuration tab.
2. Add an object class for user entries.
3. Add attributes to user entries.
4. Configure attributes of user entries.
5. Customize the way categories of attributes are
displayed to a user.
6. Select the attributes to be displayed when a
search is performed.
7. Enable role assignment in user management
interface.
8. Click Finish.

16-14 Copyright © 2004, Oracle. All rights reserved.
Managing Users, Groups, and Subscribers
Using DAS

You can use DAS to:
• Search for user and group entries
• Maintain user entries
– Create user entries
– Modify user entries
– Delete user entries
• Change passwords
• Create group entries
• Modify and delete group entries
• Assign privileges to users and groups

16-16 Copyright © 2004, Oracle. All rights reserved.
Searching for User and Group Entries
Using DAS

• To search for user entries:
– Click the Directory tab, then select Users.
– In the Search for User field, enter the first few
characters of the name of the user.
– Click Go to display the search results.
• To search for group entries:
– Click the Directory tab, then select Groups.
– In the Search Group Name text box, enter the first
few characters of the name of the group.
– Click Go to display the search results.

16-17 Copyright © 2004, Oracle. All rights reserved.
Maintaining User Entries Using DAS

• To create a user entry:
– In the Directory tab, select Users and click Create.
– Enter the user details and click Submit.
• To modify a user entry:
– In the Directory tab, search for the user whose entry
you want to modify.
– Click Edit to modify the user entry.
• To delete a user entry:
– In the Directory tab, search for the user whose entry
you want to delete.
– Click Delete to remove that user entry.

16-18 Copyright © 2004, Oracle. All rights reserved.
Changing Passwords

To change your own password using DAS:
• Log in to DAS.
• Click My Profile tab.
• Enter your old password.
• Enter and confirm the new password.
• Click OK.

16-19 Copyright © 2004, Oracle. All rights reserved.
Changing Passwords

To change the password of another user, perform the
following steps:
• Click the Directory tab.
• Perform a search for the user.
• Click Edit.
• In the Password Management section, enter and
confirm the new password.
• Click Submit.

16-20 Copyright © 2004, Oracle. All rights reserved.
Creating Group Entries by Using DAS

• Click the Directory tab, select Groups, and then
select Create. The Create Group window appears.
• Enter the name, friendly name, and description of
the group.
• In the User Members section, choose Add User
Member.
• Search for the users whom you want as members
of this group.
• In the Group Members section, choose Add Group
Member.
• Search for the group that you want to specify as
the member of the group you just created.

16-21 Copyright © 2004, Oracle. All rights reserved.
Modifying and Deleting Group Entries
Using DAS

• To modify group entries:
– Click the Directory tab
– Perform a search for the group
– Click Edit to modify the group
• To delete group entries:
– Click the Directory tab
– Perform a search for the group
– To delete the group, click Delete

16-23 Copyright © 2004, Oracle. All rights reserved.
Assigning Privileges to Users and Groups
Using DAS

• Users and groups can be granted the privilege to:
– Create and edit users and groups
– Assign privileges to other users and other groups
• You can also revoke privileges from users and
groups
• To assign privileges to a user:
– In the Directory tab, search for the user or group
– Select the user or group, then click Assign Privilege
to display a list of privileges
– Select the privileges that you want to assign to this
user or group
– Click submit, or to assign privileges to another user
or group, click Specify Other Users or Specify Other
Groups

16-24 Copyright © 2004, Oracle. All rights reserved.
Managing Services

• A service can be a single application or a bundle
of applications that performs a coherent set of
tasks.
• It is supplied by a service provider to either
individuals or groups, called service recipients.
• To access a service, a service recipient must be
subscribed to it. In the subscription process, an
administrator for either a identity management
realm or a service provider creates a subscription
list. This list specifies which service recipient
users can use the service and for how long.

16-25 Copyright © 2004, Oracle. All rights reserved.
Managing Accounts

As an OID administrator you can perform the following
tasks on user accounts:
• Unlock a user account.
• Enable or disable a user account.

16-26 Copyright © 2004, Oracle. All rights reserved.
Creating Identity Management Realm

16-27 Copyright © 2004, Oracle. All rights reserved.
Accessing DAS from OracleAS Portal

OracleAS Portal provides links to DAS in:
• The User portlet: To manage user information
stored in OID
• The Group portlet: To manage group information
stored in OID
• The Services portlet: To access the OID Self
Service Console

16-29 Copyright © 2004, Oracle. All rights reserved.
Granting Privileges to OracleAS Portal
Users by Using DAS Roles

DAS roles:
• Provide a convenient mechanism to grant a set of
privileges to OracleAS Portal users upon their
creation
• Are based on an existing group
• Can include OID- and OracleAS Portal-specific
privileges
• Can be created and managed by a portal
administrator

16-30 Copyright © 2004, Oracle. All rights reserved.
Disabling the Privilege Assignment
Section

1. Log in to the portal
product schema in
SQL*Plus.
2. Set the das_enable_pa
OID configuration entry
in the Portal repository
to no ('N').
3. Commit the change.
4. Invalidate the User
portlet cache in
OracleAS WebCache.

16-31 Copyright © 2004, Oracle. All rights reserved.
Summary

In this lesson, you should have learned how to:
• Explain the DAS architecture
• Describe how DAS works
• Explain DAS proxy user usage
• Start and stop DAS
• Access DAS home page
• OID Self Service Console
• Manage user entries using DAS
• Manage group entries using DAS
• Create Identity Management Realm
• Access DAS from OracleAS Portal

16-32 Copyright © 2004, Oracle. All rights reserved.
Administering the OracleAS
Single Sign-On Server

Copyright © 2004, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Discuss OracleAS Single Sign-On server
components
• Explain OracleAS Single Sign-On server
authentication flow
• Manage and configure OracleAS Single Sign-On
server
• Administer partner and external applications
• Monitor OracleAS Single Sign-On server
• Access OracleAS Single Sign-On server from
OracleAS Portal

17-2 Copyright © 2004, Oracle. All rights reserved.
OracleAS Single Sign-On Server: Overview

Single Sign-On server is a component of Oracle
Application Server that enables users to log in to
various components of Oracle Application Server
using a single username and password.

17-3 Copyright © 2004, Oracle. All rights reserved.
Single Sign-On Components

Single sign-on
server

Partner External
Single Sign-on
applications applications
components

Single sign-on
mod_osso
software
development kit

17-4 Copyright © 2004, Oracle. All rights reserved.
Authentication Flow for
OracleAS Single Sign-On

17-6 Copyright © 2004, Oracle. All rights reserved.
Starting and Stopping
OracleAS Single Sign-On Components

You can start and stop OracleAS Single Sign-On
using:
• Command-line tool
• Enterprise Manager Console

17-8 Copyright © 2004, Oracle. All rights reserved.
OracleAS Single Sign-On
Administrator’s Role

• As a Single Sign-On administrator, you have full
privileges for the OracleAS Single Sign-On server.
• You can perform the followings tasks as a Single
Sign-On administrator:
– Configure OracleAS Single Sign-On server settings
– Administer partner applications
– Administer external applications

17-10 Copyright © 2004, Oracle. All rights reserved.
OracleAS Single Sign-On
Administration Pages

You can access the OracleAS Single Sign-On
administrative pages at:
http://hostname.domain:7777/pls/orasso

17-12 Copyright © 2004, Oracle. All rights reserved.
Configuring the OracleAS
Single Sign-On Server
1
2

3

17-13 Copyright © 2004, Oracle. All rights reserved.
Partner Application: Overview

• The applications on Oracle Application Server that
delegate their authentication functionality to
OracleAS Single Sign-On server are known as
partner applications.
• When you log in to any of the partner application
through OracleAS Single Sign-On, you can access
all the partner applications registered with
OracleAS Single Sign-On.

17-14 Copyright © 2004, Oracle. All rights reserved.
Registering mod_osso

You can use the ossoreg.jar tool to register
mod_osso in cases when the application is not
registered.
$Oracle_Home/jdk/bin/java -jar $Oracle_Home/sso/lib/ossoreg.jar
-oracle_home_path orcl_home_path
-site_name site_name
-config_mod_osso TRUE
-mod_osso_url mod_osso_url
-u userid
[-virtualhost virtual_host_name]
[-update_mode CREATE | DELETE | MODIFY]
[-config_file config_file_path]
[-admin_info admin_info]
[-admin_id adminid]

17-15 Copyright © 2004, Oracle. All rights reserved.
Creating and Editing a Partner Application

You can add and edit partner applications from
OracleAS Single Sign-On Administration pages.

1 2

17-17 Copyright © 2004, Oracle. All rights reserved.
Creating and Editing a Partner Application
1

2

3

17-18 Copyright © 2004, Oracle. All rights reserved.
Administering External Applications

• You can add and configure external applications
to OracleAS Single Sign-On server.
• Use the OracleAS Single Sign-On Administration
pages to perform the following tasks:
– Add an External application
– Edit an External application
– Store External application credentials in OracleAS
Single Sign-On database.

17-20 Copyright © 2004, Oracle. All rights reserved.
Adding an External Application
2
1

3 4

17-21 Copyright © 2004, Oracle. All rights reserved.
Accessing External Application and
Storing Its Credentials

You can access the External application created from
Administer External Applications page.

17-23 Copyright © 2004, Oracle. All rights reserved.
Monitoring
OracleAS Single Sign-On Server

You can monitor OracleAS Single Sign-On server from
the OracleAS Enterprise Manager Console.

17-24 Copyright © 2004, Oracle. All rights reserved.
Accessing SSO Server from OracleAS
Portal

2 1

3

17-26 Copyright © 2004, Oracle. All rights reserved.
Accessing External Applications from
OracleAS Portal

1. Add the External Applications portlet to a portal
page.
2. Customize the External Applications portlet.

17-27 Copyright © 2004, Oracle. All rights reserved.
Summary

In this lesson, you should have learned to:
• Discuss OracleAS Single Sign-On server
components
• Explain OracleAS Single Sign-On server
authentication flow
• Manage and configure OracleAS Single Sign-On
server
• Administer Partner and External applications
• Monitor OracleAS Single Sign-On server
• Access OracleAS Single Sign-On server from
OracleAS Portal

17-28 Copyright © 2004, Oracle. All rights reserved.
Securing OracleAS Components
Using SSL

Copyright © 2004, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Explain Oracle Wallet Manager functionality
• Manage wallets
• Upload and download wallets
• Manage user certificates
• Manage trusted certificates
• Discuss SSL and digital certificates
• Enable Oracle HTTP Server, SSO, Web Cache, and
Portal to Use SSL

18-2 Copyright © 2004, Oracle. All rights reserved.
What Is SSL?

• Secure sockets layer (SSL) is an industry-standard
protocol for securing network connections.
• SSL involves three mechanisms:
– Encryption
– Authentication
– Data Integrity

18-3 Copyright © 2004, Oracle. All rights reserved.
Digital Certificates: Overview

Digital certificates:
• Prove your identity or your right to access
information or services online electronically
• Are based on the concept of public key
cryptography
• Support two types of encryptions:
– Public key
– Symmetric key

18-4 Copyright © 2004, Oracle. All rights reserved.
Using Digital Signatures

Using a digital signature involves the following steps:
• A message digest is generated by passing a
message text through an algorithm.
• Message digest is then encrypted to create a
digital signature.
• The recipient of the message decrypts it.
• The sender’s public key and private keys are used
to confirm the originality of the message.

18-6 Copyright © 2004, Oracle. All rights reserved.
How SSL Works?

18-7 Copyright © 2004, Oracle. All rights reserved.
What Is Oracle Wallet Manager?

• Oracle Wallet Manager is a stand-alone Java
application that wallet owners use to manage and
edit security credentials in their Oracle wallets.
• As a security administrator, you can use Oracle
Wallet Manager to manage public-key security
credentials on Oracle Application Server.

18-9 Copyright © 2004, Oracle. All rights reserved.
Oracle Wallet Manager Functions

• Generating a public/private key pair
• Creating a certificate request
• Installing a certificate for the entity
• Configuring trusted certificates for the entity
• Creating a wallet that can be accessed by Oracle
Wallet Manager
• Uploading a wallet to an LDAP directory such as
OID
• Downloading a wallet from an LDAP directory
such as OID
• Importing and exporting wallets

18-10 Copyright © 2004, Oracle. All rights reserved.
Managing Wallets

The wallet management tasks include:
• Creating a new wallet
• Deleting a wallet
• Saving a wallet
• Opening an existing wallet
• Closing a wallet
• Changing the wallet password
• Managing the Auto Login feature

18-11 Copyright © 2004, Oracle. All rights reserved.
Creating a New Wallet

• You can create a new empty wallet using the
Oracle Wallet Manager tool.
• The password you provide for the new wallet
must:
– Have at least 8 characters
– Contain alphabetic characters
– Contain numbers or special characters

18-12 Copyright © 2004, Oracle. All rights reserved.
Saving a Wallet

18-13 Copyright © 2004, Oracle. All rights reserved.
Deleting a Wallet

• You can delete a wallet using the Oracle Wallet
Manager tool.
• You must enter the wallet password before
deleting it.
• Deleting a wallet that is currently in use does not
immediately affect system operations.

18-14 Copyright © 2004, Oracle. All rights reserved.
Changing the Wallet Password

A change made to the password of a wallet is effective
immediately.

18-15 Copyright © 2004, Oracle. All rights reserved.
Using the Auto Login Feature

Creates a concealed copy of the wallet and enables
PKI-based access to services without a password

18-16 Copyright © 2004, Oracle. All rights reserved.
Exporting a Wallet

You can export a wallet to text-based PKI formats.

18-17 Copyright © 2004, Oracle. All rights reserved.
Uploading Wallets

• To upload a wallet to an LDAP directory, Oracle
Wallet Manager uses:
– SSL, if the specified wallet contains an SSL
certificate
– The directory password
• Oracle Wallet Manager does not permit executing
the upload option unless the target wallet is
currently open and has at least one user
certificate.

18-18 Copyright © 2004, Oracle. All rights reserved.
Downloading Wallets

• When a wallet is downloaded from an LDAP
directory, it is resident in working memory.
• A downloaded wallet needs to be explicitly saved
using any of the available save options:
– Save: Saves changes to the current open wallet
– Save As: Saves open wallets to a new location
– Save in System Default: Saves wallets in the default
directory location

18-20 Copyright © 2004, Oracle. All rights reserved.
Managing User Certificates

• Oracle Wallet Manager uses two kinds of
certificates:
– User certificates
– Trusted certificates
• You must install a trusted certificate from the CA
before you can install a user certificate issued by
that CA.

18-21 Copyright © 2004, Oracle. All rights reserved.
Adding a Certificate Request

• You must first create a certificate request to obtain
a user certificate.
• You can add multiple certificate requests to a
wallet.

18-22 Copyright © 2004, Oracle. All rights reserved.
Exporting a User Certificate Request

18-23 Copyright © 2004, Oracle. All rights reserved.
Importing the User Certificate into the
Wallet

1
2

18-24 Copyright © 2004, Oracle. All rights reserved.
Exporting a User Certificate

18-25 Copyright © 2004, Oracle. All rights reserved.
Managing Trusted Certificates

Managing trusted certificates includes the following
tasks:
• Importing a trusted certificate
• Removing a trusted certificate
• Exporting a trusted certificate
• Exporting all trusted certificates
• Exporting a wallet

18-26 Copyright © 2004, Oracle. All rights reserved.
Importing a Trusted Certificate

1

2

18-27 Copyright © 2004, Oracle. All rights reserved.
Exporting a Trusted Certificate

18-28 Copyright © 2004, Oracle. All rights reserved.
Enable Oracle HTTP Server to Use SSL

• One common use of SSL is to secure HTTP
communication between a browser and a Web
server.
• mod_ossl is the Oracle's Secure Sockets Layer
(SSL) implementation.
• mod_ossl supports SSL v. 3.0.

18-29 Copyright © 2004, Oracle. All rights reserved.
Configuring Oracle HTTP Server for SSL
Certificates

• You can configure Oracle HTTP server for SSL by
configuring the http.conf file.
• The httpd.conf file is located at
ORACLE_HOME/Apache/Apache/conf/httpd.conf.
• Enable SSL by adding parameter to the SSL
Virtual Host Context in the httpd.conf file.

18-30 Copyright © 2004, Oracle. All rights reserved.
Classification of mod_ossl Directives

Directives are classified according to the context in
which they can be used:
• Global
• Per-server
• Per-directory

18-32 Copyright © 2004, Oracle. All rights reserved.
mod_ossl Directives

Various mod_ossl directives are as follows:
• SSLWallet • SSLProtocol
• SSLMutex • SSLCipherSuite
• SSLCacheSession • SSLVerifyClient
• SSLWalletPassword • SSLLog
• SSLPassPhraseDialog • SSLLogLevel
• SSLCARevocationPath • SSLOptions
• SSLCARevocationFile • SSLRequireSSL
• SSLSessionCacheTimeOut • SSLRequire

18-33 Copyright © 2004, Oracle. All rights reserved.
Configure OracleAS SSO for Certificates

• To enable the Single Sign-On server for SSL, first
and foremost, all references to HTTP in SSO URLs
must be changed to HTTPS.
• Run the ssocfg.sh script to perform this
conversion.
• ssocfg.sh protocol new_host new_port
[sso_schema_name]

18-36 Copyright © 2004, Oracle. All rights reserved.
Adding User Certificates to OID

• To enable successful certificate-based
authentication, user certificates must be stored in
the OID server.
• You can add the user certificate to the OID server
by loading an ldif file.
• Use the ldapmodify command to load the file.

18-37 Copyright © 2004, Oracle. All rights reserved.
Configuring OracleAS Web Cache to
Use SSL

To configure HTTPS support for OracleAS Web Cache,
perform these tasks:
1. Create Wallets
2. Configure HTTPS Ports and Wallet Location
3. Require Client-Side Certificates (Optional)
4 Permit Only HTTPS Requests for a URL or Set of
URLs (Optional)

18-39 Copyright © 2004, Oracle. All rights reserved.
Securing OracleAS Portal

Each OracleAS component that communicates with
OracleAS Portal must support HTTPS.

OracleAS
Web Cache
mod_
OracleAS
Oracle plsql
Portal
HTTP
Server PPE

DAS
OID
SSO

18-40 Copyright © 2004, Oracle. All rights reserved.
Securing the Parallel Page Engine

Specify HTTPS ports in the web.xml file associated
with the OC4J_Portal instance on the middle tier:

<servlet>
<servlet-name>page</servlet-name>
. . .
<init-param>
<param-name>httpsports</param-name>
<param-value>4443</param-value>
</init-param>
</servlet>

18-41 Copyright © 2004, Oracle. All rights reserved.
Associating the OracleAS Portal with
OracleAS SSO in SSL Mode
Infrastructure Middle-Tier

Oracle Oracle
HTTP 4443 4444 HTTP
Server HTTPS Server

SSO Server OracleAS
Portal
Registration
ptlasst.csh -ssl Enabler
information
-mode MIDTIER configuration
Application Id -type SSO -sso_p 4443 table
Home URL -port 4444 … Application Id
Success URL Listener token
Logout URL SSO server login URL
... ...

18-42 Copyright © 2004, Oracle. All rights reserved.
Associating the OracleAS Portal with
OracleAS SSO Using OPCA

Run the OPCA in the SSO type of the MIDTIER mode:

ptlasst.csh -mode MIDTIER -type SSO -i custom -ssl
Portal DB -c infra.mycompany.com:1521:orcl
parameters -s portal -sp fs61qat9

Middle tier -host midtier.mycompany.com -port 4444
parameters -sdad portal -odad orasso
-sso_h infra.mycompany.com -sso_p 4443
-sso_c infra.mycompany.com:1521:orcl
SSO server -o orasso -op rznrg78s
parameters -pa orasso_pa -pap kakreaj5
-ps orasso_ps -pp jcf0rkj3

18-43 Copyright © 2004, Oracle. All rights reserved.
Securing Calls to DAS from OracleAS
Portal

1. Log in to the OID and update the base URL to the
Delegated Administration Services in OID:
cn=OracleContext, cn=Products, cn=DAS,
cn=OperationURLs,
orcldasurlbase=
https://infra.mycompany.com:4443/oiddas/
2. Log in to the portal as administrator and refresh
portal cache for OID parameters:
Services portlet > General Settings > SSO/OID tab
3. Invalidate the content of the Web Cache
4. Test the DAS by accessing it from the User and
Group portlets

18-45 Copyright © 2004, Oracle. All rights reserved.
Summary

In this lesson, you should have learned how to:
• Explain Oracle Wallet Manager functionality
• Manage wallets
• Upload and download Wallets
• Manage User Certificates
• Manage Trusted Certificates
• Discuss SSL and Digital Certificates
• Enable Oracle HTTP Server, SSO, Web Cache, and
Portal to Use SSL

18-46 Copyright © 2004, Oracle. All rights reserved.
Managing and Configuring OracleAS
Certificate Authority

Copyright © 2004, Oracle. All rights reserved.
Objectives

After completing this lesson, you should be able to do
the following:
• Explain Public Key Infrastructure
• Discuss Oracle Public Key Infrastructure
• Describe OracleAS Certificate Authority
• Explain OracleAS Certificate Authority
architecture
• Access OCA Administration Pages
• Access OCA User Pages

19-2 Copyright © 2004, Oracle. All rights reserved.
Public Key Infrastructure

You can use public-key certificates for the following:
• Enabling secure and reliable authentication of
users
• Ensuring the integrity of transmitted data
• Preventing unauthorized access to information
when transmitted or stored
• Precluding repudiation of electronic transactions

19-3 Copyright © 2004, Oracle. All rights reserved.
Traditional Certificate Provisioning

Certificate
vendor

Request for a certificate 1

3
Receives the certificate
Imports
Validates
4 certificate 2
certificate request
to browser

Certificate
administrator

19-5 Copyright © 2004, Oracle. All rights reserved.
Oracle PKI Management Tools

Oracle PKI suite includes management tools such as:
• Oracle Wallet Manager
• Oracle Internet Directory
• Oracle Enterprise Login Assistant
• Oracle Enterprise Security Manager
• OracleAS Certificate Authority

19-6 Copyright © 2004, Oracle. All rights reserved.
OracleAS Certificate Authority

OracleAS Certificate Authority provides:
• A ready-to-use PKI solution
• Easy provisioning of X.509 version 3 digital
certificates
• Seamless integration with OracleAS Single Sign-
On server

19-8 Copyright © 2004, Oracle. All rights reserved.
OracleAS Certificate Authority:
Key Features

• Involves three methods of authentication:
– OracleAS Single Sign-On server authentication
– Secure sockets layer (SSL) using existing
certificates issued by the CA
– Traditional administrative review/approval
• Flexible policy support
• Web-based certificate and configuration
management
• Hierarchical CA support
• XML-based configuration

19-9 Copyright © 2004, Oracle. All rights reserved.
OCA Single Sign-On Authentication

OCA
Server

Request for a certificate 1
using SSO authentication
3
Receives the certificate
immediately Verifies with
Imports
4 certificate SSO and OID 2
to browser servers

19-11 Copyright © 2004, Oracle. All rights reserved.
OracleAS Certificate Provisioning

OracleAS
Single Sign-On
Server

Client browser

OracleAS
Certificate Authority

OracleAS Oracle Oracle
Oracle
Database Internet
Wallet Manager
Directory

19-12 Copyright © 2004, Oracle. All rights reserved.
OCA Architecture

OracleAS
Single Sign-On
Server

Client Browser

OracleAS
Certificate Authority

OracleAS Oracle
Oracle Oracle
Database
Wallet Manager Internet
Directory

19-13 Copyright © 2004, Oracle. All rights reserved.
OCA Functional Structure

Oracle Certificate Authority
Stores certificate
Registration Certificate related information
Authority Authority
Metadata
Policy repository

Validation
Publishes
Authorization certificates

OID
Connects using
mod_osso

SSO server

19-14 Copyright © 2004, Oracle. All rights reserved.
OCA Configuration Elements

• The OCA configuration file is located at:
$ORACLE_HOME/oca/conf/ocm.xml
• OCA relies on:
– OCA wallets to store various PKI credentials
– A password store to hold various required
passwords

19-16 Copyright © 2004, Oracle. All rights reserved.
Starting and Stopping OCA

• Before you start using the ocactl
– You must set the environment variables:
ORACLE_SID and ORACLE_HOME
– You should include ORACLE_HOME/bin in the PATH
• These operations can be performed only by using
the ocactl command-line tool.
– To start OCA, use the command:
$ORACLE_HOME/oca/bin/ocactl start
– To stop OCA, use the command:
$ORACLE_HOME/oca/bin/ocactl stop
– To obtain the status of OCA, use the command:
$ORACLE_HOME/oca/bin/ocactl status

19-18 Copyright © 2004, Oracle. All rights reserved.
Accessing the OCA Home Page

Use the following URL to access the OCA home page:
https://<your_server>:<ssl_port>/oca/admin

19-19 Copyright © 2004, Oracle. All rights reserved.
Details Required to Obtain a Certificate

Common name Name that you want on the certificate
E-mail address E-mail address of the OCA administrator
Organization unit Name of the organization unit or division
to which the OCA administrator belongs
Organization Name of the company or organization to
which the administrator belongs
Location City location of the administrator
State/Province State or province of the administrator
Country Two-letter code for the country
Password Password specified for the administrator

19-20 Copyright © 2004, Oracle. All rights reserved.
Requesting the Web Administrator
Certificate

19-21 Copyright © 2004, Oracle. All rights reserved.
OCA Administration Home Page

19-22 Copyright © 2004, Oracle. All rights reserved.
Certificate Management Tab

Using the Certificate Management tab, you can:
• Search the master certificate list by name or
number
• Examine the details of a specific certificate
• Approve or reject any individual certificate request
• Revoke certificates

19-23 Copyright © 2004, Oracle. All rights reserved.
Listing a Single Certificate Request or
Issued Certificate

19-24 Copyright © 2004, Oracle. All rights reserved.
Viewing Certificate Details

19-25 Copyright © 2004, Oracle. All rights reserved.
Approving Certificate Requests

19-26 Copyright © 2004, Oracle. All rights reserved.
Rejecting Certificate Requests

19-27 Copyright © 2004, Oracle. All rights reserved.
Revoking Certificates

19-28 Copyright © 2004, Oracle. All rights reserved.
Renewing Certificates

19-29 Copyright © 2004, Oracle. All rights reserved.
Updating the Certificate Revocation List
(CRL)

19-30 Copyright © 2004, Oracle. All rights reserved.
Accessing the End-User Interface

Enter the following URL:
https://<your_server>:<ssl_port>/oca/user

19-32 Copyright © 2004, Oracle. All rights reserved.
User Certificates

19-33 Copyright © 2004, Oracle. All rights reserved.
Single Sign-On Authentication

19-34 Copyright © 2004, Oracle. All rights reserved.
Summary

In this lesson, you should have learned how to:
• Explain Public Key Infrastructure
• Discuss Oracle Public Key Infrastructure
• Describe OracleAS Certificate Authority
• Explain OracleAS Certificate Authority
Architecture
• Access OCA Administration Pages
• Access OCA User Pages

19-35 Copyright © 2004, Oracle. All rights reserved.
Introduction to Linux

Copyright © 2004, Oracle. All rights reserved.
Topics

• What is Linux?
• What is Oracle’s strategy on Linux?
• File system and basic directory structure
• Shell commands:
– Environment-based commands
– Information-based commands
– File system commands
– Common vi editing commands
– Common ftp communication commands
– Archive utilities
• Shortcuts and tips

D-2 Copyright © 2004, Oracle. All rights reserved.
What Is Linux?

• A UNIX-based operating system, created by Linus
Torvalds at the University of Helsinki in Finland
• Developed under the GNU General Public License,
allowing source code to be freely available
• Each distribution was developed for a particular
purpose
• LUX, the penguin, is the official Linux mascot

D-3 Copyright © 2004, Oracle. All rights reserved.
What Is Oracle’s Strategy on Linux?
The following distributions are certified and supported
by Oracle:
• Red Hat Enterprise Linux AS and ES
• UnitedLinux, which includes the following
products from Conectiva, SCO, SuSE, and
TurboLinux:
– Conectiva Linux Enterprise Edition powered by
UnitedLinux
– SCO Linux Server 4.0 powered by UnitedLinux
– SuSE Linux Enterprise Server 8 (SLES 8) powered
by UnitedLinux
– TurboLinux Enterprise Server 8 powered by
UnitedLinux

D-4 Copyright © 2004, Oracle. All rights reserved.
File System and Basic Directory Structure

In Linux, there are directories, subdirectories, and
files, but everything is really just a file.

D-5 Copyright © 2004, Oracle. All rights reserved.
Shell Commands

• Environment-based commands
• Information-based commands
• File system commands
• Common vi editing commands
• Common ftp communication commands
• Archive utilities

D-7 Copyright © 2004, Oracle. All rights reserved.
Environment-Based Commands

• date • ifconfig
• df • kill
• du • login
• echo • logout
• env • ps
• exit • su
• export • top
• free • uname

D-8 Copyright © 2004, Oracle. All rights reserved.
Information-Based Commands

• > • grep
• >> • info
• | • less
• cat • ls
• diff • man
• file • more
• find • pwd

D-10 Copyright © 2004, Oracle. All rights reserved.
File System Commands

• cd • mkdir
• chmod • mv
• chown • rm
• cp • rmdir

D-12 Copyright © 2004, Oracle. All rights reserved.
Common vi Editing Commands

vi is a full-screen text editor with two modes:
• Input mode – text is entered in the document by
inserting or appending text
• Command mode – you can move within the
document and merge, search, and cut lines

D-14 Copyright © 2004, Oracle. All rights reserved.
Common ftp Communication Commands

Command Description

ftp hostname.com To connect to hostname.com

type binary To set the type for binary files

type ascii To set the type for ascii files

get filename To get a file from the ftp site

put filename To put a file onto the ftp site

mget *jar To get all jar files from the ftp site

mput *war To put all war files onto the ftp site

prompt To shut off/turn on prompting

D-16 Copyright © 2004, Oracle. All rights reserved.
Archive Utilities

The following archive utilities are available for Linux:
• tar
• gzip and gunzip
• bzip2 and bunzip2
• zip and unzip

D-18 Copyright © 2004, Oracle. All rights reserved.
Shortcuts and Tips

• Case sensitivity
• The clear utility
• Shift+Page Up/Page Down
• Tab
• Color coding
• The touch utility
• Web sites

D-21 Copyright © 2004, Oracle. All rights reserved.
The End

D-22 Copyright © 2004, Oracle. All rights reserved.
Introduction to OracleAS Portal

Copyright © Oracle, 2004. All rights reserved.
What Is OracleAS Portal?

OracleAS Portal:
• Is a component of Oracle Application Server
• Can be accessed from a Web browser
• Offers organized and personalized views of Web
content through portal pages
• Provides a secure and manageable framework for
accessing distributed software services and
information resources
• Supports data-driven portlets and content
publishing
• Provides deployment architecture

E-2 Copyright © Oracle, 2004. All rights reserved.
What Is a Portal Page?

My Portal Page
• A portal page is an
interface that brings
information sources
together in one place
and, therefore, serve
as a starting point for
Web applications.
• The layout of portal
pages is defined
through regions.
• The regions contain
portlets or items.

E-3 Copyright © Oracle, 2004. All rights reserved.
Accessing Portal Pages

Public users: Authenticated users:
• No login required • Login required
• Common view • Personalized views

Partner A

Corporate
portal
OracleAS
Portal
Supplier A

E-4 Copyright © Oracle, 2004. All rights reserved.
What Is a Portlet?
Items in an item region

Multiple portlets in a portlet region

E-5 Copyright © Oracle, 2004. All rights reserved.
Anatomy of a Portlet
Title Header Personalization Help, About
Minimize,
Hide

Text

Image

Border

E-6 Copyright © Oracle, 2004. All rights reserved.
What Is a Portlet Provider?

• A portlet provider is an entity that:
– Provides a communication link between OracleAS
Portal and portlets
– Is registered in OracleAS Portal
• OracleAS Portal offers built-in providers and tools
to create providers and portlets.
Portlet

Provider Portlet
OracleAS Portlet
Portal Portlet
Provider Portlet

Portlet

E-7 Copyright © Oracle, 2004. All rights reserved.
Requesting a Portal Page
OracleAS
Portal
Web cache instance
Page mod_ Retrieve
request Oracle plsql metadata Portal
HTTP repository
Server
Database
Call provider
Page providers
response PPE

Retrieve
cached data

Web provider
Portal cache

E-9 Copyright © Oracle, 2004. All rights reserved.
Built-in Portal Pages

• Portal Builder page
– Welcome tab: Home for public user
– Build tab: Tools and services for authenticated
users
– Administer tab: Tools and services for portal
administrators
• Sign-in page: Authentication
• Portal Navigator page
– Page Groups tab
– Providers tab
– Database Objects tab

E-10 Copyright © Oracle, 2004. All rights reserved.
OracleAS Portal Builder Page
Shortcut bar

Builder Tabs

E-11 Copyright © Oracle, 2004. All rights reserved.
OracleAS Portal Navigator

Object Groups

Object Search

Object Path

E-12 Copyright © Oracle, 2004. All rights reserved.
Page Group and Portal Page Modes

Page group View mode

Root page Graphical mode

Subpages
Layout mode

List mode

E-13 Copyright © Oracle, 2004. All rights reserved.
Getting Help About OracleAS Portal

• Built-in Help system
– Tutorials
– Glossary
– Task-oriented help
– Tips and troubleshooting
– Help categories and perspectives
• Context-sensitive Help
• OracleAS Portal Center on OTN
– Portal Studio
– Portlet Catalog
– OTN discussion forums

E-14 Copyright © Oracle, 2004. All rights reserved.