Oracle Application Server

Oracle Application Server Overview of Oracle Application Server Release 4.0 Part No. A60115-01

Overview of Oracle Application Server Part No. A60115-01 Release 4.0 Copyright 1996, 1998, Oracle Corporation. All rights reserved. The programs are not intended for use in any nuclear, aviation, mass transit, medical, or other inherently dangerous applications. It shall be licensee's responsibility to take all appropriate failsafe, back up, redundancy and other measures to ensure the safe use of such applications if the Programs are used for such purposes, and Oracle disclaims liability for any damages caused by such use of the Programs. This Program contains proprietary information of Oracle Corporation; it is provided under a license agreement containing restrictions on use and disclosure and is also protected by copyright, patent and other intellectual property law. Reverse engineering of the software is prohibited. The information contained in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. Oracle Corporation does not warrant that this document is error free. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Oracle Corporation If this Program is delivered to a U.S. Government Agency of the Department of Defense, then it is delivered with Restricted Rights and the following legend is applicable: Restricted Rights Legend Programs delivered subject to the DOD FAR Supplement are "commercial computer software" and use, duplication and disclosure of the Programs shall be subject to the licensing restrictions set forth in the applicable Oracle license agreement. Otherwise, Programs delivered subject to the Federal Acquisition Regulations are "restricted computer software" and use, duplication and disclosure of the Programs shall be subject to the restrictions in FAR 52..227-14, Rights in Data -- General, including Alternate III (June 1987). Oracle Corporation, 500 Oracle Parkway, Redwood City, CA 94065. Oracle is a registered trademark, and the Oracle logo, NLS*WorkBench, Pro*COBOL, Pro*FORTRAN, Pro*Pascal, SQL*Loader, SQL*Module, SQL*Net, SQL*Plus, Oracle7, Oracle Server, Oracle Server Manager, Oracle Call Interface, Oracle7 Enterprise Backup Utility, Oracle TRACE, Oracle WebServer, Oracle Web Application Server, Oracle Application Server, Oracle Network Manager, Secure Network Services, Oracle Parallel Server, Advanced Replication Option, Oracle Data Query, Cooperative Server Technology, Oracle Toolkit, Oracle MultiProtocol Interchange, Oracle Names, Oracle Book, Pro*C, and PL/SQL are trademarks or registered trademarks of Oracle Corporation. All other company or product names mentioned are used for identification purposes only and may be trademarks of their respective owners.

Contents Preface... v 1 What is Oracle Application Server? Web Servers and Application Servers... 1-1 Web Servers... 1-2 Application Servers... 1-2 Common Object Request Broker Architecture (CORBA)... 1-2 Application Logic in the Thin-Client Model... 1-2 Types of Applications... 1-4 Common Gateway Interface (CGI) Applications... 1-4 Cartridge Servers... 1-4 JCORBA Applications... 1-5 Enterprise JavaBeans Applications... 1-5 Application Development... 1-6 Tools Provided with Oracle Application Server... 1-7 Application Deployment... 1-7 Oracle Application Server 4.0 Features... 1-8 Cartridges... 1-8 CORBA Applications... 1-9 Oracle Application Server Administration... 1-9 Resource Management... 1-10 Security... 1-10 Oracle Wallet Manager... 1-10 Monitoring and Site Management... 1-10 Failure Recovery... 1-11 iii

Apache Listener... 1-11 Inter-Cartridge Exchange Service... 1-11 Session Service... 1-11 Features New to the 4.0 Release... 1-12 Oracle Application Server 4.0 Enterprise Edition Features... 1-13 Transaction Service... 1-13 Content Service... 1-13 Load Balancing... 1-13 ODBC Cartridge... 1-14 2 Oracle Application Server Architecture Clients... 2-1 Sites... 2-2 Listeners... 2-3 Dispatchers... 2-3 Cartridges Servers and Cartridge Instances... 2-3 Resource Manager Proxy... 2-4 Request Handling... 2-4 Life Cycle of an HTTP Request... 2-5 Life Cycle of a CORBA/IIOP Request... 2-6 Glossary iv

Preface Audience This book is an overview of Oracle Application Server 4.0 for a general audience. The Oracle Documentation Set This table lists the Oracle Application Server documentation set. Title of Book Part Number Oracle Application Server Administration Guide A60172-01 Oracle Application Server Developer s Guide A60121-01 Oracle Application Server Installation Guide for Sun SPARC Solaris 2.x A58755-01 Oracle Application Server Installation Guide for Windows NT A58756-01 Oracle Application Server Cartridge Management Framework A58703-01 Overview of Oracle Application Server 4.0 A60115-01 Oracle Application Server Performance and Tuning Guide A60120-01 Oracle Application Server PL/SQL Web Toolkit Quick Reference A60119-01 Oracle Application Server PL/SQL Web Toolkit Reference A60123-01 Oracle Application Server Security Guide A60116-01 Oracle Application Server C API Reference A60122-01 Oracle Application Server C API Quick Reference A60118-01 Oracle Application Server JWeb Toolkit Quick Reference A65162-01 v

Conventions This table lists the typographical conventions used in this manual. Convention Example Explanation bold oas.h owsctl wrbcfg www.oracle.com Identifies file names, utilities, processes, and URLs italics file1 Identifies a variable in text; replace this place holder with a specific value or string. angle brackets <filename> Identifies a variable in code; replace this place holder with a specific value or string. courier owsctl start wrb Text to be entered exactly as it appears. Also used for functions. square brackets [-c string] [on off] Identifies an optional item. Identifies a choice of optional items, each separated by a vertical bar ( ), any one option can be specified. braces {yes no} Identifies a choice of mandatory items, each separated by a vertical bar ( ). ellipses n,... Indicates that the preceding item can be repeated any number of times. The term Oracle Server refers to the database server product from Oracle Corporation. The term oracle refers to an executable or account by that name. The term oracle refers to the owner of the Oracle software. Technical Support Information Oracle Worldwide Customer Support (WWCS) can be reached at the following numbers: In the USA: Telephone: 1.650.506.1500 In Europe: Telephone: +44 1344 860160 In Asia: Telephone: +81. 3 5717. 1850 vi

Please prepare the following information before you call, using this page as a checklist: your CSI number (if applicable) or full contact details, including any special project information the complete release numbers of the Oracle Application Server and associated products the operating system name and version number details of error codes and numbers and descriptions. Please write these down as they occur. They are critical in helping WWCS to quickly resolve your problem. a full description of the issue, including: What - What happened? For example, the command used and its result. When -When did it happen? For example, during peak system load, or after a certain command, or after an operating system upgrade. Where -Where did it happen? For example, on a particular system or within a certain procedure or table. Extent - What is the extent of the problem? For example, production system unavailable, or moderate impact but increasing with time, or minimal impact and stable. Keep copies of any trace files, core dumps, and redo log files recorded at or near the time of the incident. WWCS may need these to further investigate your problem. For installation-related problems, please have the following additional information available: listings of the contents of $ORACLE_HOME (Unix) or %ORACLE_HOME% (NT) and any staging area, if used. installation logs (install.log, sql.log, make.log, and os.log) typically stored in the $ORACLE_HOME/orainst (Unix) or %ORACLE_HOME%\orainst (NT) directory. Documentation Sales and Client Relations In the United States: To order hardcopy documentation, call Documentation Sales: 1.800.252.0303. vii

For shipping inquiries, product exchanges, or returns, call Client Relations: 1.650.506.1500. In the United Kingdom: To order hardcopy documentation, call Oracle Direct Response: +44 990 332200. For shipping inquiries and upgrade requests, call Customer Relations: +44 990 622300. viii

Reader s Comment Form Overview of Oracle Application Server 4.0 Part No. A60115-01 Oracle Corporation welcomes your comments and suggestions on the quality and usefulness of this publication. Your input is an important part of the information used for revision. Did you find any errors? Is the information clearly presented? Do you need more information? If so, where? Are the examples correct? Do you need more examples? What features did you like most about this manual? If you find any errors or have suggestions for improvement, please indicate the topic, chapter, and page number below: Please send your comments to: Oracle Application Server Documentation Manager Oracle Corporation 600 Oracle Parkway Redwood Shores, CA 94065 If you would like a reply, please provide your name, address, and telephone number below: Thank you for helping us improve our documentation. ix

x

1 What is Oracle Application Server? Oracle Application Server is a collection of middleware services and tools that provide a scalable, robust, secure, and extensible platform for distributed, object-oriented applications. Oracle Application Server supports access to applications from both Web clients (browsers) using the Hypertext Transfer Protocol (HTTP), and CORBA clients, which use the Common Object Request Broker Architecture (CORBA) and the Internet Inter-ORB Protocol (IIOP). Contents Web Servers and Application Servers Types of Applications Application Development Application Deployment Oracle Application Server 4.0 Features Oracle Application Server 4.0 Enterprise Edition Features Web Servers and Application Servers Client/server computing architectures are commonly described as having two or more tiers according to how application logic is distributed between client and server. Minimally, a client/server architecture must have a client tier and a server tier. Oracle s Network Computing Architecture (NCA) is a three-tier computing model in which Oracle Application Server functions as a middle tier, or application tier. What is Oracle Application Server? 1-1

Web Servers and Application Servers Web Servers The World-Wide Web has historically used a two-tier, fat-server model, in which application logic is stored almost entirely on the server side. In this model, Web browsers form the client tier, and HTTP servers with their static HTML pages and Common Gateway Interface (CGI) applications form the server tier. Similarly, client/server database applications have traditionally been separated into a relatively thin client tier, and a server tier (the database) containing both the application data and the application logic in the form of stored procedures. Application Servers Recently, a new three-tier model has emerged that isolates much of the application and glue logic in a new middle tier between the client tier and the server tier (database). Oracle Application Server implements this middle tier using CORBA to go beyond the traditional two-tier models of the World-Wide Web and of client/ server database applications. Common Object Request Broker Architecture (CORBA) CORBA is an industry-standard model for distributed object-oriented programming. It is defined and maintained by the Object Management Group (OMG), an industry consortium. CORBA specifies the behavior of Object Request Brokers (ORBs). An ORB is responsible for routing requests from clients and other ORBs to CORBA objects. Clients communicate with ORBs using the Internet Inter-ORB Protocol (IIOP), instead of HTTP. Oracle Application Server provides a CORBA 2.0-compatible ORB that clients can use to communicate with server-side applications implemented as CORBA objects. Application Logic in the Thin-Client Model This diagram shows Oracle Application Server as the middle tier of Oracle s threetier Network Computing Architecture (NCA): 1-2 Oracle Application Server 4.0 Overview

Web Servers and Application Servers Figure 1 1 Three-tier Oracle Application Server architecture HTTP Listener HTML Documents HTTP clients IIOP Dispatcher ORB CGI Applications CORBA clients (has client-side ORBs) Cartridge Servers RM Proxy RDBMS JCORBA Objects TIER 1 TIER 2 TIER 3 The Client Tier The Application Tier The Database In this thin-client three-tier architecture, client software (the client tier) is lightweight enough to be downloaded on demand, and does little but present the user interface for a server-side application. The bulk of the application logic is implemented either in the middle (application) tier, or is stored in the database, as in the case of PL/SQL procedures. As the middle tier in a three-tier architecture, Oracle Application Server allows application logic to be implemented in the form of cartridges and cartridge servers (described below in Types of Applications on page 1-4). What is Oracle Application Server? 1-3

Types of Applications Types of Applications Oracle Application Server supports the following types of applications: Common Gateway Interface (CGI) Applications Cartridge Servers JCORBA Applications Enterprise JavaBeans Applications Common Gateway Interface (CGI) Applications Cartridge Servers When an HTTP server receives a request for a CGI application, the server launches the application and uses the CGI to deliver the application any accompanying query data. Oracle Application Server fully supports this kind of application. CGI applications are most useful for processing simple forms on a small scale. This type of application, however, has many disadvantages. Every time the HTTP server receives a request for a CGI application, it must start a new process to run the application. Each CGI application is also restricted to running on a single machine. While this approach is adequate for small-scale deployment, it does not accommodate a large number of clients without seriously degrading performance. Oracle Application Server provides a more powerful and efficient kind of serverside application, called a cartridge server. A cartridge server is a shared library that either implements program logic or provides access to program logic stored elsewhere, such as in a database. A cartridge server is a process in which one or more cartridge instances run. Cartridge instances and cartridge servers are CORBA objects. Unlike CGI programs, cartridge servers do not have to be restarted for each request. The Oracle Application Server listener and dispatcher components route incoming requests to running cartridge servers based on the current server load. The cartridge server that handles the request does not have to run on the same machine that initially received the request, allowing the dispatcher to distribute the request load across multiple machines. These features allow applications implemented as cartridge servers to scale easily and automatically to meet heavy demand. Applications implemented as cartridge servers also take advantage of the cartridges bundled with Oracle Application Server, such as the PL/SQL cartridge, which provides access to PL/SQL procedures stored in a database. This approach 1-4 Oracle Application Server 4.0 Overview

Types of Applications JCORBA Applications makes sense for sophisticated, large-scale applications that can benefit from the built-in functionality of Oracle Application Server. For more information about cartridges and cartridge servers, see the Developer s Guide. Oracle Application Server supports CORBA applications in the form of JCORBA applications and Enterprise JavaBeans (EJB) applications. EJB applications are described in the next section. In the JCORBA model, you deploy components written in Java as CORBA components. These components, called JCORBA objects (JCO), are Java classes that you package together to form JCORBA applications running in an Oracle Application Server environment. A JCORBA application consists of one or more JCORBA objects. Instances of JCORBA objects can be instantiated and accessed from different types of CORBA clients such as Java applets, Java applications, web cartridges, and CORBA applications. JCORBA objects provide the business logic for distributed applications, which run on the server and therefore do not a have GUI or other visual representation. The objects define methods that CORBA clients can invoke to perform some operation. CORBA clients (such as Java applets running on browsers or Java applications) use ORBs to obtain object references for JCORBA object instances. Once a client has an object reference to a JCORBA object instance, it can invoke methods on the instance. You would generally deploy this kind of application with a client applet, or a web front end. In this model, the client uses a Web browser to download and run the applet. The applet uses the ORB built into the browser to communicate with the server-side application using IIOP. For more information about JCORBA applications, see the Developer s Guide. Enterprise JavaBeans Applications Enterprise JavaBeans (EJB) is a standard introduced by JavaSoft that enables developers to create custom component applications. These applications consist of enterprise beans developed by yourself or by third parties. The beans provide the business logic in EJB applications. EJB applications are flexible in that you can use different components from different vendors. For example, you can use the configuration and management software What is Oracle Application Server? 1-5

Application Development from one company, the bean container from another company, and the beans from yet another company. In the application server, EJB applications run in a CORBA environment. This means that the beans themselves are CORBA objects and they can communicate with other CORBA objects. The containers for the beans are also CORBA objects, and they interact with other components of the application server. EJB applications are managed by the application server. You configure them like you would any other application in the application server. You use the Oracle Application Server Manager to provide values such as the minimum and maximum number of bean instances, the machines on which the applications can run, and the level of logging that is enabled for the application. For more information about EJB applications, see the Developer s Guide. Application Development Oracle Application Server provides several options for developing applications. The cartridges described in Cartridges on page 1-8 provide deployment platforms for cartridges written in a particular language. If you have a large investment in PL/SQL procedures stored in your Oracle database, you can use the PL/SQL cartridge to provide clients easy access to these procedures. If you prefer to develop in Java, you can use the JWeb cartridge to develop Web applications, taking advantage of the JWeb Toolkit to respond to HTTP requests, and the pl2java utility to access PL/SQL procedures stored in the database. If you need to support CORBA/IIOP clients, you can use Java to develop JCORBA objects or EJB objects and deploy them on Oracle Application Server. CORBA objects can be accessed from different types of CORBA clients such as Java applets, Java applications, and CORBA applications. If you prefer to write Perl scripts, both the Perl and LiveHTML cartridges allow Web clients to access these scripts using HTTP. If you need to extend the capabilities of your Oracle Application Server installation, you can write applications in the C language and use C cartridges that run in the context of the Oracle Application Server. When you do this, you make use of the WRB (Web Request Broker) API, which enables you to access the features of the application server. For detailed information about developing cartridges for Oracle Application Server, see Developer s Guide. 1-6 Oracle Application Server 4.0 Overview

Application Deployment Tools Provided with Oracle Application Server Bundled with Oracle Application Server are the following third-party tools: Symantec Visual Page HTML editor (single-user license) VitalSigns Net.Medic Performance monitoring client (30-day trial version) Wallop Build-IT Web authoring integration tools (single-user license) WebTrends Log Analyzer, Professional Suite, and Enterprise Suite Usage tracking and reporting software (60-day trial versions of each product) JavaSoft JDK Java Development Kit Application Deployment Oracle Application Server offers the following features relevant to application deployment: Robustness and fault tolerance By distributing request handling among many machines, and among many processes running on those machines, Oracle Application Server avoids single points of failure; sophisticated error detection and automatic recovery features help to minimize the effects of failures when they do occur. Scalability The distributed architecture and load-balancing capabilities of Oracle Application Server allow you to deploy applications on a large scale, using multiple machines to handle client requests. Security Oracle Application Server supports security standards such as the Secure Sockets Layer (SSL) 3.0 and X.509 digital certificates, and provides a flexible authentication service for authenticating clients. Oracle Application Server 4.0 Enterprise Edition also supports using a Lightweight Directory Access Protocol (LDAP) directory for certificate-based authentication. Extensibility You can extend Oracle Application Server s capabilities by developing applications using the PL/SQL, C, JWeb, Perl, and LiveHTML cartridges. What is Oracle Application Server? 1-7

Oracle Application Server 4.0 Features Oracle Application Server 4.0 Features Cartridges This table describes the cartridges available in Oracle Application Server 4.0. You create applications based on these cartridges. Table 1 1 Cartridge Cartridges PL/SQL cartridge JWeb cartridge C cartridge Description Runs PL/SQL stored procedures in Oracle databases. It uses a Database Access Descriptor (DAD) to locate the database to which to connect. The cartridge runs files that contain PL/SQL source code; it loads the contents of the file into the database and executes the code. The PL/SQL cartridge comes with the PL/SQL Web Toolkit, which enables you to get information about the request, specify values for HTTP headers such as the content type and cookies, and generate HTML tags. Runs Java applications. The JWeb cartridge contains a Java Virtual Machine that interprets the bytecodes for the Java application. When you configure the cartridge, you specify where the class files for the applications are located. You can also use the JWeb cartridge to connect to and access data from databases in two different ways: (1) You can use the pl2java utility, which generates Java methods for procedures and functions in the database. You can then invoke the methods from your Java application just like regular Java methods; (2) You can use the JDBC interface, which enables you to execute SQL statements. The JWeb cartridge comes with the JWeb Toolkit, which enables you to get information about the request, connect to the database, specify values for HTTP headers such as the content type and cookies, and generate HTML tags. Runs C applications. Use this cartridge to implement callback functions that are invoked by the application server. The C cartridge comes with the WRB API, which contains functions and data structures that you can use to get information about the request, specify values for HTTP headers such as the content type and cookies, and send requests to other cartridges. 1-8 Oracle Application Server 4.0 Overview

Oracle Application Server 4.0 Features Table 1 1 Cartridge LiveHTML cartridge Perl cartridge Cartridges Description Interprets Server-Side Includes (SSI) documents. SSI is a standard that allows you to retrieve dynamic data in an otherwise static HTML document. You use special tags in your document to mark the places where the cartridge will substitute dynamic data. You can also embed Perl scripts in documents for the LiveHTML cartridge to generate dynamic data. This feature lets you generate more complex dynamic data than what is supported by SSI, and embeds programming logic in LiveHTML pages. LiveHTML Web application objects allow you to reference application server components in an object oriented manner. You can also invoke methods and change the attributes of objects. Runs Perl scripts. The Perl cartridge also comes with several Perl modules including the DBI/DBD, which enables you to access Oracle databases. CORBA Applications Oracle Application Server also supports CORBA applications. See JCORBA Applications on page 1-5 and Enterprise JavaBeans Applications on page 1-5 for a brief overview; see the Developer s Guide for details. Oracle Application Server Administration Oracle Application Server 4.0 introduces a new management interface, the Oracle Application Server Manager, for administration, configuration, and management. The new interface uses both HTML forms and Java navigation applets to allow an administrator to maintain an entire Oracle Application Server site. The new administration tools use a Java-based navigational tree to provide a view of the entire site configuration at a glance. To view the navigation applet, your Web browser must be configured to run Java applets. For more information about the Oracle Application Server Manager, see the Administration Guide. What is Oracle Application Server? 1-9

Oracle Application Server 4.0 Features Resource Management Oracle Application Server resource management services make applications scalable by providing automatic load-balancing and failure recovery. Oracle Application Server 4.0 Enterprise Edition offers more advanced, configurable loadbalancing features. See Load Balancing on page 1-13. Security Oracle Application Server provides authentication and encryption capabilities that enable you to protect applications and static HTML pages from unauthorized users. It supports the following security features: Basic, digest, basic_oracle, and crypt authentication schemes. These authentication schemes prompt the user to enter a username and password before the requested page is returned or the application is run. IP address and domain name restriction schemes. These restriction schemes allow only authorized machines to access the page or application. Certificate authentication scheme. The application server connects to a directory server to verify clients against certificates in the directory server. For more information on authentication, authorization, and security, see the Security Guide. Oracle Wallet Manager The Oracle Wallet Manager is a Java application that security administrators use to manage public-key security credentials on clients and servers. Public-key cryptography requires that parties who want to communicate in a secure manner possess certain security credentials. This collection of security credentials is stored in a wallet. A wallet is an abstraction used to store and manage security credentials for the client or the server. For more information about Oracle Wallet Manger, see the Security Guide. Monitoring and Site Management Oracle Application Server provides tools and built-in support for monitoring your site, listeners, and applications. Applications can use the Logging service API to record information in log files. Oracle Application Server also provides support for Common Logfile Format (CLF) and Extended Logfile Format (XLF) system message formats. The Oracle Application Server Manager provides tools for analyzing 1-10 Oracle Application Server 4.0 Overview

Oracle Application Server 4.0 Features Failure Recovery Apache Listener log files and for tracking and viewing statistics for specific sites, listeners, and applications. These tools also allow you to generate reports on these statistics. For more information about site management, see the Administration Guide. Oracle Application Server provides enhanced mechanisms for detecting and recovering from failures of individual components, such as listeners or cartridge servers. When a component fails, Oracle Application Server detects the failure and restarts the failed component, restoring any preserved state information when possible. Oracle Application Server augments Apache sites with improved database, transactional, and CORBA services. The application server works with Apache sites to selectively deploy Apache modules as application server cartridges with improved scalability, reliability, and lifecycle management. Apache modules can also run unchanged with cartridges. Inter-Cartridge Exchange Service Session Service The Inter-Cartridge Exchange (ICX) service enables cartridges to issue requests to and receive responses from other cartridges using a transport-independent, stateless protocol that mimics HTTP. You can use ICX in cases where you can isolate common functionality in one cartridge; other cartridges can use ICX to invoke this cartridge. For more information about the ICX service, see the Developer s Guide. The Session service allows cartridges to be set up so that successive requests from a particular client are handled by the same cartridge instance. This allows you to write your cartridge to maintain state across requests submitted by a specific client. For example, if you are creating a shopping cart cartridge, you can enable sessions in the cartridge so that it can remember the items that the client has in his or her shopping cart. Each client has its own cartridge instance, and cartridge instance data is not shared across clients. What is Oracle Application Server? 1-11

Oracle Application Server 4.0 Features You can enable and manage sessions in two ways: Using the Oracle Application Server Manager. This is called configurable sessions. Using the session API to manage sessions. This is called programmatic sessions. Programmatic sessions give you more control than configurable sessions. Sessions work with all listeners supported by Oracle Application Server. For more information about the Session service, see the Developer s Guide. Features New to the 4.0 Release Oracle Application Server 4.0 supports these features in addition to those described above: Lightweight Directory Access Protocol (LDAP) support Oracle Application Server uses an LDAP directory for certificate-based authentication and rolebased authorization. See the Security Guide. WDBC API You can use this API, based on the C cartridge API, to write a custom PL/SQL cartridge. See the Developer s Guide. Single Management Console Enables you to manage all the nodes on your site from the same front-end. You do not need to connect to different machines, including listeners on remote nodes. Collapsed Process Model Allows you to run your system in two modes: noncollapsed where all OAS system objects run as processes, or collapsed where all Oracle Application Server objects run in the same process. Navigational Tree You can easily move from one configuration page to another by simply clicking. Multi-Level Management Commands Use this feature to manage Oracle Application Server at any level, including a single command to start or stop your entire site, all components on a node, all listeners, or to stop all applications. Monitoring Allows you to check the status of Oracle Application Server processes and objects. Configuration Reload Enables you to add or delete applications, or change configuration parameters without restarting the system. Remote Management Allows you to manage Oracle Application Server from a browser, so you do not need to use command line tools. 1-12 Oracle Application Server 4.0 Overview

Oracle Application Server 4.0 Enterprise Edition Features Oracle Application Server 4.0 Enterprise Edition Features Transaction Service Content Service Load Balancing In addition to the above features, the Enterprise Edition of Oracle Application Server provides these features: The Transaction service enables applications to perform two-phase-commit database transactions. The service implements an extended version of the Object Transaction Service (OTS) model using Java Transaction Service (JTS). OTS is defined by the Object Management Group (OMG), and JTS is defined by JavaSoft. In addition, the application server also supports the Distributed Transaction Processing model, defined by The Open Group. The transaction model that you use depends on the cartridge you are using. For example, if you are developing applications using the JWeb cartridge, you would use the JTS APIs. For more information about the Transaction service, see the Developer s Guide. The Content service provides an API that applications can use to store persistent content data in an Oracle database, or in a file system. For simplicity, this API is similar to the standard UNIX library functions for file system access. Storing content data in a database enhances scalability by allowing multiple cartridge servers running on multiple hosts to access the same content, while relying on the database to resolve access contention. For more information about the Content service, see the Developer s Guide. In addition to the load-balancing features provided by the Standard Edition (described in the Administration Guide), Oracle Application Server 4.0 Enterprise Edition allows you to configure the following types of load balancing using the Oracle Application Server Manager: Weighted Node Use the HostServerWeight parameter to specify the percentage of cartridge servers that should run on each node. For example, if node A is a large, fast machine, you might specify that it run 50% of cartridge servers. If nodes B and C are smaller, less powerful machines, you might assign each 25% of the cartridge server load. What is Oracle Application Server? 1-13

Oracle Application Server 4.0 Enterprise Edition Features Host Maximum Use the HostMaxServers parameter to limit the number of cartridge instances that you run on a per host basis. The limits on each host can be different. Host Minimum Use the HostMinServers parameter to monitor and adapt to changes in the cartridge server load, and to distribute the cartridge server load evenly across the nodes. Adding Hosts at Runtime This features also allows you to add new nodes to a running system to handle additional loads. Adapting to System Resource Usage Oracle Application Server monitors system resources on each node such as CPU, memory, and swap space usage, and adjusts the cartridge server load on each node accordingly. ODBC Cartridge For more information about configuring load balancing, see the Administration Guide and the Performance and Tuning Guide. The ODBC cartridge allows clients to use HTTP to issue SQL queries to ODBC databases such as Sybase or Informix. The cartridge formats and returns query results in the form of HTML tables. Other cartridges can use the ODBC cartridge with the Inter-Cartridge Exchange service. 1-14 Oracle Application Server 4.0 Overview

2 Oracle Application Server Architecture This chapter describes how the major components of Oracle Application Server interact to provide a middle tier for server-side applications. Contents Clients Sites Listeners Dispatchers Cartridges Servers and Cartridge Instances Resource Manager Proxy Request Handling Clients Clients of applications deployed in an application server environment can be grouped into the following types: Web browsers these clients use HTTP to communicate with Oracle Application Server. CORBA clients these clients access JCORBA and EJB applications using IIOP. These clients can be Java applets, cartridges, stand-alone applications, or other JCORBA or EJB objects in the same or different application. Oracle Application Server Architecture 2-1

Sites Sites A site is a collection of Oracle Application Server machines that together form a distributed platform for server-side applications. For each site, a single machine, called the primary node, hosts the broker and Resource Manager (RM) proxy and stores configuration data for the entire site. The other machines that comprise the site are called remote nodes. Figure 2 1 Oracle Application Server site Remote Node Remote Node Remote Node Primary Node Remote Node Dispatcher RM Proxy Dispatcher Dispatcher Broker Dispatcher Cartridge Server Cartridge Server Cartridge Server Cartridge Server For more information about sites, see the Administration Guide. 2-2 Oracle Application Server 4.0 Overview

Cartridges Servers and Cartridge Instances Listeners A listener is an HTTP server; Oracle Application Server supports the following listeners: Oracle Web Listener (included with Oracle Application Server) Netscape FastTrack Server Netscape Enterprise Server Microsoft Internet Information Server (IIS) Apache Dispatchers Oracle Application Server provides adapters for each type of listener that allow listeners to work together with dispatchers in a tightly integrated way, optimizing performance. Note that the documentation refers to the Oracle Application Server listener as the Web Listener and all other listeners as third-party listeners. Both types of listeners are considered HTTP listeners. For more information about listeners, see the Administration Guide. A dispatcher manages a pool of cartridge instances running on one or more nodes; each cartridge server instance runs one or more cartridge instances (Figure 2 2). There is one dispatcher associated with each listener on each node of a Web site. When a listener receives an HTTP request that does not identify a static HTML page or CGI program, it passes the request to its dispatcher, which assigns a request to a cartridge instance of the appropriate type. This process is described in more detail in Request Handling below. For more information about dispatchers, see the Administration Guide. Cartridges Servers and Cartridge Instances A cartridge is a shared library that either implements program logic or provides access to program logic stored elsewhere, such as in a database. A cartridge server is a process in which one or more cartridge instances run. A cartridge instance is a CORBA object running within the cartridge server process that executes cartridge code. Oracle Application Server Architecture 2-3

Resource Manager Proxy Figure 2 2 Cartridge server Cartridge Server Cartridge Cartridge Cartridge Instance 1 Instance Instance 2 3 Most of the cartridges bundled with Oracle Application Server, such as the JWeb cartridge and the PL/SQL cartridge, provide an API in a particular language and platform for custom applications. The PL/SQL cartridge, for example, provides the PL/SQL Web Toolkit, a collection of PL/SQL procedures that custom applications can use to respond to HTTP requests with database content. The JWeb cartridge provides a similar JWeb Toolkit. For more information about cartridges and cartridge servers, see the Developer s Guide. Resource Manager Proxy Request Handling The resource manager (RM) proxy component is responsible for obtaining JCORBA object references on behalf of external clients. There is one RM proxy per site. Oracle Application Server can handle both HTTP requests from Web browser clients, and CORBA/IIOP requests from CORBA clients by way of a client ORB. 2-4 Oracle Application Server 4.0 Overview

Request Handling Life Cycle of an HTTP Request This diagram shows the sequence of events when a Web browser client issues an HTTP request to a server-side application: Figure 2 3 HTTP request life cycle HTTP Request Listener Dispatcher Response Browser HTTP Request Response Cartridge Instance Cartridge server The dispatcher maintains a cache of available cartridge instances. When a request arrives for a particular cartridge, the dispatcher routes the request to one of its cached cartridge instances of the appropriate type. If the dispatcher has no such cartridge instance available, it requests that the Oracle Application Server create a new cartridge server and create the appropriate cartridge instance within that cartridge server. The dispatcher then adds this cartridge instance to its cache and assigns the pending request to it. When the request is complete, the new cartridge instance is available to handle a new request. Oracle Application Server Architecture 2-5

Request Handling Life Cycle of a CORBA/IIOP Request This diagram shows the sequence of events when a Java applet issues a CORBA/ IIOP request to a server-side JCORBA object: Figure 2 4 CORBA/IIOP request life cycle Browser Java Applet 1. Request Applet 2. Download Applet 5. IIOP Method Call 6. Method Call Return LISTENER JCORBA Object 3. IIOP Request for Object Reference JCORBA Server 4. Object Reference RM proxy When a client requests an object reference, the RM proxy instantiates the requested object (if necessary) within a JCORBA server and returns the reference to the client. The client then uses the object reference to call methods on the object directly. 2-6 Oracle Application Server 4.0 Overview

Glossary A B C D E F G I J K L M O P R S T U V W X A access control list (ACL) A list of groups and users authorized for specific access to an object. Or a list of entities, together with their access rights, which are authorized to have access to a specified resource. ACID characteristics A transaction, a collection of operations that work toward a goal that satisfies a single user need that guarantees everything within the transaction either succeeds or fails, is defined as having ACID characteristics: Atomic, Consistent results, Isolated, and Durable. See the Administration Guide for further information. adapter layer (ADP) The interface between the WRB and an HTTP listener. Advanced Networking Option (ANO) Oracle Advanced Networking Option operates within the framework of the Network Computing Architecture to transparently secure the network layer for all applications using SQL*Net and Net8. The option extends client/server connectivity in the distributed environment to embrace network services for enterprise-wide communications. Glossary-1

Apache A public domain HTTP server derived from the National Center for Supercomputer Applications. API Application Program Interface. A set of exposed data structures and functions that an application can use to invoke services on a component. applet A Java program that is callable from Web pages. Like images, most applets are displayed as part of the Web page. Applets can present special effects, including animation and sound, and allows the user to interact via the mouse or keyboard. application A collection of cartridges that provides business logic. An application contains one or more cartridges, and within an application, all the cartridges must be derived from the same cartridge type. See the Developer s Guide for more information. See also cartridge. authentication The process of proving identity, thereby allowing access to an application or document. When access to an application or document is protected by an authentication scheme, the client sends identification information to the server, which checks if the client is authorized to access the object. Oracle Application Server supports the following types of authentication: basic authentication digest authentication basic_oracle authentication certificate authentication crypt authentication See also security scheme, restriction. authorization broker The portion of the authorization server that responds to and evaluates authorization requests. Glossary-2 Oracle Application Server 4.0 Overview

Glossary authorization provider An object that specifies all of the realms used to implement a particular security scheme. authentication server An object that encapsulates the authentication performed against cartridges. An authentication server consists of one authentication broker and several authentication providers. B base directory The directory to which URL-encoded pathnames addressed to a specific port are appended. For example, if the base directory is /public_html, the URL http:// www.blob.com/file is converted to /public_html/file. basic authentication A username/password-based authentication scheme that does not encrypt passwords when sending them over the Internet. Basic authentication is much less secure than digest authentication. See also digest authentication and authentication. basic_oracle authentication An Oracle-specific authentication scheme. In the basic_oracle (or database) authentication scheme, you define realms, groups, and users. This is similar to the basic or digest schemes. The difference is that instead of listing the users in each group, you associate a group with an Oracle database. The authentication succeeds if the username/password provided by the user can be used to log into an Oracle database associated with the groups in the realm. If the login succeeds, the user is then logged out of the database. browser client A client that accesses cartridges via a URL over HTTP. C cartridge A cartridge consists of code that executes application logic, and also configuration data that enable it to locate the application logic. Glossary-3

For example, the PL/SQL cartridge contains code that enables it to connect to Oracle databases and execute PL/SQL stored procedures in the database. The configuration data in the cartridge contains information such as which Oracle database to connect to and what username/password to use in order to run that stored procedure. Cartridges also enable your application to communicate with other components of the application server. See the Developer s Guide for more information. See also application. cartridge factory An object that can start up cartridge instances within the cartridge server. cartridge server A process that runs one instance of an application. Each application and its cartridges runs within a cartridge server process, and each cartridge server process can run only one application. You can equate cartridge servers with applications. See the Developer s Guide for more information. cartridge server factory A process that starts up cartridge servers. certificate A formatted data item signed by a trusted third party to attest to the validity of the item s information. Public-key certificates use a CA s signature to attest that the enclosed public key belongs to the principal identified by the enclosed name. certificate authentication A method of authentication in which users identify themselves using X.509 v3 certificates. The application server reads the certificate and checks if the user specified by the certificate is in the allowed portion of the directory server. Certificate Revocation List (CRL) A list of certificates that have been revoked before their scheduled expiration date. CRLs only list current certificates, since expired certificates should not be accepted in any case; when a revoked certificate is past its original expiration date, it is removed from the CRL. certifying authority (CA) A trusted third party that vouches for the identity of an individual, company, or server and signs a certificate. For example, VeriSign, Inc. (http://www.verisign.com) is such an authority. Glossary-4 Oracle Application Server 4.0 Overview

Glossary CGI See common gateway interface (CGI). client A user, software application (such as a browser), or computer that requests the services, data, or processing of another application or computer (the server ). collapsed process model You can select a collapsed or non-collapsed process model for running Oracle Application Server. Under the collapsed model, several processes, such as the authentication server (wrbsarv) and monitoring daemon (wrbmon), are combined into one process. The collapsed model has smaller memory requirements since the number of processes running is less than when you use the non-collapsed model. For more information about performance issues while using the collapsed process model, see the Performance Guide. common gateway interface (CGI) The industry-standard technique for transferring information between a Web server and any program designed to accept and return data that conforms to the CGI specifications. common logfile format (CLF) An industry-standard format for transaction log files. The Web Listener uses this format to log transactions. See also info file. common object request broker architecture (CORBA) An industry standard for allowing code modules called objects to communicate with one another regardless of the programming language in which they are written or the operating system on which they are running. With CORBA, objects are managed by the Object Request Broker (ORB). See also Object Request Broker (ORB). content service A framework for a document repository where cartridges can store, retrieve, and share documents. Glossary-5

cookie A text string that is entered into the memory of a browser. The string contains the domain, path, lifetime, and other variables.the information inserted by the server into the client s browser tracks what the client has been doing. Cookies can either expire when the user exits the browser or at a date specified by the creator of the cookie. CORBA cartridge A cartridge instance which exposes an IDL interface to developers and clients. Such a cartridge is accessed via an object reference over IIOP. CORBA cartridge server A cartridge server that hosts one or more instances of CORBA cartridges. The implementation of all CORBA cartridge instances in a CORBA cartridge server must be in the same language. CORBA object This is a generic term for a server-side program that conforms to the OMG Common Object Broker Request Architecture specification. Objects can be written in any language, deployed on any machine, and can exist locally or over a wide-area network. crypt authentication A method of providing UNIX style encryption of usernames and passwords, and to authorize access to static pages and Web cartridges. Crypt reads usernames and encrypted passwords from a user defined file name, for example /tmp/foo, as opposed to the wrb.app file. D database access descriptor (DAD) A set of values that specify how a PL/SQL cartridge connects to an Oracle database server to fulfill an HTTP request. Each PL/SQL cartridge is associated with a DAD. The information in the DAD includes the username (which also specifies the schema and the privileges), password, connect-string, error log file, standard error message, and NLS parameters such as NLS language, NLS date format, NLS date language, and NLS currency. database authentication scheme See basic_oracle authentication. Glossary-6 Oracle Application Server 4.0 Overview

Glossary digest authentication An authentication scheme that encrypts passwords before sending them over the Internet. See also authentication and basic authentication digital signature A signature attached to an electronic document that reliably identifies the author or sender, and guarantees that the document has not been tampered with. dispatcher A dispatcher manages a pool of cartridge instances running on one or more nodes. There is one dispatcher associated with each listener on each node of a Web site. When a listener receives an HTTP request that does not identify a static HTML page or CGI program, it passes the request to its dispatcher, which assigns a request to a cartridge instance of the appropriate type. distributed transaction processing (DTP) The protocol that facilitates a two-phase commit with multiple databases in a transaction. domain-based restriction A restriction scheme that allows or denies access to files based on the client machine s domain name. See also restriction or IP-based restriction. E EJB Application A way of deploying CORBA objects written in Java on Oracle Application Server. Objects deployed in this way have the same management features as cartridges. encryption The practice of scrambling (encrypting) data in such a way that only an intended recipient can unscramble (decrypt) and read the data. See also public-key encryption and shared secret-key encryption. Enterprise JavaBeans (EJB) This is an industry-standard tool proposed by Sun Microsystems to leverage the component model of JavaBeans for server-side development. Glossary-7

Extended Logfile Format (XLF) XLF is an improved format for Web Server login since it is extensible, permitting a wider range of data to be captured. XLF allows you to configure the logger to generate different statistics of HTTP requests such as the IP address of clients, methods of the HTTP requests and response headers such as user agent and accept. F failure recovery A system of failure detection and recovery in Oracle Application Server. Rather than putting the burden on a single component to do the failure detection and recovery of all components, Oracle Application Server uses a distributed failure detection and recovery mechanism. Components of Oracle Application server monitor each other so that automatic recovery is possible. G genreq A utility you can use to generate a request for a certificate. You can submit the generated request to a certifying authority (CA). I identity-based access control (IBAC) The use of digital IDs to control access to a resource. info file A file to which a Web Listener logs its transactions on a particular port. There is one info file for each port on which the Web Listener accepts connections. The info file is in Common Logfile Format. inheritance The process by which one class acquires the properties of another. initial file The name of the HTML file that Oracle Application Server returns by default when a URL request specifies only a directory name. Glossary-8 Oracle Application Server 4.0 Overview

Glossary Interface Definition Language (IDL) A language defined by OMG (www.omg.org) that you use to specify the public interfaces for CORBA objects. inter-cartridge exchange (ICX) A service that allows a cartridge to invoke another cartridge. The cartridges can be from the same or a different application. Internet inter-orb protocol (IIOP) An Internet transport protocol used by CORBA objects. In the context of Oracle Application Server, IIOP is used by JCORBA and EJB objects. IIOP is also used between Oracle Application Server components. IOR Interoperable Object Reference. This string is unique for each object reference. You may pass this string to an API to determine the actual object reference. IP-based restriction A restriction scheme that allows or denies access to files based on the client machine s IP address. See also restriction. J JavaBeans A portable platform-independent component model that enables developers to write reusable components once and run them anywhere. See also Enterprise Java- Beans (EJB). Java IDE A third-party Java integrated development environment used for developing and debugging non-oracle Application Server portions of a Java application. Java Interpreter A program that interprets and executes Java bytecode independently of a Web browser. Java Virtual Machine See virtual machine (VM). Glossary-9

JCO objects See JCORBA objects. JCORBA objects A way of deploying CORBA objects written in Java on Oracle Application Server. Objects deployed this way have the same management features as cartridges. JDBC A package that provides connectivity to databases from within Java. Java Transaction Service (JTS) It provides the services necessary for applications and databases to become part of a transaction. JTS is the Java version of OTS. just-in-time (JIT) compilation The process by which the Java Virtual Machine keeps a copy of native code that it generates from bytecode the first time a method is encountered. Subsequently, when the method is run, the JIT uses the native code without having to interpret the method, resulting in a boost in performance. JWeb cartridge A Web cartridge instance in which the application logic is provided in Java. JWeb Toolkit A group of Java classes provided with Oracle Application Server to make it easier to interface to the application server and generate dynamic HTML using Java. K key pair A pair of mathematically related keys (a public key and a private key) associated with a user and used in public-key encryption. Glossary-10 Oracle Application Server 4.0 Overview

Glossary L light weight directory access protocol (LDAP) A protocol that allows clients to access information from a directory server. This protocol enables corporate directory entries to be arranged in a hierarchical structure that reflects geographic and organizational boundaries. In the context of Oracle Application Server, you can protect URLs by associating them with a certifying authority (CA). The CA accesses a directory server, possibly over SSL, to check if the user has a certificate that allows execution of the URL. LiveHTML Oracle s extension of the industry-standard Server-Side includes (SSI) functionality. LiveHTML files supplement HTML with instructions that the LiveHTML cartridge executes before transmitting the page to the browser. These instructions specify material that is to be included in the generated page. The material can include other Web pages, environment variables, and the output of programs executed on the server. The programs may, but need not, conform to the CGI standard. M master agent The process on an SNMP-managed node that accepts queries from the management framework and communicates with the elements to be managed in order to answer the query. memory mapping The practice of mapping an open file directly into the address space of a Web Listener process. This speeds file access and allows multiple clients to access the same file simultaneously without making a separate copy for each client. migrate (third-party HTTP servers) To transfer configuration information from a third-party HTTP server to the Oracle HTTP server. If you currently use a third-party HTTP server, such as Netscape, but you want to use the Oracle HTTP server that ships with Oracle Application Server instead, you should migrate your Netscape configuration to the Oracle HTTP server. (new versions of Oracle Application Server) To move from a previous version of Oracle Application Server to the current version. Glossary-11

MIME See Multipurpose Internet Mail Extensions (MIME). MIME type A file format defined by the Multipurpose Internet Mail Extensions standard. Several RFCs define MIME. See http://www.oac.uci.edu/indiv/ehood/mime/ MIME.html. multi-node installation An Oracle Application Server installation that includes one primary node and at least one remote node. You may install listeners and cartridges on remote nodes for load balancing purposes. See also primary node and remote node (installation). Multipurpose Internet Mail Extensions (MIME) A message format used on the Internet to describe the contents of a message. MIME is used by HTTP servers to describe the type of file being delivered. O Object Management Group (OMG) A consortium with a membership of more than 700 companies. The organization s goal is to provide a common framework for developing applications using objectoriented programming techniques. OMG is responsible for the CORBA specification. The URL is http://www.omg.org. Object Request Broker (ORB) In CORBA, an Object Request Broker (ORB) acts as a broker between client request for a service from a distributed object or component and completion of that request. Having ORB support in a network means that a client program can request a service without having to understand where the server is in the distributed network or exactly what the interface to the server programming looks like. Object Transaction Service (OTS) It provides the services necessary for applications and databases to become part of a transaction. See also Java Transaction Service (JTS). OCI Oracle Call Interface Glossary-12 Oracle Application Server 4.0 Overview

Glossary Open DataBase Connectivity (ODBC) A standard or open application programming interface for accessing a database. The goal of ODBC is to make it possible to access any data from any application, regardless of which database management system(dbms) is handling the data. ODBC manages this by inserting a middle layer, called a database driver, between an application and the DBMS. The purpose of this layer is to translate the application s data queries into commands that the DBMS understands. optimal flexible architecture (OFA) A directory structure which ensures a logical division of product and configuration files. In this structure, you can easily upgrade product files without affecting configuration files. The basic concept of OFA is to separate data, configuration files, and executables. Oracle Application Server Manager A collection of HTML forms and Java navigational applets to allow an administrator to maintain an Oracle Application Server site ORACLE_HOME Environment variable that indicates the root of the Oracle Server code tree. This refers to the place where Oracle software is installed. Oracle Web Agent (OWA) A term from an earlier release of this product. OWA is now called the PL/SQL cartridge. For the sake of compatibility, the string owa is still used in various places in the product. OWA See Oracle Web Agent (OWA). P package A group of PL/SQL and Java functions and procedures. parsable file A file located on Oracle Application Server that contains instructions that the server interprets prior to transmitting the file as a Web page. This is part of the Live- HTML functionality. See also LiveHTML. Glossary-13

PL/SQL cartridge A cartridge that interfaces to the Oracle Server. The cartridge can run stored procedures within the database and return dynamically generated pages that contain data from the database. PL/SQL Web Toolkit A bundle of PL/SQL packages, provided with Oracle Application Server, that make it easier to generate HTML using PL/SQL. Applications written for either the PL/SQL cartridge or the JWeb cartridge can use these packages. Also referred to as the PL/SQL Toolkit. primary node Where the WRB and configuration files are stored. The host where the WRB and configuration files are stored is called the primary node in a multi-node configuration. A primary node contains the same components as a single-node, but a primary node has one or more remote nodes associated with it. See also remote node (installation) and multi-node installation. private key A key used by a limited number of communicating parties to decrypt data encrypted with a public key. See also public-key encryption. public key A key known to all users, used to encrypt data in such a way that only a specific user can decrypt it. See also private key and public-key encryption. public-key encryption A form of encryption that uses a key pair (a public key and a private key) to encrypt and decrypt data. R RC4, RC5 RSA encryption algorithms. realm A group of users and groups assigned by an authentication scheme to regulate access to specific files or directories. Glossary-14 Oracle Application Server 4.0 Overview

Glossary remote node (installation) A type of installation that allows you to specify which components of Oracle Application Server (WRB, listener or cartridges) you want for a specific node. In a distributed multi-node installation, you set up one primary node and one or more remote nodes. Remote nodes can be of one of the following types: Cartridge only node Listener only node Cartridge and listener node See also primary node. restriction A security scheme that restricts access to files provided by Oracle Application Server to client machines within certain groups of IP addresses or DNS domains. S shared secret-key encryption A form of encryption that uses a single key both to encrypt and to decrypt a document. Shared secret-key encryption is much faster than public-key encryption, but is more vulnerable to attack. secure sockets layer (SSL) An emerging standard for the secure transmission of hypertext documents over the Internet using HTTP secure (HTTPS). SSL uses digital signatures to ensure that transmitted data is not tampered with. security scheme It prevents unauthorized users from accessing protected files or applications. Oracle Application Server supports both authentication schemes and restriction schemes. Glossary-15

Oracle Application Server supports the following types of authentication: basic authentication digest authentication basic_oracle authentication certificate authentication crypt authentication The following restriction schemes are supported: IP-based restriction domain-based restriction server There are two types of servers relevant to this product. The first is Oracle Server, which is a relational database server dedicated to performing data management duties on behalf of clients using any number of possible interfaces. The other is Oracle Application Server which is a collection of middleware services and tools that provide a scalable, robust, secure, and extensible platform for distributed, objectoriented applications. Oracle Application Server supports access to applications from both Web clients (browsers) using the Hypertext Transfer Protocol (HTTP), and CORBA clients, which use the Common Object Request Broker Architecture (CORBA) and the Internet Inter-ORB Protocol (IIOP). server-parsable See parsable file. session key A secret key used by SSL to encrypt data transmitted over a secure connection. The client generates the session key after Oracle Application Server authenticates itself and communicates it to Oracle Application Server using public-key encryption. Simple Network Management Protocol (SNMP) A set of protocols for managing complex networks. The versions of SNMP were developed in the early 1980s. SNMP works by sending messages, called protocol data units (PDUs), to different parts of a network. SNMP-compliant devices, called agents, store data about themselves in Management Information Bases (MIBs) and return this data to the SNMP requesters. Glossary-16 Oracle Application Server 4.0 Overview

Glossary single-node installation The installation of an application server on a single machine. See multi-node installation. software upgrade It overlays binary files preserving the configuration files. SSL See secure sockets layer (SSL). stored procedure A set of PL/SQL instructions that are stored in a database. subagent A process that receives queries for a particular managed element from the master agent and sends back the appropriate answers to the master agent. T transaction service A WRB service that enables you to perform transactions that span several HTTP requests. The transaction service is based on the XA open model transactions defined by the X/Open Company. U uniform resource identifier (URI) The generic term for all types of names and addresses that refer to objects on the World Wide Web. A URL is one kind of URI. uniform resource locator (URL) A URL, a form of URI, is a compact string representation of the location for a resource that is available via the Internet. It is also the text-string format clients use to encode requests to Oracle Application Server. Glossary-17

V virtual machine (VM) The mechanism Java uses to achieve its high portability. Java bytecode is executable by any Java Virtual Machine running on any actual machine. The VM converts the bytecode to the native code for the machine at hand. virtual pathname In a virtual file system, a virtual pathname is a synonym that the virtual file system maps to a file stored in the file system maintained by the host machine s operating system. W Web cartridge A cartridge instance that does not expose an IDL interface to the cartridge developer or to the client. Currently, such a cartridge is accessible only via a URL. Web Request Broker (WRB) A CORBA-based mechanism for dispatching, load balancing, and adding thirdparty extensions that are independent of and work with a number of HTTP servers. This is the core of Oracle Application Server architecture. The WRB passes HTTP requests that require the running of server programs to various processes (WRB Executable Engines or WRBXs) that continuously run and await such requests. The WRB also includes an open API, so you can run your own server programs under it. The WRB is a more efficient alternative to the industry-standard CGI, but it can process requests that use CGI environment variables. WRB See Web Request Broker (WRB). WRB API An open API used for writing server-side Web applications using the WRB. X XLF See Extended Logfile Format (XLF). Glossary-18 Oracle Application Server 4.0 Overview