Monday Jan 04, 2016

Java Rock Star Adam Bien Impressed by WebLogic 12.2.1

It is not an exaggeration to say Adam Bien is pretty close to a "household name" in the Java world. Adam is a long time Java enthusiast, author of quite a few popular books, Java Community Process (JCP) expert, Oracle ACE Director, official Oracle Java Champion and JavaOne conference Rock Star award winner. Adam most recently won the JCP member of the year award. His blog is amongst the most popular for Java developers. 

Adam recently took WebLogic 12.2.1 for a spin and was impressed. Being a developer (not unlike myself) he focused on the full Java EE 7 support in WebLogic 12.2.1. He reported his findings to Java developers on his blog. He commented on fast startup, low memory footprint, fast deployments, excellent NetBeans integration and solid Java EE 7 compliance. You can read Adam's full write-up here.

None of this of course is incidental. WebLogic is a mature product with an extremely large deployment base. With those strengths often comes the challenge of usability. Nonetheless many folks that haven't kept up-to-date with WebLogic evolution don't realize that usability and performance have long been a continued core focus. That is why folks like Adam are often pleasantly surprised when they take an objective fresh look at WebLogic. You can of course give WebLogic 12.2.1 a try yourself here. There is no need to pay anything just to try it out as you can use a free OTN developer license (this is what Adam used as per the instructions on his post). You can also use an official Docker image here.

Solid Java EE support is of course the tip of the iceberg as to what WebLogic offers. As you are aware WebLogic offers a depth and breadth of proven features geared towards mission-critical, 24x7 operational environments that few other servers come close to. One of the best ways for anyone to observe this is taking a quick glance at the latest WebLogic documentation.

Thursday Nov 12, 2015

JMX Authorization policies

With the introduction of the Partition conception in 12.2.1 Weblogic, there is an impact on how an MBean is authorized to a Weblogic user. This is due to the fact that an MBean can now be scoped to either 1) Domain or 2) Partition. A Partition is a slice of a Weblogic Domain which can have its own set of users defined. The users from one Partition are separate from the users from another Partition and also from the users from the Domain. Historically, when there was no concept of a Partition, a user in a Weblogic Domain can have four roles namely 1) Administrator 2) Deployer 3) Monitor 4) Operator. The basic rules of whether an MBean can be authorized can be summarized as follows.

  1. Any user can read any MBean except the Encrypted one
  2. A user with Administrator role can write/execute any MBean
  3. A user with other roles (Deployer, Monitor, Operator) can access an MBean as long as that MBean is annotated with the specific role. E.g

@roleAllowed Deployer

Public class MyMBean {


In the case above, a user with Deployer role can write/execute that MBean but a user with Monitor role cannot write/execute on that MBean.

In 12.2.1 release, with the introduction of Multi-tenancy, the authorization rules have been changed significantly.  An MBean can now be located either in a Domain scope or in a Partition scope. This scoping is sometimes referred to as “owned by”. E.g. in 12.2.1, the DomainMBean is owned by the Domain because the MBean is located in the Domain level in the MBean tree. The MBeans in Weblogic can be visualized as a tree-like structure.

 The image above describes how MBeans in Weblogic are now scoped either to a Partition or to the Domain. When a Partition is created in Weblogic, a config MBean named PartitionMBean is created representing that Partition. If you look carefully in the image above, you will see that the PartitionMBean is scoped to the Domain not to the Partition. Any MBean under that PartitionMBean is scoped to a Partition.

So, whether a Partition user can access an MBean depends on where that MBean is located in the MBean tree. The location of the MBean in the MBean tree defines whether a Partition owns that MBean or whether the Domain owns that MBean. Users from the Domain are allowed to write/execute the Partition MBeans but the users from the Partitions are not allowed to write/execute MBeans unless they are granted permission by explicit annotations.

                In 12.2.1, we have introduced a new annotation named @owner which overrides the ownership behavior of an MBean based on the location to explicitly specified ownership. There are three values of @owner namely 1) Domain 2) Partition 3) Context.

@owner Domain will mark an MBean owned by the Domain regardless of its location in the MBean tree.

@owner Partition will mark an MBean owned by the Partition regardless of its location in the MBean tree.

@owner Context will change the ownership of an MBean based on the login Context of the user that is trying to access the MBean.

if a user tries to access an MBean from the Domain context then the MBean will behave as @owner Domain

If a user tries to access an MBean from the Partition context then the MBean will behave as @owner Partition.

The @owner Context is particularly useful when an MBean needs to be accessed by both the Domain users and the Partition users of a Partition. The MBean acts like a shared MBean between the Domain and the Partitions. You must remember that when an MBean scoped to a Domain in the MBean tree is marked with @owner Context, it means that that MBean can be written/executed by all the Partition users not by the users from a particular Partition. There is no way to selectively allow users from a particular Partition to access a Domain scoped MBean.

Each attribute or operation of an MBean can be marked with @owner to have finer control on the MBean. Putting @owner on an MBean interface acts like putting @owner on all the attributes and operations of that MBean.

Example usage

Annotating an MBean like below will allow a user from the Domain with Deployer role and a user from a Partition with Deployer role access to any operations or attributes on DomainRuntimeMBean 


* @roleAllowed Deployer

* @owner Context


public interface DomainRuntimeMBean

Authorization’s relation to visibility of an MBean

In  the 12.2.1 release because of the introduction of Multi-tenancy, there are some changes in terms of what MBeans can be seen by a user. Not all MBeans are visible to a user. The authorization rule applies if an MBean is only visible to an end user. Please look at the MBean Visibility for details about the visibility rules in Weblogic 12.2.1.

Default Security Policies in 12.2.1

The Domain user with Administrator role has full access on all MBeans across the domain and the Partitions

The getter for any MBean attribute and the lookupXXX operation is authorized for any user from the Domain and the Partitions without any annotation required.

Setter of an attribute or an operation of a Domain scoped MBean needs to be marked with @owner context if Partition users need to access it.

The Partition owned MBean will not require @owner annotation to be accessible by the users of that particular Partition.

If a Domain user with other roles (Deployer, Monitor, and Operator) requires access to Domain scoped MBeans then they must be annotated with @roleAllowed annotation. Remember, unlike Domain Administrator, these users can only access Domain scoped MBeans not the Partition scoped MBeans.

A user from a Partition with Administrator role can access any MBean in that Partition but not to MBeans in other Partitions. This is protected by Visibility rule

A Partition user can have similar roles (Administrator,Deployer,Monitor or Operator) as in the Domain.

If a user from a Partition with other roles (Deployer, Operator and Monitor) needs access(write and execute) on the Partition scoped MBean then the MBean needs to be annotated with @roleAllowed.

Summary of Authorization rules for users in Weblogic 12.2.1

Table 1: WLS MBeans without any @roleAllowed annotation 

  • Domain MBean: an MBean located in a Domain Scope, an MBean marked with @owner Domain or an Mbean marked with @owner Context and the subject is in domain Context
  • Partition MBean: an MBean located in a Partition Scope, an MBean marked with @owner Partition or an MBean marked with @owner Context and the subject is in a Partition context when trying to access the MBean
  • Table 2: WLS MBeans with @roleAllowed annotation. This annotation can appear on MBean Interface, Attribute or Operation

  • Domain MBean: an MBean located in a Domain Scope, an MBean marked with @owner Domain or an Mbean marked with @owner Context and the subject is in domain Context
  • Partition MBean: an MBean located in a Partition Scope, an MBean marked with @owner Partition or an MBean marked with @owner Context and the subject is in a Partition context when trying to access the MBean

    Table 3: Previlege of Different Domain Roles

      Table 4: Previlege of Different Partition Roles

Wednesday Jan 28, 2015

Oracle Maven Repository Index Now Available

The new Oracle Maven Repository now has an index available which should make it far easier to navigate the contents. As you may already know there's a number of important WebLogic artifacts in the repository. This is a standard Maven index, built with the Maven Core Indexer code and is available at and The easiest way to view the index is through an IDE like NetBeans that has a Maven repository browser:

You should definitely try the index out with the tools that you are using as well as the repository generally. This relatively early stage is a great time to provide feedback so things can be as polished as possible.

Monday Sep 16, 2013

Therap Services at OpenWorld: Highlights Support for Individuals with Developmental Disabilities

Therap Services, LLC. is a web-based service organization that provides an integrated solution for documentation, reporting and communication needs of agencies providing support to people with developmental disabilities. It offers an easy and efficient alternative to the immense amount of paper work that is done manually by the care providers. Therap’s software suite is relevant to all the different kinds of service organizations that support and care for people with intellectual and developmental disabilities. Therap is used in over 1,000 agencies, in small agencies serving as few as one individual to multi-state providers serving thousands of individuals. The modules can be categorized under Individual Support, Staff Support and Billing and Attendance Support. Therap uses Oracle Database and had been using JBoss as the application server for their mission critical application.  As Therap has grown, they have experienced several performance issues with JBoss – specifically problems with JBoss Messaging.  As Therap continues to expand their business, they felt the need for a more robust solution for their core business application.  Additionally, Therap needed a more advanced monitoring solution for both internal and external transactions on multiple layers:  application, database, application server. They chose Oracle WebLogic Server for three main reasons:  1) Extremely high confidence level in the Oracle Product Management team expertise, 2) Access to a better support system with product integration and best practices, and 3) Oracle’s proven reliability history.  Come join Therap Services CTO Masum at OpenWorld to hear about how Therap leverages Oracle WebLogic Server with Oracle Enterprise Manager to really take their applications to the next level. In addition, while at OpenWorld don’t miss other Cloud Application Foundation Innovators. You can join the session whether you are an OpenWorld attendee or not.

Thursday Jan 20, 2011

WebLogic Server 10.3.4 Released - Key APIs of Java EE 6 and More

[Read More]

Thursday Mar 25, 2010

Recent improvements in Console Performance

[Read More]

Thursday Jan 14, 2010

EJB3: Mapping of One-to-One relationships when primary key in the source table is also a foreign key for the target entity

This blog entry will explain how to define the EJB3 object relational mappings for entities that have a 1-1 association when the primary key of the relationship's owner side is also the foreign key for the owned entity.

Consider the following diagram.


The Supplier entity has a 1-1 relationship with the SupplierStatistics entity. A Supplier is identified by the ID key uniquely which is also the primary key of the SUPPLIER table. Each Supplier has an associated set of Statistics like the number of orders placed, accepted and delivered on time by a given Supplier. These statistics are persisted in the SUPPLIER_STATISTICS table. The records in the SUPPLIER and SUPPLIER_STATISTICS table are joined by the ID of the supplier. The ID column in the SUPPLIER table is also a foreign key which references the SUPPLIER_ID column in the SUPPLIER_STATISTICS table.


The EJB3 entity classes for the above relationship are given below.


package com.tutorial.entity;



import javax.persistence.*;



 * The persistent class for the SUPPLIER database table.




public class Supplier implements Serializable {

  private static final long serialVersionUID = 1L;




  private long id;


  private String name;


  //uni-directional one-to-one association to SupplierStatistic

  @OneToOne(cascade={CascadeType.PERSIST, CascadeType.REMOVE, CascadeType.REFRESH})

  @JoinColumn(name="ID", insertable=false, updatable=false)

  private SupplierStatistic supplierStatistic;


  public Supplier() {

      supplierStatistic = new SupplierStatistic();



  public long getId() {




  public void setId(long id) { = id;



  public String getName() {




  public void setName(String name) { = name;



  public SupplierStatistic getSupplierStatistic() {

    return this.supplierStatistic;




  public void initializeSupplierStatistic() {






package com.tutorial.entity;



import javax.persistence.*;

import java.math.BigDecimal;



 * The persistent class for the SUPPLIER_STATISTICS database table.




public class SupplierStatistic implements Serializable {

  private static final long serialVersionUID = 1L;





  private long supplierId;



  private BigDecimal ordersAccepted;



  private BigDecimal ordersDeliveredOnTime;



  private BigDecimal ordersPlaced;


  SupplierStatistic() {}


  public long getSupplierId() {

    return this.supplierId;



  public void setSupplierId(long supplierId) {

    this.supplierId = supplierId;



  public BigDecimal getOrdersAccepted() {

    return this.ordersAccepted;



  public void setOrdersAccepted(BigDecimal ordersAccepted) {

    this.ordersAccepted = ordersAccepted;



  public BigDecimal getOrdersDeliveredOnTime() {

    return this.ordersDeliveredOnTime;



  public void setOrdersDeliveredOnTime(BigDecimal ordersDeliveredOnTime) {

    this.ordersDeliveredOnTime = ordersDeliveredOnTime;



  public BigDecimal getOrdersPlaced() {

    return this.ordersPlaced;



  public void setOrdersPlaced(BigDecimal ordersPlaced) {

    this.ordersPlaced = ordersPlaced;





Notice the salient features of the entity mappings.


  • The relationship is defined as a One-way 1-1 mapping from the Supplier, which is the owner of the relationship to the SupplierStatistic entity.


      //uni-directional one-to-one association to SupplierStatistic

@OneToOne(cascade={CascadeType.PERSIST, CascadeType.REMOVE, CascadeType.REFRESH})

@JoinColumn(name="ID", insertable=false, updatable=false)

private SupplierStatistic supplierStatistic;

The @JoinColumn annotation has the attributes insertable=false and updatable=false. This is because the ID column which is a primary key also happens to be the foreign key for the SupplierStatistic entity. Since we don't need to persist an additional column to persist the relationship which is implicitly defined by the primary key, we mark the JoinColumn as insertable and updateable = false. Otherwise you will run into errors depending upon your JPA provider.


With EclipseLink JPA provider available with Oracle Enterprise Pack for Eclipse (OEPE) I was getting the following error without these attributes.


javax.persistence.RollbackException: Exception [EclipseLink-4002] (Eclipse Persistence Services - 1.1.2.v20090612-r4475): org.eclipse.persistence.exceptions.DatabaseException

Internal Exception: java.sql.SQLSyntaxErrorException: ORA-00957: duplicate column name


Error Code: 957


      bind => [4502, SupplierName1, 4502]


  • The supplierStatistic entity is implicitly created when the Supplier is created. Refer to the constructor. The OneToOne relationship is marked as CascadeType.PERSIST so the SupplierStatistic entity will be persisted along with the Supplier entity.

    public Supplier() {

    supplierStatistic = new SupplierStatistic();


  • What about the SUPPLIER_ID column value for the SupplierStatistic entity? It needs to be the same value as the parent Supplier's ID value. This is achieved by injecting the ID of the parent into the child before persisting them. The initialiazeSupplierStatistic method is annotated with the @PrePresist annonation.



     public void initializeSupplierStatistic() {




This ensures that the id field value that has been either auto-generated or retrieved from the sequence table (depending upon the generation strategy for the primary key) by the JPA provider is passed onto the child entity thereby defining the 1-1 association.

  • As a best practice the constructor for the SupplierStatistic class is not public, so there is no explicit way to create and persist a SupplierStatistic entity. It gets created and persisted only in the context of the parent. Correspondingly a SupplierStatistic entity is removed along with the parent Supplier, since we also have CascadeType.REMOVE on the relationship.


This pattern can be applied to other situations where the same primary key value is shared between the two entities, for example Customer and Contact which can share the CUSTOMER_ID has the common key.




DDL for the SUPPLIER and SUPPLIER_STATISTICS tables for the Oracle Database 10g Express Edition


  "NAME" VARCHAR2(4000), 
[Read More]

Tuesday Dec 01, 2009

Threads Constraints in Work Managers

[Read More]

Monday Nov 09, 2009

Stateful JAX-WS with Coherence*Web

We describe a stateful JAX-WS web service with high availability provided by Coherence*Web [1]. Deployed to two separate WebLogic managed servers, the web service stores its state in http session cookies. Coherence*Web distributes and synchronizes http session data between both managed servers. As a result, two endpoints with synchronized web service state provide high availability. With one endpoint down, another could continue to serve the service request with current web service state.

Note that WebLogic clustering can also provide highly available http sessions. However, we want to demonstrate Coherence*Web as an alternative to clustering for high availability. Therefore, we do not use clustering here. Instead, we use Coherence*Web.

Setting up the stateful web service with Coherence*Web involves the following steps.

  • start Coherence*Web cache server 
  • create and configure managed servers
    • deploy Coherence*Web as a shared library to the managed servers
  • create and deploy the web service
    • stores state in http session
    • instrument the web service using Coherence*Web
    • deploy the web service to both managed servers
Start Coherence*Web Cache Server

Start Coherence*Web cache server using the command below [2].

java -server -Xms512m -Xmx512m 
-cp coherence/lib/coherence.jar:coherence/lib/coherence-web-spi.war

Create and Configure Managed Servers

Copy coherence/lib/coherence.jar [2] to $DOMAIN_HOME/lib.

Start WebLogic AdminServer using


Create two managed servers Server-2 at port 7012 and Server-3 at port 7013 using the admin console. Start both servers using the commands below.

$DOMAIN_HOME/bin/ Server-2
$DOMAIN_HOME/bin/ Server-3

Deploy coherence\lib\coherence-web-api.war [2] to the servers as a shared library. 

Create and Deploy the Web Service

Install Oracle Enterprise Pack for Eclipse (OEPE) on Eclipse Galileo [4]. In Eclipse, create a web service using the following WSDL and implementation.

<xsd:import namespace=""
 schemaLocation="http://localhost:7001/Stateful_WS_Coherence/StatefulWSService?xsd=1" />
<message name="addItem">
<part name="parameters" element="tns:addItem" />
<message name="addItemResponse">
<part name="parameters" element="tns:addItemResponse" />
<portType name="StatefulWS">
<operation name="addItem">
<input message="tns:addItem" />
<output message="tns:addItemResponse" />
<binding name="StatefulWSPortBinding" type="tns:StatefulWS">
<soap:binding transport=""
style="document" />
<operation name="addItem">
<soap:operation soapAction="" />
<soap:body use="literal" />
<soap:body use="literal" />
<service name="StatefulWSService">
<port name="StatefulWSPort" binding="tns:StatefulWSPortBinding">
 location="http://localhost:7001/Stateful_WS_Coherence/StatefulWSService" />
</definitions> and

import javax.jws.WebMethod;
import javax.jws.WebService;
import javax.jws.*;
import javax.annotation.Resource;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*
public class StatefulWS {
WebServiceContext ctx;
public int addItem(String name) {
HttpServletRequest req = (HttpServletRequest)
HttpSession session = req.getSession(true);
if (session == null)
throw new WebServiceException("No HTTP Session found");
System.out.println("httpsession: id="+session.getId());

//Get the cart object from the HttpSession
List<Item> cart = (List<Item>)session.getAttribute("myCart");
if (cart == null)
{ cart = new ArrayList(); }
// Add the item to the cart
cart.add(new Item(name));
// Save the updated cart in the HTTPSession
session.setAttribute("myCart", cart);
// return the number of items in the stateful cart
return cart.size();
public class Item implements {
public String name;public Item(String name){ = name;

Add coherence-web-api library into weblogic.xml [2].


Deploy the web service to both managed servers.


Run the test.

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;

public class StatefulWSClient {
public static void main(String[] args) throws Exception {
StatefulWSService service =
 , new QName("", "StatefulWSService"));
StatefulWS port = service.getStatefulWSPort();

.put(BindingProvider.SESSION_MAINTAIN_PROPERTY, true);


System.out.println("calling " +
for (int j=0; j<5; j++) {
try {
int response = port.addItem("abc");
System.out.println("Got " + response);
} catch (Exception ex) {}

System.out.println("calling " +
for (int j=0; j<5; j++) {
try {
int response = port.addItem("abc");
System.out.println("Got " + response);
} catch (Exception ex) {}

The test invokes the web service five times for each endpoint.  The output shows that the returned count increases, indicating synchronized web service state across both endpoints.

Got 1
Got 2
Got 3
Got 4
Got 5
Got 6
Got 7
Got 8
Got 9
Got 10

Both managed servers output the same http session id's.

httpsession: id=tS1DNs2XTJZuQNhNfsl4fvpuj0Qd2ZnmTmHFKtKlUX4EytukR9V0!-280396885!1257829391923
httpsession: id=tS1DNs2XTJZuQNhNfsl4fvpuj0Qd2ZnmTmHFKtKlUX4EytukR9V0!-280396885!1257829391923
httpsession: id=tS1DNs2XTJZuQNhNfs14fvpuj0Qd2ZnmTmHFKtKlUX4EytukR9V0!-280396885!1257829391923
httpsession: id=tS1DNs2XTJZuQNhNfsl4fvpuj0Qd2ZnmTmHFKtKlUX4EytukR9V0!-280396885!1257829391923

  1. Coherence*Web and WebLogic Server
  2. Installing Coherence*Web on the WebLogic Server 10.3
  3. Stateful JAX-WS
  4. Oracle Enterprise Pack for Eclipse
 [Read More]

Monday Oct 12, 2009

Are My Servers Running?

[Read More]

Monday Sep 14, 2009

Migrating OC4J 10.1.3 Stateful Web Services to WebLogic

[Read More]

The official blog for Oracle WebLogic Server fans and followers!

Stay Connected


« August 2016