Skip Headers

Table of Contents Image Oracle9i Application Server Best Practices
Release 2 (9.0.3)

Part Number B10578-02
Go To Documentation Library
Go To Product List

Go to next page


Title and Copyright Information

Send Us Your Comments


1 Introduction

1.1 About Best Practices
1.2 About Oracle9iAS J2EE and Web Cache Install Type
1.3 Audience
1.4 Document Organization
1.5 References and Relation to Other Documents

2 Java Language Best Practices

2.1 Avoid or Minimize Synchronization
2.1.1 Synchronize Critical Sections Only
2.1.2 Do Not Use the Same Lock on Objects That Are Not Manipulated Together
2.1.3 Use Private Fields
2.1.4 Use a Thread Safe Wrapper
2.1.5 Use Immutable Objects
2.1.6 Know Which Java Objects Already Have Synchronization Built-in
2.1.7 Do Not Under-Synchronize
2.2 Monitor Synchronization
2.3 Monitor and Fix Resource Leaks
2.4 Always Use a Finally Clause In Each Method to Cleanup
2.5 Discard Objects That Throw Catch-All Exceptions
2.6 Design Transactions Usage Correctly
2.7 Put Business Logic In the Right Place
2.8 Avoid Common Errors That Can Result In Memory Leaks
2.9 Avoid Creating Objects or Performing Operations That May Not Be Used
2.10 Replace Hashtable and Vector With Hashmap, ArrayList, or LinkedList If
2.10.1 Use an Array Instead of an ArrayList If the Size Can Be Fixed
2.10.2 Use an ArrayList or LinkedList To Hold a List of Objects In a Particular
2.10.3 Use HashMap or TreeMap To Hold Associated Pairs of Objects
2.10.4 Replace Hashtable, Vector, and Stack
2.10.5 Avoid Using String As the Hash Key (If Using JDK Prior to 1.2.2)
2.11 Reuse Objects Instead of Creating New Ones If Possible
2.11.1 Use a Pool to Share Resource Objects
2.11.2 Recycle Objects
2.11.3 Use Lazy Initialization to Defer Creating the Object Until You Need It.
2.12 Use Stringbuffer Instead of String Concatenation
2.12.1 Use StringBuffer Instead of String Concatenation If You Repeatedly Append to a String In Multiple Statements
2.12.2 Use Either String or StringBuffer If the Concatenation Is Within
2.12.3 Use StringBuffer Instead of String Concatenation If You Know the Size of the

3 J2EE Best Practices

3.1 JSP Best Practices
3.1.1 Pre-Translate JSPs Before Deployment
3.1.2 Separate Presentation Markup From Java
3.1.3 Use JSP Template Mechanism
3.1.4 Set Sessions=False If Not Using Sessions
3.1.5 Always Invalidate Sessions When No Longer Used
3.1.6 Set Main_Mode Attribute To "justrun"
3.1.7 Use Available JSP Tags In Tag Library
3.1.8 Minimize Context Switching Between Servlets and EJBs
3.1.9 Package JSP Files In EAR File For Deployment Rather Than Standalone
3.1.10 Use Compile-Time Object Introspection
3.1.11 Choose Static Versus Dynamic Includes Appropriately
3.1.12 Disable JSP Page Buffer If Not Used
3.1.13 Use Forwards Instead of Redirects
3.1.14 Use JSP Tagged Cache
3.1.15 Use well_known_taglib_loc To Share Tag Libraries
3.1.16 Use JSP-Timeout for Efficient Memory Utilization
3.1.17 Workarounds for the 64K Size Limit for the Generated Java Method
3.2 Servlet Best Practices
3.2.1 Perform Costly One-Time Operation in Servlet init() Method
3.2.2 Improve Performance by Loading Servlet Classes at OC4J Startup
3.2.3 Analyze Servlet Duration for Performance Problems
3.2.4 Understand Server Request Load When Debugging
3.2.5 Find Large Servlets That Require a long Road Time When Debugging
3.2.6 Watch for Unused Sessions When Debugging
3.2.7 Watch for Abnormal Session Usage When Debugging
3.2.8 Load Servlet Session Security Routines at Startup
3.2.9 Retry Failed Transactions and Idempotent HttpServlet.doGet() Exactly Once
3.2.10 Use HTTP Servlet.doPost() for Requests That Update Database
3.2.11 Avoid Duplicating Libraries
3.2.12 Use Resource Loading Appropriately
3.3 Sessions Best Practices
3.3.1 Persist Session State if Appropriate
3.3.2 Replicate Sessions if Persisting is Not an Option
3.3.3 Do Not Store Shared Resources in Sessions
3.3.4 Set Session Timeout Appropriately
3.3.5 Monitor Session Memory Usage
3.3.6 Always Use Islands, But Keep Island Size Small
3.3.7 Use a Mix of Cookie and Sessions
3.3.8 Use Coarse Objects Inside HTTP Sessions
3.3.9 Use Transient Data in Sessions Whenever Appropriate
3.3.10 Invalidate Sessions
3.3.11 Miscellaneous Guidelines
3.4 EJB Best Practices
3.4.1 Local vs. Remote vs. Message Driven EJB
3.4.2 Decide EJB Use Judiciously
3.4.3 Use Service Locator Pattern
3.4.4 Cluster Your EJBs
3.4.5 Cluster Servlets and EJB into Identical Islands
3.4.6 Index Secondary Finder Methods
3.4.7 Understand EJB Lifecycle
3.4.8 Use Deferred Database Constraints
3.4.9 Create a Cache with Read Only EJBs
3.4.10 Pick an Appropriate Locking Strategy
3.4.11 Understand and Leverage Patterns
3.4.12 When Using Entity Beans, Use Container Managed Aged Persistence
Whenever Possible
3.5 Data Access Best Practices
3.5.1 Datasources Connections Caching and Handling
3.5.2 Datasource Initialization
3.5.3 Disable Auto-Commit Mode for Better Performance
3.5.4 Disable Escape Processing for Better Performance
3.5.5 Defining Column Types
3.5.6 Prefetching Rows Improves Performance
3.5.7 Update Batching Improves Performance
3.5.8 Use Emulated Data Sources for Better Performance
3.5.9 Use Emulated and Non-Emulated Data Sources Appropriately
3.5.10 Use the EJB-Aware Location Specified in Emulated Data Sources
3.5.11 Set the Maximum Open Connections in Data Sources
3.5.12 Set the Minimum Open Connections in Data Sources
3.5.13 Setting the Cache Connection Inactivity Timeout in Data Sources
3.5.14 Set the Wait for Free Connection Timeout in Data Sources
3.5.15 Set the Connection Retry Interval in Data Sources
3.5.16 Set the Maximum Number of Connection Attempts in Data Sources
3.5.17 Use JDBC Connection Pooling and Connection Caching
3.5.18 Use JDBC Statement Caching
3.5.19 Avoid Using More Than One Database Connection Simultaneously in
Same Request
3.5.20 Tune the Database and SQL Statements
3.6 Java Message Service Best Practices
3.6.1 Set the Correct time_to_live Value
3.6.2 Do Not Grant Execute Privilege of the AQ PL/SQL Package to a User or Role
While There Are Outstanding OJMS Session Blocking on a Dequeue
3.6.3 Close JMS Resources No Longer Needed
3.6.4 Reuse JMS Resources Whenever Possible
3.6.5 Use Debug Tracing to Track Down Problems
3.6.6 Understand Handle/Interpret JMS Thrown Exceptions
3.6.7 Ensure You Can Connect to the Server Machine and Database From the
Client Machine
3.6.8 Tune Your Database Based on Load
3.6.9 Make Sure You Tune the OracleOCIConnectionPool
3.7 Web Services Best Practices
3.7.1 Create Stateless Web Services Instead of Stateful Web Services Whenever
3.7.2 UDDI Best Practices

4 Oracle9iAS Framework Best Practices

4.1 Design Frameworks and Patterns
4.2 BC4J Best Practices
4.2.1 Code to Interfaces
4.2.2 Choose the Right Deployment Configuration
4.2.3 Use Application Module Pooling for Scalability
4.2.4 Use Connection Pooling to Optimize Your Use of Database Connections
4.2.5 Perform Global Framework Component Customization Using Custom
Framework Subclasses
4.2.6 Use SQL-Only and Forward-only View Objects When Possible
4.2.7 Do Not Let Your Application Modules Get Too Large
4.2.8 Use the Right Failover Mode
4.2.9 Use View Row Spillover to Lower the Memory Required to Cache a Large
Number of Rows
4.2.10 Implement Query Conditions At Design TIme If Possible
4.2.11 Use the Right JDBC Fetch Size
4.2.12 Turn Off Event Listening in View Object Used in Batch Processes
4.2.13 Choose the Right Style of Bind Parameters
4.3 Java Object Cache Best Practices
4.3.1 Allow Cacheaccess Objects to be Released in Error Conditions
4.3.2 Understand or Delegate Ownership When Doing Synchronize
4.3.3 Set Open File Descriptor Count to 1024 or Higher
4.3.4 Use System Classloader for Object Cached with Java Object Cache
4.3.5 Group Messages Take Precedence Over Individual Objects in the Cache
4.3.6 Understand What Cache Objects Survive Process Termination
4.3.7 Return Cacheaccess Object to the Pool When Not in Use
4.3.8 Use 1:1 Correlation Between Cached Object and Cacheaccess Object
4.3.9 Do Not Share Cacheaccess Object

5 Oracle9iAS Web Cache Best Practices

5.1 Use Partial Page Caching Where Possible
5.2 Use ESI Variables for Improved Cache Hit Ratio for Personalized Pages
5.3 Leverage JESI Over Hand-Generating the ESI Tags
5.4 Use esi:inline and esi:include Tags Appropriately
5.5 Use Basic Invalidation for Single Objects, Advanced for Multiple
5.6 Build Programmatic Invalidation Into Application Logic
5.7 Use Surrogate-Control Headers Instead of Caching Rules
5.8 Improve Performance, Scalabillity, and Availability
5.9 Use Two CPUs and Consider Deploying on Dedicated Hardware
5.10 Configure Enough Memory
5.11 Allocate Sufficient Network Bandwidth
5.12 Set a Reasonable Number of Network Connections
5.13 Cluster Cache Instances for Better Availability, Scalability, and Performance
5.14 Optimize Response Time By Tuning Origin Server and Oracle9iAS Web Cache
5.15 Combine Invalidation and Expiration Policies
5.16 Use Invalidation Propagation in a Cluster
5.17 Route All HTTP and HTTPS Traffic Through Oracle9iAS Web Cache
5.18 Create Custom Apology Pages
5.19 Use Redirection to Cache Entry Pages
5.20 Use the <esi:environment> Tag for Authentication/Authorization Callbacks
5.21 Use Cookies and URL Parameters to Increase Cache Hit Ratios
5.22 Use a Network Load Balancer in Front of Oracle9iAS Web Cache
5.23 Use Oracle9iAS Web Cache Load Balancing Functionality for Availability and Scalability of Origin Servers
5.24 Improve Response Times and Reduce Network Bandwidth With Compression
5.25 Deploy Caches in Remote Offices for Faster Response Times and Reduced WAN
5.26 Turn Off Verbose Logging to Conserve Resources
5.27 Use the Oracle9iAS Web Cache Manager to Avoid Configuration Problems
5.28 Use Web Caching to Help Defend Against Denial-of-Service Attacks
5.29 Tune Invalidation Performance Using Indexes
5.30 Test Application Upgrades and Patches to Ensure Existing Cache and Session Rules
Still Function Correctly
5.31 Use HTTPS for Administration, Invalidation, and Statistics Monitoring

6 Oracle HTTP Server Best Practices

6.1 Configure Appropriately for Modem Connections
6.2 Tune TCP/IP Parameters
6.3 Tune KeepAlive Directives
6.4 Tune MaxClients Directive
6.5 Avoid Any DNS Lookup
6.6 Turn Off Access Login if You Do Not Need to Keep an Access Log
6.7 Use FollowSymLinks and Not SymLinksIfOwnerMatch
6.8 Set AllowOverride to None
6.9 Use mod_rewrite to Hide URL Changes for End Users

7 Oracle9iAS Portal Best Practices

7.1 Performance Best Practices
7.1.1 Use Appropriate Caching Strategy Depending on Page Content
7.1.2 Use Web and Database Providers Judiciously
7.1.3 Improve Availability and Scalability by Having Multiple OC4J_Portal
7.1.4 Scale Oracle9iAS Portal Better by Tuning Oracle9iAS Infrastructure
Database Optimally
7.1.5 mod_plsql Tuning Directly Impacts Oracle9iAS Portal Performance
7.1.6 Leverage Web Provider Session Caching
7.1.7 Increase Execution Speed of Slowest Portlet to Increase Page Assembly Speed
7.1.8 Reduce Page Complexity to Improve Cachability
7.1.9 Measure Tuning Effectiveness Regularly to Improve Performance
7.2 Content Management and Publishing Best Practices
7.2.1 Use a Single Page Group for Unrestricted Copying, Multiple Page Groups for Delegating Administration
7.2.2 Research Taxonomy Before Committing to the Pages
7.2.3 Always Use Page Templates Instead of Directly Creating Pages
7.2.4 Separate Template Content From Layout
7.2.5 Understand the Difference Between Attributes, Categories, and Perspectives
7.2.6 Avoid Using Simple Item Types
7.3 Best Practices for Oracle9iAS Portal Export/Import
7.3.1 General Guideline/Best Practices for Oracle9iAS Portal Export/Import
7.3.2 Best Practices System Checklist Before Performing a Portal Export/Import Operation
7.3.3 Best Practices for Building Transport Sets
7.3.4 Best Practices For Configuring Your Portal Content For Maximal Portability for Export/Import Operations
7.3.5 Best Practices for Exporting/Importing Page Groups and Components
7.3.6 Best Practices for Exporting/Importing Web Providers
7.3.7 Best Practices for Exporting/Importing Users and Groups
7.3.8 Best Practices for Troubleshooting Oracle9iAS Portal Export/Import

8 Oracle9iAS Wireless Best Practices

8.1 Development Best Practices
8.1.1 Use Hosted Instance to Test Applications
8.1.2 Download Up-to-Date Device Simulators for Testing Applications
8.1.3 Use Oracle9iAS Wireless XML
8.1.4 Use JSPs to Generate Oracle9iAS Wireless XML
8.1.5 Use the HTTP Adapter Over a Custom Adaptor
8.1.6 Use Hosted Wireless Web Services (Mobile Modules) for Rapid Development
8.2 Deployment Best Practices
8.2.1 Deploy Own Wireless Infrastructure or Use Hosted Versions
8.2.2 Deploy Your Applications in Phases
8.2.3 Use SMS for Targeted Content in Specific Geographical Regions
8.2.4 Use Oracle9iAS Web Cache with Oracle9iAS Wireless

9 Security Best Practices

9.1 General Best Practices
9.1.1 Best Practices for HTTPS Use
9.1.2 Assign Lowest Level Privileges Adequate for the Task
9.1.3 Best Practices for Cookie Security
9.1.4 Best Practices in Systems Setup
9.1.5 Best Practices for Certificates Use
9.1.6 Review Code and Content Against Already Known Attacks
9.1.7 Follow "Common Sense" Firewall Practices
9.1.8 Leverage Declarative Security
9.1.9 Use the Oracle Integrated Version of JAAS
9.1.10 Use Switched Connections in DMZ
9.1.11 Place Application Server in the DMZ
9.1.12 Tune the SSL SessionCacheTimeout Directive if You Are Using SSL
9.2 OC4J Security Best Practices
9.2.1 Use the Oracle9iAS JAAS Provider for OC4J User Management in Place of principals.xml
9.2.2 Avoid Writing Custom User Managers and Instead Extend the JAAS Provider, Oracle9iAS Single Sign-On, and Oracle Internet Directory
9.2.3 Use Oracle9iAS Single Sign-On as the Authentication Mechanism with the JAAS Provider
9.2.4 Use the JAAS Provider's Declarative Features to Reduce Programming
9.2.5 Use Fine-Grained Access Control Provided by the JAAS Provider and the Java Permission Model
9.2.6 Use Oracle Internet Directory as the Central Repository for the JAAS Provider in Production Environments
9.2.7 Take Advantage of the Authorization Features of the JAAS Provider
9.3 Oracle9iAS Single Sign-On Best Practices
9.3.1 Oracle9iAS Single Sign-On Servers Should Be Configured for High
9.3.2 Leverage Oracle9iAS Single Sign-On Whenever Possible
9.3.3 Have an Enterprise-Wide Directory in Place
9.3.4 Always Use Oracle9iAS Single Sign-On Instead of Writing Custom
Authentication Logic
9.3.5 For Devloping Single Sign-on Enabled Applications, Use mod_osso and Not the Single Sign-on SDK
9.3.6 Always Use SSL with Oracle9iAS
9.3.7 Train Users to be Wary of Providing Their Oracle9iAS Single Sign-On
Username and Password Anywhere Other Than Through the Oracle9iAS
Single Sign-On URL
9.3.8 Train Users to Log Out So the Cookie Does Not Remain Active

10 Oracle Enterprise Manager Best Practices

10.1 Monitor Application Performance During Application Development or Test Cycles Using Oracle Enterprise Manager
10.2 Use Oracle Enterprise Manager to Tune Application SQL
10.3 Use Oracle9iAS Clusters for Application Deployment and
10.4 Use the Oracle Enterprise Manager Deployment Wizard to Deploy Application in Real-Time
10.5 Use Oracle Enterprise Manager Job System to Schedule a Deployment to Occur at a Certain Time
10.6 Select the Oracle Enterprise Manager Management Framework Options That Best Suit Your Needs
10.7 Use the Latest Version of Oracle Enterprise Manager for Managing Both Oracle9iAS and the Oracle Database
10.8 Use the Oracle Enterprise Manager Event System and Notification to Proactively Monitor System Availability
10.9 Use the Oracle Enterprise Manager Event Management System's User-Defined Events to Customize Monitoring of Your Application Servers
10.10 Use Oracle Enterprise Manager to Monitor and Diagnose Performance Bottlenecks and Availability Problems
10.11 When Monitoring Application Server Performance, Use the Host Home Page to Help Diagnose Performance Issues
10.12 Use the Oracle Enterprise Manager Job System to Periodically Back Up Your Oracle9iAS Configuration
10.13 Use Oracle Enterprise Manager to Monitor Rate and Aggregated Performance
10.14 After Restarting Oracle Enterprise Manager, Navigate to Commonly Used Pages
10.15 Use Oracle Enterprise Manager to Change Configurations

11 Installation Best Practices

11.1 General Installation Best Practices
11.1.1 Understand the Various Configuration Tools Available with Oracle9iAS
11.1.2 Try Standard Demos and Associated Applications Before Running Your Applications
11.1.3 Turn Off Unused Services to Reduce Oracle9iAS Memory Requirement
11.1.4 Check Metalink Regularly for Updates to Keep Your Installation Current
11.1.5 Periodically Check the Log Files for Restarts/Errors That Are Masked by Auto Restart Capability
11.1.6 System Administrator and Oracle9iAS Administrator Should Be Different
11.1.7 Use the Appropriate Administration User Accounts
11.1.8 Install All Mid-Tiers on Multiple Smaller Machines, the Infrastructure on Clustered Larger Machines
11.1.9 For a 3-Tier Environment, Install the Infrastructure Instance Twice and Configure Each Tier Differently
11.1.10 Recommendation for Installing Oracle9iAS Portal
11.2 Hosting Installation Best Practices
11.2.1 Install as Different Users When Installing Multiple Instances on the Same
11.2.2 Share the Same Security Service Across Multiple Installations But Split the Metadata Service
11.2.3 Recommendations for Having Large Number of Groups Run the Applications on a Given Instance

12 Deployment Best Practices

12.1 Deployment Architecture Options
12.1.1 Deploying Oracle9iAS as Independent Instances
12.1.2 Deploying Oracle9iAS Instances with Oracle9iAS Web Cache Cluster
12.1.3 Use Standard Oracle9iAS Clusters
12.1.4 Separate OC4J and Oracle HTTP Server Clusters
12.2 General Deployment Best Practices
12.2.1 Deploy/Re-Deploy Applications During Low Traffic
12.2.2 Use Identical Machines
12.2.3 Rolling Upgrades - Form a New Cluster for Major Upgrades
12.2.4 Use Network Level Load Balancer for Increase Scalability/Availability
12.3 Oracle Internet Directory Deployment Best Practices
12.3.1 Use Utility for Bulk Loading Data to Oracle Internet Directory
12.3.2 Replicate Oracle Internet Directory for High Availability
12.3.3 Use SSL Binding for Better Security
12.3.4 Use the Appropriate Backup and Restore Utilities
12.3.5 Recommendations for Audting and Monitoring Oracle Internet Directory
12.3.6 Assign Correct Oracle Internet Directory Privileges for Oracle9iAS
12.3.7 Change Access Control Policies to Better Administer Users
12.3.8 Best Practice for Oracle Internet DirectoryOracle Internet Directory Password
12.3.9 Best Practice for Directory Integration Platform in Third Party Directory Environments
12.3.10 Recommendations for Migrating Oracle9iAS Application to Existing Oracle Internet Directory
12.3.11 Recommendation for Moving Oracle9iAS Applications From Test to Production Oracle Internet Directory

13 Miscellaneous Best Practices

13.1 Simulate Failures and Compute Availability Impact
13.2 Pooling and Sharing
13.3 Perform Incremental Performance Evaluation During the Development Cycle
13.4 Run Your Performance Test on Systems That Will Simulate Your Production Environment
13.5 Understand How to Configure Your Test Driver and Analyze the Result
13.6 Assign Someone Who is Experienced in Running and Analyzing
13.7 Document All Recovery and Repair Procedures, and Practice Them Regularly
13.8 Use Available Tools to Monitor Site Load and Status
13.9 Rolling Period Restarts Avoid Unexpected Errors
13.10 Stock Spares and Have a Backup Schedule

A Oracle9iAS Web Cache Best Practices Appendix

A.1 Use Partial Page Caching Where Possible
A.2 Use <esi:inline> Tags for Existing Applications and <esi:include> Tags for New Applications
A.2.1 Using Inline for Non-Fetchable Fragmentation
A.2.2 Using Include for Fetchable Fragmentation
A.3 Reduce Invalidation Overhead
A.3.1 Send Basic Invalidation Requests for Invalidating One Object
A.3.2 Use Substring Matching for Invalidating Multiple Objects in Advanced Invalidations

Go to next page
Copyright © 2003 Oracle Corporation.

All Rights Reserved.
Go To Documentation Library
Go To Product List