Oracle XSQL Combining SQL, Oracle Text, XSLT, and Java to Publish Dynamic Web Content Oracle XSQL Combining SQL, Oracle Text, XSLT, and Java to Publish Dynamic Web Content Michael D Thomas Publisher: Robert Ipsen Editor: Theresa Hudson Developmental Editor: Kathryn A Malm Managing Editor: Micheline Frederick Text Design & Composition: Wiley Composition Services This book is printed on acid-free paper ∞ Copyright © 2003 by Michael D Thomas All rights reserved Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470 Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspointe Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4447, E-mail: permcoordinator@wiley.com Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose No warranty may be created or extended by sales representatives or written sales materials The advice and strategies contained herein may not be suitable for your situation You should consult with a professional where appropriate Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages For general information on our other products and services please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002 Trademarks: Wiley, the Wiley Pubishing logo and related trade dress are trademarks or registered trademarks of Wiley Publishing, Inc., in the United States and other countries, and may not be used without written permission All other trademarks are the property of their respective owners Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book Wiley also publishes its books in a variety of electronic formats Some content that appears in print may not be available in electronic books ISBN 0-471-27120-9 Printed in the United States of America 10 To my wife, Aylett—your smile brightens my days Contents About the Author Chapter Introducing Oracle XSQL What XSQL Solves The Problems of Web Application Development XSQL as a Keystone Technology XSQL and Other Oracle Technologies Oracle Text XML Support Oracle JDeveloper Introduction to XML The Role of XML Well-Formed versus Valid Documents Document Structure Processing Instructions Attributes Syntax Nitty-Gritty Element Name and Attribute Restrictions Special Characters CDATA Comments Namespaces Schemas xix 2 11 12 12 13 13 13 15 15 17 17 18 18 19 20 20 21 21 Moving On Chapter 22 Getting Started with XSQL Basic Installation 23 24 Installation Anatomy Scratch XSQL Installation Unix Prerequisites Using Oracle Universal Installer Configuring Java 24 26 26 27 29 vii viii Contents Installing in Existing Environments Web and Application Server Integration Servlet Engine Compatibility Installing on a Servlet Engine Configuring the Database Configuring the Database Connection 30 30 30 31 32 33 Moving On Hello, XSQL! Loading the XSQL Samples Creating a Demo User and Table 35 35 37 Setting Connection Definitions Your First XSQL Page Chapter 33 38 38 Your First XSLT Stylesheet XSQLConfig.xml XSQLConfig Element Servlet Element Processor Element Http Element Connectiondefs Element Actiondefs Element Serializerdefs Element Security Issues Known Issues The XSQLConfig.xml File SQL Poisoning Denial-of-Service Attacks An Example Security Hole Thinking about XSQL Security Provide Few Opportunities Keep Up-to-Date Always Consider Security in Application Design The Multilateral Approach 39 41 41 41 42 44 44 45 45 46 46 46 47 49 50 50 51 51 51 52 Moving On Chapter 52 XSQL Architecture Overview Java Parts 53 53 54 Java Virtual Machine Driver Servlet Engine JSP Runtime Faces Of XSQL XSQL Command Line Utility XSQLRequest Class XSQL Servlet XSQL Page Processor 55 56 56 57 58 58 59 60 60 Contents Oracle XML Modules XML Parser XML SQL XSLT Processor Core XSQL Components XSQL Pages Actions Action Handlers Serializers 63 63 64 64 65 65 66 66 67 Moving On Chapter 68 Writing XSQL Pages Querying the Database 69 69 Multiple xsql:query Actions xsql:query Details xsql:no-rows-query Canonical Schema Formatting Dates Other Built-in Actions xsql:dml xsql:ref-cursor-function xsql:include-owa xsql:include-request-params xsql:include-param xsql:include-xml xsql:set-page-param xsql:set-session-param xsql:set-cookie xsql:set-stylesheet-param xsql:action xsql:include-xsql xsql:insert-request xsql:update-request xsql:delete-request xsql:insert-param Linking to XSLT Stylesheets Processing Instruction Details Choosing Stylesheets Based on Client Type Moving On Chapter XSQL Parameters Referencing Parameters Parameter XML Representation Parameter Types Request Parameters Page-Private Parameters Session Parameters Cookies 73 75 77 77 80 82 82 83 83 84 85 85 85 86 87 88 89 89 90 91 92 93 94 95 96 96 97 98 100 102 102 104 104 106 ix 558 Index DTDs (Document Type Definitions) (continued) Strict, 280–281, 284, 285 Transitional, 280–281, 283, 285 Web services and, 462 XHTML and, 278, 280–281 dual table, imaginary, 160–161 dump-allowed element, 43 dump function, 223 DUP_VAL_ON_INDEX exception, 249 E elements names of, 18–19 numbering, 327–330 syntax rules for, 18–19 See also tags elements clause, 143–147 ELSEIF keyword, 237 empty_blob function, 223 empty_clob function, 223 ENAME element, 299, 301 encoding attribute, 292 END statement, 234–235 Enterprise Manager (Oracle), 38 entities, creating, 314–319 error handling Web application development and, 375, 435, 438–442 Web services and, 453 errors compilation, 226 field names and, 71 installation and, 26 parameters and, 98 writing out, 460 error-statement=”boolean” attribute, 76, 83, 85 Exampletron, 22 exceptions list of, 249 PL/SQL and, 228, 234–325, 248–249 See also error handling; errors exclamation point (!), 19 exclude-result-prefixes attribute, 289, 291 execution sections, 228, 234–325, 248–249 EXISTS method, 234 EXIT condition, 239–240, 242 expansion operators, 255–256 EXP function, 198 expressions aliasing, 144–147 conditional logic and, 307, 310 described, 307, 344 lists of, 138 variables and, 334 XPath and, 344–345 XSLT and, 307–308, 310, 334, 344–345, 363–364 EXTEND method, 234 eXtensible HTML See XHTML eXtensible Markup Language See XML extension-element-prefixes attribute, 289, 291 extract function, 212, 269, 270, 503 F factory element, 43 false function, 364 FETCH keyword, 242 fetch-size=”integer” attribute, 76 fieldset element, 281 file extensions, 31, 32 firewalls, 52 FIRST method, 233 FLOAT data type, 134, 230 floor function, 193–194, 364 following axis, 352 following-sibling axis, 351 FOP serializer, 520–526 FORCE keyword, 173 foreign key constraints, 67, 167, 175–178 relationships, 157 FOR LOOP control structure, 239–240 format attribute, 328 format-number function, 353 forms adding data to, 115–123 canonical schema and, 116–119 creating, 128 parameters and, 116–119, 128–129 forward slash (/), 16, 348 Frameset DTD, 280 See also DTDs from attribute, 328 Index function expressions, 138 functions described, 182–183 miscellaneous, 223–224 names of, 182 specific to XSLT, 353–356 FUZZY operator, 255 G garbage collector, 56 generate-id function, 354 getActionElementContent method, 489 getActionElement method, 488, 495 GET method, 98, 102, 374, 444 getNumberVal function, 270 getOutputStream method, 527, 531 getOwnerDocument method, 483 getPageRequest method, 488, 491, 495 getRequestObject method, 513 getStringVal function, 268, 269, 270 GOTO control structure, 240–241 greatest function, 194, 200–201, 213, 214 groupadd command, 26 GROUP BY clause, 183–190 grouping-separator attribute, 329, 330 grouping-size attribute, 329 H handleAction method, 484, 486–488, 495, 502 HASPATH operator, 258 hello_pkg.hello_plsql function, 248 hello_plsql function, 226–229 “Hello PL/SQL!” string, 225–227 hextoraw function, 220, 221 high-level architecture Java parts of, 54–58 Oracle XML modules and, 63–65 overview of, 53–54 XSQL command-line utility and, 58–59 See also architecture h1 h6 elements, 281 tags, 14, 283 href attribute, 85, 314 href=”string” attribute, 90 hr element, 279, 281, 283 tag, 292–293 htf package, 263–264, 393 HTML (HyperText Markup Language) attributes, 17 comments, 20 creating stylesheets and, 40 CSS and, 275 design of, 3–4 high-level architecture and, 57–59 limitations of, migrating, 285–286 reuse, 403 serializers and, 521 SGML and, 3, 13, 14 technological superiority of, Web application development and, 403, 429 Web services and, 452, 453, 461 HTML forms adding data to, 115–123 canonical schema and, 116–119 creating, 128 parameters and, 116–119, 128–129 htp package, 263–264, 393 HTTP (HyperText Transfer Protocol) actions and, 91, 485, 511 authentication, 511 clients, described, 24 command-line utility and, 444 cookies and, 106, 374 GET method, 98, 102, 374, 444 history of the World Wide Web and, 2, 3, 4, parameters and, 86–87, 97, 104, 106, 415, 418 servers, described, 24 servlet containers and, 25 servlet engines and, 56–57 technological superiority of, Web application development and, 374, 377, 415, 418 Web services and, 452–453, 455, 457–459, 461 See also POST method HyperText Markup Language See HTML hyphen (-), 78 I IBM WebSphere, 25 id attribute, 289, 357 id-attribute attribute, 466 559 560 Index id-attribute-column attribute, 466 id-attribute-column=”string” attribute, 75 id-attribute=”string” attribute, 75 IF control structure, 237–239 ignore-empty-value=”boolean” attribute, 86, 87, 88 IIS (Internet Information Server), 30, 31 img element, 279, 283, 413 importNode method, 476 import utility, 36 include-schema=”Boolean” attribute, 76 INCREMENT BY keyword, 169 increment element, 43 indent attribute, 292 INDEX BY clause, 232–233 infinity attribute, 330 initcap function, 201 initial element, 43 init method, 486–488, 495–498, 501 IN operator, 160 IN OUT parameters, 245, 246 IN parameters, 245, 246 INPATH operator, 257 ins element, 281 INSERT statement, 170–171, 236 installation anatomy of, 25 in existing environments, 30–33 locations, choosing, 28 scratch, 26–29 on servlet engines, 31–32 with the Universal Installer, 27–28, 32 UNIX prerequisites for, 26–27 XSQL, 23–29 instrb function, 202 instr function, 201–202 INT data type, 134, 230 INTEGER data type, 134, 230 Internet Application Server (Oracle), 31 Internet Explorer browser (Microsoft) customizing stylesheets for, 96 POST method and, 125 XSLT processor included with, 94–95 Internet Information Server See IIS Internet Service Providers See ISPs INTERSECT operator, 160 INTO keyword, 236 INVALID_CURSOR exception, 249 INVALID_NUMBER exception, 249 invokeWebServices method, 457, 458 IP (Internet Protocol), 49 IPlanet Application Server, 25 isFragment function, 270 ismap attribute, 279 ismap=”ismap” attribute, 279 ISPs (Internet Service Providers), 49 tag, 263 iteration, 239–240, 304–307 J Java action handlers and, 509–510 API for XSQL, 469 Archive (JARs) files, 29, 30 AWT (Abstract Windowing Toolkit), 537–546 configuring, 29 as a cornerstone technology, Development Kit (JDK), 29 DOM and, 476–477 high-level architecture and, 54–60 installation and, 30, 31 Native Interface (JNI), 372 procedures, 368 resources, 549 sandboxes, 55 serializers and, 537–546 servlet engines and, 30 Servlet Pages (JSP), 5, 57–58, 274 three-tiered development model and, Virtual Machine (JVM), 25, 55–56 Web services and, 456–461 Write Once, Run Everywhere principle, 55 XSQLRequest class and, 59–60 Java Database Connectivity See JDBC JavaScript data handling and, 432, 434–435, 437–438 extending interfaces with, 378–379 POST method and, 125 Web application development and, 374–375, 378–379, 435–438 XSLT integration and, 435–437 JavaServer Web Development Kit See JSWDK JavaSoft Web site, 29 Index javax.servlet.http.Servlet interface, 56–57 javax.servlet.Servlet interface, 56 JDBC (Java Database Connectivity) action handlers and, 493, 500–503 compatibility, 25 connection-pool element and, 43 installation and, 30, 31, 32 serializers and, 536 URLs, 45 Web application development and, 4, 372 JDBC drivers date formats and, 178 high-level architecture and, 56 installation and, 25, 30, 31 JDeveloper (Oracle), 13 JIT (Just in Time) compiler, 55 JNI (Java Native Interface), 372 joins examined, 156–158 outer, 157 target objects and, 140–141 JPEGs (Joint Photographic Experts Group) images, 537–546 JRun, 31 JSP (Java Servlet Pages) runtime, 57–58 three-tiered development model and, XSLT and, 274 See also servlets JSWDK (JavaServer Web Development Kit), 31 J2EE (Java Enterprise Edition) JDeveloper and, 13 servlet containers and, 25 Just in Time compiler See JIT JVM (Java Virtual Machine) described, 55–56 high-level architecture and, 55–56 servlet containers as, 25 servlet engines and, 56 K key-columns attribute, 120, 121 key function, 354–355 L lang attribute, 328, 342, 364 large-object data types, 134–136 last_day function, 213 last function, 357 LAST method, 233 LDAP (Lightweight Directory Access Protocol), 372 least function, 194–195, 203, 214 lengthb function, 204 length function, 203 less-than sign (