Skip Headers
Oracle® Application Server Best Practices Guide
10
g
Release 2 (10.1.2)
B28654-01
Home
Solution Area
Index
Next
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
1
Introduction to Best Practices
2
Management and Monitoring
2.1
Oracle Enterprise Manager 10
g
Best Practices
2.1.1
Select the Framework Options That Best Suit Your Needs
2.1.2
Application Server Control Console
2.1.2.1
Use the Deployment Wizard to Deploy Applications
2.1.2.2
Use Clusters for Application Deployment and Configuration Management to Simplify Management of Application Servers
2.1.2.3
Monitor Application Performance During Application Development or Test Cycles to Identify Resource Usage and Identify Bottlenecks
2.1.2.4
Use the Host Home Page to Help Diagnose Performance Issues
2.1.2.5
Perform Configuration Changes in Application Server Control to Ensure the Repository is Properly Updated
2.1.2.6
Monitor Rate and Aggregated Performance Metrics to Identify Slow Requests
2.1.3
Grid Control Console
2.1.3.1
Use Alerts and Notifications to Proactively Monitor System Availability
2.1.3.2
Set Up Grid Control Console to Monitor for Availability and Performance Issues
2.1.3.3
Add OracleAS Farms and OracleAS Clusters to Centrally Manage Application Server
2.1.3.4
Use End-User Performance Monitoring to Monitor Response Times of Web Pages
2.1.3.5
Proactively Monitor Web Application Transactions to Test Performance Monitoring
2.1.3.6
Use Diagnostics to Pinpoint OC4J Performance Problems
2.1.3.7
Use Job System to Schedule a Deployment
2.1.3.8
Regularly Perform Backups to Prepare for Loss of Data
2.1.3.9
Use Grid Control to Manage Both Oracle Application Server and the Oracle Database
2.1.3.10
Manage Multiple Oracle Application Server Instances on a Single Host to Reduce Resource Usages
2.2
Oracle Process Manager and Notification Server Best Practices
2.2.1
Start OPMN to Manage Components
2.2.2
Never Start or Stop OPMN Managed Components Manually
2.2.3
Review stdout and stderr to Determine Cause of Components Not Starting
2.2.4
Increase Timeout For Components to Avoid Timed-Out Requests
2.2.5
Set Retry to High Values For Components Running on an Overloaded System to Avoid Restart of Computer
2.2.6
Leverage Additional Logging to Aid in Debugging
2.2.7
Configure Log Rotation to Avoid Log File Size Issues
2.2.8
Configure Additional Start Order Dependencies to Customize Startup
2.2.9
Use Event Scripts to Record Important Events
2.2.10
Use OPMN to Manage External Components
2.3
Distributed Configuration Management Best Practices
2.3.1
Use DCM Archiving to Take Snapshots of Configuration
2.3.2
Specify a Single Instance in a Cluster as the Management Point to Provide A Correct Order of Operations
2.3.3
Avoid Concurrent Administration Operations to Prevent Configuration Conflicts
2.3.4
Avoid Running updateConfig Concurrently with Any Other Configuration Operation to Prevent Configuration Conflicts
2.3.5
Restart Application Server Control Console after Joining or Leaving a Farm or Cluster to Refresh the Console
2.3.6
Use High Availability Features for Infrastructure Repository to Synchronize within a Farm
2.3.7
Follow dcmctl Tips to Improve Usage
2.4
Dynamic Monitoring Services Best Practices
2.4.1
Monitor Your System Regularly to Identify Performance Problems
2.4.2
Take Regular Dumps of Metrics to Capture and Save a Record of Performance Data
2.4.3
Add Performance Instrumentation to Application to Aid Developers
2.4.4
Isolate Expensive Intervals Using PhaseEvent Metrics to Validate Code
2.4.5
Organize Performance Data to Avoid Metrics Not Displaying
2.4.6
DMS Naming Conventions to Improve Metric Reports
2.4.7
Follow DMS Coding Recommendations to Improve Code
2.4.8
Validate New Metrics to Verify Accuracy
3
Oracle HTTP Server
3.1
Configure Topology Appropriately For Modem Connections to Prevent Blocking Oracle HTTP Server
3.2
Tune TCP/IP Parameters to Improve Oracle HTTP Server Performance
3.3
Tune KeepAlive Directives to Improve Connection Performance
3.4
Tune MaxClients Directive to Improve Request Performance
3.5
Avoid Any DNS Lookup to Prevent Performance Degradation
3.6
Tune Off Access Logging to Reduce Overhead
3.7
Use FollowSymLinks and Not SymLinkIfOwnerMatch to Configure Symbolic Links
3.8
Set AllowOverride to None to Prevent Unnecessary Directive Checking
3.9
Use mod_rewrite to Hide URL Changes For End-Users
3.10
Use mod_oc4j Sticky Routing Instead of Configuring the External Router
4
Oracle Application Server Containers for J2EE (OC4J) Applications and Developer Tools
4.1
Java Server Pages Best Practices
4.1.1
Pre-Translate JSPs Before Deployment to Prevent Translation Overhead
4.1.2
Separate Presentation Markup from Java to Improve Application Performance
4.1.3
Use JSP Template Mechanism to Reserve Resources
4.1.4
Set sessions to false If Not Using Sessions to Prevent Overhead of Creating Sessions
4.1.5
Always Invalidate Sessions When No Longer Used to Prevent Overhead of Applications
4.1.6
Set main_mode Parameter to justrun to Prevent Recompilation of JSPs
4.1.7
Use Available JSP Tags In Tag Library to Create Clean and Reusable Code
4.1.8
Minimize Context Switching Between Servlets and EJBs to Avoid Performance Issues
4.1.9
Package JSP Files In EAR File Rather Than Standalone to Standardize Deployment Process
4.1.10
Use Compile-Time Object Introspection to Improve Application Performance
4.1.11
Choose Static Versus Dynamic Includes Appropriately
4.1.12
Disable JSP Page Buffer If Not Used to Improve Performance
4.1.13
Use Forwards Instead of Redirects to Improve Browser Experience
4.1.14
Use JSP Cache Tags to Save Development Time
4.1.15
Use well_known_taglib_loc to Share Tag Libraries
4.1.16
Use jsp-timeout Attribute to Provide Efficient Memory Utilization
4.1.17
Use reduce_tag_code Parameter to Reduce the Size of Generated Java Method
4.1.18
Use Workarounds to Avoid Reaching JVM Code Size Limit
4.1.19
Hide JSP Pages to Prevent Access
4.2
Sessions Best Practices
4.2.1
Persist Session State If Appropriate to Preserve State with Browser
4.2.2
Replicate Sessions If Persisting Is Not an Option to Improve Performance
4.2.3
Avoid Storing Objects in Sessions to Reuse Shared Resources
4.2.4
Set Session Timeout Appropriately to Optimize Performance
4.2.5
Monitor Session Memory Usage to Determine Data to Store in Session Objects
4.2.6
Use Small Islands to Improve Fault Tolerance
4.2.7
Use a Mix of Cookie and Sessions to Improve Performance
4.2.8
Use Coarse Objects Inside HTTP Sessions to Reduce Update Events
4.2.9
Use Transient Data in Sessions Whenever Appropriate to Reduce Replication Overhead
4.2.10
Invalidate Sessions to Prevent Memory Usage Growth
4.2.11
Miscellaneous Guidelines
4.3
Enterprise Java Bean Best Practices
4.3.1
Use Local, Remote, and Message-Driven EJBs Appropriately to Improve Performance
4.3.2
Use EJB Judiciously
4.3.3
Use Service Locator Pattern
4.3.4
Cluster Your EJBs
4.3.5
Index Secondary Finder Methods
4.3.6
Understand EJB Lifecycle
4.3.7
Use Deferred Database Constraints
4.3.8
Create a Cache with Read Only EJBs
4.3.9
Pick an Appropriate Locking Strategy
4.3.10
Understand and Leverage Patterns
4.3.11
When Using Entity Beans, Use Container Managed Aged Persistence Whenever Possible
4.3.12
Entity Beans using Local interfaces Only
4.3.13
Use a Session Bean Facade for Entity Beans
4.3.14
Enforce Primary Key Constraints at the Database Level
4.3.15
Use Foreign Key for 1-1 and 1-M Relationships
4.3.16
Avoid findAll Method on Entities Based on Large Tables
4.3.17
Set prefetch-size Attribute to Reduce Round Trips to Database
4.3.18
Use Lazy Loading with Caution
4.3.19
Avoid Performing O-R Mapping Manually
4.4
Data Access Best Practices
4.4.1
Use Datasources Connections Caching and Handling to Prevent Running Out of Connections
4.4.1.1
DataSource Connection Caching Strategies
4.4.2
Use Data Source Initialization
4.4.3
Disable Escape Processing to Improve Performance
4.4.4
Define Column Types to Save Round-trips to Database Server
4.4.5
Prefetch Rows to Improve Performance
4.4.6
Update Batching to Improve Performance
4.4.6.1
Oracle Update Batching
4.4.6.2
Standard Update Batching
4.4.7
Use More Than One Database Connection Simultaneously in the Same Request to Avoid a Deadlock in the Database
4.4.8
Tune the Database and SQL Statements to Optimize the Handling of Database Resources
4.4.8.1
Tune JDBC
4.4.8.2
Cache JDBC Connections
4.4.8.3
Cache JDBC Statements
4.4.8.4
Cache JDBC Rowsets
4.4.9
Configure Data Source Configurations Options
4.5
J2EE Class Loading Best Practices
4.5.1
Avoid Duplicating Libraries to Prevent Loading Problems
4.5.2
Load Resources Appropriately to Avoid Errors
4.5.3
Enable Class Loading Search Order within Web Modules
4.5.4
Declare and Group Dependencies to Prevent Hidden or Unknown Dependencies
4.5.5
Minimize Visibility to Satisfy Dependencies
4.5.6
Create Portable Configurations
4.5.7
Do Not Use the lib Directory for Container-Wide Shared Libraries to Prevent Loading Issues
4.6
Java Message Service Best Practices
4.6.1
Set the Correct time_to_live Value to Avoid Messages Never Expiring
4.6.2
Do Not Grant Execute Privilege of the AQ PL/SQL Package to a User or Role
4.6.3
Close JMS Resources No Longer Needed to Keep JMS Objects Available
4.6.4
Reuse JMS Resources Whenever Possible to Perform Concurrent JMS Operations
4.6.5
Use Debug Tracing to Track Down Problems
4.6.6
Understand Handle/Interpret JMS Thrown Exceptions to Handle Runtime Exceptions
4.6.7
Connect to the Server and Database From the Client Computer to Debug JMS Connection Creation Problems
4.6.8
Tune Your Database Based on Load to Improve Performance
4.6.9
Ensure OracleAS JMS Connection Parameters are Correct to Avoid Runtime Exceptions
4.6.10
Provide Correct OracleAS JMS Configuration to Avoid Java JMS Exceptions
4.7
Oracle Application Server XML Developer's Kit Best Practices
4.7.1
Choose Correct XML Parsers to Improve Efficiency
4.7.2
Improve XSLT Performance
4.7.3
Use the Stream-based XML Schema and DTD Validation to Improve Performance
4.7.4
Process DOM using the JAXB Interface to Access and Operate on XML Data
4.8
Oracle Application Server TopLink Best Practices
4.8.1
Use OracleAS TopLink Mapping Guidelines to Persist Application Data
4.8.2
Use Caching and Concurrency Protection to Improve Performance
4.8.2.1
OracleAS TopLink Cache Refreshing Policies
4.8.2.2
Avoid Stale Cache Content
4.8.2.3
Cache Coordination
4.8.3
Use Sequencing to Apply Project-Wide Properties to All Descriptions
4.8.4
Implement Performance Options to Improve Performance
4.8.4.1
Performance Diagnostics
4.8.4.2
Tuning
4.9
Oracle Application Server Forms Services Best Practices
5
OracleAS Portal
5.1
Installing, Configuration, Administration, Upgrade, and Troubleshooting
5.1.1
Deploy, Patch, and Test Custom Portlet Providers to Provide Flexibility with Your Upgrade
5.1.2
Upgrade from 10
g
Release 2 (10.1.2.0.2) to 10
g
Release 2 (10.1.4)
5.2
Performance Tuning and Features
5.2.1
Use Appropriate Caching Strategy to Improve Performance
5.2.2
Use Providers Judiciously to Improve Portal Performance
5.2.3
Use Parallel Page Engine to Improve Availability and Scalability
5.2.4
Scale OracleAS Portal to Optimize Performance
5.2.5
Use Repository Services to Remove the Need for mod_plsql Tuning
5.2.6
Leverage Web Provider Session Caching to Improve the Portlet Cache-hit Rate
5.2.7
Increase Perceived Execution Speed to Improve Performance of Portlets
5.2.8
Reduce Page Complexity to Improve Cacheability
5.2.9
Measure Tuning Effectiveness to Improve Performance
5.2.10
Manage Portlet Execution For Each Page to Prevent Portal Slow-Down Issues
5.2.11
Prune Content to Improve Content Cleanup
5.2.12
Use Search Keys to Invalidate
5.3
Content Management and Publishing
5.3.1
Use Page Groups to Delegate Administration
5.3.2
Research Your Taxonomy Before Building Up a Page Hierarchy to Save Rework Time
5.3.3
Use Portal Templates to Improve Consistency
5.3.4
Use Navigation Pages to Manage Portal Template Content
5.3.5
Use Categories, Perspectives and Custom Attributes to Enhance Content Metadata
5.3.6
Use Translations to Create Multilingual Web Sites
5.3.7
Use the View Mode Best Suited to the Task
5.3.8
Use Content Management APIs to Migrate Existing Content
5.3.9
Use Content Management APIs to Organize Content
5.3.10
Use the Content Management Event Framework to React on Any Activity in the Content Management System
5.3.11
Use the Public Search API to Implement Custom Searches
5.3.12
Use WebDAV Capabilities to Support Desktop Applications Centric Users
5.3.13
Use HTML Templates to Create Pixel-Perfect Pages
5.4
Export/Import Utilities
5.4.1
Review Supported Use Cases to Optimize Export and Import Operations
5.4.2
Follow the Guidelines for Export and Import of Portal Objects to Prevent Errors
5.5
Secure the Portal Environment
5.5.1
Implement Post Installation Steps to "Harden" Your Portal Environment From Malicious Attack
5.5.2
Implement a Role-Based Security Model to Simplify Access Control Definition
5.5.3
Base Development of Pages on a Network Aware Custom Page Type to Enable Implementation of Network Access Security
5.5.4
Group secured content to Optimize ACL Determination and "Network Access" Security.
5.5.5
Define Anonymous "Public" Pages and Authenticated "Public" Pages to Simplify Security
5.5.6
Implement Hash Message Authentication (HMAC) Encryption in Communication to Web Providers to Allow for Secured Identity Propagation and J2EE-Based Security
5.5.7
Implement Global Inactivity Timeout to Prevent Attacks through Unauthorized Sessions
5.5.8
Utilize Separate Page Groups and a Segmented Security Realm Within Oracle Internet Directory to Support a Hosted Portal that is to Be Shared Across Independent User Communities
5.6
Portlet Development
5.6.1
Install the Portal Extension for Oracle JDeveloper to Improve Portlet Development
5.6.2
Apply WSRP Standard to Enable Interoperability Between a Standards-enabled Container and any WSRP Portal
5.6.3
Portlet Show Modes
5.6.4
Ensure Links in Portlet Are Correct to Avoid Sending the User Away from the Portal
5.6.5
Use Hybrid Portlets to Provide the Best Possible Rendition in the Desktop Environment
5.6.6
Create a Struts Portlet to Create and Publish Applications within Your Enterprise Portal
5.6.7
When Is It Best to Use the Web Clipping Portlet?
5.6.8
When Is It Best to use OmniPortlet?
5.6.9
When to Use Portlet Parameters?
5.6.10
When to Use Event Support?
5.6.11
Use the
Oracle Application Server Portal Developer's Guide
to Learn How to Build Portlets
6
OracleAS Wireless
6.1
Deploy Multiple Tiers for High-Volume Environments to Avoid Capacity Issues
6.2
Establish Firewall Settings to Permit Protocols
6.3
Deploy Content Sources to a JVM Other Than OC4J_Portal or OC4J_Wireless to Avoid Stability Issues
6.4
Select a Voice Gateway Suited for Your Environment
6.5
Deploy Messaging Applications to Use a Gateway
6.6
Oracle Sensor Edge Server
6.6.1
Copy edgeserver.xml to Clone Server Configurations
6.6.2
Analyze Requirements to Select Best Dispatcher
7
OracleAS Web Cache
7.1
Improve Performance, Scalability, and Availability
7.2
Planning and Deployment
7.2.1
Use Two CPUs and Consider Deploying on Dedicated Hardware to Avoid Operating System Limitations
7.2.2
Cluster Cache Instances to Make Availability, Scalability, and Performance Gains
7.2.3
Use a Hardware Load Balancer in Front of OracleAS Web Caches to Avoid a Single Point of Failure
7.2.4
Use OracleAS Web Cache Built-In Load Balancing to Improve Availability and Scalability of Origin Servers
7.2.5
Test Application Upgrades and Patches to Ensure Existing Cache and Session Rules Still Function Correctly
7.3
Secure Content to Prevent Tampering
7.4
Configuring OracleAS Web Cache
7.4.1
Configure Enough Memory to Avoid Swapping Objects In and Out of the Cache
7.4.2
Allocate Sufficient Network Bandwidth to Accommodate the Throughput Load
7.4.3
Set a Reasonable Number of Network Connections to Maximize Performance
7.4.4
Create Custom Error Pages to Suit Your Environment
7.5
Increasing Cache Hits
7.5.1
Use Cookies and URL Parameters to Increase Cache-hit Ratios
7.5.2
Use Redirection to Cache Entry Pages
7.5.3
Use Surrogate-Control Headers Instead of Caching Rules to Better Manage Cacheability
7.5.4
Use Partial Page Caching Where Possible to Increase Cacheability
7.5.5
Use ESI Variables to Improve Cache-hit Ratios for Personalized Pages
7.5.6
Use the <esi:environment> Tag to Authenticate or Authorize Callbacks
7.5.7
Use JESI to Cache JSP Output
7.6
Invalidation and Expiration
7.6.1
Select the Invalidation Method Best Suited for Your Content to Keep Performance in Check
7.6.2
Build Programmatic Invalidation Into Application Logic to Invalidate Dynamic Content
7.6.3
Combine Invalidation and Expiration Policies to Keep Cache Content Fresh
7.6.4
Use Invalidation Propagation in Clusters to Improve Data Consistency
7.7
Optimizing Response Times
7.7.1
Tuning Origin Server and OracleAS Web Cache Settings to Optimize Response Time
7.7.2
Use Compression to Improve Response Times and Reduce Network Bandwidth
7.7.3
Use Only Warning or Notification Logging Levels to Conserve Resources
8
Oracle Business Intelligence
8.1
Oracle Application Server Reports Services
8.1.1
Leverage High Availability to Replace Separate Clustering Solutions for Each Component
8.1.2
Design Your Paper Layout to Display Report Output in Microsoft Excel
8.1.3
Select Paper Layout to Control Pagination and Web Layout to Control HTML Output
8.1.4
Use Dynamic Environment Switching to Consolidate Reports Servers
8.2
Oracle Business Intelligence Discoverer Best Practices
8.2.1
Identify Worksheets That Need Tuning to Improve Performance
8.2.2
Establish Scalability to Share the Workload
9
Platform Security and Identity Management
9.1
General Best Practices
9.1.1
HTTPS Best Practices
9.1.2
Assign Lowest-Level Privileges Adequate for the Task to Contain Security Leaks
9.1.3
Cookie Security Best Practices
9.1.4
Systems Setup Best Practices
9.1.5
Certificates Use Best Practices
9.1.6
Review Code and Content Against Already Known Attacks to Minimize the Attack Recurrence
9.1.7
Firewall Best Practices
9.1.8
Leverage Declarative Security
9.1.9
Use Switched Connections in DMZ
9.1.10
Place Application Server in the DMZ to Prevent Security Issues
9.1.11
Use Secure Sockets Layer Encryption to Secure LDAP and HTTP Traffic
9.1.12
Tune the SSLSessionCacheTimeout Directive to Meet Your Application Needs
9.1.13
Plan Out The Final Topology Before Installing Oracle Application Server Security Components
9.2
Oracle Application Server Java Authentication and Authorization Service (JAAS) Provider Best Practices
9.3
J2EE Security Best Practices
9.3.1
Avoid Writing Custom User Managers and Instead Use Included APIs to Focus Time on Business Logic
9.3.2
Use the Authentication Mechanism with the JAAS Provider to Leverage Benefits
9.3.3
Use Fine-Grained Access Control
9.3.4
Use Oracle Internet Directory as the Central Repository to Provide LDAP Standard Features
9.3.5
Develop Appropriate Logout Functionality to Prevent Users from Closing the Web Browsers
9.4
OracleAS Single Sign-On Best Practices
9.4.1
Configure for High Availability to Prevent Inaccessible Applications
9.4.2
Leverage OracleAS Single Sign-On to Optimize Administration and Customer Experience
9.4.3
Use an Enterprise-Wide Directory to Eliminate User Data in Multiple Systems
9.4.4
Use OracleAS Single Sign-On to Validate User Credentials
9.4.5
Always Use SSL with Oracle Application Server to Protect Applications
9.4.6
Provide Username and Password Only on Login Screen to Prevent Users from Providing Credentials to Inappropriate Servers
9.4.7
Log Out to Prevent Active Cookies
9.5
Oracle Internet Directory Deployment Best Practices
9.5.1
Use bulkload.sh Utility to Bootstrap System
9.5.2
Replicate to Provide High Availability
9.5.3
Use SSL Binding to Secure Traffic
9.5.4
Use Backup and Restore Utilities to Secure Data
9.5.5
Monitor and Audit Oracle Internet Directory to Improve Availability
9.5.6
Assign Oracle Internet Directory Privileges to Limit Access
9.5.7
Change Access Control Policies to Control User Administration
9.5.8
Best Practice for Directory Integration Platform
9.5.8.1
Use Identity Management Realms to Build Connectivity Between Oracle Internet Directory and Third-Party Directories
9.5.8.2
Configure Synchronization Service to Enable Users to Interact with Deployed Applications
9.5.8.3
Synchronize Oracle Human Resources and Oracle Internet Directory to Provide Access to OracleAS Single Sign-On and Oracle Delegated Administration Services
9.5.9
Incorporate Group Assignment During User Creation to Avoid Multiple Steps
9.5.10
Use opmnctl instead of oidmon and oidctl to Manage Processes
9.5.11
Configure Active Directory Synchronization
9.5.12
Use User Attributes and Password Hints to Make Resetting Credentials Easier
10
Oracle Application Server High Availability Solutions
10.1
Oracle Application Server Cluster (Identity Management)
10.2
Oracle Application Server Cold Failover Clusters
10.2.1
Use Shared Oracle Home Installs for OracleAS Cold Failover Cluster (Middle-Tier) to Simplify Administration
10.2.2
Use Oracle Universal Installer Commands to Attach OracleAS Cold Failover Cluster Oracle Home with the oraInventory
10.2.3
Use Disk Redundancy for OracleAS Cold Failover Cluster to Avoid Oracle Home Failures
10.2.4
Allocate Ports to the OracleAS Cold Failover Cluster Instance to Avoid Failures
10.3
Load Balancers
10.3.1
Use Fault-Tolerant Hardware Load Balancers to Avoid Single Points of Failure
10.3.2
Use Monitoring of Services to Automatically Disable Traffic to Unavailable Nodes
10.3.3
Configure All Idle Time Timeouts to Maximize Time for Unused or Idle Service
10.4
Oracle Application Server Guard
10.4.1
Clean Up Invalid Records to Avoid Instantiation and Synchronization Errors
10.4.2
Use the Same Ports for OracleAS Guard in Avoid Manual Configuration Steps in Synchronization Operations
10.4.3
Use Different Labels and Colors in OracleAS Guard Shells to Avoid Errors
10.4.4
Enable High-Logging Level to Troubleshoot OracleAS Guard Operations
10.5
Backup and Recovery
10.5.1
Use Application Server Control as the Standard Way to Perform Backup and Recovery to Avoid Errors and Typos
10.5.2
Use Instance-Level Backup to Guarantee Consistency
10.5.3
Perform an Image Backup to Recover from Loss of Host Scenario
10.5.4
Use Incremental Backups to Save Time and Disk Space
Index