J2EE Doc Bundle Home

Java

Java TM 2 SDK, Enterprise Edition 1.3.1 Configuration Guide

Japanese

 


Contents

Introduction

TM config

In most cases, you won't have to make any changes to the properties files. However, if you wish to use a database driver other than Cloudscape, you'll need to follow the instructions in the next section.

JDBC TM Drivers

config/resource.propertiesPort Numberscloudscape

If your enterprise beans use the JDBC API to access a database other than Cloudscape, then you must configure the JDBC drivers according to the instructions in the sections that follow. (If you aren't sure if this release supports your JDBC driver, see the Supported Databases and JDBC Drivers section of the Release Notes.)

Note: After you configure a JDBC driver you must restart the J2EE server for the new configuration to take effect.

Driver Location

$J2EE_HOME/lib/systemjava.security.AllPermissionJ2EE_CLASSPATH

J2EE_CLASSPATH

J2EE_CLASSPATHJ2EE_CLASSPATHbin/userconfig.shbin\userconfig.bat

About XA Datasource Support

The instructions that you follow depend on whether or not your driver supports XA datasources:

 

Release Notes

Drivers Without XA Datasource Support

Syntax:

 

         
j2eeadmin -addJdbcDriver <class name>
      

 

         
j2eeadmin -addJdbcDriver oracle.jdbc.driver.OracleDriver
      
DataSource

Syntax:

 

         
j2eeadmin -addJdbcDatasource <jndi name> <url>
      

 

         
j2eeadmin -addJdbcDatasource jdbc/Oracle 
jdbc:oracle:thin@rtc:1521:acct
      
DataSource

3. Update the J2EE_CLASSPATH. (See the J2EE_CLASSPATH section.)

4. Restart the J2EE server.

Drivers with XA Datasource Support

DataSource

Syntax:

 

         
j2eeadmin -addJdbcXADatasource <jndi name> 
         
<class name> 
         
[<xa user name> <xa password>] 
         
[-props (<name>=<value>)+]
      

 

         
j2eeadmin -addJdbcXADatasource jdbc/XAMerant
         
com.merant.sequelink.jdbcx.datasource.SequeLinkDataSource
         
buzz xhfu5k3t
         
-props serverName=myserver portNumber=19996
      
J2EE_CLASSPATHJ2EE_CLASSPATH

3. Restart the J2EE server.

An Example resource.properties for Oracle

config/resource.properties

 

         
jdbcDataSource.0.name=jdbc/Oracle
         
jdbcDataSource.0.url=jdbc:sequelink://anybodys.eng.sun.com:19996
         
jdbcDriver.0.name=com.merant.sequelink.jdbc.SequeLinkDriver
         
jdbcXADataSource.0.name=jdbc/Merant
         
jdbcXADataSource.0.classname=com.merant.sequelink.jdbcx.datasource.
SequeLinkDataSource
         
jdbcXADataSource.0.dbpassword=
         
jdbcXADataSource.0.dbuser=
         
jdbcXADataSource.0.prop.serverName=anybodys
         
jdbcXADataSource.0.prop.portNumber=19996
         
jmsCnxFactory.0.name=QueueConnectionFactory
         
jmsCnxFactory.0.isQueue=true
         
jmsCnxFactory.1.name=TopicConnectionFactory
         
jmsCnxFactory.1.isQueue=false
         
jmsCnxFactory.2.name=jms/QueueConnectionFactory
         
jmsCnxFactory.2.isQueue=true
         
jmsCnxFactory.3.name=jms/TopicConnectionFactory
         
jmsCnxFactory.3.isQueue=false
         
jmsDestination.0.name=jms/Queue
         
jmsDestination.0.isQueue=true
         
jmsDestination.1.name=jms/Topic
         
jmsDestination.1.isQueue=false
      

Transactions

config/default.properties

The distributed.transaction.recovery Property

The value of this property may be either true or false. When the J2EE SDK is first installed, the value is false:

 

         
distributed.transaction.recovery=false
      

The transaction.timeout Property

transaction.timeout

 

         
transaction.timeout=5
      

When J2EE SDK is first installed, the timeout value is set to 0:

 

         
transaction.timeout=0
      

Only enterprise beans with container-managed transactions are affected by the transaction.timeout property. For enterprise beans with bean-managed, JTA transactions, you invoke the setTransactionTimeout method of the UserTransaction interface. You also invoke the setTransactionTimeout method for other components, such as servlets and JSP pages, that demarcate transactions with the UserTransaction interface.

Port Numbers

TM config

 

Cloudscape Port

1. Edit the bin/cloudscape script ( bin\cloudscape.bat on Windows):

a. In the -start portion of the script, insert the port number:

 

         
. . . RmiJdbc.RJJdbcServer -port 1088. . .
      
-stop

 

         
jdbc:rmi://localhost:1088/jdbc:cloudscape:
      
-isql

2. In the config/resource.properties file, make this change:

 

         
jdbcDataSource.0.url=jdbc:cloudscape:rmi://localhost:1088/
CloudscapeDB;create=true
      
build.xml

 

         
  bank/build.xml
         
  examples/src/build.xml
      

Log Files

 

         
$J2EE_HOME/logs/<host>
      
<host>

J2EE Log Files

 

         
$J2EE_HOME/logs/<host>/j2ee/j2ee
      

 

         
system.out
         
system.err
         
event.log
         
output.log
         
error.log
         
audit.log
      
system.outsystem.errSystem.outSystem.errj2eeverbosestdoutstderrsystem.outsystem.erraudit.logauditconfig/auth.propertiestrue

Web Log Files

 

         
$J2EE_HOME/logs/<host>/web
      
catalina

JMS Log Files

 

         
$J2EE_HOME/logs/<host>/jms/jms
      

 

         
error.log
         
event.log
         
output.log
      

Security

Unauthenticated User Name

In the J2EE SDK the unauthenticated user is called a guest and has the password guest123. You can modify the name of the unauthenticated user and password by modifying the following entries in the auth.properties file:

 

         
default.principal.name=guest
         
default.principal.password=guest123
      

ANYONE Role

ANYONEANYONEdeploytoolANYONEanyone.role.nameauth.properties

Using Keystores with SSL Protocol

The J2EE SDK provides a default server keystore called the keystore.jks and a default client keystore called the clientkeystore.jks. These files are in the J2EE SDK distribution's $J2EE_HOME/lib/security directory.

Another required keystore is the cacerts.jks file. This file must contain the public key certificates of the Certificate Authority or the client's public key certificate at the time the server is authenticating the client. The J2EE SDK provides a default cacerts.jks file, which resides in the $J2EE_HOME/lib/security directory.

Typically, a keystore file is protected by a password. The default value for this password is changeit for the default keystore.jks, clientkeystore.jks, and cacerts.jks files.

Authentication with SSL

Normal Authentication

To enable SSL authentication for an enterprise bean, select the bean in the Tree view (the left panel) of the deploytool primary window and click on the Security tab. In the Security inspector in the right panel, click on Deployment Settings. Select the SSL Required check box in the Deployment Settings dialog. This will encrypt the session between the client and the bean with the server authenticating itself to the bean.

Run the application client using the runclient script.

Mutual Authentication

To start mutual SSL authentication, select the bean in the Tree view (the left panel) of the deploytool primary window and click on the Security tab. In the Security inspector in the right panel, click on Deployment Settings. Select the SSL Required check box in the Deployment Settings dialog as in normal SSL authentication. While in the Deployment Settings dialog, select the Certificate radio button in the Client Authentication pane. This will cause the application client to authenticate itself to the server.

For mutual SSL authentication, the path to the client's keystore file must be provided by setting the following system property in the VMARGS environment variable:

 

         
-Dcom.sun.enterprise.keyStore=$J2EE_HOME/lib/security/
clientkeystore.jks 
      

 

         
-Dcom.sun.enterprise.loginMech=ssl 
      
runclientchangeit

Troubleshooting Mutual Authentication

 

  • Check if the client certificate has been imported into the cacerts file of the server.

  • Check to see if the client is running with the environment options listed here.

Checking That Mutual Authentication Is Running

1. In the setenv.sh (UNIX) or setenv.bat (Windows) file, find SSL_OPTIONS and turn on the debug tracing property in either of the following ways:

 

         
-Djavax.net.debug=ssl,handshake
      

 

         
-Djavax.net.debug=all
      
verbose

3. Look for the following messages that verify that mutual authentication is running:

 

         
certificate client_to_server 
         
client_key_exchange client_to_server 
         
client_verify client_to_server 
      

Procedures for Creating Custom Certificates

keytoolkeytoolbin

Creation of a Server Certificate

1. Use the following instruction:

 

         
keytool -genkey -keyalg RSA -alias server -keystore keystore.jks
      
changeitkeytool -storepasswdkeytool -help

2. Enter your information for the following prompts:

 

  • Name: J2EE

  • Organization: Java Software

  • Company Name: Sun Microsystems, Inc.

  • Locality: Cupertino

  • State: California

  • Country: US
realmtool

 

         
keytool -keystore keystore.jks -export -alias server -file 
keystore.cer 
      
cacerts.jks

 

         
keytool -import -alias serverCA -keystore $J2EE_HOME/lib/security/
cacerts.jks -file keystore.cer
      
keystore.jks$J2EE_HOME/lib/security

Note: The default server certificate is already prepared. You do this only if you wish to replace the default server certificate.

Creating a Client Certificate

1. Use keytool to create a server certificate in a keystore file of your choice:

 

         
keytool -genkey -keyalg RSA -alias MyClientAlias -keystore 
mykeystore.jks
      
changeit

2. Export the new client certificate from the keystore to a certificate file:

 

         
keytool -keystore mykeystore.jks -export -alias MyClientAlias -file 
myclientcert.cer
      
cacerts.jks

 

         
keytool -import -alias j2eeCA -keystore $J2EE_HOME/lib/security/
cacerts.jks -file myclientcert.cer
      

 

         
realmtool -import myclientcert.cer
      
mykeystore.jks$J2EE_HOME/lib/security/clientkeystore.jks

Miscellaneous Commands for Certificates

 

         
keytool -list -keystore keystore.jks -alias server -v
      

 

         
keytool -list -keystore cacerts.jks
      

PKCS12 Support in the J2EE SDK

 

         
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/.
      

Generating a PKCS12 File

1. Open Netscape

2. Click on the security icon

3. Under Certificates, Click on Yours.

4. If there is a certificate, export it. Otherwise, click Get a Certificate.

A certificate will be exported to PKCS12 format.

Using a PKCS12 Key in the J2EE SDK

.jkskeytool -pkcs12.jks

The command for the conversion is:

 

         
keytool -pkcs12 -pkcsFile fileName -pkcsKeyStorePass password -
pkcsKeyPass password -jksFile outputFileName -jksKeyStorePass 
password
      
.jks

Memory Threshold for Passivation

passivation.threshold.memoryconfig/default.properties

 

         
passivation.threshold.memory=128000000
      

JMS Settings

config

default.properties

 

jms_service.properties

 

jms_client.properties

 

 



Copyright © 2002 Sun Microsystems, Inc. All rights reserved.

TABLE 1 Java TM 2 SDK, Enterprise Edition Ports
Service
Using the Port

 

Default
Port Number

 

Properties File

 

Default Entry
in Properties File

 

Description

 

EJB 9191 ejb.properties http.port=9191 The EJB service uses this port to download stub classes to clients.
HTTP 8000 web.properties http.port=8000 The HTTP service uses this port to service requests.
HTTPS 7000 web.properties https.port=7000 The HTTPS service uses this port to service requests.
Naming and Directory 1050 orb.properties port=1050 The ORB (Object Request Broker) underlying the JNDI name server uses this port.
 
Property Name

 

Description

 

messagebean.pool.size Specifies the maximum number of instances of an mdb type. You cannot specify different pool sizes for different mdb types.
messagebean.max.serversessionmsgs Normally, when traffic is light, a ConnectionConsumer gets a ServerSession from its pool, loads it with a single message, and starts it. As traffic picks up, messages can back up. If this happens, a ConnectionConsumer can load each ServerSession with more than one message. This reduces the thread context switches, and minimizes resource use at the expense of some serialization of message processing. This release only supports the value 1.
 
Property Name

 

Description

 

com.sun.jms.internal.java.naming.* Specifies the JNDI provider.
com.sun.jms.client.transport_preference Specifies the service used by the clients to communicate with the JMS service. The only supported value is IIOP. This value should not be modified.
com.sun.jms.service.bindAdministeredObjects Specifies whether or not the service should bind two default ConnectionFactory objects. This value should not be modified.
com.sun.jms.service.jdbc.* Specifies the JDBC provider. Currently set to Cloudscape, these values should not be modified.
com.sun.jms.default.loglevel Specifies the default log level. Valid settings are SEVERE, WARNING, INFO, FINE, FINER, FINEST
com.sun.jms.service.client_reaper_interval Specifies in minutes how often the JMS service should look for clients that have not closed their resources properly.
 
Property Name

 

Description

 

com.sun.jms.internal.java.naming.* Specifies the JNDI provider.
com.sun.jms.client.transport_preference Specifies the service used by the clients to communicate with the JMS service. The only supported value is IIOP. This value should not be modified.
com.sun.jms.default.loglevel Specifies the default log level. Valid settings are SEVERE, WARNING, INFO, FINE, FINER, FINEST
 
Left Curve
Java SDKs and Tools
Right Curve
Left Curve
Java Resources
Right Curve
VTS OnDemand RHS Banner





Duke's Choice RHS Banner

JavaOne 2014 Replay banner