A DBA Perspective to J2EE Debu Panda Principal Product Manager Oracle Application Server Development
54
Transcript of A DBA Perspective to J2EE Debu Panda Principal Product Manager Oracle Application Server Development
A DBA Perspective to J2EE
Debu PandaPrincipal Product Manager
Oracle Application Server Development
http://radio.weblogs.com/0135826/
Impedance Mismatch
I love my tables
DBA
I love my objects and beans
Developer
Agenda
Application Server Overview J2EE Overview Persistence Options and related concerns Entity Bean Lifecycle for the DBAs Messaging and Advanced Queuing J2EE Security and OID/Single Sign On Additional Resources and Next Steps
What is An application Server
Middleware between users and database systems Provides frameworks for building and deploying
applications– Security– Transactions– Business Intelligence– Self-service Portal– Web Services– Caching and Hi-Availability
Increasingly Application Servers are becoming an O/S for servers !
Major Players: Oracle, BEA, IBM
Web Services
B2B Integration
Application Integration
Any Data Source
Business Intelligence
Wireless & Mobile
Enterprise PortalManagement &
Security
Business Services Framework
Rapid ApplicationDevelopment
Clustering &Caching
Oracle Application Server 10g
Integrated Middleware Platform
Mind boggling J2EE
J2EE
JSP
JDBC
EJB
JNDI
JTA
JMS
Servlet
JCA
What is J2EE?
Java 2 Enterprise Edition (J2EE) – Platform to build scalable and portable applications in Java– Relies on a number of Java specifications
Servlets, JSPs, EJB, JMS, JDBC, JTA, JNDI, etc. DBAs care most about JDBC,JTA and EJB
JDBC – Java APIs for Database access JTA – Java APIs to manage transactions EJB – Enterprise JavaBeans Oracle Application Server Containers for J2EE
(OC4J) is J2EE 1.4 compliant
Develop J2EE Applications with Oracle Application Server
Database
OHSOHS
Browser
JSPJSP ServletsServlets
JTA
JMS
JND
I
Java Mail
JAA
S
Java VM
Oracle Application Server
JDB
C
J2EE ContainerJ2EE Container
JCA
EJBsEJBs(Session, Entity, MDBs)(Session, Entity, MDBs)
EJBClientEJB
Client
CORBAClient
CORBAClient
RMI
http
RMI-over-IIOP
What is a J2EE Container
J2EE applications run in a special environment called a J2EE Container/Server
Oracle’s container is named OracleAS Containers for J2EE (OC4J)
EJB Container
Client EJB BeanEJB Bean
Home
Interfaces
J2EE ServerJ2EE Server
Web Container
Servlet/JSPServlet/JSP
J2EE Architecture
Database and Legacy Systems
Enterprise JavaBeans
JSP PagesServlets
Web BrowserApplets
Application Clients
Client Tier Web Tier Business Tier
EIS Tier
JDBC / J2CA
What is JDBC
Standard API for accessing relational databases from Java
– Issue SQL statements– Call server-side procedural logic
Conceptually similar to ODBC
Translates JDBC method calls to vendor-specific database commands
Implements interfaces defined in the java.sql and javax.sql packages
Can also provide a vendor’s extensions to the JDBC standard
DriverDriverJDBC calls
Database commands
Database
JDBC Driver
Database
Oracle JDBC Drivers
Oracle Database
Remote Database
Java EngineJava Engine
SQL EnginePL/SQL Engine
SQL EnginePL/SQL Engine
Thin Driver (Type IV)Thin Driver (Type IV)
OCI Driver (Type II)OCI Driver (Type II)
Java SocketsJava Sockets
OCI C LibraryOCI C LibraryKPRB C LibraryKPRB C Library
Server-Side Internal DriverServer-Side
Internal Driver
Server-Side Thin Driver
Server-Side Thin Driver
Java SocketsJava Sockets
Thin driver:
OCI driver:
Server-Side internal driver:
jdbc:oracle:thin:@<host>:<port>:<SID>
jdbc:oracle:oci:@<TNSNAMES entry>
Sample JDBC URLs for Oracle
jdbc:oracle:thin:@dbdev.acme.com:1521:ORCL
jdbc:oracle:oci:@dbdev
jdbc:oracle:kprb:
DriverManager.registerDriver (neworacle.jdbc.OracleDriver());
Connection conn = DriverManager.getConnection
("jdbc:oracle:thin:@myhost:1521:orcl",
"scott", "tiger");
Connecting to the Database
1. Register the driver
2. Connect to the database
Issue statementIssue statement CloseCloseConnectConnect Process results Process results
JNDI Data Sources
Newer way to access connection information
More flexible, portable than hard-coding URLs
Look up connection details by logical name
Typical for J2EE applications
Context ctx = new InitialContext();
OracleDataSource ods =
(OracleDataSource)ctx.lookup("jdbc/TestDB");
Connection conn = ods.getConnection();
JNDI
API
JNDI
API
JNDI Lookup
JDBC Connection
Database
LDAPLDAP
CORBA/COSCORBA/COS
RMIRMI
DNSDNS
File SystemFile System
Connection Pooling and Caching
Reuse an existing physical connection Closing the connection releases it back to be reused Useful for stateless applications Maintaining a set of Pooled Connections is called Connection Caching
Database
PooledConnectionPooledConnection
JDBC Connection
PooledConnectionPooledConnection
PooledConnectionPooledConnection
Connection Caching
Java Servlets and JSP Pages
Server-side Java components
Reside in the J2EE Web Tier
Dynamic Web content generation
Java Servlets
Fundamental Java API for Internet Communication
Typically HTML generation– Can also deliver other datatypes including binary
– XML, WML, GIF…
Foundation for JavaServer Pages
public class HelloServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { PrintWriter out = response.getWriter(); out.setContentType(“text/html”); out.println("<html><body>"); out.println(”<h1>Hello There!</h1>"); out.println("</body></html>"); out.close(); }
Java Servlet Example
JavaServer Pages
HTML pages with embedded Java– In contrast to servlets (Java with embedded
HTML )
Same performance and portability benefits from servlet technology but with the ease of use of HTML
Best of both worlds for Web designers and Web developers
<HTML><BODY><P>Hello! <BR>Today is: <%= new java.util.Date() %>
</BODY></HTML>
JSP Example
What is EJB
Reusable components that run inside a container
Can be accessed either – Either local and remote Java programs– CORBA compliant client
EJB Container provides support for– Persistence– Access control– Transactions
Types of EJBs Session Beans – encapsulate business logic
– Transient in nature, cannot survive crash !– Stateless – Perform a task e.g. charge a credit – Stateful – Maintains state between calls e.g. shopping cart
Entity Beans – persistent in nature– Representation of data – Two types Bean Managed Persistence (BMP), Container Managed
Persistence (CMP) Message Driven beans
– A Java Message Service (JMS) listener (listens on a Topic or Queue)
– Reliably consume message – Can work with Oracle Advanced Queueing
Enterprise JavaBean Review
EJB client
OC4J
Enterprise ServicesNaming, Transactions, Security
Database
EJB container
EJB bean
EJB remote object
EJB home object
EJB remote
interface
EJB home
interface
JMS Listener
MDB bean
JMS client
Entity Beans Uncovered
Represent persistent objects Have a Primary key for unique identification BMP requires developers to code all
persistence– Use JDBC to perform persistence
CMP requires container to do the persistence based on declarations
– Container does database access based on declarations by developer
Container Managed Relationships
Only between CMP EJBs Supports 1-1, 1-M, and M-M Relationships can be
unidirectional or bi-directional Relationships are persistent
just like EJBs Can have DELETE-CASCADE
property
Customer
id: intname: StringcreditRating: int
Address
id: intcity: Stringzip: String
*
Entity Bean Life Cycle
Client
EJB ContainerEJB Server
create()
Entity bean
remove()
ejbUnsetEntityContext()ejbRemove()
ejbLoad()
ejbStore()EJB object stub
Bean constructorejbCreate(…)
primary key constructorejbSetEntityContext()ejbPostCreate()
Entity Bean Lifecycle and database
Method Operation DB OperationejbCreate() Create an entity bean
instanceINSERT to persist the bean instance
ejbPostCreate() Set relationship UPDATE foreign key or
INSERT if deferred write
ejbLoad() Load a bean instance using the supplied primary key
SELECT statement to retrieve a database row
ejbStore() Update the corresponding bean in the database
UPDATE to a database row
ejbRemove() Remove a bean instance DELETE the record
findByXXX() Find the beans based on a certain condition
SELECT statement to fetch one or multiple rows
J2EE Persistence Options
J2EE standards based options are– Direct JDBC from web-tier or EJB session beans– Entity beans with Bean Managed Persistence– Entity beans with Container Managed
Persistence
Additional technologies– Java-to-relational frameworks such as OracleAS
TopLink– Oracle ADF (Application Development
Framework)
Direct Access with JDBC
Developer codes all interactions with database– Queries, inserts, updates, deletes using JDBC API
Common design pattern used – Data Access Objects
– Separates persistence from business logic– Avoids putting JDBC code directly in Servlet/JSPs
Nil to low overhead from container– Developer is responsible for opening/closing resources– Transactions managed programmatically
Concurrency considerations DBA Concerns: Review SQL
Bean Managed Persistence
Using BMP– All database interactions are manually coded– Container calls your code when it performs an operation– Container still ultimately in control
Provides some implementation flexibility– Map to 1 or more tables, different storage systems– Make use of existing stored procedures
Performance perceptions and reality– Developer coded *may* be better than container
generated– Inherent problem with (n + 1) SQL calls
DBA Concerns: Database schema is coded into bean, Review SQL
Container Managed Persistence
Using CMP– Developer specifies persistent attributes of object– Developer specifies how entity object maps to database – All JDBC code generated by container
Container is responsible for managing persistence Container maintains relationships between objects Requires less code than JDBC and BMP Choice for persistence in J2EE Applications DBA Concerns : Many !! If you are not using Oracle
Application Server
CMP development and deployment Concerns
Container Managed Tables – Containers creates the tables and names those– Ask your developers to map to your schema
Container creates Primary key– If no primary key is assigned in Entity bean– OC4J names this column autoid by default
Container Managed Relationship– May create an extra table for maintaining relationship – You can use foreign key for mapping 1-M
Performance Concerns
Container generates the SQL– SQL statement that can cause
performance degradation by making full table scans or unnecessary joins
– Unnecessary Extra SQL statements
Developers specify finder methods that can make full table scans
How to tune database for use with CMPs
Optimizing CMP Entity beans for Oracle database
Reduce database operations Use right concurrency mode and
locking strategy Tune your SQL/database
Reduce Database Operations
Enforce primary key constraint at database level– Avoid extra SQL for constraint checking by container
Exploit DELETE CASCADE at database level – Container generate multiple SQL statements
Defer EJB creation to end of transaction – This avoids an extra UPDATE statement
Batch update operations to end of transaction Exploit eager loading of relationship Reduce round trips with pre-fetch size Avoid N+1 problem by switching off lazy-loading
Use Right Locking/Isolation Mode
Choose the right isolation level for entity beans
– Avoid if possible at the bean level– COMMITTED performs better than Serializable
Choose right locking mode– Use Optimistic and Read-Only if possible– Pessimistic uses ‘SELECT FOR UPDATE’
Avoid database calls with Read-Only patterns
Database Tuning Tips for CMPs
Make sure that your finder /select method uses indexes.
Exploit statement caching by the container Avoid findAll() on large tables as this makes full table
scans Most EJB systems are OLTP in nature so tuning redo
is important The basics of tuning any database are valid for EJBs Use Statspack to find bottlenecks and tune your DB
OracleAS Toplink – TheMost Compelling Option Improves developer productivity by providing a flexible O-R
Framework – Avoiding manual coding of interactions with database– Have years of experience in Java to Relational mapping
Can be used in any J2EE application– Servlets/JSPs / EJBs (BMP/CMP)
Reduces the load on database – Resolving the N+1 problem– By using caching data in the middle-tier and reading ‘Just In Time’– Minimizing database calls
Utilize the features provided by databases Respect and work with database locks
DB Configurations concern
Database user passwords– Used in data-sources for connection
pooling– Stored in clear text, can be encrypted !– Changes require restart of container
OC4J uses an Oracle database for commit coordinator for 2-Phase commit
– Requires a 9i database as commit coordinator
– Requires database links
?
Message Driven Beans
A message driven bean is a stateless, asynchronous bean for processing JMS messages
Exist within a pool, receive and process incoming messages from a JMS queue or topic
Invoked by the container to handle each incoming message from the queue or topic
JMS and Oracle AQ
OC4J uses two JMS providers– OC4J JMS – Internal/in-memory JMS– OracleJMS – based in Oracle AQ
JMS uses– Queues – single consumer– Topics – multiple consumers
OracleJMS persists messages in AQ tables– As DBAs you have to manage these objects
Security concepts
Identity management– Authentication – Is this the right guy?– Authorization – Does his/she have this privilege?
Encryption - Any body hearing?
Identity Management
Programmatic vs. Declarative Programmatic
– May use a Database to store user id/passwords– May use a LDAP compliant directory like OID
Declarative– JAZN-LDAP requires OID– Oracle’s Single Sign-on uses Oracle DB/OID
OID Architectural Overview
Directoryadministration
OID
Oracledatabase
Oracle Netconnections
LDAP over SSL
OIDclients
LDAP
Benefits of OID
OID provides:– Delegated Administration Service (DAS)– Failover in cluster configurations– Support for Oracle Real Application Clusters– Oracle Directory Integration platform, to
synchronize with other enterprise repositories including third-party LDAP directories
– Password policy management
Security Vulnerability
Area of Vulnerability
A. Transport
B. Transport
C. Persistent Storage
WebServers
DatabaseStorage Sys
NAS
ApplicationServers
Unprotected transaction zone!
A. B.
C.
Security threats to your Database
WebServers
DatabaseStorage Sys
NAS
ApplicationServers
Unprotected transaction zone!
Oracle10g, 9i, DB2, some other database?Server, mainframe, or something else?NAS, SAN, etc?
Regardless of where the DATA is stored and how it is stored, the DATA must be must be protected against the many threats.
Summary
J2EE is a popular platform Persistence is the greatest challenge for
developers and may impact DBA’s life DBAs and Developers work together to
improve the quality of J2EE applications
otn.oracle.com
Join Over 3,000,000 Developers!
Free Software Downloads
http://otn.oracle.com
Free Technical Advice
Develop your career with Oracle’s experts– Web services, Forms Upgrade to the Web,
TopLink, Business Intelligence, Integration, J2EE, Linux
Connect with your peers Sign up at
http://otn.oracle.com/events/otnworkshop
FREE
AQ&Q U E S T I O N SQ U E S T I O N S
A N S W E R SA N S W E R S
