Middleware
Application Server
How-To : Using ORMI/SSL with OC4J
Date: 1/18/06
Author: Jeff Trent/Debu Panda
Introduction
OC4J supports ORMIS using two certificate stores namely Java KeyStore and Oracle Wallet. In this tutorial.This tutorial demonstrates Oracle's support for using RMI/SSL (ORMIS) for looking up remote objects using both mechanisms. Configuring certificate using either Java keytool or Oracle Wallet Manager is beyond the scope of this article. This example includes pre-configured certificates for demonstration purpose.
Configuring OC4J to use ORMIS
To enable, ORMIS you have to make the following changes in the config/rmi.xml
- Configure the ORMIS port. The default ORMIS port is 23793.
<rmi-server xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/rmi-server-10_0.xsd" port="23791" ssl-port="23943" <!—the default SSL server port for OC4J --> schema-major-version="10" schema-minor-version="0">
<port id="rmis" range="12701-12800"/>
- Configure keystore. You can either use Java Keystore or Oracle Wallet based certificates but you cannot enable both of them. You have to add the following element in the rmi.xml:
<ssl-config keystore="location-to-the-keystore" keystore-password="server-key-password"/> - OC4J needs to be restarted after making these changes.
Client side requirement
You need the following in the client-side to use ORMIS protocol:
- You have to provide the client-side certificate information i.e. location of client key and key password as JVM arguments. For example, you have to run the client as follows:
java -Djavax.net.ssl.keyStore=etc\keystore\client.ks -Djavax.net.ssl.keyStorePassword=clientkey HelloClient - You have use
ormisprotocol in the provider URL as follows in the standalone:
java.naming.provider.url=ormis://localhost/helloworld
If you are using a OracleAS install then make sure that your providerURL includes opmn:ormis format as follows:java.naming.provider.url=opmn:ormis//localhost:6003:home/ORMIS
What you need to know
- Java Key tool and/or Oracle Wallet
- RMI
For further information on OC4J, see the following documents on OTN:
- Link to other OC4J Howto's on OTN
Software Requirements
This demonstration requires that the following software components are installed and configured correctly:
- Oracle Application Server 10g (10.1.3)
- Sun JDK version 1.4.1 or above, available
here - Any HTML browser like Mozilla, Microsoft Internet Explorer, Netscape, etc.
Notations
- %ORACLE_HOME% - The directory where you installed the Oracle Application Server 10g (10.1.3)
- %JAVA_HOME% - The directory where your JDK is installed
- %HOWTO_HOME% - The directory where this demo is unzipped
Building the Application
The configuration files are located in the %HOWTO_HOME%/etc directory, including deployment descriptor files such as application.xml.
To run the sample application on a standalone instance of Oracle Application Server 10g 10.1.3 , follow these steps:
1. Examine the Sample File Directories
- build - temporary directory created during the build
- log - temporary directory holding build/deploy logs
- etc - all necessary files to package the application
- lib - holds the application archives that could be deployed
- doc - the How-to document and Javadoc's
-
- how-to-ORMIS.html - this How-to page
- src - the source of the demo
- ejb - contains the sample session bean and client code
2. Configure the Environment
Ensure the following environment variables are defined:
- %ORACLE_HOME% - The directory where you installed OC4J.
- %JAVA_HOME% - The directory where you installed the J2SE 5.0
- %PATH% - Must include %ORACLE_HOME%\ant\bin
Configure ORMIS
For using ORMIS, you must configuration changes in the %ORACLE_HOME%/j2ee/home/config/rmi.xml to specify the ORMI/SSL port and key store configuration.
- Configure the ORMIS port. The default ORMIS port is 23793.
<rmi-server xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/rmi-server-10_0.xsd" port="23791" ssl-port="23943" <!—the default SSL server port for OC4J --> schema-major-version="10" schema-minor-version="0"> - Configure keystore. You can either use Java Keystore or Oracle Wallet based certificates but you cannot enable both of them. You have to add the following element in the rmi.xml.
<ssl-config keystore="location-to-the-keystore" keystore-password="server-key-password"/>
<ssl-config keystore="../wallets/wallet-server-a/ewallet.p12" keystore-password="serverkey-a"/>
3. Start the Oracle Application Server 10g
Start OC4J stand alone using the following command after you make the above changes.
>%ORACLE_HOME%/bin/oc4j -start
If you are using an OracleAS managed install, start using the following command after you make the above changes.
> %ORACLE_HOME%/opmn/bin/opmnctl startall
4. Generate, Compile, and Deploy the Application
Ant 1.6.2 is shipped with OC4J and you have to set your PATH environment variable to $ORACLE_HOME/ant/bin. On some operating systems, Ant does not currently support the use of environment variables. If this is the case for your operating system, please modify the ant-oracle.xml file located in the %HOWTO_HOME% directory.
Edit ant-oracle.properties (in the demo directory) and ensure the following properties are set to the correct values, as indicated below for OC4J standalone:
- oc4j.host: host where OC4J is running
(default localhost) - oc4j.admin.port: RMI port number (default 23791)
- oc4j.admin.user: admin user name (default oc4jadmin)
- oc4j.admin.password: admin user password (default welcome)
- oc4j.binding.module: website name where deployed web modules are bound (default http-web-site)
If you are using OracleAS managed install then you have appropriately change the following properties beside changing oc4j.admin.user and oc4j.admin.password for your managed OC4J instance in OracleAS install.
- opmn.host: the hostname/IP where OracleAS is running
(default localhost) - opmn.port: OPMN request port (default 6003) for the OracleAS install
- oc4j.instance: admin user name (default oc4jadmin)
You have to uncomment appropriate deployer.uri in the ant-oracle.properties and make changes based on your environment i.e. a single instance OC4J or a clustered OC4J instance/group managed by OPMN .
You have to make changes in jndi.properties such as provider.url, principal and credential appropriate to your environment. If you are using OracleAS install, you have to use provider.url in the following format: opmn:ormis://localhost:6003:home/ORMIS.
To build the application, type the following command from the %HOWTO_HOME% directory:
>ant
You should now have the newly created ORMIS.ear in your %HOWTO_HOME%/lib directory.
This command will attempt to deploy the application archive if the build is successful. It will first test whether OC4J is running before attempting the deployment operation.
Note that you can also deploy the application separately . Ensure the %ORACLE_HOME% environment variable is defined, and from the %HOWTO_HOME% directory, type the command:
>ant deploy
5. Run the Application
Run the sample by running the command. Please make sure to change the jndi.properties file for any changes specific to your environment as we described in Client Side requirement section. Change the ant-oracle.xml to have appropriate Oracle Wallet information for your clients if you are not using the default client wallet shipped with the demo.
ant run
You will get the following output:
[java] client started...
[java] using ormis://localhost/helloworld
[java] Hello Scott
Summary
In this document, you should have learned :
- How to use ORMI/SSL with OC4J
- Deploy and run a simple application that uses ORMI/SSL
Printer View