3
JNDI and the Session Shell

This chapter contains tool definitions and examples. The topics we cover are the following:

• About JNDI

• JNDI Permissions

• Invoking the Session Shell

• Overview of OSE Session Shell Commands

A full JNDI server, inside Oracle8i, is accessible with JNDI session shell commands from inside and outside of Oracle8i. You can interactively manipulate the contents of the namespace with the session shell.

About JNDI

JNDI stores information and contents of the different Java servers-- OSE, CORBA and EJB-- running in Oracle8i.

The namespace is hierarchical with two types of entries, directories and objects.

Directories contain other directories or objects. Paths to JNDI entries are indicated with the regular UNIX notation /dir/dir/dir/leaf.

Objects are used to store Java References. A reference is an instance of the javax.naming.Reference class. The JNDI server gets the Reference components (Class name, Class factory name and parameters) and uses this information to instantiate the Java object. The session shell provides commands to store new references in the JNDI namespace and to manipulate their parameters.Additionally, the session shell provides a set of commands to navigate the namespace, remove entries, and change their permissions.

See figures in Chapter 1, "Introduction", for depictions of the JNDI structure.

JNDI Permissions

All contents in the JNDI server are secure. You must have the correct access rights to view and modify contents when accessing the JNDI server as a user. Similar to the UNIX file system, JNDI supports three type of access rights: read, write, and execute. Access can be granted to databases users (schema) or database roles. This can be done with one of the shells or programmatically. Setting read, write, or execute JNDI permissions is similar to setting file and directory permissions with UNIX.

The JNDI server also uses the ownership concept, where each entry is owned by a database schema. This is similar to the UNIX file system.

Invoking the Session Shell

All commands execute on the server by remote access and must specify the communication transport in use to contact the server. The following communication options are available: JDBC, HTTP and IIOP (SESS_IIOP).

To access the session shell commands on a client/server, type:

sess_sh -s transportURL -u[ser] username[/passwd] [-p[assword] passwd] [otherargs... ] 

-s service transportURL: specifies the transport to use for communicating with the server, in the form of a URL descriptor.

The following URLs are supported:
jdbc:oracle:type:spec	A JDBC URL that specifies how to connect to the database using JDBC.
http://host:port	An HTTP URL indicating the host and port to use to connect to the administrative webserver pre-installed in the database.
sess_iiop://host:port[:sid]	A SESS_IIOP URL indicating the host, port and SID for the GIOP listener on the server.

-u username: The login name for the database session.

-p passwd: The password during login.

-command "cmd...": A command to execute on the server

See the Oracle Java Tools Reference for complete details regarding the shell tool and environment.

Directory Navigation and Management

The session shell supports the standard UNIX commands for navigation and managing directories, such as cd, pwd, ls, mkdir, and rm.

Permissions and Ownership

Each JNDI entry has permissions set. The JNDI server supports three types of permissions: READ, WRITE and EXECUTE. Permissions can be granted to or removed from databases users or groups with the shell chmod command.

Overview of OSE Session Shell Commands

The session shell provides a set of specialized commands to manage the Web server and publish servlets. See Oracle Java Tools Reference for syntax requirements. The uses of each command, for manipulating the OSE JNDI namespace, are briefly described here.

Service Configuration

This set of commands creates new services.

createservice --Manipulates parameters required by the ServicePresentation code, without defining the endpoints (TCP ports) for service.

addendpoint --Adds a new endpoint and performs dynamic registration of the endpoint with the Listener storing it in the dynamic registration tables.

rmendpoint --Removes a specific endpoint from a service and the dynamically registered ports from the Listener.

destroyservice --Removes the service and all its endpoints including their dynamic registration. The -all flag erases the entire JNDI tree (from the service root level).

createwebservice --Manipulates parameters required by the ServicePresentation code and initializes Web specific configurations.

Web Domain Configuration

This set of commands sets the location of servlet contexts. As with all JNDI entries, each location has an administrator/owner

createwebdomain --Creates a Web domain administered by the current schema, where servlets execute as that schema. In addition it defines an initial servlet context, default, and doc_root.

destroywebdomain --Removes the Web domain and all associated servlet contexts.

Security Management

This set of commands sets the security for your domain and servlets specifying the realm and the authentication method to be used by the security class.

realm --Lists all the realm commands.

realm list -w <Web service root> --Lists all realms declared for a service.

realm map -s <servletContextPath> [-(add|remove) <path> -scheme <auth>:<realm>] --Defines/lists(/declares not to be) protected paths within a servlet context.

realm echo [0|1] --Turns echo off or on.

realm publish -w <Web service root> [-(add|remove) <realmName> [-type (RDBMS | DBUSER | JNDI)]] Creates/publishes/deletes an realm.

realm user -d <domainContextPath> -realm <realmName> [-(add|remove) <userName> [-p <user password>]] --Creates/deletes a user.

realm group -d <domainContextPath> -realm <realmName> [-(add|remove) <groupName> [-p <group password>]] --Creates/deletes a group.

realm parent -d <domainContextPath> -realm <realmName> [-group <groupName> [-(add|remove) <principalName>]] [-query <principalName>] --Adds/lists/removes a principal to a group.

realm perm -d <domainContextPath> -realm <realmName> -s <servletContextPath> -name <principalName> [-path <path> (+|-) <permList>] --Declares, clears, or lists a granted or denied permission on the specified path for a user for valid HTTP methods (Declaring Permissions in Chapter 8, "Security HTTP Administration").

Servlet Context Management

This set of commands manipulates the Context.

createcontext --Creates a context on the corresponding virtualpath of the domain.

destroycontext --Removes servlet context information and all the servlets from that domain.

adderrorpage --Defines which URL reports errors for this context for an error code.

rmerrorpage --Remove the error page associated with the corresponding error code.

Servlet Management

This set of commands handles the publishing and unpublishing of servlets.

publishservlet --Publishes a servlet by name in the Context. It also can associate a virtual path with the named servlet. Servlets published in a servlet context declared as stateless, are not allowed access to the HTTPSession object.

unpublishservlet --Removes the servlet from the servlet context, as well as any existing virtualpath for the servlet in the mapping table.

Export Commands

This set of commands provides the means for extracting the structure of a Web domain and can generate the corresponding configuration file. Use this command-generated file for mod_ose or other proxies.

exportwebdomain --The export utility can be used in one or two stages when generating a configuration file:

1. In XML format, generate the structure of a Web domain or contexts within a domain.

2. (optionally) Apply transformations to the XML structure, producing a configuration file for a specific Web server (for example: apache, iis ).

Refer to Chapter 5, "Apache Module for Oracle OSE"for a detailed explanation regarding exporting the Web domain.

---