Exploiting SAS® Software Using Java™ Technology Barbara Walters, SAS Institute Inc., Cary, NC
Java programs are often delivered via the Internet. In order to protect the local machine from malicious programs, the Java language and the JVM Abstract provide a secure environment for application execution. The secure This paper describes how to use Java™ technology with SAS software. environment ensures that the client machine (the machine where the SAS Institute currently offers several Java development tools that allow browser is running) is not corrupted by the downloaded program and that applications to access SAS data and take advantage of SAS no information is stolen from the client machine. computational capabilities. This paper describes how to use these class libraries and address client/server configuration and performance Java security is based upon the “sandbox” model. The sandbox is the issues. set of resources (threads, socket connections, local files, etc.) that the downloaded Java code is allowed to access. The code is restricted from accessing resources outside of its sandbox. In executing Java applets, Introduction each Web browser defines the limits of the sandbox. Since its introduction in mid-1995, Java have become an integral part of The Security Manager enforces the limits of the sandbox. For applets, the World Wide Web. Java is a rich programming language that enables the Web browser controls the Security Manager. Each browser may put Web programmers to create sophisticated and responsive client/server different restrictions on applet behavior. The default limits imposed by applications. Because Java is portable and secure, users of Web the Security Manager are: applications can be confident that those applications will execute • Classes cannot access the local file system properly and not corrupt their computers. • Classes cannot read environment variables As part of the SAS/IntrNet® product, SAS Institute provides three Java components: • Classes cannot execute other programs on the local machine • SAS/SHARE*NET™ Driver for JDBC—a Java class library that • Classes cannot make socket connections to machines other than allows Java applications to access SAS data the machine from which they were downloaded. • JConnect—a Java class library that allows Java applications to The Web browser provides the Java “core” libraries. These libraries create a remote SAS session, submit SAS statements, and retrieve contain classes that are included with all Java-enabled browsers and results generated by the submitted statements may not be downloaded over the network. The JDBC driver manager is an example of a core library. It must be available on the local machine; it • JTunnel—a feature that implements HTTP tunneling to extend the is ineligible for download. flexibility of the SHARE*NET Driver and JConnect classes All Java classes are included in a “package.” The package is the By using these components, SAS programmers can make SAS hierarchical name associated with the class. Any class whose package resources available to a much wider user community via the Web. name starts with java is considered a core class. The package name for the JDBC driver manager is java.sql and is, therefore, one of the core libraries. Overview of Java As Java code starts executing, Java classes that are not installed on the Java is an object-oriented programming language developed by Sun local machine and are not core classes are dynamically downloaded Microsystems, Inc. Java source code is compiled to a byte stream, from a Web server. Classes are loaded as they are needed, so the which is merely a long sequence of bytes. The byte stream is interpreted number of classes downloaded from the network can be kept to a by the Java Virtual Machine (JVM). Since Java is interpreted, the code minimum. Downloaded classes are subject to the restrictions imposed will run on any platform that has an implementation of the JVM. This by the Security Manager. enables Java programmers to write a single application that will run on many platforms—the JVM ensures that the program executes properly The following is an example of an applet tag in an HTML document that on the receiving machine. loads a Java class called testapplet.class. Many Web browsers, such as Netscape Navigator and Microsoft’s
2 with the SAS/SHARE*NET server. It is not a requirement that JDBC cmdprompt, /* command prompt */ drivers use a socket interface, but that is the default for our driver. sascmd = sascmd /* command to enter */ The Connection object sends the SQL queries to the SAS/SHARE*NET portprompt, /* port prompt */ server and the server sends its response via the socket interface. The ); Connection object communicates directly with the SAS/SHARE*NET server. String lines = tconnection.getLogLines(); System.out.println(lines); It is very important to note that the Web server and SAS/SHARE*NET server are running on the same physical machine. If the applet is } catch (Exception e) { untrusted and the SAS/SHARE*NET server is not located on the same System.out.println(e.getMessage()); machine as the Web server, the socket connection is disallowed and a } Security Exception is thrown. This is a restriction imposed by the default Java Security Manager, not a restriction imposed by our driver. Figure 4: Code to Start SAS Session with Note: We provide a feature that implements HTTP tunneling to allow the TelnetConnectClient (continued) Web server and SAS/SHARE*NET server to reside on different machines. For more information, see the "JTunnel" section in this paper. The TelnetConnectClient communicates with either the Telnet daemon or the SAS/CONNECT spawner program on the remote host. The SAS/SHARE*NET Driver for JDBC also supports access to foreign The TelnetConnectClient uses the variables passed to the connect databases such as Oracle. By setting properties for the Connection method to log in a user identified by userid and start a SAS session object, a programmer can specify another database. The properties using the sascmd variable. The documentation provided with the named dbms and dbms_options allow the programmer to specify the package will describe how each of the parameters is used. database and the options needed for connecting to that database. The code segment in Figure 5 shows how to submit statements that compute the mean value from column abc in data set xyz and create a JConnect new data set called results, obtain the list output, and print the list output to standard out. Another component of the SAS/IntrNet product is JConnect. JConnect is a set of Java classes that allow an applet to create a remote SAS session, submit SAS statements, and retrieve results. The classes also Code Example: provide support for downloading files and communicating with SCL String lines = new String objects (see "Advanced JConnect Features"). (“proc means data=xyz mean; The JConnect classes provide a subset of the functionality of a var abc; SAS/CONNECT® client. Sample applets that use JConnect classes to output out=results; access a remote SAS session are available from the SAS Institute Web run;”); site. (See the References section for the site URL.) tconnection.rsubmit(lines); Several different mechanisms are available to start a remote SAS session. We provide a CGI program to start SAS on a remote system String logLines = tconnection.getLogLines(); and we provide a Java class that starts a SAS session using telnet. The String listLines = tconnection.getListLines(); Java class that starts the SAS session is named System.out.println(listLines); TelnetConnectClient. The code segment in Figure 4 shows how to create a SAS session using Figure 5: Code to Create Data Set and Print Results the TelnetConnectClient class. The example code starts the remote SAS session on the machine named myhost and retrieves the Access to SAS data is provided through a Single User server. A method log lines generated by SAS software initialization. getSingleUserServer starts the server in the remote session. The Single User server is made available as a JDBC Connection object. Code example: The code segment in Figure 6 shows how to start a Single User server import COM.sas.net.connect.TelnetConnectClient; and retrieve the contents of a data set.
String host = new String(“myhost”); Code Example: String loginprompt = new String(“logon:”); String passwordprompt = new String(“Password:”); java.sql.Connection suServer = String portprompt = new String(“PORT=”); tconnection.getSingleUserServer(); String cmdprompt = new String(“myhost>”); Statement statement = String sascmd = new String(“sas -dmr”); suServer.createStatement(); String userid = new String(“myid”); ResultSet resultset = String password = new String(“password”); statement.executeQuery (“select x from work.results”); try { while (resultset.next() == true) TelnetConnectClient tconnection = String x = resultset.getString(1); new TelnetConnectClient(); Figure 6: Code to Start Server Using TelnetConnectClient tconnection.connect( host, /* host */ This example uses the TelnetConnectClient object named loginprompt, /* login prompt */ tconnection to start the Single User server and return the userid, /* login id */ java.sql.Connection object. The java.sql.Connection object passwordprompt, /* password prompt */ is used to retrieve the contents of the data set named WORK.RESULTS password, /* password */ generated in the previous example. Figure 4: Code to Start SAS Session with TelnetConnectClient The classes that provide remote computing services communicate with a remote SAS session in a very similar manner to the SAS/SHARE*NET Driver for JDBC. By starting the remote SAS session with the -DMR option, the remote SAS session is listening on a particular port. The Java classes establish a socket connection to that port and exchange messages with the remote SAS session.
3 Figure 7 depicts an applet communicating with a remote SAS session. JTunnel Since applet classes are assumed to be downloaded from the Web server, the security restrictions apply and the remote SAS session must We find the requirement of having an Web server available on each run on the same machine as the Web server. machine that has a SAS/SHARE*NET server or a remote SAS session to be quite restrictive. In addition, many Internet users are behind firewalls that will not allow socket connections to machines outside of the firewall. Client machine Server machine We provide a solution to both of these problems through “HTTP tunneling.” Web browser Web server “Tunneling” refers to the practice of encapsulating a communication protocol within another protocol. By using a combination of CGI Java applet programs and Java classes that provide HTTP protocol support, we are able to encapsulate the proprietary protocol used by the JConnect SAS/SHARE*NET Driver and remote SAS session in HTTP requests connection and HTTP responses. In other words, the proprietary SAS protocol is object SAS session with wrapped in HTTP. We call this feature JTunnel. single user server SHARE*NET Many firewalls allow HTTP protocol to pass through. Since the SAS connection protocol can be wrapped in HTTP, many users that previously could not object access remote SAS services now can, if the applet makes use of HTTP tunneling. Figure 8 below depicts the components needed for HTTP tunneling.
Figure 7: Applet Communicating with Remote SAS Session The SAS connection object (either a Jconnect or SHARE*NET Driver connection object) supports a property that is a URL to a CGI program installed on the Web server machine. We refer to this CGI program as the SAS Message Router (shrcgi). If this property is set, the connection Advanced JConnect Features object will emit HTTP requests rather than use a socket connection. The Two advanced features of JConnect are the ability to download files, SAS Message Router passes the HTTP request to the SAS Protocol which enables integration of graphics, and the ability to communicate Interpreter(shrproc). If the SAS Protocol Interpreter is not currently with SCL objects. running, the SAS Message Router starts it. Graphics are provided by generating VRML (Virtual Reality Modeling The SAS Message Router is a CGI program that is run each time a Language) files through graphics drivers and using the Java classes that request is sent from the SAS connection object. It is not a persistent render VRML. The capability to download files allows JConnect to place process. The SAS Protocol Interpreter is a persistent process that into memory a VRML file (created using SAS/GRAPH® procedures), maintains connections to the remote SAS session (if JConnect is used) then pass the file to a VRML-enabled browser. or to the remote SHARE*NET Server (if the SHARE*NET Driver is used). In communicating with SCL objects, JConnect creates a remote SCL object, calls methods on the object, and retrieve the results from the The SAS Protocol interpreter opens and maintains a socket connection method call. For example: there is an SCL object called CatalogInfo to the remote SAS session and sends the messages received in the which supports a method called getContents. The method HTTP requests to the appropriate SAS session. The response from the getContents accepts a character string which is the name of the remote SAS session is received by the SAS Protocol Interpreter from catalog and returns an SCL list that contains the names of the entries. the socket connection. The SAS Protocol Interpreter wraps the SAS By using JConnect, the applet (or application) can instantiate response in an HTTP response that is sent back to the SAS connection CatalogInfo on the remoteSAS session and call object via the SAS Message Router. String[]entries=getContents("MY.CATALOG"). The Java Because the SAS Protocol Interpreter is maintaining the socket applet (or application) can present the list to a user. connections, the restriction of having the remote SAS session created on the same machine as the Web server is removed. The applet is sending requests to the SAS Message Router, not directly to the remote SAS session. The remote SAS session can be created on any machine with which the SAS Protocol Interpreter can communicate.
Client machine Web server machine Remote machine
Web browser
Java applet Web server SAS/CONNECT server JTunnel shrcgi JConnect or ConnectClient SAS/SHARE*NET or server ShareNetConnection object JTunnel shrproc
Figure 8: Components Needed for HTTP Tunneling
4 The configuration program associated with the SAS Protocol Interpreter stop() method has been called. Once informed that the applet will stop allows an administrator to tailor its capabilities. The configuration shortly, the other threads can complete whatever work they are doing program may include a list of machines that are allowed to provide SAS and leave the applet in a state so it can be successfully restarted. services to Java applets or a list of machines that are not allowed to provide services to applets. The administrator can configure the The thread that is establishing the connection to the remote SAS interpreter to only allow certain commands to be used to start a SAS session can update the status field, so the user receives continuous session and disallow all others. The configuration program can also feedback concerning the applet’s activities. restrict the users that are allowed to use the SAS Protocol Interpreter, Well-behaved applets will establish connections during the start() and the Interpreter can be configured to close a connection after a method and close the connections during the stop() method. Applets certain amount of time has passed. should release their resources when the stop() method has been Although we are using JTunnel to allow applets to communicate with a called. machine other than the machine from which the applet originated, JTunnel does not circumvent the "sandbox" security model. The intent of Using Archive Files the security model is to protect the client machine and other machines Java classes may be dynamically downloaded individually from the Web that the client machine may communicate with. JTunnel does not allow server or they may be bundled together in a Java Archive file (JAR file). the applet to connect to any random machine, it requires a configuration If the applet requires a number of classes, it may take a significant file (created by an administrator) that contains the list of machines and amount of time to download each class file individually. Instead the ports that are available to applets using JTunnel. Using the SAS Protocol classes may be bundled together to reduce download time. JAR files are Interpreter, security can be maintained while the administrator of the a standard part of JDK 1.1. At the time this paper was written, neither Web server restricts which machines are eligible for connections on Netscape nor Microsoft had a browser that supported JDK 1.1. behalf of an applet. However, both of these browsers supported some type of archive file. For Netscape Navigator, uncompressed zip files could be used to Tips for Constructing Well-behaved Applets contain multiple Java class files; Microsoft Internet Explorer used CAB Developing client/server applications for the Web requires acute files. The sample applets provided by SAS Institute on its Web site make attention to application behavior and performance issues. Here are some use of archive files. They significantly reduce the time it takes to start the suggestions for creating robust, high performance Java applets. applet and have it perform useful work.
Using Multiple Threads Within an Applet Summary It's important for Java programmers to effectively manage the state of This paper described the Java classes provided by SAS Institute. We the client, server, and connection objects during program execution. This provide the SAS/SHARE*NET Driver for JDBC, a package that allows can be accomplished by using multiple threads to control the order and applets to access SAS data, and JConnect, a package that enables priority of program activities. remote SAS computing services. We also provide Java classes and The Java class java.applet.Applet is the base class for Java programs to support HTTP tunneling to alleviate some configuration applets. It provides the following methods: restrictions and provide access to users behind a firewall. In addition, we provided some tips concerning applet behavior to help the reader • init() construct well-behaved applets. • start() NOTE: At the time of this paper, the code is still under development. We expect that results from further testing will change some of the • stop() functionality described here. For more up-to-date information, please • destroy() visit the SAS Web site listed below and follow the product links. These methods are called by the browser. The init() method is called when the applet is first loaded; destroy() is called when the applet is References no longer needed. The start() method is called when the applet is visible to the user; stop() is called when the applet is no longer visible. http://splash.javasoft.com/jdbc - Use this URL to review JDBC Start() and stop() will be called multiple times as the user switches information. between HTML pages. http://www.sas.com/rnd/web - Use this URL to download a beta of the The applet will not be painted (i.e., the GUI components will not be SAS/SHARE*NET Driver for JDBC. SAS Institute provides sample code visible to the user) until the init() method has exited. All of our with the SAS/SHARE*NET Driver for JDBC. sample applets establish communication with a remote machine. SAS, SAS/CONNECT, SAS/IntrNet, SAS/GRAPH, and Establishing the connection may take a substantial amount of time. We SAS/SHARE*NET are registered trademarks or trademarks of SAS feel it is unacceptable to write applets that do not provide status Institute Inc. in the USA and other countries. Java and JDBC are information about the state of a connection. Since the applet will not registered trademarks or trademarks of Sun Microsystems, Inc. provide visual feedback until the init() method has completed, we do not establish connections in the init() method. ® indicates USA registration. In all of our sample applets, in the init() method we create a Author: Barbara Walters TextField called status that displays status information, lay out the GUI SAS Institute Inc. (graphical user interface), and exit the method. The status area is now SAS Campus Drive visible to the user. Cary, NC 27513 (919) 677-8000 x6668 Next, the applet’s start() method is called. Our sample applets create [email protected] a separate thread to establish the connection to the remote SAS session. If the applet’s main thread is used to create the connection and the stop() method is called, the connection to the remote SAS session may be left in some unknown state. Many conditions exist under which the applet’s stop() method may be called. If the main applet thread is performing some operation that changes the state of the applet and the stop() method is called, the applet may be left in some unrecoverable state. If the applet is left in an unknown state, later the start() method may not be able to successfully restart the applet. Therefore, any work that is performed that changes the state of the applet should be performed in some thread other than the main applet thread. The applet thread can communicate with the other threads to inform them the 5