Oracle Portal Development Kit Technical FAQ

Oracle9iAS Portal Developer Kit
Frequently Asked Questions - Technical

FUNDAMENTALS

What are portlets?

A Portlet is a contained area of a portal page that can be rendered in HTML or any other browser-capable technology.

What types of portlets can I create?

There are three types of portlets:

Built-in portlets. Oracle9iAS Portal provides a set of built-in portlets with ready-to-use functionality for web application development, web publishing and external site integration.
PL/SQL portlets. Implemented as stored procedures and executed in the database. Can be written in PL/SQL or Java Stored Procedures wrapped in PL/SQL.
Java portlets. Implemented using any web-capable language on a web server external to the Portal. The PDK-Java includes Java classes to make building Java portlets easier.

What are providers?

Providers are the communication link between the Portal framework and portlets. Use Database Providers for creating PL/SQL portlets that reside in the database and use Web Providers for creating Java portlets that exist on remote web sites.

ARCHITECTURE

What does the architecture of Oracle9iAS Portal look like?

Oracle9iAS Portal is based on a three-tier architecture: browser, middle-tier (iAS), and database (which hosts the Portal Server). The browser is the only component required on the client.

The middle-tier, iAS, contains the web server and Portal middleware services. These middleware services include ModPLSQL (formerly the PL/SQL gateway) and the Parallel Servlet.

The Portal Server is comprised of the Portal framework services, its data definitions, and a Login Server.

What is ModPLSQL?

ModPLSQL (formerly the PL/SQL Gateway) is an Apache plug-in used to communicate with the database. It maps browser requests into database stored procedure calls over a SQL*Net connection.

What is the Parallel Servlet?

The Parallel Servlet is a Java Servlet used to gather portlets and assemble them into a single page based on information from the Portal Server. This assembled page is sent back to the browser.

What is the Portal Server?

The Portal Server is the repository for all information required to manage and execute the Portal. It includes page metadata, provider and security information, user customization, preferences, etc. as well as a set of PL/SQL procedures used to store and retrieve this information.

How can I scale this model?

Caching provides significant performance improvements. Both pages and individual portlets can be cached on the middle-tier so that they approach the performance of serving flat files.

You can scale the middle-tier by installing multiple instances of iAS to distribute request load. These instances can be fronted by a router to act as a single virtual web server.

You can also install multiple nodes of the Portal Server to distribute database load over multiple machines. These nodes can share a single Login Server and data definitions so that they can act as one virtual Portal Server.

What are the key components of a Portal Server?

Each Portal Server is located inside an Oracle database as stored procedures and database objects. It is comprised of :

These components are explained in the Page Request Flow section.

What framework services are provided?

The Portal framework includes the following services:

End-user personalization - Stores settings for portlet behavior.
Session storage - Stores temporary information used by portlets and applications during the current user session.
Context - Provides connection information about the current user session.
Security - Allows programmatic assignment and validation of user credentials.
NLS - Provides framework for supporting for multiple languages. Does not perform actual translations.
Logging - Facilitates recording events.
Error handling - Allows for consistent display of error messages.

What is caching?

Caching enhances website performance by storing a static version of the portlet or Oracle 9iAS Portal page in the file system. It then can display this information quickly without having to re-query the Oracle database to retrieve the same information multiple times.

What is the difference between Validation and Expires-Based Cache?

Validation-based cache and Expires-based cache provides Oracle9iAS Portal with two methods of caching in the PL/SQL Portlets.

Validation based cache - Compares a key value to verify if the cache is still valid. If the key value has not altered, then it uses the cached content. It makes a round trip to the portal node to fetch the portal content.
Expires based cache - Is where an expiration period is used to cache for rendering the portlet.

JAVA PORTLETS

When should I use Java portlets?

You should use Java portlets to integrate external web content or when you have experience developing using web technologies.

What languages can I use to create a Java portlet?

You can use any web-capable language to create a Java portlet. This includes Java technologies (servlets, Java Server Pages), CGI technologies (C, Perl, etc.), Active Server Pages, etc. The PDK-Java includes Java services that facilitate building Java portlets in Java technologies.

How do Web Providers communicate with Oracle9iAS Portal?

Web Providers use SOAP, an XML-based format, to communicate with Oracle9iAS Portal over HTTP.

How do I create a Java portlet?

To create a Java portlet in Java technologies, you can use the Java classes provided in the PDK-Java. These classes establish the relationship between the Portal and the external Web Provider, abstracting the SOAP-based communication mechanism.

To create a Java portlet in other technologies, you can write scripts to parse and return the SOAP-based messages the Portal requires.

As with PL/SQL portlets, you also need to register the provider and refresh the portlet repository.

Why do I register providers?

This registration is required to make the provider and its portlets visible to the users of the portal.

PL/SQL PORTLETS

When should I use PL/SQL portlets?

You should use PL/SQL portlets whenever your portlets require significant database interaction or when the development team has Oracle experience.

How do I create a PL/SQL portlet?

To create a PL/SQL portlet :

Create a Database Provider by creating a package that exposes methods required by the API to display portlets accordingly.
Code the portlet producing any technology that can be rendered within an HTML table cell, including HTML, JavaScript, applets and certain plug-ins.
Register the provider with the Portal before it can be accessed and used. This step refreshes the portlet repository.
Refresh the portlet repository which stores information for the providers and portlets that the provider owns. You will need to do this manually if you change portlet information after registering your provider.

Why do I register providers?

This registration is required to make the provider and its portlets visible to the users of the portal.

What are Show Modes?

Each Show Mode renders the portlet in a different way exposing a different piece of functionality. For example, clicking the Help link on a portlet displays the Help Show Mode.

What are the various Show Modes?

Below is a list of the different show modes:

show - displays the regular content of the portlet.
edit - allows users to customize the portlet. Customization can be user specific or for all users.
help - allows users to receive help information about the portlet.
about - allows users to view information about the portlet such as version or copyright information.
details - allows users to display a more detailed version of the portlet full screen.
edit defaults - allows default settings of that portlet to be changed.
preview - allows users to preview the portlet before adding it to the page.

PAGE REQUEST FLOW

How does the browser retrieve a Portal page?

A page request is received by iAS (Internet Application Server) which is powered by Apache. It interprets the request and calls the Portal Server to retrieve the page definition. The page definition is passed back to the Parallel Servlet on the middle tier which in turn calls the appropriate portlets, assembles the final page, and returns it to the browser.

Note that various levels of caching may come in to play here. If caching is turned on, the middle-tier always looks for a cached version of a page or portlet before trying to rebuild it.

What does the Portal Server do?

When a page is requested, the Portal Server provides the Parallel Servlet with all of the information needed to build the page.

What does the Parallel Servlet do?

Once the Parallel Servlet has received the page definition from the Portal, it fetches the portlets listed in the page definition. It makes all the necessary provider calls in parallel and assembles the results into a Portal page, which is then returned to the browser.

Note that there is a timeout setting for portlet calls. If a provider does not return results for a portlet within that time period, that portlet is not displayed.

What is the page definition?

The page definition contains all the data needed to construct a Portal page. It contains all the information needed to retrieve the individual Portlets on that page, as well as the layout of that page. This metadata is returned to the Parallel Servlet for processing.

SECURITY

How does Oracle9iAS Portal incorporate the Login Server?

The Login Server, Oracle's unified Single Sign-On (SSO) solution is bundled with Oracle9iAS Portal3.0.

What are the features provided by using the Login Server?

With this solution, users do not have to login separately to multiple applications or track multiple passwords. The Oracle9iAS Portal SSO solution involves cookie-based user authentication from a centralized Login Server.

For Partner Applications, users can be validated with the aid of third-party credential repositories like an LDAP server. The Login Server also performs user mapping and proxy login for External Applications. This allows you to login to External Applications without having to type a username and password.

It includes rules for password creation/expiration and account lockouts.

What are Partner Applications?

Partner applications use the Login Server to authenticate users. In essence, they replace their existing authentication mechanism with a call to the login server. If the user has already authenticated with the login server, the application is notified and the user is allowed in. If not, the Login Server issues an authentication challenge and upon receipt of valid credentials, notifies the application.

What are External Applications?

External Applications are applications that do not explicitly integrate with the Login Server. They continue to maintain their own authentication mechanism and usernames/passwords. The Login Server stores these username/passwords at the user's discretion and can act as a proxy to log into these applications. Note that links to external applications must go to the Login Server, which in turn calls the application with the log in credentials.

What are Portal Applications?

Portal Applications are applications are accessed only through the Portal. Like Partner applications these share the same identity of the user with the Login Server. However they trust the Portal's assertion of the user identity and do no authentication of their own.

How are cookies implemented in Oracle9iAS Portal?

Oracle9iAS Portal uses two different types cookies. The first, a non-persistent SSO cookie in the browser's memory, is set whenever user is authenticated by the Login Server. In subsequent transactions with protected Portal pages, this SSO cookie identifies the user.

The second cookie, another non-persistent cookie called the application session cookie, is set when the user accesses an application through a portlet. This is again a non-persistent cookie that stores a mapping to the session information. There is one application session cookie for each partner application of the Login Server.

What are the ramifications of accepting cookies in a portal?

The user has to enable cookies for enabling SSO in their portal. Any access to partner or external applications require that cookies be accepted. The SSO cookie is a non-persistent cookie that resides in the browser's memory only. It indicates the user identity in base-64 encoded format and never gets written to the disk. Similarly the application session cookies are also removed once the browser is closed.

How do you secure portlets to specific users only?

Each portlet can be granted specific user privileges . Based on these privileges, a user can view only those portlets that the user is granted access to. While displaying the Portlet Repository for a user, the Portal checks the is_ portlet_runnable API to validate the access to every portlet.

How does the Login Server integrate with an LDAP server?

The Login Server can use any LDAP-compliant server for validating the user identity. It performs only the user authentication and lets the remote application control its own session management and authorizations.

Where can I find troubleshooting help for my Java portlets?

The Troubleshooting article provides helpful information for developers who run into issues while installing, deploying the JPDK samples, or when building a Java portlet.

Revision History:

October 31, 2001.
January 24 2002. Updated hyperlinks.