NonStop Servlets for JavaServer Pages (NSJSP) System Administrator’s Guide Abstract NonStop Servlets for JavaServer Pages (NSJSP) are platform-independent server-side programs that programmatically extend the functionality of web-based applications by providing dynamic content from a webserver to a client browser over the HTTP protocol. Product Version NonStop Servlets for JavaServer Pages 2.
Document History Part Number Product Version 525644-001 NonStop Servlets for JavaServer Pages 2.
NonStop Servlets for JavaServer Pages (NSJSP) System Administrator’s Guide Glossary Index Examples What’s New in This Manual vii Manual Information vii New and Changed Information Figures Tables vii About This Guide ix Who Should Read This Guide ix Organization of This Guide x Related Manuals x Bibliography xiii Reference Information on the Internet Your Comments Invited xiv Notation Conventions xv Abbreviations xix xiv 1.
1. Overview and Architecture (continued) Contents 1. Overview and Architecture (continued) Web Application ClassLoader 1-12 DTD for Servlet 2.3 Application Deployment Descriptor New Security (SSL) Attributes 1-13 Statics For Authentication types 1-13 New Error Attributes 1-13 HttpUtils Class 1-13 1-12 2.
Contents 3. Configuring NSJSP (continued) 3. Configuring NSJSP (continued) Configuring Realms 3-19 MemoryRealm 3-20 JDBCRealm 3-22 JNDIRealm 3-26 Digested Passwords 3-31 Configuring Single Sign-On Support 3-32 Configuring Persistent Sessions 3-34 Creating a NonStop SQL Database to Store the Persistent Session Data Configuring the Manager for Sessions Support 3-36 Configuring the Persistent Store 3-40 Cleaning Up the NonStop SQL Session Data 3-43 3-34 4.
5. Logs and Error Conditions Contents 5. Logs and Error Conditions NSJSP Logging 5-1 Logging Configuration 5-2 Switching From Multiple Log Files to a Single Log File Switching From a Single Log File to Multiple Log Files Status Information 5-3 Log Files Rollover 5-3 Log Files Cleanup Script 5-3 nsjsp_cleanlogs Syntax 5-4 nsjsp_cleanlogs Options 5-4 EMS Message Format 5-5 5-2 5-2 6. Interoperability of NSJSP With NonStop EJB Changing the ejb.
Contents Examples Examples Example 1-1. Example 2-1. Example 2-2. Example 3-1. Example 3-2. Example 3-3. Example 3-4. Example 3-5. Example 3-6. Example 3-7. Example 3-8. Example 3-9. Example 3-10. Example 3-11. Example 3-12. Example 3-13. Example 3-14. Example 3-15. Example 3-16. Example 3-17. Example 3-18. Example 3-19. Example 3-20. Example 3-21. Example 3-22. Example 3-23. Example 3-24. Example 3-25. Example 3-26. Example 3-27. Example 3-28. Example 3-29. Example 3-30. Example 3-31. Example 3-32.
Examples (continued) Contents Examples (continued) Example 4-3. Example 4-4. Example 4-5. Example 4-6. Example 4-7. Example 4-8. Example 4-9. Example 4-10. Example 4-11. Example 4-12. Example 4-13. Example 4-14. Example 6-1. Example 6-2. Example 6-3. Example 6-4. Example 6-5.
What’s New in This Manual Manual Information NonStop Servlets for JavaServer Pages (NSJSP) System Administrator’s Guide Abstract NonStop Servlets for JavaServer Pages (NSJSP) are platform-independent server-side programs that programmatically extend the functionality of web-based applications by providing dynamic content from a webserver to a client browser over the HTTP protocol. Product Version NonStop Servlets for JavaServer Pages 2.
What’s New in This Manual New and Changed Information NonStop Servlets for JavaServer Pages (NSJSP) System Administrator’s Guide—525644-001 viii
About This Guide This guide describes the installation, configuration, and management of the NonStop Servlets for JavaServer Pages (NSJSP) 2.0 component of the iTP Secure WebServer. Who Should Read This Guide The NonStop Servlets for JavaServer Pages (NSJSP) System Administrator’s Guide is intended for experienced HP NonStop system administrators and operators who need to install, configure, and manage the iTP Secure WebServer on an HP NonStop system.
About This Guide Organization of This Guide Organization of This Guide Section 1, Overview and Architecture gives a general introduction to the Java 2 Enterprise Edition (J2EE) and discusses the architecture of NonStop Servlets for JavaServer Pages (NSJSP) and JavaServer Pages (JSP). Section 2, Installing NSJSP provides the procedures for installing NSJSP, including what to do before you begin, starting and restarting NSJSP, stopping NSJSP, and uninstalling NSJSP.
About This Guide TCP/IP Manuals The following manuals contain additional information about installing, configuring, and managing HP NonStop systems or other products you can use with NSJSP. TCP/IP Manuals For information specific to managing the TCP/IP subsystem, refer to the following manuals: • • • • The TCP/IP Configuration and Management Manual describes the installation, configuration, and management of the NonStop TCP/IP subsystem.
About This Guide NonStop Java Manuals NonStop Java Manuals For information about the features of the NonStop Server for Java, or if you plan to use JDBC, refer to the following HP manual: • NonStop Server for Java (NSJ) Programmer’s Guide NonStop SQL Manuals For information specific to the NonStop SQL environment, refer to the following manuals: • • The SQL/MP Reference Manual describes NonStop SQL/MP, the HP relational database management system that uses SQL to describe and manipulate data in a Non
About This Guide Bibliography Bibliography The following publications are useful sources of information about web-related technology and usage issues: • Albitz, Paul, and Liu, Cricket. DNS and BIND. Sebastopol, CA: O’Reilly & Associates, 1998. This book provides useful information about working with the Domain Name Server (DNS). • Cheswick, William R., and Bellovin, Steven M. Firewalls and Internet Security: Repelling the Wily Hacker. Reading, MA: Addison-Wesley, 1994.
About This Guide Reference Information on the Internet Reference Information on the Internet The following URL references are available and can be retrieved by using standard web clients over the Internet: • • • • • • • • • • General references: http://www.w3.org HyperText Transfer Protocol (HTTP) references: http://www.w3.org/Protocols/rfc2616/rfc2616.txt Common Gateway Interface (CGI) references: http://hoohoo.ncsa.uiuc.edu/cgi Network and firewall security reference: http://www.nai.
About This Guide • Notation Conventions Sending an e-mail message to the address included on the form. We will immediately acknowledge receipt of your message and send you a detailed response as soon as possible. Be sure to include your name, company name, address, and phone number in your message. If your comments are specific to a particular manual, also include the part number and title of the manual. Many of the improvements you see in manuals are a result of suggestions from our customers.
About This Guide General Syntax Notation A group of items enclosed in brackets is a list from which you can choose one item or none. The items in the list can be arranged either vertically, with aligned brackets on each side of the list, or horizontally, enclosed in a pair of brackets and separated by vertical lines. For example: FC [ num ] [ -num ] [ text ] K [ X | D ] address { } Braces. A group of items enclosed in braces is a list from which you are required to choose one item.
Notation for Messages About This Guide If there is no space between two items, spaces are not permitted. In this example, no spaces are permitted between the period and any other items: $process-name.#su-name Line Spacing. If the syntax of a command is too long to fit on a single line, each continuation line is indented three spaces and is separated from the preceding line by a blank line. This spacing distinguishes items in a continuation line from items in a vertical list of selections.
About This Guide Notation for Management Programming Interfaces { } Braces. A group of items enclosed in braces is a list of all possible items that can be displayed, of which one is actually displayed. The items in the list can be arranged either vertically, with aligned braces on each side of the list, or horizontally, enclosed in a pair of braces and separated by vertical lines.
About This Guide Abbreviations The CRE has many new message types and some new message type codes for old message types. In the CRE, the message type SYSTEM includes all messages except LOGICAL-CLOSE and LOGICAL-OPEN. Abbreviations The following list defines abbreviations and acronyms used in this guide. Both industrystandard terms and HP terms are included. AWT. Abstract Windows Toolkit ARPA. Advanced Research Project Agency ATP. Active Transaction Pages BSD. Berkeley Software Distribution C.
About This Guide Abbreviations GUI. Graphical User Interface HTML. HyperText Markup Language HTTP. HyperText Transfer Protocol HTTPD. HyperText Transfer Protocol Daemon IEEE. Institute of Electrical and Electronics Engineers IEN. Internet Engineering Note IP. Internet Protocol J2EE. Java 2 Enterprise Edition JAR. Java Archive Tool JDBC. Java Data Base Connectivity JDK. Java Development Kit JIT. Just-In-Time (Java compiler) JNDI. Java Naming and Directory Interface JNI. Java Native Interface JSP.
About This Guide Abbreviations NCSA. National Center for Supercomputing Applications NSJ. NonStop Java NSJSP. NonStop Servlets for JavaServer Pages O. Organization OLTP. Online Transaction Processing OSS. Open System Services OU. Organizational Unit PAID. Process Accessor ID PCT. Private Communication Technology PDF. Portable Document Format PEM. Privacy Enhanced Message PKS. Public Key Certificate Standard PPP. Point to Point Protocol QIO. Queued Input Output RFC. Request for Comments RLS.
About This Guide Abbreviations SSI. Server Side Include SSL. Secure Sockets Layer ST. State TACL. Tandem Advanced Command Language TAL. Transaction Application Language Tcl. Tool Command Language Tcl/CGI. Tool Command Language/Common Gateway Interface TCP/IP. Transmission Control Protocol/Internet Protocol TS/MP. Transaction Services/Massively Parallel URL. Uniform Resource Locator WAR. Web Archive WID. WebSafe2 Interface Driver WISP. WebSafe2 Internet Security Processor X.509.
1 Overview and Architecture The information discussed in this section includes the following: • • • • Java 2 Enterprise Edition (J2EE) Overview on page 1-2 JavaServer Pages (JSP) Architecture on page 1-6 NonStop Servlets for JavaServer Pages (NSJSP) Architecture on page 1-10 New Features in the HP NSJSP Implementation on page 1-12 NonStop Servlets for JavaServer Pages (NSJSP) are platform-independent server-side programs that programmatically extend the functionality of web-based applications by provid
Overview and Architecture Java 2 Enterprise Edition (J2EE) Overview Java 2 Enterprise Edition (J2EE) Overview J2EE enables the use of dynamic applications to communicate over HTTP with client browsers, specifically web containers, servlets, JSP, Java classes, and deployment descriptors. The iTP WebServer implementation of Servlets and JSP is a key component for J2EE compliance. The iTP WebServer implementation enables support for Java-based NonStop products.
The Web Container Overview and Architecture The Web Container For building and running web-based applications, J2EE provides a web container, a Java runtime environment that has the following content: • • • The applications, including Java Servlets and JavaServer Pages, class libraries, resources such as HTML or XML documents, and images. The Servlet API and runtime management including initializing, invoking, and managing the Servlet and JSP lifecycles. The deployment descriptors (the web.
Overview and Architecture JavaServer Pages (JSP) JavaServer Pages (JSP) JavaServer Pages (JSP), a presentation layer technology that sits on top of the Java Servlets model, simplifies the creation and management of dynamic HTML. The technology takes a component-based rather than page-based approach to development. With page-based design, the web page combines the presentation material usually created by designers with the business logic usually created by programmers.
Overview and Architecture The Web Application The Web Application The web application is a collection of servlets, HTML pages, images, JavaServer Pages, a deployment descriptor, and other configuration files that together represent all the resources necessary to host a complete application on a J2EE-compliant web server.
Overview and Architecture Web Archive (WAR) Files Web Archive (WAR) Files The web application can be packaged into a web archive (WAR) file to provide a simplified means of distributing Java class files and related resources as a single deployment unit. Assume we have the application /myapp1 as shown in Example 4-1, Use of getAttribute() Method to Obtain Environment Variables, on page 4-6. To create a WAR file, go to the root of the application.
Overview and Architecture Model-View-Controller Designs JSP page is requested the first time. The result is a JSP page implementation class file that implements the Servlet interface. The JSP page implementation class file extends HttpJspBase, which in turn implements the Servlet interface. The service method of this class, _jspService(), essentially inlines the contents of the JSP page.
Overview and Architecture Model-View-Controller Designs The second approach is to adopt the model-view-controller design, shown in Figure 1-4, A Model-View-Controller Design. In this design, processing is divided between the controller and presentation components. The presentation component, or View, are JSP pages that generate the HTML or XML response that determines the user interface rendered by the browser.
Overview and Architecture JSP Syntax Basics 1. Obtain a reference to the servlet context by invoking getServletContext(). The return value is a javax.servlet.ServletContext object, which contains several methods for the servlet to communicate with the container. The getServletContext() method is invoked on the ServletConfig object passed in to a servlet’s init() method and is typically stored as a field in the servlet class. 2. Obtain a reference to the request dispatcher object for the servlet in use.
Overview and Architecture An Example of JSP Code Scriptlets. You can write Java code anywhere in a JSP page, in the form <% code %>. By using the import attribute of the page directive you have access to all Java APIs from within your scriptlet code. An Example of JSP Code Example 1-1 is an example use of templating, a common technique used in web page development, which uses the services of more than one servlet.
Overview and Architecture NonStop Servlets for JavaServer Pages (NSJSP) Architecture The ITP Secure WebServer software, which is inherently scalable and reliable, enables the creation of Java Servlets that can take advantage of the database and transaction services infrastructure of the HP NonStop server. Java Servlets run in a container that is implemented as NonStop TS/MP server processes that can be replicated and automatically load-balanced across multiple processor nodes for scalability throughput.
Overview and Architecture New Features in the HP NSJSP Implementation New Features in the HP NSJSP Implementation New features incorporated in the HP implementation of the Java Servlet 2.3 and the JavaServer Pages 1.
Overview and Architecture New Security (SSL) Attributes New Security (SSL) Attributes New security (SSL) attributes include the following: javax.servlet.request.cipher_suite javax.servlet.request.key_size javax.servlet.request.X509Certificate Statics For Authentication types The getAuthType() method that returns the type of authentication used to identify a client has been defined to return one of the four new static final string constants in the HttpServletRequest class.
Overview and Architecture HttpUtils Class NonStop Servlets for JavaServer Pages (NSJSP) System Administrator’s Guide—525644-001 1-14
2 Installing NSJSP The information discussed in this section includes the following: • • • • • • Before You Begin the Installation on page 2-1 Begin the Installation on page 2-2 Starting or Restarting NSJSP on page 2-5 Stopping NSJSP on page 2-6 Uninstalling NSJSP on page 2-7 NSJSP Directory Structure on page 2-8 The procedure for installing NSJSP software depends on the distribution medium for the product. Check the Readme.txt file if you have received the software on a CD.
Installing NSJSP • • • • Begin the Installation Review the file USRGUIDE.PDF (in the subdirectory NSK_SW on the product CD) containing the IPSetup User Guide, which provides instructions for using IPSetup, a utility provided on the CD that enables installation of Independent Products. You need Adobe Acrobat Reader (available on the product CD) to read or print the IPSetup User Guide. DSM/SCM cannot be used to install the NSJSP software. When prompted, you must uncheck the "use DSM/SCM" option.
Installing NSJSP setupjava where is the vproc of this software RVU (for example: T1222V20_17MAR03_BASE_V200_5). The COPYOSS step simply unpaxes the T1222PAX file. Running COPYOSS on the product PAX file will not affect any currently running environment in any way. The softdoc file, T1222V20 is a text file that you can keep on <$ISV>.SOFTDOC, or you can copy the file to any other location on your NonStop system by using the FUP DUP or FUP RENAME commands. 3.
Installing NSJSP setup 2. After running the setupjava script, ensure that no errors have been reported by the script. If you use the wrong userid, the setupjava script will not be able to remove and backup the older T0094 SSC library and class files and your T1222 NSJSP environment will not run correctly. After the execution of the setupjava script, the Servlet JNI code (libT1222.
Installing NSJSP Starting or Restarting NSJSP After the setup script is executed, the default servlet.config file will be located in the iTPWS_INSTALL_DIR/conf directory. If a pre-existing NSJSP configuration already exists and the version matches, no backup is made and the pre-existing NSJSP configuration files are kept unmodified. If the version is not the same, the existing configuration files, iTP_server.xml, web.xml, and servlet.config, are saved with the extension bkup.
Installing NSJSP Possible Error Conditions NSJSP can also be started with a security manager. For information on this, refer to Starting NSJSP With a Security Manager on page 3-17. To restart NSJSP, use the restart script or the stop/nsjsp_stop and start scripts in sequence, as described in the iTP Secure WebServer System Administrator’s Guide, or use the PATHCOM utility to freeze, stop, thaw, and start NSJSP. The restart script is shown below: OSS: cd /usr/tandem/webserver/conf OSS: .
Installing NSJSP Uninstalling NSJSP Example 2-1. The nsjsp_stop Script /usr/tandem/webserver/conf : ./nsjsp_stop NonStop(tm) Servlets for JavaServer Pages(tm) Stop Script T1222V20_17MAR03_BASE_V200_5 __________________________________________________________ Gracefully shuts down the NonStop(tm) Servlets for JavaServer Pages(tm) ServerClass (SERVLET) and the iTP WebServer environment.
Installing NSJSP NSJSP Directory Structure Once the uninstall script is run, to reinstall NSJSP, follow the installation instructions for the specific NSJSP version you wish to reinstall. NSJSP Directory Structure Table 2-1 shows the various directories under the NSJSP home directory, iTPWS_INSTALL_DIR/servlet_jsp, after installation. Table 2-1. NSJSP Directory Structure Directory Description bin/ Binary executables and scripts classes/ Any .
Installing NSJSP Directory Example Directory Example Example 2-2 is intended to summarize the answer to the question, "How do you get from a URL to the application and to a servlet?" (Refer to Map Requests to Applications and Servlets on page 3-15.) The example shows the main directories and the configuration necessary to get NSJSP up and running. The example assumes the default location of /usr/tandem/webserver as the root of your directory structure.
Installing NSJSP Directory Example By default, the /webapps subdirectory contains your server applications. (Use docbase in iTP_server.xml to set this path, or any other preferred location.) myapp1 is a sample application subdirectory. At this (root) level you can store files such as index.html, or create subdirectories to manage your web application resources, for example /images for graphics files. Every application must have a WEB-INF subdirectory.
3 Configuring NSJSP The information discussed in this section includes the following: • • • • • • • Configuring the Web Container on page 3-1 Configuring Web Applications on page 3-10 Configuring the Security Manager on page 3-16 Configuring Virtual Hosting on page 3-18 Configuring Realms on page 3-19 Configuring Single Sign-On Support on page 3-32 Configuring Persistent Sessions on page 3-34 Configuring the Web Container Several configuration files support the NSJSP servlet container environment and w
Configuring NSJSP servlet.config servlet.config This file contains the configuration information required for the SERVLET ServerClass and the filemap. The file is located (by default) in /usr/tandem/webserver/conf. When you run a new installation (of T1222) for the first time, for security purposes, the setup script automatically makes a backup of any pre-existing servlet.config file. You can then make any changes to the default, such as adding filemaps. Note.
Configuring NSJSP servlet.config The NSJSP home directory -Dcatalina.home=$env(NSJSP_HOME) The name of the customized server.xml file for NSJSP to use /conf/iTP_server.xml Java Runtime Arguments Consider adding any of the optional Java runtime arguments (listed below) to the Java Arglist parameter. Note that the Arglist arguments for Java precede the NSJSP container class, as in the following example: Arglist -Xnoclassgc -Xmx32m -Xss128k -Dbrowserdebug=false\ -Djdbc.drivers=com.tandem.sqlmp.
Configuring NSJSP servlet.config -Dbrowserdebug=[ true | false ] allows the browser to show error details. The default is false. If you encounter an unexplained error with a certain request, look at the log files, turn on the browserdebug (true), restart the server, and rerun the request. -Djdbc.drivers identifies the SQL driver to NonStop Server for Java. It is required for servlets that use SQL/MP or SQL/MX for Java. If present, this option must have the value com.tandem.sqlmp.SQLMPDriver or com.tandem.
Configuring NSJSP servlet.config -DSessionBasedLoadBalancing=[ true | false ] enables or disables session-based load balancing support. Setting this to false and configuring a PersistentManager and Persistent Store via the iTP_server.xml configuration file will enable any SERVLET ServerClass process to handle a session-based request. The default value is true (-DSessionBasedLoadBalancing=true).
Configuring NSJSP iTP_server.xml iTP_server.xml iTP_server.xml is a version of the standard server.xml file modified to use with the iTP WebServer. It is an XML file that conforms to the web application 2.3 DTD (set of tags and structures). The file’s default location is /usr/tandem/webserver /servlet_jsp/conf. The outline structure of iTP_server.xml is shown in Example 3-2. Example 3-2. Structure of iTP_server.
Configuring NSJSP iTP_server.xml The default iTP_server.xml file is well commented, and you should read these comments to become familiar with the contents of this file. Various additional elements, not shown or described here but included in the default iTP_server.xml file, provide for logging and other similar functionality, and define authentication realms. The statements in the iTP_server.xml file, shown in Example 3-3, are required to work with the iTP WebServer. Example 3-3. iTP_server.
Configuring NSJSP web.xml Reloading Servlets If the reloadable attribute is set to true in the iTP_server.xml file (as shown in Example 3-5), the container automatically reloads servlet classes (loaded from either the WEB-INF classes directory or a JAR file in the WEB-INF/lib directory) that have changed. The reload function is applicable only for the top level Servlet classes. It means that any changes in the class that are used inside user servlets will not be brought in. Example 3-5.
Configuring NSJSP web.xml before higher integers. If no value is specified, or if the value specified is not a positive integer, the container is free to load it any time in the startup sequence. Example 3-6 shows a servlet class file, SessionSnoop, which has a priority of 3. Files with a higher priority will be loaded before this one. Note that the servlet class name is SessionSnoop, but a URL could reference it by the servlet name Snoop. Example 3-6.
Configuring NSJSP Configuring Web Applications Initializing Servlets You can initialize servlets in either of the two versions of the web.xml file. If portability is a requirement, you may prefer to put the initialization within the application version of web.xml. This is the deployment descriptor location used when packing or unpacking web application archive (WAR) files. The element contains a name/value pair as initialization parameter of the servlet, as shown in Example 3-8. Example 3-8.
Configuring NSJSP Configuring Web Applications Example 3-9. Application Directory Structure /webapps/myapp1/ index.html login.jsp images/ companylogo.gif ourfounder.gif literature/ whitepaper.pdf WEB-INF/ web.xml classes/ shoppingcart.class checkout.class lib/ xmltools.jar src/ shoppingcart.java checkout.java In the example myapp1, a public area contains the files that are directly accessible for rendering by the browser, for example, the GIF and HTML files.
Configuring NSJSP Add a New Web Application Add a New Web Application You can add an application to a run-time production system, such as the iTP WebServer, in three ways. • • • Deploy an Existing Application WAR File Deploy a Web Application Automatically Create a New Application Deploy an Existing Application WAR File If you already have a fully developed application in a WAR file, move the WAR file to the webapps directory, create the context path in iTP_server.xml, add a filemap in servlet.
Configuring NSJSP Create a New Application properties for the corresponding context or unless you do not want to add an extra NSJSP root directory (/servlet_jsp) when accessing a web application. Create a New Application If you are creating a new application using the iTP WebServer environment you should: 1. Create the appropriate directory structure under /webapps. If you prefer to locate it elsewhere, use the docbase attribute of the context path. Populate it with the required servlets and JSP files.
Configuring NSJSP Deploy a Servlet Example 3-10. Deploying a Servlet
Configuring NSJSP Map Requests to Applications and Servlets Map Requests to Applications and Servlets Mapping requests to servlets is closely linked to the concepts of a context path. The application name and the context path gets you to the application subdirectory. No further path is necessary to find a servlet or JSP within that application. The deployment descriptor XML (web.xml) file defines the rest of the path.
Configuring NSJSP Configuring the Security Manager Example 3-12 is a sample fragment of a web.xml file that maps any URL containing the application name to a specific servlet. Example 3-12. Mapping a URL to the Servlet start startCartRequest /myapp1/* Path mappings are relative to the context’s URL path.
Configuring NSJSP Starting NSJSP With a Security Manager The default iTP_catalina.policy file contains all the grant entries in the standard catalina.policy file plus the following additional entry for the NSJSP container: Example 3-14. Policy File Entry for the NSJSP Container grant codeBase "file:${catalina.home}/bin/nsjsp_bootstrap.jar" { permission java.security.AllPermission; }; Starting NSJSP With a Security Manager Once you have configured the iTP_catalina.
Configuring NSJSP Configuring Virtual Hosting Example 3-16. Troubleshooting the NSJSP Security Manager Arglist -Xnoclassgc -Xmx32m -Xss128k -Dbrowserdebug=false \ -Djdbc.drivers=com.tandem.sqlmp.SQLMPDriver \ -Djava.security.manager \ -Djava.security.policy==$env(NSJSP_HOME)/conf/iTP_catalina.policy \ -Djava.security.debug=all \ -Djava.endorsed.dirs=$env(NSJSP_ENDORSED_DIRS) \ -Dcatalina.home=$env(NSJSP_HOME) \ -Djava.io.tmpdir=$env(NSJSP_HOME)/temp \ -DSessionBasedLoadBalancing=true \ com.tandem.servlet.
Configuring NSJSP Configuring Realms name The host name of this virtual host. This name must match the name submitted on the Host: header in incoming requests. This attribute is required, and must be unique among the virtual hosts running in this servlet container. Note that hostname matching is not case-sensitive. If the host name does not match the Host header in incoming requests, then localhost will be used.
Configuring NSJSP MemoryRealm JNDIRealm Obtains authentication information stored in an Lightweight Directory Access Protocol (LDAP) based directory server, accessed via a Java Naming and Directory Interface (JNDI) provider. To configure a realm, add an XML element to your iTPWS_INSTALL_DIR /servlet_jsp/conf/iTP_server.xml configuration file that looks something like Example 3-18: Example 3-18. Adding an XML Element to Configure a Realm
Configuring NSJSP MemoryRealm debug The level of debugging detail logged by this realm to the associated . Higher numbers generate more detailed output. If not specified, the default debugging detail level is zero (0). digest The digest algorithm used to store passwords in non-plaintext formats. Valid values are those accepted for the algorithm name by the java.security.MessageDigest class. See Digested Passwords on page 3-31 for more information.
Configuring NSJSP JDBCRealm Example 3-19. Default User File Format /tomcat-users> MemoryRealm operates according to the following rules: • • • • • When NSJSP first starts up, it loads all defined users and their associated information from the users file.
Configuring NSJSP • JDBCRealm A userRole table must exist, as referenced in Example 3-20, that contains one row for every valid role that is assigned to a particular user. It is valid for a user to have zero, one, or more than one role. The userRole table must contain at least two columns (it can contain more if your existing applications require it): ° Username, to be recognized by the NSJSP container (same value as is specified in the users table).
Configuring NSJSP JDBCRealm Example 3-21. SQLCI Commands to Create and Load the JDBCRealm osh> gtacl -p sqlci < iTP_JDBCRealm.create.sample osh> gtacl -p sqlci < iTP_JDBCRealm.load.sample Or you may run the NonStop SQL Commands directly through the NonStop Command Interpreter (SQLCI) after replacing the =T1222DBDIR string with the Guardian Location of the JDBCRealm catalog (of the form $Volume.SubVolume).
Configuring NSJSP JDBCRealm driverName The fully qualified Java class name of the JDBC driver to be used. For SQL/MP, specify the value com.tandem.sqlmp.SQLMPDriver here. You must have the sqlmp.jar file in the $JAVA_HOME/jre/lib/ext directory. For SQL/MX, specify the value com.tandem.sqlmx.SQLMXDriver here. You must have the jdbcMx.jar file in the $JAVA_HOME/jre/lib/ext directory, and the INCLUDE_JDBCMX variable should have been set to YES in the $JAVA_HOME/install/Makefile when the JVM was last built.
Configuring NSJSP JNDIRealm Example 3-22. Using the SQL/MP Database to Specify JDBCRealm Attributes PAGE 75Configuring NSJSP ° • • • JNDIRealm There must be an attribute (identified by the userPassword attribute of our element) that contains the user's password, either in clear text or digested (see Digested Passwords on page 3-31). Each group of users that has been assigned a particular role is represented by an individual element in the top level DirContext, which is accessed via the connectionURL attribute.
Configuring NSJSP JNDIRealm connectionURL The directory server URL to establish a JNDI connection with. debug The level of debugging detail logged by this realm to the associated . Higher numbers generate more detailed output. If not specified, the default debugging detail level is zero (0). digest The digest algorithm used to store passwords in non-plaintext formats. Valid values are those accepted for the algorithm name by the java.security.MessageDigest class.
Configuring NSJSP JNDIRealm The schema creation for your directory server is beyond the scope of this document because it is unique to each directory server implementation. The examples below show you how to configure the OpenLDAP directory server, which can be downloaded from http://www.openldap.org. These examples assume that the OpenLDAP server's configuration file (slapd.conf) contains the LDBM settings (among others), as shown in Example 3-23: Example 3-23.
Configuring NSJSP JNDIRealm Example 3-24.
Configuring NSJSP Digested Passwords Example 3-25. Realm Element for the OpenLDAP Directory Server PAGE 80Configuring NSJSP Configuring Single Sign-On Support To use either of the above techniques, you must update your OSS profile to include the following in the JAVA CLASSPATH: iTPWS_INSTALL_DIR/servlet_jsp/server/lib/catalina.jar This makes the RealmBase class available to you. Configuring Single Sign-On Support NSJSP enables users to authenticate themselves just once across the entire set of web applications associated with a virtual host.
Configuring NSJSP Configuring Single Sign-On Support The single sign-on facility operates according to the following rules: • • • • • • • All web applications configured for this virtual host must share the same Realm. In practice, that means you can nest the element inside this element (or the surrounding element), but not inside a element for one of the involved web applications.
Configuring NSJSP Configuring Persistent Sessions Configuring Persistent Sessions NSJSP provides support for persistent sessions via the element in the iTP_server.xml configuration file. The element should be nested below a element, as it represents a session manager that can be used to create and maintain session data for a particular web application/Context.
Configuring NSJSP Creating a NonStop SQL Database to Store the Persistent Session Data Example 3-27. SQL Script for Configuring Persistent Sessions sqlci> sqlci> create catalog =TheT1222SessionCatalog secure "OOOO"; create table =TheT1222SessionCatalog.
Configuring NSJSP Configuring the Manager for Sessions Support Example 3-29. Adding Partitions Using the SQLCI ALTER TABLE Command sqlci> alter table =TheT1222SessionCatalog.SessData =TheFirstSessionPartition.SessData FIRST catalog =TheT1222SessionCatalog; add partition KEY “5” sqlci> alter table =TheT1222SessionCatalog.SessData =TheSecondSessionPartition.
Configuring NSJSP Configuring the Manager for Sessions Support maxInactiveInterval The maximum inactive interval (in minutes) for any sessions created. The default value is 30 minutes. The value of this property is automatically inherited from the web application deployment descriptor (WEB-INF/web.xml) based on the value specified in the element. NSJSP provides two implementations of the manager that you can use.
Configuring NSJSP Configuring the Manager for Sessions Support maxActiveSessions The maximum number of active sessions that can be created. The default value used is -1 for no limit or unlimited active sessions. randomClass The Java class name of the java.util.random implementation class. The default class used is java.security.SecureRandom. Example 3-30 shows how to use the NSJSPStandardManager. Example 3-30.
Configuring NSJSP Configuring the Manager for Sessions Support className The Java class name of the implementation to use. You must specify org.apache.catalina.session.NSJSPPersistentManager. debug The debug level for messages logged to the associated logger. Higher numbers generate more detailed output. The default debug detail level value used is 0 (zero). entropy A string value that is utilized when seeding the random number generator used to create session identifiers.
Configuring NSJSP Configuring the Persistent Store maxIdleSwap The time interval (in seconds) for which a session must be idle (time since last access to the session) before it is persisted to the session store and passivated out of the NSJSP container's memory. The default value of -1 disables this feature. If this feature is enabled, the time interval specified here should be equal to or longer than the value specified for maxIdleBackup. randomClass The Java class name of the java.util.
Configuring NSJSP Configuring the Persistent Store className The Java class name of the implementation to use. You must specify org.apache.catalina.session.NonStopSQLJDBCStore. debug The debug level for messages logged to the associated . Higher numbers generate more detailed output. The default debug detail level value used is 0 (zero). driverName The fully qualified Java class name of the JDBC driver to be used. For SQL/MP, specify the value com.tandem.sqlmp.SQLMPDriver here.
Configuring NSJSP Configuring the Persistent Store sessionProcessNameCol The name of the NonStop SQL database column contained in the specified sessionTable, that contains the HP NonStop process name of the NonStop Server for Java (NSJ) process. This column type must accept as many characters as are contained in the NonStop process name (typically 6).
Configuring NSJSP Cleaning Up the NonStop SQL Session Data Note. The NonStop SQL catalog must be created on a TMF-audited data volume (disk). In order to save the persistent session data to the persistent store, you should use the iTPWS_INSTALL_DIR/conf/nsjsp_stop script instead of the stop script (see Stopping NSJSP on page 2-6 for more details). Example 3-31 shows how to use the NSJSPPersistentManager. Example 3-31.
Configuring NSJSP Cleaning Up the NonStop SQL Session Data Example 3-32 defines the usage of the nsjsp_cleanSessionData script. Example 3-32. SQL Session Data Cleanup Script Usage: where nsjsp_cleanSessionData nDays: nDays Number of days for which session data is to be preserved/saved. Sessions that have expired more than 'nDays' ago will be deleted. A value of zero (0) will delete all the expired sessions. Example 3-33 shows how to use the nsjsp_cleanSessionData script: Example 3-33.
4 Programming and Management Features The information discussed in this section includes the following: • • • Client Programming Features on page 4-1 Servlet Programming Features on page 4-2 The NSJSP Manager Web Application on page 4-8 Client Programming Features This subsection describes how to refer to a servlet in an HTML document and how to send requests to and receive responses from a servlet.
Programming and Management Features Receiving Response Information Receiving Response Information The response from the NSJSP container has the same form as the output from any other CGI program. That is, the response consists of: • • • One or more HTTP response headers A blank line The response content However, the servlet/JSP itself need not generate all these elements. If it does not provide header information, the servlet API methods insert the header content-type: text/html.
Programming and Management Features Programming With NonStop Server for Java This section provides only a brief summary of how to use the Servlet API 2.3. For detailed information about the Servlet API 2.3, see the Java Servlet API Specification, Version 2.3 at the following web site: http://java.sun.com/products/servlet/ and other API documentation available from Sun Microsystems.
Programming and Management Features • Servlet and NSJSP Examples and References Transaction protection in NonStop Server for Java is based on, but not identical to, the current interface defined by Java Transaction Services. For complete information about compliance characteristics of NonStop Server for Java and about ensuring portability of Java programs to and from NonStop Server for Java, see the NonStop Server for Java (NSJ) Programmer’s Guide.
Programming and Management Features Obtaining Specific CGI Environment Variable Values The HttpServletRequest Class This class extends the ServletRequest class, which provides methods for retrieving information from a standard input stream and obtaining the values of various headers and environment variables. The HttpServletRequest class defines methods for obtaining HTTP-protocol header information and CGI environment variables such as QUERY_STRING, PATH_INFO, and PATH_TRANSLATED.
Programming and Management Features Context-Management Example 4-1. Use of getAttribute() Method to Obtain Environment Variables out.println(""); Enumeration x = (Enumeration)req.getAttribute("com.tandem.servlet.attribute_names"); out.println("
"); while (x.hasMoreElements()) { String pn = (String)x.nextElement(); out.println(pn +" = " + req.getAttribute(pn) ); } out.Programming and Management Features Request and Response Streams Caution. Exercise caution when you use Pathway or iTP WebServer commands that stop server class executions in environments where threads are spawned from within the web container. Stopping the web container immediately stops all execution threads that are running within the web container.
Programming and Management Features Reserved Cookie Name Reserved Cookie Name The cookie names JSESSIONID, JSESSIONIDSSO, and iTPWebSessionId are reserved for internal use. According to the Servlet API 2.3 the name of the session tracking cookie must be JSESSIONID and the name of the session tracking parameter used in the URL rewriting must be jsessionid. javax.servlet.request.X509Certificate javax.servlet.request.X509Certificate returns an array of one object of type java.security.cert.
Programming and Management Features The nsjsp_manager User Interface To run the nsjsp_manager program from a different directory, you must set the environment variables under OSS prior to running the nsjsp_manager program as shown in Example 4-3: Example 4-3.
Programming and Management Features The nsjsp_manager User Interface Example 4-5 is a screen snap-shot of the nsjsp_manager user interface listing all the currently deployed web applications. List All Web Applications shows the lists of context_path:status. Each list shows all web applications within a servlet instance. Example 4-5.
Programming and Management Features The nsjsp_manager User Interface Example 4-6 is a screen snap-shot of the nsjsp_manager user interface stopping a currently deployed web application, thus making it unavailable. Example 4-6.
Programming and Management Features The nsjsp_manager User Interface Example 4-8 is a screen snap-shot of the nsjsp_manager user interface removing a currently deployed web application, thus taking it out of service. Example 4-8.
Programming and Management Features The nsjsp_manager User Interface The nsjsp_manager operation to reload a web application is useful when you • recompile the classes in a web application that is not configured with a reloadable=true attribute in its entry in the iTPWS_INSTALL_DIR/servlet_jsp/conf/iTP_server.xml file or, when you • change the web.
Programming and Management Features The nsjsp_manager User Interface The nsjsp_cleanSessionData script cleans up orphan or expired sessions from the NonStop SQL database stored for persistent sessions support (see Configuring Persistent Sessions on page 3-34 for more details). The default value of 7 for number of days means that sessions that have expired more than 7 days ago will be deleted from the NonStop SQL database.
Programming and Management Features The nsjsp_manager User Interface The nsjsp_cleanlogs script cleans up log files generated by the NSJSP container (see Log Files Cleanup Script on page 5-3). Example 4-12 is a screen snap-shot of the nsjsp_manager user interface invoking the nsjsp_cleanlogs script. When you execute the clean logs command, the NSJSP Manager will invoke the nsjsp_cleanlogs program from the specified path. Then you can: Enter ... To change the default ...
Programming and Management Features nsjsp_manager Commands The Change NSJSP Manager Log File selection changes the log file used to store all the commands run by the nsjsp_manager utility. By default, the nsjsp_manager utility logs to the iTPWS_INSTALL_DIR/servlet_jsp/logs/nsjsp_manager.log file Example 4-13 is a screen snap-shot of the nsjsp_manager user interface changing the log file for the current session. Example 4-13.
Programming and Management Features nsjsp_manager Commands Prior to running the nsjsp_manager commands, ensure that the following environment variables are set properly: NSJSP_MGR_USER The user name with the manager role specified in the Realm being used in the iTPWS_INSTALL_DIR/servlet_jsp/conf/iTP_server.xml file. There is no default value for this variable and a correct value must be set.
Programming and Management Features Retry and Error Recovery Example 4-14 shows how to set these values before invoking the nsjsp_manager utility in a non-interactive manner. Example 4-14. Setting nsjsp_manager Environment Variables osh> osh> osh> osh> osh> osh> osh> export export export export export export export NSJSP_MGR_USER="tomcat" NSJSP_MGR_PASSWD="tomcat" NSJSP_MGR_SERVER_ADDR="localhost" NSJSP_MGR_PATHMON="\$ZWEB" NSJSP_MGR_OSSNAME="/usr/tandem/webserver/bin/servlet.
5 Logs and Error Conditions The information discussed in this section includes the following: • • • • • • NSJSP Logging on page 5-1 Logging Configuration on page 5-2 Status Information on page 5-3 Log Files Rollover on page 5-3 Log Files Cleanup Script on page 5-3 EMS Message Format on page 5-5 NSJSP Logging NSJSP processes report configuration and status information to the standard output (STDOUT) file, and report errors and exceptions to the EMS log and standard error (STDERR) files and other log fil
Logs and Error Conditions Logging Configuration Logging Configuration You can choose to have multiple log files or a single log file. Multiple log files are the default. If you choose the single log file option, all the output is sent to a single log file (that is, servlet.log). Switching From Multiple Log Files to a Single Log File If you are switching from the multiple log files option (the default) to the single log file option, perform the following steps: 1.
Logs and Error Conditions Status Information 5. Copy the iTP_server-multiLogs.xml.sample to the iTP_server.xml file. 6. Delete the iTP_server.xml.sample and create the iTP_server.xml.sample by symbolically linking to the iTP_servermultiLogs.xml.sample file, as follows: ln -s iTP_server-multiLogs.xml.sample iTP_server.xml.sample 7. Migrate the changes saved in step 3 to the iTP_server.xml file. 8. Change the Stderr from servlet.log to servlet.error.log in the servlet.
Logs and Error Conditions nsjsp_cleanlogs Syntax days with an extension matching the specified file extension (suffix) will be deleted. Log file names in other formats are not checked or deleted. This cleanup utility also provides an option to move log files to the specified directory for safe-keeping, so you can decide later what to do with the saved log files.
Logs and Error Conditions EMS Message Format EMS Message Format When an error occurs during startup, the container reports an EMS message consisting of the following elements: • • A line that reports the date, the time, the process name, and the syslog severity category, as described in the OSS manual set. A descriptive string, for example, " (#7001) Servlet ServerClass started. Version Procedure = T1222V20_17MAR03_BASE_V200_5".
Logs and Error Conditions EMS Message Format NonStop Servlets for JavaServer Pages (NSJSP) System Administrator’s Guide—525644-001 5 -6
6 Interoperability of NSJSP With NonStop EJB In order for NSJSP to interoperate with NonStop EJB, you must make a few changes to the EJB ejb.jar file. The ejb.jar file contains the Servlet API 2.0 classes within it, which will cause problems if this jar file is placed in the NSJSP CLASSPATH environment variable—it will essentially not allow the NSJSP container to start up. You will need to make the changes discussed in the following subsections: • • • Changing the ejb.
Interoperability of NSJSP With NonStop EJB Adding and Linking New Jar Files Example 6-1. Fixup Script for NonStop EJB (ejb.jar) osh> /usr/tandem/webserver/servlet_jsp/conf/nsjsp_fixupNSEJB /usr/tandem/nsejb \ NonStop(tm) Servlets for JavaServer Pages(tm) Fixup Script for NonStop(tm) EJB (ejb.jar) T1222V20_17MAR03_BASE_V200_5 _________________________________________________________________ Fixes up the NonStop(tm) EJB Jar files (ejb.
Interoperability of NSJSP With NonStop EJB References to EJB Components Symbolically link the ejbServlet_Security.jar file either in the iTPWS_INSTALL_DIR/servlet_jsp/common/lib directory or in the WEB-INF/lib directory for every application that uses EJB. The following alternatives in Example 6-3 show you how to use OSS Shell commands to add the ejbServlet_Security.jar file to a web application called myEJBApp, which uses EJB. Example 6-3. Linking ejb.
Interoperability of NSJSP With NonStop EJB References to EJB Components The name of the EJB reference. The EJB reference is an entry in the web application's environment. The Java2™ Enterprise Edition Specifications recommend that this name be prefixed by ejb/. This entry is required. The type of the referenced Enterprise Java Bean™. This entry is required.
Interoperability of NSJSP With NonStop EJB References to EJB Components Refer to the NonStop EJB User’s Guide as well as the Translator sample documentation (referenced in Example 6-5) on how to package and deploy the Translator Sample. Example 6-5 is an sample of the deployment descriptor tags required in the web application's WEB-INF/web.xml file. Example 6-5. Deployment Descriptor Tags in the WEB-INF/web.xml File ...
Interoperability of NSJSP With NonStop EJB References to EJB Components NonStop Servlets for JavaServer Pages (NSJSP) System Administrator’s Guide—525644-001 6 -6
7 Migration to NSJSP 2.0 The information discussed in this section includes the following: • • • • Jar File Considerations on page 7-1 Configuration File Considerations on page 7-1 Web Application Considerations on page 7-4 Changes from Servlet 2.2 to Servlet 2.3 on page 7-4 Directory Structure The NSJSP 2.0 container is based on Tomcat 4.0.3 (or later) source code, hence the NSJSP 2.0 release package content is different from the previous NSJSP 1.
Migration to NSJSP 2.0 iTP_server.xml File iTP_server.xml File The content of the iTP_server.xml file has changed a lot in NSJSP (see iTP_server.xml on page 3-6 for details). During installation, the existing iTP_server.xml file is backed up. The iTP_server.xml file will be replaced by the iTP_server.xml.sample (default iTP_server.xml file). You will need to incorporate your specific configuration into the new iTP_server.xml file. • Context change – Since NSJSP 2.
Migration to NSJSP 2.0 The web.xml File The web.xml File The NSJSP 2.0 Container enforces stricter XML syntax checking of the web.xml file. For the Web application deployment descriptor, refer to Example 3-10, Deploying a Servlet, on page 3-14. Example 1 … -1.5 InitFile /Webqa/server/servlet22/servlet20/ShopUsers.txt
