Download slides

Theory, Practice & Methodology
of Relational Database
Design and Programming
Copyright © Ellis Cohen 2002-2008
Implementing
The Middle Tier
These slides are licensed under a Creative Commons
Attribution-NonCommercial-ShareAlike 2.5 License.
For more information on how you may use them,
please see http://www.openlineconsult.com/db
1
Overview of Lecture
GUI-Based User Interfaces
Command-Based User
Interfaces
Client vs Server-Side Execution
Middle-Tier Data &
Cross-Tier Communication
© Ellis Cohen 2001-2008
2
GUI-Based
User Interfaces
© Ellis Cohen 2001-2008
3
Graphical User Interfaces
Ordinarily, users invoke user
operations through a (web-based)
user interface, by
– filling in fields,
– making choices (e.g. checkboxes & radio
buttons), and
– invoking actions (e.g. from pushbuttons
or menu items).
The fields and choices are passed as
parameters to code in the middle-tier
© Ellis Cohen 2001-2008
4
Login Operation
Login
:userid
:passwd
LOGIN
IF error,
return Login
Error Page
ELSE
build & return
Home Page &
remember
:userid & aRole
SELECT role INTO aRole
FROM KnownUsers
WHERE userid = :userid
AND pwd = :passwd
Assuming database is
responsible for user
authentication – e.g. via
table KnownUsers
:curuser :currole
Presentation
Tier
Middle Tier
© Ellis Cohen 2001-2008
Data Tier
5
Using Session Variables
User Operation
name & parameters
ShowSals
IMPORTANT: This is the
format we use to depict
user operations defined
in the middle-tier
SELECT empno, ename, sal
FROM Emps
WHERE empno = :curuser
OR mgr = :curuser
User
Operation
code
Once a session variable has been set,
it can be used in subsequent operations.
What does the User Query operation ShowSals do?
© Ellis Cohen 2001-2008
6
ShowSals
ShowSals
SELECT empno, ename, sal
FROM Emps
WHERE empno = :curuser
OR mgr = :curuser
Shows employee #, name & salary
of the current user , and
of all employees the current user
directly manages!
For a web-based interface, the result set would
actually be used to build the resulting HTML page,
probably by using a query-based FOR LOOP
© Ellis Cohen 2001-2008
7
DestroyDept Operation
DestroyDept
:deptno
:reldept
Destroy
Presentation
Tier
Destroys dept :deptno
If :reldept is NULL,
delete all the employees
in that department,
else, move all the
employees in that dept
to department :reldept
Middle Tier
© Ellis Cohen 2001-2008
Data Tier
8
DestroyDept Implementation
DestroyDept( :deptno, :reldept )
Destroys dept :deptno
If :reldept is NULL, delete all the employees in that department,
else, move all the employees in that dept to department :reldept
BEGIN
IF :reldept IS NULL THEN
-- delete all the employees in dept :deptno
DELETE FROM Emps WHERE deptno = :deptno;
ELSE
-- move the employees in dept :deptno to dept :reldept
UPDATE Emps SET deptno = :reldept
WHERE deptno = :deptno;
END IF;
-- delete dept :deptno
DELETE FROM Depts WHERE deptno = :deptno;
END;
For a web-based interface, an acknowledgement page
or some other useful page would then be returned
(if there were no error)
© Ellis Cohen 2001-2008
9
Command-Based
User Interfaces
© Ellis Cohen 2001-2008
10
Web-Based 3-Tier Architecture
Handles overall
DB mgt,
formatting &
page navigation
DB
Application
A
P
I
Database
Server
User
Web or
Application
Server
Web
Browser
Implements User
Operations
Implements
DB Operations
Middle Tier
Data Tier
Presentation
Tier
(DB) Client-Side
© Ellis Cohen 2001-2008
(DB) Server-Side
11
Command-Based 3-Tier Architecture
Implement
using PL/SQL
DB
Application
A
P
I
Database
Server
User
Terminal
Interface
Command
Interpreter
Use SQL*Plus
as the
Command
Interpreter
© Ellis Cohen 2001-2008
12
DestroyDept Implementation
DestroyDept( :deptno, :reldept )
Destroys dept :deptno
If :reldept is NULL, delete all the employees in that department,
else, move all the employees in that dept to department :reldept
BEGIN
IF :reldept IS NULL THEN
DELETE FROM Emps WHERE deptno = :deptno;
ELSE
UPDATE Emps SET deptno = :reldept
WHERE deptno = :deptno;
END IF;
DELETE FROM Depts WHERE deptno = :deptno;
pl( 'Department Destroyed' );
END;
/
This is for a command-driven interface.
A real web-based interface would show an
acknowledgement page or some other useful page
© Ellis Cohen 2001-2008
13
SQL*Plus User Operations
SQL*Plus does not have a way
of defining user operations.
However, we can put each
user operation into a separate
script file
– To invoke the operation, just
run the corresponding script
file
– Use script file parameters to
provide operation parameters
© Ellis Cohen 2001-2008
14
Using Script File Parameters
User Action:
DestroyDept
&1 – :deptno
&2 – :reldept
Script files can instead use command
line parameters referred to as &num
SQL> -- delete dept 20 and its employees
SQL> @path/DestroyDept 20 NULL
Destroys dept :deptno
If :reldept is NULL, delete all the employees in that department,
else, move all the employees in that dept to department :reldept
The contents of DestroyDept.sql
BEGIN
IF &2 IS NULL THEN
DELETE FROM Emps WHERE deptno = &1;
ELSE
UPDATE Emps SET deptno = &2
WHERE deptno = &1;
END IF;
DELETE FROM Depts WHERE deptno = &1;
pl( 'Department Destroyed' );
END;
/
© Ellis Cohen 2001-2008
15
Renaming Script File Parameters
DestroyDept
&1 – :deptno
&2 – :reldept
DECLARE
aDeptno int := &1;
reldept int := &2;
BEGIN
IF reldept IS NULL THEN
DELETE FROM Emps WHERE deptno = aDeptno;
ELSE
UPDATE Emps SET deptno = aDeptno
WHERE deptno = reldept;
END IF;
DELETE FROM Depts WHERE deptno = aDeptno;
pl( 'Department Destroyed' );
END;
/
© Ellis Cohen 2001-2008
16
Client vs Server-Side
Execution
© Ellis Cohen 2001-2008
17
SQL*Plus and PL/SQL
Begins PL/SQL block
SQL> BEGIN
insert into project( pno, pname, pmgr )
values ( …, …, … );
insert into project( pno, pname, pmgr )
values ( …, …, … );
…
insert into project( pno, pname, pmgr )
values ( …, …, … );
END;
SQL*Plus knows how to parse pure SQL, but
/
not PL/SQL, so it doesn't know when a
PL/SQL block actually ends. Use / to tell it.
© Ellis Cohen 2001-2008
18
Client-Side Processing
If the block is executed on the client,
then each INSERT command
is separately encountered,
and sent as a separate request
to the DB server.
Command
Interpreter
Client-Side
PL/SQL
Engine
DB Client-side
(Oracle)
Database
Server
DB Server-side
© Ellis Cohen 2001-2008
19
Server- vs Client-Side Processing
If SQL*Plus were configured for
client-side processing:
– it would pass anonymous PL/SQL
blocks to a client-side PL/SQL engine
If SQL*Plus were configured for
server-side processing (as the
default SQL*Plus application is)
– it passes anonymous PL/SQL blocks to
the database server, which passes the
block to its internal server-side PL/SQL
engine
© Ellis Cohen 2001-2008
20
Server-Side Processing
In server-side processing,
the entire block is shipped once to the
DB server, which executes it in its
embedded PL/SQL engine
PL/SQL
Engine
Ship down
PL/SQL
block of code
Command
Interpreter
DB Client-side
Oracle
Database
Server
Core SQL
Database
Engine
DB Server-side
© Ellis Cohen 2001-2008
21
Server-Side Output
Execution of
dbms_output.put_line( 'Hello' )
PL/SQL
Engine
Client-side
Program
Oracle
Database
Server
Core SQL
Database
Engine
Strings passed to dbms_output.put_line are shipped to
the client-side program through a separate channel.
If the client-side program is SQL*Plus, it will display the
output if the SQL*Plus variable serveroutput is set.
© Ellis Cohen 2001-2008
22
Middle-Tier Data
& Cross-Tier
Communication
© Ellis Cohen 2001-2008
23
Middle-Tier Data
A variety of middle-tier data is
typically available, which can
be used in executing user
operations:
• Named middle-tier constants
• Parameters passed to user
operations
• Session data maintained by the
middle-tier
© Ellis Cohen 2001-2008
24
SQL*Plus Constants
SQL> define myDeptno = 10
SQL> -- defines a SQL*Plus constant
SQL> SELECT ename FROM Emps
WHERE deptno = &myDeptno;
SQL>
Use of a
BEGIN
constant
FOR rec IN (
SELECT ename FROM Emps
WHERE deptno = &myDeptno)
LOOP
pl( rec.ename );
END LOOP;
SQL*Plus replaces uses of
END;
named constants by their
/
values before passing
anything to the server
© Ellis Cohen 2001-2008
25
SQL*Plus Constant Substitution
SQL> DEFINE myDeptno = 10
SQL> -- defines a SQL*Plus constant
SQL> SELECT ename FROM Emps
WHERE deptno = &myDeptno;
Automatically converted
by SQL*Plus before
passing it to the server
SQL> SELECT ename FROM Emps
WHERE deptno = 10;
The same is true of script parameters,
e.g. &1, &2, etc.
© Ellis Cohen 2001-2008
26
SQL*Plus Session Variables
SQL> VARIABLE myDeptno number
SQL> -- defines a SQL*Plus variable
SQL> SELECT ename FROM Emps
WHERE deptno = :myDeptno;
SQL>
BEGIN
FOR rec IN (
SELECT ename FROM Emps
WHERE deptno = :myDeptno)
LOOP
pl( rec.ename );
END LOOP;
END;
/
SQL> EXECUTE :myDeptno := 10;
© Ellis Cohen 2001-2008
This is how
client-side
session
variables are
defined!
Session variables
used in code
passed to the DB
server are called
bind variables
Setting a
session
variable to a
value
27
Passing Bind Variables
SELECT ename FROM Emps
WHERE deptno = :myDeptno
myDeptno
10
When SQL*Plus parses
the command, it ships
the name & value of
myDeptno to the server
along with the request
Client-side
Program
DB Client-side
SELECT ename FROM Emps
WHERE deptno = :myDeptno
myDeptno
10
The DB
server can
access bind
variables
PL/SQL
Engine
Oracle
Database
Server
Core SQL
Database
Engine
DB Server-side
© Ellis Cohen 2001-2008
28
Returning Bind Variables
myDeptno
NULL
EXECUTE :myDeptno := 10
myDeptno
10
myDeptno
NULL
BEGIN :myDeptno := 10; END;
myDeptno
10
PL/SQL
Engine
After executing a command or
anonymous block, the values of any
bind variables passed to the server
are returned to the client
Client-side
Program
DB Client-side
Oracle
Database
Server
Core SQL
Database
Engine
DB Server-side
© Ellis Cohen 2001-2008
29
Setting Session Variables
Login( :userid, :passwd )
Checks if the provided user id and password
identify an authorized user
If so, set :curuser to the user id,
and set :currole to the user's role
Below are the definitions of
:curuser and :currole
SQL> VARIABLE curuser number
-- assumes userid is a number
-- instead use VARIABLE curuser varchar2(40)
-- if your userid was a 40 char max string
SQL> VARIABLE currole char
-- assumes current role is represented by a single character
© Ellis Cohen 2001-2008
30
Defining Login
User operation name & parameters
Login( :userid, :passwd )
BEGIN
SELECT userid, role INTO :curuser, :currole
FROM KnownUsers
WHERE userid = :userid
AND pwd = :passwd;
pl( 'User logged in with role ' || :currole );
EXCEPTION WHEN OTHERS THEN
RAISE_APPLICATION_ERROR( …,
' Illegal Userid or Password' );
END;
© Ellis Cohen 2001-2008
31
Setting Session Variables
curuser currole
NULL NULL
BEGIN login code END
curuser currole
7782
C .
curuser currole
NULL
NULL
BEGIN … END;
curuser currole
7782
C .
PL/SQL
Engine
Client-side
Program
Oracle
Database
Server
© Ellis Cohen 2001-2008
Core SQL
Database
Engine
32
Script-Based Login Implementation
Login( :userid, :passwd )
&1 – :userid
&2 – :passwd
BEGIN
SELECT userid, role INTO :curuser, currole
FROM KnownUsers
WHERE userid = &1
AND pwd = '&2';
pl( 'User logged in with role ' || :currole );
EXCEPTION WHEN OTHERS THEN
RAISE_APPLICATION_ERROR( …,
' Illegal Userid or Password' );
END;
© Ellis Cohen 2001-2008
33
Clearer Script-Based Login Implementation
Login( :userid, :passwd )
&1 – :userid
&2 – :passwd
DECLARE
aUserid number := &1;
passwd varchar(40) := '&2';
BEGIN
SELECT userid, role INTO :curuser, :currole
FROM KnownUsers
WHERE userid = aUserid
AND pwd = passwd;
pl( 'User logged in with role ' || :currole );
EXCEPTION WHEN OTHERS THEN
RAISE_APPLICATION_ERROR( …,
' Illegal Userid or Password' );
END;
© Ellis Cohen 2001-2008
34
Middle-Tier User Authentication
App User
1) User provides
7782 as their
userid
7782
Web
Browser
Middle-Tier
:curuser
7782
2) Application
authenticates
the user logging
in as 7782
when the user
does a Login
© Ellis Cohen 2001-2008
EmpDB
3) Database
authenticates the
application
connecting as
EmpDB
The application can
then access all of
EmpDB's objects
35