Skip Headers
Oracle® iPlanet Web Server Release Notes
Release 7.0.20

E18789-14
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

A Features and Enhancements in Previous Web Server 7.0 Releases

The following sections list the features and enhancements in previous releases:

A.1 Features and Enhancements in 7.0.19

A new security component, NSS 3.14.3.0, is integrated with Oracle iPlanet Web Server 7.0.19.

A.2 Features and Enhancements in 7.0.18

This release of Oracle iPlanet Web Server 7.0.18 provides the following new feature and enhancement:

For information about features and enhancements in previous Oracle iPlanet web Server 7.0 releases, see Appendix A.

A.3 Features and Enhancements in 7.0.17

This release of Oracle iPlanet Web Server 7.0.17 provides the following new features and enhancements:

For information about features and enhancements in previous Oracle iPlanet Web Server 7.0 releases, see Appendix A.

A.4 Features and Enhancements in 7.0.16

This release of Oracle iPlanet Web Server 7.0.16 provides the following new features and enhancements:

For information about new features and enhancements in previous Oracle iPlanet Web Server 7.0 releases, see Appendix A.

A.5 Features and Enhancements in 7.0.15

The following are the new features and enhancements in Oracle iPlanet Web Server 7.0.15:

For information about new features and enhancements in previous Oracle iPlanet Web Server 7.0 releases, see Appendix A.

A.6 Features and Enhancements in 7.0.14

This release addresses the Java hash-table collision security vulnerability, CVE-2011-5035.

A new element, max-parameter-count, has been added to the servlet-container element of the server.xml configuration file. You can use the max-parameter-count element to specify a limit for the number of parameters allowed for a JSP or a servlet request. This helps in protecting the server against a denial of service that can be caused by requests containing specially crafted parameters sent by remote attackers. If the number of parameters in a request exceeds the configured max-parameter-count, the additional parameters are ignored.

You can specify any positive integer as the value of max-parameter-count. The default value is 10000.

You can set max-parameter-count by either editing the server.xml configuration file or by using the set-servlet-container-prop CLI command. For more information about set-servlet-container-prop, see the Oracle iPlanet Web Server 7.0.9 CLI Reference Manual.

A.7 Features and Enhancements in 7.0.13

The following are the new features and enhancements in Oracle iPlanet Web Server 7.0.13.

A.8 Features and Enhancements in 7.0.12

The following sections describe the important new features and enhancements in Oracle iPlanet Web Server 7.0.12.

For information about new features and enhancements in previous Oracle iPlanet Web Server 7.0 releases, see Appendix A.

A.8.1 Security Component Upgradation

A new security component NSS 3.12.10 is integrated with Oracle iPlanet Web Server 7.0.12.

A.8.2 Introducing exclude-escape-chars parameter in http-client-config SAF

Oracle iPlanet Web Server introduces a new parameter called exclude-escape-chars which provides the list of characters which are not escaped. For more information, see Section 3.2.6, "Introducing exclude-escape-chars Parameter in http-client-config"

A.8.3 Introducing httponly-session-cookie property in servlet-container element

Oracle iPlanet Web Server introduces a new property called httponly-session-cookie in the servlet-container. For more information, see Section 3.2.10, "Problem with set-cookie Header"

A.9 Features and Enhancements in 7.0.11

The following sections describe the important new features and enhancements in Oracle iPlanet Web Server 7.0.11.

A.9.1 Updated JDK Version

In Oracle iPlanet Web Server 7.0.11, the JDK 6 version that is packaged with the product has been changed to JDK 6 update 24. This change has been made to address security vulnerability CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number).

For more information about security vulnerability CVE-2010-4476, see the Oracle Security Alert at:

http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.htm

A.10 Features and Enhancements in 7.0.10

The following sections describe the important new features and enhancements in Oracle iPlanet Web Server 7.0.10.

A.10.1 Maximum Length of Group Line in htaccess Authentication Group File Increased

In Oracle iPlanet Web Server 7.0.10, the maximum permissible length of a group line in the htaccess authentication group file has been increased from the earlier limit of 1K (1024) characters to 8K (8192) characters.

A.10.2 JDK Updated to 1.6.0_22

The JDK 6 that is delivered as part of Web Server 7.0.10 on Solaris, Linux, and Windows is updated to version 1.6.0_22.

For information about the changes in JDK 1.6.0_22, see the JDK 6 release notes at:

http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121.html

A.10.3 NSS Updated to 3.12.8

Web Server 7.0.10 is integrated with NSS version 3.12.8.

For information about changes in this version, see the NSS 3.12.8 release notes.

A.11 Features and Enhancements in 7.0.9

Oracle iPlanet Web Server 7.0.9 is an update release to Sun Java System Web Server 7.0. In addition to the features and enhancements in Web Server 7.0 and Updates 1 through 8, Web Server 7.0.9 brings the additional features and enhancements to the product described in th following sections.

A.11.1 Resolution of SSL/TLS Vulnerability CVE-2009-3555

Web Server 7.0 Update 7 included NSS 3.12.5, which provided relief, but not resolution, for the SSL/TLS renegotiation vulnerability http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555. Additionally, Web Server 7.0 Update 7 disabled all use of SSL/TLS renegotiation in order to protect Web Server from attack. If either the client or Web Server attempted to trigger renegotiation on an existing SSL/TLS session, the connection would fail.

Web Server 7.0.9 includes NSS 3.12.6, which provides safe SSL/TLS renegotiation and so provides resolution of CVE-2009-3555. As a result, Web Server 7.0.9 re-enables use of SSL/TLS renegotiation.

A.11.2 Support for JDT Java Compiler

You can now configure Web Server to use the Eclipse JDT Java compiler instead of Ant and another Java compiler. For more information, see "Using the Eclipse JDT Java Compiler" in Oracle iPlanet Web Server 7.0.9 Developer's Guide to Java Web Applications.

A.11.3 Support for Oracle JRockit JDK

Web Server now supports the Oracle JRockit JDK on the 32-bit platforms it supports. For the 7.0.9 release, the minimum required JRockit JDK version is R27.6.5, which is certified to be compatible with Java SE 6 Update 14 (1.6.0_14).

A.11.4 Ability to Change Session ID on Authentication

Web Server 7.0.9 adds the changeSessionIdOnAuthentication property to the sun-web-app element of the sun-web.xml file. This property enables web applications to change session IDs upon authentication in order to avoid session fixation attacks. For more information, see "sun-web-app Element" in Oracle iPlanet Web Server 7.0.9 Developer's Guide to Java Web Applications.

A.11.5 For Large Applications, --directory Option of add-webapp Deprecated

For large applications, you should use the --file-on-server option of the add-webapp command to provide a path to an expanded war file outside the Web Server root directory. Note, however, that the administration server does not manage web applications deployed outside the Web Server root directory.

For more information, see "Deploying a Web Application Directory" in Oracle iPlanet Web Server 7.0.9 Administrator's Guide.

A.12 Features and Enhancements in 7.0 Update 8

Web Server 7.0 Update 8 contains the following fixes for security vulnerabilities.

Bug 6916389 describes the buffer overflow vulnerabilities in the WebDAV extensions to Sun Java System Web Server. These issues may allow remote clients to trigger a Web Server crash, thus resulting in a Denial of Service (DoS) condition. These issues may also allow remote unauthorized users to gain elevated privileges, enabling them to access and modify sensitive files.

Bug 6916390 describes the format string vulnerabilities in the WebDAV extensions to Sun Java System Web Server. These issues may allow remote clients to trigger a Web Server crash, thus resulting in a Denial of Service (DoS) condition. These issues may also allow remote unauthorized users to gain elevated privileges, enabling them to access and modify sensitive files.

Bug 6916391 describes the buffer overflow issues in the Digest Authentication methods in Sun Java System Web Server, which may allow remote unprivileged users to crash Web Server, thus leading to a Denial of Service (DoS) condition. These issues may also lead to execution of arbitrary code with elevated privileges.

Bug 6916392 describes the heap overflow issues in the HTTP TRACE functionality in Sun Java System Web Server, which may allow remote unprivileged users to crash Web Server, thus leading to a Denial of Service (DoS) condition. These issues may also be exploited to gain unauthorized access to sensitive information.

A.13 Features and Enhancements in 7.0 Update 7

Web Server 7.0 Update 7 introduces Kerberos/SPNEGO support. This release introduces a new ACL authentication method called gssapi. The gssapi authentication method works with a Kerberos user repository. This release also introduces a suitable auth-db of type kerberos for use with the gssapi authentication method.

For more information about configuring a Kerberos authentication, see "Working With the Authentication Database" in Oracle iPlanet Web Server 7.0.9 Administrator's Guide

Note:

Kerberos enabled Web Server on Solaris is tested with clients such as Internet Explorer on Windows 2003 and Firefox on RHEL 5.3.

Web Server 7.0 Update 7 supports Windows 2008 SP2 32 bit (x86) Enterprise Edition.

Web Server 7.0 Update 7 is bundled with JDK 6. There is an improvement in the performance in the administration server.

Web Server 7.0 Update 7 is integrated with the Xerces C++ patch that fixes the vulnerability. For more information, see http://www.cert.fi/en/reports/2009/vulnerability2009085.html.

Note:

Web Server 7.0 Update 7 resolves a regression in LDAP authentication (6888100) accidentally introduced in Update 6. All customers using LDAP authentication are encouraged to upgrade to Update 7.

A.13.1 Deprecated Platforms

Platforms, Solaris 8 and Windows 2000 are deprecated. They will not be supported from Web Server 7.0 Update 9 onward.

A.13.2 SSL/TLS Vulnerability Fix (CVE-2009-3555)

Web Server 7.0 Update 7 is upgraded to include NSS 3.12.5, which provides relief for the SSL/TLS renegotiation vulnerability: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555

This vulnerability is a flaw in the current SSL/TLS renegotiation protocol definition. It is not a bug in the Web Server implementation. Due to this reason, there is no implementation-level fix for this vulnerability. The only workaround is to disable renegotiation entirely in order to protect Web Server from attack.

Therefore, Web Server 7.0 Update 7 disables all use of SSL/TLS renegotiation. If either the client or Web Server attempts to trigger renegotiation on an existing SSL/TLS session, the connection will fail.

Typically, renegotiation was used to obtain a client certificate sometime after the SSL/TLS connection was first established. Web applications that attempt to obtain a client certificate in this fashion will now fail.

Obtaining a client certificate during the initial connection handshake will continue to work correctly. This mode can be configured by setting the client-auth element to 'required' in server.xml:

<http-listener>
   <ssl>
      <client-auth>required</client-auth>
   </ssl>
</http-listener>

A future update of Web Server 7.0 will implement a safe renegotiation protocol as soon as the IETF finalizes the design of the new protocol enhancement. It is possible to re-enable the vulnerable SSL/TLS renegotiation capability by setting the environment variable: NSS_SSL_ENABLE_RENEGOTIATION=1. This mode is known to be vulnerable to attack as described in CVE-2009-3555.

A.14 Features and Enhancements in 7.0 Update 6

Web Server 7.0 Update 6 is an update release to Web Server 7.0. In addition to the features and enhancements in Web Server 7.0, and the Web Server 7.0 Update 1, Update 2, Update 3, Update 4, and Update 5 releases, Web Server 7.0 Update 6 brings the following value-added features and enhancements to the product.

A.15 Features and Enhancements in 7.0 Update 5

Web Server 7.0 Update 5 is an update release to Web Server 7.0. In addition to the features and enhancements in Web Server 7.0, and the Web Server 7.0 Update 1, Update 2, Update 3, and Update 4 releases, Web Server 7.0 Update 5 brings the following feature to the product.

A.15.1 Binary Logging

Binary logging is a functionality introduced in Sun Java System Web Server 7.0 Update 5. This feature allows server information to be stored in a single log file that contains binary, unformatted log data of all the web sites hosted on a server. It thus minimizes the usage of system resources used for logging, may improve performance and scalability, and at the same time records detailed log information.

For more information, see Oracle iPlanet Web Server Performance Tuning, Sizing, and Scaling Guide

A.16 Features and Enhancements in 7.0 Update 4

Web Server 7.0 Update 4 is an update release to Web Server 7.0. In addition to the features and enhancements in Web Server 7.0, and the Web Server 7.0 Update 1, Update 2, and Update 3 releases, Web Server 7.0 Update 4 brings the following value-added features and enhancements to the product.

A.16.1 REQUEST_URI and SCRIPT_FILENAME Support

Web Server 7.0 Update 4 includes the addition of environment variables REQUEST_URI and SCRIPT_FILENAME in CGI and FastCGI subsystems. These variables are set by default for both CGI and FastCGI on Apache and are used by many PHP applications including WordPress.

For more information about issues related to these variables, see problem ID 6785490 in Section 2.2, "Web Server Core Issues."

A.16.2 default-sun-web.xml Support

default-sun-web.xml support has been provided in the Web Server 7.0 Update 4 release. For the administration server's LDAP authorization, default-sun-web.xml support is necessary and this will enable the group IDs to be configured.

A.16.3 OpenSolaris 2008.11 Support

OpenSolaris 2008.11 support has been provided in the Web Server 7.0 Update 4 release. OpenSolaris 2008.11 is the latest release of the OpenSolaris operating system.

Package Requirements

To install Sun Java System Web Server 7.0 Update 4 or later on OpenSolaris, you must install the following additional IPS packages from the repository:

  • SUNWpkgcmds

  • SUNWmfrun

  • java-dev

A.17 Features and Enhancements in 7.0 Update 3

Web Server Update 3 is an update release to Web Server 7.0. In addition to the features and enhancements in Web Server 7.0, and the Web Server 7.0 Update 1 and Update 2 releases, Web Server 7.0 Update 3 brings the following value-added features and enhancements to the product.

A.17.1 AIX Platform Support

AIX 5.3 and 6.1 platform support has been provided in the Web Server 7.0 Update 3 release.

A.17.2 Autodeploying Web Applications

Web Server 7.0 Update 3 introduces the autodeployment functionality that enables you to deploy one or more web applications, just by copying them to a designated directory. The server automatically deploys web applications that are in the form of web archives (.war files) or in a directory in which a web archive has been expanded.

For more information about auto-deployment feature in Web Server, see "Autodeploying Web Applications" in Oracle iPlanet Web Server 7.0.9 Developer's Guide to Java Web Applications.

A.18 Features and Enhancements in 7.0 Update 2

Web Server 7.0 Update 2 is an update release to Web Server 7.0. In addition to the features and enhancements in Web Server 7.0, and the Web Server 7.0 Update 1 release, Web Server 7.0 Update 2 brings the value-added features and enhancements described in the following sections.

Appendix A, "PKCS11 Bypass Support"

Appendix A, "Service Management Facility (SMF) Support"

Appendix A, "Asynchronous Accelerator Cache Support"

Appendix A, "Enhanced Web Container"

Appendix A, "Improved Administration Experience"

Appendix A, "Red Hat 4.0 64-bit Support"

Appendix A, "NetBeans 6.5 IDE Support"

A.18.1 PKCS11 Bypass Support

Web Server 7.0 Update 2 introduces an option to instruct NSS to bypass the PKCS#11 layer during parts of the SSL/TLS processing. Bypassing the PKCS#11 layer improves performance. By default, the PKCS#11 layer is bypassed. At the time of server startup, the server queries each token holding a server key to verify that each token can support PKCS#11 bypass. If any of the tokens cannot support bypass, bypass is disabled. Therefore, no user action is required to take advantage of the performance benefits of the PKCS#11 bypass. The server automatically takes advantage of the bypass and automatically disables the bypass if the token cannot be used given the current configuration. For more information, see Oracle iPlanet Web Server Administrator's Configuration File Reference.

Web Server provides command-line interface (CLI) and Admin Console support to enable or disable bypass. For more information about how to enable or disable PKCS11 bypass using the Admin Console or the CLI, see "To Enable and Bypass PKCS#11 Tokens" in Oracle iPlanet Web Server 7.0.9 Administrator's Guide.

A.18.2 Service Management Facility (SMF) Support

Web Server 7.0 Update 2 integrates with the Solaris 10 Service Management Facility (SMF) for the Java platform. SMF is a new feature of the Solaris Operating System that creates a supported, unified model for services and service management on each Solaris system. It is a mechanism to define, deliver, and manage long-running application services for Solaris. A service is defined by a service manifest, which is an XML file that describes a service, and any instances associated with that service.

For more information about SMF support in Web Server, see "Integrating Service Management Facility for the Java Platform with Web Server" in Oracle iPlanet Web Server 7.0.9 Administrator's Guide.

A.18.3 Asynchronous Accelerator Cache Support

Web Server 7.0 Update 2 supports processing of requests that can be served from the accelerator cache asynchronously, thereby improving the performance of the server.

Value added features are:

  • Dynamic reconfiguration

  • Flag AsyncAccelerator in magnus.conf to turn off asynchronous cache

  • Requests serviced through asynchronous accelerator to stats

  • Batch access log writes when requests are serviced by asynchronous accelerator

A.18.4 Enhanced Web Container

Web Server 7.0 Update 2 introduces the ability to display the exception stack trace or JSP compiler errors in a browser. In the earlier releases of Web Server, when an exception occured in the servlet container at request time, a "Server Error" was displayed at the client without exposing internal application details. The exception is always logged in the error log with or without this feature enabled.

Note:

Displaying exception stack trace or JSP compiler errors in a browser is not enabled by default. You can enable this feature through the set-servlet-container-prop command or through the Display Exception check box in the Servlet Container tab of the Admin Console. This is useful for development purposes. It is strongly recommended that this feature not be enabled in production systems.

A.18.5 Improved Administration Experience

Administration experience is improved Web Server 7.0 Update 2 by introducing the following key features:

Rollback Deployed Configuration Support

Web Server 7.0 Update 2 supports rolling back of deployed configuration. Web Server administration now enables administrators to take backups automatically on every deployed configuration. Using the Admin CLI, you can list backups and restore a specified backup.

Support to Set Administration Server Password

Web Server 7.0 Update 2 enables you to reset the administration server's user password. However, this functionality works only locally on the administration server's node.

Support for Managing CA Certificates

The Admin Console enables you to install, delete, and filter CA certificates, Cert chain, and the CRLs. Additionally, the server also warns the users about the certificates that are about to expire.

For information about the administration features, see Oracle iPlanet Web Server Administrator's Guide.

A.18.6 Red Hat 4.0 64-bit Support

Support for a 64-bit standalone version of Web Server is provided in Web Server 7.0 Update 2.

Web Server 7.0 64-bit Linux is a separate standalone-only distribution and does not coexist with Web Server 7.0 32-bit Linux. Web Server 7.0 64-bit Linux requires 64-bit Java Development Kit 5.0 Update 12 or later. Both Administration Server and server instance are only 64-bit server. Migration from previous releases is not supported on Web Server 7.0 64-bit for Linux.

A.18.7 NetBeans 6.5 IDE Support

Web Server 7.0 Update 2 provides support to connect to the NetBeans 6.5 IDE and allows users to develop, debug, and deploy applications to Web Server. The NetBeans plug-in can be downloaded from the update center using the NetBeans 6.5 IDE.

Note:

In addition to the support for NetBeans 6.5 IDE, Web Server provides support for NetBeans 6.1, 6.0, and 5.5.1 versions of the IDE.

A.19 Features and Enhancements in 7.0 Update 1

Web Server 7.0 Update 1 is an update release to Web Server 7.0.

In addition to the features and enhancements in Web Server 7.0, Web Server 7.0 Update 1 supports the Java Platform, Enterprise Edition (Java EE) 5.0 and Web 2.0 technologies.

The following sections describe the new features and enhancements in 7.0 Update 1.

A.19.1 Java Servlet 2.5 and JavaServer Pages (JSP) 2.1 Support

Web Server includes a Java Platform, Enterprise Edition (Java EE) 5 compliant implementation of the Java Servlet 2.5 and JavaServer Pages ( JSP) 2.1 technology specifications. Web Server provides the flexibility and reliability needed to design and deploy web applications that comply with Java technology standards.

Java Servlet technology provides web developers with a simple, consistent mechanism for extending the functionality of a Web Server and for accessing existing business systems. JSP technology provides a simplified and fast way to create dynamic web content. JSP technology enables rapid development of web-based applications that are server- and platform-independent.

For information about these technologies, see:

http://docs.oracle.com/javaee/5/tutorial/doc/

A.19.2 JavaServer Pages Standard Tag Library 1.2 and JavaServer Faces 1.2 Support

The JavaServer Pages Standard Tag Library 1.2 provides custom tags that encapsulate core functionality common to many web applications. JavaServer Pages Standard Tag Library has support for common, structural tasks such as iteration and conditionals. It provides tags for manipulating XML documents, internationalization tags, and SQL tags. It also provides a framework for integrating existing custom tags with JavaServer Pages Standard Tag Library tags.

Web Server supports JavaServer Faces technology. JavaServer Faces is a user interface framework for building web applications.

For information about these technologies, see:

http://docs.oracle.com/javaee/1.4/tutorial/doc/index.html

A.19.3 Accelerator Cache Technology

Web Server includes new accelerator cache technology that speeds the delivery of small files. The accelerator cache is automatically enabled and requires no configuration. For more information, see "File Cache Statistics Information" in Oracle iPlanet Web Server 7.0.9 Performance Tuning, Sizing, and Scaling Guide.

A.19.4 Administration Support for Configuring FastCGI

You can configure a single FastCGI application using the Admin Console as well as the command-line interface (CLI).You can also configure the FastCGI with Web Server using the configuration files.

To configure multiple FastCGI applications, see "Configuring Multiple FastCGI Applications" in Oracle iPlanet Web Server 7.0.9 Administrator's Guide.

A.19.5 NetBeans Support

Web Server provides plug-ins to integrate with the NetBeans Integrated Development Environment (IDE) for deploying and debugging web applications. NetBeans is a complete development environment to create Java Platform Enterprise Edition (Java EE)-based web applications with the standard components.

In addition to the deployment of web applications, the plug-in also provides support for the following activities:

  • Manage instances, such as start or stop server instances

  • Enable or disable applications

  • Create server-wide resources, such as JDBC resources and JDBC connection pools

For information about NetBeans, see:

http://www.netbeans.org/kb/index.html

A.19.6 Admin Console Support for Configuring Regular Expressions

Web Server provides support for writing regular expressions within the obj.conf file through the Admin Console. However, writing regular expressions through the Admin Console is limited to the form of <If>..</If> conditions for URL redirects.

For more information about using the Admin Console for writing regular expressions, see Oracle iPlanet Web Server Administrator's Guide.

A.19.7 GUI and CLI Support for Pattern Matching

Web Server provides support for configuring the URIs, URI prefixes, URI wildcard patterns properties through the Admin Console and the CLI.

For more information about using the Admin Console for configuring URI pattern properties, see Oracle iPlanet Web Server Administrator's Guide.

For more information about using the CLI commands for configuring URI pattern properties, see Oracle iPlanet Web Server Command-Line Reference.

A.20 Features and Enhancements in 7.0

Web Server can be configured to run as a 64-bit application on the Solaris, SPARC, and AMD64 platforms.

Web Server provides comprehensive command-line interface (CLI) support, consolidated configuration, enhanced security with elliptic curve cryptography support, and clustering support. It also comes with a robust built-in migration tool that helps migrate applications and configurations from Web Server 6.0 and Web Server 6.1 to Web Server 7.0.

The following sections describe the new features in Web Server 7.0:

A.20.1 JMX-Based Management Infrastructure

Web Server management infrastructure is based on the modern distributed Java Management Extensions (JMX) technology. JMX technology provides tools for building distributed, web-based, modular, and dynamic solutions for managing and monitoring devices, applications, and service-driven networks. JMX helps to manage and monitor instances, configurations, and web applications across clustered Web Server deployments.

A.20.2 Redesigned Administration Server Interface

The Administration Server is a specially configured Web Server instance on which the administration applications are deployed. An administration instance runs on each node in the server farm. Of these nodes, one node is configured to be the Administration Server and the rest are configured to be administration nodes.

The web-based Administration Server is redesigned to make common tasks easier to access and complex tasks easier to accomplish.

The Administration Server includes the following new features:

  • Web-based wizards for performing most common tasks

  • Comprehensive command-line interface (CLI) support for server configuration and server administration tasks

  • Centralized configuration store

  • Support for deploying Web Server configuration information on multiple machines. This feature extends to support Web Server in server farms and clusters.

  • Built-in management and monitoring of server clusters

For more information about using the administration interface to perform administrative tasks, see Oracle iPlanet Web Server Administrator's Guide.

A.20.3 Command-Line Interface Support

The command-line interface (CLI) enables you to easily configure and administer the server.

The CLI has the following key features:

  • Embedded Java Command Language (jacl) shell for scripting

  • Extensible CLI, which enables you to add more commands by using the third-party plug-ins

  • Support for local and remote administration, configuration, and management of one or more server instances

  • Automatic completion of commands when you enter one or more characters and then press the Tab key

  • Easy-to-use CLI-based operational modes including single mode, shell mode, and file mode

For more information about the commands, see Oracle iPlanet Web Server Command-Line Reference.

A.20.4 Sun N1 Service Provisioning System Support

Web Server is integrated with Sun N1 Service Provisioning Server 5.2. Sun N1 Service Provisioning System is an application provisioning tool that eliminates the need for custom scripts. With the integration of Web Server with Sun N1 Service Provisioning System, as an administrator, you do not need to write custom scripts for installing multiple Web Server instances in a datacenter environment or in a server farm.

A.20.5 Consolidated Configuration Files

Configuration files in Web Server are rearranged and consolidated to simplify administration.

In the earlier versions of Web Server, the configuration files in the userdb directory were shared by all instances, while the information contained in these files was often instance-specific. In Web Server 7.0, configuration files from the userdb directory are removed. Their functionality is incorporated into the server.xml file in the config directory. Configuration files from the alias and httpacl directories are moved into the config directory. These changes consolidate instance-specific configuration information within the instance-specific config directory.

For information about the configuration files, see Oracle iPlanet Web Server Administrator's Configuration File Reference.

A.20.6 JNDI Support

The Java Naming and Directory Interface (JNDI) API provides seamless connectivity to heterogeneous enterprise naming and directory services.

A.20.7 Java Database Connectivity and Connection Pooling Support

Web Server provides out-of-the-box, seamless Java Database Connectivity (JDBC), technology and supports a wide range of industry-standard and customized JDBC drivers.

Web Server supports JDBC connection pooling, that is, a group of reusable connections for a particular database. Because creating each new connection is time-consuming, the server maintains a pool of available connections to increase performance. When an application requests a connection, it obtains a connection from the pool. When an application closes a connection, the connection is returned to the pool.

For information about creating JDBC connection pools, see Oracle iPlanet Web Server Administrator's Guide.

A.20.8 Enhanced Hardware Accelerator Encryption Support

Sun Java System Web Server 7.0 provides hardware accelerator support for Sun Crypto Accelerator 4000 and 6000 boards, which enhance the performance of SSL on Web Server.

Note:

Initialize the Sun Crypto Accelerator card when using with Web Server. For more information about Sun Crypto Accelerator, see Sun Crypto Accelerator 6000 Board Version 1.1 User's Guide at:

http://docs.oracle.com/cd/E19321-01/index.html

A.20.9 Integrated Java Web Services Developer Pack 2.0 Technologies

Web Server includes Java Web Services Developer Pack (Java WSDP) 2.0 and XML technologies. Web services developed by using Java WSDP can be deployed on Web Server as a web application by using the wadm command.

Web Server 7.0 provides support for security features such as XML Encryption, XML Digital Signature, and support for message security provider.

For more information about Java WSDP 2.0, see:

http://www.oracle.com/technetwork/java/webservicespack-jsp-140788.html

Java WSDP 2.0 samples are located at the following location. These samples can be deployed on Web Server 7.0.

http://java.sun.com/webservices/downloads/2.0_preview_webservicespack.html

A.20.10 Lightweight Session Replication Support

Web Server supports cluster-based session replication and failover. Session replication and failover provides high availability to web applications by replicating HTTP sessions from one server instance to another in the same server cluster. Because each HTTP session has a backup copy on a remote instance, a server failure that renders one instance in the cluster unavailable does not disturb session continuity.

For more information about Light Weight Session Replication support, Oracle iPlanet Web Server Administrator's Guide.

A.20.11 URL Redirection and Rewriting with Regular Expressions

Web Server 7.0 introduces enhanced support for regular expressions and conditional processing in the obj.conf configuration file.

Key enhancements include the following:

  • Support for regular expressions

  • A restart Server Application Function (SAF) for restarting requests with a new URI

  • Support for dynamic SAF parameters that include expressions, variables, and regular expression back references

  • <If>, <ElseIf>, and <Else> tags for conditional processing

  • Support for complex conditions that use and, or, and notoperators

  • sed-request and sed-response filters for rewriting request and response bodies

You can use these new features to define flexible URL rewriting and redirection rules such as those possible with mod_rewrite from the Apache HTTP server. Unlike mod_rewrite, regular expressions and conditional processing in Web Server 7.0 can be used at any stage of request processing, even with third-party plug-ins.

For more information about regular expressions and URL rewrite functions, see Oracle iPlanet Web Server Administrator's Configuration File Reference.

A.20.12 Extensive Real-Time Monitoring Support

In addition to the monitoring facilities in earlier versions of Web Server, Web Server adds the following enhancements:

  • Monitors servlets, JSP, and JavaServer Pages Standard Tag Library container characteristics.

  • Monitors process and virtual server statistics from within the Administration Server.

  • Integrates with the System Management Agent on the Solaris 10 platform. Integrates with the Java Enterprise System Monitoring Framework (Java ES Monitoring Framework) that makes Web Server monitoring information available within the Java ES Monitoring Framework.

  • Accesses monitoring data as Management Beans (MBeans) using the Java Monitoring and Management Console (jconsole) script, Java ES Monitoring Framework, or any Java Management Extensions (JMX) compliant client applications.

For more information about the monitoring feature in Web Server, see Oracle iPlanet Web Server Administrator's Guide.

A.20.13 Integrated Reverse Proxy

Sun Java System Web Server 7.0 integrates the reverse proxy functionality within the core server.

When Web Server is configured with reverse proxy functionality, it acts as a proxy for one or more back-end servers and serves as a single point of access or gateway in a server farm. In a reverse proxy setup, Web Server forwards the HTTP request it received from the browser client to the appropriate back-end server. The HTML response from the back-end server is sent back to the browser through Web Server. Thus, Web Server with reverse proxy hides the existence of back-end servers to the browser.

Web Server provides GUI and CLI support for configuring the reverse proxy.

For information about configuring reverse proxy, see "Configuring Reverse Proxy in Web Server" in Oracle iPlanet Web Server 7.0.9 Administrator's Guide.

A.20.14 Enhanced Security

Web Server supports a wide variety of technologies that allow data encryption and validation, request authentication, and server process protection.

Key security-related enhancements include the following:

  • Solaris 10 platform cryptographic framework support. For example, libpkcs11.so including support for UltraSPARC T1 processor hardware acceleration.

  • Denial of Service (DoS) attack protection enhancements.

  • Cross-site scripting protection through the native sed(1)-based input filtering. For information about cross site-scripting, see "Preventing Cross-Site Scripting Attacks" in Oracle iPlanet Web Server 7.0.9 Administrator's Guide.

  • Web services security:

    • IETF XML Digital Signature

    • W3C XML Encryption

  • Integrated Platform for Privacy Preferences (P3P) support.

  • Web-based Distributed Authoring and Versioning (WebDAV) access control support.

  • The Lightweight Directory Access Protocol (LDAP) auth-db is enhanced to make search expressions and match attributes configurable.

  • The LDAP auth-db supports Microsoft Active Directory interoperability.

  • Support for migration of certificate from Tomcat or other Java keystore file-based repositories.

  • Support for dynamically applied Certificate Revocation Lists (CRLs).

  • Integrated IPv6 support.

A.20.15 Elliptic Curve Cryptography Support

Sun Java System Web Server has always supported RSA keys. In addition to the continued support for for RSA keys, Web Server 7.0 introduces support for Elliptic Curve Cryptography (ECC).

ECC is the next generation of public-key cryptography for mobile or wireless environments. ECC is based on a set of algorithms for key generation, encryption, and decryption for performing asymmetric cryptography.

For more information about how to use ECC in Web Server, see Oracle iPlanet Web Server Administrator's Guide.

A.20.16 Oracle Java Studio Enterprise Support

Web Server 7.0 supports Oracle Java Studio Enterprise 8.1. Oracle Java Studio software is a powerful, extensible IDE for Java technology developers, based on the NetBeans software and integrated with the Java platform.

The plug-in for Web Server can be obtained in the following ways:

  • From the companion CD in the Sun Java System Web Server Media Kit

  • By using the companion AutoUpdate feature of Oracle Java Studio

  • From the download center for Sun Java System Web Server

Note:

Oracle Java Studio 8.1 plug-in for Web Server works only with a local Web Server. That is, the IDE and Web Server must be installed on the same machine.

For more information about Oracle Java Studio 8, see:

http://developers.sun.com/jsenterprise/overview/previous/jse8.jsp

A.20.17 Localization Support

Web Server is available in the following languages:

  • French

  • German

  • Spanish

  • Japanese

  • Simplified Chinese

  • Traditional Chinese

  • Korean