History
Feedback
|
FAQ
History |
|
Search
Feedback |
Glossary
access control
The methods by which interactions with resources are limited to collections of users or programs for the purpose of enforcing integrity, confidentiality, or availability constraints.
ACID
The acronym for the four properties guaranteed by transactions: atomicity, consistency, isolation, and durability.
admintool
A tool used to manipulate Tomcat while it is running.
anonymous access
Accessing a resource without authentication.
Ant
A Java-based, and thus cross-platform, build tool that can be extended using Java classes. The configuration files are XML-based, calling out a target tree where various tasks get executed.
Apache Software Foundation
Through the Jakarta Project, creates and maintains open source solutions on the Java platform for distribution to the public at no charge. Tomcat and Ant are two products developed by Apache and provided with the Java Web Services Developer Pack.
applet
A component that typically executes in a Web browser, but can execute in a variety of other applications or devices that support the applet programming model.
Application Deployment Tool
A tool for creating WAR files for application deployment and handling security issues.
archiving
Saving the state of an object and restoring it.
attribute
A qualifier on an XML tag that provides additional information.
authentication
The process that verifies the identity of a user, device, or other entity in a computer system, usually as a prerequisite to allowing access to resources in a system. Java WSDP requires three types of authentication: basic, form-based, and mutual, and supports digest authentication.
authorization
The process by which access to a method or resource is determined. Authorization depends upon the determination of whether the principal associated with a request through authentication is in a given security role. A security role is a logical grouping of users defined by the person who assembles the application. A deployer maps security roles to security identities. Security identities may be principals or groups in the operational environment.
authorization constraint
An authorization rule that determines who is permitted to access a Web resource collection.
B2B
Business-to-business.
basic authentication
An authentication mechanism in which a Web server authenticates an entity with a user name and password obtained using the Web application's built-in authentication mechanism.
binary entity
See unparsed entity.
binding
Construction of the code needed to process a well-defined bit of XML data.
binding compiler
A compiler that transforms, or binds, a source XML schema and optional customizing binding declarations to a set of Java content classes.
binding declarations
By default, the JAXB binding compiler binds Java classes and packages to a source XML schema based on rules defined in the JAXB Specification. In most cases, the default binding rules are sufficient to generate a robust set of schema-derived classes from a wide range of schemas. There may be times, however, when the default binding rules are not sufficient for your needs. JAXB supports customizations and overrides to the default binding rules by means binding declarations made inline in a source schema.
binding framework
A runtime API that provides interfaces for unmarshalling, marshalling, and validating XML content in a Java application.
build file
The XML file that contains one project that contains one or more targets. A target is a set of tasks you want to be executed. When starting Ant, you can select which target(s) you want to have executed. When no target is given, the project's default is used.
build properties file
A file named
build.propertiesthat contains properties inbusiness logic
The code that implements the functionality of an application.
callback methods
Component methods called by the container to notify the component of important events in its life cycle.
CDATA
A predefined XML tag for Character DATA that means don't interpret these characters, as opposed to Parsed Character Data (PCDATA), in which the normal rules of XML syntax apply (for example, angle brackets demarcate XML tags, tags define XML elements, etc.). CDATA sections are typically used to show examples of XML syntax.
certificate authority
A trusted organization that issues public key certificates and provides identification to the bearer.
client certificate authentication
An authentication mechanism that uses HTTP over SSL, in which the server and, optionally, the client authenticate each other with a public key certificate that conforms to a standard that is defined by X.509 Public Key Infrastructure (PKI).
comment
Text in an XML document that is ignored, unless the parser is specifically told to recognize it.
commit
The point in a transaction when all updates to any resources involved in the transaction are made permanent.
component
An application-level software unit supported by a container. Components are configurable at deployment time. See also Web components.
component contract
The contract between a component and its container. The contract includes: life cycle management of the component, a context interface that the instance uses to obtain various information and services from its container, and a list of services that every container must provide for its components.
component-managed sign-on
Security information needed for signing on to the resource to the
getConnection()method is provided by an application component.connection
See resource manager connection.
connection factory
See resource manager connection factory.
connector
A standard extension mechanism for containers to provide connectivity to enterprise information systems. A connector is specific to an enterprise information system and consists of a resource adapter and application development tools for enterprise information system connectivity. The resource adapter is plugged in to a container through its support for system-level contracts defined in the connector architecture.
Connector element
A representation of the interface between external clients sending requests to a particular service.
container
An entity that provides life cycle management, security, deployment, and runtime services to components.
container-managed sign-on
Security information needed for signing on to the resource to the
getConnection()method is supplied by the container.content
The part of an XML document that occurs after the prolog, including the root element and everything it contains.
content tree
An XML document is marshalled into a tree of Java objects. The objects in a content tree are manipulated by means of the schema-derived JAXB classes, so that programmers are able to work with XML data as Java objects rather than XML text.
context attribute
An object bound into the context associated with a servlet.
Context element
A representation of a Web application that is run within a particular virtual host.
context root
A name that gets mapped to the document root of a Web application.
credentials
The information describing the security attributes of a principal.
CSS
Cascading Style Sheet. A stylesheet used with HTML and XML documents to add a style to all elements marked with a particular tag, for the direction of browsers or other presentation mechanisms.
data
The contents of an element, generally used when the element does not contain any subelements. When it does, the more general term content is generally used. When the only text in an XML structure is contained in simple elements, and elements that have subelements have little or no data mixed in, then that structure is often thought of as XML data, as opposed to an XML document.
data binding
An XML data-binding facility contains a binding compiler that binds components of a source schema to schema-derived Java content classes. Each class provides access to the content of the corresponding schema component via a set of JavaBeans-style access (i.e.,
getandset) methods. Binding declarations provides a capability to customize the binding from schema components to Java representation. Such a facility also provides a binding framework, a runtime API that, in conjunction with the derived classes, supports unmarshal, marshal, and validate operations.document
In general, an XML structure in which one or more elements contains text intermixed with subelements. See also data.
DDP
Document-Driven Programming. The use of XML to define applications.
declaration
The very first thing in an XML document, which declares it as XML. The minimal declaration is <?xml version="1.0"?>. The declaration is part of the document prolog.
declarative security
Mechanisms used in an application that are expressed in a declarative syntax in a deployment descriptor.
delegation
An act whereby one principal authorizes another principal to use its identity or privileges with some restrictions.
deploy task
A Tomcat manager application task. Requires a WAR, but not necessarily on the same server. Uploads the WAR to Tomcat, which then unpacks it into the
<JWSDP_HOME>/webappsdirectory and loads the application. Useful when you want to deploy an application into a running production server. Restarts of Tomcat will remember that the application exists because it exists in the/webappsdirectory.deployment
The process whereby software is installed into an operational environment.
deployment descriptor
An XML file provided with each module and application that describes how they should be deployed. The deployment descriptor directs a deployment tool to deploy a module or application with specific container options and describes specific configuration requirements that a deployer must resolve.
digest authentication
An authentication mechanism in which a Web application authenticates to a Web server by sending the server a message digest along its HTTP request message. The digest is computed by employing a one-way hash algorithm to a concatenation of the HTTP request message and the client's password. The digest is typically much smaller than the HTTP request, and doesn't contain the password.
distributed application
An application made up of distinct components running in separate runtime environments, usually on different platforms connected via a network. Typical distributed applications are two-tier (client-server), three-tier (client-middleware-server), and multitier (client-multiple middleware-multiple servers).
document root
The top-level directory of a WAR. The document root is where JSP pages, client-side classes and archives, and static Web resources are stored.
DOM
The Document Object Model. An API for accessing and manipulating XML documents as tree structures. DOM provides platform-neutral, language-neutral interfaces that enables programs and scripts to dynamically access and modify content and structure in XML documents.
DTD
Document Type Definition. An optional part of the document prolog, as specified by the XML standard. The DTD specifies constraints on the valid tags and tag sequences that can be in the document. The DTD has a number of shortcomings however, which has led to various schema proposals. For example, the DTD entry <!ELEMENT username (#PCDATA)> says that the XML element called username contains Parsed Character DATA-- that is, text alone, with no other structural elements under it. The DTD includes both the local subset, defined in the current file, and the external subset, which consists of the definitions contained in external .dtd files that are referenced in the local subset using a parameter entity.
ebXML
Electronic Business XML. A group of specifications designed to enable enterprises to conduct business through the exchange of XML-based messages. It is sponsored by OASIS and the United Nations Centre for the Facilitation of Procedures and Practices in Administration, Commerce and Transport (U.N./CEFACT).
element
A unit of XML data, delimited by tags. An XML element can enclose other elements.
empty tag
A tag that does not enclose any content.
enterprise bean
A component that implements a business task or business entity and resides in an EJB container; either an entity bean, session bean, or message-driven bean.
enterprise information system
The applications that comprise an enterprise's existing system for handling company-wide information. These applications provide an information infrastructure for an enterprise. An enterprise information system offers a well defined set of services to its clients. These services are exposed to clients as local and/or remote interfaces. Examples of enterprise information systems include: enterprise resource planning systems, mainframe transaction processing systems, and legacy database systems.
enterprise information system resource
An entity that provides enterprise information system-specific functionality to its clients. Examples are: a record or set of records in a database system, a business object in an enterprise resource planning system, and a transaction program in a transaction processing system.
entity
A distinct, individual item that can be included in an XML document by referencing it. Such an entity reference can name an entity as small as a character (for example, "<", which references the less-than symbol, or left-angle bracket (<). An entity reference can also reference an entire document, or external entity, or a collection of DTD definitions (a parameter entity).
entity bean
An enterprise bean that represents persistent data maintained in a database. An entity bean can manage its own persistence or can delegate this function to its container. An entity bean is identified by a primary key. If the container in which an entity bean is hosted crashes, the entity bean, its primary key, and any remote references survive the crash.
entity reference
A reference to an entity that is substituted for the reference when the XML document is parsed. It may reference a predefined entity like < or it may reference one that is defined in the DTD. In the XML data, the reference could be to an entity that is defined in the local subset of the DTD or to an external XML file (an external entity). The DTD can also carve out a segment of DTD specifications and give it a name so that it can be reused (included) at multiple points in the DTD by defining a parameter entity.
error
A SAX parsing error is generally a validation error--in other words, it occurs when an XML document is not valid, although it can also occur if the declaration specifies an XML version that the parser cannot handle. See also: fatal error, warning.
Extensible Markup Language
A markup language that makes data portable.
external entity
An entity that exists as an external XML file, which is included in the XML document using an entity reference.
external subset
That part of the DTD that is defined by references to external .dtd files.
fatal error
A fatal error occurs in the SAX parser when a document is not well formed, or otherwise cannot be processed. See also: error, warning.
filter
An object that can transform the header and/or content of a request or response. Filters differ from Web components in that they usually do not themselves create responses but rather they modify or adapt the requests for a resource, and modify or adapt responses from a resource. A filter should not have any dependencies on a Web resource for which it is acting as a filter so that it can be composable with more than one type of Web resource.
filter chain
A concatenation of XSLT transformations in which the output of one tranformation becomes the input of the next.
form-based authentication
An authentication mechanism in which a Web container provides an application-specific form for logging in. This form of authentication uses Base64 encoding and can expose user names and passwords unless all connections are over SSL.
general entity
An entity that is referenced as part of an XML document's content, as distinct from a parameter entity, which is referenced in the DTD. A general entity can be a parsed entity or an unparsed entity.
group
An authenticated set of users classified by common traits such as job title or customer profile. Groups are also associated with a set of roles, and every user that is a member of a group inherits all of the roles assigned to that group.
Host element
A representation of a virtual host.
HTML
Hypertext Markup Language. A markup language for hypertext documents on the Internet. HTML enables the embedding of images, sounds, video streams, form fields, references to other objects with URLs and basic text formatting.
HTTP
Hypertext Transfer Protocol. The Internet protocol used to fetch hypertext objects from remote hosts. HTTP messages consist of requests from client to server and responses from server to client.
HTTPS
HTTP layered over the SSL protocol.
impersonation
An act whereby one entity assumes the identity and privileges of another entity without restrictions and without any indication visible to the recipients of the impersonator's calls that delegation has taken place. Impersonation is a case of simple delegation.
initialization parameter
A parameter that initializes the context associated with a servlet.
install task
Ant task useful for development and debugging where you need to restart an application. Requires that the WAR file (or directory) be on the same server on which Tomcat is running. Restarts of Tomcat cause the installation to be forgotten.
instance document
An XML document written against a specific schema.
ISO 3166
The international standard for country codes maintained by the International Organization for Standardization (ISO).
ISV
Independent Software Vendor.
J2EE
See Java 2 Platform, Enterprise Edition.
J2ME
See Java 2 Platform, Micro Edition.
J2SE
See Java 2 Platform, Standard Edition.
JAR
Java ARchive. A platform-independent file format that permits many files to be aggregated into one file.
Java
An environment for developing and deploying enterprise applications. The J2EE platform consists of a set of services, application programming interfaces (APIs), and protocols that provide the functionality for developing multitiered, Web-based applications.
Java 2 Platform, Micro Edition (J2ME)
A highly optimized Java runtime environment targeting a wide range of consumer products, including pagers, cellular phones, screenphones, digital set-top boxes and car navigation systems.
Java 2 Platform, Standard Edition (J2SE)
The core Java technology platform.
Java API for XML Binding (JAXB)
A Java technology that enables you to generate Java classes from XML schemas. As part of this process, JAXB also provides methods for unmarshalling XML instance documents into Java content trees, and then marshalling Java content trees back into XML instance documents. Put another way, JAXB provides a fast and convenient way to bind XML schemas to Java representations, making it easy for Java developers to incorporate XML data and processing functions in Java applications.
Java API for XML Messaging (JAXM)
An API that provides a standard way to send XML documents over the Internet from the Java platform. It is based on the SOAP 1.1 and SOAP with Attachments specifications, which define a basic framework for exchanging XML messages. JAXM can be extended to work with higher level messaging protocols, such as the one defined in the ebXML (electronic business XML) Message Service Specification, by adding the protocol's functionality on top of SOAP.
Java API for XML Processing (JAXP)
An API for processing XML documents. JAXP leverages the parser standards SAX and DOM so that you can choose to parse your data as a stream of events or to build a tree-structured representation of it. The latest versions of JAXP also support the XSLT (XML Stylesheet Language Transformations) standard, giving you control over the presentation of the data and enabling you to convert the data to other XML documents or to other formats, such as HTML. JAXP also provides namespace support, allowing you to work with schemas that might otherwise have naming conflicts.
Java API for XML Registries (JAXR)
An API for accessing different kinds of XML registries.
Java API for XML-based RPC (JAX-RPC)
An API for building Web services and clients that use remote procedure calls (RPC) and XML.
Java Naming and Directory Interface
An API that provides naming and directory functionality.
Java
A set of packages that enable secure Internet communications.
Java
An API that allows applications to access transactions.
Java
An environment containing key technologies to simplify building of Web services using the Java 2 Platform.
JavaBeans
A Java class that can be manipulated in a visual builder tool and composed into applications. A JavaBeans component must adhere to certain property and event interface conventions.
JavaMail
An API for sending and receiving email.
JavaServer Pages
An extensible Web technology that uses template data, custom elements, scripting languages, and server-side Java objects to return dynamic content to a client. Typically the template data is HTML or XML elements, and in many cases the client is a Web browser.
JavaServer Pages Standard Tag Library (JSTL)
A tag library that encapsulates core functionality common to many JSP applications. JSTL has support for common, structural tasks such as iteration and conditionals, tags for manipulating XML documents, internationalization and locale-specific formatting tags, and SQL tags. It also introduces a new expression language to simplify page development, and provides an API for developers to simplify the configuration of JSTL tags and the development of custom tags that conform to JSTL conventions.
JAXR client
A client program that uses the JAXR API to access a business registry via a JAXR provider.
JAXR provider
An implementation of the JAXR API that provides access to a specific registry provider or to a class of registry providers that are based on a common specification.
JDBC
An API for database-independent connectivity to a wide range of data sources.
JNDI
See Java Naming and Directory Interface.
JSP
See JavaServer Pages.
JSP action
A JSP element that can act on implicit objects and other server-side objects or can define new scripting variables. Actions follow the XML syntax for elements with a start tag, a body and an end tag; if the body is empty it can also use the empty tag syntax. The tag must use a prefix.
JSP action, custom
An action described in a portable manner by a tag library descriptor and a collection of Java classes and imported into a JSP page by a
taglibdirective. A custom action is invoked when a JSP page uses a custom tag.JSP action, standard
An action that is defined in the JSP specification and is always available to a JSP file without being imported.
JSP application
A stand-alone Web application, written using the JavaServer Pages technology, that can contain JSP pages, servlets, HTML files, images, applets, and JavaBeans components.
JSP container
A container that provides the same services as a servlet container and an engine that interprets and processes JSP pages into a servlet.
JSP container, distributed
A JSP container that can run a Web application that is tagged as distributable and is spread across multiple Java virtual machines that might be running on different hosts.
JSP declaration
A JSP scripting element that declares methods, variables, or both in a JSP file.
JSP directive
A JSP element that gives an instruction to the JSP container and is interpreted at translation time.
JSP element
A portion of a JSP page that is recognized by a JSP translator. An element can be a directive, an action, or a scripting element.
JSP expression
A scripting element that contains a valid scripting language expression that is evaluated, converted to a
String, and placed into the implicitoutobject.JSP file
A file that contains a JSP page. In the Servlet 2.2 specification, a JSP file must have a .jsp extension.
JSP page
A text-based document using fixed template data and JSP elements that describes how to process a request to create a response.
JSP scripting element
A JSP declaration, scriptlet, or expression, whose tag syntax is defined by the JSP specification, and whose content is written according to the scripting language used in the JSP page. The JSP specification describes the syntax and semantics for the case where the language page attribute is "java".
JSP scriptlet
A JSP scripting element containing any code fragment that is valid in the scripting language used in the JSP page. The JSP specification describes what is a valid scriptlet for the case where the language page attribute is "java".
JSP tag
A piece of text between a left angle bracket and a right angle bracket that is used in a JSP file as part of a JSP element. The tag is distinguishable as markup, as opposed to data, because it is surrounded by angle brackets.
JSP tag library
A collection of custom tags identifying custom actions described via a tag library descriptor and Java classes.
JTA
See Java Transaction API.
life cycle
The framework events of a component's existence. Each type of component has defining events which mark its transition into states where it has varying availability for use. For example, a servlet is created and has its
initmethod called by its container prior to invocation of its service method by clients or other servlets who require its functionality. After the call of itsinitmethod it has the data and readiness for its intended use. The servlet'sdestroymethod is called by its container prior to the ending of its existence so that processing associated with winding up may be done, and resources may be released. Theinitanddestroymethods in this example are callback methods.localhost
For the purposes of the Java WSDP, the machine on which Tomcat is running.
local subset
That part of the DTD that is defined within the current XML file.
Logger element
A representation of a destination for logging, debugging and error messages for Tomcat.
marshal
The process of traversing a content tree and writing an XML document that reflects the tree's content. JAXB can marshal XML data to XML documents, SAX content handlers, and DOM nodes. See also: unmarshal and validation.
message-driven bean
An enterprise bean that is an asynchronous message consumer. A message-driven bean has no state for a specific client, but its instance variables may contain state across the handling of client messages. A client accesses a message-driven bean by sending messages to the destination for which the bean is a message listener.
mixed-content model
A DTD specification that defines an element as containing a mixture of text and one more other elements. The specification must start with
#PCDATA, followed by alternate elements, and must end with the "zero-or-more" asterisk symbol (*).mutual authentication
An authentication mechanism employed by two parties for the purpose of proving each other's identity to one another.
namespace
A standard that lets you specify a unique label to the set of element names defined by a DTD. A document using that DTD can be included in any other document without having a conflict between element names. The elements defined in your DTD are then uniquely identified so that, for example, the parser can tell when an element called <name> should be interpreted according to your DTD, rather than using the definition for an element called
namein a different DTD.naming context
A set of associations between unique, atomic, people-friendly identifiers and objects.
naming environment
A mechanism that allows a component to be customized without the need to access or change the component's source code. A container implements the component's naming environment, and provides it to the component as a JNDI naming context. Each component names and accesses its environment entries using the
java:comp/envJNDI context. The environment entries are declaratively specified in the component's deployment descriptor.normalization
The process of removing redundancy by modularizing, as with subroutines, and of removing superfluous differences by reducing them to a common denominator. For example, line endings from different systems are normalized by reducing them to a single NL, and multiple whitespace characters are normalized to one space.
North American Industry Classification System (NAICS)
A system for classifying business establishments based on the processes they use to produce goods or services.
notation
A mechanism for defining a data format for a non-XML document referenced as an unparsed entity. This is a holdover from SGML that creaks a bit. The newer standard is to use MIME datatypes and namespaces to prevent naming conflicts.
OASIS
Organization for the Advancement of Structured Information Standards. Their home site is http://www.oasis-open.org/. The DTD repository they sponsor is at http://www.XML.org.
one-way messaging
A method of transmitting messages without having to block until a response is received.
OS principal
A principal native to the operating system on which the Web services platform is executing.
parameter entity
An entity that consists of DTD specifications, as distinct from a general entity. A parameter entity defined in the DTD can then be referenced at other points, in order to prevent having to recode the definition at each location it is used.
parsed entity
A general entity that contains XML, and which is therefore parsed when inserted into the XML document, as opposed to an unparsed entity.
parser
A module that reads in XML data from an input source and breaks it up into chunks so that your program knows when it is working with a tag, an attribute, or element data. A nonvalidating parser ensures that the XML data is well formed, but does not verify that it is valid. See also: validating parser.
principal
The identity assigned to a user as a result of authentication.
privilege
A security attribute that does not have the property of uniqueness and that may be shared by many principals.
processing instruction
Information contained in an XML structure that is intended to be interpreted by a specific application.
programmatic security
Security decisions that are made by security-aware applications. Programmatic security is useful when declarative security alone is not sufficient to express the security model of a application.
prolog
The part of an XML document that precedes the XML data. The prolog includes the declaration and an optional DTD.
public key certificate
Used in client-certificate authentication to enable the server, and optionally the client, to authenticate each other. The public key certificate is a digital equivalent of a passport. It is issued by a trusted organization, called a certificate authority (CA), and provides identification for the bearer.
RDF
Resource Description Framework. A standard for defining the kind of data that an XML file contains. Such information could help ensure semantic integrity, for example by helping to make sure that a date is treated as a date, rather than simply as text.
RDF schema
A standard for specifying consistency rules that apply to the specifications contained in an RDF.
reference
See entity reference
realm
See security policy domain. Also, a string, passed as part of an HTTP request during basic authentication, that defines a protection space. The protected resources on a server can be partitioned into a set of protection spaces, each with its own authentication scheme and/or authorization database.
In the Tomcat server authentication service, a realm is a complete database of roles, users, and groups that identify valid users of a Web application or a set of Web applications.
Realm element
A representation of a database of user names, passwords and roles assigned to those users.
registry
An infrastructure that enables the building, deployment and discovery of Web services. It is a neutral third party that facilitates dynamic and loosely coupled business-to-business (B2B) interactions.
registry provider
An implementation of a business registry that conforms to a specification for XML registries.
reload task
Used with the Tomcat
managerWeb application to redeploy a changed Web application onto a running Tomcat server.request-response messaging
A method of messaging that includes blocking until a response is received.
resource manager
Provides access to a set of shared resources. A resource manager participates in transactions that are externally controlled and coordinated by a transaction manager. A resource manager is typically in different address space or on a different machine from the clients that access it. Note: An enterprise information system is referred to as resource manager when it is mentioned in the context of resource and transaction management.
resource manager connection
An object that represents a session with a resource manager.
resource manager connection factory
An object used for creating a resource manager connection.
role (security)
An abstract logical grouping of users that is defined by the Application Assembler. When an application is deployed, the roles are mapped to security identities, such as principals or groups, in the operational environment.
In the Tomcat server authentication service, a role is an abstract name for permission to access a particular set of resources. A role can be compared to a key that can open a lock. Many people might have a copy of the key, and the lock doesn't care who you are, only that you have the right key.
role mapping
The process of associating the groups and/or principals recognized by the container to security roles specified in the deployment descriptor. Security roles have to be mapped before a component is installed in the server.
rollback
The point in a transaction when all updates to any resources involved in the transaction are reversed.
root
The outermost element in an XML document. The element that contains all other elements.