| Oracle® iPlanet Web Server Release Notes Release 7.0.27 E18789-23 |
|
|
PDF · Mobi · ePub |
| Oracle® iPlanet Web Server Release Notes Release 7.0.27 E18789-23 |
|
|
PDF · Mobi · ePub |
The following sections list the features and enhancements in previous releases:
There are no new features and enhancements in Oracle iPlanet Web Server 7.0.26.
There are no new features and enhancements in Oracle iPlanet Web Server 7.0.25.
This release of Oracle iPlanet Web Server 7.0.24 provides the following enhancement:
Avoiding Repetitive Error Messages Thrown Up by set-origin-server
If you want to avoid repetitive error messages thrown up by the set-origin-server while accessing the server, you can use the failover-threshold parameter under the reverse-proxy server element:
<reverse-proxy> <failover-threshold>5</failover-threshold> </reverse-proxy>
where default value = 0, and range can be from 1 - 256.
For information about features and enhancements in previous Oracle iPlanet Web Server 7.0 releases, see Features and Enhancements in Previous Web Server 7.0 Releases.
There are no new features and enhancements in Oracle iPlanet Web Server 7.0.23.
There are no new features and enhancements in Oracle iPlanet Web Server 7.0.22.
This release of Oracle iPlanet Web Server 7.0.21 provides the following new feature and enhancement:
Oracle iPlanet Web Server 7.0.21 supports Network Security Services (NSS) 3.17.2.
Oracle iPlanet Web Server 7.0.21 provides support for additional Transport Layer Security (TLS) protocols. In addition to TLS 1.0, TLS 1.1 and TLS 1.2 are now supported. SSL3 has been disabled by default.
The list of supported ciphers has changed. The supported ciphers are:
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA
For information about features and enhancements in previous Oracle iPlanet web Server 7.0 releases, see Features and Enhancements in Previous Web Server 7.0 Releases.
A default welcome-file-list has been added in default-web.xml: entries of this list are used when a web application does not define a welcome-file-list. If a web application defines a welcome file list, then that list gets higher priority as welcome files than the default list.
There are no new features and enhancements in Oracle iPlanet Web Server 7.0.20.
A new security component, NSS 3.14.3.0, is integrated with Oracle iPlanet Web Server 7.0.19.
This release of Oracle iPlanet Web Server 7.0.18 provides the following new feature and enhancement:
Oracle iPlanet Web Server 7.0.18 bundles JDK 7 instead of JDK 6. Up to 7.0.17, Web Server bundled JDK6 in Solaris, Linux, and Windows.
For information about features and enhancements in previous Oracle iPlanet web Server 7.0 releases, see Features and Enhancements in Previous Web Server 7.0 Releases.
This release of Oracle iPlanet Web Server 7.0.17 provides the following new features and enhancements:
In Web Server 7.0.17 and higher, JDK 7 support is provided for the following platforms:
Solaris
Linux
Windows
For information about features and enhancements in previous Oracle iPlanet Web Server 7.0 releases, see Features and Enhancements in Previous Web Server 7.0 Releases.
This release of Oracle iPlanet Web Server 7.0.16 provides the following new features and enhancements:
A new server.xml element, blocking-accept, has been introduced under the http-listener element. This element enables optional blocking of the listen socket mode while retaining client end-points as non-blocking.
This Boolean element takes the value true or false. By default, the element is set to false.
Example:
<blocking-accept>true</blocking-accept>
A new parameter append-newline-at-end has been added to the insert-filter function in the obj.conf file. The filters sed-response and sed-request adds an extra new line character irrespective of the sed rule. You can use the append-newline-at-end parameter to enable or disable the addition of this extra new line character. By default append-line-at-end=true.
Example:
Output fn="insert-filter" filter="sed-response" sed="s/abc/xyz" append-line-at-end="false"
For information about new features and enhancements in previous Oracle iPlanet Web Server 7.0 releases, see Features and Enhancements in Previous Web Server 7.0 Releases.
The following are the new features and enhancements in Oracle iPlanet Web Server 7.0.15:
Oracle iPlanet Web Server 7.0.15 is certified on the following additional platforms:
Oracle Enterprise Linux 6
Oracle Solaris 11
For complete information about the supported operating environments and hardware for Oracle iPlanet Web Server 7.0, see the Oracle iPlanet Web Server 7.0.9+ Certification Matrix, which is available at:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
The max-parameter-count element, which was added in the 7.0.14 release, can now be configured by using the administration console.
For more information about max-parameter-count, see Features and Enhancements in 7.0.14.
For information about new features and enhancements in previous Oracle iPlanet Web Server 7.0 releases, see Features and Enhancements in Previous Web Server 7.0 Releases.
This release addresses the Java hash-table collision security vulnerability, CVE-2011-5035.
A new element, max-parameter-count, has been added to the servlet-container element of the server.xml configuration file. You can use the max-parameter-count element to specify a limit for the number of parameters allowed for a JSP or a servlet request. This helps in protecting the server against a denial of service that can be caused by requests containing specially crafted parameters sent by remote attackers. If the number of parameters in a request exceeds the configured max-parameter-count, the additional parameters are ignored.
You can specify any positive integer as the value of max-parameter-count. The default value is 10000.
You can set max-parameter-count by either editing the server.xml configuration file or by using the set-servlet-container-prop CLI command. For more information about set-servlet-container-prop, see the Oracle iPlanet Web Server 7.0.9 CLI Reference Manual.
The following are the new features and enhancements in Oracle iPlanet Web Server 7.0.13.
A new property, max-requests-per-connection is introduced in this release. You can use this property to resolve the CVE-2011-3389 security vulnerability, by lowering the number of requests on a keep-alive connection.
You can set max-requests-per-connection as shown in the following example:
<http-listener> <name>ls1</name> <port>17005</port> <default-virtual-server-name>https-test</default-virtual-server-name> <max-requests-per-connection>09</max-requests-per-connection> <server-name>pegasus.example.com</server-name> </http-listener>
Oracle iPlanet Web Server 7.0.13 supports Network Security Services (NSS) 3.13.1.0.
The following sections describe the important new features and enhancements in Oracle iPlanet Web Server 7.0.12.
For information about new features and enhancements in previous releases, see Features and Enhancements in Previous Web Server 7.0 Releases.
A new security component NSS 3.12.10 is integrated with Oracle iPlanet Web Server 7.0.12.
exclude-escape-chars parameter in http-client-config SAFOracle iPlanet Web Server introduces a new parameter called exclude-escape-chars which provides the list of characters which are not escaped. For more information, see Introducing exclude-escape-chars Parameter in http-client-config.
httponly-session-cookie property in servlet-container elementOracle iPlanet Web Server introduces a new property called httponly-session-cookie in the servlet-container. For more information, see Problem with set-cookie Header.
The following sections describe the important new features and enhancements in Oracle iPlanet Web Server 7.0.11.
In Oracle iPlanet Web Server 7.0.11, the JDK 6 version that is packaged with the product has been changed to JDK 6 update 24. This change has been made to address security vulnerability CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number).
For more information about security vulnerability CVE-2010-4476, see the Oracle Security Alert at:
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.htm
The following sections describe the important new features and enhancements in Oracle iPlanet Web Server 7.0.10.
In Oracle iPlanet Web Server 7.0.10, the maximum permissible length of a group line in the htaccess authentication group file has been increased from the earlier limit of 1K (1024) characters to 8K (8192) characters.
The JDK 6 that is delivered as part of Web Server 7.0.10 on Solaris, Linux, and Windows is updated to version 1.6.0_22.
For information about the changes in JDK 1.6.0_22, see the JDK 6 release notes at:
http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121.html
Oracle iPlanet Web Server 7.0.9 is an update release to Sun Java System Web Server 7.0. In addition to the features and enhancements in Web Server 7.0 and Updates 1 through 8, Web Server 7.0.9 brings the additional features and enhancements to the product described in the following sections.
Web Server 7.0 Update 7 included NSS 3.12.5, which provided relief, but not resolution, for the SSL/TLS renegotiation vulnerability http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555. Additionally, Web Server 7.0 Update 7 disabled all use of SSL/TLS renegotiation in order to protect Web Server from attack. If either the client or Web Server attempted to trigger renegotiation on an existing SSL/TLS session, the connection would fail.
Web Server 7.0.9 includes NSS 3.12.6, which provides safe SSL/TLS renegotiation and so provides resolution of CVE-2009-3555. As a result, Web Server 7.0.9 re-enables use of SSL/TLS renegotiation.
You can now configure Web Server to use the Eclipse JDT Java compiler instead of Ant and another Java compiler. For more information, see Using the Eclipse JDT Java Compiler in Oracle iPlanet Web Server 7.0.9 Developer's Guide to Java Web Applications.
Web Server now supports the Oracle JRockit JDK on the 32-bit platforms it supports. For the 7.0.9 release, the minimum required JRockit JDK version is R27.6.5, which is certified to be compatible with Java SE 6 Update 14 (1.6.0_14).
Web Server 7.0.9 adds the changeSessionIdOnAuthentication property to the sun-web-app element of the sun-web.xml file. This property enables web applications to change session IDs upon authentication in order to avoid session fixation attacks. For more information, see sun-web-app Element in Oracle iPlanet Web Server 7.0.9 Developer's Guide to Java Web Applications.
--directory Option of add-webapp DeprecatedFor large applications, you should use the --file-on-server option of the add-webapp command to provide a path to an expanded war file outside the Web Server root directory. Note, however, that the administration server does not manage web applications deployed outside the Web Server root directory.
For more information, see Deploying a Web Application Directory in Oracle iPlanet Web Server 7.0.9 Administrator's Guide.
Web Server 7.0 Update 8 contains the following fixes for security vulnerabilities.
Bug 6916389 describes the buffer overflow vulnerabilities in the WebDAV extensions to Sun Java System Web Server. These issues may allow remote clients to trigger a Web Server crash, thus resulting in a Denial of Service (DoS) condition. These issues may also allow remote unauthorized users to gain elevated privileges, enabling them to access and modify sensitive files.
Bug 6916390 describes the format string vulnerabilities in the WebDAV extensions to Sun Java System Web Server. These issues may allow remote clients to trigger a Web Server crash, thus resulting in a Denial of Service (DoS) condition. These issues may also allow remote unauthorized users to gain elevated privileges, enabling them to access and modify sensitive files.
Bug 6916391 describes the buffer overflow issues in the Digest Authentication methods in Sun Java System Web Server, which may allow remote unprivileged users to crash Web Server, thus leading to a Denial of Service (DoS) condition. These issues may also lead to execution of arbitrary code with elevated privileges.
Bug 6916392 describes the heap overflow issues in the HTTP TRACE functionality in Sun Java System Web Server, which may allow remote unprivileged users to crash Web Server, thus leading to a Denial of Service (DoS) condition. These issues may also be exploited to gain unauthorized access to sensitive information.
Web Server 7.0 Update 7 introduces Kerberos/SPNEGO support. This release introduces a new ACL authentication method called gssapi. The gssapi authentication method works with a Kerberos user repository. This release also introduces a suitable auth-db of type kerberos for use with the gssapi authentication method.
For more information about configuring a Kerberos authentication, see Working With the Authentication Database in Oracle iPlanet Web Server 7.0.9 Administrator's Guide.
Note:
Kerberos enabled Web Server on Solaris is tested with clients such as Internet Explorer on Windows 2003 and Firefox on RHEL 5.3.
Web Server 7.0 Update 7 supports Windows 2008 SP2 32 bit (x86) Enterprise Edition.
Web Server 7.0 Update 7 is bundled with JDK 6. There is an improvement in the performance in the administration server.
Web Server 7.0 Update 7 is integrated with the Xerces C++ patch that fixes the vulnerability. For more information, see http://www.cert.fi/en/reports/2009/vulnerability2009085.html.
Note:
Web Server 7.0 Update 7 resolves a regression in LDAP authentication (6888100) accidentally introduced in Update 6. All customers using LDAP authentication are encouraged to upgrade to Update 7.
Platforms, Solaris 8 and Windows 2000 are deprecated. They will not be supported from Web Server 7.0 Update 9 onward.
Web Server 7.0 Update 7 is upgraded to include NSS 3.12.5, which provides relief for the SSL/TLS renegotiation vulnerability: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555
This vulnerability is a flaw in the current SSL/TLS renegotiation protocol definition. It is not a bug in the Web Server implementation. Due to this reason, there is no implementation-level fix for this vulnerability. The only workaround is to disable renegotiation entirely in order to protect Web Server from attack.
Therefore, Web Server 7.0 Update 7 disables all use of SSL/TLS renegotiation. If either the client or Web Server attempts to trigger renegotiation on an existing SSL/TLS session, the connection will fail.
Typically, renegotiation was used to obtain a client certificate sometime after the SSL/TLS connection was first established. Web applications that attempt to obtain a client certificate in this fashion will now fail.
Obtaining a client certificate during the initial connection handshake will continue to work correctly. This mode can be configured by setting the client-auth element to 'required' in server.xml:
<http-listener>
<ssl>
<client-auth>required</client-auth>
</ssl>
</http-listener>
A future update of Web Server 7.0 will implement a safe renegotiation protocol as soon as the IETF finalizes the design of the new protocol enhancement. It is possible to re-enable the vulnerable SSL/TLS renegotiation capability by setting the environment variable: NSS_SSL_ENABLE_RENEGOTIATION=1. This mode is known to be vulnerable to attack as described in CVE-2009-3555.
Web Server 7.0 Update 6 is an update release to Web Server 7.0. In addition to the features and enhancements in Web Server 7.0, and the Web Server 7.0 Update 1, Update 2, Update 3, Update 4, and Update 5 releases, Web Server 7.0 Update 6 brings the following value-added features and enhancements to the product.
Sun Java System Web Server 7.0 Update 6 is integrated with the new NSS (Network Security Services) 3.12.3. This version of the NSS fixes the security alert for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404.
For more information about the additional environmental variables added in this version, see:
http://www.mozilla.org/projects/security/pki/nss/nss-3.12.3/nss-3.12.3-release-notes.html
Sun Java System Web Server 7.0 Update 6 contains both the NSS 3.12.3 and the NSPR 4.7.4 version.
Sun Java System Web Server 7.0 Update 6 has support for the Solaris 8 Branded Zones.
Web Server 7.0 Update 5 is an update release to Web Server 7.0. In addition to the features and enhancements in Web Server 7.0, and the Web Server 7.0 Update 1, Update 2, Update 3, and Update 4 releases, Web Server 7.0 Update 5 brings the following feature to the product.
Binary logging is a functionality introduced in Sun Java System Web Server 7.0 Update 5. This feature allows server information to be stored in a single log file that contains binary, unformatted log data of all the web sites hosted on a server. It thus minimizes the usage of system resources used for logging, may improve performance and scalability, and at the same time records detailed log information.
For more information, see Oracle iPlanet Web Server Performance Tuning, Sizing, and Scaling Guide.
Web Server 7.0 Update 4 is an update release to Web Server 7.0. In addition to the features and enhancements in Web Server 7.0, and the Web Server 7.0 Update 1, Update 2, and Update 3 releases, Web Server 7.0 Update 4 brings the following value-added features and enhancements to the product.
Web Server 7.0 Update 4 includes the addition of environment variables REQUEST_URI and SCRIPT_FILENAME in CGI and FastCGI subsystems. These variables are set by default for both CGI and FastCGI on Apache and are used by many PHP applications including WordPress.
For more information about issues related to these variables, see problem ID 6785490 in Web Server Core Issues.
default-sun-web.xml support has been provided in the Web Server 7.0 Update 4 release. For the administration server's LDAP authorization, default-sun-web.xml support is necessary and this will enable the group IDs to be configured.
OpenSolaris 2008.11 support has been provided in the Web Server 7.0 Update 4 release. OpenSolaris 2008.11 is the latest release of the OpenSolaris operating system.
Package Requirements
To install Sun Java System Web Server 7.0 Update 4 or later on OpenSolaris, you must install the following additional IPS packages from the repository:
SUNWpkgcmds
SUNWmfrun
java-dev
Web Server Update 3 is an update release to Web Server 7.0. In addition to the features and enhancements in Web Server 7.0, and the Web Server 7.0 Update 1 and Update 2 releases, Web Server 7.0 Update 3 brings the following value-added features and enhancements to the product.
AIX 5.3 and 6.1 platform support has been provided in the Web Server 7.0 Update 3 release.
Web Server 7.0 Update 3 introduces the autodeployment functionality that enables you to deploy one or more web applications, just by copying them to a designated directory. The server automatically deploys web applications that are in the form of web archives (.war files) or in a directory in which a web archive has been expanded.
For more information about auto-deployment feature in Web Server, see Autodeploying Web Applications in Oracle iPlanet Web Server 7.0.9 Developer's Guide to Java Web Applications.
Web Server 7.0 Update 2 is an update release to Web Server 7.0. In addition to the features and enhancements in Web Server 7.0, and the Web Server 7.0 Update 1 release, Web Server 7.0 Update 2 brings the value-added features and enhancements described in the following sections:
Web Server 7.0 Update 2 introduces an option to instruct NSS to bypass the PKCS#11 layer during parts of the SSL/TLS processing. Bypassing the PKCS#11 layer improves performance. By default, the PKCS#11 layer is bypassed. At the time of server startup, the server queries each token holding a server key to verify that each token can support PKCS#11 bypass. If any of the tokens cannot support bypass, bypass is disabled. Therefore, no user action is required to take advantage of the performance benefits of the PKCS#11 bypass. The server automatically takes advantage of the bypass and automatically disables the bypass if the token cannot be used given the current configuration. For more information, see .
Web Server provides command-line interface (CLI) and Admin Console support to enable or disable bypass. For more information about how to enable or disable PKCS11 bypass using the Admin Console or the CLI, see To Enable and Bypass PKCS#11 Tokens in Oracle iPlanet Web Server 7.0.9 Administrator's Guide.
Web Server 7.0 Update 2 integrates with the Solaris 10 Service Management Facility (SMF) for the Java platform. SMF is a new feature of the Solaris Operating System that creates a supported, unified model for services and service management on each Solaris system. It is a mechanism to define, deliver, and manage long-running application services for Solaris. A service is defined by a service manifest, which is an XML file that describes a service, and any instances associated with that service.
For more information about SMF support in Web Server, see Integrating Service Management Facility for the Java Platform with Web Server in Oracle iPlanet Web Server 7.0.9 Administrator's Guide.
Web Server 7.0 Update 2 supports processing of requests that can be served from the accelerator cache asynchronously, thereby improving the performance of the server.
Value added features are:
Dynamic reconfiguration
Flag AsyncAccelerator in magnus.conf to turn off asynchronous cache
Requests serviced through asynchronous accelerator to stats
Batch access log writes when requests are serviced by asynchronous accelerator
Web Server 7.0 Update 2 introduces the ability to display the exception stack trace or JSP compiler errors in a browser. In the earlier releases of Web Server, when an exception occured in the servlet container at request time, a "Server Error" was displayed at the client without exposing internal application details. The exception is always logged in the error log with or without this feature enabled.
Note:
Displaying exception stack trace or JSP compiler errors in a browser is not enabled by default. You can enable this feature through the set-servlet-container-prop command or through the Display Exception check box in the Servlet Container tab of the Admin Console. This is useful for development purposes. It is strongly recommended that this feature not be enabled in production systems.
Administration experience is improved Web Server 7.0 Update 2 by introducing the following key features:
Web Server 7.0 Update 2 supports rolling back of deployed configuration. Web Server administration now enables administrators to take backups automatically on every deployed configuration. Using the Admin CLI, you can list backups and restore a specified backup.
Web Server 7.0 Update 2 enables you to reset the administration server's user password. However, this functionality works only locally on the administration server's node.
The Admin Console enables you to install, delete, and filter CA certificates, Cert chain, and the CRLs. Additionally, the server also warns the users about the certificates that are about to expire.
Support for a 64-bit standalone version of Web Server is provided in Web Server 7.0 Update 2.
Web Server 7.0 64-bit Linux is a separate standalone-only distribution and does not coexist with Web Server 7.0 32-bit Linux. Web Server 7.0 64-bit Linux requires 64-bit Java Development Kit 5.0 Update 12 or later. Both Administration Server and server instance are only 64-bit server. Migration from previous releases is not supported on Web Server 7.0 64-bit for Linux.
Web Server 7.0 Update 2 provides support to connect to the NetBeans 6.5 IDE and allows users to develop, debug, and deploy applications to Web Server. The NetBeans plug-in can be downloaded from the update center using the NetBeans 6.5 IDE.
Note:
In addition to the support for NetBeans 6.5 IDE, Web Server provides support for NetBeans 6.1, 6.0, and 5.5.1 versions of the IDE.
Web Server 7.0 Update 1 is an update release to Web Server 7.0.
In addition to the features and enhancements in Web Server 7.0, Web Server 7.0 Update 1 supports the Java Platform, Enterprise Edition (Java EE) 5.0 and Web 2.0 technologies.
The following sections describe the new features and enhancements in 7.0 Update 1.
Web Server includes a Java Platform, Enterprise Edition (Java EE) 5 compliant implementation of the Java Servlet 2.5 and JavaServer Pages ( JSP) 2.1 technology specifications. Web Server provides the flexibility and reliability needed to design and deploy web applications that comply with Java technology standards.
Java Servlet technology provides web developers with a simple, consistent mechanism for extending the functionality of a Web Server and for accessing existing business systems. JSP technology provides a simplified and fast way to create dynamic web content. JSP technology enables rapid development of web-based applications that are server- and platform-independent.
For information about these technologies, see:
The JavaServer Pages Standard Tag Library 1.2 provides custom tags that encapsulate core functionality common to many web applications. JavaServer Pages Standard Tag Library has support for common, structural tasks such as iteration and conditionals. It provides tags for manipulating XML documents, internationalization tags, and SQL tags. It also provides a framework for integrating existing custom tags with JavaServer Pages Standard Tag Library tags.
Web Server supports JavaServer Faces technology. JavaServer Faces is a user interface framework for building web applications.
For information about these technologies, see:
Web Server includes new accelerator cache technology that speeds the delivery of small files. The accelerator cache is automatically enabled and requires no configuration. For more information, see File Cache Statistics Information in Oracle iPlanet Web Server 7.0.9 Performance Tuning, Sizing, and Scaling Guide.
You can configure a single FastCGI application using the Admin Console as well as the command-line interface (CLI).You can also configure the FastCGI with Web Server using the configuration files.
To configure multiple FastCGI applications, see Configuring Multiple FastCGI Applications in Oracle iPlanet Web Server 7.0.9 Administrator's Guide.
Web Server provides plug-ins to integrate with the NetBeans Integrated Development Environment (IDE) for deploying and debugging web applications. NetBeans is a complete development environment to create Java Platform Enterprise Edition (Java EE)-based web applications with the standard components.
In addition to the deployment of web applications, the plug-in also provides support for the following activities:
Manage instances, such as start or stop server instances
Enable or disable applications
Create server-wide resources, such as JDBC resources and JDBC connection pools
For information about NetBeans, see:
Web Server provides support for writing regular expressions within the obj.conf file through the Admin Console. However, writing regular expressions through the Admin Console is limited to the form of <If>..</If> conditions for URL redirects.
For more information about using the Admin Console for writing regular expressions, see Oracle iPlanet Web Server Administrator's Guide.
Web Server provides support for configuring the URIs, URI prefixes, URI wildcard patterns properties through the Admin Console and the CLI.
For more information about using the Admin Console for configuring URI pattern properties, see Oracle iPlanet Web Server Administrator's Guide.
For more information about using the CLI commands for configuring URI pattern properties, see Oracle iPlanet Web Server Command-Line Reference.
Web Server can be configured to run as a 64-bit application on the Solaris, SPARC, and AMD64 platforms.
Web Server provides comprehensive command-line interface (CLI) support, consolidated configuration, enhanced security with elliptic curve cryptography support, and clustering support. It also comes with a robust built-in migration tool that helps migrate applications and configurations from Web Server 6.0 and Web Server 6.1 to Web Server 7.0.
The following sections describe the new features in Web Server 7.0:
Web Server management infrastructure is based on the modern distributed Java Management Extensions (JMX) technology. JMX technology provides tools for building distributed, web-based, modular, and dynamic solutions for managing and monitoring devices, applications, and service-driven networks. JMX helps to manage and monitor instances, configurations, and web applications across clustered Web Server deployments.
The Administration Server is a specially configured Web Server instance on which the administration applications are deployed. An administration instance runs on each node in the server farm. Of these nodes, one node is configured to be the Administration Server and the rest are configured to be administration nodes.
The web-based Administration Server is redesigned to make common tasks easier to access and complex tasks easier to accomplish.
The Administration Server includes the following new features:
Web-based wizards for performing most common tasks
Comprehensive command-line interface (CLI) support for server configuration and server administration tasks
Centralized configuration store
Support for deploying Web Server configuration information on multiple machines. This feature extends to support Web Server in server farms and clusters.
Built-in management and monitoring of server clusters
For more information about using the administration interface to perform administrative tasks, see .
The command-line interface (CLI) enables you to easily configure and administer the server.
The CLI has the following key features:
Embedded Java Command Language (jacl) shell for scripting
Extensible CLI, which enables you to add more commands by using the third-party plug-ins
Support for local and remote administration, configuration, and management of one or more server instances
Automatic completion of commands when you enter one or more characters and then press the Tab key
Easy-to-use CLI-based operational modes including single mode, shell mode, and file mode
Web Server is integrated with Sun N1 Service Provisioning Server 5.2. Sun N1 Service Provisioning System is an application provisioning tool that eliminates the need for custom scripts. With the integration of Web Server with Sun N1 Service Provisioning System, as an administrator, you do not need to write custom scripts for installing multiple Web Server instances in a datacenter environment or in a server farm.
Configuration files in Web Server are rearranged and consolidated to simplify administration.
In the earlier versions of Web Server, the configuration files in the userdb directory were shared by all instances, while the information contained in these files was often instance-specific. In Web Server 7.0, configuration files from the userdb directory are removed. Their functionality is incorporated into the server.xml file in the config directory. Configuration files from the alias and httpacl directories are moved into the config directory. These changes consolidate instance-specific configuration information within the instance-specific config directory.
For information about the configuration files, see Oracle iPlanet Web Server Administrator's Configuration File Reference.
The Java Naming and Directory Interface (JNDI) API provides seamless connectivity to heterogeneous enterprise naming and directory services.
Web Server provides out-of-the-box, seamless Java Database Connectivity (JDBC), technology and supports a wide range of industry-standard and customized JDBC drivers.
Web Server supports JDBC connection pooling, that is, a group of reusable connections for a particular database. Because creating each new connection is time-consuming, the server maintains a pool of available connections to increase performance. When an application requests a connection, it obtains a connection from the pool. When an application closes a connection, the connection is returned to the pool.
For information about creating JDBC connection pools, see Oracle iPlanet Web Server Administrator's Guide.
Sun Java System Web Server 7.0 provides hardware accelerator support for Sun Crypto Accelerator 4000 and 6000 boards, which enhance the performance of SSL on Web Server.
Note:
Initialize the Sun Crypto Accelerator card when using with Web Server. For more information about Sun Crypto Accelerator, see Sun Crypto Accelerator 6000 Board Version 1.1 User's Guide at:
Web Server includes Java Web Services Developer Pack (Java WSDP) 2.0 and XML technologies. Web services developed by using Java WSDP can be deployed on Web Server as a web application by using the wadm command.
Web Server 7.0 provides support for security features such as XML Encryption, XML Digital Signature, and support for message security provider.
For more information about Java WSDP 2.0, see:
http://www.oracle.com/technetwork/java/webservicespack-jsp-140788.html
Java WSDP 2.0 samples are located at the following location. These samples can be deployed on Web Server 7.0.
http://java.sun.com/webservices/downloads/2.0_preview_webservicespack.html
Web Server supports cluster-based session replication and failover. Session replication and failover provides high availability to web applications by replicating HTTP sessions from one server instance to another in the same server cluster. Because each HTTP session has a backup copy on a remote instance, a server failure that renders one instance in the cluster unavailable does not disturb session continuity.
For more information about Light Weight Session Replication support, Oracle iPlanet Web Server Administrator's Guide.
Web Server 7.0 introduces enhanced support for regular expressions and conditional processing in the obj.conf configuration file.
Key enhancements include the following:
Support for regular expressions
A restart Server Application Function (SAF) for restarting requests with a new URI
Support for dynamic SAF parameters that include expressions, variables, and regular expression back references
<If>, <ElseIf>, and <Else> tags for conditional processing
Support for complex conditions that use and, or, and notoperators
sed-request and sed-response filters for rewriting request and response bodies
You can use these new features to define flexible URL rewriting and redirection rules such as those possible with mod_rewrite from the Apache HTTP server. Unlike mod_rewrite, regular expressions and conditional processing in Web Server 7.0 can be used at any stage of request processing, even with third-party plug-ins.
For more information about regular expressions and URL rewrite functions, see .
In addition to the monitoring facilities in earlier versions of Web Server, Web Server adds the following enhancements:
Monitors servlets, JSP, and JavaServer Pages Standard Tag Library container characteristics.
Monitors process and virtual server statistics from within the Administration Server.
Integrates with the System Management Agent on the Solaris 10 platform. Integrates with the Java Enterprise System Monitoring Framework (Java ES Monitoring Framework) that makes Web Server monitoring information available within the Java ES Monitoring Framework.
Accesses monitoring data as Management Beans (MBeans) using the Java Monitoring and Management Console (jconsole) script, Java ES Monitoring Framework, or any Java Management Extensions (JMX) compliant client applications.
For more information about the monitoring feature in Web Server, see Oracle iPlanet Web Server Administrator's Guide.
Sun Java System Web Server 7.0 integrates the reverse proxy functionality within the core server.
When Web Server is configured with reverse proxy functionality, it acts as a proxy for one or more back-end servers and serves as a single point of access or gateway in a server farm. In a reverse proxy setup, Web Server forwards the HTTP request it received from the browser client to the appropriate back-end server. The HTML response from the back-end server is sent back to the browser through Web Server. Thus, Web Server with reverse proxy hides the existence of back-end servers to the browser.
Web Server provides GUI and CLI support for configuring the reverse proxy.
For information about configuring reverse proxy, see Configuring Reverse Proxy in Web Server in Oracle iPlanet Web Server 7.0.9 Administrator's Guide.
Web Server supports a wide variety of technologies that allow data encryption and validation, request authentication, and server process protection.
Key security-related enhancements include the following:
Solaris 10 platform cryptographic framework support. For example, libpkcs11.so including support for UltraSPARC T1 processor hardware acceleration.
Denial of Service (DoS) attack protection enhancements.
Cross-site scripting protection through the native sed(1)-based input filtering. For information about cross site-scripting, see Preventing Cross-Site Scripting Attacks in Oracle iPlanet Web Server 7.0.9 Administrator's Guide.
Web services security:
IETF XML Digital Signature
W3C XML Encryption
Integrated Platform for Privacy Preferences (P3P) support.
Web-based Distributed Authoring and Versioning (WebDAV) access control support.
The Lightweight Directory Access Protocol (LDAP) auth-db is enhanced to make search expressions and match attributes configurable.
The LDAP auth-db supports Microsoft Active Directory interoperability.
Support for migration of certificate from Tomcat or other Java keystore file-based repositories.
Support for dynamically applied Certificate Revocation Lists (CRLs).
Integrated IPv6 support.
Sun Java System Web Server has always supported SA keys. In addition to the continued support for RSA keys, Web Server 7.0 introduces support for Elliptic Curve Cryptography (ECC).
ECC is the next generation of public-key cryptography for mobile or wireless environments. ECC is based on a set of algorithms for key generation, encryption, and decryption for performing asymmetric cryptography.
For more information about how to use ECC in Web Server, see Oracle iPlanet Web Server Administrator's Guide.
Web Server 7.0 supports Oracle Java Studio Enterprise 8.1. Oracle Java Studio software is a powerful, extensible IDE for Java technology developers, based on the NetBeans software and integrated with the Java platform.
The plug-in for Web Server can be obtained in the following ways:
From the companion CD in the Sun Java System Web Server Media Kit
By using the companion AutoUpdate feature of Oracle Java Studio
From the download center for Sun Java System Web Server
Note:
Oracle Java Studio 8.1 plug-in for Web Server works only with a local Web Server. That is, the IDE and Web Server must be installed on the same machine.
For more information about Oracle Java Studio 8, see:
http://developers.sun.com/jsenterprise/overview/previous/jse8.jsp
|
 Copyright © 2016, 2017, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|