Kevin Kempf's Blog

September 8, 2009

Native Java Implementation

Filed under: 11i, Techstack — kkempf @ 8:54 pm


Only slightly behind the certification curve,  we’ve completed a cut over to native (Sun/Oracle?) Java last week.  I should explain that as a manufacturer, we have large percentage (40%?) of PCs which are “floor machines”.  This means that they are locked down tight, and basically the operators can only get into Oracle.  They are not local admins, and may not install software, and even if they could would likely cause problems with knowing whether to “trust” an install from an unknown source (or even a known source, they likely wouldn’t know who Sun is or whether to trust them!).   This provided some major obstacles, but in the end, after a year of good planning, it was virtually pain free.    Our implementation from a high level looked something like this:

  • Use Microsoft AD policy to push a public certificate used to sign the production Jar files
  • Use a login script to push Java 1.6 to all PC’s upon which Jinitiator was detected; capture install data to ensure we had 90-95% of PC’s installed
  • Created a “custom” Java install (and sign it with the private cert)  to put on the application server based upon Sun/Oracle Java 1.6
    • Pop up a DOS box to say “Installing Oracle Components”
    • Repackage the .exe as a self-extracting zip file, and naming it so that it looks like the “vanilla” Sun/Oracle Java; land it in $COMN_TOP/util/jinitiator (j2se16012.exe)
  • Perform the required patching and configuration on the application server; adadmin force sign of all Jar files
  • Monitor/assist with issues, especially VPN/remote users

I should be very clear and say that the self-extracting executable, vb scripting, and policy/active directory pushes were done by competent systems/desktop support folks.  I could not have done this piece on my own, and basically just provided the adkeystore.dat file (which contained the private key).  Oracle has default passwords on the certificates in this keystore; you can find it on Metalink.

As far as problems after cutover, there were a few minor issues, but probably no more than 5 problems.  For the most part, people came back from lunch, logged back in and didn’t even realize they were using Java now instead of Jinitiator.


Blog at