| Previous Contents Index DocHome Next |
| iPlanet Application Server Overiew Guide |
Chapter 1 iPlanet Application Server
This chapter summarizes the main features and components of iPlanet Application Server (iAS).
Executive Overview
iPlanet Application Server 6.0 provides the most robust e-commerce platform for delivering innovative and leading edge application services to a broad range of servers, clients and devices. Built on a heritage of world-class scalability, reliability and performance, the iPlanet Application Server delivers on the requirements for global e-commerce success by rapid time-to-market and the ability to leverage information systems and business processes across the extended enterprise. With thousands of customers, the iPlanet Application Server enables enterprises, service providers and dot.com businesses to exploit the enormous opportunities of the Net Economy.iPlanet Application Server delivers on the requirements for e-commerce success, including the ability to:
Develop and deliver applications based on Java 2 Platform Enterprise Edition (J2EE) standards
iPlanet Application Server provides robust support for the J2EE standards. At virtually every level of development and deployment, iPlanet Application Server features interfaces and functionality that conform to the J2EE specification. In addition, iPlanet Application Server provides additional key capabilities through services such as load-balancing, failover, and high-availability applied to these same J2EE standards. For example, iPlanet Application Server delivers load-balancing services across JavaServer Pages and servlets.Handle unplanned successes through a highly scalable, reliable, and available architecture
Provide business-to-business, business-to-consumer, and business-to-employee solutions on a single platform
Leverage and integrate information assets both internal and external to the enterprise
Automate business processes across suppliers, customers, and partners
Based on an "open tools" strategy, application development for the iPlanet Application Server platform can be performed with a number of different toolkit options, including:
iPlanet Application Builder offers wizard-based development and tight integration with the application server.
For comprehensive integration with multiple back-end information systems, iPlanet Application Server includes a Unified Integration Framework and Enterprise Connectors which extend the application and data assets for ERP environments, such as IBM CICS, BEA Tuxedo, SAP R/3, and PeopleSoft, into dynamic Web services.Support for Forte for Java, Enterprise Edition featuring enterprise-class development for team development capabilities, including distributed debugging.
Third party products, such as WebGain VisualCafe, IBM VisualAge, Macromedia Dreamweaver, and Inprise JBuilder plug into the iPlanet Application Server architecture for tight integration.
The iPlanet Application Server solution includes the ability to automate business processes across J2EE business logic and legacy/enterprise business logic. The iPlanet Process Manager is a comprehensive web-based solution for designing, deploying and managing business processes on the iPlanet Application Server.
New Features
iPlanet Application Server 6.0 provides significant enhancements over previous versions of the product. This includes full compliance with the JavaTM 2 Platform, Enterprise Edition (J2EETM) APIs and specifications, improvements in performance, scalability and reliability, and enhanced manageability and administration. The iPlanet Application Server platform provides a new integration framework that simplifies and accelerates the development of applications that integrate across multiple information systems, including SAP R/3, CICS, Tuxedo, and PeopleSoft. The product family includes an enterprise class tool suite, as well as support for industry-leading developer and deployment tools. iPlanet Application Server is backward compatible with previous versions of iPlanet Application Server.
Certified Compliance with Java 2 Enterprise Edition
iPlanet Application Server 6.0 features strong support for a wide range of industry standards, including JavaTM 2 Platform, Enterprise Edition (J2EETM) and is certified with the Compliance Test Suite (CTS). J2EE provides a complete, secure foundation and describes a rich set of standards for security, development, deployment, code re-use and portability that allows the enterprise to create applications that are portable and vendor independent. J2EE consists of the following components and APIs:Enterprise JavaBeansTM (EJB) 1.1 The server-side component architecture for the J2EE platform. EJB enables rapid and simplified development of distributed, transactional, secure, and portable Java applications.
JavaServer PagesTM (JSP) 1.1 The JavaServer Pages technology provides a simplified, fast way to create dynamic web content. The JSP technology enables rapid development of web-based applications that are server- and platform-independent
Java Servlets 2.2 Provides web developers with a simple, consistent mechanism for extending the functionality of a web server and for accessing existing business systems.
JDBCTM 2.0 (Core and Standard Extensions, and Optional Package 2.0) Provides access virtually any tabular data source from the Java programming language. It provides cross-DBMS connectivity to a wide range of SQL databases, and now, with the new JDBC API, it also provides access to other tabular data sources, such as spreadsheets or flat files.
Java Transaction API (JTA) 1.0 Specifies standard Java interfaces between a transaction manager and the parties involved in a distributed transaction system: the resource manager, the application server, and the transactional applications.
Java Naming and Directory InterfaceTM (JNDI) 1.2 Works in concert with other J2EE technologies to organize and locate components in a distributed computing environment.
RMI-IIOP 1.0.1 Remote Method Invocation (RMI) over Internet Inter-Orb Protocol (IIOP) delivers Common Object Request Broker Architecture (CORBA) compliant distributed computing capabilities to the JavaTM 2 platform and to the Java Development Kit (JDKTM) 1.2. This enables Rich Clients such as stand alone Java applications to communicate directly with the application server.
Java Message Service (JMS) 1.0.2 Provides a set of standard Java language interfaces to enterprise messaging systems, often called message-oriented middleware. These interfaces are implemented by products called JMS providers. The JMS API and provider framework enables the development of portable, message-based applications in the Java programming language.
JavaMailTM 1.1 Provides a set of abstract classes that model a mail system. The API provides a platform independent and protocol independent framework to build Java technology-based mail and messaging applications.
JavaBeansTM Activation Framework (JAF) 1.0 Enables developers to take advantage of standard services to determine the type of an arbitrary piece of data, encapsulate access to it, discover the operations available on it, and to instantiate the appropriate bean to perform said operation(s). For example, if a browser obtained a JPEG image, this framework would enable the browser to identify that stream of data as an JPEG image, and from that type, the browser could locate and instantiate an object that could manipulate, or view that image.
Extensible Markup Language (XML) XML is used as the standard for describing all J2EE Deployment Descriptors. iPlanet Application Server use XMLfor application assembly and deployment.
CORBA 2.3 enables cross-platform interoperability
HTML is the universal language of the Web
LDAP (Lightweight Directory Access Protocol) enables access to large scale directories, providing authentication and access control
SNMP provides an interface which enables status monitoring by network management systems
IMAP/POP3 are standard electronic e-mail protocols
XA is a standard protocol for distributed database transactions
J2EE Enhancements
More than just complying with the J2EE standard, iPlanet Application Server enhances the functionality of the J2EE specification:
Overall availability is improved with failover for key J2EE components:
Rich client load balancing over RMI-IIOP
JSP load-balancing — JSPs now can have GUIDs:
GUIDs uniquely identify each JSP process. This enables JSP to be load-balanced, similarly to servlets, and applogics in previous versions of the application server.
There is a conversion tool provided to transform JSP 0.92 pages (Netscape Application Server 4.0) to JSP 1.1.This also enables JSPs to use results caching
There is continued support for JSPs without GUIDs, as unregistered JSPs
JSP Page Caching — calls to JSP pages are cached, providing similar functionality as results caching in NAS 4.0.
JMS Connection Pooling and User Mapping — Connection Pooling enhances the performance and reliability of iPlanet Application Server applications using JMS via the creation and management of pools of connections from iPlanet Application Server to a JMS-enabled messaging product. User mapping speeds iPlanet Application Server application development and eases administration by supporting the easy mapping of users — authenticated at the web application level — to users, groups, and roles authorized by the JMS-enabled messaging provider.
Improved Performance, Scalability and Reliability
The iPlanet Application Server provides a fifth generation architecture with market proven performance, scalability, and reliability leadership at leading e-commerce sites. For customers requiring high transaction integrity and continuous up-time, the iPlanet Application Server eliminates single points of failure through application failover at every level of the J2EE development environment, including JavaServer Pages, Java Servlets, and Enterprise JavaBeans failover. iPlanet Application Server also ensures that user information and application data are not lost during a failure by distributing the state and session information of a transaction across multiple servers.iPlanet Application Server features enhanced load balancing capabilities. For example, there is weighted round robin load balancing — administrators can assign characteristics such as numbers of CPUs and CPU speed to determine how servers can balance requests. iPlanet Application Server supports load balancing among CPUs within a multiprocessor server, and provides load-balancing capabilities across the J2EE processes.iPlanet Application Server also provides response time and server-load based load balancing. Load balancing is also available for JSP processes, and rich clients.
iPlanet Application Server provides high performance features including connection caching and pooling, results caching, data streaming, optimized web server communication, and a multi-threaded, multiprocessing architecture. The iPlanet Application Server also provides application partitioning to ensure that application logic is run on the server with the most capacity. iPlanet Application Server also features performance improvements with Web and Directory services. For example, this release features high-performance connectivity with the iPlanet Web Server and iPlanet Directory Server products.
iPlanet Application Server integrates the Encina transaction monitor as core feature of the server for optimal performance, reliability, and manageability. The Encina transaction monitor provides reliability for distributed transactions.
Many iPlanet Application Server components, including JSPs and applications, can be deployed without shutting down the relevant servers. This provides maximum availability while offering up-to-date application functionality.
Reacting to "unplanned success" is the most critical requirement for e-commerce platforms on the internet where demand can scale from hundreds to millions of users over-night. The iPlanet Application Server provides superior performance required to react to such high volume by allowing companies to scale applications across multiple CPUs within a physical hardware server, as well as across multiple machines.
Enterprise-Class Development and Deployment Tools
iPlanet Application Server supports the Java programming environment for new application development, as well as existing Netscape Application Server 4.0 C++ applications. However, Java applications are easier to develop and maintain, because they can take advantage of the enhanced, standards-based application model.Application developers can choose from among various tools to build applications. These tools can range from simple text editors, to visual Java editors and visual HTML editors, to integrated development environments (IDEs). iPlanet Application Server's workbench plug-in framework enables a best-of-breed approach — developers can choose the development tool of preference for creating iPlanet Application Server applications. J2EE compliance provides simple plug-in capabilities for applications and components that are externally developed or purchased on the open market.
The tools include iPlanet Application Builder and iPlanet Extension Builder. These tools are tightly integrated with iPlanet Application Server but are packaged separately.
iPlanet Application Builder
iPlanet Application Builder is an Internet application development tool designed to simplify the creation of multi-tiered enterprise-class applications that run on iPlanet Application Server. iPlanet Application Builder provides an intuitive and productive web development environment that enables developers to leverage the rich, prebuilt application and infrastructure services of Application Server. By targeting the distributed multitier application model of iPlanet Application Server, iPlanet Application Builder enables developers to rapidly build sophisticated, business-critical web applications for the Internet. iPlanet Application Builder also interoperates with third-party tools such as WebGain VisualAge, Inprise JBuilder, and Macromedia Dreameaver.
Third Party Tools
Forte for Java Enterprise Edition is available for customers who are deploying large (10-200) development teams, and working from a large pool of reusable components. Forte for Java has strong versioning capabilities, making it ideal for environments where there is a need to manage and control frequent application changes.iPlanet Application Server also supports sophisticated Object to Relational (OR) mapping middleware. CocoBase, from Thought, Inc., provides a dynamic repository based Object to Relational mapping tool which delivers Container Managed Persistence (CMP) and Bean Managed Persistence.
Enhanced Management and Administration
iPlanet Application Server eases application management by providing integrated management facilities.
iPlanet Application Server Administration Tool
iPlanet Application Server Administration Tool (iASAT) manages one or more iAS machines or applicationsis. iASAT is a Java application with a graphical user interface that manages such tasks as performance settings, load balancing parameters and configuring devices. iASAT enables the following capabilities:
Remote management of multiple servers and distributed applications.
Dynamic deployment and scaling of applications.
Performance tuning and optimization of the server environment.
Management and tuning involves tasks such as adjusting database connection threads, adjusting load-balancing parameters, configuring web servers, and managing roles
Event Logging and Failure Analysis
Security features including viewing and management of security roles
Transaction Management features for local or global transactions
Dynamic Application Management
iPlanet Application Server's architecture allows partitioned applications to run even if one or more servers fail. In a load-balanced server configuration, application logic can be replicated on multiple servers. If a server fails, the load balancing module dynamically directs requests to other available servers, thus preventing application-wide failure.Because the iPlanet Application Server architecture promotes high availability of applications, server administrators can use iPlanet Application Server Administrator to perform a variety of tasks in real time, without interrupting an application's operation. These tasks include:
iAS Deployment Tool
The iPlanet Application Server Deployment Tool Features:
Support for creation and deployment (and enhanced XML editing) of J2EE modules
Support for J2EE assembly and automated deployment of J2EE applications and components Configuration of security roles, authentication for the application, and binding in LDAP
iAS Installation Tool
iPlanet Application Server Installation Tool provides four types of installation options:
Express provides the quickest installation. Most configuration parameters are set to default.
Typical installation lets the administrator override some of the default configuration parameters.
Custom offers a complete installation. Administrators can configure databases, transactions, and server processes and connections.
Silent is a non-interactive installation process. Once an administrator has determined the optimal parameters for a given server type, these can be re-used to quickly set up additional installations.
Event Logging and Failure Analysis
iPlanet Application Server provides facilities for logging requests from Web servers and logging system-level and application-level events on iPlanet Application Servers. For deployed applications, system administrators can use contemporaneous logs to assist with failure analysis and to detect attempted security breaches.Event logging occurs in multiple ways on the iPlanet Application Server:
Application developers can enable logging in their application logic to assist with failure analysis. For example, an application can log messages like "Transaction succeeded" or "Transaction failed" depending on conditions and events at run-time.
System administrators can enable automatic event logging to record the messages generated by dynamically loadable modules (DLMs) and application execution.
System administrators can enable HTTP request logging to record and monitor the requests received by a Web server. Administrators can specify brief, normal, or detailed logging. If logging is enabled, iPlanet Application Server logs information about the HTTP requests to a specified target database. Administrators can then analyze the logs, generate custom reports, and so on. HTTP request logging requires NSAPI or ISAPI Web Connectors.
Support for Third-Party Management Tools
iPlanet Application Server provides the ability to be monitored and managed via SNMP agents such as HP OpenView. SNMP is a protocol used to exchange data about system and network status and activity.iPlanet Application Server stores variables pertaining to network management in a tree-like hierarchy known as the server's management information base (MIB). Through this MIB, iPlanet Application Server exposes key management information to third-party tools that run SNMP. As a result, iPlanet Application Server can integrate with an enterprise's server management tools, thereby allowing other solutions for remote administration.
Tight Integration with iPlanet Directory Server and iPlanet Web Server
iPlanet Application Server includes the run-time versions of the iPlanet Directory Server and iPlanet Web Server, Enterprise Edition.
iPlanet Directory Server
iPlanet Directory Server, which is packaged with iPlanet Application Server, is iPlanet's implementation of the Lightweight Directory Access Protocol (LDAP). iPlanet Application Server uses iPlanet Directory Server not only to store iPlanet Application Server configuration data but also as a central repository for user and group information. A single iPlanet Directory Server can support multiple instances of iPlanet Application Server. This means that administrative data for all iPlanet Application Server installations can be centralized in one place. iPlanet Directory Server automatically monitors any updates made to iPlanet Application Server clusters or applications. This feature can reduce administration and ensure the most recent applications are loaded.The iPlanet Application Server Administrator acts as an LDAP client and can access information about users and groups. As a result of this integration with LDAP, iPlanet Application Server provides unified management of users, groups, and roles across the enterprise.
iPlanet Web Server
iPlanet Web Server plug-in for iPlanet Application Server provides performance improvements over other web server platforms; iPlanet Web Server supports servlet and Java ServerPages standards, enabling J2EE application partitioning for performance improvements, load-balancing capabilities, and component fail-over services.
Application Model
An application model is the conceptual division of a software application into functional components. The iPlanet Application Server application model promotes code reusability and faster application deployment.The iPlanet Application Server application model divides an application into multiple layers: presentation, business logic, and data access. Presentation is further separated to distinguish page layout and presentation logic. Data access refers to both databases and other data sources.
The iPlanet Application Server application model is component-oriented. For Java applications, the application model has been enhanced to be fully compliant with the J2EE standard.
The following table lists the main components that make up the functions of an application in the iPlanet Application Server environment:
Industry-Standard Application Components
For developing Java applications, we recommend that you use standard components whenever possible. These standards-based components include servlets, JavaServer Pages (JSPs), and Enterprise JavaBeans (EJBs), described as follows:
Servlets are Java classes that define page logic and page navigation. Servlets also support the creation or invocation of business components.
In addition, application components can invoke JDBC calls. JDBC is a standard API for database connectivity.JSPs are web browser pages written in a combination of HTML, JSP tags, and Java.
EJBs encapsulate an application's business rules and business entities.
High Scalability
iPlanet Application Server has a scalable architecture. This means that applications can be built to meet the needs of initial deployment. Applications can then be scaled as business needs grow.Application scaling is accomplished in two main ways: either by adding more servers to a cluster of servers, or by adding more CPUs to a multi-CPU system. Application logic can then be deployed to the new servers. Developers do not need to change any application logic as the user base grows.
In addition, application tasks can be assigned to the server best able to process the request efficiently. This is accomplished either through application partitioning or through dynamic load balancing.
Application Partitioning
The iPlanet Application Server architecture supports application partitioning, which allows logic to be distributed across servers as an application scales to accommodate heavier loads. Using iPlanet Application Server Administration Tool, system administrators can partition an application into functional areas.For example, in an online catalog application, the application logic for order processing, inventory management, and checkout processing can reside on different servers. Regardless of how applications are partitioned and distributed, the application functions as a single, cohesive unit.
Application logic can also be grouped where each group consists of related operations. For example, a group might contain all logic associated with order processing. Each application component can belong to one or more groups. Applications can also share application logic.
System administrators can deploy these groups of application logic objects locally or globally across application servers in the following ways:
Portions of an application might uniquely reside on different iPlanet Application Servers, yet still run as a single application. In this way, application logic can be stored on the server that can run it most efficiently. For example, data-intensive application logic can be run on the server that is closest to the data source to avoid latencies associated with accessing remotely located data.
For load-balanced applications, the same group of application logic objects can be stored on multiple servers. This allows an application to run the application logic more efficiently on the server with the most available resources.
Applications might dynamically share certain application logic objects. For example, all applications in a network might share the same application logic for user login and authentication, or for credit card authorization.
Application partitioning gives system administrators tremendous flexibility to scale and tune the performance of applications. In addition, having application components stored on multiple servers helps ensure high application availability in the event of a server shutdown.
Dynamic Load Balancing
In an environment with multiple iPlanet Application Server installations, incoming requests first pass through the Load Balancing System. The Load Balancing System directs the request to the server best suited to process it. iPlanet Application Server offers many load balancing methods, including server load, response time, round robin and weighted round robin mechanisms. These are covered in detail in the Administration section. Administrators can choose the among these load balancing mechanisms, as well as tune the parameters as appropriate.
High Performance
iPlanet Application Server is a high performance, multi-threaded, and multiprocessing application server. iPlanet Application Server can handle a high number of concurrent requests, database connections, and sessions, and provides high performance even under heavy loads.In addition to the high-performance architecture, iPlanet Application Server offers many features which offer enhanced efficiency.
iPlanet Application Server delivers high performance between web servers, other iPlanet Application Server machines, and heterogeneous back-end data sources through the following features:
JSP caching
Aside from the application server, other factors affecting application performance include network topology, network and server hardware, database architecture, and application programming.
JSP Caching
iPlanet Application Server 6.0 provides a new feature called JSP Caching, which aids in development of compositional JSPs. This provides functionality to cache JSPs within the Java engine, thereby making it possible to have a master JSP which includes multiple JSPs (similar to a portal page), each of which can be cached using different cache criteria. JSP caching is in addition to result caching.
Result Caching
iPlanet Application Server improves application performance by caching the results of application logic execution. Developers can optionally enable this feature in their applications.If caching is enabled, iPlanet Application Server saves the application logic's input parameters and results in the cache. The next time the iPlanet Application Server executes the same request, the server can first check the cache to determine whether the input parameters match the cached input parameters. If they match, the server retrieves the results from the cache instead of executing the request again. Result caching is especially effective for large data requests that involve lengthy processing time and for frequently accessed application logic.
iPlanet Application Server has the ability to cache the results of a servlet in order to make subsequent calls to the same servlet faster. iPlanet Application Server caches the results of a request (i.e. a servlet's execution) for a specific amount of time, so that if another call for that data happens, it can just return the cached data rather than having to perform the operation again.
Database Connection Caching
To improve performance, the iPlanet Application Server caches database connections so that commonly used, existing connections are re-used rather than re-established each time. Connection caching avoids the overhead involved in creating a new database connection for each request.Application developers can enable database connection caching in their application logic. At run time, when a request creates a new connection to a database, iPlanet Application Server stores the connection in the cache. When the request has completed using the connection, the connection is marked as free in the cache. If a new request is made to the same database by the same user, iPlanet Application Server can first check the cache and use an existing free connection rather than creating a new one. If the freed connection remains unused after a specified time-out period, it is released by the server.
System administrators can use the iPlanet Application Server Administration Tool to specify server-wide settings for database connection caching, such as the initial number of slots in the cache and the time-out limit for free connections, and so on.
Using iPlanet Application Server Administration, system administrators can monitor server performance and tune the number of available connections in the cache. This ensures an optimal ratio of cached connections to system resources.
Data Streaming
iPlanet Application Server provides data streaming facilities. Streaming improves performance by allowing users to begin viewing results of requests sooner, rather than waiting until the complete operation has been processed. Application developers can explicitly control what data is streamed, or allow the system to provide automatic streaming.Streaming is especially useful for large data sets involving lengthy queries. For example, suppose a user requests a price list containing 10,000 items. The application can process the query and display items to the user as they become available, for example, 40 at a time (typically one full page view), rather than wait until all 10,000 items have been retrieved from the database.
Multi-threaded Capabilities
iPlanet Application Server supports the multi-threading capabilities of the host operating system. An application can optimize performance by processing requests on multiple threads, which maximizes CPU resource utilization.Application developers automatically take advantage of multi-threading in their applications. In addition, developers can run database operations such as queries, inserts, updates, deletes, and so on, asynchronously. Asynchronous operations allow an application to do other work while a time-consuming operation, such as a large query, runs in the background.
System administrators can use iPlanet Application Server Administration tool to specify settings for multi-threading, such as the following:
Minimum and maximum number of threads to handle all requests
Typically, administrators will monitor server performance and tune the number of available threads to achieve an optimal ratio of threads to system resources.Minimum and maximum number of threads to handle asynchronous database requests
Optimized Communication with Web Servers
iPlanet Application Server optimizes application performance through tighter integration with web servers. This integration occurs using Web Connector Plug-ins and corresponding Listeners. iPlanet Application Server supports NSAPI, ISAPI, and optimized CGI for iPlanet, Microsoft, and CGI-compatible Web servers, respectively.
Session and State Management
iPlanet Application Server supports state and session management capabilities required for web-based applications. iPlanet Application Server provides a number of classes and interfaces that application developers can use to maintain state and user session information.State and session information is stored on each server in a distributed environment. For example, an application can display a login screen, prompt users to enter their user name and password, then save this information in a session object. Thereafter, the application uses this same information to log in to multiple databases without prompting the user to type it in again.
Similarly, in an online shopping application, a session object can store a list of products selected for purchase (such as quantity, price, and so on) and persistent variables (such as running order totals).
State and session management is especially important for applications that have complex, multi-step operations. In an environment where application logic is partitioned across different servers, system administrators can use the iPlanet Application Server Administration to optionally designate a single server to act as the central repository for all state information. As in previous versions, iAS maintains and replicates distributed user session-information and distributed application-state information.
High Availability
Many enterprise applications must be accessible (available) to users 24 hours a day, 7 days a week. iPlanet Application Server provides a highly available and reliable solution through the use of load balancing and dynamic failover (also called failure recovery).iPlanet Application Server enables you to distribute all or part of an application across multiple servers. As a result, if one server goes down, the other servers can continue to handle requests. iPlanet Application Server minimizes downtime by providing automatic application restarting. In addition, iPlanet Application Server maintains and replicates distributed user-session information and distributed application-state information. Information is maintained as long as more than one iPlanet Application Server installation is running in a cluster with the server that crashed.
Developers need not be concerned with building recovery and scalability features into their application. The application inherits these features simply by being hosted on the runtime environment.
iPlanet Application Server 6.0 features a set of failover capabilities that promote application availability. These include:
Stateful session bean failover A session bean implements business logic. For example, a bean may hold the contents of an online shopping cart. If there are unexpected fatal problems with the server, the bean fails over to another server, and the user picks up where they left off. Supporting failover for stateful session beans is an iPlanet Application Server value-added feature. J2EE programs do not need any modification to support this iPlanet Application Server failover feature.
Rich Client failover The Rich Client Corba Executive Service (CXS) acts as a bridge between Rich Clients that use the Internet Inter-ORB Protocol (IIOP) and the EJBs on iPlanet Application Server's Java engine(s). If the CXS server within iPlanet Application Server crashes, the state of the bridge objects for all EJBs are restored to that before the crash.
Security
Planet Application Server supports all J2EE security requirements, including role-based authentication, certificate authentication, and form-based authentication.iPlanet Application Server provides secure web server communication and supports SSL, HTTPS, and HTTP challenge-response authentication to clients. To bridge the security gap between browsers and data sources, iPlanet Application Server supports user authentication, cookies, and database access controls for the secure handling of transactional operations. Event logging and tracking enables detection of, and protection against, unauthorized access.
Security Using Access Control Lists
iPlanet Application Server 6.0 also provides for security through Access Control Lists (ACL). In this model, secure applications depends on two kinds of validation:You authenticate users by comparing a user name and password provided by the user with a user name and password stored in the directory server using LDAP. Authentication is held in the user's session and remains available until the session expires or the user logs out. Components can retrieve the identity in order to ensure that the caller is authentic.
You create secure components by setting up access control lists (ACLs) that define permissions granted to specific users and groups. These lists are also stored in the Directory Server using LDAP. Components can test for a user's membership in these groups.
The following diagram shows the basic steps in the security model:
First, the application establishes a session for the user, and prompts the user to supply a user name and password.
The identity can be used to determine whether a user or group is a member of a certain "role", so that application flow can be controlled based on a user's function in the application paradigm. For example, if part of your application is restricted to paying customers only, those customers can be associated with a group called PayingCustomers. You can then write your components to perform tasks based on a user's membership in that group.A servlet authenticates the user name and password by comparing them with the values in the Directory Server, and then "logs the user in" by authenticating the user's session.
The server's context, a programmatic view of the state of the server, recognizes the authenticated session by managing an identity object to components. Components can test authenticity by examining this identity.
Additionally, components can test the identity to see whether it has permission to perform certain tasks. These permissions are defined in an access control list, which resides in the Directory Server.
If the user logs out or the session expires, the context can no longer supply the identity, so authentication fails for any requests that require security.
Additionally, each component can have an access control list (ACL) that defines the permissions given to various users or groups with respect to that component. You define the permissions and the users/groups to which they apply either from the iPlanet Application Server Administration Tool or in component configuration files. For example, an EJB that represents an employee database can contain an ACL specifying that members of the group Employee can only read the data, while members of the group Manager can also update the data.
JMS - Java Message Server
JavaTM Message Service (JMS) 1.0.2 provides a set of standard Java language interfaces to Enterprise Messaging Systems, often called Message Oriented Middleware. These interfaces are implemented by products called JMS Providers. The JMS API and provider framework enables the development of portable, message based applications in the Java programming language.JMS provides connection Pooling and User Mapping:
Connection Pooling enhances the performance and reliability of iAS applications using JMS via the creation and management of pools of connections from iAS to a JMS-enabled messaging product.
User mapping speeds iAS application development and eases administration by supporting the easy mapping of users authenticated at the web application level to users, groups, and roles authorized by the JMS-enabled messaging provider
Next Generation Applications with XML
iPlanet Application Server provides complete support for building the next generation of vertical applications using XML. iAS is bundled with the Apache XML parser (Xerces) and XSL processor (Xalan). The rich generating and validating capabilities allow the Xerces-J Parser to be used for:
Advanced vertical applications that use XML as their data format.
Xerces provides excellent XML parsing and generation. It conforms to theW3C XML, XML schema and DOM (Level 1 and 2) standards, as well as the defacto SAX (version 2) standard for fully-validating Java parsers. The Xerces parser is component based, modular and can be easily configured.Instant validation for creating XML editors.
Creating and maintaining integrity of e-business data expressed in XML.
XML documents are converted to HTML, text and other XML document types using the XSL processor, Xalan. for transforming XML documents into HTML, text, or other XML document types. Xalan-J version 1.0.1 conforms to the Java W3C Recommendations for XSL Transformations (XSLT) and the XML Path Language (XPath).
Previous Contents Index DocHome Next
Copyright © 2000 Sun Microsystems, Inc. Some preexisting portions Copyright © 2000 Netscape Communications Corp. All rights reserved.
Last Updated April 27, 2000