BEA WebLogic Server ™ and BEA WebLogic Express™ Administration Guide BEA WebLogic Server Version 6.
Copyright Copyright © 2002 BEA Systems, Inc. All Rights Reserved. Restricted Rights Legend This software and documentation is subject to and made available only pursuant to the terms of the BEA Systems License Agreement and may be used or copied only in accordance with the terms of that agreement. It is against the law to copy the software except as specifically allowed in the agreement.
Contents About This Document Audience.......................................................................................................... xxiii e-docs Web Site............................................................................................... xxiii How to Print the Document............................................................................. xxiii Contact Us! ......................................................................................................
2-13 Restarting the Administration Server on the Same Machine ............ 2-14 Restarting the Administration Server on Another Machine.............. 2-14 Server Startup Process.............................................................................. 2-15 Adding a WebLogic Managed Server to the Domain ..................................... 2-16 Starting a WebLogic Managed Server............................................................. 2-17 Informational Thread Dumps When Starting Clusters...........
Step 3: Configure Startup Information for Managed Servers ............. 3-9 Platform Support for Node Manager ............................................................... 3-11 Starting the Node Manager from the Command Line ..................................... 3-11 Setting Up the Environment..................................................................... 3-12 Setting the Environment Variables on Windows .............................. 3-12 Setting the Environment Variables on UNIX ..................
. Using Log Messages to Manage WebLogic Servers Overview of Logging Subsystem ...................................................................... 6-1 Local Server Log Files ...................................................................................... 6-4 Client Logging............................................................................................ 6-6 Log File Format.......................................................................................... 6-6 Message Attributes ....
Web Applications .............................................................................................. 8-5 Web Applications and Clustering .............................................................. 8-6 Designating a Default Web Application .................................................... 8-6 Configuring Virtual Hosting.............................................................................. 8-8 Virtual Hosting and the Default Web Application.....................................
Syntax................................................................................................ 10-7 Cluster Configuration and Proxy Plug-ins ............................................. 10-13 Verifying Your Configuration ....................................................................... 10-13 11. Installing and Configuring the Apache HTTP Server Plug-In Overview .........................................................................................................
Information Server (ISAPI) Plug-In Overview of the Microsoft Internet Information Server Plug-In .................... 12-2 Connection Pooling and Keep-Alive........................................................ 12-2 Proxying Requests.................................................................................... 12-3 Platform Support ............................................................................................. 12-3 Installing the Microsoft Internet Information Server Plug-In ..........
Failover, Cookies, and HTTP Sessions .................................................. 13-13 Failover Behavior When Using Firewalls and Load Directors .................... 13-15 Sample obj.conf File (Not Using a WebLogic Cluster) ................................ 13-16 Sample obj.conf File (Using a WebLogic Cluster) ....................................... 13-18 14. Managing Security Steps for Configuring Security ........................................................................
Protecting Passwords..................................................................................... 14-60 Installing an Audit Provider .......................................................................... 14-63 Installing a Connection Filter ........................................................................ 14-64 Setting Up the Java Security Manager .......................................................... 14-64 Modifying the weblogic.policy File for Third Party or User-Written Classes....
Overview of JDBC Configuration ........................................................... 16-7 When to Use a Tx Data Source ......................................................... 16-8 Drivers Supported for Local Transactions ........................................ 16-9 Drivers Supported for Distributed Transactions ............................... 16-9 Configuring JDBC Drivers for Local Transactions................................ 16-10 Configuring XA JDBC Drivers for Distributed Transactions...........
17. Managing JMS JMS and WebLogic Server.............................................................................. 17-1 Configuring JMS ............................................................................................. 17-2 JMS Configuration Naming Rules ........................................................... 17-3 Starting WebLogic Server and Configuring JMS .................................... 17-3 Starting the Default WebLogic Server..............................................
About the Bridge’s Resource Adapters .................................................... 18-3 Deploying the Bridge’s Resource Adapters ............................................. 18-5 Configuring the Source and Target Bridge Destinations ......................... 18-6 Configuring JMS Bridge Destinations .............................................. 18-6 Configuring General Bridge Destinations......................................... 18-9 Configuring a Messaging Bridge Instance ..........................
Updating Deployed Resource Adapters ............................................ 20-5 Monitoring....................................................................................................... 20-6 Deleting a Connector....................................................................................... 20-6 Editing Resource Adapter Deployment Descriptors ....................................... 20-7 21. Managing WebLogic Server Licenses Installing a WebLogic Server License .........................
Example............................................................................................ A-17 pem2der............................................................................................ A-18 Syntax............................................................................................... A-18 Example............................................................................................ A-18 Schema ...................................................................................
CANCEL_SHUTDOWN....................................................................B-9 Syntax..................................................................................................B-9 Example ..............................................................................................B-9 CONNECT........................................................................................B-10 Syntax................................................................................................
UNLOCK ......................................................................................... B-25 Syntax............................................................................................... B-25 Example............................................................................................ B-25 VERSION......................................................................................... B-26 Syntax..........................................................................................
INVOKE ...........................................................................................B-42 Syntax................................................................................................B-42 Example ............................................................................................B-42 SET....................................................................................................B-43 Syntax...................................................................................
xx WebLogic Server Administration Guide
About This Document This document explains the management subsystem provided for configuring and monitoring your WebLogic Server implementation. It is organized as follows: n Chapter 1, “Overview of WebLogic Server Management,” describes the architecture of the WebLogic Server management subsystem. n Chapter 2, “Starting and Stopping WebLogic Servers,” explains the procedures for starting and stopping WebLogic Servers.
xxii n Chapter 11, “Installing and Configuring the Apache HTTP Server Plug-In,” explains how to install and configure the WebLogic Server Apache plug-in. n Chapter 12, “ Installing and Configuring the Microsoft Internet Information Server (ISAPI) Plug-In,” explains how to install and conifgure the WebLogic Server plug-in for the Microsoft Internet Information Server.
n Appendix D, “Parameters for Web Server Plug-ins,” discusses the parameters for Web server plug-ins. Audience This document is intended mainly for system administrators who will be managing the WebLogic Server application platform and its various subsystems. e-docs Web Site BEA product documentation is available on the BEA corporate Web site. From the BEA Home page, click on Product Documentation.
Contact Us! Your feedback on BEA documentation is important to us. Send us e-mail at docsupport@bea.com if you have questions or comments. Your comments will be reviewed directly by the BEA professionals who create and update the documentation. In your e-mail message, please indicate the software name and version you are using, as well as the title and document date of your documentation.
Convention Usage monospace text Code samples, commands and their options, Java classes, data types, directories, and file names and their extensions. Monospace text also indicates text that you enter from the keyboard. Examples: import java.util.Enumeration; chmod u+w * config/examples/applications .java config.xml float monospace italic text Variables in code. UPPERCASE TEXT Device names, environment variables, and logical operators.
xxvi Convention Usage . . . Indicates the omission of items from a code example or from a syntax line.
CHAPTER 1 Overview of WebLogic Server Management The following sections describe the tools available to manage WebLogic Server: n Domains, the Administration Server and Managed Servers n Administration Console n Run-time and Configuration Objects n Central Point of Access to Log Messages n Creating a New Domain Your implementation of BEA WebLogic Server software provides a set of interrelated resources for users.
1 Overview of WebLogic Server Management Domains, the Administration Server and Managed Servers An inter-related set of WebLogic Server resources managed as a unit is called a domain. A domain includes one or more WebLogic Servers, and may include WebLogic Server clusters. The configuration for a domain is defined in Extensible Markup Language (XML). Persistent storage for the domain’s configuration is provided by a single XML configuration file install_dir/config/domain_name/config.
Domains, the Administration Server and Managed Servers In a domain with multiple WebLogic Servers, only one server is the Administration Server; the other servers are called Managed Servers. Each WebLogic Managed Server obtains its configuration at startup from the Administration Server. The same class, weblogic.Server, may be started as either the Administration Server for a domain or as a WebLogic Managed Server. A WebLogic Server not started as a Managed Server is an Administration Server.
1 Overview of WebLogic Server Management Administration Console The Administration Console is a JSP-based application hosted by the Administration Server. You can access the Administration Console using a Web browser from any machine on the local network that can communicate with the Administration Server (including a browser running on the same machine as the Administration Server).
Administration Console The value of hostname is the DNS name or IP address of the Administration Server and port is the address of the port on which the Administration Server is listening for requests (7001 by default).
1 Overview of WebLogic Server Management Run-time and Configuration Objects The Administration Server is populated with JavaBean-like objects called Management Beans (MBeans), which are based on Sun’s Java Management Extension (JMX) standard. These objects provide management access to domain resources. The Administration Server contains both configuration MBeans and run-time MBeans. Configuration MBeans provide both SET (write) and GET (read) access to configuration attributes.
Central Point of Access to Log Messages Figure 1-1 WebLogic Server Management Subsystem Central Point of Access to Log Messages The Administration Server also provides central access to critical system messages from all the servers via the domain log. JMX provides a facility for forwarding messages to entities that subscribe for specified messages.
1 Overview of WebLogic Server Management which messages to forward by providing a filter that selects messages of interest. A message forwarded to other network entities on the initiative of a local WebLogic Server is called a notification. JMX notifications are used to forward selected log messages from all WebLogic Servers in the domain to the Administration Server. When a WebLogic Managed Server starts, the Administration Server registers to receive critical log messages.
Creating a New Domain http://hostname:port/console where hostname is the name of the machine where you started the Administration Server and port is the Administration Server’s listen port (default is 7001). 3. Select mydomain→Create or edit other domains. This displays the domains table. 4. Select Default→Create a new Domain. Enter the name of the new domain and click Create. 5. Select the new domain from the list of domains at left to make that the current domain. 6.
1 Overview of WebLogic Server Management 10. At the end of the start script there is a cd command: cd config\mydomain Replace mydomain with the subdirectory name of the new domain. There is also a line in the start script that reads: echo startWebLogic.cmd must be run from the config\mydomain directory. Replace mydomain here with the name of the new domain. 11. Copy the file SerializedSystemIni.dat and the file fileRealm.properties from the default mydomain directory to your new domain directory.
CHAPTER 2 Starting and Stopping WebLogic Servers The following sections describe procedures for starting and stopping Administration Servers and Managed Servers: n WebLogic Administration Server and WebLogic Managed Servers n Starting the WebLogic Administration Server n Adding a WebLogic Managed Server to the Domain n Starting a WebLogic Managed Server n Stopping WebLogic Servers from the Administration Console n Setting Up a WebLogic Server Instance as a Windows Service n Registering Startu
2 Starting and Stopping WebLogic Servers Administration Server for the domain. Additional WebLogic Servers in the domain are managed servers. Whether a WebLogic Server is an Administration Server or a Managed Server depends on the command-line options used when starting the server. The default role for a WebLogic Server is the Administration Server. Therefore, if there is only one WebLogic Server in a domain, that server is the Administration Server.
Starting the WebLogic Administration Server Failover Considerations for the Administration Server Because the Administration Server contains the configuration repository (config.xml), security files, and application files for your domain, you should keep an archived copy of these files in case a failure of the Administration Server causes them to become unavailable. Common methods of archiving include periodic back-ups, fault tolerant disks, and manually copying files whenever they are changed.
2 Starting and Stopping WebLogic Servers Note: When starting WebLogic Server, JDK 1.3 may throw an OutOfMemory error if you are trying to load a large number of classes. This error occurs even though there appears to be plenty of memory available. If you encounter a java.lang.OutOfMemory error exception when you start WebLogic Server, increase the value of the following JMS option: java -XX:MaxPermSize= where is some number in kilobytes. For JDK1.3.
Starting the WebLogic Administration Server Invoking the WebLogic Server from the Start menu executes the start script startWeblogic.cmd (which is located in install_dir/config/domain_name where domain_name is the name of the domain and install_dir is the directory where you installed the WebLogic Server software). You will be prompted to enter the password.
2 Starting and Stopping WebLogic Servers Starting the WebLogic Administration Server from the Command Line The WebLogic Server is a Java class file, and like any Java application, you can start it with the java command. The arguments needed to start the WebLogic Server from the command line can be quite lengthy and typing it out whenever you need to start the server can be tedious.
Starting the WebLogic Administration Server machine) or start Managed Servers remotely using the Node Manager, you need to set the listen address of the Administration Server. To set the listen address, include the following argument: -Dweblogic.ListenAddress=host where host is the DNS name or IP address of the Administration Server. n Provide user password. The default user is system and the required password is the password specified during installation.
2 Starting and Stopping WebLogic Servers Note: Secure a plain text copy of the private key password before you allow WebLogic Server to write the password to a file. You will not be able to retrieve the plain text password from pkpassword.ini after booting the server. n When using SSL, you can turn off host name verification. By default, the Host Name Verifier in WebLogic Server compares the SubjectDN of a digital certificate with the host name of the server that initiated the SSL connection.
Starting the WebLogic Administration Server where domain_name is the name of the domain. This will also be the subdirectory which has the configuration file that will be used to boot the domain. The configuration repository consists of the domains under the /config directory. The configuration repository may contain a variety of possible domain configurations. Each such domain is located under a separate subdirectory, with the subdirectory name being the name of that domain.
2 Starting and Stopping WebLogic Servers AppManager thread that polls the applications directory for changes is only created on Administration servers. This feature is not recommended for use in a production environment. If you want to ensure that the Administration Server is started with the auto-deployment feature disabled, include the following argument on the command line: -Dweblogic.
Starting the WebLogic Administration Server A Server’s Root Directory All instances of WebLogic Server use a root directory to store runtime data and to provide the context for any relative pathnames in the server’s configuration. For example, if you specify ./MyLogFile as the name and location of a server’s log file, then the server creates a file named MyLogFile in its root directory.
2 Starting and Stopping WebLogic Servers But c:\MyManagedRootDir is not. By convention, the root directory for an Administration Server is named after the domain. For example, if the domain is named myDomain, the root directory for the Administration Server is c:\config\myDomain. Multiple instances of WebLogic Server can use the same root directory. However, if your server instances share a root directory, make sure that all relative filenames are unique.
Starting the WebLogic Administration Server n Change the value of the variable JAVA_HOME to the location of your JDK. n UNIX users must change the permissions of the sample UNIX script to make the file executable. For example: chmod +x startWebLogic.
2 Starting and Stopping WebLogic Servers If the Administration Server goes down while Managed Servers continue to run, you do not need to restart the Managed Servers that are already running in order to recover management of the domain. The procedure for recovering management of an active domain depends upon whether you can restart the Administration Server on the same machine it was running on when the domain was started.
Starting the WebLogic Administration Server Note: If you do not have Service Pack 2 of WebLogic Server 6.1 installed, the new administration machine must have the same host name as the machine that hosted the failed Administration Server. 2. Make your application files available to the new Administration Server by copying them from backups or by using a shared disk.
2 Starting and Stopping WebLogic Servers 2. Starts its kernel-level services, which include logging and timer services. 3. Initializes subsystem-level services, which retrieve their configurations from MBeans.
Starting a WebLogic Managed Server 4. Create an entry for the new server (Servers→Create a new server). Set the machine for this Managed Server to the machine you just created an entry for. Each server must have a unique name — even if the servers are in different domains. For more information on configuring servers, see Configuring WebLogic Servers and Clusters.
2 Starting and Stopping WebLogic Servers When starting a WebLogic Managed Server, you need to specify the parameters that you would specify when starting an Administration Server (see Starting the WebLogic Administration Server from the Command Line) but with the addition of the following: n Specify the name of the server. When a WebLogic Managed Server requests its configuration information from the Administration Server, it identifies itself to the Administration Server by server name.
Starting a WebLogic Managed Server Informational Thread Dumps When Starting Clusters If a Managed Server is configured as follows, it prints an informational thread dump to standard out during its startup cycle: n Is a member of a cluster n Prints messages of severity INFO and higher to standard out (Specifed in the Administration Console on the Server > Logging > General tab.) n Logs remote exceptions (Specified in the Administration Console on the Server > Logging > Debugging tab.
2 Starting and Stopping WebLogic Servers You can ignore these thread dumps; they do not indicate an error in your configuration. Note: The log files do not contain this or other thread dumps. Starting the WebLogic Managed Servers Using Scripts Sample scripts are provided with the WebLogic Server distribution that you can use to start WebLogic Servers. You will need to modify these scripts to fit your environment and applications.
Stopping WebLogic Servers from the Administration Console where server_name is the name of the Managed Server you are starting and admin_url is either http://host:port or https://host:port where host is the host name (or IP address) of the Administration Server and port is the port number for the Administration Server. Stopping WebLogic Servers from the Administration Console If you right click on a server in the left pane of the Administration Console, you will see two options, Kill this server...
2 Starting and Stopping WebLogic Servers where: n host is the name or IP address of the machine where the WebLogic Server is running. n port is the WebLogic Server’s listen port (default is 7001). n adminname designates a user that is a member of the Console Access Control List (ACL) (or a member of a group that is a member of the Console ACL) for the target WebLogic Server. Default member of the Console ACL is system. n password is the password for adminname.
Setting Up a WebLogic Server Instance as a Windows Service Setting Up Windows Services: Main Steps The following main steps assume that you created at least one WebLogic Server instance in the default domain that is installed with WebLogic Server: 1. In the default Windows-service installation script, specify the name of the Windows Service, the name of the server instance, and the WebLogic Server password for starting the server instance.
2 Starting and Stopping WebLogic Servers 1. Make a backup copy of weblogic\config\mydomain\installNTService.cmd (where weblogic is the directory where WebLogic Server was installed and mydomain is the domain you created when you installed WebLogic Server). 2. Open installNTService.cmd in a text editor. 3. In the line that starts with set CMDLINE=, change the value of -Dweblogic.Name= to specify the name of the server that you want to start as a Windows service. For example, -Dweblogic.Name=myserver. 4.
Setting Up a WebLogic Server Instance as a Windows Service 2. In the line that starts with set CMDLINE=, add the following argument after the -Dweblogic.Name argument: -Dweblogic.management.
2 Starting and Stopping WebLogic Servers of SERVER_START_PENDING for 2 minutes. Then it changes the status to STARTED. The modified beasvc invocation for the Administration Server will resemble the following: "D:\bea\wlserver6.1\bin\beasvc" -install -svcname:mydomain_myAdminServer -javahome:"D:\bea\jdk131" -delay:120000 -execdir:"D:\bea\wlserver6.1" -extrapath:"D:\bea\wlserver6.
Setting Up a WebLogic Server Instance as a Windows Service You can also add the -delay:delay_milliseconds option to a Managed Server Windows service if you want to configure when the Windows SCM reports a status of STARTED for the service. Enabling Graceful Shutdowns from the Windows Control Panel By default, if you use the Windows Control Panel to stop a server instance, the Windows Service Control Manager (SCM) kills the server’s Java Virtual Machine (JVM).
2 Starting and Stopping WebLogic Servers If you use -stopclass to gracefully shut down a server, 30 seconds might not be enough time for the server to gracefully end its processing. To configure a timeout period on Windows 2000, create a REG_DWORD registry value named ServicesPipeTimeout under the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control The key value must be in milliseconds.
Setting Up a WebLogic Server Instance as a Windows Service For information on changing the default behavior, see “Changing the Default Rotation Criteria” on page 2-29. After you install the service and restart the Windows host, to view the messages that the server and JVM write to standard out or standard error, do one of the following: n Make a copy of the file that you specified and view the copy. The Windows file system cannot write to files that are currently opened.
2 Starting and Stopping WebLogic Servers following format to specify the start time: Month Day Year Hour:Minutes:Seconds where Month is the first 3 letters of a Gregorian-calendar month as written in English Day is the 2-digit day of the Gregorian-calendar month Year is the 4-digit year of the Gregorian calendar Hour:Minutes:Seconds expresses time in a 24-hour format and TIME_INTERVAL_MINS specifies how frequently (in minutes) the Windows service rotates the file.
Setting Up a WebLogic Server Instance as a Windows Service When the Windows service checks the file size, if the file is larger than the size you specify, it saves the file as pathname-yyyy_mm_dd-hh_mm_ss. It then creates a new file named pathname. This new file, which contains all of the headers that you specified originally, collects new standard out and standard error messages.
2 Starting and Stopping WebLogic Servers For example if you archived your class in a file named c:\myJar, the modified statement will be as follows: set CLASSPATH=.;D:\bea\wlserver6.1\lib\weblogic_sp.jar;D:\bea\wlser ver6.1\lib\weblogic.jar;c:\myJar Note: Win32 systems have a 2K limitation on the length of the command line. If the classpath setting for the Windows service startup is very long, the 2K limitation could be exceeded. To work around this limitation: a.
Setting Up a WebLogic Server Instance as a Windows Service By default, standard out is the command prompt in which you run the server-specific batch file. 3. Remove your password from the installNTService.cmd script. Leaving this password on the filesystem in an unencrypted format opens a security vulnerability. Removing WebLogic Server as a Windows Service To remove the WebLogic Server as a Windows service, do the following: 1.
2 Starting and Stopping WebLogic Servers -extrapath:”C\bea\wlserver6.0\bin” -cmdline: %CMDLINE% You must append the following to the command: -password:”your_password” where your_password is the new password. 3. Execute the modified installNTservice.cmd script. This will create a new service with the updated password. Registering Startup and Shutdown Classes WebLogic Server provides a mechanism for performing tasks whenever a WebLogic Server starts up or gracefully shuts down.
Registering Startup and Shutdown Classes Administration Guide 2-35
2 2-36 Starting and Stopping WebLogic Servers Administration Guide
CHAPTER 3 Node Manager The following sections describe how to use the Node Manager: n Overview of Node Manager n Setting Up Node Manager n Platform Support for Node Manager n Starting the Node Manager from the Command Line n Starting the Node Manager Using Start Scripts n Remote Starting and Killing of Managed Servers n Setting Up Node Manager as a Windows Service Overview of Node Manager Node Manager is a Java program that enables you to start and kill WebLogic Managed Servers remotely from
3 Node Manager all the Managed Servers on that machine. To ensure availability of Node Manager, Node Manager should be configured as a daemon on UNIX machines or as a Windows NT service on Windows NT machines. This ensures that the Node Manager is available for starting the Managed Servers on that machine. When the Node Manager is running, it can start or kill any Managed Server installed and configured on its machine at the request of the Administration Server.
Overview of Node Manager servername-error.log This saves information printed to StdErr when an attempt is made by the Node Manager to start the Managed Server named servername. If a new attempt is made to start the server, this file is renamed by appending _PREV to the file name. The Node Manager logs are also stored by the Administration Server in temporary files in a directory called /config/NodeManagerClientLogs on the Administration Server machine.
3 Node Manager Figure 3-1 Node Manager Architecture Setting Up Node Manager All communication between Node Manager and the Administration Server uses the Secure Socket Layer protocol, which provides authentication and encryption. Client authentication is enforced to ensure mutual authentication is used in all communication between the Administration Server and the Node Manager.
Setting Up Node Manager security, Node Manager also uses a list of trusted hosts; only commands from an Administration Server on one of these hosts will be accepted. To configure the Node Manager you will need to edit the trusted hosts file to add one line for each machine with an Administration Server that can send commands to this Node Manager. By default, the trusted hosts file is named nodemanager.hosts and is installed under the \config directory.
3 Node Manager Authentication requires use of the public key infrastructure. This includes a private key as well as a certificate. The certificate typically contains the public key of the user and is signed by the issuer of the certificate to authenticate the binding between the user name and the enclosed public key. Node Manager uses certificates in X509 format. The private keys used with Node Manager conform to the Private Key Cryptography Standards (PKCS) #5 and #8.
Setting Up Node Manager Step 2: Converting a WebLogic-Style Private Key If you want to use WebLogic-style certificates with Node Manager, you will first need to convert the private key to the newer PKCS #5/#8 format. A tool to do this is provided with the WebLogic software.
3 Node Manager In this example, ca.pem is the WebLogic certificate authority file and is identical in content to the default trustedCerts file, trusted.crt, and democert.pem is the public key file. The file demokey_new is the result of running wlkeytool on demokey.pem, as described in Step 2: Converting a WebLogic-Style Private Key. For more information about digital certificates and Secure Sockets Layer, see Managing Security.
Setting Up Node Manager 2. Fill in the fields on the Node Manager tab: l The Listen Address is either the host name or IP address where the Node Manager will be expecting requests from the Administration Server. This is the listen address you specify when Starting the Node Manager. l The Listen Port number must also match the port number you use when starting the Node Manager on that machine. l The certificate used by the Administration Server to talk to this Node Manager.
3 Node Manager the Managed Server in that case if you specified the required values on the command line when starting the Node Manager. l BEA Home You can specify the BEA Home directory. This is the root directory under which all BEA products and licenses were installed for the target Managed Server. l Root Directory This is the root directory where the WebLogic software was installed. l Class Path The classpath for starting the Managed Server.
Platform Support for Node Manager Platform Support for Node Manager The Node Manager is available for use only on Windows and UNIX platforms. Native libraries are available for running the Node Manager on Windows, Solaris, HP-UX, AIX and Red Hat Linux operating systems. For UNIX operating systems other than Solaris and HP UX, you will need to use the following argument on the java command line when starting the Node Manager: -Dweblogic.nodemanager.
3 Node Manager Setting Up the Environment Before starting the Node Manager, there are a number of environment variables that need to be set. One way to set the environment variables would be to run the scripts provided with the WebLogic Server software. The script is called setEnv.sh on UNIX and setEnv.cmd on Windows. This script is located in the directory install_dir/config/domain_name, where install_dir is the directory where you installed WebLogic and domain_name is the name of the domain.
Starting the Node Manager from the Command Line In the above example it is assumed that the JAVA_HOME variable points to the root directory of the JDK installation. You also need to set the path to the native UNIX libraries that be used by the Node Manager.
3 Node Manager The default port on which the Node Manager will listen for requests from the Administration Server is 5555. You can change this with the following startup parameter: -Dweblogic.nodemanager.listenPort=port The Node Manager creates logs for each Managed Server that it is responsible for. By default, these are subdirectories under a directory NodeManagerLogs. You can change the location of this directory with the following startup parameter: -Dweblogic.nodemanager.
Starting the Node Manager from the Command Line -Dbea.home=directory If you used DNS host names rather than IP addresses in the trusted hosts file, then you must also include the following startup parameter: -Dweblogic.nodemanager.reverseDnsEnabled=true By default, reverse DNS is disabled. You can also specify the name of the file that contains the list of trusted hosts with the following startup parameter: -Dweblogic.nodemanager.
3 Node Manager Starting the Node Manager Using Start Scripts Sample start scripts are provided for use in starting Node Manager. These scripts are located in the /config directory where you have installed the WebLogic Server software. The start script for Windows is named startNodeManager.cmd. The start script for UNIX machines is named startNodeManager.sh. Edit the start script for Node Manager to correctly specify the Node Manager listen address.
Remote Starting and Killing of Managed Servers When you start the Managed Server, the messages that are usually printed to STDOUT or STDERROR when starting a WebLogic Server are displayed in the right pane of the Administration Console. These messages are also written to the Node Manager log file for that server. You can stop the Managed Server in the same way: 1. Right click on the name of the Managed Server in the left pane. 2. Select Kill this server.... The Kill this server...
3 Node Manager Starting and Killing Domains and Clusters You can also start or kill all of the Managed Servers in the active domain: 1. Right click on the name of the active domain in the left panel. 2. Select Kill this domain... or Start this domain... If you start the entire domain from the Administration Console, the results displayed in the right pane will consist of a series of links to the results for each Managed Server that was configured for that domain.
Setting Up Node Manager as a Windows Service To install Node Manager as a Windows Service, do the following: 1. Make a copy of the script installNtService.cmd from the install_dir/config/mydomain directory (install_dir is the root of the WebLogic software installation) and rename it installNMNtService.cmd. 2. Make a copy of the script uninstallNtService.cmd from the install_dir/config/mydomain directory (install_dir is the root of the WebLogic software installation) and rename it uninstallNMNtService.cmd.
3 3-20 Node Manager Administration Guide
CHAPTER 4 Configuring WebLogic Servers and Clusters The following sections discuss how to set up WebLogic Servers and WebLogic Server clusters: n Overview of Server and Cluster Configuration n Role of the Administration Server n Starting the Administration Console n How Dynamic Configuration Works n Planning a Cluster Configuration n Server Configuration Tasks n Cluster Configuration Tasks Overview of Server and Cluster Configuration The persistent configuration for a domain of WebLogic Serv
4 Configuring WebLogic Servers and Clusters n Through the Administration Console, BEA’s graphical user interface (GUI) for managing and monitoring a domain configuration. This is intended as the main way to modify or monitor the domain configuration. n By writing a program to modify the configuration attributes, based on the configuration application programmatic interface (API) provided with WebLogic Server.
Role of the Administration Server Figure 4-1 shows a typical production environment that contains an Administration Server and multiple WebLogic Servers. When you start the servers in such a domain, the Administration Server is started first. As each additional server is started, it is instructed to contact the Administration Server for its configuration information. In this way, the Administration Server operates as the central control entity for the configuration of the entire domain.
4 Configuring WebLogic Servers and Clusters Figure 4-1 WebLogic Server Configuration Starting the Administration Console The main point of access to the Administration Server is through the Administration Console.
How Dynamic Configuration Works 1. Enter the following URL: http://host:port/console where host is the host name or IP address of the machine on which the Administration Server is running and port is the address of the port at which the Administration Server is listening for requests (by default, 7001). 2. The system prompts you to enter a user ID and password. Enter your UserID and password.
4 Configuring WebLogic Servers and Clusters Once the Administration Console has been started, if another process captures the Listen Port assigned to the Administration Server, you should remove the process that has captured the server. If you are not able to remove the process that has captured the Listen Port assigned to the Administration Server, you must edit the Config.XML file to change the assigned Listen Port. For information about editing the Config.
Server Configuration Tasks contains any non-Windows machines (that is, any machines that cannot support a Microsoft SQL Server connection). l Other configuration details may differ for various members in the cluster. You might, for example, configure a Solaris server to process more login requests than a small Windows NT workstation. Such differences are acceptable.
4 Configuring WebLogic Servers and Clusters Click the View JNDI Tree link and view the tree in the right pane of the Administration Console. 4-8 n Viewing server execute queues using the Server node of the Administration Console. Click the server you want to monitor. Click the Execute Queues link and view the table in the right pane of the Administration Console. n Viewing server execute threads using the Server node of the Administration Console. Click the server you want to monitor.
Server Configuration Tasks Click the Monitor All EJB Deployments link to display the EJB Deployments table. n Deploying Web Application components on a server using the Server node of the Administration Console. Click the server on which you want to deploy Web Applications. Click the Web Application you want to deploy and use the move control to move it to the Chosen column. Click Apply to save your selections.
4 Configuring WebLogic Servers and Clusters n Assigning mail sessions to a server using the Server node of the Administration Console. Click a server for mail-session assignment. Click one or more mail sessions in the Available column that you want to assign to the server. Use the mover control to move the mail sessions you selected to the Chosen column. Click Apply to save your selections. n Assigning File T3s to a server using the Server node of the Administration Console.
Cluster Configuration Tasks displays in the right pane asking you to confirm your deletion request. Click Yes to confirm your decision to delete the cluster.
4 4-12 Configuring WebLogic Servers and Clusters Administration Guide
CHAPTER 5 Monitoring a WebLogic Server Domain The following sections explain how to monitor your WebLogic Server domain: n Overview of Monitoring n Monitoring Servers n Monitoring JDBC Connection Pools Overview of Monitoring The tool for monitoring the health and performance of your WebLogic Server domain is the Administration Console.
5 Monitoring a WebLogic Server Domain n Tables of data about all entities of a particular type (such as the WebLogic Servers table) n Views of the domain log and of the local server logs. For information about log messages, see Using Log Messages to Manage WebLogic Servers. The Administration Console obtains information about domain resources from the Administration Server.
Monitoring Servers You can access monitoring data for each WebLogic server from the monitoring tabs for that server. The Logging tab provides access to the local log for the server (that is, the log on the machine where the server is running). The Monitoring→General tab page indicates the current status and provides access to the Active Queues table, the Active Sockets table, and the Connections table.
5 Monitoring a WebLogic Server Domain Monitoring JDBC Connection Pools Java Database Connectivity (JDBC) subsystem resources can also be monitored via the Administration Console. The Monitoring tab for a JDBC connection pool allows you to access a table listing statistics for the instances of that pool. As with other entity tables in the Administration Console, you can customize the table to select which attributes you want to be displayed.
CHAPTER 6 Using Log Messages to Manage WebLogic Servers The following sections describe the functions of the logging subsystem: n Overview of Logging Subsystem n Local Server Log Files n Message Attributes n Message Catalog n Message Severity n Browsing Log Files n Creating Domain Log Filters Overview of Logging Subsystem Log messages are a useful tool for managing systems. They allow you to detect problems, track down the source of a fault, and track system performance.
6 Using Log Messages to Manage WebLogic Servers n WebLogic Server component subsystems generate messages that are logged to a local file, that is, a file that resides on the machine where the server is running. If there are multiple servers on a machine, each server has its own log file. Applications deployed on your WebLogic Servers may also log messages to the server’s local log file.
Overview of Logging Subsystem Figure 6-1 WebLogic Server Logging Subsystem Administration Guide 6-3
6 Using Log Messages to Manage WebLogic Servers Local Server Log Files In versions of WebLogic Server prior to 6.0, a new log file is created once the log file reaches a maximum log file size. This type of automatic log file creation is called log rotation. In the current release, you have the option of basing log file rotation either on size or on time. To configure rotation, open the Administration Console and do the following: 1. In the left pane, select a server. 2.
Local Server Log Files For example, if you enter the following value in the File Name field: myserver_%yyyy%_%MM%_%dd%_%hh%_%mm%.log the server’s log file will be named: myserver_yyyy_MM_dd_hh_mm.log When the server instance rotates the log file, the rotated file name contains the date stamp. For example, if the server instance rotates its local log file on 2 April, 2003 at 10:05 AM, the log file that contains the old log messages will be named: myserver_2003_04_02_10_05.
6 Using Log Messages to Manage WebLogic Servers Client Logging Java clients that use the WebLogic logging facility may also generate log messages. However, messages logged by clients are not forwarded to the domain log. You configure logging properties of a client by entering the appropriate argument on the command line: -Dweblogic.log.attribute=value where attribute is any LogMBean attribute. By default, logging to a log file is turned off for clients and messages are logged to stdout.
Message Attributes The following is an example of a log message: #### <> <004500> In this example, the message attributes are: Timestamp, Severity, Subsystem, Machine Name, Server Name, Thread ID, User ID, Transaction ID, Message ID, and Message Text. Note: Log messages logged by clients do not have the attributes Server Name or Thread ID.
6 Using Log Messages to Manage WebLogic Servers Attribute Description User ID The user from the security context when the message was generated. Message ID A unique six-digit identifier. Message IDs through 499999 are reserved for WebLogic Server system messages. Message Text For WebLogic Server messages, this contains the Short Description as defined in the system message catalog. (See Message Catalog.) For other messages, this is text defined by the developer of the program.
Message Severity Message Severity WebLogic Server log messages have an attribute called severity which reflects the importance or potential impact on users of the event or condition reported in the message. Defined severities are described below. Severities are listed in order of severity with Emergency being the highest severity. Severity Forwarded to Domain Log by Default? Meaning Informational No Used for reporting normal operations.
6 Using Log Messages to Manage WebLogic Servers Debug Messages Messages with a severity of debug are a special case. Debug messages are not forwarded to the domain log. Debug messages may contain detailed information about an application or the server. These messages should only occur when the application is running in debug mode. Browsing Log Files The log browsing capabilities of the Administration Console allow you to do the following: n View the local log file of any server.
Creating Domain Log Filters Creating Domain Log Filters The log messages forwarded by WebLogic Servers to the domain log are, by default, a subset of messages logged locally. You can configure a log filter that selects log messages for forwarding based on message severity, subsystem, or user ID. (Debug messages are a special case and are not forwarded to the domain log.) You can create or modify domain log filters from the domain log filters table.
6 6-12 Using Log Messages to Manage WebLogic Servers Administration Guide
C HAPTER 7 Deploying Applications The following sections discuss installation and deployment of applications and application components on WebLogic Server: n Supported Formats for Deployment n Using the Administration Console to Deploy Applications n Updating Deployed Applications at Startup n Auto-Deployment Supported Formats for Deployment J2EE applications can be deployed on WebLogic Servers either as an Enterprise Application Archive (EAR) file or in exploded directory format.
7 Deploying Applications For more information about Resource Adaptor components, see Managing the WebLogic J2EE Connector Architecture. Using the Administration Console to Deploy Applications You can use the Administration Console to install and deploy an application or application components (such as EJB JAR files) and deploy instances of application components on target WebLogic Servers. There are several steps to carry out this task: Step 1: Configure and Deploy the Application.
Using the Administration Console to Deploy Applications Step 2: Deploying Application Components. There are three types of component you can deploy: Web application components, EJBs or resource connector components. Note: If you deploy application components (such as EJBs or WAR or RAR files) to Managed Servers in a cluster, you must ensure that the same application components are deployed on all servers in the cluster. To do this, you would select the cluster as the target for the deployment.
7 Deploying Applications 6. The Available field lists Managed Servers (or Clusters if you selected Targets→Clusters). Select the Managed Servers (or clusters) on which this Web Application is to be deployed by using the arrow buttons to move them to the Chosen field. Click Apply for your change to take effect. For more information about configuring Web applications, see Configuring WebLogic Server Web Components. Deploying EJB Components To deploy EJBs on a Managed Server, do the following: 1.
Using the Administration Console to Deploy Applications Deploying Resource Adapter Components To deploy a resource connector component on a Managed Server, do the following: 1. Select Deployments→Connectors to invoke the Resource Connectors table. 2. Click on the link Configure a new Connector Component which invokes the Create a new Connector Component configuration page. 3.
7 Deploying Applications Deployment Order Within components of the same type, such as EJBs, you can specify the order in which they are to be deployed at server startup. The integer that you indicate in the Deployment Order field when deploying the component indicates the priority in relation to other components of the same type, such as the order of deployment among EJBs. Components that have deployment order 0 are deployed first among components of that type.
Auto-Deployment n The Managed Server does not have the latest version of the application. The Administration Server maintains a StagedTargets list that specifies which Managed Servers in a domain have the latest version of an application. At startup, a Managed Server queries its Administration Server to determine if it (the Managed Server) has the most recent version of the application.
7 Deploying Applications -Dweblogic.ProductionModeEnabled=true If auto-deployment is enabled for the target WebLogic Server domain, when an application is copied into the /config/domain_name/applications directory of the WebLogic Administration Server, the Administration Server detects the presence of the new application and deploys it automatically (if the Administration Server is running).
Auto-Deployment Auto-Deployment of Applications in Expanded Directory Format An application or application component can be auto-deployed either in expanded directory format or as packaged in an Enterprise Application Archive (EAR) file, a Web Application Archive (WAR) file, or a Java Archive (JAR) file. To dynamically deploy an application in exploded format, do the following: 1. Make sure the directory name created for the exploded application is the same as the Context Path of the application. 2.
7 Deploying Applications Redeployment of Applications Auto-Deployed in Exploded Format You can also dynamically redeploy applications or application components that have been auto-deployed in exploded format. When an application has been deployed in exploded format, the Administration Server periodically looks for a file named REDEPLOY in the WEB-INF directory. If the timestamp on this file changes, the Administration Server redeploys the exploded directory.
CHAPTER 8 Configuring WebLogic Server Web Components The following sections discuss how to configure WebLogic Server Web components: n “Overview” on page 8-2 n “HTTP Parameters” on page 8-2 n “Configuring the Listen Port” on page 8-5 n “Web Applications” on page 8-5 n “Configuring Virtual Hosting” on page 8-8 n “How WebLogic Server Resolves HTTP Requests” on page 8-11 n “Setting Up HTTP Access Logs” on page 8-14 n “Preventing POST Denial-of-Service Attacks” on page 8-24 n “Setting Up WebL
8 Configuring WebLogic Server Web Components Overview In addition to its ability to host dynamic Java-based distributed applications, WebLogic Server is also a fully functional Web server that can handle high volume Web sites, serving static files such as HTML files and image files as well as servlets and JavaServer Pages (JSP). WebLogic Server supports the HTTP 1.1 standard. HTTP Parameters You can configure the HTTP operating parameters using the Administration Console for each Server or Virtual Host.
HTTP Parameters Attribute Description Range of Values Default Value FrontendHTTPPort The frontend HTTP Port is set when the Port information coming from the URL may be inaccurate due to the presence of a firewall or proxy. If this parameter is set, the HOST header is ignored and this value is always used. Valid Listen Port null FrontendHTTPSPort The frontend HTTPS Port is set when the Port information coming from the URL may be inaccurate due to the presence of a firewall or proxy.
8 Configuring WebLogic Server Web Components Attribute Description Range of Values Default Value HTTPS Duration The number of seconds that WebLogic Server waits before closing an inactive HTTPS connection. Integer 60 When selected, the session ID no longer includes JVM information. This may be necessary when using URL rewriting with WAP devices that limit the size of the URL to 128 characters. Selecting WAP Enabled may affect the use of replicated sessions in a cluster.
Configuring the Listen Port Attribute Description External DNS Address If your system includes an address translation firewall that sits between the clustered WebLogic Servers and a plug-in to a web server front-end, such as the Netscape (proxy) plug-in, set this attribute to the address used by the plug-in to talk to this server. Range of Values Default Value Configuring the Listen Port You can specify the port that each WebLogic Server listens on for HTTP requests.
8 Configuring WebLogic Server Web Components files. In addition, a Web Application can access external resources such as EJBs and JSP tag libraries. Each server can host any number of Web Applications. You normally use the name of the Web Application as part of the URI you use to request resources from the Web Application. For more information, see Assembling and Configuring Web Applications at http://e-docs.bea.com/wls/docs61/webapp/index.html.
Web Applications For example, if your Web Application is called shopping, you would use the following URL to access a JSP called cart.jsp from the Web Application: http://host:port/shopping/cart.jsp If, however, you declared shopping as the default Web Application, you would access cart.jsp with the following URL: http://host:port/cart.jsp (Where host is the host name of the machine running WebLogic Server and port is the port number where the WebLogic Server is listening for requests.
8 Configuring WebLogic Server Web Components Configuring Virtual Hosting Virtual hosting allows you to define host names that servers or clusters respond to. When you use virtual hosting you use DNS to specify one or more host names that map to the IP address of a WebLogic Server or cluster and you specify which Web Applications are served by the virtual host.
Configuring Virtual Hosting http://www.mystore.com/shopping/cart.jsp If, however, you declared shopping as the default Web Application for the virtual host www.mystore.com, you would access cart.jsp with the following URI: http://www.mystore.com/cart.jsp For more information, see “How WebLogic Server Resolves HTTP Requests” on page 8-11. Setting Up a Virtual Host To define a virtual host, use the Administration Console to: 1. Create a new Virtual Host. a. Expand the Services node in the left pane.
8 Configuring WebLogic Server Web Components b. Select the Servers tab. You will see a list of available servers. c. Select a server in the available column and use the right arrow button to move the server to the chosen column. 4. Define the clusters that will respond to this virtual host (optional). You must have previously defined a WebLogic Cluster. For more information, see Using WebLogic Server Clusters at http://e-docs.bea.com/wls/docs61/cluster/index.html. a. Select the Targets tab. b.
How WebLogic Server Resolves HTTP Requests How WebLogic Server Resolves HTTP Requests When WebLogic Server receives an HTTP request, it resolves the request by parsing the various parts of the URL and using that information to determine which Web Application and/or server should handle the request. The examples below demonstrate various combinations of requests for Web Applications, virtual hosts, servlets, JSPs, and static files and the resulting response.
8 Configuring WebLogic Server Web Components Table 8-1 Examples of How WebLogic Server Resolves URLs URL Index Directories Checked? This file is served in response http://host:port/oranges/naval Does not matter Servlet mapped with of /naval in the oranges Web Application. There are additional considerations for servlet mappings. For more information, see Configuring Servlets at http://e-docs.bea.c om/wls/docs61/webap p/ components.html #configuringservlets.
How WebLogic Server Resolves HTTP Requests Table 8-1 Examples of How WebLogic Server Resolves URLs URL Index Directories Checked? This file is served in response http://host:port No Welcome file* from the default Web Application. http://host:port/apples/myfile.html Does not matter myfile.html, from the top level directory of the apples Web Application. http://host:port/myfile.html Does not matter myfile.html, from the top level directory of the default Web Application.
8 Configuring WebLogic Server Web Components Table 8-1 Examples of How WebLogic Server Resolves URLs URL Index Directories Checked? This file is served in response http://www.fruit.com/oranges/myfile.html Does not matter myfile.html, from the oranges Web Application that is targeted to a virtual host with host name www.fruit.com. * For more information, see Configuring Welcome Pages at http://e-docs.bea.com/wls/docs61/webapp/components.html#welcome_p ages.
Setting Up HTTP Access Logs Setting Up HTTP Access Logs by Using the Administration Console To set up HTTP access logs use the Administration Console at http://e-docs.bea.com/wls/docs61/ConsoleHelp/virtualhost.html. 1. If you have set up virtual hosting: a. Select the services node in the left pane. b. Select the virtual hosts node. The node expands and displays a list of virtual hosts. c. Select a virtual host. If you have not set up virtual hosting: a. Select the servers node in the left pane.
8 Configuring WebLogic Server Web Components 7. In Log Rotation Type, select By Size or By Date. l By Size: Rotates the log when it exceeds the value entered into the Log Buffer Size parameter. l By Date: Rotates the log after the number of minutes specified with the Rotation Period parameter. 8. If you have selected Size as the Rotation Type, in the Max Log File Size K Bytes field specify the file size (1 - 65535 kilobytes) that triggers the server to move log messages to a separate file.
Setting Up HTTP Access Logs auth_user If the remote client user sent a userid for authentication, the user name; otherwise “-” day/month/year:hour:minute:second UTC_offset Day, calendar month, year and time of day (24-hour format) with the hours difference between local time and GMT, enclosed in square brackets "request" First line of the HTTP request submitted by the remote client enclosed in double quotes status HTTP status code returned by the server, if available; otherwise “-” bytes Number of byte
8 Configuring WebLogic Server Web Components Creating the Fields Directive The first line of your log file must contain a directive stating the version number of the log file format. You must also include a Fields directive near the beginning of the file: #Version: 1.0 #Fields: xxxx xxxx xxxx ... Where each xxxx describes the data fields to be recorded. Field types are specified as either simple identifiers, or may take a prefix-identifier format, as defined in the W3C specification.
Setting Up HTTP Access Logs The following identifiers require prefixes, and cannot be used alone. The supported prefix combinations are explained individually. IP address related fields: These fields give the IP address and port of either the requesting client, or the responding server. This field has type
, as defined in the W3C specification. The supported prefixes are: c-ip The IP address of the client. s-ip The IP address of the server.8 Configuring WebLogic Server Web Components cs-uri-query Only the query portion of the URI. This field has type , as defined in the W3C specification. Creating Custom Field Identifiers You can also create user-defined fields for inclusion in an HTTP access log file that uses the extended log format. To create a custom field you identify the field in the ELF log file using the Fields directive and then you create a matching Java class that generates the desired output.
Setting Up HTTP Access Logs http://e-docs.bea.com/wls/docs61/javadocs/weblogic/servlet/l ogging/FormatStringBuffer.html). 3. Compile the Java class and add the class to the CLASSPATH statement used to start WebLogic Server. You will probably need to modify the CLASSPATH statements in the scripts that you use to start WebLogic Server. Note: Do not place this class inside of a Web Application or Enterprise Application in exploded or jar format. 4. Configure WebLogic Server to use the extended log format.
8 Configuring WebLogic Server Web Components Table 8-2 Getter Methods of HttpAccountingInfo HttpAccountingInfo Methods Where to find information on the methods int getResponseContentLength(); javax.servlet.ServletResponse. setContentLength() This method gets the content length of the response, as set with the setContentLength() method. String getContentType(); javax.servlet.ServletRequest Locale getLocale(); javax.servlet.ServletRequest Enumeration getLocales(); javax.servlet.
Setting Up HTTP Access Logs Table 8-2 Getter Methods of HttpAccountingInfo HttpAccountingInfo Methods Where to find information on the methods Enumeration getHeaders(String name); javax.servlet.http.Http.ServletRequest int getIntHeader(String name); javax.servlet.http.Http.ServletRequest String getMethod(); javax.servlet.http.Http.ServletRequest String getPathInfo(); javax.servlet.http.Http.ServletRequest String getPathTranslated(); javax.servlet.http.Http.
8 Configuring WebLogic Server Web Components Listing 8-1 Java Class for Creating a Custom ELF Field import weblogic.servlet.logging.CustomELFLogger; import weblogic.servlet.logging.FormatStringBuffer; import weblogic.servlet.logging.HttpAccountingInfo; /* This example outputs the User-Agent field into a custom field called MyCustomField */ public class MyCustomField implements CustomELFLogger{ public void logField(HttpAccountingInfo metrics, FormatStringBuffer buff) { buff.appendValueOrDash(metrics.
Setting Up WebLogic Server for HTTP Tunneling MaxPostSize Limits the number of bytes of data received in a POST from a single request. If this limit is triggered, a MaxPostSizeExceeded exception is thrown and the following message is sent to the server log: POST size exceeded the parameter MaxPostSize. An HTTP error code 413 (Request Entity Too Large) is sent back to the client. If the client is in listening mode, it gets these messages. If the client is not in listening mode, the connection is broken.
8 Configuring WebLogic Server Web Components Enable Tunneling Enables or disables HTTP tunneling. HTTP tunneling is disabled by default. Tunneling Ping When an HTTP tunnel connection is set up, the client automatically sends a request to the server, so that the server may volunteer a response to the client. The client may also include instructions in a request, but this behavior happens regardless of whether the client application needs to communicate with the server.
Using Native I/O for Serving Static Files (Windows Only) Using Native I/O for Serving Static Files (Windows Only) When running WebLogic Server on Windows NT/2000 you can specify that WebLogic Server use the native operating system call TransmitFile instead of using Java methods to serve static files such as HTML files, text files, and image files. Using native I/O can provide performance improvements when serving larger static files. To use native I/O, add two parameters to the web.
8 8-28 Configuring WebLogic Server Web Components Administration Guide
CHAPTER 9 Proxying Requests to Another HTTP Server The following sections discuss how to proxy HTTP requests to another HTTP server: n “Overview” on page 9-1 n “New Version of the HttpProxyServlet” on page 9-2 n “Setting Up a Proxy to a Secondary HTTP Server” on page 9-2 n “Sample Deployment Descriptor for the Proxy Servlet” on page 9-4 Overview When you use WebLogic Server as your primary Web server, you may also want to configure WebLogic Server to pass on, or proxy, certain requests to a second
9 Proxying Requests to Another HTTP Server If you want to proxy requests to a cluster of WebLogic Servers, you can use the HttpClusterServlet. For more information, see “Proxying Requests to a WebLogic Cluster” on page 10-1. New Version of the HttpProxyServlet Service Pack 2 for WebLogic Server 6.1, contains a new version of the HttpProxyServlet. The older version of HttpProxyServlet is still available and functions as described in this document.
Setting Up a Proxy to a Secondary HTTP Server If you are using the new version of HttpProxyServlet, see “Sample web.xml for use with NEW version of HttpProxyServlet” on page 9-4). If you are using the older, deprecated version of HttpProxyServlet, see “Sample web.xml for use with DEPRECATED version of HttpProxyServlet” on page 9-5). The class name for the new version of HttpProxyServlet is weblogic.servlet.proxy.HttpProxyServlet.
9 Proxying Requests to Another HTTP Server If you set the to “/”, then any request that cannot be resolved by WebLogic Server is proxied to the remote server. However, you must also specifically map the following extensions: *.jsp, *.html, and *.html if you want to proxy files ending with those extensions. 4. Deploy the Web Application on the WebLogic Server that redirects incoming requests.
Sample Deployment Descriptor for the Proxy Servlet / ProxyServlet *.jsp ProxyServlet *.htm ProxyServlet *.
9 Proxying Requests to Another HTTP Server redirectURL http://myServer:7001 ProxyServlet / ProxyServlet *.jsp ProxyServlet *.
CHAPTER 10 Proxying Requests to a WebLogic Cluster The following sections discuss how to proxy HTTP requests to a cluster of WebLogic Servers: n “Overview” on page 10-1 n “New Version of the HttpClusterServlet” on page 10-2 n “Setting Up the HttpClusterServlet” on page 10-2 n “Sample Deployment Descriptors” on page 10-4 n “Verifying Your Configuration” on page 10-13 Overview The HttpClusterServlet provided with WebLogic Server proxies requests from a WebLogic Server acting as an HTTP server to se
10 Proxying Requests to a WebLogic Cluster New Version of the HttpClusterServlet A new version of the HttpClusterServlet was introduced in WebLogic Server 6.1 SP02. The older version is still available, but it is deprecated and will be removed from a future release. Differences between the older version and the new version are described in this document. The WebLogic Server 6.1 SP02 HttpClusterServlet has the following features: n Supports HTTP 1.1, including chunk-transfer and keep-alive.
Setting Up the HttpClusterServlet 3. Create the web.xml deployment descriptor file for the servlet, under the WEB-INF directory of the Web application. Use any text editor. Sample deployment descriptors for the new and deprecated versions of the proxy servlet are provided in “Sample Deployment Descriptors” on page 10-4. For comprehensive instructions on writing a web.xml file, see “Writing Web Application Deployment Descriptors” in Assembling and Configuring Web Applications. a.
10 Proxying Requests to a WebLogic Cluster 4. In the Administration Console, assign the servlet as the default Web Application for the Managed Server on your proxy server machine. For instructions, see “Designating a Default Web Application” on page 8-6. 5. In the Administration Console, deploy the servlet to the Managed Server on your proxy server machine. For instructions, see “Deploying Web Application Components” on page 7-3.
Sample Deployment Descriptors web.xml for HttpClusterServlet SP02 This listing before is a sample web.xml for the HttpClusterServlet provided with WebLogic Server 6.1 SP02 and later. For parameter definitions see “Proxy Servlet Deployment Parameters” on page 10-7. HttpClusterServlet weblogic.servlet.proxy.
10 Proxying Requests to a WebLogic Cluster web.xml for Deprecated HttpClusterServlet HttpClusterServlet weblogic.servlet.internal.
Sample Deployment Descriptors Proxy Servlet Deployment Parameters Key parameters for configuring the behavior of the current version of the proxy servlet are listed in Table 10-1. Parameters for the deprecated proxy servlet are listed in Table 10-2. Prior to WebLogic Server 6.1 SP02, the proxy servlet behavior was configured with its own parameter set.
10 Proxying Requests to a WebLogic Cluster Table 10-1 WLS 6.1 SP02 Proxy Servlet Deployment Parameters Parameter in WLS 6.1 SP02 and Later Usage Deprecated Equivalent WebLogicCluster WebLogicCluster WLS1.com:port|WLS2.com:port defaultServers Where WLS1.com and WLS2.com are the host names of servers in the cluster, and port is a port where the host is listening for HTTP requests.
Sample Deployment Descriptors Parameter in WLS 6.1 SP02 and Later Usage Deprecated Equivalent ConnectRetry Secs Interval in seconds that the the servlet will sleep between attempts to connect to a server instance. Assign a value less than ConnectTimeoutSecs. numOfRetries The number of connection attempts the servlet makes before returning an HTTP 503/Service Unavailable response to the client is ConnectTimeoutSecs divided by ConnectRetrySecs.
10 Proxying Requests to a WebLogic Cluster Parameter in WLS 6.1 SP02 and Later Usage Deprecated Equivalent PathTrim String trimmed by the plug-in from the beginning of the original URL, before the request is forwarded to the cluster. pathTrim Syntax: PathTrim ParameterValue Example: If the URL http://myWeb.server.
Sample Deployment Descriptors Parameter in WLS 6.1 SP02 and Later Usage Deprecated Equivalent clientCertProxy Specifies to trust client certificates in the WL-Proxy-Client-Cert header. Valid values are true and false. The default value is false. This setting is useful if user authentication is performed on the proxy server—setting clientCertProxy to true causes the proxy server to pass on the certs to the cluster in a special header, WL-Proxy-Client-Cert.
10 Proxying Requests to a WebLogic Cluster defaultServers List of host names and associated plain and SSL listen ports for the Managed Servers in the cluster, separated by the | character. For example: host1:port:SSLport| host2:port:SSLport None If you set the secureProxy parameter to ON , the HTTPS port uses SSL between the proxy server and the clustered servers. You must define the SSL ports, even if secureProxy is OFF. 10-12 secureProxy ON/OFF.
Verifying Your Configuration pathPrepend String to be prepended to the beginning of the original URL, after pathTrim has been trimmed, and before the request is forwarded to a WebLogic Server cluster member. None Cluster Configuration and Proxy Plug-ins Two WebLogic Server configuration attributes can be set at the cluster level to control the behavior of the HttpClusterServlet.
10 Proxying Requests to a WebLogic Cluster port is the port number on that server that is listening for HTTP requests, and placeholder.jsp is a file that does not exist on the server. The plug-in gathers configuration information and run-time statistics and returns the information to the browser. For more information, see “DebugConfigInfo” on page D-7.
C HAPTER 11 Installing and Configuring the Apache HTTP Server Plug-In The following sections describe how to install and configure the Apache HTTP Server Plug-In: n Overview n Certifications n Installing the Apache HTTP Server Plug-In n Configuring the Apache HTTP Server Plug-In n Using SSL with the Apache Plug-In n Issues with SSL-Apache Configuration n Template for the httpd.
11 Installing and Configuring the Apache HTTP Server Plug-In Overview The Apache HTTP Server Plug-In allows requests to be proxied from an Apache HTTP Server to WebLogic Server. The plug-in enhances an Apache installation by allowing WebLogic Server to handle those requests that require the dynamic functionality of WebLogic Server.
Certifications Keep-Alive Connections in Apache Version 2.x The Apache HTTP Server Plug-In improves performance by using a reusable pool of connections from the plug-in to WebLogic Server. The plug-in implements HTTP 1.1 keep-alive connections between the plug-in and WebLogic Server by reusing the same connection in the pool for subsequent requests from the same client.
11 Installing and Configuring the Apache HTTP Server Plug-In Installing the Apache HTTP Server Plug-In You install the Apache HTTP Server Plug-In as an Apache module in your Apache HTTP Server installation. The module is installed either as a Dynamic Shared Object (DSO) or as a statically linked module. (Installation as a statically linked module is only available for Apache version 1.3.x). There are separate instructions in this section for each type of installation (DSO, or statically linked module).
Installing the Apache HTTP Server Plug-In Table 1: Locations of Shared Object Files Platform HPUX11 Location of Shared Object File lib/hpux11 Note: If you are running Apache 2.0.x server on HP-UX11, set the environment variables specified below before you build the Apache server. Because of a problem with the order in which linked libraries are loaded on HP-UX11, a core dump can result if the load order is not preset as an environment variable before building.
11 Installing and Configuring the Apache HTTP Server Plug-In Apache Version Regular Strength Encryption 128-bit Encryption Apache + Raven Version 1.x mod_wl_ssl_raven.so mod_wl128_ssl_raven.so mod_wl_20.so mod_wl28_20.so Required because Raven applies frontpage patches that makes the plug-in incompatible with the standard shared object Standard Apache Version 2.x If you are using Compaq OpenVMS, skip to step 5. 2. Enable the shared object.
Installing the Apache HTTP Server Plug-In 3. You install the Apache HTTP Server Plug-In with a support program called apxs (APache eXtenSion) that builds DSO-based modules outside of the Apache source tree, and adds the following line to the httpd.conf file: AddModule mod_so.c 4.
11 Installing and Configuring the Apache HTTP Server Plug-In WebLogicHost [hostname] WebLogicPort 7001 PathTrim /weblogic SetHandler weblogic-handler For more information on editing the httpd.conf file, see “Configuring the Apache HTTP Server Plug-In” on page 11-10. 6. Configure any additional parameters in the Apache httpd.conf configuration file as described in the section “Configuring the Apache HTTP Server Plug-In” on page 11-10.
Installing the Apache HTTP Server Plug-In Installing as a Statically Linked Module To install the Apache HTTP Server Plug-In as a statically linked module: 1. Locate the linked library file for your platform. Each library file is distributed as separate versions, depending on the platform and the encryption strength for SSL (regular or 128-bit—128-bit versions are only installed if you install the 128-bit version of WebLogic Server).
11 Installing and Configuring the Apache HTTP Server Plug-In 5. Copy Makefile.libdir, Makefile.tmpl from the lib directory of your WebLogic Server installation to src/modules/weblogic. 6. Copy libweblogic.a. (Use libweblogic128.a instead, if you are using 128 bit security.) from the same directory containing the linked library file (see step 1. ) to src/modules/weblogic. 7. If you are using regular strength encryption, execute the following command from the Apache 1.
Configuring the Apache HTTP Server Plug-In Editing the httpd.conf File To edit the httpd.conf file to configure the Apache HTTP Server Plug-In: 1. Open the httpd.conf file. The file is located at APACHE_HOME/conf/httpd.conf (where APACHE_HOME is the root directory of your Apache installation). 2. Ensure that the httpd.conf LoadModule stanza will load the correct module by verifying that the following two lines were added to the httpd.
11 Installing and Configuring the Apache HTTP Server Plug-In WebLogicHost myweblogic.server.com WebLogicPort 7001 MatchExpression *.jsp MatchExpression *.xyz If you are proxying requests by MIME type to a cluster of WebLogic Servers, use the WebLogicCluster parameter instead of the WebLogicHost and WebLogicPort parameters. For example: WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001 MatchExpression *.jsp MatchExpression *.
Configuring the Apache HTTP Server Plug-In An alternate way of proxying by path to multiple clusters would be: MatchExpression /x WebLogicCluster=server1:port,server2:port,server3:port,server4: port|PathTrim=/x MatchExpression /y WebLogicCluster=server1:port,server2:port,server3:port,server4: port|PathTrim=/y MatchExpression /z WebLogicCluster=server1:port,server2:port,server3:port,server4: port|PathTrim=/z Where the general syntax is MatchExpression exp name=value|name=value where exp=Mime ty
11 Installing and Configuring the Apache HTTP Server Plug-In Include conf/weblogic.conf Note: Defining parameters in an included file is not supported when using SSL between Apache HTTP Server Plug-In and WebLogic Server. n Each parameter should be entered on a new line. Do not put an ‘=’ between the parameter and its value.
Using SSL with the Apache Plug-In client-->2-way SSL-->Apache<--1-way SSL<--WebLogic Server The Apache HTTP Server cannot use the digital certificate from the first SSL connection in the second SSL connection because it cannot use the client’s private key. Configuring SSL Between the Apache HTTP Server Plug-In and WebLogic Server To use the SSL protocol between Apache HTTP Server Plug-In and WebLogic Server: 1. Configure WebLogic Server for SSL.
11 Installing and Configuring the Apache HTTP Server Plug-In WebLogicPort 7001 PathTrim /weblogic The following configuration is the correct setup: SetHandler weblogic-handler PathTrim /weblogic n The Include directive does not work with Apache SSL. You must configure all parameters directly in the httpd.conf file. Do not use the following configuration when using SSL: MatchExpression *.jsp Include weblogic.
Using SSL with the Apache Plug-In clientCertProxy true For Web applications, add the parameter to the web.xml file as follows: ServletRequestImpl context-param weblogic.httpd.clientCertProxy true You can also use this parameter in a cluster as follows: PAGE 19611 Installing and Configuring the Apache HTTP Server Plug-In Connection Errors and Clustering Failover When the Apache HTTP Server Plug-In attempts to connect to WebLogic Server, the plug-in uses several configuration parameters to determine how long to wait for connections to the WebLogic Server host and, after a connection is established, how long the plug-in waits for a response.
Connection Errors and Clustering Failover The Dynamic Server List When you specify a list of WebLogic Servers in the WebLogicCluster parameter, the plug-in uses that list as a starting point for load balancing among the members of the cluster. After the first request is routed to one of these servers, a dynamic server list is returned containing an updated list of servers in the cluster.
11 Installing and Configuring the Apache HTTP Server Plug-In Figure 11-1 Connection Failover *The Maximum number of retries allowed in the red loop is equal to ConnectTimeoutSecs ÷ ConnectRetrySecs.
Template for the httpd.conf File Template for the httpd.conf File This section contains a sample httpd.conf file. You can use this sample as a template that you can modify to suit your environment and server. Lines beginning with # are comments. Note that Apache HTTP Server is not case sensitive, and that the LoadModule and AddModule lines are automatically added by the apxs utility. #################################################### APACHE-HOME/conf/httpd.
11 Installing and Configuring the Apache HTTP Server Plug-In Example Using WebLogic Clusters # # # # # These parameters are common for all URLs which are directed to the current module. If you want to override these parameters for each URL, you can set them again in the or blocks. (Except WebLogicHost, WebLogicPort, WebLogicCluster, and CookieName.) WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001 ErrorPage http://myerrorpage.mydomain.
Sample Configuration Files Example Configuring IP-Based Virtual Hosting NameVirtualHost 172.17.8.1 WebLogicCluster tehama1:4736,tehama2:4736,tehama:4736 PathTrim /x1 ConnectTimeoutSecs 30 WeblogicCluster green1:4736,green2:4736,green3:4736 PathTrim /y1 ConnectTimeoutSecs 20 Example Configuring Name-Based Virtual Hosting With a Single IP Address ServerName myserver.mydomain.
11 11-24 Installing and Configuring the Apache HTTP Server Plug-In Administration Guide
C HAPTER 12 Installing and Configuring the Microsoft Internet Information Server (ISAPI) Plug-In The following sections describe how to install and configure the Microsoft Internet Information Server Plug-In. n Overview of the Microsoft Internet Information Server Plug-In n Installing the Microsoft Internet Information Server Plug-In n Sample iisproxy.
12 Installing and Configuring the Microsoft Internet Information Server (ISAPI) Plug-In Overview of the Microsoft Internet Information Server Plug-In The Microsoft Internet Information Server Plug-In allows requests to be proxied from a Microsoft Internet Information Server (IIS) to WebLogic Server. The plug-in enhances an IIS installation by allowing WebLogic Server to handle those requests that require the dynamic functionality of WebLogic Server.
Platform Support Proxying Requests The plug-in proxies requests to WebLogic Server based on a configuration that you specify. You can proxy requests either based on the URL of the request (or a portion of the URL). This is called proxying by path. You can also proxy a request based on the MIME type of the requested file, called proxying by file extension. You can also use a combination of both methods. If a request matches both criteria, the request is proxied by path.
12 Installing and Configuring the Microsoft Internet Information Server (ISAPI) Plug-In Microsoft Internet Information Server plug-in, you must rename the iisproxy128.dllfile to iisproxy.dll. If you wish to keep both files you will need to change the name of the original iisproxy.dll file. 2. Start the IIS Internet Service Manager by selecting it from the Microsoft IIS Start menu. 3. In the left panel of the Service Manager, select your website (the default is “Default Web Site”). 4.
Installing the Microsoft Internet Information Server Plug-In Note: To avoid out-of-process errors, do not deselect the "Cache ISAPI Applications" check box. 8. Create the iisproxy.ini file. The iisproxy.ini file contains name=value pairs that define configuration parameters for the plug-in. The parameters are listed in “General Parameters for Web Server Plug-Ins” on page -2.
12 Installing and Configuring the Microsoft Internet Information Server (ISAPI) Plug-In 10. Configure proxying by path. In addition to proxying by file type, you can configure the Microsoft Internet Information Server Plug-In to serve files based on their path by specifying some additional parameters in the iisproxy.ini file. Proxying by path takes precedence over proxying by MIME type. You can also proxy multiple websites defined in IIS by path.
Proxying Multiple Virtual Websites from IIS Note: The only time you need to use HTTP-tunneling is when you connect through an applet through IIS/NES to WebLogic Server and and use http as the protocol instead of t3. (For example, http:// as the protocol in the provider URL instead of t3://.) 12. Set any additional parameters in the iisproxy.ini file. A complete list of parameters is available in the appendix “General Parameters for Web Server Plug-Ins” on page -2. 13.
12 Installing and Configuring the Microsoft Internet Information Server (ISAPI) Plug-In l port is the port number where IIS listens for HTTP requests. l dll_directory is the path to the directory you created in step 1. For example: vhost1=strawberry.com:7001 strawberry.com:7001=c:\strawberry\iisproxy.ini vhost2=blueberry.com:7001 blueberry.com:7001=c:\blueberry\iisproxy.ini ... 5. Create a separate iisproxy.ini file for each virtual Website, as described in step 8. in “Proxying Requests”.
Sample iisproxy.ini File To enable Basic Authentication, in the Directory Security tab of the console, ensure that the Allow Anonymous option is “on” and all other options are “off”. Sample iisproxy.ini File Here is a sample iisproxy.ini file for use with a single, non-clustered WebLogic Server. Comment lines are denoted with the “#” character. # This file contains initialization name/value pairs # for the IIS/WebLogic plug-in.
12 Installing and Configuring the Microsoft Internet Information Server (ISAPI) Plug-In between the Microsoft Internet Information Server Plug-In and WebLogic Server. In addition, the SSL protocol allows the WebLogic Server proxy plug-in to authenticate itself to the Microsoft Internet Information Server to ensure that information is passed to a trusted principal.
Using SSL with the Microsoft Internet Information Server Plug-In 4. Set the SecureProxy parameter in the iisproxy.ini file to ON. 5. Set additional parameters in the iisproxy.ini file that define the SSL connection. For a complete list of parameters, see “SSL Parameters for Web Server Plug-Ins” on page -13. For example: WebLogicHost=myweblogic.
12 Installing and Configuring the Microsoft Internet Information Server (ISAPI) Plug-In weblogic.httpd.clientCertProxy true You can also use this parameter in a cluster as follows: Proxying Servlets from IIS to WebLogic Server Servlets may be proxied by path if the iisforward.dll is registered as a filter.
Testing the Installation Note: l If the image links called from the servlet are part of the Web Application, you must also proxy the requests for the images to WebLogic Server by registering the appropriate file types (probably .gif and .jpg) with IIS. You can, however, choose to serve these images directly from IIS if desired. l If the servlet being proxied has links that call other servlets, then these links must also be proxied to WebLogic Server, conforming to the pattern shown above.
12 Installing and Configuring the Microsoft Internet Information Server (ISAPI) Plug-In Connection Errors and Clustering Failover When the Microsoft Internet Information Server Plug-In attempts to connect to WebLogic Server, the plug-in uses several configuration parameters to determine how long to wait for connections to the WebLogic Server host and, after a connection is established, how long the plug-in waits for a response.
Connection Errors and Clustering Failover The Dynamic Server List When you specify a list of WebLogic Servers in the WebLogicCluster parameter, the plug-in uses that list as a starting point for load balancing among the members of the cluster. After the first request is routed to one of these servers, a dynamic server list is returned containing an updated list of servers in the cluster.
12 Installing and Configuring the Microsoft Internet Information Server (ISAPI) Plug-In Figure 12-1 Connection Failover *The Maximum number of retries allowed in the red loop is equal to ConnectTimeoutSecs ÷ ConnectRetrySecs.
C HAPTER 13 Installing and Configuring the Netscape Enterprise Server Plug-In (NSAPI) The following sections describe how to install and configure the Netscape Enterprise Server Plug-In (NES) proxy plug-in: n “Overview of the Netscape Enterprise Server Plug-In” on page 13-2 n “Installing and Configuring the Netscape Enterprise Server Plug-In” on page 13-3 n “Using SSL with the NSAPI Plug-In” on page 13-9 n “Connection Errors and Clustering Failover” on page 13-12 n “Failover Behavior When Using F
13 Installing and Configuring the Netscape Enterprise Server Plug-In (NSAPI) Overview of the Netscape Enterprise Server Plug-In The Netscape Enterprise Server Plug-In enables requests to be proxied from Netscape Enterprise Server (NES, also called iPlanet) to WebLogic Server. The plug-in enhances an NES installation by allowing WebLogic Server to handle those requests that require the dynamic functionality of WebLogic Server.
Certifications WebLogic Server. If a connection is inactive for more than 30 seconds or a user-defined amount of time, the connection is closed. You can disable this feature if desired. For more information, see “KeepAliveEnabled” on page -10. Proxying Requests The plug-in proxies requests to WebLogic Server are based on a configuration that you specify. You can proxy requests either based on the URL of the request (or a portion of the URL). This is called proxying by path.
13 Installing and Configuring the Netscape Enterprise Server Plug-In (NSAPI) are respectively located in the /lib or /bin directories of your WebLogic Server distribution. The modules are: l Linux: lib/linux/i686/libproxy.so l AIX: lib/aix/libproxy4x.so or lib/aix/libproxy4x_128.so l Solaris: lib/solaris/libproxy.so l Windows: server/bin/proxy36.dll 2. Modify the obj.conf file. The obj.conf file defines which requests are proxied to WebLogic Server and other configuration information.
Modifying the obj.conf File c. To test the Netscape Enterprise Server Plug-In, open a browser and set the URL to the Enterprise Server + /weblogic/, which should bring up the default WebLogic Server HTML page, welcome file, or default servlet, as defined for the default Web Application on WebLogic Server, as shown in this example: http://myenterprise.server.com/weblogic/ Modifying the obj.conf File To use the Netscape Enterprise Server Plug-In, you must make several modifications to the NES obj.conf file.
13 Installing and Configuring the Netscape Enterprise Server Plug-In (NSAPI) Where NETSCAPE_HOME is the root directory of the NES installation, and INSTANCE_NAME is the particular “instance” or server configuration that you are using. For example, on a UNIX machine called myunixmachine, the obj.conf file would be found here: /usr/local/netscape/enterprise-351/ https-myunixmachine/config/obj.conf 2.
Modifying the obj.conf File The value of the ppath attribute can be any string that identifies requests intended for Weblogic Server. When you use a ppath, every request that contains that path is redirected. For example, a ppath of “*/weblogic/*” redirects every request that begins “http://enterprise.com/weblogic” to the Netscape Enterprise Server Plug-In, which sends the request to the specified Weblogic host or cluster. c. Add the Service directive within the tags.
13 Installing and Configuring the Netscape Enterprise Server Plug-In (NSAPI) 4. If you want to proxy by MIME type, the MIME type must be listed in the MIME.types file. For instructions on modifying this file, see step 3. under “Installing and Configuring the Netscape Enterprise Server Plug-In” on page 13-3. All requests with a designated MIME type extension (for example, .jsp) can be proxied to the WebLogic Server, regardless of the URL. To proxy all requests of a certain file type to WebLogic Server: a.
Using SSL with the NSAPI Plug-In fn=wl_proxy WebLogicHost=localhost WebLogicPort=7001\ PathPrepend=/jspfiles PathCheck fn=nt-uri-clean PathCheck fn="check-acl" acl="default" PathCheck fn=find-pathinfo PathCheck fn=find-index index-names="index.html,home.
13 Installing and Configuring the Netscape Enterprise Server Plug-In (NSAPI) The WebLogic Server proxy plug-in does not use the transport protocol (http or https) specified in the HTTP request (usually by the browser) to determine whether or not the SSL protocol will be used to protect the connection between the Netscape Enterprise Server Plug-In and WebLogic Server. Note: You cannot configure a 2-way SSL between the Netscape Enterprise Server and WebLogic Server.
Using SSL with the NSAPI Plug-In Specifying Trust of the WL-Proxy-Client-Cert Header The plug-in can encode users’ identity certifications in the WL-Proxy-Client-Cert header and pass the header to WebLogic Server instances (see Proxying Requests to Another HTTP Server in the WebLogic Server Administration Guide). A WebLogic Server instance uses the certificate information from that header, trusting that it comes from a secure source (the Plug-In), to authenticate the user.
13 Installing and Configuring the Netscape Enterprise Server Plug-In (NSAPI) Connection Errors and Clustering Failover When the Netscape Enterprise Server Plug-In attempts to connect to WebLogic Server, the plug-in uses several configuration parameters to determine how long to wait for connections to the WebLogic Server host and, after a connection is established, how long the plug-in waits for a response.
Connection Errors and Clustering Failover The Dynamic Server List When you specify a list of WebLogic Servers in the WebLogicCluster parameter, the plug-in uses that list as a starting point for load balancing among the members of the cluster. After the first request is routed to one of these servers, a dynamic server list is returned containing an updated list of servers in the cluster.
13 Installing and Configuring the Netscape Enterprise Server Plug-In (NSAPI) Figure 13-1 Connection Failover *The Maximum number of retries allowed in the red loop is equal to ConnectTimeoutSecs ÷ ConnectRetrySecs.
Failover Behavior When Using Firewalls and Load Directors Failover Behavior When Using Firewalls and Load Directors In most configurations, the Netscape Enterprise Server Plug-In sends a request to the primary instance of a cluster. When that instance is unavailable, the request fails over to the secondary instance.
13 Installing and Configuring the Netscape Enterprise Server Plug-In (NSAPI) Sample obj.conf File (Not Using a WebLogic Cluster) Below is an example of lines that should be added to the obj.conf file if you are not using a cluster. You can use this example as a template that you can modify to suit your environment and server. Lines beginning with # are comments. Note: Make sure that you do not include any extraneous white space in the obj.conf file.
Sample obj.conf File (Not Using a WebLogic Cluster) # # # # # # # # # # This Object directive works by file extension rather than request path. To use this configuration, you must also add a line to the mime.types file: type=text/jsp exts=jsp This configuration means that any file with the extension ".jsp" are proxied to WebLogic.
13 Installing and Configuring the Netscape Enterprise Server Plug-In (NSAPI) Sample obj.conf File (Using a WebLogic Cluster) Below is an example of lines that should be added to obj.conf if you are using a WebLogic Server cluster. You can use this example as a template that you can modify to suit your environment and server. Lines beginning with # are comments. Note: Make sure that you do not include any extraneous white space in the obj.conf file.
Sample obj.conf File (Using a WebLogic Cluster) theirweblogic.com:7001" PathTrim="/weblogic" # Here we configure the plug-in so that requests that # match "/servletimages/" are handled by the # plug-in/WebLogic. # # # # # # # # # # This Object directive works by file extension rather than request path.
13 Installing and Configuring the Netscape Enterprise Server Plug-In (NSAPI) # The following directive enables HTTP-tunneling of the # WebLogic protocol through the NSAPI plug-in. # ## ------------- END SAMPLE OBJ.
CHAPTER 14 Managing Security The following sections describe how to implement security in WebLogic Server: n Steps for Configuring Security n Changing the System Password n Specifying a Security Realm n Defining Users n Defining Groups n Defining ACLs n Configuring the SSL Protocol n Configuring Mutual Authentication n Configuring RMI over IIOP with SSL n Protecting Passwords n Installing an Audit Provider n Installing a Connection Filter n Setting Up the Java Security Manager n
14 Managing Security Steps for Configuring Security Implementing security in a WebLogic Server deployment largely consists of configuring attributes that define the security policy for that deployment. WebLogic Server provides an Administration Console to help you define the security policy for your deployment.
Changing the System Password 5. Protect the network connection between clients and WebLogic Server by implementing the SSL protocol. When SSL is implemented, WebLogic Server uses its digital certificate, issued by a trusted certificate authority, to authenticate clients. This step is optional but BEA recommends it. See “Configuring the SSL Protocol.” 6. Further protect your WebLogic Server deployment by implementing mutual authentication.
14 Managing Security The password of the system User is encrypted and is further protected when WebLogic Server applies a hash to it. To improve security, BEA recommends frequently changing the system password that was set during installation. Each WebLogic Server deployment must have a unique password. To change the system password, do the following: 1. In the Administration Console under the Security node, click Users to open the Users. 2.
Specifying a Security Realm Maintaining the secrecy of WebLogic passwords is critical to keeping your WebLogic Server deployment and data secure. For your protection, BEA recommends keeping the password of WebLogic Server secret. Specifying a Security Realm This section describes configuring a security realm for your WebLogic Server deployment. For an introduction of security realms and how they are used in WebLogic Server, see Security Realms in Programming WebLogic Security.
14 Managing Security Attribute Description Caching Realm Name of the Caching realm being used. n When using the File realm, this attribute should be set to None. n If you are using an alternate or custom security realm, set this attribute to the name of the Caching realm to be used. A list of configured Caching realms appears on the pull-down menu. Max Users Maximum number of Users to be used the File realm. The File realm is intended to be used with 10,000 or fewer Users.
Specifying a Security Realm Note: Also make a backup copy of the SerializedSystemIni.dat file for the File realm. For more information about the SerializedSystemIni.dat file, see Protecting Passwords. If, instead of the File realm, you want to use one of the alternate security realms provided by WebLogic Server or a custom security realm, set the attributes for the desired realm and reboot WebLogic Server.
14 Managing Security security realm. Reducing the frequency of such calls improves the performance. The trade-off is that changes to the underlying security realm are not recognized until the cached object expires. Note: When you obtain an object from a security realm, the object reflects a snapshot of the object. To update the object, call the object’s get() method again. For example, the membership of a Group is set when the Group is retrieved from the security realm with a call to the getGroup() method.
Specifying a Security Realm Attribute Description Basic Realm Name of the class for the alternate security realm or custom security realm to be used with the Caching realm. The names of the configured realms appear on the pull-down menu. Case Sensitive Cache Defines whether the specified security realm is case-sensitive. By default, this attribute is enabled: the realm is case-sensitive.
14 Managing Security 7. To enable and configure the Authentication cache, define values for the attributes shown on the Authentication tab in the Caching Realm Configuration window. The following table describes the attributes you set on the Authentication tab. Table 14-4 Authentication Cache Attributes Attribute Description Enable Authentication Cache Option for enabling the Authentication cache. Authentication Cache Size Maximum number of Authenticate requests to cache.
Specifying a Security Realm Table 14-5 Group Cache Attributes Attribute Description Group Cache TTLPositive Number of seconds to retain the results of a successful lookup. The default is 60 seconds. Group Cache TTLNegative Number of seconds to retain the results of an unsuccessful lookup. The default is 10 seconds. Group Membership Cache TTL Number of seconds to store the members of a group before updating it. The default is 300 seconds. 10. To save your changes, click the Apply button. 11.
14 Managing Security 13. To enable and configure the Permission cache, define values for the attribute shown on the Permission tab in the Caching Realm Configuration window. T The following table describes each attribute on the Permission tab. Table 14-7 Permission Cache Attributes Attribute Description Enable Permission Cache Option for enabling the Permission cache. Permission Cache Size Maximum number of Permission lookups to cache.
Specifying a Security Realm for BEA customers that are currently using the LDAP security realm in an older release of WebLogic Server. However, the LDAP realm V1 is deprecated in this release and BEA recommends users upgrade to the LDAP realm V2. n LPAP realm V2—An updated LDAP security realm with improved performance and configurability. This is the same LDAP security realm provided in WebLogic Server 6.0 Service Pack 1.0.
14 Managing Security Restrictions When Using the LDAP Security Realm The LDAP security realm has the following restrictions: n When the LDAP server in Microsoft Site Server is installed and the root of the LDAP directory is created, a number of organizational units are created by default. Under Groups there is a default organization unit called NTGroups with a default Group named Administrators, which is empty.
Specifying a Security Realm Locating Users and Groups in the LDAP Directory The LDAP security realm needs to know where the Users and Groups are stored in the LDAP directory used with the security realm. This is done by specifying the distinguished names (DNs) of the LDAP directories that contain the Users and Groups. In LDAP, a DN starts with a leaf node and goes to the root node. For example: root | | | o=acme.com | | | ou=Groups The DN for this branch would be specified as ou=Groups, o=acme.com.
14 Managing Security The name of the class that implements the LDAP Security realm is displayed. 3. Click Create. 4. To enable communication between the LDAP server and WebLogic Server define values for the attributes shown on the LDAP Realm V1 tab in the LDAP Realm Create window. The following table describes the attributes you set on the LDAP Realm V1 tab. Table 14-8 LDAP Security Realm Attributes on the LDAP Tab Attribute Description LDAPURL Location of the LDAP server.
Specifying a Security Realm Table 14-8 LDAP Security Realm Attributes on the LDAP Tab Attribute Description AuthProtocol The type of authentication used to authenticate the LDAP server. Set this attribute to one of the following values: n None for no authentication n Simple for password authentication n CRAM-MD5 for certificate authentication Netscape iPlanet supports CRAM-MD5. Microsoft Site Server, Netscape iPlanet, and OpenLDAP and Novell NDS support Simple. 5.
14 Managing Security Table 14-9 LDAP Security Realm Attributes on the Users Tab Attribute Description User Authentication Determines the method for authenticating Users. Set this attribute to one of the following values: n Bind specifies that the LDAP security realm retrieves user data, including the password for the LDAP server, and checks the password in WebLogic Server.
Specifying a Security Realm 8. To specify how Groups are stored in the LDAP directory, assign values to the attributes shown on the Groups tab in the LDAP Realm Create window. The following table describes the attributes you set on the Groups tab. Table 14-10 LDAP Security Realm Attribute on the Groups Tab Attribute Description Group DN List of attributes and values that, combined with the Group Name Attribute attribute, uniquely identifies a Group in the LDAP directory. For example, "o=acme.
14 Managing Security 13. Choose the Filerealm tab. 14. In the Caching Realm attribute, choose the name of the Caching Realm to be used with the LDAP Security realm. A list of configured Caching Realms appears on the pull-down menu. Note: When you use an LDAP Security realm, you must configure and enable the Caching realm; otherwise, the LDAP Security realm will not work. 15. Reboot WebLogic Server. The Caching realm caches Users and Groups internally to avoid frequent lookups in the LDAP directory.
Specifying a Security Realm 2. Choose the LDAP server you want to use with WebLogic Server. The following options are available: l defaultLDAPRealmforOpenLDAPDirectoryServices l defaultLDAPRealmforNovellDirectoryServices l defaultLDAPRealmforMicrosoftSiteServer l defaultLDAPRealmforNetscapeDirectoryServer The configuration window for the chosen LDAP server appears. 3. Modify the following information in the Configuration Data box: l server.host—The host name of the LDAP server. l server.
14 Managing Security Note: When using the LDAP v2 realm for Microsoft Site server, you must also specify membership.search=true and the following must be added to the user.filter value so that Microsoft Site server does not authenticate disabled users: user.filter=(&(sAMAccountName=%u)(objectclassname=user) (!userAccountControl:1.2.840.113556.1.4.803:=2)) 4. To save your changes, click the Apply button. 5. Go to the Security node. 6. Choose the Filerealm tab. 7. Configure the Caching realm.
Specifying a Security Realm ConfigurationData= "server.host=ldapserver.example.com; server.port=700; useSSL=true; server.principal=uid=admin, ou=Administrators,ou=TopologyManagement,o=NetscapeRoot; server.credential=*secret*; user.dn=ou=people,o=beasys.com; user.filter=(&(uid=%u)(objectclass=person)); group.dn=ou=groups,o=beasys.com; group.filter=(&(cn=%g)(objectclass=groupofuniquenames)); membership.
14 Managing Security Listing 14-3 Default Novell Directory Services Template PAGE 263Specifying a Security Realm Using Microsoft Active Directory with WebLogic Server By default, WebLogic Server does not support Microsoft Active Directory LDAP server. To use Microsoft Active Directory with WebLogic Server, perform the following steps: 1. Go to the Security→Realms node in the left pane of the Administration Console. 2. Choose the defaultLDAPRealmforMicrosoftSiteServer option. The configuration window for the chosen LDAP server appears. 3.
14 Managing Security ignore accounts that have been disable. Modify the user.filter value to only return accounts that do not have the UF_ACCOUNTDISABLE bit set. For example: user.filter=(&(sAMAccountName=%u)(objectclassname=user) (!userAccountControl:1.2.840.113556.1.4.803:=2)) When specifying the group.filter value, CN must be specified as CN=%G otherwise the filter fails to find the members of a group. 4. To save your changes, click the Apply button. 5. Go to the Security node. 6.
Specifying a Security Realm your ACLs, you can reduce the frequency with which you must refresh the information in WebLogic Server. Changing the members of a Windows NT Group allows you to manage individual Users’ access to WebLogic Server resources dynamically. It is possible to use the Windows NT Security realm to authenticate against a Windows 2000 Active Directory primary domain controller.
14 Managing Security 6. Configure the Caching realm. For more information, see “Configuring the Caching Realm.” Note: When you use an Windows NT Security realm, you must configure and enable the Caching realm; otherwise, the Windows NT Security realm will not work. When configuring the Caching realm, select your Windows NT Security realm from the pull-down menu for the Basic attribute on the General tab.
Specifying a Security Realm If the test comes up with an immediate failure stating that the client or user running WebLogic Server does not have the privileges to run the Windows NT Security realm, you need to update the permissions (referred to as rights) for the Windows user running WebLogic Server. To update the rights in Windows NT: 1. Go to Programs→Administrative Tools. 2. Select User Manager. 3. Under the Policies menu, choose the User Rights option. 4. Check the Show Advanced Users Rights option. 5.
14 Managing Security 5. Verify that the Windows user running WebLogic Server is a member of the Administrators group. 6. Reboot Windows 2000 to ensure all the modifications take effect. 7. Verify that the Logon as System Account option is checked. Note that the Allow System to Interact with Desktop option does not need to be checked. Running the Windows NT Security realm under a specific Windows NT user account does not work.
Specifying a Security Realm In UNIX, a user is defined as a member of a group in the following ways: n The user is defined in a default group in etc/passwd. n The user ID for a user is included in the etc/group entry for a specific group. The UNIX Security realm supports only this method of determining the members of a group. After you change an ACL, click the Refresh button on the General tab in the Security to update the information in the filerealm.properties file that WebLogic Server uses.
14 Managing Security Table 14-12 UNIX Security Realm Attributes Attribute Description AuthProgram The name of the program used to authenticate users in the UNIX security realm. In most cases, the name of the program is wlauth. Realm Classname The name of the Java class that implements the UNIX Security realm. The Java class needs to be in the class path of WebLogic Server. 4. To save your changes, click the Apply button. 5. When you have finished defining the attributes, reboot WebLogic Server. 6.
Specifying a Security Realm -Dweblogic.security.unixrealm.authProgram=wlauth_prog Replace wlauth_prog with the name of the wlauth program, including the full path if the program is not in the search path. Start WebLogic Server. If the wlauth program is in the WebLogic Server path and is named wlauth, this step is not needed. Configuring the RDBMS Security Realm The RDBMS Security realm is a BEA-provided custom security realm that stores Users, Groups and ACLs in a relational database.
14 Managing Security The RDBMS Security realm can be used as a starting point for creating a production security realm. You can extend the RDBMS Security realm by using the following interfaces in the weblogic.security.acl package to add management capabilities to the RDBMS Security realm: n ManageableRealm—Create Groups, create and delete ACLs, and perform lookups of Users, Groups, and ACLs. n User—Change the password. n ACL—Add and remove permissions for Users and Groups.
Specifying a Security Realm 5. Define attributes for the JDBC driver being used to connect to the database. The following table describes the attributes you set on the Database tab. Table 14-14 RDBMS Security Realm Attributes on the Database Tab Attribute Description Driver Full class name of the JDBC driver. This class name must be in the CLASSPATH of WebLogic Server. URL URL for the database you are using with the RDBMS realm, as specified by your JDBC driver documentation.
14 Managing Security newUser=INSERT INTO users VALUES ( ? , ? ); addGroupMember=INSERT INTO groupmembers VALUES ( ? , ? ); removeGroupMember=DELETE FROM groupmembers WHERE GM_GROUP = ? AND GM_MEMBER = ?; deleteUser1=DELETE FROM users WHERE U_NAME = ?; deleteUser2=DELETE FROM groupmembers WHERE GM_MEMBER = ?; deleteUser3=DELETE FROM aclentries WHERE A_PRINCIPAL = ?; deleteGroup1=DELETE FROM groupmembers WHERE GM_GROUP = ?; deleteGroup2=DELETE FROM aclentries WHERE A_PRINCIPAL = ?” 8.
Specifying a Security Realm Installing a Custom Security Realm You can create a custom security realm that draws from an existing store of Users such as directory server on the network. To use a custom security realm, you create an implementation of the weblogic.security.acl.AbstractListableRealm interface or the weblogic.security.acl.AbstractManageableRealm interface and then use the Administration Console to install your implementation. To install a custom security realm: 1.
14 Managing Security 6. Configure the Caching realm. For more information, see “Configuring the Caching Realm.” Note: When you use an custom security realm, you must configure and enable the Caching realm; otherwise, the custom security realm will not work. When configuring the Caching realm, select the Custom Security realm from the pull-down menu for the Basic attribute on the General tab. The Basic attribute defines the association between the Caching realm and the custom security realm. 7.
Defining Users n If you are using a custom security realm, follow the steps in “Installing a Custom Security Realm” to specify information about how the Users, Groups, and optionally ACLs are stored in your custom security realm. n The Delegating security realm is no longer supported. If you are using the Delegating security realm, you will have to use another type of security realm to store Users, Groups, and ACLs.
14 Managing Security Users are entities that can be authenticated in a WebLogic Server security realm. A User can be a person or a software entity, such as a Java client. Each User is given a unique identity within a WebLogic Server security realm. As a system administrator you must guarantee that no two Users in the same security realm are identical.
Defining Users n To execute an operation on a WebLogic Server resource, they must provide a username and password (or digital certificate). To define a User: 1. Go to the Security→Users node in the left pane of the Administration Console. The User Configuration window appears. 2. In the User Configuration window, enter the name of the User in the Name attribute. 3. Enter the a password for the User in the Password attribute. 4. Enter the password again in the Confirm Password attribute. 5. Click Create.
14 Managing Security For more information about Users and the access control model in WebLogic Server, see Introduction to WebLogic Security and Security Fundamentals. Defining Groups Note: This section describes how to add Groups to the File realm. If you are using an alternate security realm, you need to use the management tools provided in that realm to define a Group. User and group names must be unique.
Defining ACLs 3. Enter the name of the Group in the Name attribute on the Group Configuration window. BEA recommends naming Groups in the plural. For example, Administrators instead of Administrator. 4. Click on the Users attribute and select the WebLogic Server Users you want to add to the Group. 5. Click on the Groups attribute and select the WebLogic Server Groups you want to add to the Group. 6. Click on the Apply button to create a new Group.
14 Managing Security Table 14-16 ACLs for WebLogic Server Resources For this WebLogic Server resource... This ACL... Grants Permission for these functions... WebLogic Servers weblogic.server weblogic.server.servername boot Command-line Administration Tools weblogic.admin shutdown, lockServer unlockServer, modify MBeans weblogic.admin.mbean.mbeaninstancename weblogic.admin.mbean.mbeantypename read, write, weblogic.event.
Defining ACLs Note: When you specify an ACL for a JDBC connection pool, you must specifically define access to the JDBC connection pool for the system and guest user in the filerealm.properties file. For example: acl.reserve.poolforsecurity=system, guest acl.reset.poolforsecurity=system, guest To create ACLs for a WebLogic Server resource, open the Administration Console and perform the following steps: 1. Go to the Security→ACLs node in the left pane of the Administration Console. 2.
14 Managing Security Before you can boot WebLogic Server, you need to give boot permission for the server to a specific Group. This security measure prevents unauthorized users from booting WebLogic Server. By default, only the system user can modify MBeans. BEA recommends limiting the number of users that can access and modify MBeans. Use the following ACL to access to all the WebLogic Server MBeans: access.weblogic.admin.
Configuring the SSL Protocol Obtaining a Private Key and Digital Certificate You need a private key and digital certificate for each deployment of WebLogic Server that will use the SSL protocol. To acquire a digital certificate from a certificate authority, you must submit your request in a particular format called a Certificate Signature Request (CSR). WebLogic Server includes a Certificate Request Generator servlet that creates a CSR.
14 Managing Security Table 14-17 Fields on the Certificate Request Generator Form Field Description Country code Two-letter ISO code for your country. The code for the United States is US. Organizational unit name Name of your division, department, or other operational unit of your organization. Organization name Name of your organization. The certificate authority may require any host names entered in this attribute belong to a domain registered to this organization.
Configuring the SSL Protocol Table 14-17 Fields on the Certificate Request Generator Form Field Description Strength The length (in bits) of the keys to be generated. The longer the key, the more difficult it is for someone to break the encryption. If you have the domestic version of WebLogic Server, you can choose 512-, 768-, or 1024-bit keys. The 1024-bit key is recommended. Note: This field only appears on the domestic version of the Certificate Request Generator servlet. 4.
14 Managing Security 6. When you are instructed to select a server type, choose BEA WebLogic Server to ensure that you receive a digital certificate that is compatible with WebLogic Server. 7. When you receive your digital certificate from the certificate authority, you need to store it in the \wlserver6.1\config\ directory. 8.
Configuring the SSL Protocol -----BEGIN ENCRYPTED PRIVATE KEY---------END ENCRYPTED PRIVATE KEY----- A PEM(.pem) format digital certificate begins and ends with the following lines, respectively: -----BEGIN CERTIFICATE---------END CERTIFICATE----- Note: Your digital certificate may be one of several digital certificates in the file, each of which is bounded by the BEGIN CERTIFICATE and END CERTIFICATE lines. Typically, the digital certificate file for a WebLogic Server is in one file, with either a .
14 Managing Security Copy the root certificate of the certificate authority into the \wlserver6.1\config\ directory of your WebLogic Server and set the attributes described in Defining Attributes for the SSL Protocol. If you want to use a certificate chain, append the additional PEM-encoded digital certificates to the digital certificate of the certificate authority that issued the digital certificate for WebLogic Server.
Configuring the SSL Protocol Table 14-18 SSL Protocol Attributes Attribute Description Enabled Enables the use of the SSL protocol. By default, this attribute is enabled. Listen Port Number of the dedicated port on which WebLogic Server listens for SSL connections. The default is 7002. Server Key File Name Directory location and name of the private key file for WebLogic Server. Start the directory location needs at the root of the WebLogic Server installation. For example: \wlserver6.
14 Managing Security Table 14-18 SSL Protocol Attributes Attribute Description Server Certificate Chain File Name Full directory location of the digital certificate used to sign the digital certificate for WebLogic Server. Start the directory location at the root of the WebLogic Server installation. For example: \wlserver6.1\config\myapp\cacert.pem. The file extension (.DER or .PEM) indicates the method that WebLogic Server should use to read the contents of the file.
Configuring the SSL Protocol Table 14-18 SSL Protocol Attributes Attribute Description Key Encrypted Specifies that the private key for WebLogic Server is encrypted with a password. The default is false. If you specify this attribute, you need to use protected keys with WebLogic Server. Also, when you boot WebLogic Server, use the following command-line option to start WebLogic Server. -Dweblogic.management.pkpassword=password where password is the password for the private key.
14 Managing Security Table 14-18 SSL Protocol Attributes Attribute Description Export Key Lifespan Number of times WebLogic Server uses an exportable key between a domestic server and an exportable client before generating a new one. The more secure you want WebLogic Server to be, the fewer times the key should be used before a new one is generated. The default is to use it 500 times. Login Timeout Millis Number of milliseconds that WebLogic Server should wait for an SSL connection before timing out.
Configuring the SSL Protocol Using PKCS#7 Files PKCS#7 files can be used with WebLogic Server. However, the certificate chain in the file must be separated into individual pb7 format files, convert the pb7 files to PEM format, and append the files into a single PEM file.
14 Managing Security 9. Click Next. 10. Enter a name for the converted digital certificate. 11. Click Finish. The resulting file is in PEM format. 12. Perform steps 3-11 for the other pb7 file. 13. Open a text editor and include both the PEM files into a single PEM file. The order is important (include the files in the order of trust). The server digital certificate should be the first digital certificate in the file. The trusted CA certificate should be the next file.
Configuring Mutual Authentication Table 14-19 Parameters parameters min max default sessionCache.size 1 65537 211 sessionCache.ttl 1 max Integer.MAX_VALUE 600 Configuring Mutual Authentication When WebLogic Server is configured for mutual authentication, clients are required to present their digital certificates to WebLogic Server, which validates digital certificates against a list of trusted certificate authorities.
14 Managing Security 1. Configure WebLogic Server to use the SSL protocol. For more information, see Defining Attributes for the SSL Protocol 2. Configure the client Object Request Broker (ORB) to use the SSL protocol. Refer to the product documentation for your client ORB for information about configuring the SSL protocol. 3. Use the host2ior utility to print the WebLogic Server IOR to the console.
Protecting Passwords n Set the permissions on the SerializedSystemIni.dat file protections such that the administrator of the WebLogic Server deployment has write and read privileges and no other users have any privileges. n If you have a weblogic.properties file with passwords that you want to hash, use the Convert weblogic.properties option on the main window in the Administration Console to convert the weblogic.properties file to a config.xml file.
14 Managing Security Table 14-20 Password Protection Attributes 14-62 Attribute Description Minimum Password Length Number of characters required in a password. Passwords must contain a minimum of 8 characters. The default is 8. Lockout Enabled Requests the locking of a user account after invalid attempts to log in to that account exceed the specified Lockout Threshold. By default, this attribute is enabled.
Installing an Audit Provider Table 14-20 Password Protection Attributes Attribute Description Lockout Reset Duration Number of minutes within which invalid login attempts must occur in order for the user’s account to be locked. An account is locked if the number of invalid login attempts defined in the Lockout Threshold attribute happens within the amount of time defined by this attribute.
14 Managing Security Installing a Connection Filter You can create connection filters that allow you to reject or accept client connections based on a client’s origin and protocol. After the client connects, and before any work is performed on its behalf, WebLogic Server passes the client’s IP number and port, protocol (HTTP, HTTPS, T3, T3S, or IIOP), and WebLogic Server port number to the connection filter.
Setting Up the Java Security Manager Note: In pre-6.0 releases of WebLogic Server, you enabled the Java Security Manager by using the -Dweblogic.security.manager property when starting WebLogic Server. Please note the change in the property for WebLogic Server version 6.0 and greater. To use the Java Security Manager with WebLogic Server, specify the -Djava.security.manager property when starting WebLogic Server. The Java Security Manager uses a security policy file that defines permissions.
14 Managing Security 3. If you have extra directories in your CLASSPATH or if you are deploying applications in extra directories, add specific permissions for those directories to your weblogic.policy file. 4. BEA recommends taking the following precautions: l Make a backup copy of the weblogic.policy file and put the backup copy in a secure location. l Set the permissions on the weblogic.
Modifying the weblogic.policy File for Third Party or User-Written Classes Modifying the weblogic.policy File for Third Party or User-Written Classes The best location for your server-side user code is the weblogic/myserver/serverclasses directory. If you have third party or user-written classes that are not in that directory, perform the following steps to protect them: 1. Copy the entire block of code in the weblogic.policy file from “grant codeBase...” to the closing bracket and semicolon. 2.
14 Managing Security is trailed with “/-” it means that the element preceding it is a directory and that grant functions for all elements below it. It does not mean that you can read the directory itself.” The workaround for this nuance is to add an additional FilePermission entry that consists of just the directory itself (with no trailing “/-’).
Configuring Security Context Propagation WebLogic Server environment obtain IIOP connections from a WLEC connection pool and use those connections to call objects and invoke operations in BEA Tuxedo domains. Before using security context propagation, add TUXDIR/lib/wleorb.jar and TUXDIR/lib/wlepool.jar to the CLASSPATH variable in the startAdminWebLogic.sh or startAdminWebLogic.cmd file. For more information, see Using WebLogic Enterprise Connectivity.. To implement security context propagation: 1.
14 Managing Security Table 14-21 WLEC Connection Pool Attributes on the General Tab Attribute Description Domain Name of the BEA Tuxedo domain to which this WLEC connection pool connects. You can have only one WLEC connection pool per BEA Tuxedo domain. The domain name must match the domainid parameter in the RESOURCES section of the UBBCONFIG file for the BEA Tuxedo domain. Minimum Pool Size Number of IIOP connections to be added to the WLEC connection pool when WebLogic Server starts.
Configuring Security Context Propagation Table 14-22 WLEC Connection Pool Attributes on the Security Tab Attribute Description Application Password BEA Tuxedo application password. Required when the security level in the BEA Tuxedo domain is APP_PW, USER_AUTH, ACL, or MANDATORY_ACL. Minimum Encryption Level Minimum SSL encryption level used between the BEA Tuxedo domain and WebLogic Server. The possible values are 0, 40, 56, and 128. Zero (0) indicates that the data is signed but not sealed.
14 Managing Security 8. Set the -E option of the ISL command to configure the IIOP Listener/Handler to detect and utilize the propagated security context from the WebLogic Server realm. The -E option of the ISL command requires you to specify a principal name. The principal name defines the principal used by the WLEC connection pool to log in to the WebLogic Enterprise domain. The principal name should match the name defined in the User Name attribute when creating a WLEC connection pool.
SSL Certificate Validation SSL Certificate Validation In previous releases, WebLogic Server did not ensure each certificate in a certificate chain was issued by a certificate authority. This problem meant anyone could get a personal certificate from a trusted CA, use that certificate to issue other certificates and WebLogic Server would not detect the invalid certificates.
14 Managing Security %WL_HOME%\server\lib\cacerts %WL_HOME%\server\lib\demo.crt %WL_HOME%\server\lib\trusted.crt Generally these files have not be modified. However, if you modified these files you will need to decide how to proceed with installing the updated certificates, private keys, and keystores from the patch. For example, you may decide to only select and install the service pack JAR files from the patch. 2.
SSL Certificate Validation If you only have the end entity certificate, you can also tell whether it is old or new by looking at the Issuer DN. 3. Update the environment scripts for WebLogic Server to include the JAR files for the patch. l On Windows NT, edit the following files: %WL_HOME%\server\bin\setWLSEnv.cmd %WL_HOME%\server\bin\startWLS.cmd %WL_HOME%\server\bin\startNodeManager.cmd Add the following to the CLASSPATH before the weblogic_sp.jar: %WL_HOME%\server\lib\CR090101_610sp4_webservice.
14 Managing Security Controlling the Level of Certificate Validation By default WebLogic Server will reject any certificates in a certificate chain that do not have the Basic Constraint extension defined as CA. However, you may be using certificates that do not meet this requirement or you may want to increase the level of security to conform to the IETF RFC 2459 standard. Use the following command-line argument to control the level of certificate validation performed by WebLogic Server: -Dweblogic.
SSL Certificate Validation Table 14-23 describes the options for the command-line argument. Table 14-23 Options for -Dweblogic.security.SSL.enforceConstraints Option Description strong or true Use this option to check that the Basic Constraints extension on the CA certificate is defined as CA. For example: -Dweblogic.security.SSL.enforceConstraints=strong or -Dweblogic.security.SSL.enforceConstraints=true By default, WebLogic Server performs this level of certificate validation.
14 Managing Security Checking Certificate Chains WebLogic Server provides a ValidateCertChain command-line utility to check whether or not an existing certificate chain will be rejected by WebLogic Server. The utility uses certificate chains from PEM files, PKCS-12 files, PKCS-12 keystores, and JDK keystores. A complete certificate chain must be used with the utility. The following is the syntax for the ValidateCertChain command-line utility: java java java java java utils.ValidateCertChain utils.
SSL Certificate Validation Troubleshooting Problems with Certificates If SSL communications were working before the patch but are failing after installing the patch, the problem is mostly likely because the certificate chain used by WebLogic Server is failing the validation. Determine where the certificate chain is being rejected, and decide whether to update the certificate chain with one that will be accepted or change the setting of the -Dweblogic.security.SSL.enforceConstraints command-line argument.
14 14-80 Managing Security Administration Guide
CHAPTER 15 Managing Transactions These sections discuss transaction management and provide guidelines for configuring and managing transactions through the Administration Console. n Overview of Transaction Management n Configuring Transactions n Monitoring and Logging Transactions n Moving a Server to Another Machine For information on configuring JDBC connection pools to allow JDBC drivers to participate in distributed transactions, see “Managing JDBC Connectivity” on page 16-1.
15 Managing Transactions Before configuring your transaction environment, you should be familiar with the J2EE components that can participate in transactions, such as EJBs, JDBC, and JMS. n EJBs (Enterprise JavaBeans) use JTA for transactions support. Several deployment descriptors relate to transaction handling. For more information about programming with EJBs and JTA, see Programming WebLogic Enterprise JavaBeans.
Configuring Transactions 1. Start the Administration Console. 2. Select the domain node in the left pane. The Configuration tab for the domain is displayed by default. 3. Select the JTA tab. 4. For each attribute, specify a value or, if available, accept the default value. 5. Click Apply to store new attribute values. 6. Ensure that the Transaction Log File Prefix attribute is set when you configure the server. For more information on setting the logging attribute, see “Monitoring and Logging Transactions.
15 Managing Transactions Additional Attributes for Managing Transactions By default, if an XA resource that is participating in a global transaction fails to respond to an XA call from the WebLogic Server transaction manager, WebLogic Server flags the resource as unhealthy and unavailable, and blocks any further calls to the resource in an effort to preserve resource threads.
Additional Attributes for Managing Transactions Table 15-2 XA Resource Health Monitoring Configuration Attributes Attribute MBean Definition MaxResourceUnava ilableMillis weblogic.management.c onfiguration.JTAMBean The maximum duration (in milliseconds) that an XA resource is marked as unhealthy. After this duration, the XA resource is declared available again, even if the resource is not explicitly re-registered with the transaction manager. This setting applies to the entire domain.
15 Managing Transactions EnableResourceHealthMonitoring="true" Properties="user=scott;password=tiger;server=dbserver1" /> ... Monitoring and Logging Transactions The Administration Console allows you to monitor transactions and to specify the transaction log file prefix. Monitoring and logging tasks are performed at the server level.
Moving a Server to Another Machine For detailed information on monitoring and logging values and attributes, see the Server topic in the Administration Console Online Help. Moving a Server to Another Machine When an applications server is moved to another machine, it must be able to locate the transaction log files on the new disk. For this reason, we recommend moving the transaction log files to the new machine before starting the server there. By doing so, you can ensure that recovery runs properly.
15 15-8 Managing Transactions Administration Guide
CHAPTER 16 Managing JDBC Connectivity The following sections provide guidelines for configuring and managing database connectivity through the JDBC components—Data Sources, Connection Pools and MultiPools—for both local and distributed transactions: n “Overview of JDBC Administration” on page 16-1 n “JDBC Components—Connection Pools, Data Sources, and MultiPools” on page 16-4 n “JDBC Configuration Guidelines for Connection Pools, MultiPools and DataSources” on page 16-7 n “Configuring and Managing J
16 Managing JDBC Connectivity Frequently performed tasks to set and manage connectivity include: n Defining the attributes that govern JDBC connectivity between WebLogic Server and your database management system n Managing established connectivity n Monitoring established connectivity About the Administrative Console Your primary way to set and manage JDBC connectivity is through the Administration Console.
Overview of JDBC Administration Related Information The JDBC drivers, used locally and in distributed transactions, interface with many WebLogic Server components and information appears in several documents. For example, information about JDBC drivers is included in the documentation sets for JDBC, JTA and WebLogic jDrivers.
16 Managing JDBC Connectivity Transactions (JTA) n For information on managing JTA, see Chapter 15, “Managing Transactions.” n For information on using third-party drivers, see "Using Third-Party JDBC XA Drivers with WebLogic Server" in ProgrammingWebLogic JTA at http://e-docs.bea.com/wls/docs61/jta/thirdpartytx.html. The following documentation is written primarily for application developers. Systems Administrators may want to read the following as supplements to the material in this section.
JDBC Components—Connection Pools, Data Sources, and MultiPools Figure 16-1 JDBC Components in WebLogic Server Connection Pools A Connection Pool contains named groups of JDBC connections that are created when the Connection Pool is registered, usually when starting up WebLogic Server. Your application borrows a connection from the pool, uses it, then returns it to the pool by closing it. Read more about Connection Pools in Programming WebLogic JDBC at http://e-docs.bea.com/wls/docs61/jdbc/programming.html.
16 Managing JDBC Connectivity MultiPools MultiPools aid in either: n Load Balancing—pools are added without any attached ordering and are accessed using a round-robin scheme. When switching connections, the Connection Pool just after the last pool accessed is selected. n High Availability—set up pools as an ordered list that determines the order in which Connection Pool switching occurs. For example, the first pool on the list is selected, then the second, etc.
JDBC Configuration Guidelines for Connection Pools, MultiPools and DataSources JDBC Configuration Guidelines for Connection Pools, MultiPools and DataSources This section describes JDBC configuration guidelines for local and distributed transactions.
16 Managing JDBC Connectivity The following table describes how to use these objects in local and distributed transactions: Table 16-1 Summary of JDBC Configuration Guidelines Descriptio n/Object Local Transactions Distributed Transactions XA Driver Distributed Transactions Non-XA Driver JDBC driver n WebLogic jDriver for Oracle, Microsoft SQL Server, and Informix. n WebLogic jDriver for Oracle/XA. n n n Compliant third-party drivers. Compliant third-party drivers.
JDBC Configuration Guidelines for Connection Pools, MultiPools and DataSources n Use the Java Transaction API (JTA) n Use the EJB container in WebLogic Server to manage transactions n Include multiple database updates within a single transaction n Access multiple resources, such as a database and the Java Messaging Service (JMS), during a transaction n Use the same connection pool on multiple servers With an EJB architecture, it is common for multiple EJBs that are doing database work to be invoke
16 Managing JDBC Connectivity javax.transaction.xa.XAResource), including the WebLogic jDriver for Oracle/XA. n Any JDBC driver that supports JDBC 2.0 Core API but does not support JDBC 2.0 distributed transactions standard extension interfaces. Only one non-XA JDBC driver at a time can participate in a distributed transaction. See “Configuring Non-XA JDBC Drivers for Distributed Transactions” on page 16-20.
JDBC Configuration Guidelines for Connection Pools, MultiPools and DataSources Note: New Property: "Password." This value overrides any password defined in Properties (as a name/value pair). This attribute is passed to the 2-tier JDBC driver when creating physical database connections. The value is stored in an encrypted form in the config.xml and can be used to avoid storing cleartext passwords in that file.
16 Managing JDBC Connectivity The following table shows a sample Connection Pool configuration using the WebLogic jDriver for Microsoft SQL Server. Table 16-4 WebLogic jDriver for Microsoft SQL Server: Connection Pool Configuration Attribute Name Attribute Value Name myConnectionPool Targets myserver DriverClassname weblogic.jdbc.mssqlserver4.
JDBC Configuration Guidelines for Connection Pools, MultiPools and DataSources The following table shows a sample Connection Pool configuration using the WebLogic jDriver for Informix. Table 16-6 WebLogic jDriver for Informix: Connection Pool Configuration Attribute Name Attribute Value Name myConnectionPool Targets myserver DriverClassname weblogic.jdbc.informix4.
16 Managing JDBC Connectivity Configuring XA JDBC Drivers for Distributed Transactions To allow XA JDBC drivers to participate in distributed transactions, configure the JDBC Connection Pool as follows: n Specify the Driver Classname attribute as the name of the class supporting the javax.sql.XADataSource interface. n Make sure that the database properties are specified. These properties are passed to the specified XADataSource as data source properties.
JDBC Configuration Guidelines for Connection Pools, MultiPools and DataSources The following attributes are an example of a Tx Data Source configuration using the WebLogic jDriver for Oracle in XA mode. Table 16-9 WebLogic jDriver for Oracle/XA: Tx Data Source Attribute Name Attribute Value Name fundsXferData Source Targets myserver JNDIName myapp.fundsXfer PoolName fundsXferAppPool You can also configure the JDBC Connection Pool to use a third-party vendor’s driver in XA mode.
16 Managing JDBC Connectivity The following attributes are an example of a Tx Data Source configuration using the Oracle Thin Driver. Table 16-11 Oracle Thin Driver: Tx Data Source Configuration Attribute Name Attribute Value Name jtaXADS Targets myserver,server1 JNDIName jtaXADS PoolName jtaXAPool Configure the JDBC Connection Pool for use with a Cloudscape driver as follows.
JDBC Configuration Guidelines for Connection Pools, MultiPools and DataSources Configure the Tx Data Source for use with a Cloudscape driver as follows. Table 16-13 Cloudscape: Tx Data Source Configuration Attribute Name Attribute Value Name jtaZADS Targets myserver,myserver1 JNDIName JTAXADS PoolName jtaXAPool WebLogic jDriver for Oracle/XA Data Source Properties Table 16-14 lists the data source properties supported by the WebLogic jDriver for Oracle. The JDBC 2.
16 Managing JDBC Connectivity The Optional column indicates whether a particular data source property is optional or not. Properties marked with Y* are mapped to the corresponding fields of the Oracle xa_open string (value of the openString property) as listed in Table 16-14. If they are not specified, their default values are taken from the openString property. If they are specified, their values should match those specified in the openString property.
JDBC Configuration Guidelines for Connection Pools, MultiPools and DataSources Table 16-14 Data Source Properties for WebLogic jDriver for Oracle/XA Property Name Type Description JDB C 2.0 Optional Default Value serverName String Database server name. Y Y* None user String User’s account name. Y N* None openString String Oracle’s XA open string. N Y None oracleXATrace String Indicates whether XA tracing output is enabled.
16 Managing JDBC Connectivity Additional XA Connection Pool Properties When using connections from a connection pool in distributed transactions, you may need to set additional properties for the connection pool so that the connection pool handles the connection properly within WebLogic Server in the context of the transaction. You set these properties in the configuration file (config.xml) within the JDBCConnectionPool tag. By default, all additional properties are set to false.
JDBC Configuration Guidelines for Connection Pools, MultiPools and DataSources Non-XA Driver/Single Resource If you are using only one non-XA driver and it is the only resource in the transaction, leave the Enable Two-Phase Commit option unselected in the Administration Console (accept the default enableTwoPhaseCommit = false). In this case, Weblogic Server ignores the setting and the Transaction Manager performs a one-phase optimization.
16 Managing JDBC Connectivity Heuristic Completions and Data Inconsistency When Enable Two-Phase Commit is selected for a non-XA resource, (enableTwoPhaseCommit = true), the prepare phase of the transaction for the non-XA resource always succeeds. Therefore, the non-XA resource does not truly participate in the two-phase commit (2PC) protocol and is susceptible to failures.
JDBC Configuration Guidelines for Connection Pools, MultiPools and DataSources Only One Non-XA Participant When a non-XA resource (with enableTwoPhaseCommit = true) is registered with the WebLogic Server Transaction Manager, it is registered with the name of the class that implements the XAResource interface.
16 Managing JDBC Connectivity The following table shows configuration attributes for a sample Tx Data Source using a non-XA JDBC driver. Table 16-17 WebLogic j Driver for Oracle: Tx Data Source Configuration Attribute Name Attribute Value Name fundsXferDataSource Targets myserver,server1 JNDIName myapp.
Configuring and Managing JDBC Connection Pools, MultiPools, and DataSources Us- Creating the JDBC Objects Using the Administration Console, you create the JDBC components—Connection Pools, Data Sources, and MultiPools—by specifying attributes and database properties. See “Configuring JDBC Connectivity Using the Administration Console” on page 16-27. First you create the connection pool or MultiPool, then the Data Source.
16 Managing JDBC Connectivity Refer to the following table for more information on association and assignment in the configuration process. Table 16-18 Association and Assignment Scenarios Scenario # Associated. . . Assign . . . . Target Description 1 Data Source A with Connection Pool A 1. Data Source A to Managed Server 1, and Data Source and Connection Pool assigned to the same target. 2. Connection Pool A to Managed Server 1. 2 3 Data Source B with Connection Pool B Data Source C with 1.
Configuring and Managing JDBC Connection Pools, MultiPools, and DataSources Us- Configuring JDBC Connectivity Using the Administration Console The Administration Console allows you to configure, manage, and monitor JDBC connectivity. To display the tabs that you use to perform these tasks, complete the following procedure: 1. Start the Administration Console. 2. Locate the Services node in the left pane, then expand the JDBC node. 3.
16 Managing JDBC Connectivity Table 16-19 JDBC Configuration Tasks JDBC Component/ Task Description 4 Configure a Data Source (and Associate with a Pool) Using the Data Source tab, set the attributes for the Data Source, including the Name, JNDI Name, and Pool Name (this associates, or assigns, the Data Source with a specific pool—Connection Pool or MultiPool.
Configuring and Managing JDBC Connection Pools, MultiPools, and DataSources UsopenString=Oracle_XA+Acc=P/userName/+SesTm=177+DB=demoPool+Thre ads=true=Sqlnet=dvi0+logDir=. Note that after the userName there is no password. You can include these passwords in the Properties field on the JDBC Connection Pool→Configuration→General tab. However, WebLogic Server displays these passwords in clear text in the Administration Console and in the configuration file (usually config.xml).
16 Managing JDBC Connectivity Managing and Monitoring Connectivity Managing connectivity includes enabling, disabling, and deleting the JDBC components once they have been established. JDBC Management Using the Administration Console To manage and monitor JDBC connectivity, refer to the following table: Table 16-21 JDBC Management Tasks If you want to . . . Do this . . .
Configuring and Managing JDBC Connection Pools, MultiPools, and DataSources UsTable 16-21 JDBC Management Tasks If you want to . . . Do this . . . in the Administration Console Monitor a Connection Pool 1. Select the pool in the left pane. 2. Select the Monitoring tab in the right pane, then select the Monitor All Active Pools link. Modify an Attribute for a Connection Pool, MultiPool, or DataSource 1. Select the JDBC object—Connection Pool, MultiPool, or DataSource—in the left pane. 2.
16 Managing JDBC Connectivity Table 16-22 Managing Connection Pools with the Command-Line Interface If you want to . . . Then use this command . . . Confirm if a Connection Pool was created EXISTS_POOL Reset a Connection Pool RESET_POOL Increasing Performance with the Prepared Statement Cache For each connection pool that you create in WebLogic Server, you can specify a prepared statement cache size.
Increasing Performance with the Prepared Statement Cache http://e-docs.bea.com/wls/docs61/javadocs/weblogic/management/c onfiguration/JDBCConnectionPoolMBean.html. n Directly in the configuration file (typically config.xml). To set the prepared statement cache size for a connection pool using the configuration file, before starting the server, open the config.xml file in an editor, then add an entry for the PreparedStatementCacheSize attribute in the JDBCConnectionPool tag.
16 Managing JDBC Connectivity statement such as select * from emp and then drop and recreate the emp table, the next time you run the cached statement, the statement will fail because the exact emp table that existed when the statement was prepared, no longer exists. Likewise, prepared statements are bound to the data type for each column in a table in the database at the time the prepared statement is cached.
Increasing Performance with the Prepared Statement Cache Determining the Proper Prepared Statement Cache Size To determine the optimum setting for the prepared statement cache size, you can emulate your server workload in your development environment and then run the Oracle statspack script. In the output from the script, look at the number of parses per second. As you increase the prepared statement cache size, the number of parses per second should decrease.
16 Managing JDBC Connectivity If you enable the connection pool to grow as demand for connections increases, new connections will cache statements as the statements are used. The startup class cannot load the prepared statement cache for new connections. If you enable the connection pool to shrink, the connection pool will close connections after the shrink period has been met and connections are available. There is now way to specify which connections to close first.
CHAPTER 17 Managing JMS The following sections explain how to manage the Java Message Service (JMS) for WebLogic Server: n JMS and WebLogic Server n Configuring JMS n Monitoring JMS n Tuning JMS n Recovering from a WebLogic Server Failure JMS and WebLogic Server JMS is a standard API for accessing enterprise messaging systems. Specifically, WebLogic JMS: n Enables Java applications sharing a messaging system to exchange messages.
17 Managing JMS Figure 17-1 WebLogic Server JMS Messaging As illustrated in the figure, WebLogic JMS accepts messages from producer applications and delivers them to consumer applications. Configuring JMS Using the Administration Console, you define configuration attributes to: n Enable JMS. n Create JMS servers and target a WebLogic server instance.
Configuring JMS When you migrate WebLogic Server applications from a previous release, the configuration information will be converted automatically, as described in “Migrating Existing Applications” in Programming WebLogic JMS. To configure WebLogic JMS attributes, follow the procedures described in the following sections, or in the Administration Console Online Help, to create and configure the JMS objects. Once WebLogic JMS is configured, applications can send and receive messages using the JMS API.
17 Managing JMS Starting the Default WebLogic Server The default role for a WebLogic Server is the Administration Server. If a domain consists of only one WebLogic Server, that server is the Administration Server. If a domain consists of multiple WebLogic Servers, you must start the Administration Server first, and then you start the Managed Servers. For complete information about starting the Administration Server, see “Starting and Stopping WebLogic Servers” on page 2-1.
Configuring JMS b. Click the Connection Pools node in the left pane, and then click the Configure a new JDBC Connection Pool link in the right pane. c. On the Configuration tabs, set the attributes for the connection pool, such as Name, URL, and database Properties. Click Apply on each tab when you’re done making changes. d. On the Targets tab, target a WebLogic Server instance or a server cluster on which to deploy the connection pool by selecting either the Servers tab or the Clusters tab.
17 Managing JMS c. Fill in the Thresholds & Quotas tab, as appropriate. Click Apply when you’re done making changes. d. On the Targets tab, select a WebLogic Server instance on which to deploy the JMS server by moving it from the Available list into the Chosen List, and then clicking Apply. Note: For more information on configuring a JMS Server, see “Configuring JMS Servers” on page 17-7. 6. Create the JMS Destinations, which are queues (Point-To-Point) or topics (Pub/Sub): a.
Configuring JMS Note: For more information on configuring a Connection Factory, see “Configuring Connection Factories” on page 17-8. 8. Optionally, use the Destination Keys node to define the sort order for a specific destination. For more information, see “Configuring Destination Keys” on page 17-12. 9. Optionally, create JMS Session Pools, which enable your applications to process messages concurrently, and Connection Consumers (queues or topics) that retrieve server sessions and process messages.
17 Managing JMS n Target a WebLogic Server instance that is associated with a JMS server. When the target WebLogic Server boots, the JMS server boots as well. If no target WebLogic Server is specified, the JMS server will not boot. Note: The deployment of a JMS server differs from that of a connection factory or template. A JMS server is deployed on a single server. A connection factory or template can be instantiated on multiple servers simultaneously.
Configuring JMS l Maximum number of outstanding messages that may exist for an asynchronous session and the overrun policy (that is, the action to be taken, for multicast sessions, when this maximum is reached). l Whether or not the close() method is allowed to be called from the onMessage() method. l Whether all messages or only previously received messages are acknowledged. JMS connection factories must be uniquely named within a domain.
17 Managing JMS Configuring Destinations A destination identifies a queue (Point-To-Point) or a topic (Pub/Sub) for a JMS server. After defining a JMS server, configure one or more destination for each JMS server. You configure destinations explicitly or by configuring a destination template that can be used to define multiple destinations with similar attribute settings, as described in “Configuring JMS Templates” on page 17-11.
Configuring JMS Configuring JMS Templates A JMS template provides an efficient means of defining multiple destinations with similar attribute settings. JMS templates offer the following benefits: n You do not need to re-enter every attribute setting each time you define a new destination; you can use the JMS template and override any setting to which you want to assign a new value. n You can modify shared attribute settings dynamically simply by modifying the template.
17 Managing JMS For instructions on creating and configuring a JMS template, see “JMS Templates” in the Administration Console Online Help. Configuring Destination Keys Use destination keys to define the sort order for a specific destination.
Configuring JMS Warning: You cannot configure a transaction (XA) connection pool to be used with a JDBC database store For more information, see “JMS JDBC Transactions” on page 17-14. JMS persistent stores can increase the amount of memory required during initialization of a WebLogic Server instance as the number of stored messages increases.
17 Managing JMS Note: The JMS samples provided with your WebLogic Server distribution are set up to work with the Cloudscape Java database. An evaluation version of Cloudscape is included with WebLogic Server and a demoPool database is provided. If your existing JMS JDBC stores somehow become corrupted, you can regenerate them using the utils.Schema utility. For more information see, “JDBC Database Utility” in Programming WebLogic JMS.
Configuring JMS n JMSStore n JMSState The prefix name uniquely identifies JMS tables in the persistent store. Specifying unique prefixes allows multiple stores to exist in the same database. You configure the prefix via the Administration Console when configuring the JDBC store.
17 Managing JMS Configuring Session Pools Server session pools enable an application to process messages concurrently. After you define a JMS server, optionally, configure one or more session pools for each JMS server. Use the Session Pools node in the Administration Console and define the following configuration attributes: n Name of the server session pool. n Connection factory with which the server session pool is associated and is used to create sessions.
Monitoring JMS n JMS selector expression used to filter messages. For information about defining selectors, see Developing a WebLogic JMS Application” in Programming WebLogic JMS. n Destination on which the connection consumer will listen. To create and configure a connection consumer, and for detailed information about each of the connection consumer configuration attributes, see “JMS Connection Consumers” in the Administration Console Online Help.
17 Managing JMS 5. Select the Monitoring tab to display the monitoring data. For detailed information about the information being monitored, see the Administration Console Online Help. Monitoring Durable Subscribers To view JMS durable subscribers that are running on destination topics: 1. Follow steps 1–3, as described in “Monitoring JMS Objects” on page 17-17. 2. Select the Destinations node under Servers in the left pane, to expand the list of JMS topic and queue destinations.
Tuning JMS Persistent Stores The following sections describe the tuning options available when using persistent stores with WebLogic Server JMS. Disabling Synchronous Writes to File Stores By default, WebLogic Server JMS file stores guarantee up-to-the-message integrity by using synchronous writes.
17 Managing JMS JMS message paging saves memory for both persistent and non-persistent messages, as even persistent messages cache their data in memory. Paged persistent messages continue to be written to the regular backing store (file or database); and paged non-persistent messages are written to the JMS server’s messsage paging store, which is configured separately. A paged-out message does not free all of the memory that it consumes.
Tuning JMS Configuring a Paging Store for a JMS Server Each JMS server must have its own paging store, which is used exclusively for paging out non-persistent messages for the JMS server and its destinations. It’s best to use a JMS file store rather than a JMS JDBC store, as the JDBC store will perform poorly in comparison without any real benefit. To configure a new paging store: 1. Start the Administration Console. 2. Click the JMS Store node. The right pane shows all the JMS stores. 3.
17 Managing JMS l In the Bytes Threshold High field, enter an amount that will start bytes paging when the number of bytes on the JMS server exceeds this threshold. l In the Bytes Threshold Low field, enter an amount that will stop bytes paging once the number of bytes on the JMS server falls below this threshold. 5. On the Thresholds & Quotas tab, configure messages paging: l Select the Messages Paging Enabled check box.
Tuning JMS 3. Click the template that you want to configure for paging. The right pane shows the tabs associated with configuring the template. 4. On the Thresholds & Quotas tab, configure bytes paging: l Select the Bytes Paging Enabled check box. l In the Bytes Threshold High field, enter an amount that will start bytes paging when the number of bytes on the JMS server exceeds this threshold.
17 Managing JMS 4. On the Thresholds & Quotas tab, configure bytes paging: l Select the Bytes Paging Enabled check box. l In the Bytes Threshold High field, enter an amount that will start bytes paging when the number of bytes on the JMS server exceeds this threshold. l In the Bytes Threshold Low field, enter an amount that will stop bytes paging once the number of bytes on the JMS server falls below this threshold. 5.
Tuning JMS 3. Click the topic or queue that you want to configure for paging. The right pane shows the topics or queues associated with the server instance. 4. On the Thresholds & Quotas tab, configure the Bytes Paging Enabled and/or Messages Paging Enabled attributes on the destination according to how you want to override the JMS template for the destination. l To disable paging for the destination, select False in the Bytes Paging Enabled and/or the Messages Paging Enabled list boxes.
17 Managing JMS JMS Server Paging Attributes Table 17-1 describes the paging attributes that you define when configuring paging on a JMS Server. For detailed information about other JMS Server attributes, and the valid and default values for them, see “JMS Servers” in the Administration Console Online Help. Table 17-1 JMS Server Attributes Attribute Description Bytes Paging Enabled n If the Bytes Paging Enabled check box is not selected (False), then server bytes paging is explicitly disabled.
Tuning JMS Table 17-1 JMS Server Attributes Attribute Description Paging Store The name of the persistent store where non-persistent messages are paged. A paging store cannot be the same store used for persistent messages or durable subscribers. Two JMS servers cannot use the same paging store; therefore, you must configure a unique paging store for each server.
17 Managing JMS Table 17-2 JMS Template Attributes 17-28 Attribute Description Messages Paging Enabled n If the Messages Paging Enabled check box is not selected (False), then destination-level messages paging is disabled for the template’s destination—unless the destination setting overrides the template.
Tuning JMS JMS Destination Paging Attributes Table 17-3 describes the attributes that you define when configuring paging on destinations. For detailed information about other JMS destination attributes, and valid and default values for them, see “JMS Destinations” in the Administration Console Online Help. Table 17-3 JMS Destination Attributes Attribute Description Bytes Paging Enabled n If Bytes Paging Enabled is set to False, then destination-level bytes paging is disabled for this destination.
17 Managing JMS Note: If server paging is enabled, and destination-level paging is disabled for a given destination, than messages on the destination can still be paged if server paging is triggered. However, when destination-level paging is disabled for a given destination, then the destination’s high thresholds will not force the destination to page out messages when they are exceeded.
Recovering from a WebLogic Server Failure Recovering from a WebLogic Server Failure The following sections describe how to restart or replace a WebLogic Server instance in the event of a system failure, and provide programming considerations for gracefully terminating a JMS application following such an event. Restarting or Replacing WebLogic Server When a WebLogic Server fails, you can use one of three methods to perform a system recovery: n Restart the failed server instance.
17 Managing JMS If your JMS application uses. . . Perform the following task. . . Persistent messaging—JDBC Store n If the JDBC database store physically exists on the failed server, migrate the database to a new server and ensure that the JDBC connection pool URL attribute reflects the appropriate location reference. n If the JDBC database does not physically exist on the failed server, access to the database has not been impacted, and no changes are required.
Recovering from a WebLogic Server Failure Programming Considerations You may want to program your JMS application to terminate gracefully in the event of a WebLogic Server failure. For example: If a WebLogic Server Fails and... Then... You are connected to the failed WebLogic Server instance A JMSException will be delivered to the connection exception listener. You must restart the application once the server is restarted or replaced.
17 17-34 Managing JMS Administration Guide
C HAPTER 18 Using the WebLogic Messaging Bridge The following sections explain how to configure and manage a WebLogic Messaging Bridge: n “What Is a Messaging Bridge?” on page 18-1 n “Messaging Bridge Configuration Tasks” on page 18-2 n “Using the Messaging Bridge to Interoperate with Different WebLogic Server Versions and Domains” on page 18-18 n “Bridging to a Third-Party Messaging Provider” on page 18-23 n “Managing a Messaging Bridge” on page 18-25 What Is a Messaging Bridge? The WebLogic Mes
18 Using the WebLogic Messaging Bridge n WebLogic JMS with a third-party JMS product (for example, MQSeries). n WebLogic JMS with non-JMS messaging products (only by using specialized adapters that are not provided with WebLogic Server). A messaging bridge consists of two destinations that are being bridged: a source destination from which messages are received, and a target destination to which messages are forwarded.
Messaging Bridge Configuration Tasks About the Bridge’s Resource Adapters A messaging bridge uses resource adapters to communicate with the configured source and target JMS destinations. You need to associate both the source and target JMS destinations with a supported adapter in order for the bridge to communicate with them. The JNDI name for the adapter is configured as part of the adapter’s deployment descriptor.
18 Using the WebLogic Messaging Bridge The supported adapters are located in the WL_HOME\lib directory and are described in the following table. Table 18-1 Messaging Bridge Adapters and JNDI Names Adapter JNDI Name Description jms-xa-adp.rar eis.jms.WLSConnection FactoryJNDIXA Provides transaction semantics via XAResource. Used when the required QOS is Exactly-once. This envelops a received message and sends it within a user transaction (XA/JTA).
Messaging Bridge Configuration Tasks Table 18-1 Messaging Bridge Adapters and JNDI Names Adapter JNDI Name Description jms-notran-adp51.rar eis.jms.WLS51Connection FactoryJNDINoTX Provides interoperability when either the source or target destination is WebLogic Server 5.1. This adapter provides no transaction semantics; therefore, it only supports a QOS of Atmost-once or Duplicate-okay. If the requested QOS is Atmost-once, the adapter uses the AUTO_ACKNOWLEDGE mode.
18 Using the WebLogic Messaging Bridge Note: When configuring a messaging bridge to interoperate between WebLogic Server release 6.1 and release 5.1, then the release 5.1 resource adapter (jms-notran-adp51.rar) and the non-transaction adapter (jms-notran-adp.rar) must be deployed on the 6.1 domain running the messaging bridge.
Messaging Bridge Configuration Tasks You need to configure a JMSBridgeDestination instance for each actual source and target JMS destination to be mapped to a messaging bridge. Therefore, when you finish defining attributes for a source JMS bridge destination, repeat these steps to configure a target JMS bridge destination, or vice versa. You will designate the source and target JMS Bridge Destinations in “Configuring a Messaging Bridge Instance” on page 18-12.
18 Using the WebLogic Messaging Bridge Table 18-2 JMS Bridge Destination Attributes on the Configuration Tab Attribute Description Adapter Classpath When connecting to a destination that is running on WebLogic Server 6.0 or earlier, the bridge destination must supply a CLASSPATH that indicates the locations of the classes for the earlier WebLogic Server implementation.
Messaging Bridge Configuration Tasks 6. When you finish defining attributes for a source JMS bridge destination, repeat these steps to configure a target JMS bridge destination, or vice versa.
18 Using the WebLogic Messaging Bridge Table 18-3 General Bridge Destination Attributes on the Configuration Tab Attribute Description Name A bridge destination name for the actual destination being mapped to the bridge. This name must be unique across a WebLogic domain. For example, if you are bridging between WebLogic Server releases 6.1 and 7.0, for the source destination you could change the default bridge destination name to “61to70SourceDestination”.
Messaging Bridge Configuration Tasks Table 18-3 General Bridge Destination Attributes on the Configuration Tab Attribute Description Properties Specifies all the properties defined for a bridge destination. Each property must be separated by a semicolon (for example, DestinationJNDIName=myTopic;DestinationType =topic;). For non-JMS messaging products that use adapters provided by a third-party OEM vendor, you should consult the vendor’s documentation for property configuration instructions.
18 Using the WebLogic Messaging Bridge Configuring a Messaging Bridge Instance A messaging bridge instance communicates with the configured source and target bridge destinations. For each mapping of a source bridge destination to a target bridge destination, whether it is another WebLogic JMS implementation, a third-party JMS provider, or another non-JMS messaging product, you must configure a MessagingBridge instance via the Administration Console.
Messaging Bridge Configuration Tasks Table 18-4 Messaging Bridge Attributes on the General Tab Attribute Description Target Destination Select the target destination to which messages are sent from the messaging bridge. For example, for a JMS messaging bridge, you should select the “JMS Target Bridge Destination” name that you created on the JMS Bridge Destination → Configuration tab. Selector Allows you to filter the messages that are sent across the messaging bridge.
18 Using the WebLogic Messaging Bridge Table 18-4 Messaging Bridge Attributes on the General Tab Attribute Description QOS Degradation Allowed When selected, the messaging bridge automatically degrades the requested QOS when the configured one is not available. If this occurs, a message is delivered to the WebLogic startup window (or log file).
Messaging Bridge Configuration Tasks Table 18-4 Messaging Bridge Attributes on the General Tab Attribute Description Durability Enabled This attribute is used only for JMS topics or for destinations with similar characteristics as a JMS topic. By enabling durability, a messaging bridge creates a durable subscription for the source destination. This allows the source JMS implementation to save messages that are sent to it when the bridge is not running.
18 Using the WebLogic Messaging Bridge The source and target destinations for a messaging bridge will not always be available. As such, the messaging bridge must be able to reconnect to the destination at some periodic interval. These attributes govern the time between reconnection attempts. Table 18-5 Messaging Bridge Attributes on the Connection Retry Tab Attribute Description Minimum Delay (seconds) The minimum delay, in seconds, between reconnection attempts.
Messaging Bridge Configuration Tasks Table 18-6 Messaging Bridge Attributes on the Transactions Tab Attribute Description Batch Interval (milliseconds) Defines the maximum time, in milliseconds, that the bridge waits before sending a batch of messages in one transaction, regardless of whether the Batch Size amount has been reached or not. The default value of -1 indicates that the bridge will wait until the number of messages reaches the Batch Size before it completes a transaction.
18 Using the WebLogic Messaging Bridge Using the Messaging Bridge to Interoperate with Different WebLogic Server Versions and Domains The following interoperability guidelines apply when using the messaging bridge to access JMS destinations in different releases of WebLogic Server and in other WebLogic Server domains.
Using the Messaging Bridge to Interoperate with Different WebLogic Server Versions n If a JMS file store is being used for persistent messages, the JMS file store name must be unique across domains. Enabling Security Interoperability for WebLogic Domains Follow these security guidelines when a release 6.1 domain is interoperating with another release 7.0 or later domain: 1. The release 7.0 or later Credential password must exactly match the “system” user password configured for the 6.1 domain.
18 Using the WebLogic Messaging Bridge Using the Messaging Bridge To Access Destinations In a Release 6.1 or Later Domain Use these guidelines when configuring a messaging bridge on a release 6.1 domain to provide “Exactly-once” transactional message communication between two release 6.1 or later domains. Note: The Exactly-once quality of service for transactions is only supported for implementations of WebLogic Server 6.1 or later. 18-20 n A messaging bridge running on release 6.
Using the Messaging Bridge to Interoperate with Different WebLogic Server Versions n On the Messaging Bridge → Configuration → General tab, select a Quality Of Service of Exactly-once, as described in “Configuring a Messaging Bridge Instance” on page 18-12. Using the Messaging Bridging To Access Destinations In a Release 6.0 Domain When configuring a messaging bridge involves interoperability between WebLogic Server 6.1 and a release 6.0 domain, you must configure the following settings on the release 6.
18 Using the WebLogic Messaging Bridge Using the Messaging Bridging To Access Destinations In a Release 5.1 Domain When configuring a messaging bridge involves interoperability between WebLogic Server 6.1 and release 5.1, you must configure the following settings on the release 6.1 domain that the messaging bridge is running on: Note: The Exactly-once QOS for transactions is not supported for WebLogic Server 5.1.
Bridging to a Third-Party Messaging Provider Note: If your implementation is using a 5.1 Service Pack, the corresponding sp.jar files must also be added to the Adapter Classpath field. n On the Messaging Bridge → Configuration → General tab, select a Quality Of Service of Atmost-once or Duplicate-okay, as described in “Configuring a Messaging Bridge Instance” on page 18-12.
18 Using the WebLogic Messaging Bridge that is using the XA resource of the resource manager). For example, when using MQ Series, it is not possible to use the same Queue Manager for the source and target bridge destinations.
Managing a Messaging Bridge Managing a Messaging Bridge Once a messaging bridge is up and running, it can managed from the Administration Console. n Stopping and Restarting a Messaging Bridge n Monitoring Messaging Bridges n Configuring the Execute Thread Pool Size Stopping and Restarting a Messaging Bridge To temporarily suspend and restart an active messaging bridge: 1. Click to expand the Messaging Bridge node. 2. Select the messaging bridge instance that you want to stop. 3.
18 Using the WebLogic Messaging Bridge 5. Click the Monitoring all Messaging Bridge Runtimes text link to display the monitoring data. 6. A table displays showing all the messaging bridge instances for the server and their status (either as running or not running). Configuring the Execute Thread Pool Size You can configure the default execute thread pool size for your messaging bridges from the Administration Console.
CHAPTER 19 Managing JNDI The following sections describe how to manage JNDI: n “Overview of JNDI Management” on page 19-1 n “Viewing the JNDI Tree” on page 19-2 n “Loading Objects in the JNDI Tree” on page 19-2 Overview of JNDI Management You use the Administration Console to manage JNDI. The JNDI API enables applications to look up objects—such as Data Sources, EJBs, JMS, and MailSessions—by name. The JNDI tree is represented by the left pane in the Administration Console.
19 Managing JNDI Viewing the JNDI Tree To view the objects in the WebLogic Server JNDI tree for a specific server, do the following: 1. Right-click the server node in the left pane. This displays a pop-up menu. 2. Select JNDI Tree. The JNDI tree for this server displays in the right pane. Loading Objects in the JNDI Tree Using the Administration Console, you load WebLogic Server J2EE services and components, such as RMI, JMS, EJBs, and JDBC Data Sources, in the JNDI tree.
Administration Guide 19-3
19 19-4 Managing JNDI Administration Guide
CHAPTER 20 Managing the WebLogic J2EE Connector Architecture Based on the Sun Microsystems J2EE Connector Specification, Version 1.0, Proposed Final Draft 2, the WebLogic J2EE Connector Architecture integrates the J2EE Platform with one or more heterogeneous Enterprise Information Systems (EIS).
20 Managing the WebLogic J2EE Connector Architecture Overview of WebLogic J2EE Connector Architecture BEA WebLogic Server continues to build upon the implementation of the Sun Microsystems J2EE Platform Specification, Version 1.3. The J2EE Connector Architecture adds simplified Enterprise Information System (EIS) integration to the J2EE platform.
Installing a New Resource Adapter Installing a New Resource Adapter This section discusses how to connect a new connector (resource adapter) to WebLogic Server by using the Administration Console. 1. Start WebLogic Server. 2. Open the Administration Console. 3. Open the Domain you will be working in. 4. Under Deployments, right-click Connectors in the left panel to display the pop-up menu. 5. Select Install a New Connector Component. 6. Enter the path of the resource adapter .
20 Managing the WebLogic J2EE Connector Architecture 1. Start WebLogic Server. 2. Open the Administration Console. 3. Open the Domain you will be working in. 4. Under Deployments, select Connectors in the left panel. The Connector Deployments table displays in the right pane showing all the deployed Connectors (Resource Adapters). 5. Select Configure a new Connector Component. 6. Enter the following information: l Name—modify the default name of the connector component as needed.
Configuring and Deploying a New Connector Undeploying Deployed Resource Adapters To undeploy a deployed connector from the WebLogic Server Administration Console: 1. In the Administration Console under Deployments, select Connectors (Resource Adapters) in the left panel. 2. In the Connector Deployments table, select the connector to undeploy. 3. Under the Configuration tab, deselect the Deployed check box. 4. Click Apply.
20 Managing the WebLogic J2EE Connector Architecture Monitoring To monitor all connection pool run times for a connector, proceed as follows: 1. Select a connector to monitor in the left pane of the Console. 2. Right-click with your mouse, and select Monitor all Connector Connection Pool Runtimes from the pop-up menu. Connection pool run-time information is provided in the right pane for the selected connector. Note: You can also select access the this information using the right pane of the Console.
Editing Resource Adapter Deployment Descriptors Editing Resource Adapter Deployment Descriptors This section describes the procedure for editing the following resource adapter (connector) deployment descriptors using the Administration Console Deployment Descriptor Editor: n ra.xml n weblogic-ra.xml For detailed information about the elements in the resource adapter deployment descriptors, refer to Programming the WebLogic J2EE Connector Architecture.
20 Managing the WebLogic J2EE Connector Architecture 6. To edit an existing element in one of the resource adapter deployment descriptors, follow these steps: a. Navigate the tree in the left pane, clicking on parent elements until you find the element you want to edit. b. Click the element. A form appears in the right pane that lists either its attributes or subelements. c. Edit the text in the form in the right pane. d. Click Apply. 7.
CHAPTER 21 Managing WebLogic Server Licenses Your WebLogic Server requires a valid license to run. The following sections explain how to install and update WebLogic licenses: n Installing a WebLogic Server License n Updating a License Installing a WebLogic Server License An evaluation copy of WebLogic Server is enabled for 30 days so you can start using WebLogic Server immediately.
21 Managing WebLogic Server Licenses Updating a License You will need to update the BEA license file if one of the following is true: n You have purchased additional BEA software. n You obtain a new distribution that includes new products. n You have applied for and received an extension of your 30-day evaluation license. In either of these cases, you will receive a license update file by email as an attachment. To update your BEA license file, do the following: 1.
APPENDIX A Using the WebLogic Java Utilities WebLogic provides several Java programs that simplify installation and configuration tasks, provide services, and offer convenient shortcuts. The following sections describe each Java utility provided with WebLogic Server. The command-line syntax is specified for all utilities and, for some, examples are provided.
A Using the WebLogic Java Utilities To use these utilities you must correctly set your CLASSPATH. For more information, see “Setting the Classpath Option.” AppletArchiver The AppletArchiver utility runs an applet in a separate frame, keeps a record of all of the downloaded classes and resources used by the applet, and packages these into either a .jar file or a .cab file. (The cabarc utility is available from Microsoft.) Syntax $ java utils.applet.archiver.
ClientDeployer You use weblogic.ClientDeployer to extract the client-side JAR file from a J2EE EAR file, creating a deployable JAR file. The weblogic.ClientDeployer class is executed on the Java command line with the following syntax: java weblogic.ClientDeployer ear-file client The ear-file argument is an expanded directory (or Java archive file with a .ear extension) that contains one or more client application JAR files. For example: java weblogic.ClientDeployer app.ear myclient where app.
A Using the WebLogic Java Utilities der2pem The der2pem utility converts an X509 certificate from DER format to PEM format. The .pem file is written in the same directory as the source .der file. Syntax $ java utils.der2pem derFile [headerFile] [footerFile] Argument Description derFile The name of the file to convert. The filename must end with a .der extension, and must contain a valid certificate in .der format. headerFile The header to place in the PEM file.
dbping The dbping command-line utility tests the connection between a DBMS and your client machine via a JDBC driver. You must complete the installation of the driver before attempting to use this utility. Syntax $ java -Dbea.home=WebLogicHome utils.dbping DBMS user password DB Argument Definition WebLogicHome The directory containing your WebLogic Server license (license.bea). For example, d:\beaHome\. Required only if using a BEA-supplied JDBC driver.
A Using the WebLogic Java Utilities Argument Definition DB Name of the database.
deploy The deploy utility gets a J2EE application from an archive file (.jar, .war, or .ear) and deploys the J2EE application to a running WebLogic Server. For additional information, see Assembling and Configuring Web Applications and the programming guide Developing WebLogic Server Applications. Syntax $ java weblogic.
A Using the WebLogic Java Utilities Other Required Arguments A-8 Argument Description password Specifies the system password for the WebLogic Server. application name Identifies the name of the application. The application name can be specified at deployment time, either with the deployment or console utilities. source Specifies the exact location of the application archive file (.jar, .war, or .ear), or the path to the top level of an application directory.
Options Option Definition -component componentname:target1, target2 Component to be deployed on various targets, must be specified as: componentname:target1,target2 where componentname is the name of the .jar, .rar or .war file without the extension. This option can be specified multiple times for any number of components (.jar, .rar or .war). To deploy an .ear file, enter each of its components separately using this option and specify the .ear using the -source argument. For example, to deploy jubilee.
A Using the WebLogic Java Utilities Option Definition -jspRefreshComponentName Specifies the webapp component to which the refreshed files are being copied. Use this option together with the -jspRefreshFiles option to refresh static files. For more information on using this option, see Refreshing Static Components in Deploying Web Applications. -jspRefreshFiles Refreshes static files such as JSPs, HTML files, image files such as .gif and .jpg, and text files. Class files may not be refreshed.
n Removing a Deployed J2EE Application n Updating a Deployed J2EE Application Viewing a Deployed J2EE Application To view an application that is deployed on a local WebLogic Server, enter the following command: % java weblogic.deploy list password The value of password is the password for the WebLogic Server system account. To list a deployed application on a remote server, specify the port and host options, as follows: % java weblogic.
A Using the WebLogic Java Utilities Removing a Deployed J2EE Application To remove a deployed J2EE application, you need only reference the assigned application name, as shown in the following example: % java weblogic.deploy -port 7001 -host localhost undeploy weblogicpwd Basic_example Note: Removing a J2EE application does not remove the application from WebLogic Server. You cannot re-use the application name with the deploy utility.
getProperty The getProperty utility gives you details about your Java setup and your system. It takes no arguments. Syntax $ java utils.getProperty Example $ java utils.getProperty -- listing properties -user.language=en java.home=c:\java11\bin\.. awt.toolkit=sun.awt.windows.WToolkit file.encoding.pkg=sun.io java.version=1.1_Final file.separator=\ line.separator= user.region=US file.encoding=8859_1 java.vendor=Sun Microsystems Inc. user.timezone=PST user.name=mary os.arch=x86 os.name=Windows NT java.
A Using the WebLogic Java Utilities logToZip The logToZip utility searches an HTTP server log file in common log format, finds the Java classes loaded into it by the server, and creates an uncompressed .zip file that contains those Java classes. It is executed from the document root directory of your HTTP server. To use this utility, you must have access to the log files created by the HTTP server. Syntax $ java utils.logToZip logfile codebase zipfile Argument Definition logfile Required.
MulticastTest The MulticastTest utility helps you debug multicast problems when configuring a WebLogic Cluster. The utility sends out multicast packets and returns information about how effectively multicast is working on your network. Specifically, MulticastTest displays the following types of information via standard output: 1. A confirmation and sequence ID for each message sent out by this server. 2. The sequence and sender ID of each message received from any clustered server, including this server. 3.
A Using the WebLogic Java Utilities Argument Definition -p portnumber Optional. The multicast port on which all the servers in the cluster are communicating. (The multicast port is the same as the listen port set for WebLogic Server, which defaults to 7001 if unset.) -t timeout Optional. Idle timeout, in seconds, if no multicast messages are received. If unset, the default is 600 seconds (10 minutes). If a timeout is exceeded, a positive confirmation of the timeout is sent to stdout.
myip The myip utility returns the IP address of the host. Syntax $ java utils.myip Example $ java utils.myip Host toyboat.toybox.com is assigned IP address: 192.0.0.
A Using the WebLogic Java Utilities pem2der The pem2der utility converts an X509 certificate from PEM format to DER format. The .der file is written in the same directory as the source .pem file. Syntax $ java utils.pem2der pemFile Argument Description pemFile The name of the file to be converted. The filename must end with a .pem extension, and it must contain a valid certificate in .pem format. Example $ java utils.pem2der graceland_org.pem Decoding ................................................
Schema The Schema utility lets you upload SQL statements to a database using the WebLogic JDBC drivers. For additional information about database connections, see Programming WebLogic JDBC. Syntax $ java utils.Schema driverURL driverClass [-u username] [-p password] [-verbose SQLfile] Argument Definition driverURL Required. URL for the JDBC driver. driverClass Required. Pathname of the JDBC driver class. -u username Optional. Valid username. -p password Optional. Valid password for the user.
A Using the WebLogic Java Utilities (tablename varchar(32), maxkey int); A-20 Administration Guide
showLicenses The showLicenses utility displays license information about BEA products installed in this machine. Syntax $ java -Dbea.home=license_location utils.showLicenses Argument Description license_location The fully qualified name of the directory where the license.bea file exists. Example $ java -Dbea.home=d:\bea utils.
A Using the WebLogic Java Utilities system The system utility displays basic information about your computer’s operating environment, including the manufacturer and version of your JDK, your CLASSPATH, and details about your operating system. Syntax $ java utils.system Example $ java utils.system * * * * * * * java.version * * * * * * * 1.1.6 * * * * * * * java.vendor * * * * * * * Sun Microsystems Inc. * * * * * * * java.class.path * * * * * * * \java\lib\classes.
t3dbping The t3dbping utility tests a WebLogic JDBC connection to a DBMS via any two-tier JDBC driver. You must have access to a WebLogic Server and a DBMS to use this utility. Syntax $ java utils.t3dbping WebLogicURL username password DBMS driverClass driverURL Argument Definition WebLogicURL Required. URL of the WebLogic Server. username Required. Valid username of DBMS user. password Required. Valid password of DBMS user. DBMS Required. Database name. driverClass Required.
A Using the WebLogic Java Utilities verboseToZip When executed from the document root directory of your HTTP server, verboseToZip takes the standard output from a Java application run in verbose mode, finds the Java classes referenced, and creates an uncompressed .zip file that contains those Java classes. Syntax $ java utils.verboseToZip inputFile zipFileToCreate Argument Definition inputFile Required. Temporary file that contains the output of the application running in verbose mode.
version The version utility displays version information about your installed WebLogic via stdout. Syntax $ java weblogic.Admin -url host:port -username username -password password VERSION Example $ java weblogic.
A Using the WebLogic Java Utilities writeLicense The writeLicense utility writes information about all your WebLogic licenses in a file called writeLicense.txt, located in the current directory. This file can then be emailed, for example, to WebLogic technical support. Syntax $ java utils.writeLicense -nowrite -Dbea.home=path Argument Definition -nowrite Required. Sends the output to stdout instead of writeLicense.txt. -Dbea.home Required.
Example of Windows NT Output * * * * * * * os.name * * * * * * * Windows NT * * * * * * * os.arch * * * * * * * x86 * * * * * * * os.version * * * * * * * 4.0 * * * * * * IP * * * * * * Host myserver is assigned IP address: 192.1.1.0 * * * * * * Location of WebLogic license files * * * * * * No WebLogicLicense.class found No license.bea license found in weblogic.system.home or current directory Found in the classpath: c:/weblogic/license/license.
A A-28 Using the WebLogic Java Utilities Administration Guide
A PPENDIX B WebLogic Server Command-Line Interface Reference The following sections discuss the WebLogic Server command-line interface syntax, and describe each WebLogic Server administration, connection pool administration, and Mbean management command: n “About the Command-Line Interface” on page -1 n “Using WebLogic Server Commands” on page -3 n “WebLogic Server Administration Command Reference” on page -6 n “WebLogic Server Connection Pools Administration Command Reference” on page -27 n “Mbe
B WebLogic Server Command-Line Interface Reference n You want to create scripts for administration and management efficiency. n You cannot access the Administration Console through a browser. n You prefer using the command-line interface over a graphical user interface. Before You Begin The examples in this document are based on the following assumptions: n WebLogic Server is installed in the c:/weblogic directory. n The JDK is located in the c:/java directory.
Using WebLogic Server Commands Using WebLogic Server Commands This section presents the syntax and required arguments for using WebLogic Server commands. WebLogic Server commands are not case-sensitive. Syntax java weblogic.Admin [–url URL] [ { -username username [-password password] } | { [-userconfigfile config-file] [-userkeyfile admin-key] } ] COMMAND arguments Connection and User Credentials Arguments Note: When you invoke most weblogic.
B WebLogic Server Command-Line Interface Reference Table 21-1 Conection and User Credentials Arguments Argument Definition -password password The password that is associated with the username. If you specify -username username but do not specify the -password argument, weblogic.Admin prompts you for a password. If WL_HOME\server\bin is specified in the PATH environment variable, weblogic.Admin uses a set of WebLogic Server libraries that prevent the password from being echoed to standard out.
Using WebLogic Server Commands In a development environment in which security is not a top priority, you can use the -username and -password arguments when invoking the weblogic.Admin utility directly on the command line or in scripts. With these arguments, the username and password are not encrypted. If you store the values in a script, the user credentials can be used by anyone who has read access to the script.
B WebLogic Server Command-Line Interface Reference Examples of Providing User Credentials The following command specifies the username weblogic and password weblogic directly on the command line: java weblogic.Admin -username weblogic -password weblogic COMMAND The following command uses a user-configuration file and key file that are located at the default pathname: java weblogic.Admin COMMAND See “Configuring the Default Path Name” on page -20.
WebLogic Server Administration Command Reference Table B-1 WebLogic Server Administration Commands Overview (Continued) Task Command Description Connect to WebLogic Server CONNECT Makes the specified number of connections to the WebLogic Server and returns two numbers representing the total time for each round trip and the average amount of time (in milliseconds) that each connection is maintained. See “CONNECT” on page -10.
B WebLogic Server Command-Line Interface Reference Table B-1 WebLogic Server Administration Commands Overview (Continued) Task Command Description View threads THREAD_DUMP Provides a real-time snapshot of the WebLogic Server threads that are currently running. See “THREAD_DUMP” on page -24. Unlock a WebLogic Server UNLOCK View WebLogic Server version VERSION Unlocks the specified WebLogic Server after a LOCK operation. See “UNLOCK” on page -25.
WebLogic Server Administration Command Reference CANCEL_SHUTDOWN The CANCEL_SHUTDOWN command cancels the SHUTDOWN command for a specified WebLogic Server. When you use the SHUT_DOWN command, you can specify a delay (in seconds). An administrator may cancel the shutdown command during the delay period. Be aware that the SHUTDOWN command disables logins, and they remain disabled even after cancelling the shutdown. Use the UNLOCK command to re-enable logins.
B WebLogic Server Command-Line Interface Reference CONNECT Makes the specified number of connections to the WebLogic Server and returns two numbers representing the total time for each round trip and the average amount of time (in milliseconds) that each connection is maintained. Syntax java weblogic.Admin [Connection and User Credentials Arguments] CONNECT count Argument Definition count Number of connections to be made.
WebLogic Server Administration Command Reference HELP Provides syntax and usage information for all WebLogic Server commands (by default) or for a single command if a command value is specified on the HELP command line. Syntax java weblogic.Admin HELP [COMMAND] Example In the following example, information about using the PING command is requested: java weblogic.Admin HELP PING The HELP command returns the following to stdout: Usage: weblogic.
B WebLogic Server Command-Line Interface Reference LICENSES Lists the licenses for all WebLogic Server instances installed on the specified server. Syntax java weblogic.Admin [Connection and User Credentials Arguments] LICENSES Example In the following example, an administrator using the default username (guest) and default password (guest) requests the license information for a WebLogic Server running on port 7001 of machine localhost: java weblogic.
WebLogic Server Administration Command Reference LIST Lists the bindings of a node in the JNDI naming tree. Syntax java weblogic.Admin [Connection and User Credentials Arguments] LIST context Argument Definition context Required. The JNDI context for lookup, for example, weblogic, weblogic.ejb, javax. Example In this example, user adminuser, who has a password of gumby1234, requests a list of the node bindings in weblogic.ejb: java weblogic.Admin -username adminuser -password gumby1234 LIST weblogic.
B WebLogic Server Command-Line Interface Reference LOCK Locks a WebLogic Server against non-privileged logins. Any subsequent login attempt initiates a security exception which may contain an optional string message. Note: This command is privileged. It requires the password for the WebLogic Server administrative user. Syntax java weblogic.Admin [Connection and User Credentials Arguments] LOCK “string_message” Argument Definition “string_message” Optional.
WebLogic Server Administration Command Reference PING Sends a message to verify that a WebLogic Server is listening on a port, and is ready to accept WebLogic client requests. Syntax java weblogic.Admin [Connection and User Credentials Arguments] PING [round_trips] [message_length] Argument Definition round_trips Optional. Number of pings. message_length Optional. Size of the packet to be sent in each ping. Requests for pings with packets larger than 10 MB throw exceptions.
B WebLogic Server Command-Line Interface Reference SERVERLOG Displays the log file generated on a specific server. n If you do not specify a URL, the server log for the Administration Server is displayed by default. n If you specify a server URL, you can retrieve a log for a non-Administration Server. n If you omit the starttime and endtime arguments, a running display of the entire server log is started. Syntax java.weblogic.
WebLogic Server Administration Command Reference SHUTDOWN Shuts down the WebLogic Server that is specified in the URL. Syntax java weblogic.Admin [Connection and User Credentials Arguments] SHUTDOWN [seconds] [“lockMessage”] Argument Definition seconds Optional. Number of seconds allowed to elapse between the invoking of this command and the shutdown of the server. “lockMessage” Optional.
B WebLogic Server Command-Line Interface Reference STOREUSERCONFIG Creates a user-configuration file and an associated key file. The user-configuration file contains an encrypted username and password. The key file contains a secret key that is used to encrypt and decrypt the username and password. When you use other weblogic.Admin or weblogic.
WebLogic Server Administration Command Reference Argument Definition -userconfigfile config-file Specifies a file pathname at which the STOREUSERCONFIG command creates a user-configuration file. The pathname can be absolute or relative to the directory from which you enter the command. If a file already exists at the specified pathname, the command overwrites the file with a new file that contains the newly encrypted username and password.
B WebLogic Server Command-Line Interface Reference Argument Definition (Continued) -username username [-password password ] Specifies the username and password to encrypt. The STOREUSERCONFIG command does not verify that the username and password are valid WebLogic Server user credentials. If you omit the -password password argument, STOREUSERCONFIG prompts you to enter a password.
WebLogic Server Administration Command Reference Creating User-Configuration and Key Files To create user-configuration and key files: 1. Use the -username username and -password password arguments to specify the username and password to be encrypted. 2. Specify the name and location of the user-configuration and key files by doing one of the following: l Use the -userconfigfile config-file and -userkeyfile key-file arguments: java weblogic.
B WebLogic Server Command-Line Interface Reference 2. When you create an additional user-configuration file, specify the existing key file. For example, enter the following command: java weblogic.Admin -username username -password password -userconfigfile c:\anotherConfigFile -userkeyfile e:\myKeyFile STOREUSERCONFIG Examples In the following example, a user who is logged in to a UNIX operating system as joe encrypts the username wlAdmin and password wlPass: java weblogic.
WebLogic Server Administration Command Reference A user who logs in to pat’s account can use the following syntax to invoke weblogic.Admin commands: java weblogic.Admin -userkeyfile e:\myKeyFile COMMAND For information on using user-configuration and key files, see “Summary of User Credentials Arguments” on page -4.
B WebLogic Server Command-Line Interface Reference THREAD_DUMP Provides a real-time snapshot of the WebLogic Server threads that are currently running. Syntax java weblogic.
WebLogic Server Administration Command Reference UNLOCK Unlocks the specified WebLogic Server after a LOCK operation. Syntax java weblogic.Admin [Connection and User Credentials Arguments] UNLOCK Argument Definition username Required. A valid administrative username must be supplied to use this command. password Required. A valid administrative password must be supplied to use this command.
B WebLogic Server Command-Line Interface Reference VERSION Displays the version of the WebLogic Server software that is running on the machine specified by the value of URL. Syntax java weblogic.Admin [Connection and User Credentials Arguments] VERSION Example In the following example, a user requests the version of the WebLogic Server running on port 7001 on machine localhost: java weblogic.
WebLogic Server Connection Pools Administration Command Reference WebLogic Server Connection Pools Administration Command Reference Table B-2 presents an overview of WebLogic Server administration commands for connection pools. The following sections describe command syntax and arguments, and provide an example for each command. For additional information about connection pools see Programming WebLogic JDBC at http://e-docs.bea.com/wls/docs61/jdbc/index.
B WebLogic Server Command-Line Interface Reference Table B-2 WebLogic Server Administration Commands Overview—Connection Pools Task Command Description Determine if a Connection Pool Exists EXISTS_POOL Tests whether a connection pool with a specified name exists in the WebLogic Server. You can use this command to determine whether a dynamic connection pool has already been created or to ensure that you select a unique name for a dynamic connection pool you want to create.
WebLogic Server Connection Pools Administration Command Reference CREATE_POOL Allows creation of connection pool while WebLogic Server is running. For more information, see “Creating a Connection Pool Dynamically” in Programming WebLogic JDBC at http://e-docs.bea.com/wls/docs61/jdbc/programming.html#programmin g004. Syntax java weblogic.
B WebLogic Server Command-Line Interface Reference Argument Definition driver Required. Name of JDBC driver. Only local (non-XA) drivers can participate. url Required. URL of the JDBC driver. testConnsOnReserve Indicates reserved test connections. Default = False. testConnsOnRelease Indicates test connections when they are released. Default = False. testTableName Database table used when testing connections; must be present for tests to succeed.
WebLogic Server Connection Pools Administration Command Reference initialCapacity=2,maxCapacity=8, props=user=SCOTT;password=tiger;server=bay816" Administration Guide B-31
B WebLogic Server Command-Line Interface Reference DESTROY_POOL Connections are closed and removed from the pool and the pool dies when it has no remaining connections. Only the “system” user or users granted “admin” permission by an ACL associated with a connection pool can destroy the pool. Syntax java weblogic.Admin [Connection and User Credentials Arguments] DESTROY_POOL poolName [true|false] Argument Definition poolName Required. Unique name of pool.
WebLogic Server Connection Pools Administration Command Reference DISABLE_POOL You can temporarily disable a connection pool, preventing any clients from obtaining a connection from the pool. Only the “system” user or users granted “admin” permission by an ACL associated with a connection pool can disable or enable the pool. You have to options for disabling a pool. 1) Freezing the connections in a pool that you later plan to enable, and 2) destroy the connections. Syntax java weblogic.
B WebLogic Server Command-Line Interface Reference ENABLE_POOL When a pool is enabled, the JDBC connection states for each in-use connection are exactly as they were when the connection pool was disabled; clients can continue JDBC operations exactly where they left off. Syntax java weblogic.Admin [Connection and User Credentials Arguments] ENABLE_POOL poolName Argument Definition poolName Name of the connection pool.
WebLogic Server Connection Pools Administration Command Reference EXISTS_POOL Tests whether a connection pool with a specified name exists in the WebLogic Server. You can use this method to determine whether a dynamic connection pool has already been created or to ensure that you select a unique name for a dynamic connection pool you want to create. Syntax java weblogic.Admin [Connection and User Credentials Arguments] EXISTS_POOL poolName Argument Definition poolName Name of connection pool.
B WebLogic Server Command-Line Interface Reference RESET_POOL This command resets the connections in a registered connection pool. This is a privileged command. You must supply the password for the WebLogic Server administrative user to use this command. You must know the name of the connection pool, which is an entry in the config.xml file. Syntax java weblogic.
Mbean Management Command Reference Mbean Management Command Reference Table B-3 presents an overview of the Mbean management commands. The following sections describe command syntax and arguments, and provide an example for each command. Table B-3 Mbean Management Command Overview Task Command(s) Description Create configuration Mbeans CREATE Creates an instance of a configuration Mbean. Returns OK to stdout when successful. This command cannot be used for run-time Mbeans. See “CREATE” on page -38.
B WebLogic Server Command-Line Interface Reference CREATE Creates an instance of a configuration Mbean. Returns OK to stdout when successful. This command cannot be used for run-time Mbeans. The Mbean instance is saved in the config.xml file or the security realm, depending on where the changes have been made. Note: When you create Mbeans, configuration objects are also created. For more information about creating Mbeans, see Developing WebLogic Server Applications, at http://e-docs.bea.
Mbean Management Command Reference DELETE Deletes a configuration Mbean. Returns OK in stdout when successful. This command cannot be used for run-time Mbeans. Note: When you delete Mbeans, configuration objects are also deleted. For more information about deleting Mbeans, see Developing WebLogic Server Applications, at http://e-docs.bea.com/wls/docs61/programming/index.html. Syntax java weblogic.
B WebLogic Server Command-Line Interface Reference GET Displays run-time Mbean attributes. You can request a list of attributes for multiple objects of the same type by requesting attributes for the following: n All Mbeans that belong to the same Mbean type: GET {-pretty} -type mbean_type n A specific Mbean: GET {-pretty} -mbean mbean_name The name of each of the specified Mbeans is included in the output. If -pretty is specified, each attribute name-value pair is displayed on a new line.
Mbean Management Command Reference Argument Definition mbean_type Required. When getting attributes for multiple objects of the same type, output includes the name of the Mbean. mbean_name Fully qualified name of an Mbean, in the following format: “domain:Type=type,Location=location,Name=name” Type specifies a type of object grouping, Location specifies the location of the Mbean, and Name supplies the Mbean name. pretty Optional. Produces well-formatted output. property Optional.
B WebLogic Server Command-Line Interface Reference INVOKE Invokes the specified method (including arguments) on the specified Mbean. This command can call only run-time Mbeans. Use this command to invoke methods that do not get or set Mbean attributes. Syntax java weblogic.Admin [Connection and User Credentials Arguments] INVOKE {–type mbean_type|–mbean mbean_name} –method methodname [argument . . .
Mbean Management Command Reference SET Sets the specified attribute values for the named configuration Mbean. Returns OK on stdout when successful. This command cannot be used for run-time Mbeans. New values are saved to the config.xml file or the security realm, depending on where the new values have been defined. Syntax java weblogic.Admin [Connection and User Credentials Arguments] SET {–type mbean_type|–mbean mbean_name} –property property1 property1_value [-property property2 property2_value] . . .
B B-44 WebLogic Server Command-Line Interface Reference Administration Guide
A PPENDIX C WebLogic SNMP Agent Command-Line Reference WebLogic Server can use Simple Network Management Protocol (SNMP) to communicate with enterprise-wide management systems. The WebLogic Server subsystem that gathers WebLogic management data, converts it to SNMP communication modules (trap notifications), and forwards the trap notifications to third-party SNMP management systems is called the WebLogic SNMP agent.
C WebLogic SNMP Agent Command-Line Reference For more information about using SNMP with WebLogic Server, refer to the WebLogic SNMP Management Guide. Required Environment and Syntax for the SNMP Command-Line Interface Before you use the WebLogic SNMP agent’s command-line interface, set up your environment and note command syntax information as described in the following sections. Environment To set up your environment for the WebLogic SNMP agent’s command-line interface: 1.
Required Environment and Syntax for the SNMP Command-Line Interface java command-name arguments Table C-1 describes arguments that are common to most WebLogic SNMP agent commands. Table C-1 Common Command Line Arguments Argument Definition -d Includes debugging information and packet dumps in the command output.
C WebLogic SNMP Agent Command-Line Reference Table C-1 Common Command Line Arguments Argument Definition host Specifies the DNS name or IP address of the computer that hosts the WebLogic Server Administration Server, which is where the WebLogic SNMP agent runs. Commands for Retrieving the Value of WebLogic Server Attributes Table C-2 is an overview of commands that retrieve the value of WebLogic Server MBean attributes that are exposed in the WebLogic Server MIB.
Commands for Retrieving the Value of WebLogic Server Attributes snmpwalk Returns a recursive list of all managed objects that are below a specified node in the MIB tree. If you specify the OID for an object type, the command returns a list of all instances of that type along with all instances of any child object types.
C WebLogic SNMP Agent Command-Line Reference If you invoke this command from a computer that is running the Examples Server, the command returns output similar to the following truncated output. Note that the output includes the full OID for each attribute instance below the serverRuntimeTable object. Object ID: .1.3.6.1.4.1.140.625.360.1.1.32.101.98.52.50.55.97.53.101.55.101. 56.97.51.98.97.52.99.97.57.53.100.51.51.98.102.51.98.57.48.98.51. 55 STRING: eb427a5e7e8a3ba4ca95d33bf3b90b37 Object ID: .1.3.6.1.
Commands for Retrieving the Value of WebLogic Server Attributes snmpgetnext Returns a description of the managed object that immediately follows one or more OIDs that you specify. Instead of the recursive listing that the snmpwalk command provides, this command returns the description of only the one managed object whose OID is the next in sequence. You could string together a series of snmpgetnext commands to achieve the same result as the snmpwalk command.
C WebLogic SNMP Agent Command-Line Reference The command returns output similar to the following: Response PDU received from 127.0.0.1/127.0.0.1, community: public Object ID: .1.3.6.1.4.1.140.625.190.1.15.32.49.51.54.56.100.54.98.102.97.101 .101.52.100.101.49.53.50.99.55.98.57.55.57.56.54.53.98.49.55.102. 100.
Commands for Retrieving the Value of WebLogic Server Attributes snmpget Retrieves the value of one or more object instances. This command does not accept OIDs for object types. Syntax java snmpget [-d] [-c snmpCommunity] [-p snmpPort] [-t timeout] [-r retries] host object-instance-OID [object-instance-OID]... Argument Definition object-instance-OID [object-instance-OID]... The object ID of an object instance. This command does not accept OIDs for object types. Start the value with '.
C WebLogic SNMP Agent Command-Line Reference Commands for Testing Traps Table C-3 is an overview of commands that generate and receive traps for testing purposes. Table C-3 Overview of Commands for Retrieving Information about WebLogic Server Command Description snmpv1trap Constructs an SNMPv1 trap and distributes it to the SNMP manager or trap daemon that is running on the specified host and listening on the specified port number. See “snmpv1trap” on page -55.
Commands for Testing Traps snmpv1trap Constructs an SNMPv1 trap and distributes it to the SNMP manager or trap daemon that is running on the specified host and listening on the specified port number. For more information about the trap daemon, refer to “snmptrapd” on page -58. As part of invoking this command, you specify the value for fields within the trap packet that you want to send. The values that you specify must resolve to traps that are defined in the WebLogic Server MIB.
C WebLogic SNMP Agent Command-Line Reference Argument Definition generic-trap Specifies the value of the trap’s generic trap type field. For a list of valid values, refer to “Format of WebLogic Trap Notifications” in the WebLogic SNMP Management Guide. Specifies the value of the trap’s specific trap type field. specific-trap For a list of valid values, refer to “Format of WebLogic Trap Notifications” in the WebLogic SNMP Management Guide. Specifies the value of the trap’s timestamp field.
Commands for Testing Traps java snmpv1trap -p 165 localhost .1.3.6.1.4.140.625 localhost 6 60 1000 .1.3.6.1.4.1.140.625.100.5 STRING "2:00 pm" .1.3.6.1.4.1.140.625.100.10 STRING localhost The SNMP manager (or trap daemon) that is listening at port number 165 receives the trap. If the trap daemon is listening on 165, it returns the following: Trap received from: /127.0.0.1, community: public Enterprise: .1.3.6.1.4.140.625 Agent: /127.0.0.1 TRAP_TYPE: 6 SPECIFIC NUMBER: 60 Time: 1000 VARBINDS: Object ID: .1.
C WebLogic SNMP Agent Command-Line Reference snmptrapd Starts a daemon that receives traps and prints information about the trap. Syntax java snmpv1trap [-d] [-c snmpCommunity] [-p TrapDestinationPort] Argument Definition -c snmpCommunity Specifies that community name that the SNMP agent (or snmpv1trap command) used to generate the trap. If you do not specify a value, the command assumes -c public. -p TrapDestinationPort Specifies the port number on which the trap daemon receives traps.
Commands for Testing Traps java snmptrapd 3. Open another shell and do the following: a. Add a supported SDK to the shell’s PATH environment variable. b. Set the CLASSPATH environment variable as described in “Setting the Classpath Option” on page 2-10. 4. To generate a trap, enter the following command: java snmpv1trap localhost .1.3.6.1.4.140.625 localhost 6 65 1000 The snmpv1trap command generates a serverStart Trap and broadcasts it through port 162.
C C-60 WebLogic SNMP Agent Command-Line Reference Administration Guide
APPENDIX D Parameters for Web Server Plug-ins The following sections describe the parameters that you use to configure the Apache, Netscape, and Microsoft IIS Web Server plug-ins: n Overview n General Parameters for Web Server Plug-Ins n SSL Parameters for Web Server Plug-Ins Overview You enter the parameters for each Web Server Plug-in special configuration files. Each Web Server has a different name for this configuration file and different rules for formatting the file.
D Parameters for Web Server Plug-ins General Parameters for Web Server Plug-Ins Note: Parameters are case sensitive. Parameter Default Description WebLogicHost none Identifies a single instance of WebLogic Server to which HTTP requests should be forwarded. Note: WebLogicPort none Use only when proxying to a single server instance. To proxy to a WebLogic Server cluster, use the WebLogicCluster instead. Port at which the WebLogic Server host is listening for WebLogic connection requests.
General Parameters for Web Server Plug-Ins Parameter Default Description WebLogicCluster none Identifes the WebLogic Server instances to which HTTP requests should be forwarded. The WebLogicCluster parameter specifies the host name and listen port for each server instance specified. The method of specifying the parameter, and the required format vary by plug-in.
D Parameters for Web Server Plug-ins Parameter Default Description PathTrim null String trimmed by the plug-in from the beginning of the original URL, before the request is forwarded to WebLogic Server. For example, if the URL http://myWeb.server.com/weblogic/foo is passed to the plug-in for parsing and if PathTrim has been set to strip off /weblogic before handing the URL to WebLogic Server, the URL forwarded to WebLogic Server is: http://myWeb.server.
General Parameters for Web Server Plug-Ins Parameter Default Description ConnectRetrySecs 2 Interval in seconds that the plug-in should sleep between attempts to connect to the WebLogic Server host (or all of the servers in a cluster). Make this number less than the ConnectTimeoutSecs. The number of times the plug-in tries to connect before returning an HTTP 503/Service Unavailable response to the client is calculated by dividing ConnectTimeoutSecs by ConnectRetrySecs.
D Parameters for Web Server Plug-ins Parameter Default Description Debug OFF Sets the type of logging performed for debugging operations. It is not advisable to switch on these debugging options in production systems. The debugging information is written to the /tmp/wlproxy.log file on UNIX systems and c:\TEMP\wlproxy.log on Windows NT/2000 systems. You can override this location and filename by setting the WLLogFile parameter to a different directory and file.
General Parameters for Web Server Plug-Ins Parameter Default Description WLLogFile See the Debug parameter Specifies path and file name for the log file that is generated when the Debug parameter is set to ON. You must create this directory before setting this parameter. WLTempDir See the Debug parameter Specifies the directory where a wlproxy.log will be created. If the location fails, the Plug-In resorts to creating the log file under C:/temp in Windows and /tmp in all Unix platforms.
D Parameters for Web Server Plug-ins Parameter Default Description WLSocketTimeoutSecs 2 (must be greater than 0) Set the timeout for the socket while connecting, in seconds. HungServerRecoverSecs) 300 Defines the amount of time the plug-in waits for a response to a request from WebLogic Server. The plug-in waits for HungServerRecoverSecs for the server to respond and then declares that server dead, and fails over to the next server. The value should be set to a very large value.
General Parameters for Web Server Plug-Ins Parameter Default Description DefaultFileName none If the URI is “/” then the plug-in performs the following steps: 1. Trims the path specified with the PathTrim parameter. 2. Appends the value of DefaultFileName. 3. Prepends the value specified with PathPrepend. This procedure prevents redirects from WebLogic Server. Set the DefaultFileName to the default welcome page of the Web Application in WebLogic Server to which requests are being proxied.
D Parameters for Web Server Plug-ins Parameter Default Description FileCaching ON When set to ON, and the size of the POST data in a request is greater than 2048 bytes, the POST data is stored on disk in a temporary file and forwarded to WebLogic Server in chunks of 8192 bytes. Setting FileCaching to ON, however, can cause a problem with the progress bar displayed by a browser that indicates the progress of a download.
General Parameters for Web Server Plug-Ins Parameter Default Description QueryFromRequest OFF When set to ON, specifies that the Apache plug-in use (request_rec *)r->the request to pass the query string to WebLogic Server. (For more information, see your Apache documentation.) This behavior is desirable in the following situations: (Apache HTTP Server only) n When a Netscape version 4.x browser makes requests that contain spaces in the query string n If you are using Raven Apache 1.5.
D Parameters for Web Server Plug-ins Parameter Default Description WLProxySSL OFF Set this parameter to ON to maintain SSL communication between the plug-in and WebLogic Server when the following conditions exist: n An HTTP client request specifies the HTTPS protocol n The request is passed through one or more proxy servers (including the WebLogic Server proxy plug-ins) n The connection between the plug-in and WebLogic Server uses the HTTP protocol When WLProxySSL is set to ON, the location hea
SSL Parameters for Web Server Plug-Ins SSL Parameters for Web Server Plug-Ins Note: Parameters are case sensitive. Parameter SecureProxy Default OFF Description Set this parameter to ON to enable the use of the SSL protocol for all communication between the WebLogic Server proxy plug-in and WebLogic Server. Remember to configure a port on the corresponding WebLogic Server for the SSL protocol before defining this parameter.
D Parameters for Web Server Plug-ins Configuring Web Applications and Clusters for the Plug-in Set the following attributes on a cluster or a Web application to configure security for applications accessed via the plug-in.
Index A access logs 8-14 ADMIN_URL environment variable 2-20 Administration commands, overview B-6, B-27, 48, 54 Administration Console customizing tables in 1-5 specifying private key password for use with SSL 2-7 starting 1-4 stopping WebLogic Servers from 2-21 using to deploy applications 7-2 Administration Server 4-2 discovery of Managed Servers 2-14 restarting 2-13 role in monitoring domain 5-2 specifying classpath when starting 2-10 starting 2-3 starting from command line 2-6 starting with a script 2-
HTTP parameters 8-2 JMS backing stores 17-12 connection consumers 17-16 connection factories 17-8 destination keys 17-12 destinations 17-10 message paging 17-20 overview 17-2 servers 17-7 session pools 17-16 templates 17-11 Microsoft-IIS (proxy) plug-in 12-5 configuration attributes specifying at startup 2-9 configuration directory structure of 2-9 configuration file, backup of 2-13 CONNECT, WebLogic Server command B-10 Connection consumers, JMS 17-16 Connection factories, JMS 17-8 Connection Pool Administr
F Failover procedures, JMS 17-31 Failure, server 17-31 FileCaching C-10 FrontendHost 8-2 FrontendHTTPPort 8-3 FrontendHTTPSPort 8-3 G garbage collection, forcing 5-3 GET, WebLogic Server command B-40 Getting help for a WebLogic Server command B-11 Getting Mbean information, GET command B-40 H HELP, WebLogic Server command B-11 Host Name Verifier disabling at start-up 2-8 specifying a custom 2-8 HTTP 8-2 HTTP access logs 8-14 common log format 8-16 extended log format 8-17 Log Rotation 8-14 setting up 8-15
keys license 21-2 killing a server difference from stopping 3-17 L license evaluation 21-1 keys 21-2 updating 21-2 LICENSES, WebLogic Server command B-12 LIST, WebLogic Server command B-13 listen port 8-5 Listening ports, verify B-15 LOCK, WebLogic Server command B-14 log files browsing 6-10 Log Message Attributes See Message Attributes 6-7 M machine entries for use with Node Manager 3-8 Managed Server adding configuration entry for 2-16 what it is 1-2 managed server specifying URL for Administration Serv
N native I/O 8-27 Netscape (proxy) Plug-in 13-2 and clustering 13-15 MIME types 13-4 obj.conf file 13-5 sample obj.
registering 2-34 SHUTDOWN, WebLogic Server command B-17 SSL specifying private key password at server startup 2-7 SSL session caching indicating 2-8 SSLHostMatchOID C-13 starting Administration Server 2-3 Starting the Administration Console 4-4 starting WebLogic Server as Windows Service 2-5 starting WebLogic Server remotely 3-16 startup classes registering 2-34 startup scripts for Administration Server 2-12 startup scripts for Managed Servers 2-20 static deployment 7-2 StatPath C-7 stopping WebLogic Server
CREATE B-38 CREATE_POOL B-29 DELETE B-39 DESTROY_POOL B-32 DISABLE_POOL B-33 ENABLE_POOL B-34 enabling command-line interface B-2 EXISTS_POOL B-35 GET B-40 HELP B-11 INVOKE B-42 LICENSES B-12 LIST B-13 LOCK B-14 Mbean management commands overview B-37 PING B-15 RESET_POOL B-36 SERVERLOG B-16 SET B-43 SHUTDOWN B-17 syntax and arguments B-3, 46 THREAD_DUMP B-24 UNLOCK B-25 VERSION B-26 WebLogic Server, remote startup of 3-9 WebLogicCluster C-3 WebLogicHost C-2 WebLogicPort C-2 Windows Service starting WebLogi
