Download What is An application Server

Document related concepts
no text concepts found
Transcript
A DBA Perspective to J2EE
Debu Panda
Principal Product Manager
Oracle Application Server Development
http://radio.weblogs.com/0135826/
Impedance Mismatch
Developer
I love my
objects
and beans
I love my
tables
DBA
Agenda







Application Server Overview
J2EE Overview
Persistence Options and related concerns
Entity Bean Lifecycle for the DBAs
Messaging and Advanced Queuing
J2EE Security and OID/Single Sign On
Additional Resources and Next Steps
What is An application Server
 Middleware between users and database systems
 Provides frameworks for building and deploying
applications
–
–
–
–
–
–
Security
Transactions
Business Intelligence
Self-service Portal
Web Services
Caching and Hi-Availability
 Increasingly Application Servers are becoming an O/S
for servers !
 Major Players: Oracle, BEA, IBM
Oracle Application Server 10
g
Integrated Middleware Platform
Any Data Source
Clustering &
Caching
Management &
Security
Enterprise Portal
Web Services
Wireless & Mobile
B2B Integration
Application Integration
Rapid Application
Development
Business Services
Framework
Business Intelligence
Mind boggling J2EE
JSP
Servlet
JDBC
JTA
EJB
JMS
JNDI
JCA
J2EE
What is J2EE?
 Java 2 Enterprise Edition (J2EE)
–
–




Platform to build scalable and portable applications in Java
Relies on a number of Java specifications
 Servlets, JSPs, EJB, JMS, JDBC, JTA, JNDI, etc.
 DBAs care most about JDBC,JTA and EJB
JDBC – Java APIs for Database access
JTA – Java APIs to manage transactions
EJB – Enterprise JavaBeans
Oracle Application Server Containers for J2EE
(OC4J) is J2EE 1.4 compliant
Develop J2EE Applications with Oracle
Application Server
http
JSP
OHS
Servlets
EJBs
(Session, Entity, MDBs)
Browser
JAAS
JDBC
JCA
Java Mail
JNDI
RMI-over-IIOP
JMS
CORBA
Client
RMI
JTA
EJB
Client
J2EE Container
Java VM
Oracle Application Server
Database
What is a J2EE Container
 J2EE applications run in a special
environment called a J2EE Container/Server
 Oracle’s container is named OracleAS
Containers for J2EE (OC4J)
EJB Container
Interfaces
Client
EJB Bean
Home
J2EE Server
Web
Container
Servlet/JSP
J2EE Architecture
Client Tier
Web Tier
Business
Tier
Web Browser
Applets
JSP Pages
Servlets
Application
Clients
EIS Tier
JDBC /
J2CA
Enterprise
JavaBeans
Database
and
Legacy
Systems
What is JDBC
 Standard API for accessing relational
databases from Java
–
–
Issue SQL statements
Call server-side procedural logic
 Conceptually similar to ODBC
JDBC Driver
 Translates JDBC method calls to vendor-specific
database commands
Database
commands
JDBC calls
Driver
Database
Database
 Implements interfaces defined in the java.sql
and javax.sql packages
 Can also provide a vendor’s extensions to the
JDBC standard
Oracle JDBC Drivers
Thin Driver (Type IV)
Java Engine
Java Sockets
Server-Side
Thin Driver
SQL Engine
PL/SQL Engine
OCI Driver (Type II)
Java Sockets
Server-Side
Internal Driver
KPRB C Library
OCI C Library
Oracle Database
Remote
Database
Sample JDBC URLs for Oracle
 Thin driver:
jdbc:oracle:thin:@<host>:<port>:<SID>
jdbc:oracle:thin:@dbdev.acme.com:1521:ORCL
 OCI driver:
jdbc:oracle:oci:@<TNSNAMES entry>
jdbc:oracle:oci:@dbdev
 Server-Side internal driver:
jdbc:oracle:kprb:
Connecting to the Database
Connect
Issue statement
Process results
1. Register the driver
DriverManager.registerDriver (new
oracle.jdbc.OracleDriver());
2. Connect to the database
Connection conn = DriverManager.getConnection
("jdbc:oracle:thin:@myhost:1521:orcl",
"scott", "tiger");
Close
JNDI Data Sources
LDAP
JNDI
 Newer way to access
connection information
 More flexible, portable
than hard-coding URLs
 Look up connection
details by logical name
 Typical for J2EE applications
CORBA/COS
RMI
API
DNS
File System
JNDI Lookup
JDBC
Connection
Context ctx = new InitialContext();
OracleDataSource ods =
(OracleDataSource)ctx.lookup("jdbc/TestDB");
Connection conn = ods.getConnection();
Database
Connection Pooling and Caching




Reuse an existing physical connection
Closing the connection releases it back to be reused
Useful for stateless applications
Maintaining a set of Pooled Connections is called
Connection Caching
PooledConnection
JDBC
Connection
PooledConnection
Database
PooledConnection
Connection Caching
Java Servlets and JSP Pages
 Server-side Java components
 Reside in the J2EE Web Tier
 Dynamic Web content generation
Java Servlets
 Fundamental Java API for Internet
Communication
 Typically HTML generation
–
Can also deliver other datatypes including binary
– XML, WML, GIF…
 Foundation for JavaServer Pages
Java Servlet Example
public class HelloServlet extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
{
PrintWriter out = response.getWriter();
out.setContentType(“text/html”);
out.println("<html><body>");
out.println(”<h1>Hello There!</h1>");
out.println("</body></html>");
out.close();
}
JavaServer Pages
 HTML pages with embedded Java
–
In contrast to servlets (Java with embedded
HTML )
 Same performance and portability benefits
from servlet technology but with the ease of
use of HTML
 Best of both worlds for Web designers and
Web developers
JSP Example
<HTML>
<BODY>
<P>Hello! <BR>
Today is: <%= new java.util.Date() %>
</BODY>
</HTML>
What is EJB
 Reusable components that run inside a
container
 Can be accessed either
–
–
Either local and remote Java programs
CORBA compliant client
 EJB Container provides support for
–
–
–
Persistence
Access control
Transactions
Types of EJBs
 Session Beans – encapsulate business logic
–
–
–
Transient in nature, cannot survive crash !
Stateless – Perform a task e.g. charge a credit
Stateful – Maintains state between calls e.g. shopping cart
 Entity Beans – persistent in nature
–
–
Representation of data
Two types Bean Managed Persistence (BMP), Container
Managed Persistence (CMP)
 Message Driven beans
–
–
–
A Java Message Service (JMS) listener (listens on a Topic
or Queue)
Reliably consume message
Can work with Oracle Advanced Queueing
Enterprise JavaBean Review
OC4J
EJB container
EJB
EJB
home
home
interface
object
EJB client
EJB
remote
interface
EJB
bean
EJB
remote
object
JMS client
Database
JMS
Listener
MDB
bean
Enterprise Services
Naming, Transactions, Security
Entity Beans Uncovered
 Represent persistent objects
 Have a Primary key for unique identification
 BMP requires developers to code all
persistence
–
Use JDBC to perform persistence
 CMP requires container to do the persistence
based on declarations
–
Container does database access based on
declarations by developer
Container Managed
Relationships
 Only between CMP EJBs
 Supports 1-1, 1-M, and M-M
 Relationships can be
unidirectional or bi-directional
 Relationships are persistent
just like EJBs
 Can have DELETE-CASCADE
property
Customer
id: int
name: String
creditRating: int
*
Address
id: int
city: String
zip: String
Entity Bean Life Cycle
Bean constructor
ejbCreate(…)
primary key constructor
ejbSetEntityContext()
ejbPostCreate()
ejbUnsetEntityContext()
ejbRemove()
ejbStore()
EJB
object stub
Entity bean
ejbLoad()
create()
Client
remove()
EJB Container
EJB Server
Entity Bean Lifecycle and
database
Method
Operation
DB Operation
ejbCreate()
Create an entity bean
instance
INSERT to persist the
bean instance
ejbPostCreate() Set relationship
UPDATE foreign key or
INSERT if deferred write
ejbLoad()
Load a bean instance
using the supplied primary
key
SELECT statement to
retrieve a database row
ejbStore()
Update the corresponding
bean in the database
UPDATE to a database
row
ejbRemove()
Remove a bean instance
DELETE the record
findByXXX()
Find the beans based on a
certain condition
SELECT statement to
fetch one or multiple rows
J2EE Persistence Options
 J2EE standards based options are
–
–
–
Direct JDBC from web-tier or EJB session beans
Entity beans with Bean Managed Persistence
Entity beans with Container Managed
Persistence
 Additional technologies
–
–
Java-to-relational frameworks such as OracleAS
TopLink
Oracle ADF (Application Development
Framework)
Direct Access with JDBC
 Developer codes all interactions with database
–
Queries, inserts, updates, deletes using JDBC API
 Common design pattern used – Data Access
Objects
–
–
Separates persistence from business logic
Avoids putting JDBC code directly in Servlet/JSPs
 Nil to low overhead from container
–
–
Developer is responsible for opening/closing
resources
Transactions managed programmatically
 Concurrency considerations
 DBA Concerns: Review SQL
Bean Managed Persistence
 Using BMP
–
–
–
All database interactions are manually coded
Container calls your code when it performs an
operation
Container still ultimately in control
 Provides some implementation flexibility
–
–
Map to 1 or more tables, different storage systems
Make use of existing stored procedures
 Performance perceptions and reality
–
–
Developer coded *may* be better than container
generated
Inherent problem with (n + 1) SQL calls
 DBA Concerns: Database schema is coded into
bean, Review SQL
Container Managed Persistence
 Using CMP
–
–
–





Developer specifies persistent attributes of object
Developer specifies how entity object maps to database
All JDBC code generated by container
Container is responsible for managing persistence
Container maintains relationships between objects
Requires less code than JDBC and BMP
Choice for persistence in J2EE Applications
DBA Concerns : Many !! If you are not using Oracle
Application Server
CMP development and
deployment Concerns
 Container Managed Tables
–
–
Containers creates the tables and names those
Ask your developers to map to your schema
 Container creates Primary key
–
–
If no primary key is assigned in Entity bean
OC4J names this column autoid by default
 Container Managed Relationship
–
–
May create an extra table for maintaining relationship
You can use foreign key for mapping 1-M
Performance Concerns
 Container generates the SQL
–
–
SQL statement that can cause
performance degradation by making full
table scans or unnecessary joins
Unnecessary Extra SQL statements
 Developers specify finder methods
that can make full table scans
 How to tune database for use with
CMPs
Optimizing CMP Entity beans
for Oracle database
 Reduce database operations
 Use right concurrency mode and
locking strategy
 Tune your SQL/database
Reduce Database Operations
 Enforce primary key constraint at database level
–
Avoid extra SQL for constraint checking by container
 Exploit DELETE CASCADE at database level
–
Container generate multiple SQL statements
 Defer EJB creation to end of transaction
–




This avoids an extra UPDATE statement
Batch update operations to end of transaction
Exploit eager loading of relationship
Reduce round trips with pre-fetch size
Avoid N+1 problem by switching off lazy-loading
Use Right Locking/Isolation
Mode
 Choose the right isolation level for entity
beans
–
–
Avoid if possible at the bean level
COMMITTED performs better than Serializable
 Choose right locking mode
–
–
Use Optimistic and Read-Only if possible
Pessimistic uses ‘SELECT FOR UPDATE’
 Avoid database calls with Read-Only patterns
Database Tuning Tips for
CMPs
 Make sure that your finder /select method uses
indexes.
 Exploit statement caching by the container
 Avoid findAll() on large tables as this makes full table
scans
 Most EJB systems are OLTP in nature so tuning redo
is important
 The basics of tuning any database are valid for EJBs
 Use Statspack to find bottlenecks and tune your DB
OracleAS Toplink – The
Most Compelling Option
 Improves developer productivity by providing a
flexible O-R Framework
–
–
Avoiding manual coding of interactions with database
Have years of experience in Java to Relational mapping
 Can be used in any J2EE application
–
Servlets/JSPs / EJBs (BMP/CMP)
 Reduces the load on database
–
–
–
Resolving the N+1 problem
By using caching data in the middle-tier and reading ‘Just
In Time’
Minimizing database calls
 Utilize the features provided by databases
 Respect and work with database locks
DB Configurations concern
 Database user passwords
–
–
–
Used in data-sources for connection
pooling
Stored in clear text, can be encrypted !
Changes require restart of container
 OC4J uses an Oracle database for
commit coordinator for 2-Phase commit
–
–
Requires a 9i database as commit
coordinator
Requires database links
?
Message Driven Beans
 A message driven bean is a stateless,
asynchronous bean for processing JMS
messages
 Exist within a pool, receive and process
incoming messages from a JMS queue or
topic
 Invoked by the container to handle each
incoming message from the queue or topic
JMS and Oracle AQ
 OC4J uses two JMS providers
–
–
OC4J JMS – Internal/in-memory JMS
OracleJMS – based in Oracle AQ
 JMS uses
–
–
Queues – single consumer
Topics – multiple consumers
 OracleJMS persists messages in AQ tables
–
As DBAs you have to manage these objects
Security concepts
 Identity management
–
–
Authentication – Is this the right guy?
Authorization – Does his/she have this privilege?
 Encryption - Any body hearing?
Identity Management
 Programmatic vs. Declarative
 Programmatic
–
–
May use a Database to store user id/passwords
May use a LDAP compliant directory like OID
 Declarative
–
–
JAZN-LDAP requires OID
Oracle’s Single Sign-on uses Oracle DB/OID
OID Architectural Overview
OID
clients
LDAP
LDAP over SSL
OID
Oracle Net
connections
Directory
administration
Oracle
database
Benefits of OID
 OID provides:
–
–
–
–
–
Delegated Administration Service (DAS)
Failover in cluster configurations
Support for Oracle Real Application Clusters
Oracle Directory Integration platform, to
synchronize with other enterprise repositories
including third-party LDAP directories
Password policy management
Security Vulnerability
Web
Servers
Application
Servers
A.
Database
Storage Sys
NAS
B.
Area of Vulnerability
C.
A. Transport
B. Transport
C. Persistent Storage
Unprotected
transaction zone!
Security threats to your
Database
Web
Servers
Application
Servers
Database
Storage Sys
NAS
Unprotected
transaction zone!
Oracle10g, 9i, DB2, some other database?
Server, mainframe, or something else?
NAS, SAN, etc?
Regardless of where the DATA is stored and how it is stored, the
DATA must be must be protected against the many threats.
Summary
 J2EE is a popular platform
 Persistence is the greatest challenge for
developers and may impact DBA’s life
 DBAs and Developers work together to
improve the quality of J2EE applications
otn.oracle.com
Join Over 3,000,000 Developers!
Free Technical Advice
Free Software Downloads
http://otn.oracle.com
 Develop your career with Oracle’s experts
–
Web services, Forms Upgrade to the Web,
TopLink, Business Intelligence, Integration,
J2EE, Linux
 Connect with your peers
 Sign up at
http://otn.oracle.com/events/otnworkshop
QUESTIONS
ANSWERS