Skip Headers

Oracle9iAS Containers for J2EE Quick Reference Card
Release 2 (9.0.2)

Part Number A95877-01
Go To Documentation Library
Home
Go To Product List
Solution Area

Starting and Stopping OC4J

See Also: OC4J User's Guide, "Starting and Stopping OC4J" and "Options for the OC4J Server JAR"

Starting OC4J

$J2EE_HOME is set to $ORACLE_HOME/j2ee/home.

Execute the following command:

java -jar $j2EE_HOME/oc4j.jar <options> 
Options for this command are not necessary to start OC4J. Use options if you want to exercise more control in starting OC4J.

Stopping OC4J

Execute the following command:

java -jar $j2EE_HOME/admin.jar
  ormi://localhost/ <admin> 
  <admin-password> -shutdown

Deploying a Web Application

See Also: OC4J User's Guide, "Quick Start for JSPs and Servlets" and "Deploying Applications"

Deploy a Web application in one of the following ways:

- Place JSP pages anywhere in the j2ee/home/default-web-app directory.

- Place servlet classes in the j2ee/home/default-web-app/WEB-INF/classes subdirectory--in a directory corresponding to their Java package.

Publishing a Web Module

See Also: OC4J User's Guide, "Binding the Web Application" and "Options for the OC4J Server JAR"

Execute the following command to make your J2EE Web application accessible from the OC4J Web server:

java -jar admin.jar ormi://<oc4j_host>:
  <oc4j_ormi_port> admin <adminusername>
    admin <adminpassword> 
  -bindWebApp <app_deploy_name> 
    <web_app_name> <web_site_name>
      <context_root>

Undeploying a Web Application

See Also: OC4J User's Guide, "Undeploying Web Applications"

Execute the following command:

java -jar admin.jar ormi://<oc4j_host>:
  <oc4j_ormi_port> admin <adminpassword> 
  -undeploy <applicationName> -keepFiles 

Setting Up an Emulated Data Source

See Also: OC4J User's Guide, "Definition of Data Sources"

A data source is a Java object that implements the javax.sql.DataSource interface. A data source object is a factory for JDBC connections.

An emulated data source (the pre-installed default) wraps around an Oracle data source. An emulated data source is used primarily by applications that access a single database. A non-emulated datasource is a pure Oracle data source used by applications.

- Declare an emulated data source in the data-sources.xml file as follows, replacing <oc4j_host>, <TTC port>, and <DB ID> with the correct values:

<data-source 
  class =
   "com.evermind.sql.DriverManagerDataSource"
  name = "jdbc/DMDSName"
  location = "jdbc/DMDSLocation"
  xa-location = "jdbc/DMXADS"
  ejb-location = "jdbc/emulatedDS"
  username = "scott"
  password = "tiger"
  url =
    "jdbc:oracle:thin:@<oc4j_host>:
      <TTC port>:<DB ID>"
  connection-driver =
    "oracle.jdbc.driver.OracleDriver"
/>

Using Security

See Also: OC4J User's Guide, "Security" Chapter

OC4J security includes authorization, authentication, and confidentiality. The first two of these features are specified in a user repository while confidentiality is handled by the Oracle HTTP Server.

By default, OC4J uses the XMLUserManager class and its user repository, principals.xml. Because this simple, file-based user repository is not secure, you can specify a user manager with a more secure user repository, such as the JAZNUserManager class. The primary purpose of this class is to leverage the JAAS provider as the security infrastructure for OC4J.

Setting Up Authorization Using principals.xml

  1. Specify users and groups, as the following XML shows:

    <principals>
      <groups>
        <group name="allusers">
          <description>Group for all normal
            users</description>
          <permission name="rmi:login"/>
          <permission name=
            "com.evermind.server.rmi.RMIPermission"
    
            /> 
        </group> 
        ....other groups... 
      </groups> <users> <user username="guest"
        password="welcome"> 
        <description>Guest user</description> 
        <group-membership group="allusers" /> 
        </user> 
      </users> 
    </principals> 
    
  2. Specify logical roles in a J2EE application.

    1. Specify the logical roles that your application uses in the XML deployment descriptors.

      Depending on the application type, update one of the following with the logical roles:

      - web.xml for a WAR file

      - ejb-jar.xml for an EJB JAR file

      - application.xml for an EAR file

      In each of these deployment descriptors, an XML element known as <security-role> defines the role.

    2. In the ejb-jar.xml file, define the bean and method that the role can access, as the following XML illustrates:

      <method-permission>
        <description>VISITOR role needed for
          CustomerBean methods</description> 
        <role-name>VISITOR</role-name> 
        <method> 
          <ejb-name>customerbean</ejb-name> 
          <method-name>*</method-name> 
        </method> 
      </method-permission>
      
    3. In the web.xml file, specify the security constraints for a servlet.

      <security-constraint>
        <web-resource-collection>
          <web-resource-name>SalesInfo
            </web-resource-name>
          <url-pattern>/salesinfo/*
            </url-pattern>
          <http-method>GET</http-method>
          <http-method>POST</http-methods>
          <auth-constraint>
            <role-name>VISITOR</role-name>
          </auth-constraint>
        </web-resource-collection>
      </security-constraint>
      
  3. Map logical roles defined in the application deployment descriptors to actual users and groups defined in the principals.xml file.

    Specify this mapping in the container-specific deployment descriptor (orion-web.xml, orion-application.xml) with a <security-role-mapping> element, as in the following XML:

    <security-role-mapping name="VISITOR"> 
      <group name="allusers" /> 
    </security-role-mapping> 
    

    The XML maps the logical role VISITOR to the allusers group in the orion-ejb-jar.xml file.

Authentication for HTTP Clients

Most clients to your application are Web browsers, which access the container through the Oracle HTTP Server and mod_osso. OC4J requests the client to authenticate itself when accessing protected URLs.

Authentication for EJB Clients

When you access EJBs in OC4J, you must pass valid credentials to this server.


Oracle
Copyright © 2002 Oracle Corporation.

All Rights Reserved.
Go To Documentation Library
Home
Go To Product List
Solution Area