Release 1 (9.0.1)
Part Number A90207-01
 Home |
 Book List |
 Contents |
 Index |  Master Index |  Feedback |
| Oracle9i Java Tools Reference Release 1 (9.0.1) Part Number A90207-01 |
|
This chapter describes the tools that you use in the Oracle9i Java environment. You run these tools from a UNIX shell or the Windows NT DOS prompt.
The tools described in this chapter are divided into the following sections:
Unlike a conventional JVM, which compiles and loads Java files, the Oracle9i JVM compiles and loads schema objects. The three kinds of Java schema objects are as follows:
To make a class file runnable by the Oracle9i JVM, you use the loadjava tool to create a Java class schema object from the class file or the source file and load it into a schema. To make a resource file accessible to the Oracle9i JVM, you use loadjava to create and load a Java resource schema object from the resource file.
The dropjava tool does the reverse of the loadjava tool; it deletes schema objects that correspond to Java files. You should always use dropjava to delete a Java schema object that was created with loadjava; dropping by means of SQL DDL commands will not update auxiliary data maintained by loadjava and dropjava.
You must load resource files with loadjava. If you create .class files outside the database with a conventional compiler, then you must load them with loadjava. The alternative to loading class files is to load source files and let the Oracle9i system compile and manage the resulting class schema objects. In the current Oracle9i release, most developers will find that compiling and debugging most of their code outside the database and then loading .class files to debug those files that must be tested inside the database, is the most productive approach. For a particular Java class, you can load either its .class file or its .java file, but not both.
loadjava accepts JAR files that contain either source and resource files or class and resource files. You can load a class's source or its class file but not both. When you pass loadjava a JAR file or a ZIP file, loadjava opens the archive and loads its members individually; there is no JAR or ZIP schema object. A file whose content has not changed since the last time it was loaded is not reloaded; therefore, there is little performance penalty for loading JARs. Loading JAR files is the simplest and most foolproof way to use loadjava.
It is illegal for two schema objects in the same schema to define the same class. For example, suppose a.java defines class x and you want to move the definition of x to b.java. If a.java has already been loaded, then loadjava will reject an attempt to load b.java (which also defines x). Instead, do either of the following:
a.java, load b.java (which defines x), then load the new a.java (which does not define x).
a.java (which does not define x), then load b.java (which defines x).
All Java classes contain references to other classes. A conventional JVM searches for classes in the directories, ZIP files, and JARs named in the CLASSPATH. The Oracle9i JVM, by contrast, searches schemas for class schema objects. Each Oracle9i class has a resolver spec, which is the Oracle9i counterpart to the CLASSPATH. For a hypothetical class, alpha, its resolver spec is a list of schemas to search for classes that alpha uses. Notice that resolver specs are per-class, whereas in a classic JVM, CLASSPATH is global to all classes.
In addition to a resolver spec, each class schema object has a list of interclass reference bindings. Each reference list item contains a reference to another class and one of the following:
An Oracle9i facility known as the resolver maintains reference lists. For each interclass reference in a class, the resolver searches the schemas specified by the class's resolver spec for a valid class schema object that satisfies the reference. If all references are resolved, the resolver marks the class valid. A class that has never been resolved, or has been resolved unsuccessfully, is marked invalid. A class that depends on a schema object that becomes invalid is also marked invalid at the same time; in other words, invalidation cascades upward from a class to the classes that use it and the classes that use them, and so on. When resolving a class that depends on an invalid class, the resolver first tries to resolve the dependency, because it may be marked invalid only because it has never been resolved. The resolver does not resolve again classes that are marked valid.
A class developer can direct loadjava to resolve classes or can defer resolution until run time. The resolver runs automatically when a class tries to load a class that is marked invalid. It is best to resolve before run time to learn of missing classes early; unsuccessful resolution at run time produces a "class not found" exception. Furthermore, run-time resolution can fail for lack of database resources if the tree of classes is very large.
The loadjava has two resolution modes:
-resolve option): Loads all classes you specify on the command line, marks them invalid, and then resolves them. Use this mode when initially loading classes that refer to each other, and in general when reloading isolated classes as well. By loading all classes and then resolving them, this mode avoids the error message that occurs if a class refers to a class that will be loaded later in the execution of the command.
-resolve option): Resolves each class when compiled at runtime.
If you can, defer resolution until all classes have been loaded; this technique avoids the situation in which the resolver marks a class invalid because a class it uses has not yet been loaded.
The schema object digest table is an optimization that is usually invisible to developers. The digest table enables loadjava to skip files that have not changed since they were last loaded. This feature improves the performance of makefiles and scripts that invoke loadjava for collections of files, only some of which need to be reloaded. A reloaded archive file might also contain some files that have changed since they were last loaded and some that have not.
The loadjava tool detects unchanged files by maintaining a digest table in each schema. The digest table relates a file name to a digest, which is a shorthand representation of the file's content (a hash). Comparing digests computed for the same file at different times is a fast way to detect a change in the file's content--much faster than comparing every byte in the file. For each file it processes, loadjava computes a digest of the file's content and then looks up the file name in the digest table. If the digest table contains an entry for the file name that has the identical digest, then loadjava does not load the file, because a corresponding schema object exists and is up to date. If you invoke loadjava with the -verbose option, then it will show you the results of its digest table lookups.
Normally, the digest table is invisible to developers, because loadjava and dropjava keep it synchronized with schema object additions, changes, and deletions. For this reason, always use dropjava to delete a schema object that was created with loadjava, even if you know how to drop a schema object with DDL. If the digest table becomes corrupted (loadjava does not update a schema object whose file has changed), use loadjava's -force option to bypass the digest table lookup.
Loading a source file creates or updates a Java source schema object and invalidates the class schema object(s) previously derived from the source. If the class schema objects do not exist, loadjava creates them. The loadjava tool invalidates the old class schema objects because they were not compiled from the newly loaded source. Compilation of a newly loaded source, called for instance A, is automatically triggered by any of the following conditions:
To force compilation when you load a source file, use loadjava -resolve.
The compiler writes error messages to the predefined USER_ERRORS view; loadjava retrieves and displays the messages produced by its compiler invocations. See the Oracle9i Reference for a description of this table.
The compiler recognizes compiler options. There are two ways to specify options to the compiler. If you run loadjava with the -resolve option (which may trigger compilation), you can specify compiler options on the command line.
You can additionally specify persistent compiler options in a per-schema database table known as JAVA$OPTIONS, which you create as described shortly. You can use the JAVA$OPTIONS table for default compiler options, which you can override selectively with a loadjava command-line option.
A JAVA$OPTIONS row contains the names of source schema objects to which an option setting applies; you can use multiple rows to set the options differently for different source schema objects. The compiler looks up options in the JAVA$OPTIONS table when it has been invoked without a command line--that is, by the class loader--or when the command line does not specify an option. When compiling a source schema object for which there is neither a JAVA$OPTIONS entry nor a command-line value for an option, the compiler assumes a default value as follows:
encoding = System.getProperty("file.encoding");
online = true: See the Oracle9i SQLJ Developer's Guide and Reference for a description of this option, which applies only to Java sources that contain SQLJ constructs.
debug = true: This option is equivalent to javac -g.
You can set JAVA$OPTIONS entries by means of the following functions and procedures, which are defined in the database package DBMS_JAVA:
PROCEDURE set_compiler_option(name VARCHAR2, option VARCHAR2, value VARCHAR2);
FUNCTION get_compiler_option(name VARCHAR2, option VARCHAR2) RETURNS VARCHAR2;
PROCEDURE reset_compiler_option(name VARCHAR2, option VARCHAR2);
The name parameter is a Java package name, or a fully qualified class name, or the empty string. When the compiler searches the JAVA$OPTIONS table for the options to use for compiling a Java source schema object, it uses the row whose name most closely matches the schema object's fully qualified class name. A name whose value is the empty string matches any schema object name.
The option parameter is either 'online' or 'encoding'. For the values you can specify for these options, see the Oracle9i SQLJ Developer's Guide and Reference.
A schema does not initially have a JAVA$OPTIONS table. To create a JAVA$OPTIONS table, use the DBMS_JAVA package's java.set_compiler_option procedure to set a value; the procedure will create the table if it does not exist. Specify parameters in single quotes. For example:
SQL> execute dbms_java.set_compiler_option('x.y', 'online', 'false');
Table 1-1 represents a hypothetical JAVA$OPTIONS database table. Because the table has no entry for the encoding option, the compiler will use the default or the value specified on the command line. The online options shown in the table match schema object names as follows:
a.b.c.d matches class and package names beginning with a.b.c.d; they will be compiled with online = true.
a.b matches class and package names beginning with a.b, but not a.b.c.d; they will be compiled with online = false.
online = true.
Table 1-1 Example JAVA$OPTIONS Table and Matching Examples
|
JAVA$OPTIONS Entries |
Match Examples | ||
|---|---|---|---|
| Name | Option | Value | |
|
|
|
|
|
|
|
|
|
|
|
(empty string) |
|
|
|
The loadjava tool creates schema objects from files and loads them into a schema. Schema objects can be created from Java source, class, and data files. loadjava can also create schema objects from SQLJ files; the Oracle9i SQLJ Developer's Guide and Reference describes how to use loadjava with SQLJ.
You must have the following SQL database privileges to load classes:
CREATE PROCEDURE and CREATE TABLE privileges to load into your schema.
CREATE ANY PROCEDURE and CREATE ANY TABLE privileges to load into another schema.
oracle.aurora.security.JServerPermission.loadLibraryInClass.classname>. See the "Database Contents and JVM Security" section in Chapter 5 of the Oracle9i Java Developer's Guide for more information.
You can execute the loadjava tool either through the command line (as described below) or through the loadjava method contained within the DBMS_JAVA class. To execute within your Java application, do the following:
call dbms_java.loadjava('... options...');
where the options are the same as specified below. Separate each option with a blank. Do not separate the options with a comma. The only exception for this is the -resolver option, which contains blanks. For -resolver, specify all other options in the first input parameter, and the -resolver options in the second parameter. This is demonstrated below:
call dbms_java.loadjava('..options...', 'resolver_options');
Do not specify the following options, because they relate to the database connection for the loadjava command-line tool: -thin, -oci, -user, -password. The output is directed to stderr. Set serveroutput on, and call dbms_java.set_output as appropriate.
Just before the loadjava tool exits, it checks whether the execution was successful. All failures are summarized preceeded by the following header:
The following operations failed
Some conditions, such as losing the connection to the database, cause loadjava to terminate prematurely. There errors are printed with the following syntax:
exiting: <error_reason>
loadjava {-user | -u} <user>/<password>[@<database>] [options] <file>.java | <file>.class | <file>.jar | <file>.zip | <file>.sqlj | <resourcefile> ... [-andresolve] [-debug] [-d | -definer] [-e | -encoding <encoding_scheme>] [-fileout <file>] [-f | -force] [-g | -grant <user> [, <user>]...] [-help] [-jarasresource] [-nousage] [-o | -oci | oci8] [-noserverside] [-noverify] [-r | -resolve] [-R | -resolver "resolver_spec"] [-S | -schema <schema>] [ -stdout ] [-s | -synonym] [-tableschema <schema>] [-t | -thin] [-time] [-unresolvedok] [-v | -verbose]
Table 1-2 summarizes the loadjava arguments. If you execute loadjava multiple times specifying the same files and different options, the options specified in the most recent invocation hold. There are two exceptions:
loadjava does not load a file because it matches a digest table entry, most options on the command line have no effect on the schema object. The exceptions are -grant and -resolve, which are always obeyed. Use the -force option to direct loadjava to skip the digest table lookup.
-grant option is cumulative; every user specified in every loadjava invocation for a given class in a given schema has the EXECUTE privilege. You cannot grant to a role; you can grant only to specified schemas or users.
Table 1-2 loadjava Argument Summary
| Argument | Description |
|---|---|
|
|
You can specify any number and combination of |
|
-andresolve |
To be used in place of -
This option should be used only to replace classes that were previously loaded. If you changed only the code for existing methods within the class, you should use this option instead of the - |
|
|
Turns on SQL logging and is equivalent to |
|
|
By default, class schema objects run with the privileges of their invoker. This option confers definer (the developer who invokes |
|
|
Identifies the source file encoding for the compiler, overriding the matching value, if any, in the |
|
-fileout <file> |
Prints all message to the designated file. |
|
|
Forces files to be loaded, even if they match digest table entries. |
|
|
Grants the EXECUTE privilege on loaded classes to the listed users. (To call the methods of a class, users must have the EXECUTE privilege.) Any number and combination of user names can be specified, separated by commas but not spaces ( To grant the EXECUTE privilege on an object in someone else's schema requires that the original CREATE PROCEDURE privilege was granted with WITH GRANT options. Note: You must uppercase the schema name. |
|
|
Prints the usage message on how to use the |
|
-jarasresource |
Instead of unpacking the JAR file and loading each class within it, loads the whole JAR file into the schema as a resource. |
|
|
Suppresses the usage message that is given if either no option is specified or if the - |
|
-noserverside |
Changes the behavior of the server-side |
|
|
Causes the classes to be loaded without bytecode verification. You must be granted |
|
|
Directs |
|
|
Compiles (if necessary) and resolves external references in classes after all classes on the command line have been loaded. |
|
|
Specifies an explicit resolver spec, which is bound to the newly loaded classes. If - |
|
|
Designates the schema where schema objects are created. If not specified, the logon schema is used. To create a schema object in a schema that is not your own, you must have the CREATE PROCEDURE or CREATE ANY PROCEDURE privilege. You must have CREATE TABLE or CREATE ANY TABLE privilege. Finally, you must have the |
|
|
Causes the output to be directed to |
|
|
Creates a PUBLIC synonym for loaded classes making them accessible outside the schema into which they are loaded. To specify this option, you must have the CREATE PUBLIC SYNONYM privilege. If |
|
|
Creates the |
|
|
Directs |
|
-time |
Prints a timestamp on every message. |
|
-unresolvedok |
When combined with - |
|
|
Specifies a user, password, and database connect string; the files will be loaded into this database instance. The argument has the form |
|
|
Directs |
This section describes the details of loadjava arguments whose behavior is more complex than the summary descriptions contained in Table 1-2.
You can specify as many .class, .java, .sqlj, .jar, .zip, and resource files as you like, in any order. If you specify a JAR or ZIP file, then loadjava processes the files in the JAR or ZIP; there is no JAR or ZIP schema object. If a JAR or ZIP contains a JAR or ZIP, loadjava does not process them.
The best way to load files is to put them in a JAR or ZIP and then load the archive. Loading archives avoids the resource schema object naming complications described later in this section. If you have a JAR or ZIP that works with the JDK, then you can be sure that loading it with loadjava will also work, without having to learn anything about resource schema object naming.
Schema object names are slightly different from file names, and loadjava names different types of schema objects differently. Because class files are self-identifying (they contain their names), loadjava's mapping of class file names to schema object names is invisible to developers. Source file name mapping is also invisible to developers; loadjava gives the schema object the fully qualified name of the first class defined in the file. JAR and ZIP files also contain the names of their files; however, resource files are not self identifying. loadjava generates Java resource schema object names from the literal names you supply as arguments (or the literal names in a JAR or ZIP file). Because running classes use resource schema objects, it is important that you specify resource file names correctly on the command line, and the correct specification is not always intuitive. The surefire way to load individual resource files correctly is:
Run loadjava from the top of the package tree and specify resource file names relative to that directory. (The "top of the package tree" is the directory you would name in a Java CLASSPATH list.)
If you do not want to follow this rule, observe the details of resource file naming that follow. When you load a resource file, loadjava generates the resource schema object name from the resource file name as literally specified on the command line. Suppose, for example you type:
% cd /home/scott/javastuff % loadjavaoptionsalpha/beta/x.properties % loadjavaoptions/home/scott/javastuff/alpha/beta/x.properties
Although you have specified the same file with a relative and an absolute path name, loadjava creates two schema objects, one called alpha/beta/x.properties, the other ROOT/home/scott/javastuff/alpha/beta/x.properties. (loadjava prepends ROOT because schema object names cannot begin with the "/" character; however, that is an implementation detail that is unimportant to developers.) The important point is that a resource schema object's name is generated from the file name as entered.
Classes can refer to resource files relatively (for example, b.properties) or absolutely (for example, /a/b.properties). To ensure that loadjava and the class loader use the same name for a schema object, follow this rule when loading resource files:
Enter the name on the command line that the class passes to getResource() or getResourceAsString().
Instead of remembering whether classes use relative or absolute resource names and changing directories so that you can enter the correct name on the command line, you can load resource files in a JAR as follows:
% cd /home/scott/javastuff
% jar -cf alpharesources.jar alpha/*.properties
% loadjava options alpharesources.jar
Or, to simplify further, put both the class and resource files in a JAR, which makes the following invocations equivalent:
% loadjavaoptionsalpha.jar % loadjavaoptions/home/scott/javastuff/alpha.jar
The two loadjava commands in this example make the point that you can use any pathname to load the contents of a JAR file. Even if you did execute the redundant commands shown above, loadjava would realize from the digest table that it did not need to load the files twice. That means that reloading JAR files is not as time-consuming as it might seem, even when few files have changed between loadjava invocations.
The -definer option is identical to definer's rights in stored procedures and is conceptually similar to the UNIX setuid facility; however, whereas setuid applies to a complete program, you can apply -definer class by class. Moreover, different definers may have different privileges. Because an application may consist of many classes, you must apply -definer with care to achieve the results desired, namely classes that run with the privileges they need,0 but no more. For more information on definer's rights, see the Oracle9i Java Stored Procedures Developer's Guide.
Causes the classes to be loaded without bytecode verification. You must be granted oracle.aurora.security.JServerPermission(Verifier) to execute this option. In addition, this option must be used in conjunction with -r.
The verifier ensures that incorrectly formed Java binaries cannot be loaded for execution in the server. If you know that the JAR or classes you are loading are valid, use of this option will speed up the loadjava process. Some Oracle9i-specific optimizations for interpreted performance are put in place during the verification process. Thus, interpreted performance of your application may be adversely affected by using this option.
Use -resolve to force loadjava to compile (if necessary) and resolve a class that has previously been loaded. It is not necessary to specify -force, because resolution is performed after, and independently of, loading.
This option associates an explicit resolver spec with the class schema objects that loadjava creates or replaces.
A resolver spec consists of one or more items, each of which consists of a name spec and a schema spec expressed in the following syntax:
"((name_spec schema_spec) [(name_spec schema_spec)] ...)"
import statement. It can be a fully qualified Java class name, or a package name whose final element is the wildcard character "*", or (unlike an imported package name) simply the wildcard character "*"; however, the elements of a name spec must be separated by "/" characters, not periods. For example, the name spec a/b/* matches all classes whose names begin with a.b.. The special name * matches all class names.
-". The wildcard does not identify a schema but directs the resolve operation to not mark a class invalid because a reference to a matching name cannot be resolved. (Without a "-" wildcard in a resolver spec, an unresolved reference in the class makes the class invalid and produces an error message.) Use a "-" wildcard when you must test a class that refers to a class you cannot or do not want to load; for example, GUI classes that a class refers to but does not call because when run in the server there is no GUI.
The resolution operation interprets a resolver spec item as follows:
When looking for a schema object whose name matches the name spec, look in the schema named by the partner schema spec.
The resolution operation searches schemas in the order in which the resolver spec lists them. For example,
-resolver '((* SCOTT) (* PUBLIC))'
means the following:
Search for any reference first in SCOTT and then in PUBLIC. If a reference is not resolved, then mark the referring class invalid and display an error message; in other words, call attention to missing classes.
The following example:
-resolver "((* SCOTT) (* PUBLIC) (my/gui/* -))"
means the following:
Search for any reference first in SCOTT and then in PUBLIC. If the reference is not found, and is to a class in the package my.gui then mark the referring class valid, and do not display an error; in other words, ignore missing classes in this package. If the reference is not found and is not to a class in my.gui, then mark the referring class invalid and produce an error message.
By default, loadjava loads into the login schema specified by the -user option. Use the -schema option to specify a different schema to load into. This does not involve a login into that schema, but does require that you have sufficient permissions to alter it.
The permissible forms of @<database> depend on whether you specify -oci or -thin; -oci is the default.
-oci: @<database> is optional; if you do not specify, loadjava uses the user's default database. If specified, <database> can be a TNS name or a Oracle Net Services name-value list.
-thin: @<database> is required. The format is <host>:<lport>:<SID>.
Here are examples of loadjava commands:
loadjava -u joe/shmoe -resolve -schema TEST ServerObjects.jar
loadjava -thin -u SCOTT/TIGER@dbhost:5521:orcl \ -resolve alpha.class beta.props
alpha.class:
loadjava -thin -schema test -u SCOTT/TIGER@localhost:5521:orcl \
The dropjava tool is the converse of loadjava. It transforms command-line file names and JAR or ZIP file contents to schema object names, then drops the schema objects and deletes their corresponding digest table rows. You can enter .java, .class, .sqlj, .ser, .zip, .jar, and resource file names on the command line in any order.
Alternatively, you can specify a schema object name (full name, not short name) directly to dropjava. A command-line argument that does not end in .jar, .zip, .class, .java, or .sqlj is presumed to be a schema object name. If you specify a schema object name that applies to multiple schema objects (such as a source schema object Foo and a class schema object Foo), all will be removed.
Dropping a class invalidates classes that depend on it, recursively cascading upwards. Dropping a source drops classes derived from it.
You can execute the dropjava tool either through the command line (as described below) or through the dropjava method contained within the DBMS_JAVA class. To execute within your Java application, do the following:
call dbms_java.dropjava('... options...');
where the options are the same as specified below. Separate each option with a blank. Do not separate the options with a comma. The only exception for this is the -user option. The connection is always made to the current session, so you cannot specify another username through the -user option.
For -resolver, you should specify all other options first, a comma, then the -resolver option with its definition. Do not specify the following options, because they relate to the database connection for the loadjava command-line tool: -thin, -oci, -user, -password. The output is directed to stderr. Set serveroutput on and call dbms_java.set_output as appropriate.
dropjava [options] {<file>.java | <file>.class | file.sqlj | <file>.jar | <file.zip> | <resourcefile>} ... -u | -user <user>/<password>[@<database>] [-jarasresource] [-noserverside] [-o | -oci | -oci8] [-S | -schema <schema>] [ -stdout ] [-s | -synonym] [-t | -thin] [-time] [-v | -verbose]
Table 1-3 summarizes the dropjava arguments.
dropjava interprets most file names as loadjava does:
.class files: dropjava finds the class name in the file and drops the corresponding schema object.
.java and .sqlj files: dropjava finds the first class name in the file and drops the corresponding schema object.
.jar and .zip files: dropjava processes the archived file names as if they had been entered on the command line.
If a file name has another extension or no extension, then dropjava interprets the file name as a schema object name and drops all source, class, and resource objects that match the name. For example, the hypothetical file name alpha drops whichever of the following exists: the source schema object named alpha, the class schema object named alpha, and the resource schema object named alpha. If the file name begins with the "/" character, then dropjava prepends ROOT to the schema object name.
If dropjava encounters a file name that does not match a schema object, it displays a message and processes the remaining file names.
The permissible forms of @<database> depend on whether you specify -oci or -thin; -oci is the default.
-oci: @<database> is optional; if you do not specify, then dropjava uses the user's default database. If specified, then <database> can be a TNS name or a Oracle Net Services name-value list.
-thin: @<database> is required. The format is <host>:<lport>:<SID>.
Here are some dropjava examples.
TEST in the default database that were loaded from ServerObjects.jar:
dropjava -u SCOTT/TIGER -schema TEST ServerObjects.jar
dropjava -thin -u SCOTT/TIGER@dbhost:5521:orcl alpha.class beta.props
Care must be taken if you are removing a resource that was loaded directly into the server. This includes profiles if you translated on the client without using the -ser2class option. When dropping source or class schema objects, or resource schema objects that were generated by the server-side SQLJ translator, the schema objects will be found according to the package specification in the applicable .sqlj source file. However, the fully qualified schema object name of a resource that was generated on the client and loaded directly into the server depends on path information in the .jar file or on the command line at the time you loaded it. If you use a .jar file to load resources and use the same .jar file to remove resources, there will be no problem. If, however, you use the command line to load resources, then you must be careful to specify the same path information when you run dropjava to remove the resources.
Each database instance running the Oracle9i JVM software has a session namespace, which the Oracle9i ORB uses to activate CORBA and EJB objects. A session namespace is a hierarchical collection of objects known as PublishedObjects and PublishingContexts. PublishedObjects are the leaves of the hierarchy and PublishingContexts are the nodes, analogous to UNIX file system files and directories. Each PublishedObject is associated with a class schema object that represents a CORBA or EJB implementation. To activate a CORBA or EJB object, a client refers to a PublishedObject's name. From the PublishedObject, the Oracle9i ORB obtains the information necessary to find and launch the corresponding class schema object.
Creating a PublishedObject is known as publishing and can be done with the command-line publish tool or the interactive session shell, both of which this section describes. CORBA server developers create PublishedObjects explicitly after loading the implementation of an object with loadjava. EJB developers do not explicitly load or publish their implementations; the deployejb tool (see "deployejb") implicitly does both.
A PublishedObject has the following attributes:
PublishedObjects and PublishingContexts, as with their file and directory counterparts, have owners and rights (privileges). An owner can be a user name or a role name; only the owner can change the ownership or rights of a PublishedObject or PublishingContext. Table 1-4 describes session namespace rights.
Oracle9i creates a session namespace automatically when the Oracle9i ORB is configured. The PublishingContexts contained in Table 1-5 are present in all session namespaces:
| Name | Owner | Read | Write | Execute |
|---|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Because, by default, only /test is writable by PUBLIC, you will normally create PublishingContexts and PublishedObjects subordinate to /test.
The following tools support publishing and managing objects in the namespace:
|
Note: These tools support only Releases 8.1.7 and 9. A backward compatible version for Release 8.1.6 for these tools are documented in Chapter 2, "Backward Compatibility Tools". |
The publish tool creates or replaces (republishes) a PublishedObject in a PublishingContext. It is not necessary to republish when you update a Java class schema object; republishing is required only to change a PublishedObject's attributes. To publish, you must have write permission (the write right) for the destination PublishingContext; by default only the PublishingContext /test is writable by PUBLIC. To republish you must additionally have the write permission for the PublishedObject.
publish [options] <name> <class> [<helper>]
-user | -u <username> -password |-p <password>
-service |-s <serviceURL>
where options are:
[-describe | -d] [-g | -grant {<user> | <role>}[,{<user> | <role>}]...] [-recursiveGrant | -rg | -rG {<user> | <role>}[,{<user> | <role>}]...] [-h | -help] [-idl] [-iiop] [-replaceIDL] [-resolver] [-role <role>] [-republish] [-schema <schema>] [-ssl] [-useServiceName] [-version | -v]
Table 1-6 summarizes the publish tool arguments.
| Option | Description |
|---|---|
|
|
Name of the PublishedObject being created or republished; PublishingContexts are created if necessary. |
|
|
Name of the class schema object that corresponds to < |
|
|
Name of the Java class schema object that implements the |
|
|
Specifies identity with which to log into the database instance named in |
|
|
Specifies authenticating password for the username specified with |
|
|
URL identifying database whose session namespace is to be "opened" by
which matches the default installation on the invoker's machine. |
|
|
Summarizes the tool's operation. |
|
|
After creating or republishing the PublishedObject, grants read and execute rights to the sequence of Note: You must uppercase the schema name. |
|
|
Grants read and execute permission in the same manner as the - |
|
|
Summarizes the tool's syntax. |
|
|
Load the IDL interface definition into the IFR. In order for the IDL interface to be loaded into the server, the full directory path and IDL file name must be accessible from the server. That is, no relative path names are allowed and the path directory given is one that exists on the server, not on the client. |
|
|
Connects to the target database with IIOP instead of the default session IIOP. Use this option when publishing to a database server that has been configured without session IIOP. |
|
|
If an IDL interface definition currently exists within the IFR, replaces it with this version. You must have the appropriate security permissions for this to succeed. If not specified, the publish command will not replace the existing interface within the IFR. |
|
|
Directs |
|
|
Specifies an explicit resolver spec to store as part of the reference. The classloader uses this resolver spec for object activation. If - When activating the object, the ORB first tries to locate all classes using the resolver spec published with the object. If the required classes are not found, the ORB then uses the caller's resolver spec. |
|
|
Role to assume for the publish; no default. |
|
|
The schema containing the Java <class> schema object. If you do not specify, the |
|
|
Connects to the database with SSL server authentication. You must have configured the database for SSL to use this option, and you must specify an SSL listener port in |
|
|
If you are using a service name instead of an SID in the URL, you must specify this flag. Otherwise, the tool assumes the last string in the URL is the SID. |
|
|
Shows the tool's version. |
Here is a publish example.
Publish the CORBA server implementation vbjBankTestbank.AccountManagerImpl and its helper class as /test/bankMgr in the tool invoker's schema:
publish /test/bankMgr BankTestServer.AccountManagerImpl \ BankTestServer.AccountManagerHelper \ -user SCOTT -password TIGER \ -service sess_iiop://dlsun164:2481:orcl
The remove tool removes a PublishedObject or PublishingContext from a session namespace. It does not remove the Java class schema object associated with a PublishedObject; use dropjava to do that.
remove <name> {-user | -u} <username> {-password | -p} <password> {-service | -s} <serviceURL> [options] [-d | -describe] [-h | -help] [-idl] [-iiop] [-r | -recurse] [-role role] [-ssl] [-useServiceName] [-version | -v]
Table 1-7 describes the remove arguments.
Here are examples of remove tool usage.
/test/testhello:
remove /test/testhello -user SCOTT -password TIGER \ -service sess_iiop://dlsun164:2481:orcl
/test/etrader:
remove -r /test/etrader -user SCOTT -password TIGER \ -service sess_iiop://dlsun164:2481:orcl
The sess_sh (session shell) tool is an interactive interface to a database instance's session namespace. You specify database connection arguments when you start sess_sh. It then presents you with a prompt to indicate that it is ready for commands.
The sess_sh gives a session namespace much of the "look and feel" of a UNIX file system you access through a shell, such as the C shell. For example, the session shell command:
ls /alpha/beta/gamma
means "List the PublishedObjects and PublishingContexts in the PublishingContext known as /alpha/beta/gamma". (NT users note: /alpha/beta/gamma, not \alpha\beta\gamma.) Indeed, many session shell command names that operate on PublishingContexts have the same names as their UNIX shell counterparts that operate on directories. For example: mkdir (create a PublishingContext) and cd (change the working PublishingContext).
In addition to UNIX-style manipulation of PublishingContexts and PublishedObjects, the session shell can launch an executable, that is, a class with a static main() method. Executables must have been loaded with loadjava, but not published--publishing is for CORBA, EJB, and servlet objects only.
sess_sh {-service | -s} <serviceURL> {-user | -u} <user> {-password | -p} <password> [options] [@<filename>] [-batch] [-c | -command <command> <args>] [-credsFile <creds>] [-describe | -d] [-h | -help] [-iiop] [-proxy <host>:<port>] [-role <rolename>] [-ssl] [-useServiceName] [-version | -v]
Table 1-8 summarizes the sess_sh command-line arguments.
| Option | Description |
|---|---|
|
|
URL identifying database whose session namespace is to be "opened" by
Examples:
|
|
|
Specifies user's name for connecting to the database. This name is case insensitive; the name will always be uppercased. |
|
|
Specifies user's password for connecting to the database. This name case insensitive; the name will always be uppercased. |
|
|
Specifies a script file that contains |
|
|
Disables all messages printed to the screen. No help messages or prompts will be printed. Only responses to entered commands are printed. |
|
|
Executes the desired command. If you do not want to run sess_sh in interpretive mode, but only want to execute a single command, execute
|
|
|
Supplies a text file with credentials instead of a username and password for the connect. Create this file by exporting a wallet into a text version. |
|
|
Summarizes the tool's operation. |
|
|
Prints out every command before execution. This is useful when executing script files. |
|
|
Summarizes the tool's syntax. |
|
|
Connects to the target database with plain IIOP instead of the default session IIOP. Use this option for a database server configured without session IIOP. |
|
|
Specifies the proxy host and port number. This is required only if you are using a firewall proxy to communicate with hosts outside your internal network. |
|
|
Passes this role to the database; there is no default. |
|
|
Connects to the database with SSL server authentication. You must have configured the database for SSL and specify an SSL port to use this option. |
|
|
If you are using a service name instead of an SID in the URL, you must specify this flag. Otherwise, the tool assumes the last string in the URL is the SID. Alternatively, you can specify USE_SERVICE_NAME in the JNDI properties instead of using this option. See the "JNDI Connections and Session IIOP Service" chapter in either the Oracle9i CORBA Developer's Guide and Reference or the Oracle9i Enterprise JavaBeans Developer's Guide and Reference for more information. |
|
|
Shows the version. |
Here is a sess_sh example.
Open a session shell on the session namespace of the database orcl on listener port 2481 on host dbserver.
sess_sh -user SCOTT -password TIGER -service sess_iiop://dbserver:2481:orcl
The sess_sh commands span several different types of functionality, which are grouped as follows:
sess_sh command-line tool
UserTransaction and DataSource objects.
You can specify that any output generated by the sess_sh tool is put into a file by appending the "&><filename>" at the end of the command options. The following pipes all output to the listDir file:
ls -lR &>/tmp/listDir
This option designates a script file that contains one or more sess_sh commands. The script file specified is located on the client. The sess_sh tool reads in the file and then executes all commands on the designated server. Also, because the script file is executed on the server, any interaction with the operating system in the script file--such as redirecting output to a file or executing another script--will occur on the server. If you direct sess_sh to execute another script file, this file must exist within $ORACLE_HOME directory on the server.
Type in the sess_sh command followed by any options and any expected input arguments.
The script file contains any sess_sh command followed by options and input parameters. The input parameters can be passed in on the sess_sh command-line. The sess_sh command processes all known sess_sh options and then passes on any other options and arguments to the script file.
To access arguments within the commands in the script file, place &1...&n to denote the arguments. If all input parameters are passed into a single command, you can supply a the string "&*" to denote that all input parameters are to be passed to this command.
The following shows the contents of the script file, execShell:
chmod +x SCOTT nancy /alpha/beta/gamma chown SCOTT /alpha/beta/gamma java testhello &*
Because only two input arguments are expected, you can implement the java command input parameters as follows:
java testhello &1 &2
To execute this file, do the following:
sess_sh -user SCOTT -password TIGER -service sess_iiop://dbserver:2481:orcl \ @execShell alpha beta
The sess_sh processes all options that it knows about and passes along any other input parameters to be used by the commands that exist within the script file. In this example, the parameters, alpha and beta, are passed to the java command in the script file. Thus, the actual command executed is as follows:
java testhello alpha beta
You can add any comments in your script file with the hash symbol (#). The "#" symbol makes anything to the end of the line a comment, which is ignored by sess_sh. For example:
#this whole line is ignored by sess_sh
The following shell commands behave similarly to their UNIX counterparts:
|
|
|
Each of these shell commands contains the following common options:
| Option | Description |
|---|---|
|
|
Summarizes the tool's operation. |
|
|
Summarizes the tool's syntax. |
|
|
Shows the version. |
You can create an alias used within the script file. You can specify multiple aliases. The definition can include several commands separated on different lines. The entire definition is included within double quotes.
The syntax is as follows:
alias <name> <definition>
where the <name> is the alias and <definition> is any sess_sh command. For example, the following creates an alias of "ll" to be mapped to "ls -l &*"
alias ll "ls -l &*"
Thus, the command for "ll bin webdomains" is translated to "ls -l bin webdomains".
To echo an alias, execute alias with just the <name> and no <description>.
To delete an alias, execute alias with the empty string, as follows:
alias <name> ""
The cd command is analogous to a UNIX shell's cd command; it changes the working PublishingContext.
cd [options] [path]
Here is an example.
Change to root PublishingContext:
$ cd /
The chmod command is analogous to a UNIX shell's chmod command; it changes the users or roles that have rights for a PublishingContext or PublishedObject. See Table 1-4 for descriptions of the read, write, and execute rights. Only the object's owner can change its rights.
chmod [options] {+|-}{r|w|x} {<user> | <role>} [, {<user> | <role>} ...] <objectname> [-R]
Table 1-10 summarizes the chmod arguments.
Here are some chmod examples.
/alpha/beta/gamma to SCOTT and NANCY. Note that the schemas are separated by a comma only.
$ chmod +x SCOTT,NANCY /alpha/beta/gamma
$ chmod -w SCOTT /alpha/beta/gamma
The chown command is analogous to the UNIX chown command; it changes the ownership of a PublishingContext or PublishedObject. The owner of a newly created PublishingContext or PublishedObject is the user who publishes it. To change a PublishingContext's or PublishedObject's ownership you must be SYS.
chown [options] {<user> | <role>} <objectname> [-R]
Table 1-11 summarizes the chown arguments.
Here is a chown example.
Make Scott the owner of /alpha/beta/gamma:
$ chown SCOTT /alpha/beta/gamma
The connect tool will connect you to another server without exiting sess_sh. It requires the same connection options used in sess_sh. The options for connect are as follows:
connect [-options] {-user | -u} <user> {-password | -p} <password> {-service | -s} <serviceURL> [-credsFile <creds>] [-iiop] [-proxy <host>:<port>] [-role <rolename>] [-ssl] [-useServiceName]
Table 1-12 summarizes the connect command-line arguments.
| Option | Description |
|---|---|
|
|
URL identifying database whose session namespace is to be "opened" by
|
|
|
Specifies user's name for connecting to the database. This name is case insensitive; the name will always be uppercased. |
|
|
Specifies user's password for connecting to the database. This name case insensitive; the name will always be uppercased. |
|
|
Supplies a text file with credentials instead of a username and password for the connect. Create this file by exporting a wallet into a text version. |
|
|
Connects to the target database with plain IIOP instead of the default session IIOP. Use this option for a database server configured without session IIOP. |
|
|
Specifies the proxy host and port number. This is required only if you are using a firewall proxy to communicate with hosts outside your internal network. |
|
|
Passes this role to the database; there is no default. |
|
|
Connects to the database with SSL server authentication. You must have configured the database for SSL and specify an SSL port to use this option. |
|
|
If you are using a service name instead of an SID in the URL, you must specify this flag. Otherwise, the tool assumes the last string in the URL is the SID. Alternatively, you can specify USE_SERVICE_NAME in the JNDI properties instead of using this option. See the "JNDI Connections and Session IIOP Service" chapter in either the Oracle9i CORBA Developer's Guide and Reference or the Oracle9i Enterprise JavaBeans Developer's Guide and Reference for more information. |
Examples for using connect are as follows:
Connect to an IIOP session:
connect -u scott/tiger -s sess_iiop://mysun:5522:ORCL
Connect to an HTTP SSL session through a firewall:
connect -u scott/tiger -s https://mysun:9090 -proxy companyx-proxy:2443
Prints to stdout exactly what is indicated. This is used mostly in script files.
The syntax is as follows:
echo [<echo_string>] [<args>]
where <echo_string> is a string that contains the text you want written to the screen during the shell script invocation and <args> are input arguments from the user. For example, the following prints out a notification:
echo "Adding an owner to the schema" &1
If the input argument is "SCOTT", the output would be "Adding an owner to the schema SCOTT"
You can view environment variables and their values with the env command.
env [<variable>]
Table 1-13 describes the env arguments.
| Option | Description |
|---|---|
|
|
The name of the environment variable. If not provided, all variables are printed. |
The following example prints out the value of the TEST variable:
$ env test TEST=HELLO
The exit command terminates sess_sh.
exit
Here is an example:
Leave the session shell:
$ exit %
The help command summarizes the syntax of the session shell commands. You can also use the help command to summarize the options for a particular command.
help [<command>]
The java command is analogous to the JDK java command; it invokes a class's static main() method. The class must have been loaded with loadjava. (There is no point to publishing a class that will be invoked with the java command.) The java command provides a convenient way to test Java code that runs in the database. In particular, the command catches exceptions and redirects the class's standard output and standard error to the session shell, which displays them as with any other command output. (The usual destination of standard out and standard error for Java classes executed in the database is one or more database server process trace files, which are inconvenient and may require DBA privileges to read.)
java [-schema <schema>] <class> [arg1 ... argn]
Table 1-14 summarizes the java arguments.
Here is a java command example.
Say hello and display arguments:
package hello; public class World { public World() { super(); } public static void main(String[] argv) { System.out.println("Hello from the Oracle9i ORB"); if (argv.length != 0) System.out.println("You supplied " + argv.length + " arguments: "); for (int i = 0; i < argv.length; i++) System.out.println(" arg[" + i + "] : " + argv[i]); } }
Compile, load, publish, and run the executable as follows, substituting your userid, host, and port information as appropriate:
% javac hello/World.java % loadjava -r -user SCOTT/TIGER@localhost:2481:orcl hello/World.class % sess_sh -user SCOTT -password TIGER -service sess_iiop://localhost:2481:orcl $ java testhello alpha beta Hello from the Oracle9i ORB You supplied 2 arguments: arg[0] : alpha arg[1] : beta
The ln (link) command is analogous to the UNIX ln command. A link is a synonym for a PublishingContext or PublishedObject. A link can prevent a reference to a PublishingContext or PublishedObject from becoming invalid when you move a PublishingContext or PublishedObject (see "mv"); creating a link with the old name makes the object accessible by both its old and new names.
ln [-symbolic | -s] <object> <link>
Table 1-15 summarizes the ln arguments.
Here is an ln command example.
Preserve access through old, although the object's name is changed to new:
$ mv old new $ ln new old
The ls (list) command shows the contents of PublishingContexts as the UNIX ls command shows the contents of directories.
ls [options] [<pubcon> | <pubobj[<pubcon> | <pubobj] ...] [-dir] [-l] [-ld | ldir] [-R]
Table 1-16 describes the ls arguments.
Here are examples of the ls command.
Show contents of the root PublishingContext in short format:
$ ls / bin/ etc/ test/
Show contents of the root PublishingContext in long format:
$ ls -l / Read Write Exec Owner Date Time Name Schema Class Helper PUBLIC SYS PUBLIC SYS Dec 14 14:59 bin/ PUBLIC SYS PUBLIC SYS Dec 14 14:59 etc/ PUBLIC PUBLIC PUBLIC SYS Dec 14 14:59 test/
Show contents of the /test PublishingContext in long format:
$ ls -l test Read Write Exec Owner Date Time Name Schema Class Helper SCOTT SCOTT SCOTT SCOTT Dec 14 16:32 bank SCOTT Bank.AccountManagerImpl Bank.AccountManagerHelper
The mkdir command is analogous to the UNIX shell mkdir command; it creates a PublishingContext. You must have the write right for the target PublishingContext to use mkdir in it.
mkdir [options] <name> [-path | -p]
Table 1-17 describes the mkdir arguments.
| Option | Description |
|---|---|
|
|
Name of PublishingContext to create. |
|
|
Creates intermediate PublishingContexts if they do not exist. |
Here are examples of the mkdir command.
Create a PublishingContext called /test/alpha (/test exists):
mkdir /test/alpha
Create a PublishingContext called /test/alpha/beta/gamma (/test/alpha/beta does not exist):
$ mkdir -path /test/alpha/beta/gamma
The mv command is analogous to the UNIX shell mv command.
mv [options] <old> <new>
Here is an example of the mv command.
Change the name of /test/foo to /test/bar:
$ mv /test/foo /test/bar
The pwd command displays the name of the current working PublishingContext. It is analogous to the UNIX pwd command.
pwd [options]
Here is an example of the pwd command.
$ pwd /test/alpha
The rm command is analogous to the rm -r UNIX shell command; it removes a PublishedObject or a PublishingContext, including its contents. To remove an object, you must have the write right for the containing PublishingContext.
rm [options] <object> ... <object> [-r]
Table 1-18 describes the rm arguments.
| Option | Description |
|---|---|
|
|
Name of PublishedObject or PublishingContext to be removed. |
|
|
Interprets |
Here is an example of the rm command.
Remove the PublishedObject /test/bank:
rm /test/bank
Remove the PublishingContext /test/release3 and everything it contains:
rm -r /test/release3
You can set environment variables within a script or for use within the current invocation of the sess_sh tool. These variables are not valid outside of sess_sh and are lost when sess_sh terminates.
setenv <variable> <value>
Table 1-19 describes the setenv arguments.
| Option | Description |
|---|---|
|
|
The name of the environment variable. |
|
|
The value to set the environment variable to. If no value is given, the defined <variable> is removed. |
The following example sets the TEST variable to the string HELLO. Once set, the value is shown with the env command.
$ setenv TEST HELLO $ setenv PATH .:/bin:/test/bin $ env test TEST=HELLO PATH=.:/bin:/test/bin
To remove an environment variable, set the variable to the NULL string. The following removes the TEST variable:
$ setenv TEST ""
The version command shows the version of the sess_sh tool. You can also show the version of a specified command.
version [options] [<command>]
Here is an example of the version command.
Display the session shell's version:
$ version 1.0
Prints out the current user that logged into this session.
The addgroupentry command adds a single property to an existing property group for the designated JNDI object, or modifies an existing property.
addgroupentry <object_name> <group_name> <prop_name> <prop_value>
The following example sets another property for the wine group of the config object:
addgroupentry config wine type merlot
The bind command binds an object reference or a naming context into the JNDI namespace. The ordering of the options must be in the order specified here. You cannot mix the options.
bind <JNDI_object_name> [options] [-context] [-rebind] {-class | -c <classname> [-factory | -f <factory>] [-location | -l <URL>] [-string <type_name> <string_value> [-string <type_name> <string_value> ...]] [-binary <type_name> <string_value> [-binary <type_name> <string_value> ...]]
The following binds a CORBA IOR reference into the JNDI namespace. The object reference was stringified before the bind is executed and is substituted for the input argument $1. In addition, a binary reference attribute for the employee site number of 400 is also bound within the object.
bind /test/employee -class employee.Employee -factory employee.EmployeeFactory
-string EmpObjRef $1 -binary EmpNumber 400
The bindds command binds a DataSource object in the JNDI namespace. In order to enlist any database--including the local database--you must bind a JTA DataSource object to identify each database included in the transaction. If you require a two-phase commit transaction, your system administrator must create public database links from the two-phase commit engine to each database involved in the transaction. The fully-qualified database link names are included when binding DataSource objects.
For JTA, XA, or JNDI, you might need to bind a DataSource object in the JNDI namespace for later retrieval and activation of a database connection. There are four types of DataSource objects that you can bind using the bindds command:
OracleDataSource--a DataSource object modified for use with an Oracle9i database.
OracleJTADataSource--a DataSource object modified for use within global JTA transactions. Within JTA, to enlist any database--including the local database--you must bind an OracleJTADataSource object to identify each database included in the transaction.
OracleConnectionPoolDataSource--a DataSource object modified for use with a pool of DataSource objects.
OracleXADataSource--a DataSource object modified for use within an XA-type connection.
The DataSource object type is specified with the -dstype option of the bindds command, as described below:
bindds <lookup_name> [options]
[-help | -h]
[-describe | -d]
[-version | -v]
[-dstype <datasource>]
[-host <hostname> -port <portnum> -sid <SID> -driver <driver_type>]
[-url <db_url>]
[-dblink <DBLINK>]
[-g | -grant {<user> | <role>}[,{<user> | <role>}]...]
[-recursiveGrant | -rg {<user> | <role>}[,{<user> | <role>}]...]
[-rebind]
[-user | -u <user>]
[-password | -p <password>]
Table 1-22 summarizes the bindds command-line arguments:
You bind an OracleJTADataSource object for any databases included in a global transaction. If you require a two-phase commit transaction, your system administrator must create public database links from the two-phase commit engine to each database involved in the transaction. These database link names must be included when binding the OracleJTADataSource object.
The following example binds the ds1 OracleJTADataSource into the namespace with ds1db as the database link name created on the two-phase commit engine:
% bindds /test/ds1 -host dbsun.mycompany.com -port 2481
-sid ORCL -driver thin -dstype jta -dblink ds1db.oracle.com
The options used to bind an OracleJTADataSource object depend on whether the transaction uses single or two-phase commit, as described below:
OracleJTADataSource object. You do not need to provide a database link. For example, the following binds an OracleJTADataSource with the name of "/test/myUT" that exists within a single-phase commit transaction:
bindds /test/ds1 -host dbsun -port 5521 -sid ORCL -driver thin -dstype jta
bindds /test/myUT -url jdbc:oracle:thin:@dbsun:5521:ORCL -dstype jta
-dblink mydsdblink.oracle.com
This includes not only the information for creating a connection to this database, but also the information needed by the two-phase commit engine to facilitate committing a global transaction.
The bindms command binds a javax.mail.Session object in the namespace.
bindms <lookup_name> -mailFrom <mail_from> -mailUser <mail_user>
-mailHost <mail_host> [options]
[-help | -h]
[-describe | -d]
[-version | -v]
[-g | -grant {<user> | <role>}[,{<user> | <role>}]...]
[-recursiveGrant | -rg | -rG {<user> | <role>}[,{<user> | <role>}]...]
[-rebind]
Table 1-23 summarizes the bindms command-line arguments:
The following example binds the myMailSession mail Session object reference within the namespace. It designates the mail host as mailhost@oracle.com, the username as user1, and the user's email address as user1@oracle.com. Finally, it grants the public read and write access to this object reference.
bindms /test/myMailSession -mf user1@oracle.com -mu user1
-mu user1 -mh mailhost@oracle.com -grant public
The bindurl command binds a URL object in the namespace.
bindurl <lookup_name> <url_string> [options]
[-help | -h]
[-describe | -d]
[-version | -v]
[-rebind]
[-g | -grant {<user> | <role>}[,{<user> | <role>}]...]
[-recursiveGrant | -rg | -rG {<user> | <role>}[,{<user> | <role>}]...]
Table 1-24 summarizes the bindurl command-line arguments:
The following example binds the URL string "http://www.oracle.com" to a URL reference "/test/myURL" within the namespace. The -rebind option is used to make sure that if /test/myURL previously exists, it is rebound with this address.
bindurl /test/myURL http://www.oracle.com -rebind
The bindut command binds a UserTransaction object in the namespace. You must bind a UserTransaction object for both single and two-phase commit transactions. In a two-phase commit scenario, the UserTransaction is bound with respect to the two-phase commit engine.
bindut <lookup_name> [options]
[-help | -h]
[-describe | -d]
[-version | -v]
[-rebind]
[-expprop]
[-host <hostname> -port <portnum> -sid <SID>]
[-url <db_url>]
[-g | -grant {<user> | <role>}[,{<user> | <role>}]...]
[-recursiveGrant | -rg | -rG {<user> | <role>}[,{<user> | <role>}]...]
[-user | -u <user>]
[-password | -p <password>]
Table 1-25 summarizes the bindut command-line arguments:
The following example binds the ut1 UserTransaction within the namespace designating the two-phase commit engine at dbsun.mycompany.com:
bindut /test/UserTransaction/ut1 -host dbsun.mycompany.com -port 2481 -sid ORCL
The same command could be issued as follows:
bindut /test/UserTransaction/ut1 -url sess_iiop://dbsun.mycompany.com:2481:ORCL
The options used to bind a UserTransaction object depend on whether the transaction uses a single or two-phase commit, as described below:
UserTransaction object. You do not need to provide the address to a two-phase commit engine. For example, the following binds a UserTransaction with the name of "/test/myUT" that exists for a single-phase commit transaction:
bindut /test/myUT
UserTransaction object and the address to a two-phase commit engine. For example, the following binds a UserTransaction with the name of "/test/myUT" and a two-phase commit engine at "2pcHost":
bindut /test/myUT -url jdbc:oracle:thin:@2pcHost:5521:ORCL
When the transaction commits, the UserTransaction communicates with the two-phase engine designated in the -url option to commit all changes to all included databases. The UserTransaction tracks all databases involved in the transaction; the two-phase commit engine uses the database links for these databases to complete the transaction.
The getgroup command lists all the properties within a property group for the designated JNDI object.
getgroup <object_name> <group_name>
| Option | Description |
|---|---|
|
|
A JNDI name that is bound to an object. |
|
|
A property group name, which was created by the |
The following example displays all properties defined for the wine group of the config object:
getgroup config wine
The getproperties command lists all properties associated with the given JNDI name.
getproperties [-all] <object_name>
The publish command performs the same function as the publish tool. Refer to "publish" for command syntax and examples.
The removegroupentry command removes a single property to an existing property group for the designated JNDI object.
removegroupentry <object_name> <group_name> <prop_name>
The following example removes the type property from the wine group of the config object:
removegroupentry config wine type
The setgroup command creates a property group for a JNDI object. You add properties to an existing group through the addgroupentry command. Each execution of setgroup either creates a new group or overwrites an existing group. To specify multiple properties, enclose all name-value pairs within double-quotes ("), and separate each name-value pair with a newline.
setgroup <object_name> <group_name> "<prop_name=prop_value> [<prop_name=prop_value>...]"
The following example sets three properties for wine group in the config object:
setgroup config wine "debug=true >servlet.class=SCOTT:winemasters.tasting.Tasting >details=high"
The setproperties command assigns name-value pairs to an object with the given JNDI name. Each execution of setproperties resets all properties for this object to what is indicated on the command line. To specify multiple properties, enclose all name-value pairs within double-quotes ("), and separate each name-value pair with a newline.
setproperties <object_name> "<prop_name=prop_value> [<prop_name=prop_value>...]"
| Option | Description |
|---|---|
|
|
A JNDI name that is bound to an object. |
|
|
The name of the property. |
|
|
The current value for the property. |
The following example sets three properties for the config object:
setproperties config "debug=true >servlet.class=SCOTT:winemasters.tasting.Tasting >details=high"
The following sess_sh commands are provided to modify an existing listener.
To receive incoming requests, the listener must be configured with an endpoint for each presentation type. Most listeners are configured to accept Oracle Net Services (TTC) connections. The other two types of supported presentations are IIOP (oracle.aurora.server.SGiopServer) and HTTP (HTTP://webserver). In addition, if you create your own presentation, the listener must have an endpoint registered for that presentation.
You can either statically configure these endpoints within the listener configuration (either through the Oracle Net Services configuration tool or by modifying the listener configuration file) or dynamically register these endpoints through the regep tool.
The register endpoint (regep) command dynamically registers an endpoint within the existing listener for the specified presentation type. For example, you can modify a listener that exists primarily for TTC requests to also accept IIOP requests.
This tool requires that you log on as a system user.
regep -pres <presentation_string> [-host <hostname>] -port <portnum> [-listener <lsnr_addr>] [-ssl] [-persistent] [-describe | -d] [-help | -h] [-version | -v]
Table 1-31 summarizes the regep command-line arguments:
The unregister endpoint (unregep) command unregisters an existing dynamic listener endpoint. This tool requires that you log on as a system user.
unregep -pres <presentation_string> -host <hostname> -port <portnum> [-describe | -d] [-help | -h] [-version | -v] [-delete]
Table 1-32 summarizes the unregep command-line arguments:
The session shell provides a set of specialized commands for manipulating the OSE JNDI namespace, the web server and publish servlets. The uses and syntax requirements of each command are described in the following sections:
The following session shell commands are provided to create a new service. Each service is associated with a different presentation string and protocol.
|
|
Adds a new endpoint dynamically with the database listener. The listener must already exist. This command only registers a new endpoint for a web service with the existing listener.
addendpoint [options] <service> <name> [-listener <lsnr>]
[-net8]
[-interface <int_spec>]
[-port <port_num>]
[-register]
[-ssl]
[-threads <min> <max>]
[-timeout <seconds>]
Table 1-33 summarizes the addendpoint command-line arguments:
The following example adds a listener endpoint on port 8080 for the webserver service. It starts up three threads and has a socket read timeout of 300 seconds.
addendpoint -port 8080 -threads 3 5 -timeout 300 webserver endpt1
Creates basic information for a service that is used during service installation. The service can either be an HTTP or IIOP based service, or a brand-new service that you have developed.
createservice [options] <service> [-http | -iiop]
[-service <class>]
[-properties <prop_groups>]
[-root <location>]
[-globalTimeout <seconds>]
Table 1-34 summarizes the createservice command-line arguments:
| Option | Description |
|---|---|
|
|
The user-defined name of the new service. |
|
|
The service is HTTP-based. |
|
|
The service is IIOP-based. |
|
|
The Java class that implements the |
|
|
List of property groups to use as the defaults for this service. Specify the name-value pairs in the same way as in the setgroup command. |
|
|
JNDI location for the service configuration. |
|
|
Timeout for database sessions processing requests for this service. Timeout is specified in seconds. |
Creates basic information for a web-based service that is used during service installation. This service uses the HTTP protocol for connecting. This is the similar to executing createservice -http.
createwebservice [options] <service_name> -root <location>
[-properties <prop_groups>]
[-ip]
[-virtual]
Table 1-35 summarizes the createwebservice command-line arguments:
| Option | Description |
|---|---|
|
|
The user-defined name of the new service. |
|
|
JNDI location for the web service configuration. |
|
|
List of property groups to use as the defaults for this service. Specify the name-value pairs in the same way as in the setgroup command. |
|
|
The web service allows IP-based multi-homed domains. |
|
|
The web service allows VirtualHost multi-homed domains. |
The following example creates a web service, webserver, that is defined in the "/webdomains" directory. The "/webdomains" directory should have been created by the createwebdomain command.
createwebservice -root /webdomains webserver -properties "debug=true >servlet.class=SCOTT:customer.CustMain >details=default"
Removes a defined service (created either by the createservice or createwebservice commands), unregisters all endpoints, and removes the endpoints so that they will not be started when the listener is initiated again.
destroyservice [-all] <service_name>
Table 1-36 summarizes the destroyservice command-line arguments:
| Option | Description |
|---|---|
|
|
The service created by the createservice or createwebservice commands. |
|
|
Erases everything under this service root. |
The following example deletes the webserver service.
destroyservice webserver
Removes a specific endpoint from a service and unregisters it from the listener.
rmendpoint [-force] <service> <name>
Table 1-37 summarizes the rmendpoint command-line arguments:
| Option | Description |
|---|---|
|
|
The service that the endpoint will listen for incoming requests on. For example, |
|
|
The name of the endpoint that was created with addendpoint. |
|
-force |
Always remove the endpoint. Oracle recommends that you use this option on each invocation of |
The following example deletes the endpt1 endpoint:
rmendpoint -f webserver endpt1
Within the service root, you create one or more web domains. These web domain store servlet contexts. Use web domains to organize your servlet contexts. These commands enable you to create and destroy any web domain.
Creates a web domain owned by the specified schema. This domain contains services. The services contain servlets, which execute under the schema's identity. Each web domain is initialized with the "/default" servlet contexts.
createwebdomain [options] <domain_name>
[-docroot <location>]
[-properties <prop_groups>
Table 1-38 summarizes the createwebdomain command-line arguments:
| Option | Description |
|---|---|
|
<domain_name> |
The full path of where the domain should be located and its name. |
|
|
The location of the servlet static pages for this webdomain's default context. Other context's docroot location is specified in the createcontext command. |
|
|
List of property groups to use as the defaults for this service. Specify the name-value pairs in the same way as in the setgroup command. |
The following command creates the /webserver domain in the root directory.
createwebdomain /mywebserver
Removes the web domain created by the createwebdomain command. This command also deletes any servlet contexts contained within the domain.
destroywebdomain <domain_name>
Table 1-39 summarizes the destroywebdomain command-line arguments:
| Option | Description |
|---|---|
|
|
The full directory and name used within |
The following example deletes the /webserver domain and all servlets contained within it:
destroywebdomain /webserver
Once all domains are setup, you can create the servlet context to exist within the specified domain. Once created, you can copy servlets into each context.
Management commands for servlet contexts include the following:
Specifies how HTTP access logging is handled for the servlet context. This records information about each incoming HTTP request. You have one of three options.
accesslog [options] <context_name> [-trace | -systable | -table <table_spec>]
Table 1-40 summarizes the accesslog command-line arguments:
The following example specifies that the HTTP access log messages for the /webdomains/contexts/default service context should be directed into the HTTP_LOG table in SCOTT's schema:
accesslog -table SCOTT:HTTP_LOG /webdomains/contexts/default
When a specific error code is returned, you can specify a URL that the client is directed to. This is useful for displaying error messages to the client.
adderrorpage -error <errcode> -virtualpath <errorpath> <context_name>
Table 1-41 summarizes the adderrorpage command-line arguments:
The following example associates the error 401 with the servlet identified within the -virtualpath option. This code is valid for the default context.
adderrorpage -error 401 -virtualpath /SCOTT/Errors/Err401 \
/webdomains/context/default
Creates a servletcontext within the specified domain, which was created by the createwebdomain command.
createcontext [options] <domain_name> <context_name>
-virtualpath <path>
[-recreate]
[-properties <prop_groups>]
[-docroot <location>]
[-stateless]
Table 1-42 summarizes the createcontext command-line arguments:
| Option | Description |
|---|---|
|
|
The directory and name for the domain where the servlet context is to be created. This domain must already exist. You create the domain through the createwebdomain command. |
|
|
The user-defined name for the servlet context to be used within the domain. |
|
|
Bind the newly created servlet context to this virtual path. |
|
|
If a context with this name already exists, delete it before adding an empty context with this name. This destroys any servlets currently associated with this context. |
|
|
List of property groups to use as the defaults for this service. Specify the name-value pairs in the same way as in the setgroup command. |
|
|
All of the servle static pages are located in this directory in the server machine's filesystem. |
|
|
All servlets in this context are stateless. Contexts declared to be stateless can only contain servlets that are stateless and never try to access the HTTPSession object. |
The following example creates a servlet context, ScottContext, within the domain ScottRoot. The document root of this context (for static files) is /private/scott/html. To access servlets published to ScottContext, use the virtual path /SCOTT.
createcontext -virtualpath /SCOTT -docroot /private/scott/html
/ScottRoot ScottContext
Removes the servlet context, its information, and all contained servlets from the domain.
destroycontext <context_name>
Table 1-43 summarizes the destroycontext command-line arguments:
| Option | Description |
|---|---|
|
|
The servlet context name, which was used on the createcontext command. |
The following example remove the "ScottContext" servlet context. In addition, all servlets contained in the server's filesystem directory "/private/scott/html" are all deleted, and the virtual path "/SCOTT" is removed.
destroycontext ScottContext
Remove the error code associated with the servlet context. This only removes the error code: it does not remove the servlet associated with the error code.
rmerrorpage -error <errcode> <context_name>
Table 1-44 summarizes the rmerrorpage command-line arguments:
The following command removes the previously defined error code 401 from the default servlet context. The servlet associated with this code may still exist.
rmerrorpage -error 401 /webdomains/context/default
Once you have created the correct directory structure to contain your servlet, you can copy these into the server's filesystem. Then, you must publish these servlets in order for the client to invoke them.
Publish the servlet within the named servlet context.
publishservlet [options] <context_name> <servlet_name> <class_name>
[-virtualpath <path>]
[-stateless]
[-reuse]
[-properties props]
Table 1-45 summarizes the publishservlet command-line arguments:
| Option | Description |
|---|---|
|
|
The name of the servlet context. |
|
|
The name assigned to this servlet in the named_servlets directory to be published within this context. This name is used to refer to the class published with this command. |
|
|
The name of the class implementing the HttpServlet interface. |
|
|
Bind this servlet to this virtual path. |
|
|
This servlet is stateless and can not access the HTTPSession object. |
|
-reuse |
Add the virtual path to an existing servlet without republishing the servlet. |
|
|
List of property groups to use as the defaults for this service. Specify the name-value pairs in the same way as in the setgroup command. |
The following command publishes the default context for the HelloWorld example that was loaded in SCOTT's schema:
publishservlet -virtualpath /hello /websdomains/contexts/default \
helloServlet SCOTT:HelloWorld
Removes the servlet from the context as well as any existing virtual path for the servlet.
unpublishservlet <context_name> <servlet_name>
Table 1-46 summarizes the unpublishservlet command-line arguments:
| Option | Description |
|---|---|
|
|
The name of the servlet context. |
|
|
The name of the servlet to be published within this context. |
The following example unpublishes the HelloWorld servlet:
unpublishservlet /websdomains/contexts/default helloServlet
Commands for publishing JavaServer Pages.These commands assume that the JSP definition is available as a resource on the server.
Translation, compilation, hotloading (if enabled), and publishing all occur automatically with the publishjsp command. This tool translates and publishes the JavaServer Pages in the designated servlet context. This command compiles the JavaServer Page into a servlet, which is stored in jspresource, and maintains the dependency between the jspresource and the generated class.
Run publishjsp after you have loaded a .jsp (or .sqljsp) file into Oracle9i as a resource schema object.
publishjsp [options] <jsp_resource>
-virtualpath <path>
-schema <schema>
-context <context>
[-stateless]
[-servletName <servlet_name>]
[-packageName <pkg_name>]
[-hotload]
[-verbose]
[-resolver <resolver>]
[-extend <class>]
[-implement <interface>]
Table 1-47 summarizes the publishjsp command-line arguments:
| Option | Description |
|---|---|
|
|
The file name.jsp (or name.sqljsp for a SQLJ JSP page) is the JSP page resource schema object that you loaded with loadjava and is the only required parameter, along with any relevant schema path information. |
|
|
Specify an alternative servlet path for the JSP page; otherwise, the servlet path is simply the specified .
By default, |
|
|
The JSP page is to be stateless--the JSP page should not have access to the HttpSession object during execution. This flag is used for mod_ose optimization. |
|
|
Specify the schema where the JSP page resource schema object is located, if it is not in the same schema you logged in to through
This schema must be accessible from your |
|
|
Specify an alternative servlet name (in OSE named_servlets) for the JSP page. By default, the servlet name is the base name of the . |
|
|
Specify a package name for the generated page implementation class. By default, it is the path specification for the . |
|
|
Specify a servlet context in the Oracle Servlet Engine. The context path of this servlet context becomes part of the URL used to invoke the page.
The OSE default context, |
|
|
Enable and perform hotloading. See the discussion on hotload following this table for more information. |
|
|
Report the translation steps during execution. |
|
|
Specify an alternative Java class resolver. See the resolver discussion in the "loadjava" for more information. |
|
|
Specify a Java class that the generated page implementation class extends. |
|
|
Specify a Java interface that the generated page implementation class implements. |
Enable this flag to enable and perform hotloading. This results in the following steps being performed by the publishjsp command:
main() method and a hotloading method are implemented in the generated page implementation class to allow hotloading.
main() method is executed to perform hotloading.
hotload, you must have permission for the Oracle9i hotloader. This can be granted as follows (from SQL*Plus, for the SCOTT schema, for example):
dbms_java.grant_permission('SCOTT',
'SYS:oracle.aurora.security.JServerPermission', 'HotLoader', null);
The following example publishes the Foo.jsp into the default servlet context path of "/" and the default servlet path of "dir1/Foo.jsp".
publishjsp -schema SCOTT dir1/Foo.jsp
After this command, Foo.jsp can be invoked as follows:
http://host[:port]/dir1/Foo.jsp
Access it dynamically from another JSP page in the application, suppose a page published as dir1/Bar.jsp, as follows (using page-relative syntax and then application-relative syntax):
<jsp:include page="Foo.jsp" flush="true" />
Removes a JavaServer Page from the JNDI namespace. This does not remove the page implementation class schema object from the database. You do not need to specify a servlet name unless you specified one when you ran publishjsp. Generally, the only required input is the servlet path, which is also known as the "virtual path".
unpublishjsp [options] <servlet_path>
[-servlet <servlet_name>]
[-context <context>]
[-showVersion]
[-usage]
[-verbose]
Table 1-48 summarizes the unpublishjsp command-line arguments:
The following example unpublishes the page that was published in the publishjsp section:
unpublishjsp dir1/Foo.jsp
Exports the structure of a web domain and its configuration file for the mod8i proxy.
The export utility works in two stages:
This command creates the configuration files required for Apache's mod8i and for others. The default output is in an XML format.
exportwebdomain [options] <domain_name>
[-context <context>]
[-netservice <name>]
[-format <fmt>]
[-nodefault]
[-nodocs]
[-worker <number>]
Table 1-49 summarizes the exportwebdomain command-line arguments:
The following example exports the configuration that exists within the /webdomain domain to the "/tmp/ApacheConfig" file. The format is defined in the Apache.xml file and the Oracle Net Services connect string service name is apache_connect.
exportwebdomain -format Apache -netservice apache_connect \
/webdomain &>/tmp/ApacheConfig
In HTTP Security, access to a protected resource is composed of two parts, authentication and authorization. Authentication validates submitted credentials, which establishes that a user is known and validated by the system. Authorization determines whether an authorized user is allowed to perform the requested action.
There are four stages involved in establishing these security measures:
Without any one of these steps, security will either be non-existent or it will not allow any access to protected resources. These steps ensure that enough information has been declared, so that HTTP Security can successfully protect web resources.
Principal declarations are held in a "realm". A realm is made up of users and groups. The more generic term for either a user or a group is principal. When either entity can be used in a situation, the term principal should be used. Realm definitions exist within the scope of a web service. That is, all servlet contexts within a web service can use the same pools of principals for security.
Since the realm is the source of all principals, it plays a key role in what types of credentials are to be used to identify principals, aiding the principals in managing the credentials themselves or can defer to whatever entity that does have them, and establishing the relationships among all principals within it.
By default, there are four implementations of realms for HTTP Security. They are identified by their types:
These type names are shortcuts to use when declaring which realm class name to use in the JNDI entry that will be used to instantiate the realm.
The DBUSER realm derives all principal definitions from the users and roles defined within the database itself. No principal management is allowed through any of the security commands for this type of realm. The database, not the security tools, manages principal creation, deletion, and role membership. Since all instances of DBUSER realms utilize the same source for principal definition, all instances will essentially be equivalent. When referring to principals with a DBUSER realm, no case translations are performed. When the database entity was created, unless the case was explicitly expressed, the name will be all uppercase. For example SYS and PUBLIC must always be referred to in all uppercase. If a user were created, as follows, the username would exactly be 'joe'.
create user "joe" identified by welcome;
This is especially important when it comes to supplying usernames and passwords from the browser.
To create a RDBMS realm:
realm publish -w /myService -add testRealm -type RDBMS
|
Note: For JNDI and DBUSER, use these titles as the type argument. OSSO is another type. See the Oracle9i Oracle Servlet Engine User's Guide, Chapter 4, for more information about the OSSO type. |
To remove a realm:
realm publish -w /myService -remove testRealm
To publish a custom realm:
realm publish -w /myService -add testRealm -classname foo.bar.MyRealm
Not all realms support the editing of principals. For example, DBUSER type realms do not support any principal manipulation.
To create a user:
realm user -w /myService -realm testRealm1 -add user1 -p upswd1
To create a group:
realm group -w /myService -realm testRealm1 -add group1 -p gpswd1
To delete a user:
realm user -w /myService -realm testRealm1 -remove user1
To delete a group:
realm group -w /myService -realm testRealm1 -remove group1
To list users of a realm:
realm user -w /myService -realm testRealm1
To list groups of a realm:
realm group -w /myService -realm testRealm1
To add a principal to a group:
realm parent -w /myService -realm testRealm -group group1 -add user1
To remove a principal from a group:
realm parent -w /myService -realm testRealm -group group1 -remove user1
To list principals within a group:
realm parent -w /myService -realm testRealm -group group1
To query which groups a principal is member:
realm parent -w /myService -realm testRealm -q user1
In Oracle9i HTTP Security, resource protection is local to the servlet context. To declare a resource as protected, two pieces of information must be supplied. That information is embodied in a protection scheme. A scheme is of the form:
<authType>:<realmName>
Currently, there are only two valid authentication types, although these can be extended through JNDI namespace entries:
You can declare resources to not be protected, which is useful when the servlet context root is to be protected. The problem is that when the root is protected, so are the error pages since they are part of the tree. In order to prompt for authentication, an error page is handed out. If that error page is protected, cycles develop and the desired behavior is not observed. Instead, explicitly declare the error pages as unprotected by using a protection scheme of <NONE>.
The path that describes what should be protected is local to the servlet context. Internally, that path is "normalized" to enable stable, predictable patterns for matching. This may cause the internal representation to differ from the original path used to create the protection scheme. HTTP Security uses the longest, most exact match possible when trying to apply the protection rules.
Protecting paths to resources with protection schemes:
realm map -s /myService/contexts/myContext -a /doc/index.html \
-scheme basic:testRealm1 realm map -s /myService/contexts/myContext -a /doc -scheme basic:testRealm2 realm map -s /myService/contexts/myContext -a /doc/* -scheme basic:testRealm3
With the above declarations, here is how paths would be matched to realms:
/doc/index.html -> testRealm1 /doc -> testRealm2 /doc/ -> testRealm2 /doc/index -> testRealm3 /doc/foo -> testRealm3
To remove the protection of a path:
realm map -s /myService/contexts/myContext -r /doc/index.html
To list all protected paths within a servlet context:
realm map -s /myService/contexts/myContext
To explicitly declare a path not to be protected:
realm map -s /myService/contexts/myContext -a /system/* -scheme <NONE>
To list all protected paths within a servlet context:
realm map -s /myService/contexts/myContext
Permissions are the most involved of all HTTP Security declarations. They tie web service scoped entities with servlet context scoped entities and they reside in the servlet context.
A permission declaration consists of several pieces:
Given all of the pieces that are being tied into one permission declaration, it is easy to see why these are the most complicated declarations. HTTP Security permissions concern only those HTTP actions that are valid for HTTP requests, as follows:
To declare a granted permission on /foo/index.html for user1 for GET and POST:
realm perm -w /myService -realm testRealm1 -s /myService/contexts/myContext \
-n user1 -u /foo/index.html + get,post
To declare a denied permission on /foo/* for user1 for PUT and DELETE:
realm perm -w /myService -realm testRealm1 -s /myService/contexts/myContext \
-n user1 -u /foo/* - put,delete
To remove granted permissions on /foo/index.html for user1:
realm perm -w /myService -realm testRealm1 -s /myService/contexts/myContext \
-n user1 -u /foo/index.html +
To list all permissions for a user:
realm perm -w /myService -realm testRealm1 -s /myService/contexts/myContext \
-n user1
All HTTP Security is declared through JNDI namespace entries. This is also true for the servlet that does the enforcing of security. In the servlet context, if there is a PrivilegedServlet named httpSecurity, that servlet is added as the first pre-filter for all requests within that servlet context.
As with all JNDI namespace entries so far in HTTP Security, if customization is desired, the namespace entry can specify any custom servlet, if it implements the PrivilegedServlet interface. If this servlet is customized, it can handle security any way it chooses, since its main responsibility is to do one of the following for (HttpRequest.PrivilegedAccess, HttpRequest, HttpResponse):
AccessControlException during its service if there is any security violation
Once authentication and authorization have taken place, it is also the responsibility of the servlet to set specific authenticated principal values on the request itself. This is the user information that can be retrieved from the request by any executing servlet.
To create a security servlet:
realm secure -s /myService/contexts/myContext
Removing the security servlet removes all security enforcement in a servlet context. If the entry is missing, the webserver continues execution with no security enforcement.
To remove a security servlet:
rm /myService/contexts/myContext/httpSecurity
The realm command suite, listed below, manages all realm constituents.
Lists the realms declared for the given web service.
The syntax is as follows:
realm list -w <webServiceRoot>
where the <webServiceRoot> is the web service to list.
realm list -w /webservice
Can be used to suppress the results of subsequent realm commands.
The syntax is as follows:
realm echo [0 | 1]
realm echo 0
Used to setup the default security servlet for a given servlet context.
The syntax is as follows:
realm secure -s <servletContextPath>
where servletContextPath is the servlet context to operate upon.
Used to map paths local to the given servlet context to protection schemes. This is what declares a resource to be protected.
The syntax is as follows:
realm map -s servletContextPath [-(a[dd]|r[emove]) <path> -scheme auth:realm]
User to publish and remove various types of realms within a given web service. If the realm already exists, information about that pre-existing realm is output.
The syntax is as follows:
realm publish -w <webserviceRoot> [-(a[dd]|r[emove]) <realmName>
[-type <realmType>]]
Used to query what users exist within a realm, add users to a realm, remove users from a realm, edit the passwords of existing users.
The syntax is as follows:
realm user -w <webserviceRoot> -realm <realmName>
[-(a[dd]|r[emove]) <userName> [-p <user> <password>]]
Used to query what groups exist within a realm, add groups to a realm, remove groups from a realm, edit the passwords of existing groups.
The syntax is as follows:
realm group -w <webserviceRoot> -realm <realmName>
[-(a[dd]|r[emove]) <groupName> [-p <group> <password>]]
Used to query and manage principal-group relationships.
The syntax is as follows:
realm parent -w webserviceRoot -realm realmName [-g[roup] groupName
[-(a[dd]|r[emove]) principalName]] [-q[uery] principalName
Used to query and manage permissions for principals.
The syntax is as follows:
realm perm -w webserviceRoot -realm realmName -s servletContextPath
-n[ame] principalName [-p[ath] path (+|-) permList]
Instead of loadjava and publish, Enterprise JavaBean developers use the deployejb tool, which performs equivalent operations, as well as generating and compiling infrastructure code for the EJB. To drop the bean, use the dropejb tool. The ejbdescriptor tool is a utility for translating between the text and serialized object forms of EJB deployment descriptors.
These are discussed in the following sections:
From a deployment descriptor and a JAR containing interfaces and classes, the deployejb tool makes an EJB implementation ready for test or production clients to invoke. The deployejb tool generates and compiles classes that effect client-bean communication, loads compiled classes into the database, and publishes the bean's home interface name in the session namespace so clients can look it up with JNDI. The BeanHomeName must refer to a PublishingContext for which the deployejb invoker has the write right; see "publish" for the rights required to publish.
Before deploying, verify that you add the appropriate JDK JAR, library, and binary information in the following environment variables:
To specify a different encoding for multibyte support, modify the encoding element in the XML deployment descriptor heading. The deployejb tool recognizes the proper encoding from the header.
deployejb {-user | -u} <username> {-password | -p} <password> {-service | -s} <serviceURL> -descriptor <file> -temp <work_dir> <beanjar> [-addclasspath <dirlist>] [-beanonly] [-credsFile <credentials>] [-describe | -d] [-generated <clientjar>] [-help | -h] [-iiop] [-keep] [-oracledescriptor <file>] [-republish] [-resolver "resolver_spec"] [-role <role>] [-ssl] [-useServiceName] [-verbose] [-version | -v]
Table 1-56 summarizes the deployejb arguments.
|
Argument |
Description and Values |
|---|---|
|
|
Specifies the schema into which the EJB classes will be loaded. |
|
|
Specifies the password for |
|
|
URL identifying database in whose session namespace the EJB is
which matches the default installation on the invoker's machine. |
|
|
Supply a text file with credentials instead of a username and |
|
|
Specifies the text file containing the EJB deployment descriptor. |
|
|
Specifies a temporary directory to hold intermediate files that |
|
|
Specifies the name of the JAR containing the bean interface and |
|
|
Specifies directories containing interface and/or implementation |
|
|
Skips generation of interface files. This option enables you to |
|
|
Summarizes the tool's operation. |
|
|
Specifies the name of the output (generated) JAR file, which
You can alternatively specify the output client JAR filename in |
|
|
Summarizes the tool's syntax. |
|
|
Connects to the target database with IIOP instead of the default |
|
|
Do not remove the temporary files generated by the tool. This |
|
|
Specifies the text file containing the Oracle-specific deployment |
|
|
Replaces the published BeanHomeName attributes if the |
|
|
Specifies an explicit resolver spec, which is bound to the newly |
|
|
Specifies role to assume when connecting to the database; no |
|
|
Connects to the database with SSL authentication and encryption. |
|
|
If you are using a service name instead of an SID in the URL, you |
|
|
Emits detailed status information while running. |
|
|
Shows the tool's version. |
The deployejb tool needs the classes that the home and remote interfaces depend on and the classes that the bean implementation depends on. These dependency classes can either be included in the <beanjar> file or directories containing them or can be specified in the -addclasspath argument. The first approach is less prone to error, the second can substantially reduce deployejb's run time. If you use -addclasspath, then you must ensure that the classes have been loaded before you run a client that activates the EJB.
Here is a deployejb example.
Basic invocation specifying the name of the generated client JAR file:
deployejb -user SCOTT -password TIGER -service sess_iiop://dbserver:2481:orcl \ -descriptor myBeanDescriptor.xml -temp /tmp/ejb \ -generated myBeanClient.jar myBean.jar
The dropejb tool is the converse of deployejb. To drop beans that have been previously deployed, you can provide either the original JAR file that was deployed or the original EJB deployment descriptor used during the deployment. If you provide the JAR file and the deployment descriptor, the bean and all of its dependent objects are dropped. If you provide only the deployment descriptor, only the bean is dropped.
dropejb {-user | -u} <username> {-password | -p} <password> {-service | -s} <serviceURL> -descriptor <file> [-options] [<beanjar>] [-credsFile <credentials>] [-describe | -d] [-generated <clientjar>] [-help | -h] [-iiop] [-oracledescriptor <file>] [-role <role>] [-ssl] [-useServiceName] [-verbose] [-version | -v]
Table 1-57 summarizes the dropejb arguments.
The following drops the implementation, home interface, remote interface, and all generated classes (stubs and skeletons) from the database:
dropejb -u scott -p tiger -s sess_iiop://localhost:2481 -descriptor Hello.xml
If you also provide the original JAR file, any dependent (referenced) objects are dropped as well. That is, all classes included within the JAR file are completely dropped.
dropejb -u scott -p tiger -s sess_iiop://localhost:2481
-descriptor Hello.xml server.jar
Each EJB implementation includes a serialized Java object known as a deployment descriptor. The values in a deployment descriptor are not readable by people, yet people must create them and might sometimes have to read them. The ejbdescriptor tool transforms a serialized deployment descriptor into text and the converse. Developers are most likely to use ejbdescriptor to extract the deployment descriptor data from an EJB developed for a non-Oracle environment. The deployejb tool calls ejbdescriptor to build a deployment descriptor from the text file you specify in the -descriptor argument.
ejbdescriptor [-options] <infile> <outfile> [-parse] [-parsexml] [-dump [-dumpxml] [-encoding]
Table 1-58 describes the ejbdescriptor arguments.
Here are examples of the ejbdescriptor tool.
Create a Release 8.1.7 or Release 9 XML deployment descriptor from a Release 8.1.6 .ejb deployment descriptor:
ejbdescriptor -dumpxml beandescriptor.ejb beandescriptor.xml
Create a Release 8.1.6 deployment descriptor from an XML deployment descriptor:
ejbdescriptor -parsexml beandescriptor.xml beandescriptor.ser
Create a text file representation of a Release 8.1.6 deployment descriptor:
ejbdescriptor -dump beandescriptor.ser beandescriptor.ejb
Create a serialized deployment descriptor from a Release 8.1.6 deployment descriptor file:
ejbdescriptor -parse beandescriptor.ejb beandescriptor.ser
Display the contents of a Release 8.1.6 deployment descriptor:
ejbdescriptor -dump beandescriptor.ser
Oracle9i incorporates the Inprise (Visigenic) Caffeine tools that allow you to code object interfaces directly in Java and generate the infrastructure necessary to support distributed object invocation. These tools include:
java2rmi_iiop generates the infrastructure EJB requires to call other remote objects. java2rmi_iiop is an extension of the Inprise java2iiop tool.
java2idl compiles Java interfaces to IDL code, for cases where IDL is required.
The idl2java, java2idl, and java2iiop tools developed by Inprise for their VisiBroker for Java product (release 3.4) are distributed with Oracle9i. The Oracle9i CD contains the documentation for these tools; the documentation can also be viewed or downloaded from http://www.inprise.com. Because the Oracle9i run-time environment differs somewhat from the VisiBroker environment, some VisiBroker tool options might not work in Oracle9i JVM as they are described in the VisiBroker documentation.
The Java language was designed for a platform-independent, secure development model. To accomplish these goals, some execution performance was sacrificed. Translating Java bytecodes into machine instructions degrades performance. To regain some of the performance loss, you may choose to natively compile certain classes. For example, you may decide to natively compile code with CPU intensive classes.
Without native compilation, the Java code you load to the server is interpreted and the underlying core classes upon which your code relies (java.lang.*) are natively compiled.
Native compilation provides a speed increase ranging from two to ten times the speed of the bytecode interpretation. The exact speed increase is dependent on several factors, including:
Because Java bytecodes were designed to be compact, natively compiled code can be considerably larger than the original bytecode. However, because the native code is stored in a shared library, it is shared among all users of the database.
Most JVMs use Just-In-Time compilers that convert the Java bytecodes to native machine instructions when methods are invoked. The Accelerator uses an Ahead-Of-Time approach to recompiling the Java classes.
This static compilation approach provides a large, consistent performance gain, regardless of the number of users or the code paths they traverse on the server. After compilation, the tool loads the statically compiled libraries into Oracle9i, which are then shared between users, processes, and sessions.
Most Ahead-Of-Time native compilers compile directly into a platform-dependent language. For portability requirements, this was not feasible. As shown in Figure 1-1, the Accelerator translates the Java classes into a version of C that is platform-independent. This C code is compiled and linked to supply the final platform-dependent, natively compiled shared libraries or DLLs.
Given a JAR file, the Accelerator performs the following:
Accelerator translates, compiles, and links the retrieved classes on the client. For this reason, you must natively compile on the intended platform environment that this application will be deployed to. The result is a single deployment JAR file for all classes within the project.
$ORACLE_HOME/javavm/admin directory.
All core Java class libraries and Oracle-provided Java code within Oracle9i is natively compiled for greater execution speed. Java classes exist as shared libraries in $ORACLE_HOME/javavm/admin, where each shared library corresponds to a Java package. For example, orajox8java_lang.so on Solaris and orajox8java_lang.dll on Windows NT hold java.lang classes. Specifics of packaging and naming can vary by platform. The Oracle9i JVM uses natively compiled Java files internally and opens them, as necessary, at runtime.
The Accelerator can be used by Java application products that need an performance increase and are deployed on Oracle9i. The Accelerator command-line tool, ncomp, natively compiles your code and loads it in Oracle9i. However, in order to use ncomp, you must first provide some initial setup.
You must install the following before invoking Accelerator:
ncomp.
System*.properties file located in the $ORACLE_HOME/javavm/jahome directory. Since the compiler and linker information is platform-specific, the configuration for these items is detailed in the README for your platform.
ncomp the following role and security permissions:
JAVA_DEPLOY: The user must be assigned to the JAVA_DEPLOY role in order to be able to deploy the shared libraries on the server, which both the ncomp and deploync utilities perform. For example, the role is assigned to DAVE, as follows:
SQL> GRANT JAVA_DEPLOY TO DAVE;
FilePermission: Accelerator stores the shared libraries with the natively compiled code on the server. In order for Accelerator to store these libraries, the user must be granted FilePermission for read and write access to directories and files under $ORACLE_HOME on the server. One method for granting FilePermission for all desired directories is to grant the user the JAVASYSPRIV role, as follows:
SQL> GRANT JAVASYSPRIV TO DAVE;
See the Security chapter in the Oracle9i Java Developer's Guide for more information JAVASYSPRIV and granting FilePermission.
Accelerator, implemented within the ncomp tool, natively compiles all classes within the specified JAR, ZIP, or list of classes. Accelerator natively compiles these classes and places them into shared libraries according to their package. Note that these classes must first be loaded into the database.
If the classes are designated within a JAR file and have already been loaded in the database, you can natively compile your Java classes by executing the following:
ncomp -user SCOTT/TIGER myClasses.jar
There are options that allow you control over how the details of native compilation are handled.
ncomp [ options ] <class_designation_file>
-user | -u <username>/<password>[@<database_url>]
[-load]
[-projectDir | -d <project_directory>]
[-force]
[-lightweightDeployment]
[-noDeploy]
[-outputJarFile | -o <jar_filename>]
[-thin]
[-oci | -oci8]
[-update]
[-verbose]
|
Note: These options are demonstrated within the scenarios described in "Native Compilation Usage Scenarios". |
Table 1-59 summarizes the ncomp arguments. The <class_designation_file> can be a <file>.jar, <file>.zip, or <file>.classes.
| Argument | Description and Values |
|---|---|
|
|
The full pathname and filename of a JAR file that contains the classes that are to be natively compiled. If you are executing in the directory where the JAR file exists and you do not specify the - |
|
|
The full pathname and filename of a ZIP file that contains the classes that are to be natively compiled. If you are executing in the directory where the ZIP file exists and you do not specify the - |
|
|
The full pathname and filename of a classes file, which contains the list of classes to be natively compiled. If you are executing in the directory where the classes file exists and you do not specify the -projectDir option, you may give only the name of the classes file. See "Natively Compiling Specific Classes" for a description of a classes file. |
|
|
Specifies a user, password, and database connect string; the files will be loaded into this database instance. The argument has the form |
|
|
The native compilation is performed on all classes. Previously compiled classes are not passed over. |
|
|
Provides an option for deploying shared libraries and native compilation information separately. This is useful if you need to preserve resources when deploying. See "lightweightDeployment" for more information. |
|
|
Executes |
|
|
All natively compiled classes output into a deployment JAR file. This option specifies the name of the deployment JAR file and its destination directory. If omitted, the |
|
|
Specifies that the native compilation results only in the output deployment JAR file, which is not deployed to the server. The resulting deployment JAR can be deployed to any server using the deploync tool. |
|
|
The database URL that is provided on the - |
|
|
The database URL that is provided on the -user option uses an OCI URL address for the database URL syntax. However, if neither - |
|
|
Specifies the full path for the project directory. If not specified, Accelerator uses the directory from which |
|
|
If you add more classes to a < |
|
|
Output native compilation text with detail. |
The permissible forms of @<database> depend on whether you specify -oci or -thin; -oci is the default.
-oci: @<database> is optional; if you do not specify, then ncomp uses the user's default database. If specified, then <database> can be a TNS name or a Oracle Net Services name-value list.
-thin: @<database> is required. The format is <host>:<lport>:<SID>.
Accelerator places compilation information and the compiled shared libraries in one JAR file, copies the shared libraries to $ORACLE_HOME/javavm/admin directory on the server, and deploys the compilation information to the server. If you want to place the shared libraries on the server yourself, you can do so through the lightweightDeployment option. The lightweightDeployment option enables you to do your deployment in two stages:
noDeploy and -lightweightDeployment options. This creates an deployment JAR file with only ncomp information, such as transitive closure information. The shared libraries are not saved within the deployment JAR file. Thus, the deployment JAR file is much smaller.
Any errors that occur during native compilation are printed to the screen. Any errors that occur during deployment of your shared libraries to the server or during runtime can be viewed with the statusnc tool or by referring to the JACCELERATOR$DLL_ERRORS table.
If an error is caught while natively compiling the designated classes, Accelerator denotes these errors, abandons work on the current package, and continues its compilation task on the next package. The native compilation continues for the rest of the packages. The package with the class that contained the error will not be natively compiled at all.
After fixing the problem with the class, you can choose to do one of the following:
If you choose not to recompile the classes, but to load the correct Java class into the database instead, then the corrected class and all classes that are included in the resolution validation for that class--whether located within the same shared library or a different shared library--will be executed in interpreted mode. That is, the JVM will not run these classes natively. All the other natively compiled classes will continue to execute in native format. When you execute the statusnc command on the reloaded class or any of its referred classes, they will have an NEED_NCOMPING status message.
Possible errors for a Java class:
Possible errors for deployment of native compilation JAR file:
The following scenarios demonstrate how you can use each of the options for the ncomp tool can be used:
If all classes are loaded into the database and you have completed your testing of the application, you can request Accelerator to natively compile the tested classes. Accelerator takes in a JAR, ZIP, or list of classes to determine the packages and classes to be included in the native compilation. The Accelerator then retrieves all of the designated classes from the server and natively compiles them into shared libraries--each library containing a single package of classes.
Assuming that the classes have already been loaded within the server, you execute the following command to natively compile all classes listed within a class designation file, such as the pubProject.jar file, as follows:
ncomp -user SCOTT/TIGER pubProject.jar
If you change any of the classes within the class designation file and ask for recompilation, Accelerator recompiles only the packages that contain the changed classes. It will not recompile all packages.
Once you have tested the designated classes, you may wish to natively compile them on a host other than the test machine. Once you transfer the designated class file to this platform, the classes in this file must be loaded into the database before native compilation can occur. The following loads the classes through loadjava and then executes native compilation for the class designation file--pubProject.jar:
ncomp -user SCOTT/TIGER@dbhost:5521:orcl -thin -load pubProject.jar
If you want all classes within a class designation file to be recompiled--regardless of whether they were previously natively compiled--execute ncomp with the -force option. You might want to use the -force option to ensure that all classes are compiled, resulting in a deployment JAR file that can be deployed to other Oracle9i databases. You can specify the native compilation deployment JAR file with the -outputJarFile option. The following forces a recompilation of all Java classes within the class designation file--pubProject.jar--and creates a deployment JAR file with the name of pubworks.jar:
ncomp -user SCOTT/TIGER -force -outputJarFile pubworks.jar pubProject.jar
The deployment JAR file contains the shared libraries for your classes, and installation classes specified to these shared libraries. It does not contain the original Java classes. To deploy the natively compiled deployment JAR file to any Oracle9i (of the appropriate platform type), you must do the following:
pubProject.jar file would be loaded into the database using the loadjava tool.
By default, the Accelerator uses the directory where ncomp is executed as its build environment. The Accelerator downloads several class files into this directory and then uses this directory for the compilation and linking process.
If you do not want to have Accelerator put any of its files into the current directory, create a working directory, and specify this working directory as the project directory with the -projectDir option. The following directs Accelerator to use /tmp/jaccel/pubComped as the build directory. This directory must exist before specifying it within the -projectDir option. Accelerator will not create this directory for you.
ncomp -user SCOTT/TIGER -projectDir /tmp/jaccel/pubComped pubProject.jar
You can specify one or more classes that are to be natively compiled, within a text-based <file>.classes file. Use the following Java syntax to specify packages and/or individual classes within this file:
import COM.myDomain.myPackage.*; import COM.myDomain.myPackage.mySubPackage.*;
import COM.myDomain.myPackage.myClass;
Once explicitly listed, specify the name and location of this class designation file on the command line. Given the following pubworks.classes file:
import COM.myDomain.myPackage.*; import COM.myDomain.hisPackage.hisSubPackage.*; import COM.myDomain.herPackage.herClass; import COM.myDomain.petPackage.petClass;
The following directs Accelerator to compile all classes designated within this file: all classes in myPackage, hisSubPackage and the individual classes, herClass and myClass. These classes must have already been loaded into the database:
ncomp -user SCOTT/TIGER /tmp/jaccel/pubComped/pubworks.classes
If you change any of the classes within this JAR file, Accelerator will only recompile shared libraries that contain the changed classes. It will not recompile all shared libraries designated in the JAR file. However, if you want all classes within a JAR file to be recompiled--regardless of whether they were previously natively compiled--you execute ncomp with the -force option, as follows:
ncomp -user scott/tiger -force pubProject.JAR
You can deploy any deployment JAR file with the deploync command. This includes the default output JAR file, <file>_depl.jar or the JAR created when you used the ncomp -outputJarFile option. The operating system and Oracle9i database version must be the same as the platform where it was natively compiled.
deploync [options] <deployment>.jar
-user | -u <username>/<password>[@<database_url>]
[-projectDir | -d <project_directory>]
[-thin]
[-oci | -oci8]
Table 1-60 summarizes the deploync arguments.
Deploy the natively compiled deployment JAR file pub.jar to the dbhost database as follows:
deploync -user SCOTT/TIGER@dbhost:5521:orcl -thin /tmp/jaccel/PubComped/pub.jar
After the native compilation is completed, you can check the status for your Java classes through the statusnc command. This tool will print out--either to the screen or to a designated file--the status of each class. In addition, the statusnc tool always saves the output within the JACCELERATOR$STATUS table. The values can be the following:
statusnc [ options ] <class_designation_file>
-user <user>/<password>[@database]
[-output | -o <filename>]
[-projectDir | -d <directory>]
[-thin]
[-oci | -oci8]
Table 1-61 summarizes the statusnc arguments. The <class_designation_file> can be a <file>.jar, <file>.zip, or <file>.classes.
| Argument | Description |
|---|---|
|
|
The full pathname and filename of a JAR file that was natively compiled. |
|
|
The full pathname and filename of a ZIP file that was natively compiled. |
|
|
The full pathname and filename of a classes file, which contains the list of classes that was natively compiled. See "Natively Compiling Specific Classes" for a description of a classes file. |
|
|
Specifies a user, password, and database connect string where the files are loaded. The argument has the form |
|
|
Designates that the |
|
|
Specifies the full path for the project directory. If not specified, Accelerator uses the directory from which |
|
|
The database URL that is provided on the - |
|
|
The database URL that is provided on the - |
statusnc -user SCOTT/TIGER -output pubStatus.txt /tmp/jaccel/PubComped/pub.jar
This section describes special-purpose tools.
In the current Oracle9i Enterprise JavaBeans implementation, EJBs communicate with clients by RMI-over-IIOP. This presents a problem for a CORBA client that wants to pass an object to an EJB for the EJB to invoke (call back), because the CORBA transport is IIOP, not RMI-over-IIOP. The CORBA client must pass the EJB an object that the EJB can invoke with RMI-over-IIOP. The java2rmi_iiop tool generates the stubs, skeletons, and other classes that a client or server needs to make an object remotely invocable by an EJB. (java2rmi_iiop is the analog of the VisiBroker for Java java2iiop tool, except that it expects interfaces that extend java.rmi.Remote rather than org.omg.CORBA.Object)
The Java interface definitions must follow the RMI spec:
java.rmi.Remote.
java.rmi.RemoteException.
java2rmi_iiop [options] <file>.java ... [-no_bind] [-no_comments] [-no_examples] [-no_tie] [-root_dir <directory>] [-verbose] [-version] [-W <number>] [-wide]
Table 1-62 summarizes the java2rmi_iiop arguments.
Generate RMI-over-IIOP class files for an RMI interface:
java2rmi_iiop Dictionary.java
Some aspects of the Oracle9i ORB are governed by properties that it reads when a new session running the ORB starts. You can change these properties with the modifyprops tool. Developers should change ORB properties only when Oracle technical support provides instructions to do so.
modifyprops {-u | -user} <user/password@<database> [options] {<key> <value> [,<key> <value>] ... | <key>} [-delete <key>] [-show <key>] [-o | -oci | -oci8] [-t | -thin]
Table 1-63 summarizes the modifyprops arguments.
| Argument | Description |
|---|---|
|
|
Specifies a user, password, and optional database connect string. See "user" for details. |
|
|
Directs |
|
|
Directs |
|
|
Oracle technical support will advise you of the values to enter for |
|
-delete <key> |
Delete the specified property. |
|
-show <key> |
Show the value of the specified property. |
The permissible forms of @<database> depend on whether you specify -oci or -thin; -oci is the default.
-oci: @<database> is optional. If you do not specify, then modifyprops uses the user's default database. If specified, then <database> can be a TNS name or a Oracle Net Services name-value list.
-thin: @<database> is required. The format is <host>:<lport>:<SID>.
The <key> <value> pairing provided on this tool adds properties to a table in the AURORA$UTILITY schema. These are added as <String><String> pairs. When the ORB is started, these pairs are inserted into the System properties of the Oracle9i JVM, which can then be retrieved through the System.getProperties() method. Note that these values are only initialized during ORB startup. Thus, if you add any properties, you must restart the ORB to have these new additions added. Otherwise, add the property dynamically through the following:
System.getProperties.put("Prop1", "ValueX");
Additionally, you can add properties from the client when executing with the -D option, as follows:
java -DProp1=ValueX -classpath ...
|
 Copyright © 1996-2001, Oracle Corporation. All Rights Reserved. |
|