Oracle Jinitiator
Oracle Applications is based upon a thin client architecture. On the desktop Tier you need almost nothing.. Well almost, it does require a certified web browser and the Oracle Jinitiator.
Oracle Jinitiator is a software that provides the JVM to run oracle form based products which run in the form of a form client applet.The oracle Jinitiator uses its own JVM instead of the browsers JVM.It is isntalled as a plugin ( as in the case of mozilla, Netscape or firefox) or as an Active X component (in case of Internet Explorer).
When Oracle Applications is accessed for the first time from a client PC the Jinitiator is downloaded and installed on the client PC.It is not used for Self Service Web Applications, The JInitiator is invoked only upon clicking a form based application.
After Jinitiator is installed it downloads the form client applet along with the commonly used JAR files, this is done to reduce the network traffic to download JAR files form the server every time.
Jinitiator also performs JAR caching, applet caching and incremental JAR loading to improve applications performance.
These JAR files are commonly stored under the users profile directory with a folder named Oracle Jar Cache.
Oracle Jinitiator allows only trusted JAR files to run within its JVM. This trust is established by using digital signatures. In the current version of Oracle Applications the JAR files are automatically signed with the digital signatures during the install of Oracle Applications using rapidwiz. However you can still change your digital signature and repackageyour oajinit.exe for security reasons.
During the installation process rapidwiz automatically creates a file in the applmgr user $HOME directory called identitydb.obj, this file has a reference to the SID of the database instance.
If there is a mismatch between this file on the server and that on the clinet PC it often results in the yellow bar problem.
$APPL_TOP/admin/appltop.cer
$APPL_TOP/admin/adsign.txt
$HOME(applmgr)/identitydb.obj
To create a new digital certificate you can use the adjkey command, while the adjbuild.sh is used to repackage your jinitiator exe.You can also regenerate your JAR files using ADADMIN.
A Jinitiator package should typically contain the certificate and the obj file along with the executable.
In previous versions of Oracle Applications (earlier to 11.5.9) an unsigned JAR file would result in a yellow bar problem, but in the current release of Oracle Application attempting to load a forms with an unsigned JAR file would fail with an a java security exception error.
The latest certified versions of Oracle Jinitiator is 1.3.1.26 to run with Oracle E-business Suite 11.5.10, the least certified version is 1.1.8.16 which is used with release 11, though you can use version 1.1.8.X to access your 11i applications it is recommended that you upgrade your Jinitiator to the latest supported version 1.3.1.X.
You can follow the metalink note id 124606.1 to upgrade your Jinitiator.
An important fact to remember is that any patch applied through adpatch which contains JAR files, these new JAR files are not signed with the digital signature, after the patch is applied adpatch will regenerate all the JAR files and these new JAR files will be signed and trusted to run within the Jinitiator.
To see a list of supported browsers that are certified to access E-Business Suite reffer to metalink Note id 285218.1.
6 comments:
Very nice e-Bus Tech blog.
Best Regards,
Andries Hanekom
It is good to mention that identitydb.obj is not used in 1.3.1.X any more. Generaly speaking there is significant change in the way Oracle manage signatures comparing 1.1 and 1.3 versions. Certificates are imported in adkeystore.whatever on the fly. You do no need to repackage Jinitiaor anymore. Insteard you use $FND_TOP/patch/bin/jinit.sh script to copy JInit executable and setup jinit related variables in the context file. Just my 0.02£. Yury
It is good to mention that JInitiator is nothing but JRE + Some bug fixes allowing Oracle to run Forms GUI.
Starting from now (erler adopter program) or in R12 you will not need it any more.
REF: Steven Chan.
.
Y.
Hello Sam,
I have a customer who is Planning to roll out a Package on all the PC’s to avoid the first time logins for the users with the new "oaj2se.exe" run and the digital signature.
As in R12 the certificate files are not available, they want to know if they can over come from the users NOT prompting to run the digital signature for the first time.
Basically they don't want the user to Click the Option of "Always Trust content from this Publisher" at first connection attempt to R12 ....How do we avoid this ???
In EBS 11i we can download the certificate from the Apps middle tier servers and place in every PC so that this issue will not be appearing
One could play around with Digital Signatures {refer Note:- 365735.1} by copying the file - "identitydb.obj" - which is the local identity database.
It contains the digital certificate and signing authority information.It must be downloaded on local pc in the folder where Jintiator is installed.
Example:- C:\Program Files\oracle\.. (Installation path as applicable)
How do we do this in R12 ??
Thanks and regards
Jagatheesh R
I can't understand how did you automatically signed up with the jar files using the digital signature. What the procedure are you following. Can you please help me ?
Hi Sam,
Very nice blog, thank you. I have one request. If you can guide me, Our organization is using 11.0.3 ebiz on HP UX with a thin client(jinitiator)version of 1.1.7.18, we want to upgrade it to 1.1.8.16 it will be a great help if you could provide us document of Thanks in advance.
rgds,
rahul
Post a Comment