Features and Enhancements in Previous Web Server Releases

This section lists the features and enhancements in the following releases:

• Features and Enhancements in 7.0 Update 8

• Features and Enhancements in 7.0 Update 7

• Features and Enhancements in 7.0 Update 6

• Features and Enhancements in 7.0 Update 5

• Features and Enhancements in 7.0 Update 4

• Features and Enhancements in 7.0 Update 3

• Features and Enhancements in 7.0 Update 2

• Features and Enhancements in 7.0 Update 1

• Features and Enhancements in 7.0

Features and Enhancements in 7.0 Update 8

Web Server 7.0 Update 8 contains the following fixes for security vulnerabilities:

Bug 6916389 describes the buffer overflow vulnerabilities in the WebDAV extensions to Sun Java System Web Server. These issues may allow remote clients to trigger a Web Server crash, thus resulting in a Denial of Service (DoS) condition. These issues may also allow remote unauthorized users to gain elevated privileges, enabling them to access and modify sensitive files.

Bug 6916390 describes the format string vulnerabilities in the WebDAV extensions to Sun Java System Web Server. These issues may allow remote clients to trigger a Web Server crash, thus resulting in a Denial of Service (DoS) condition. These issues may also allow remote unauthorized users to gain elevated privileges, enabling them to access and modify sensitive files.

Bug 6916391 describes the buffer overflow issues in the Digest Authentication methods in Sun Java System Web Server, which may allow remote unprivileged users to crash the Web Server, thus leading to a Denial of Service (DoS) condition. These issues may also lead to execution of arbitrary code with elevated privileges.

Bug 6916392 describes the heap overflow issues in the HTTP TRACE functionality in Sun Java System Web Server, which may allow remote unprivileged users to crash the Web Server, thus leading to a Denial of Service (DoS) condition. These issues may also be exploited to gain unauthorized access to sensitive information.

Features and Enhancements in 7.0 Update 7

Web Server 7.0 Update 7 introduces Kerberos/SPNEGO support. This release introduces a new ACL authentication method called gssapi. The gssapi authentication method works with a Kerberos user repository. This release also introduces a suitable auth-db of type kerberos for use with the gssapi authentication method.

For more information on configuring a Kerberos authentication, see Working With the Authentication Database in Oracle iPlanet Web Server 7.0.9 Administrator’s Guide

Kerberos enabled Web Server on Solaris are tested with clients such as IE on Windows 2003 and Firefox on RHEL 5.3.

Web Server 7.0 Update 7 supports Windows 2008 SP2 32 bit (x86) Enterprise Edition.

Web Server 7.0 Update 7 is bundled with JDK 6. There is an improvement in the performance in admin server.

Web Server 7.0 Update 7 is integrated with new Xerces C++ patch which fixes the vulnerability. For more information, see http://www.cert.fi/en/reports/2009/vulnerability2009085.html.

Web Server 7.0 Update 7 resolves a regression in LDAP authentication (6888100) accidentally introduced in Update 6. All customers using LDAP authentication are encouraged to upgrade to Update 7.

Deprecated Platforms

Platforms, Solaris 8 and Windows 2000 are deprecated. They will not be supported from Web Server 7.0 Update 9 onwards.

SSL/TLS Vulnerability Fix (CVE-2009-3555)

Web Server 7.0 Update 7 is upgraded to include NSS 3.12.5 which provides relief for the SSL/TLS renegotiation vulnerability: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555

This vulnerability is a flaw in the current SSL/TLS renegotiation protocol definition. It is not a bug in the Web Server implementation. Due to this reason, there is no implementation-level fix for this vulnerability. The only workaround is to disable renegotiation entirely in order to protect the Web Server from attack.

Therefore, Web Server 7.0 Update 7 disables all use of SSL/TLS renegotiation. If either the client or the Web Server attempt to trigger renegotiation on an existing SSL/TLS session, the connection will fail.

Typically renegotiation was used to obtain a client certificate sometime after the SSL/TLS connection was first established. Web applications which attempt to obtain a client certificate in this fashion will now fail.

Obtaining a client certificate during the initial connection handshake will continue to work correctly. This mode can be configured by setting the client-auth element to 'required' in server.xml:

<http-listener>
   <ssl>
      <client-auth>required</client-auth>
   </ssl>
</http-listener>

A future update of Web Server 7 will implement a safe renegotiation protocol as soon as the IETF finalizes the design of the new protocol enhancement. It is possible to re-enable the vulnerable SSL/TLS renegotiation capability by setting the environment variable: NSS_SSL_ENABLE_RENEGOTIATION=1. This mode is known to be vulnerable to attack as described in CVE-2009-3555.

Java SE 5.0 and 6.0 Support

Web Server supports the 32–bit version of the Java Platform, Standard Edition (Java SE) 5.0 and Java Platform, Standard Edition (Java SE) 6. For the 64-bit version of Web Server, the 64–bit version of Java Development Kit (JDK) software support is available.

JDK 6.0 Update 17 is delivered on Solaris, Linux and Windows as part of Web Server 7.0 Update 8 release.

The following table lists the JDK versions supported on various platforms:

At the time of installation, you must specify a valid path for the JDK. To use the JDK version that is not co-packaged with the product, download the software from the following location:

JDK version 1.6.0: http://java.sun.com/javase/downloads/index.jsp

JDK version 1.5.0: http://www.hp.com/products1/unix/java/java2/jdkjre5_0/index.html

When you use JDK 1.5.0 on AIX platform, Administration server may fail to start and displays an error message “Unable to find/open the administration server's certificate database”. This is due to the restricted security policy on the installed JDK and limiting key size.

For more information about security information on SDKs, see: http://www.ibm.com/developerworks/java/jdk/security/50/

You can overcome this problem by downloading unrestricted security policy by clicking on “ IBM SDK Policy files”. The downloaded zip file is unpacked and the two JAR files are placed in the JRE directory (jre/lib/security/).

Features and Enhancements in 7.0 Update 6

Web Server 7.0 Update 6 is an update release to Web Server 7.0. In addition to the features and enhancements in Web Server 7.0 and Web Server 7.0 Update 1, Update 2, Update 3, Update 4 and Update 5 releases, Web Server 7.0 Update 6 release brings the following value-additional features and enhancements to the product.

New features and enhancements are described in the sections below.

For more information about Binary Logging in Web Server, see Oracle iPlanet Web Server 7.0.9 Performance Tuning, Sizing, and Scaling Guide.

Sun Java System Web Server 7.0 Update 6 is integrated with the new NSS (Network Security Services) 3.12.3. This version of the NSS fixes the security alert for CVE-2009-2404.

For more information, see the NSS 3.12.3 Release Notes. From the previously mentioned document, you can find more information on the additional environmental variables added in this version.

Sun Java System Web Server 7.0 Update 6 contains both the NSS 3.12.3 and the NSPR 4.7.4 version.

Sun Java System Web Server 7.0 Update 6 has support for the Solaris 8 Branded Zones.

See also — Features and Enhancements in 7.0 Update 5.

Features and Enhancements in 7.0 Update 5

Web Server 7.0 Update 5 is an update release to Web Server 7.0. In addition to the features and enhancements in Web Server 7.0 and Web Server 7.0 Update 1, Update 2, Update 3, and Update 4 releases, Web Server 7.0 Update 5 release brings the following value-additional features and enhancements to the product.

New features and enhancements are described in the sections below.

Binary Logging

Binary Logging

Binary logging is a functionality introduced in Sun Java System Web Server 7.0 Update 5. This feature allows server information to be stored in a single log file that contains binary, unformatted log data of all the web sites hosted on a server. It thus minimizes the usage of system resources used for logging, may improve performance and scalability, and at the same time records detailed log information.

Features and Enhancements in 7.0 Update 4

Web Server 7.0 Update 4 is an update release to Web Server 7.0. In addition to the features and enhancements in Web Server 7.0 and Web Server 7.0 Update 1, Update 2, and Update 3 releases, Web Server 7.0 Update 4 release brings the following value-additional features and enhancements to the product.

New features and enhancements are described in the sections below.

REQUEST_URI and SCRIPT_FILENAME Support

default-sun-web.xml Support

OpenSolaris 2008.11 Support

REQUEST_URI and SCRIPT_FILENAME Support

This Web Server update release includes addition of environment variables REQUEST_URI and SCRIPT_FILENAME in CGI and FastCGI subsystems. These variables are set by default for both CGI and FastCGI on Apache and are used by many PHP applications including WordPress.

For more information on issues related to these variables, see Problem ID 6785490 in Core.

default-sun-web.xml Support

default-sun-web.xml support has been provided in Web Server Update 4 release. For Admin server's LDAP authorization, default-sun-web.xml support is necessary and this will enable the group Id's to be configured.

OpenSolaris 2008.11 Support

OpenSolaris 2008.11 support has been provided in Web Server Update 4 release, OpenSolaris 2008.11 is the latest release of OpenSolaris Operating System, a powerful, secure, stable, highly scalable, and complete operating environment for users, developers, and deployers.

Package Requirements

For installing Sun Java System Web Server 7.0 Update 4 or higher in the OpenSolaris OS, you must install the following additional IPS packages from the repository:

• SUNWpkgcmds

• SUNWmfrun

• java-dev

Features and Enhancements in 7.0 Update 3

Web Server Update 3 is an update release to Web Server 7.0. In addition to the features and enhancements in Web Server 7.0 and Web Server 7.0 Update 1 and Update 2 releases, Web Server 7.0 Update 3 release brings the following value-additional features and enhancements to the product.

New features and enhancements are described in the sections below.

AIX Platform Support

Auto-Deploying Web Applications

AIX Platform Support

AIX 5.3 and 6.1 platform support has been provided in Web Server Update 3 release.

Auto-Deploying Web Applications

This Web Server update release introduces auto-deployment functionality that enables you to deploy one or more web applications, just by copying them to a designated directory. The server auto-deploys web applications that are in the form of web archives (.war files) or in a directory in which a web archive has been exploded.

For more information about auto-deployment feature in Web Server, see Auto-Deploying Web Applications in Oracle iPlanet Web Server 7.0.9 Developer’s Guide to Java Web Applications.

Features and Enhancements in 7.0 Update 2

Web Server Update 2 is an update release to Web Server 7.0. In addition to the features and enhancements in Web Server 7.0, and Web Server 7.0 Update 1 releases, Web Server 7.0 Update 2 release brings the following value-additional features and enhancements to the product.

New features and enhancements are described in the sections below.

PKCS11 Bypass Support

Service Management Facility (SMF) Support

Asynchronous Accelerator Cache Support

Enhanced Web Container

Improved Administration Experience

Red Hat 4.0 64-bit Support

NetBeans 6.5 IDE Support

PKCS11 Bypass Support

This Web Server update release introduces an option to instruct NSS to bypass the PKCS#11 layer during parts of the SSL/TLS processing. Bypassing the PKCS#11 layer improves performance. By default, the PKCS#11 layer is bypassed. At the time of server startup, the server queries each token holding a server key to verify that each token can support PKCS#11 bypass. If any of the tokens cannot support bypass, bypass is disabled. Therefore, no user action is required to take advantage of the performance benefits of the PKCS#11 bypass. The server automatically takes advantage of the bypass and automatically disables the bypass if the token cannot be used given the current configuration. For more information, see Oracle iPlanet Web Server 7.0.9 Administrator’s Configuration File Reference.

Web Server provides Command Line Interface (CLI) and Admin Console support to enable or disable the bypass. For more information about how to enable or disable PKCS11 bypass using the Admin Console or the CLI, see To Enable and Bypass PKCS#11 Tokens in Oracle iPlanet Web Server 7.0.9 Administrator’s Guide.

Service Management Facility (SMF) Support

This Web Server update release integrates with the Solaris 10 Service Management Facility (SMF) for the Java platform . SMF is a new feature of the Solaris Operating System that creates a supported, unified model for services and service management on each Solaris system. It is a mechanism to define, deliver, and manage long-running application services for Solaris. A service is defined by a service manifest, an XML file which describes a service and any instances associated with that service.

For more information about SMF support in Web Server, see the Integrating Service Management Facility for the Java Platform with Web Server in Oracle iPlanet Web Server 7.0.9 Administrator’s Guide.

Asynchronous Accelerator Cache Support

This release of Web Server supports processing of requests that can be served from the accelerator cache asynchronously thereby improves the performance of the server. Value added features are:

• Handle dynamic reconfiguration

• Introduced flag AsyncAccelerator in the magnus.conf to turn off async cache.

• Requests are serviced through asynchronous accelerator to stats

• Batch up access log writes when requests are serviced by asynchronous accelerator

Enhanced Web Container

This Web Server update release introduces the ability to display the exception stack trace or JSP compiler errors in a browser. In the earlier releases of Web Server, when an exception occurs in the servlet container at the request time, a "Server Error" is displayed at the client without exposing internal application details. The exception is always logged in the error log with or without this feature enabled.

Displaying exception stack trace or JSP compiler errors in a browser feature is not enabled by default. You can enable this feature through set-servlet-container-prop command or through the Display Exception checkbox in the Servlet Container tab of the Admin Console. This is useful for development purposes. It is strongly recommended not to enable this feature in production systems.

Improved Administration Experience

Administration experience is improved in this release of Web Server by introducing the following key features:

Roll Back Deployed Configuration Support

Web Server supports rolling back of deployed configuration. Web Server administration now enables administrators to take backups automatically on every deployed configuration. Using the administration CLI, it is possible to list backups and restore a specified backup.

Support To Set Administration Server Password

This release of Web Server enables you to reset the administration server's user password. However, this functionality works only locally on the administration server's node.

Support for Managing CA Certificates

Administration Console enables you to install, delete, filter CA certificates, Cert chain, and the CRLs. Additionally, the server also warns the users about the certificates that are about to expire.

For information about the administration features, see the Oracle iPlanet Web Server 7.0.9 Administrator’s Guide.

Red Hat 4.0 64-bit Support

Support for a 64-bit standalone version of Web Server is provided in this release. Web Server 7.0 64-bit Linux is a separate standalone only distribution and does not coexist with Web Server 7.0 32-bit Linux. Web Server 7.0 64-bit Linux requires 64-bit Java Development Kit 5.0 Update 12 or above. Both Administration Server and server instance are only 64-bit server. Migration from previous releases is not supported on Web Server 7.0 64-bit for Linux.

NetBeans 6.5 IDE Support

This update release of Web Server provides support to connect to the NetBeans 6.5 IDE and allows users to develop, debug, and deploy applications to the web server. The NetBeans plug-in can be downloaded from the update center using the NetBeans 6.5 IDE.

In addition to the support for NetBeans 6.5 IDE, Web Server provides support for NetBeans 6.1, 6.0, and 5.5.1versions of the IDE.

Features and Enhancements in 7.0 Update 1

Web Server 7.0 Update 1 is an update release to the major release of Web Server 7.0.

In addition to the features and enhancements in Web Server 7.0 listed later in these release notes, Web Server 7.0 Update 1 supports the Java Platform, Enterprise Edition (Java EE) 5.0 and Web 2.0 technologies. The details of these features and enhancements are described in the sections below.

• Java Servlet 2.5 and JavaServer Pages (JSP) 2.1 Support

• JavaServer Pages Standard Tag Library 1.2 and JavaServer Faces 1.2 Support

• Accelerator Cache Technology

• Administration Support for Configuring FastCGI

• NetBeans Support

• Admin Console Support for Configuring Regular Expressions

• GUI and CLI Support for Pattern Matching

Java Servlet 2.5 and JavaServer Pages (JSP) 2.1 Support

Web Server includes a Java Platform, Enterprise Edition (Java EE) 5 compliant implementation of the Java Servlet 2.5 and JavaServer Pages (JSP) 2.1 technology specifications. Web Server provides the flexibility and reliability needed to design and deploy web applications that comply with Java technology standards.

Java Servlet technology provides web developers with a simple, consistent mechanism for extending the functionality of a Web Server and for accessing existing business systems. JSP technology provides a simplified and a fast way to create dynamic web content. JSP technology enables rapid development of web-based applications that are server and platform-independent.

For information about these technologies, see http://java.sun.com/javaee/5/docs/tutorial/doc/.

JavaServer Pages Standard Tag Library 1.2 and JavaServer Faces 1.2 Support

The JavaServer Pages Standard Tag Library 1.2 provides custom tags that encapsulate core functionality common to many web applications. JavaServer Pages Standard Tag Library has support for common, structural tasks such as iteration and conditionals. It provides tags for manipulating XML documents, internationalization tags, and SQL tags. It also provides a framework for integrating existing custom tags with JavaServer Pages Standard Tag Library tags.

Web Server supports JavaServer Faces technology. JavaServer Faces is a user interface framework for building web applications.

For information about these technologies, see: http://java.sun.com/j2ee/1.4/docs/tutorial/doc/index.html.

Accelerator Cache Technology

Web Server includes new accelerator cache technology that speeds the delivery of small files. The accelerator cache is automatically enabled and requires no configuration. For more information, see File Cache Statistics Information in Oracle iPlanet Web Server 7.0.9 Performance Tuning, Sizing, and Scaling Guide.

Administration Support for Configuring FastCGI

You can configure a single FastCGI application using the Admin Console as well as the Command Line Interface (CLI).You can also configure the FastCGI with Web Server using the configuration files.

To configure multiple FastCGI applications , see Configuring Multiple FastCGI Applications in Oracle iPlanet Web Server 7.0.9 Administrator’s Guide.

NetBeans Support

Web Server provides plug-ins to integrate with the NetBeans Integrated Development Environment (IDE) for deploying and debugging web applications. NetBeans is a complete development environment to create Java Platform Enterprise Edition (Java EE) based web applications with the standard components.

In addition to the deployment of web applications, the plug-in also provides support for the following activities:

• Manage instances, such as start or stop server instances

• Enable or disable applications

• Create server wide resources, such as JDBC resources and JDBC connection pools

For information about NetBeans, see: http://www.netbeans.org/kb/index.html.

For more information about using NetBeans with Web Server, see: http://webserver.netbeans.org.

Admin Console Support for Configuring Regular Expressions

Web Server provides support for writing regular expressions within the obj.conf file through the Admin Console. However, writing regular expressions through the Admin Console is limited to the form of <If>..</If> conditions for URL redirects.

For more information on using the Admin Console for writing regular expressions, see the Oracle iPlanet Web Server 7.0.9 Administrator’s Guide.

GUI and CLI Support for Pattern Matching

Web Server provides support for configuring the URIs, URI prefixes, URI wildcard patterns properties through the Admin Console and the Admin CLI.

For more information on using the Admin Console for configuring URI pattern properties, see the Oracle iPlanet Web Server 7.0.9 Administrator’s Guide.

For more information on using the CLI commands for configuring URI pattern properties, see the Oracle iPlanet Web Server 7.0.9 CLI Reference Manual.

Features and Enhancements in 7.0

Web Server can be configured to run as a 64–bit application on the Solaris, SPARC and AMD64 platforms.

Web Server provides comprehensive command-line interface support, consolidated configuration, enhanced security with elliptic curve cryptography support, and clustering support. It also comes with a robust built-in migration tool that helps migrate applications and configurations from Web Server 6.0 and Web Server 6.1 to Web Server 7.0.

Oracle iPlanet Web Server includes the following new features:

• JMX Based Management Infrastructure

• Redesigned Administration Server Interface

• Command-Line Interface Support

• Sun N1 Service Provisioning System Support

• Consolidated Configuration Files

• JNDI Support

• Java Database Connectivity and Connection Pooling Support

• Enhanced Hardware Accelerator Encryption Support

• Integrated Java Web Services Developer Pack 2.0 Technologies

• Lightweight Session Replication Support

• URL Redirection and Rewriting with Regular Expressions

• Extensive Real-Time Monitoring Support

• Integrated Reverse Proxy

• Enhanced Security

• Elliptic Curve Cryptography Support

• Oracle Java Studio Enterprise Support

• Localization Support

JMX Based Management Infrastructure

Web Server management infrastructure is based on the modern distributed Java Management Extensions (JMX) technology. JMX technology provides tools for building distributed, web-based, modular and dynamic solutions for managing and monitoring devices, applications, and service-driven networks. JMX helps to manage and monitor instances, configurations, and web applications across clustered Web Server deployments.

Redesigned Administration Server Interface

The Administration Server is a specially configured Web Server instance on which the administration applications are deployed. An administration instance runs on each node in the server farm. Of these nodes, one node is configured to be the Administration Server and the rest are configured to be Administration Nodes.

The web-based Administration Server is redesigned to make common tasks easier to access and complex tasks easier to accomplish.

The Administration Server includes the following new features:

• Web-based wizards for performing most common tasks

• Comprehensive command-line interface (CLI) support for server configuration and server administration tasks

• Centralized configuration store

• Support for deploying Web Server configuration information on multiple machines. This feature extends to support Web Server in a server farms and clusters.

• Built-in management and monitoring of server clusters

For more information on using the administration interface to perform administrative tasks, see the Oracle iPlanet Web Server 7.0.9 Administrator’s Guide.

Command-Line Interface Support

The command-line interface enables you to easily configure and administer the server.

The administration CLI has the following key features:

• Embedded Java Command Language (jacl) shell for scripting

• Extensible CLI, which enables you to add more commands by using the third-party plug-ins

• Support for local and remote administration, configuration, and management of one or more server instances

• Automatically completes commands when you type one or more characters and then press a tab key

• Easy-to-use CLI-based operational modes including single mode, shell mode, and file mode

For more information on the commands, see the Oracle iPlanet Web Server 7.0.9 CLI Reference Manual.

Sun N1 Service Provisioning System Support

Web Server is integrated with Sun N1 Service Provisioning Server 5.2. Sun N1 Service Provisioning System is an application provisioning tool that eliminates the need for custom scripts. With the integration of Web Server with Sun N1 Service Provisioning System, as an administrator, you do not need to write custom scripts for installing multiple Web Servers in a datacenter environment or in a server farm.

Consolidated Configuration Files

Configuration files in Web Server are rearranged and consolidated to simplify administration.

In the earlier versions of Web Server, the configuration files in userdb were shared by all instances, while the information contained in these files was often instance-specific. In Web Server 7.0, configuration files from the userdb directory are removed. Their functionality is incorporated into the server.xml file in the config directory. Configuration files from the alias and httpacl directories are moved into the config directory. These changes consolidate instance-specific configuration information within the instance-specific config directory.

For information about the configuration files, see the Oracle iPlanet Web Server 7.0.9 Administrator’s Configuration File Reference.

JNDI Support

The Java Naming and Directory Interface (J.N.D.I.) API provides seamless connectivity to heterogeneous enterprise naming and directory services.

Java Database Connectivity and Connection Pooling Support

Web Server provides out-of-the-box, seamless Java DataBase Connectivity (JDBC), technology and supports a wide range of industry-standard and customized JDBC drivers.

Web Server supports JDBC connection pooling, that is, a group of reusable connections for a particular database. Because creating each new connection is time consuming, the server maintains a pool of available connections to increase performance. When an application requests a connection, it obtains a connection from the pool. When an application closes a connection, the connection is returned to the pool.

For information on creating JDBC connection pools, see the Oracle iPlanet Web Server 7.0.9 Administrator’s Guide.

Enhanced Hardware Accelerator Encryption Support

Sun Java System Web Server 7.0 provides hardware accelerator support for Sun Crypto Accelerator 4000 and 6000 boards, which enhance the performance of SSL on web server.

Initialize the Sun Crypto Accelerator card when using with web server. For more information about Sun Crypto Accelerator, see Sun Crypto Accelerator 6000 Board Version 1.1 User's Guide at http://docs.sun.com/source/820-4144-11/.

Integrated Java Web Services Developer Pack 2.0 Technologies

Web Server includes Java Web Services Developer Pack (Java WSDP) 2.0 and XML technologies. Web services developed by using Java WSDP can be deployed on Web Server as a web application by using the wadm command.

Web Server 7.0 provides support for security features such as XML Encryption, XML Digital Signature, and support for message security provider.

For more information on Java WSDP 2.0, see the following resource:

http://java.sun.com/webservices/jwsdp/index.jsp

Java WSDP 2.0 samples are located at the following location. These samples can be deployed on Web Server 7.0.

http://java.sun.com/webservices/downloads/2.0_preview_webservicespack.html

Lightweight Session Replication Support

Web Server supports cluster-based session replication and failover. Session replication and failover provides high availability to web applications by replicating HTTP sessions from one server instance to another in the same server cluster. Because each HTTP session has a backup copy on a remote instance, a server failure that renders one instance in the cluster unavailable does not disturb session continuity.

For more information on Light Weight Session Replication support, Oracle iPlanet Web Server 7.0.9 Administrator’s Guide.

URL Redirection and Rewriting with Regular Expressions

Web Server 7.0 introduces enhanced support for regular expressions and conditional processing in the obj.conf configuration file.

Key enhancements include the following:

• Support for regular expressions

• A restart Server Application Function (SAF) for restarting requests with a new URI

• Support for dynamic SAF parameters that include expressions, variables, regular expression back references

• <If>, <ElseIf>, and <Else> tags for conditional processing

• Support for complex conditions that use and, or, and notoperators

• sed-request and sed-response filters for rewriting request and response bodies

You can use these new features to define flexible URL rewriting and redirection rules such as those possible with mod_rewrite from the Apache HTTP server. Unlike mod_rewrite, regular expressions and conditional processing in Web Server 7.0 can be used at any stage of request processing, even with third-party plug-ins.

For more information on regular expressions and URL rewrite functions, see the Oracle iPlanet Web Server 7.0.9 Administrator’s Configuration File Reference.

Extensive Real-Time Monitoring Support

In addition to the monitoring facilities in earlier versions of Web Server, Web Server adds the following enhancements:

• Monitors Servlets, JSPs, and JavaServer Pages Standard Tag Library container characteristics

• Monitors process and virtual server statistics from within the Administration Server

• Integrates with System Management Agent on the Solaris 10 platform. Integrates with the Java Enterprise System Monitoring Framework (Java ES Monitoring Framework) that makes Web Server monitoring information available within the Java ES Monitoring Framework.

• Accesses monitoring data as Management Beans (MBeans) using the Java Monitoring and Management Console (jconsole) script, Java ES Monitoring Framework or any Java Management Extensions (JMX) compliant client applications.

For more information on Monitoring feature in Web Server, see the Oracle iPlanet Web Server 7.0.9 Administrator’s Guide.

Integrated Reverse Proxy

Sun Java System Web Server 7.0 integrates the reverse proxy functionality within the core server.

When web server is configured with reverse proxy functionality, it acts as a proxy for one or more backend servers and serves as a single point of access or gateway in a server farm. In a reverse proxy setup, the web server forwards the HTTP request it received from the browser client to the appropriate backend server. The HTML response from the backend server is sent back to the browser through the web server. Thus, the web server with reverse proxy hides the existence of backend servers to the browser.

Web Server provides GUI and CLI support for configuring the reverse proxy.

For information about configuring reverse proxy, see Configuring Reverse Proxy in Web Server in Oracle iPlanet Web Server 7.0.9 Administrator’s Guide.

Enhanced Security

Web Server supports a wide variety of technologies that allow data encryption and validation, request authentication, and server process protection. Key security feature enhancements include the following:

• Solaris 10 platform cryptographic framework support. For example, libpkcs11.so including support for UltraSPARC T1 processor hardware acceleration.

• Denial of Service (DoS) attack protection enhancements.

• Cross site scripting protection through the native sed(1) based input filtering. For information about cross site scripting, see Preventing Cross Site Scripting Attacks in Oracle iPlanet Web Server 7.0.9 Administrator’s Guide.

• Web services security:

  • IETF XML Digital Signature

  • W3C XML Encryption

• Integrated Platform for Privacy Preferences (P3P) support.

• Web-based Distributed Authoring and Versioning (WebDAV) access control support.

• The Lightweight Directory Access Protocol (LDAP) auth-db is enhanced to make search expressions and match attributes configurable.

• The LDAP auth-db supports Microsoft Active Directory interoperability.

• Support for migration of certificate from Tomcat or other Java keystore file based repositories.

• Support for dynamically applied Certificate Revocation Lists (CRLs).

• Integrated IPv6 support.

Elliptic Curve Cryptography Support

Sun Java System Web Server has always supported RSA keys. In addition to the continued support for for RSA keys, Web Server 7.0 introduces support for Elliptic Curve Cryptography (ECC).

ECC is the next generation of public-key cryptography for mobile or wireless environments. ECC is based on a set of algorithms for key generation, encryption, and decryption for performing asymmetric cryptography.

For more information on how to use ECC in Web Server, see the Oracle iPlanet Web Server 7.0.9 Administrator’s Guide.

Oracle Java Studio Enterprise Support

Web Server 7.0 supports Oracle Java Studio Enterprise 8.1. Oracle Java Studio software is a powerful, extensible IDE for Java technology developers, based on the NetBeans software and integrated with the Java platform.

The plug-in for the Web Server can be obtained in the following ways:

• From the companion CD in the Sun Java System Web Server Media Kit

• By using the companion AutoUpdate feature of Oracle Java Studio

• From the download center for Sun Java System Web Server

Oracle Java Studio 8.1 plug-in for Web Server works only with a local web server. That is, the IDE and the web server must be installed on the same machine.

For information about using the web application features in Oracle Java Studio 8.1, see the following tutorial:

http://developers.sun.com/prodtech/javatools/jsenterprise/learning/tutorials/index.jsp

For more information about Oracle Java Studio 8, visit:

http://www.sun.com/software/sundev/jde/

Localization Support

Web Server is available in the following languages:

• French

• German

• Spanish

• Japanese

• Simplified Chinese

• Traditional Chinese

• Korean