Release 8.1.5
A64685-01
 Library |
 Product |
 Contents |
 Index |
| Oracle8i JDBC Developer's Guide and Reference Release 8.1.5 A64685-01 |
|
This section describes some of the basics about working with applets that use the JDBC Thin driver. It begins with a simple example of coding a JDBC applet, it then describes what you must do to allow the applet to connect to a database. This includes how to use the Oracle8 Connection Manager or signed applets if you are connecting to a database that is not running on the same host as the web server. It also describes how your applet can connect to a database through a firewall. The section concludes with how to package and deploy the applet.
Except for importing the JDBC interfaces to access JDBC entry points, you write a JDBC applet like any other Java applet. Depending on whether you are coding your applet for a JDK 1.1.1 browser or a JDK 1.0.2 browser, there are slight differences in the code that you use. In both cases, your applet must use the JDBC Thin driver, which connects to the database with TCP/IP protocol.
If you are targeting a JDK 1.1.1 browser (such as Netscape 4.x or Internet Explorer 4.x), then you must:
java.sql package into your program. The java.sql package contains the standard JDBC 1.22 interfaces and is part of the standard JDK 1.1.1 class library.
oracle.jdbc.driver.OracleDriver() class and specify the driver name in the connect string as thin.
If you are targeting a JDK 1.0.2 browser (such as Netscape 3.x or Internet Explorer 3.x), then you must:
jdbc.sql package into your program.
The jdbc.sql package is not a part of the standard JDK 1.0.2 class library. It is a separate library that you download as part of the JDBC distribution. The jdbc.sql package was created because JDK 1.0.2 browsers do not allow packages starting with the string "java" to be downloaded. As a work-around, the java.sql package has been renamed to jdbc.sql. This renamed package is shipped with the Oracle JDBC product.
oracle.jdbc.dnlddriver.OracleDriver() class and specify the driver name in the connect string as dnldthin.
The following sections illustrate the differences in coding an applet for a JDK 1.1.1 browser compared with a JDK 1.0.2 browser.
If you are coding an applet for a JDK 1.1.1 browser, then import the JDBC interfaces from the java.sql package and load the Oracle JDBC Thin driver.
import java.sql.*;
public class JdbcApplet extends java.applet.Applet
{
Connection conn; // Hold the connection to the database
public void init()
{
// Register the driver.
DriverManager.registerDriver (new oracle.jdbc.driver.OracleDriver());
// Connect to the database.
conn = DriverManager.getConnection
("jdbc:oracle:thin:scott/tiger@www-aurora.us.oracle.com:1521:orcl");
...
}
}
In this example, the connect string contains the username and password, but you can also pass them as arguments to getConnection() after obtaining them from the user. For more information on connecting to the database, see "Opening a Connection to a Database".
If you are coding an applet for a JDK 1.0.2 browser, then import the JDBC interfaces from the jdbc.sql package, load the driver from the oracle.jdbc.dnlddriver.OracleDriver() class, and use the dnldthin sub-protocol in your connect string:
import jdbc.sql.*;
public class JdbcApplet extends java.applet.Applet
{
Connection conn; // Hold the connection to the database
public void init ()
{
// Register the driver
DriverManager.registerDriver (new oracle.jdbc.dnlddriver.OracleDriver());
// Connect to the database
conn = DriverManager.getConnection
("jdbc:oracle:dnldthin:scott/tiger@www-aurora.us.oracle.com:1521:orcl");
...
}
}
This section includes the following subsections:
The most common task of an applet using the JDBC driver is to connect to and query a database. Because of applet security restrictions, an applet can open TCP/IP sockets only to the host from which it was downloaded (this is the host on which the web server is running). This means that your applet can connect only to a database that is running on the same host as the web server. In this case, the applet can connect to the database directly; no additional steps are required.
However, a web server and an Oracle database server both require many resources; you seldom find both servers running on the same machine. Usually, your applet connects to a database on a host other than the one on which the web server runs. There are two possible ways in which you can work around the security restriction:
OR
This section begins with describing the most simple case, connecting to a database on the same host from which the applet was downloaded (that is, the same host as the web server). It then describes the two different ways in which you can connect to a database running on a different host.
If your database is running on the same host from which the applet was downloaded, then you can connect to the database by specifying it in your applet. You specify the database in the connect string of the getConnection() method in the DriverManager class.
There are two ways in which you can specify the connection information to the driver. You can provide it in the form of host:port:sid or in the form of a TNS keyword-value syntax.
For example, if the database to which you want to connect resides on host prodHost, at port 1521, and SID ORCL, and you want to connect with username scott with password tiger, then use either of the two following connect strings:
using host:port:sid syntax:
String connString="jdbc:oracle:thin:@prodHost:1521:ORCL"; conn = DriverManager.getConnection(connString, "scott", "tiger");
using TNS keyword-value syntax:
String connString = "jdbc:oracle:thin:@(description=(address_list=(address=(protocol=tcp)(port=1521)(host=prodHost))) (connect_data=(sid=ORCL)))"conn = DriverManager.getConnection(connString, "scott", "tiger");
If you use the TNS keyword-value pair to specify the connection information to the JDBC Thin driver, then you must declare the protocol as TCP.
If you are connecting to a database on a host other than the one on which the web server is running, then you must overcome the applet's security restrictions. You can do this by using either the Oracle8 Connection Manager or signed applets.
Oracle8 Connection Manager is a lightweight, highly-scalable program that can receive Net8 packets and re-transmit them to a different server. To a client running Net8, the Connection Manager looks exactly like a database server. An applet that uses the JDBC Thin driver can connect to a Connection Manager running on the web server host and have the Connection Manager redirect the Net8 packets to an Oracle server running on a different host.
Figure 5-1 illustrates the relationship between the applet, the Oracle8 Connection Manager, and the database.
Using the Oracle8 Connection Manager requires two steps that are described in these sections:
You must install the Connection Manager on the web server host. You install it from the Oracle8 distribution media. Please refer to the Net8 Administrator's Guide if you need more help to install the Connection Manager.
On the web server host you must create a CMAN.ORA file in the [ORACLE_HOME]/NET8/ADMIN directory. The options you can declare in a CMAN.ORA file include firewall and connection pooling support. Please refer to the Net8 Administrator's Guide for more information on the options you can enter in a CMAN.ORA file.
Here is an example of a very simple CMAN.ORA file. Replace <web-server-host> with the name of your web server host. The fourth line in the file indicates that the connection manager is listening on port 1610. You must use this port number in your connect string for JDBC.
cman = (ADDRESS_LIST =(ADDRESS = (PROTOCOL=TCP) (HOST=<cman_profile = (parameter_list =web-server-host>) (PORT=1610)))(MAXIMUM_RELAYS=512) (LOG_LEVEL=1)(TRACING=YES)(RELAY_STATISTICS=YES) (SHOW_TNS_INFO=YES) (USE_ASYNC_CALL=YES) (AUTHENTICATION_LEVEL=0) )
Note that the Java Net8 version inside the JDBC Thin driver does not have authentication service support. This means that the AUTHENTICATION_LEVEL configuration parameter in the CMAN.ORA file must be set to 0.
You can find a description of the options listed in the CMAN.ORA file in the Net8 Administrator's Guide.
After you create the file, start the Oracle8 Connection Manager at the operating system prompt with this command:
cmctl start
To use your applet, you must now write the connect string for it.
This section describes how to write the connect string in your applet so that the applet connects to the Connection Manager, and the Connection Manager connects with the database. In the connect string, you specify an address list that lists the protocol, port, and name of the web server host on which the Connection Manager is running, followed by the protocol, port, and name of the host on which the database is running.
The following example describes the situation illustrated in Figure 5-1. The web sever on which the Connection Manager is running is on host webHost and is listening on port 1610. The database to which you want to connect is running on host oraHost, listening on port 1521, and SID ORCL. You write the connect string in TNS keyword-value format:
Connection conn =DriverManager.getConnection ("jdbc:oracle:thin:" + "@(description=(address_list=" + "(address=(protocol=tcp)(host=webHost)(port=1610))" + "(address=(protocol=tcp)(host=oraHost)(port=1521)))" + "(source_route=yes)" + "(connect_data=(sid=orcl)))", "scott", "tiger");
The first element in the address_list entry represents the connection to the Connection Manager. The second element represents the database to which you want to connect. The order in which you list the addresses is important.
Notice that you can also write the same connect string in this format:
String connString ="jdbc:oracle:thin:@(description=(address_list= (address=(protocol=tcp)(port=1610)(host=webHost)) (address=(protocol=tcp)(port=1521)(host=oraHost))) (connect_data=(sid=orcl)) (source_route=yes))";Connection conn = DriverManager.getConnection(connString, "scott", "tiger");
When your applet uses a connect string such as the one above, it will behave exactly as if it were connected directly to the database on the host oraHost.
For more information on the parameters that you specify in the connect string, see the Net8 Administrator's Guide.
Your applet can reach its target database even if it first has to go through multiple Connection Managers (for example, if the Connection Managers form a "proxy chain"). To do this, add the addresses of the Connection Managers to the address list, in the order that you plan to access them. The database listener should be the last address on this list. See the Net8 Administrator's Guide for more information about source_route addressing.
If your browser supports JDK 1.1.x, (for example, Netscape 4.0), then you can use signed applets. Signed applets can request socket connection privileges to other machines. To set this up, you must:
http://java.sun.com/security/signExample/index.html
If you are using Netscape, then your code would include a statement like this:
netscape.security.PrivilegeManager.enablePrivilege("UniversalConnect");Connection conn = DriverManager.getConnection(...);
For more information on writing applet code that asks for permissions, see Netscape's Introduction to Capabilities Classes at:
http://developer.netscape.com/docs/manuals/signedobj/capabilities/contents.htm
http://developer.netscape.com/software/signedobj/index.html
for information on obtaining and installing a certificate.
For a complete example of a signed applet that uses the Netscape Capabilities classes, see "Creating Signed Applets".
Under normal circumstances, an applet that uses the JDBC Thin Driver cannot access the database through a firewall. In general, the purpose of a firewall is to prevent requests from unauthorized clients from reaching the server. In the case of applets trying to connect to the database, the firewall prevents the opening of a TCP/IP socket to the database.
You can solve this problem by using a Net8-compliant firewall and connect strings that comply with the firewall configuration. Net8-compliant firewalls are available from many leading vendors; a more detailed discussion of these firewalls is beyond the scope of this manual.
An unsigned applet can access only the same host from which it was downloaded. In this case, the Net8-compliant firewall must be installed on that host. In contrast, a signed applet can connect to any host. In this case, the firewall on the target host controls the access.
The following sections describe these topics:
Firewalls are rule-based. They have a list of rules that define which clients can connect, and which cannot. Firewalls compare the client's hostname with the rules, and based on this comparison, either grant the client connect access or not. If the hostname lookup fails, the firewall tries again. This time, the firewall extracts the IP address of the client and compares it to the rules. The firewall is designed to do this so that users can specify rules that include hostnames as well as IP addresses.
Connecting through a firewall requires two steps that are described in the following sections:
The instructions in this section assume that you are running a Net8-compliant firewall.
Java applets do not have access to the local system (that is, they cannot get the hostname locally or environment variables) because of security limitations. As a result, the JDBC Thin driver cannot access the hostname on which it is running. The firewall cannot be provided with the hostname. To allow requests from JDBC Thin clients to go through the firewall, you must do the following two things to the firewall's list of rules:
__jdbc__" never appears in the firewall's rules. This hostname has been hard-coded as a bogus hostname inside the driver to force an IP address lookup. If you do enter this hostname in the list of rules, then every applet using Oracle's JDBC Thin driver will be able to go through your firewall.
By not including the Thin driver's hostname, the firewall is forced to do an IP address lookup and base its access decision on the IP address and not on the hostname.
To write a connect string that allows you to connect through a firewall, you must specify the name of the firewall host and the name of the database host to which you want to connect.
For example, if you want to connect to a database on host oraHost, listening on port 1521 and SID ORCL, and you are going though a firewall on host fireWallHost, listening on port 1610, then use the following connect string:
Connection conn =DriverManager.getConnection ("jdbc:oracle:thin:" + "@(description=(address_list=" + (address=(protocol=tcp)(host=<firewall-host>)(port=1610))" + "(address=(protocol=tcp)(host=oraHost)(port=1521)))" + "(source_route=yes)" + "(connect_data=(sid=orcl)))", "scott", "tiger");
The first element in the address_list represents the connection to the firewall. The second element represents the database to which you want to connect. Note that the order in which you specify the addresses is important.
Notice that you can also write the preceding connect string in this format:
String connString ="jdbc:oracle:thin:@(description=(address_list= (address=(protocol=tcp)(port=1600)(host=fireWallHost)) (address=(protocol=tcp)(port=1521)(host=oraHost))) (connect_data=(sid=orcl)) (source_route=yes))";Connection conn = DriverManager.getConnection(connString, "scott", "tiger");
When your applet uses a connect string similar to the one above, it will behave as if it were connected to the database on host oraHost.
For more information on the parameters used in the above example, see the Net8 Administrator's Guide. For more information on how to configure a firewall, please see your firewall's documentation or contact your firewall vendor.
After you have coded your applet, you must package it and make it available to users. To package an applet you need your applet classes files and the JDBC driver classes file (this will be either classes111.zip if you are targeting the applet to a browser running JDK 1.1.1, or classes102.zip if you are targeting the applet to a browser running JDK 1.0.2).
Follow these steps:
classes111.zip (or classes102.zip) to an empty directory.
If you are targeting a browser running the JDK 1.0.2, then DELETE the packages listed in the left-hand column of the following table. Next, ensure that the packages listed in the right-hand column are present. All of the packages listed in the table are included in the JDBC distribution.
.jar) file.
To target a browser running the JDK 1.1.1, the single zip file should contain:
classes111.zip
oracle/jdbc/driver/OracleDatabaseMetaData.class file. Note that this file is very large and might have a negative impact on performance. If you do not use DatabaseMetadata entry points, omit this file.
To target a browser running the JDK 1.0.2, the single zip file should contain:
.jar) file is not compressed.
You can now make the applet available to users. One way to do this is to add the APPLET tag to the HTML page from which the applet will be run. For example:
<APPLET WIDTH=500 HEIGHT=200 CODE=JdbcApplet ARCHIVE=JdbcApplet.zipCODEBASE=Applet_Samples</APPLET>
You can find a description of the APPLET, CODE, ARCHIVE, CODEBASE, WIDTH, and HEIGHT parameters in the next section.
The APPLET tag specifies an applet that runs in the context of an HTML page. The APPLET tag can have these parameters: CODE, ARCHIVE, CODEBASE, WIDTH, and HEIGHT to specify the name of the applet and its location, and the height and width of the applet display area. These parameters are described in the following sections.
The HTML page that runs the applet must have an APPLET tag with an initial width and height to specify the size of the applet display area. You use the HEIGHT and WIDTH parameters to specify the size, measured in pixels. This size should not count any windows or dialogs that the applet opens.
The APPLET tag must also specify the name of the file that contains the applet's compiled Applet subclass. You specify the file name with the CODE parameter. Any path must be relative to the base URL of the applet. The path cannot be absolute.
In the following example, JdbcApplet.class is the name of the Applet's compiled applet subclass:
<APPLET CODE="JdbcApplet" WIDTH=500 HEIGHT=200> </APPLET>
If you use this form of the CODE tag, then the classes for the applet and the classes for the JDBC Thin driver must be in the same directory as the HTML page.
Notice that in the CODE specification, you do not include the file name extension ".class".
The CODEBASE parameter is optional and specifies the base URL of the applet; that is, the name of the directory that contains the applet's code. If it is not specified, then the document's URL is used. This means that the classes for the applet and the JDBC Thin driver must be in the same directory as the HTML page. For example, if the current directory is my_Dir:
<APPLET WIDTH=500 HEIGHT=200 CODE=JdbcApplet CODEBASE="." </APPLET>
The entry CODEBASE="." indicates that the applet resides in the current directory (my_Dir). If the value of codebase was set to Applet_Samples, for example:
CODEBASE="Applet_Samples"
then this would indicate that the applet resides in the my_Dir/Applet_Samples directory.
The ARCHIVE parameter is optional and specifies the name of the archive file (either a .zip or .jar file) that contains the applet classes and resources the applet needs. Oracle recommends the use of a .zip file, which saves many extra roundtrips to the server.
The .zip (or .jar) file will be preloaded. If you have more than one archive in the list, separate them with commas. In the following example, the class files are stored in the archive file JdbcApplet.zip:
<APPLET CODE="JdbcApplet" ARCHIVE="JdbcApplet.zip" WIDTH=500 HEIGHT=200> </APPLET>
The communication between an applet that uses the JDBC Thin driver and the Oracle database happens on top of Java TCP/IP sockets.
In a JDK 1.0.2-based web browser, such as Netscape 3.0, an applet can open sockets only to the host from which it was downloaded. For Oracle8 this means that the applet can only connect to a database running on the same host as the web server. If you want to connect to a database running on a different host, then you must connect through the Oracle8 Connection Manager. For more information, see "Using the Oracle8 Connection Manager".
In a JDK 1.1.1-based web browser, such as Netscape 4.0, an applet can request socket connection privileges and connect to a database running on a different host from the web server host. In Netscape 4.0 you perform this by signing your applet (that is, writing a signed applet), then opening your connection as follows:
netscape.security.PrivilegeManager.enablePrivilege("UniversalConnect");connection = DriverManager.getConnection("jdbc:oracle:thin:scott/tiger@dlsun511:1721:orcl");
Please refer to your browser documentation for more information on how to work with signed applets. You can also refer to "Using Signed Applets".
