Friday Nov 13, 2015

Oracle WebLogic Server 12.2.1 Running on Docker Containers

Oracle WebLogic Server 12.2.1 is now certified to run on Docker containers. As part of this certification, we are releasing Docker files on GitHub to create Oracle WebLogic Server 12.2.1 install images and Oracle WebLogic Server 12.2.1 domain images. These images are built as an extension of existing Oracle Linux images Oracle Linux Images. To help you with this, we have posted Dockerfiles and scripts on GitHub as examples for you to get started.

Docker is a platform that enables users to build, package, ship and run distributed applications. Docker users package up their applications, and any dependent libraries or files, into a Docker image. Docker images are portable artifacts that can be distributed across Linux environments. Images that have been distributed can be used to instantiate containers where applications can run in isolation from other applications running in other containers on the same host operating system.

The table below describes the certification provided for various WebLogic Server versions. You can use these combinations of Oracle WebLogic Server, JDK, Linux and Docker versions when building your Docker images.

Oracle WebLogic Server Version

JDK Version


Kernel Version

Docker Version


Oracle Linux 6 UL 6+

UEK Release 3 (3.8.13)



Oracle Linux 7

UL 0+

UEK Release 3 (3.8.13)

Or RHCK 3 (3.10)



RedHat Linux 7+

RHCK 3 (3.10)



Oracle Linux 6 UL 5+

UEK Release 3 (3.8.13)



Oracle Linux 7 UL 0+

UEK Release 3 (3.8.13)

Or RHCK 3 (3.10)



RedHat Linux 7+

RHCK 3 (3.10)


We support Oracle WebLogic Server in certified Docker containers running on other Linux host operating systems that have Kernel 3.8.13 or larger and that support Docker Containers, please read our support statement at Support statement. For additional details on the most current Oracle WebLogic Server supported configurations please refer to Oracle Fusion Middleware Certification Pages.

These Dockerfiles and scripts we have provided enable users to create clustered and non-clustered Oracle WebLogic Server domain configurations, including both development and production running on a single host operating system or VMs. Each server running in the resulting domain configurations runs in its Docker container, and is capable of communicating as required with other servers.

A topology which is in line with the “Docker-way” for containerized applications and services consists of a container designed to run only an administration server containing all resources, shared libraries and deployments. These Docker containers can all be on a single physical or virtual server Linux host or on multiple physical or virtual server Linux hosts. The Dockerfiles in GitHub to create an image with a WebLogic Server domain can be used to start these admin server containers.

For documentation on how to use these Dockerfiles and scripts, see the whitepaper on OTN. The Oracle WebLogic Server video and demo presents our certification effort and shows a Demo of WebLogic Server 12.2.1 running on Docker Containers. We hope you will try running the different configurations of WebLogic Server on Docker containers, and look forward to hearing any feedback you might have.

Wednesday Nov 04, 2015

Application MBeans Visibility in Oracle WebLogic Server 12.2.1

Oracle WebLogic Server (WLS) version 12.2.1 supports a feature called Multi-Tenancy (WLS MT). WLS MT introduces the partition, partition administrator, and partition resource concepts.  Partition isolation is enforced when accessing resources (e.g., MBeans) in a domain. WLS administrators can see MBeans in the domain and the partitions. But a partition administrator as well as other partition roles are only allowed to see the MBeans in their partition, not in other partitions. 

In this article, I will explore the visibility support on the application MBeans to demonstrate partition isolation in WLS MT in 12.2.1. This includes

  • An overview of application MBean visibility in WLS MT
  • A simple user case that demonstrates what MBeans are registered on a WLS MBeanServer, what MBeans can be visible by WLS administrators or partition administrators
  • Links to reference materials for more information

The use case used in this article is run based on a domain created in another article "Create WebLogic Server Domain with Partitions using WLST in 12.2.1". In this article, I will 

  • Briefly show the domain topology
  • Demonstrate how to deploy an application to the domain and partitions
  • Demonstrate how to access the application MBeans via JMX clients using global/domain url or partition specific url
  • Demonstrate how to enable debugging/logging

1. Overview

An application can be deployed to WLS servers per partition, so the application is multiplied for multiple partitions. WLS contains three MBeanServers: Domain Runtime MBeanServer, Runtime MBeanServer. Each MBeanServer can be used for all partitions. WLS needs to ensure that the MBeans registered on each MBeanServer by the application are unique for each partition.

The application MBean visibility in WLS MT can be illustrated by several parts:

  • Partition Isolation
  • Application MBeans Registration
  • Query Application MBeans
  • Access Application MBeans

1.1 Partition Isolation

A WLS administrator can see application MBeans in partitions. But a partition administrator for a partition is not able to see application MBeans from the domain or other partitions.  

1.2 Application MBeans Registration

When an application is deployed to a partition, application MBeans are registered during the application deployment. WLS adds a partition specific key (e.g. Partition=<partition name>) to the MBean Object Names when registering them onto the WLS MBeanServer. This will ensure that MBean object names are unique when registered from a multiplied application.

Figure on the right shows how application MBean ObjectNames are different when registered onto the WLS MBeanServer on the domain and the partitions.

Figure on the right shows there is a WLS domain and an application.

WLS domain is configured with two partitions: cokePartition and pepsiPartition.

An application registers one MBean, e.g., testDomain:type=testType, during the application deployment.

The application is deployed to WLS domain, cokePartition and pepsiPartition. Since an WLS MBeanServer instance is shared by the domain, cokePartition and pepsiPartition, there are three application MBeans registered on the same MBeanServer after three application deployments:

  • An MBean belongs to domain:          testDomain:type=testType
  • An MBean belongs to cokePartition: testDomain:Partition=cokePartition,type=testType
  • An MBean belongs to cokePartition: testDomain:Partition=pepsiPartition,type=testType

The MBeans belong to the partitions contains an Partition key property in the ObjectNames.

1.3 Query Application MBeans

JMX clients, e.g., WebLogic WLST, JConsole etc., connect to a global/domain URL or partition specific URL, then do a query on the WebLogic MBeanServer. The query results are different:

  • When connecting to a global/domain URL, the application MBeans that belong to the partitions can be visible to those JMX clients.
  • When connecting to a partition specific URL, WLS filters the query results. Only the application MBeans that belong to that partition are returned. MBeans belonging to the domain and other partitions are filtered out.

1.4 Access Application MBeans

JMX clients, e.g., WebLogic WLST, JConcole, etc., connect to a partition specific URL, and do an JMX operation, e.g., getAttribute(<MBean ObjectName>, <attributeName>), the JMX operation is actually done on different MBeans:

  • When connecting to a global/domain URL, the getAttribute() is called on the MBean that belongs to the domain. (The MBean without the Partition key property on the MBean ObjectName.)
  • When connecting to a partition specific URL, the getAttribute() is called on the MBean that belongs to that partition. (The MBean with the Partition key property on the MBean ObjectName.)

2. Use case

Now I will demonstrate how MBean visibility works in WebLogic Server MT in 12.2.1 to support partition isolation. 

2.1 Domain with Partitions

In the article "Create WebLogic Server Domain with Partitions using WLST in 12.2.1", a domain with 2 partitions: coke and pepsi is created. This domain is also used for the use case in this article. Here is the summary of the domain topology:

  • A domain is configured with one AdminServer named "admin", one partition named "coke", one partition named "pepsi". 
  • The "coke" partition contains one resource group named "coke-rg1", targeting to a target named "coke-vt". 
  • The "pepsi" partition contains one resource group named "pepsi-rg1", targeting to a virtual target named "pepsi-vt". 

More specifically, each domain/partition has the following configuration values:

  Domain Name User Name Password
Domain base_domain weblogic welcome1
Coke Partition coke mtadmin1 welcome1
Pepsi Partition pepsi mtadmin2 welcome2

Please see details in the article "Create Oracle WebLogic Server Domain with Partitions using WLST in 12.2.1" on how to create this domain.

2.2 Application deployment

When the domain is set up and started, an application "helloTenant.ear" is deployed to the domain. It is also deployed to the "coke-rg1" in the "coke" partition and to the "pepsi-rg1" in the "pepsi" partition. The deployment can be done using different WLS tools, like FMW Console, WLST, etc.. Below are the WLST commands that deploy an application to the domain and the partitions:


For other WLS deployment tools, please see the "Reference" section.

2.3 Access Application MBeans

During the application deployment, application MBeans are registered onto the WebLogic Server MBeanServer. As mentioned in the previous section 1.2 Application MBean Registration, multiple MBeans are registered, even though there is only one application.

To access application MBeans, there are multiple ways to achieve this

  • WLST
  • JConsole
  • JSR 160 apis

2.3.1 WLST

The WebLogic Scripting Tool (WLST) is a command-line scripting interface that system administrators and operators use to monitor and manage WebLogic Server instances and domains. To start WLST:


Once WLST is started, user can connect to the server by providing a connection url. Below will show different values of an application MBean attribute by the WLS administrator or partition administrator when providing different connection urls. WLS administrator

WLS administrator 'weblogic' connects to the domain using the following connect command:

connect("weblogic", "welcome1", "t3://localhost:7001")

The picture below shows there are 3 MBeans registered on the WebLogic Server MBeanServer, whose domain is "test.domain", and the value of the attribute "PartitionName" on each MBean.

  • test.domain:Partition=coke,type=testType,name=testName
    • belongs to the coke partition. The value of the PartitionName attribute is "coke"
  • test.domain:Partition=pepsi,type=testType,name=testName
    • belongs to the pepsi partition. The value of the PartitionName attribute is "pepsi"
  • test.domain:type=testType,name=testName
    • belongs to the domain. No Partition key property in the ObjectName. The value of the PartitionName attribute is "DOMAIN"

The MBean belonging to the partition will contain a Partition key property in the ObjectName. The Partition key property is added by WLS internally when they are registered in a partition context. Partition administrator for coke

Similarly, the partition administrator 'mtadmin1' for coke can connect to the coke partition. The connection url uses "/coke" which is the uri prefix defined in the virtual target coke-vt. (Check the config/config.xml in the domain.)

connect("mtadmin1", "welcome1", "t3://localhost:7001/coke")

From the picture below, when connecting to the coke partition, there is only one MBean listed:


Even though there is no Partition key property in the ObjectName, this MBean still belongs to the coke partition. The value of the PartitionName attribute is "coke". Partition administrator for pepsi

Similarly, the partition administrator 'mtadmin2' for pepsi can connect to the pepsi partition. The connection url uses "/pepsi" which is the uri prefix defined in the virtual target pepsi-vt.

connect("mtadmin2", "welcome2", "t3://localhost:7001/pepsi")

From the picture below, when connecting to the pepsi partition, there is only one MBean listed:


Even though there is no Partition key property in the ObjectName, same as the one seen by the partition administrator for coke, this MBean still belongs to the pepsi partition. The value of the PartitionName attibute is "pepsi".

2.3.2 JConsole

The JConsole graphical user interface is a build-in tool in JDK. It's a monitoring tool that complies to the Java Management Extensions (JMX) specification.  By using JConsole you can get a overview of the MBeans registered on the MBeanServer.

To start JConsole, do this:


where <MW_HOME> is the location where WebLogic Server is installed.

Once JConsole is started, WLS administrator and partition administrator can use it to browse the MBeans given the credentials and the JMX service URL. WLS administrator

The WLS administrator "weblogic" provides an JMX service URL to connect to the WLS Runtime MBeanServer like below:


When connected by a WLS administrator, an MBean tree in JConsole shows 3 MBeans with the "test.domain" in the ObjectName:

The highlighted ObjectName in the right pane in the picture below is the MBean that belongs to the coke partition. It has the Partition key property: Partition=coke.

The highlighted below is the MBean that belongs in the pepsi partition. It has the Partition key property: Partition=pepsi.

The highlighted below is the MBean that belongs to the domain. It does not have the Partition key property.

The result here is consistent with what we have seen in WLST for WLS administrator. Partition administrator for coke

The partition administrator "mtadmin1" provides a different JMX service URL to JConsole:


When connected via partition specific JMX service url,, the partition administrator can only see one MBean:


This MBean belongs to the coke partition and the value of the PartitionName is coke as shown in the picture below. However, there is no Partition key property in the ObjectName. Partition administrator for pepsi

The partition administrator "mtadmin2" provides a different JMX service URL to JConsole:


When connected via partition specific JMX service url, the partition administrator "mtadmin2" can only see one MBean:


This MBean belongs to the pepsi partition and the value of the PartitionName is pepsi as shown in the picture below.

2.3.3 JSR 160 APIs

JMX clients can use JSR 160 APIs to access the MBeans registered on the MBeanServer. For example, the code below shows how to get the JMXConnector by providing a service url and the env, to get the MBean attribute:

import java.util.*
public class TestJMXConnection {
public static void main(String[] args) throws Exception {
JMXConnector jmxCon = null;
try {
// Connect to JMXConnector
JMXServiceURL serviceUrl = new JMXServiceURL(
Hashtable env = new Hashtable();
env.put(JMXConnectorFactory.PROTOCOL_PROVIDER_PACKAGES, "");
env.put(javax.naming.Context.SECURITY_PRINCIPAL, "weblogic");
env.put(javax.naming.Context.SECURITY_CREDENTIALS, "welcome1");
jmxCon = JMXConnectorFactory.newJMXConnector(serviceUrl, env);
// Access the MBean
MBeanServerConnection con = jmxCon.getMBeanServerConnection();
ObjectName oname = new ObjectName("test.domain:type=testType,name=testName,*");
Set queryResults = (Set)con.queryNames(oname, null);
for (ObjectName theName : queryResults) {
System.out.print("queryNames(): " + theName);
String partitionName = (String)con.getAttribute(theName, "PartitionName");
System.out.println(", Attribute PartitionName: " + partitionName);
} finally {
if (jmxCon != null)

To compile and run this code, provide the wljmxclient.jar on the classpath, like:

$JAVA_HOME/bin/java -classpath $MW_HOME/wlserver/server/lib/wljmxclient.jar:. TestJMXConnection

You will get the results below:

Connecting to: service:jmx:t3://localhost:7001/jndi/
queryNames(): test.domain:Partition=pepsi,type=testType,name=testName, Attribute PartitionName: pepsi
queryNames(): test.domain:Partition=coke,type=testType,name=testName,  Attribute PartitionName: coke
queryNames(): test.domain:type=testType,name=testName, Attribute PartitionName: DOMAIN

When change the code to use partition administrator "mtadmin1",

JMXServiceURL serviceUrl = new JMXServiceURL(
env.put(javax.naming.Context.SECURITY_PRINCIPAL, "mtadmin1");
env.put(javax.naming.Context.SECURITY_CREDENTIALS, "welcome1");

Running the code will return only one MBean:

Connecting to: service:jmx:t3://localhost:7001/coke/jndi/
queryNames(): test.domain:type=testType,name=testName,  Attribute PartitionName: coke

Similar results would be seen for the partition administrator for pepsi. If provide a pepsi specific JMX service url, only the MBean that belongs to the pepsi partition is returned.

2.4 Enable logging/debugging flags

If it appears the MBean is not behaving correctly in WebLogic Server 12.2.1, for example:

  • Partition administrator can see MBeans from global domain or other partitions when quiery the MBeans, or
  • Got JMX exceptions, e.g.,, when accessing an MBean

Try the followings to triage the errors:

  • If it's a connection problem in JConsole, add -debug on the JConsole command line when starting JConsole.
  • Partition administrator can see MBeans from global domain or other partitions when query the MBeans:
    • When connected by JMX clients, e.g., WLST, JConsole, JSR 160 APIs, make sure the host name on the service url matches the host name defined in the virtual target in the config/config.xml in the domain.
    • Make sure the uri prefix on the service url matches the uri prefix defined in the virtual target in the config/config.xml in the domain.
  • Got JMX exceptions, e.g.,, when accessing an MBean:

    • When the MBean belongs to a partition, make sure the partition is started. The application deployment is only happened when the partition is started.
    • Enable the debug flags during the server startup, like this:
      • -Dweblogic.StdoutDebugEnabled=true -Dweblogic.log.LogSeverity=Debug -Dweblogic.log.LoggerSeverity=Debug -Dweblogic.debug.DebugPartitionJMX=true -Dweblogic.debug.DebugCIC=false
    • Search server logs for the specific MBean ObjectName you are interested. Make sure the MBean you are debugging is registered in a correct partition context. Make sure the MBean operation is called in a correct partition context.

Here are sample debug messages for the MBean "test.domain:type=testType,name=testName" related to the MBean registration, queryNames() invocation, and getAttribute() invocation.

<Oct 21, 2015 11:36:43 PM PDT> <Debug> <PartitionJMX> <BEA-000000> <Calling register MBean test.domain:type=testType,name=testName in partition DOMAIN>
<Oct 21, 2015 11:36:44 PM PDT> <Debug> <PartitionJMX> <BEA-000000> <Calling register MBean test.domain:Partition=coke,type=testType,name=testName in partition coke>
<Oct 21, 2015 11:36:45 PM PDT> <Debug> <PartitionJMX> <BEA-000000> <Calling register MBean test.domain:Partition=pepsi,type=testType,name=testName in partition pepsi>
<Oct 21, 2015 11:36:56 PM PDT> <Debug> <PartitionJMX> <BEA-000000> <queryNames on MBean test.domain:Partition=coke,type=testType,name=testName,* in partition coke>
<Oct 21, 2015 11:36:56 PM PDT> <Debug> <MBeanCIC> <BEA-000000> <getAttribute: MBean: test.domain:Partition=coke,type=testType,name=testName, CIC: (pId = 2d044835-3ca9-4928-915f-6bd1d158f490, pName = coke, appId = helloTenant$coke, appName = helloTenant, appVersion = null, mId = null, compName = null)>


    • To check why the partition context is not right, turn on this debug flag, in addition to the debug flags mentioned above, when starting WLS servers:
      • -Dweblogic.debug.DebugCIC=true. Once this flag is used, there are a lot of messages logged into the server log. Search for the messages logged by DebugCIC logger, like 
        ExecuteThread: '<thread id #>' for queue: 'weblogic.kernel.Default (self-tuning)'): Pushed 

        and the messages logged by DebugPartitionJMX logger.

<Oct 21, 2015, 23:59:34 PDT> INVCTXT (24-[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'): Pushed [(pId = 0, pName = DOMAIN, appId = null, appName = null, appVersion = null, mId = null, compName = null)] on top of [(pId = 0, pName = DOMAIN, appId = null, appName = null, appVersion = null, mId = null, compName = null)]. New size is [2]. Pushed by [weblogic.application.ComponentInvocationContextManagerImpl.pushComponentInvocationContext(
<Oct 21, 2015 11:59:34 PM PDT> <Debug> <PartitionJMX> <BEA-000000> <Calling register MBean test.domain:type=testType,name=testName in partition DOMAIN>
<Oct 21, 2015, 23:59:37 PDT> INVCTXT (29-[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'): Pushed [(pId = 2d044835-3ca9-4928-915f-6bd1d158f490, pName = coke, appId = helloTenant$coke, appName = helloTenant, appVersion = null, mId = null, compName = null)] on top of [(pId = 2d044835-3ca9-4928-915f-6bd1d158f490, pName = coke, appId = null, appName = null, appVersion = null, mId = null, compName = null)]. New size is [3]. Pushed by
<Oct 21, 2015 11:59:37 PM PDT> <Debug> <PartitionJMX> <BEA-000000> <Calling register MBean test.domain:Partition=coke,type=testType,name=testName in partition coke>

3. Conclusion

WebLogic Server 12.2.1 provides a new feature: Multi-Tenancy (MT). With this feature, partition isolation is enforced. Applications can deploy to the domain and the partitions. Users in one partition cannot see the resources in other partitions, including MBeans registered by applications. In this article, a use case is used to briefly demonstrate how application MBeans are affected by partition isolation in regards to MBean visibility. For more detailed information, see "References" section.

4. References

WebLogic Server domain

Config Wizard

WLST command reference  


Managing WebLogic Server with JConsole

JSR 160: Java Management Extensions Remote JMX api

WebLogic Server Security

WebLogic Server Deployment



Create WebLogic Server Domain with Partitions using WLST in 12.2.1

Oracle WebLogic Server 12.2.1 added support for multitenancy (WLS MT). In WLS MT, WLS can be configured with a domain, as well as one or more partitions. A partition contains new elements introduced in WLS MT, like resource groups, resource group templates, virtual targets, etc. Setting up a domain with partitions requires additional steps compared to a traditional WLS domain. For more detailed information about these new WLS MT related concepts, please see Oracle Docs listed in the "References" section. 

Oracle recommends to use Fusion Middleware Control (FMWC) to create WebLogic domains via Restricted JRF template. Oracle also support creating WebLogic Server domains using WLST. In this article, I will demonstrate how to create a WLS domain with 2 partitions using WLST. This includes:

  • Displaying domain topology
  • Creating a domain with 2 partitions using WLST
  • Displaying domain config file sample

These tasks are described in the subsequence sections.

1.Domain Topology

In this article, I will create a domain that is configured with:

  • One AdminServer named "admin", one partition named "coke", one partition named "pepsi".
  • The "coke" partition contains one resource group named "coke-rg1", targeting to a virtual target named "coke-vt". 
  • The "pepsi" partition contains one resource group named "pepsi-rg1", targeting to a virtual target named "pepsi-vt". 
  • An application "helloTenant.ear" is deployed to the domain, the "coke-rg1" in the "coke" partition and the "pepsi-rg1" in the "pepsi" partition.

The following picture shows what the domain topology looks:

Note this domain topology does not contain other MT related concepts, like a resource group template. They are not covered in this article. To see more information about other MT related concepts, please check the "References" section for details.

2. Create a domain with partitions

To create a domain with the topology shown in the picture above, several steps are required:

  • Create a traditional WLS domain
  • Start the domain
  • Create a partition in the domain
    • Create a security realm for the partition
    • Create a user for the partition
    • Add the user to the groups in the security realm
    • Create a virtual target
    • Create a partition
      • Create a resource group
      • Set a virtual target as a default target
      • Setup security IDD for the partition
  • Restart the server
  • Start the partition


Below will illustrate each step in details.

2.1 Create a traditional WLS domain

A traditional WLS domain can be created by using the Config Wizard. Start the Config Wizard via a command script:

sh $MW_Home/oracle_common/common/bin/

Create a domain using all the defaults, Specify the following:

  • Domain name = base_domain
  • User name = weblogic
  • User password = welcome1

2.2 Start the domain

cd $MW_Home/user_projects/domains/base_domain/

2.3 Create a partition: coke in a domain

The steps below require WLST to be started. Use the following command to start WLST:

sh $MW_Home/oracle_common/common/bin/

Note, all of the WLST commands shown below are run after connecting to the Admin server "admin" with the admin user "weblogic" credentials, e.g.,

connect("weblogic", "welcome1", t3://localhost:7001")

Now, WLST is ready to run commands to setup the partition for coke. The partition for coke has the following values:

  • Partition name = coke
  • Partition user name = mtadmin1
  • Partition password = welcome1

To do that, a security realm and a user are created for the partition as shown below. We explain it step-by-step.

2.3.1 Create a security realm for the partition 

The security realm is created using the standard WLS APIs.

realmName = 'coke_realm'
security = cmo.getSecurityConfiguration()
print 'realm name is ' + realmName
realm = security.createRealm(realmName)
atnp = realm.createAuthenticationProvider(
atna = realm.createAuthenticationProvider(
# IA
ia = realm.createAuthenticationProvider(
# ATZ/Role
# Adjudicator
# Auditor

# Cred Mapper
# Cert Path
# Password Validator
pv = realm.createPasswordValidator('PV',

2.3.2 Add a user and group to the security realm for the partition

Create a user and add the user to a security group Administrators in the realm. In this use case, the username and the password for the coke partition are mtadmin1 and welcome1.

realmName = 'coke_realm'
userName = 'mtadmin1'
groupName = 'Administrators'
print 'add user: realmName ' + realmName
if realmName == 'DEFAULT_REALM':
  realm = cmo.getSecurityConfiguration().getDefaultRealm()
  realm = cmo.getSecurityConfiguration().lookupRealm(realmName)
print "Creating user " + userName + " in realm: " + realm.getName()
atn = realm.lookupAuthenticationProvider('ATNPartition')
if atn.userExists(userName):
  print "User already exists."
  atn.createUser(userName, '${password}', realmName + ' Realm User')
print "Done creating user. ${password}"
print "Creating group " + groupName + " in realm: " + realm.getName()
if atn.groupExists(groupName):
  print "Group already exists."
  atn.createGroup(groupName, realmName + ' Realm Group')
if atn.isMember(groupName,userName,true) == 0:
  atn.addMemberToGroup(groupName, userName)
  print "User is already member of the group."

2.3.3 Create a virtual target for the partition

This virtual target is targeted to the admin server. The uri prefix is /coke. This is the url prefix used for making JMX connections to WebLogic Server MBeanServer.

vt = cmo.createVirtualTarget("coke-vt")
as = cmo.lookupServer("admin")

2.3.4 Create the partition: coke

The partition name is coke and it is targeted to the coke-vt virtual target.

vt = cmo.lookupVirtualTarget("coke-vt")
p = cmo.createPartition('coke')
realm = cmo.getSecurityConfiguration().lookupRealm("coke-realm")

2.3.5 Setup IDD for the partition

Set up primary identity domain (IDD) for the partition.

sec = cmo.getSecurityConfiguration()
realmName = 'coke_realm'
realm = cmo.getSecurityConfiguration().lookupRealm(realmName)
defAtnP = realm.lookupAuthenticationProvider('ATNPartition')
defAtnA = realm.lookupAuthenticationProvider('ATNAdmin')
# Partition
pcoke= cmo.lookupPartition('coke')
# Default realm
realm = sec.getDefaultRealm()
defAtn = realm.lookupAuthenticationProvider('DefaultAuthenticator')

2.3.6 Restart the Server

Restart WebLogic Server because of the security setting changes.

2.3.7 Start the partition

This is required for a partition to receive requests.

# start the partition (required)

2.4 Create another partition: pepsi in a domain

Repeat the same steps in 2.3 to create another partition: pepsi, but with different values:

  • Partition name = pepsi
  • User name = mtadmin2
  • Password = welcome2
  • Security realm = pepsi_realm
  • IDD name = pepsiIDD
  • Virtual target name = pepsi-vt
  • Resource group name = pepsi-rg1

2.5 Deploy User Application

Now the domain is ready to use. Let's deploy an application ear file. The application, e.g., helloTenant.ear, is deployed to the WebLogic Server domain, the coke partition, the pepsi partition.


2.6 Domain config file sample

When all of the steps are finished, the domain config file in $DOMAIN_HOME/config/config.xml will contain all of the info needed for the domain and the partitions. Here is a sample snippet related to the coke partition in the config.xml:


  <staging-mode xsi:nil="true"></staging-mode>
   <plan-staging-mode xsi:nil="true"></plan-staging-mode>
      <staging-mode xsi:nil="true"></staging-mode>
      <plan-staging-mode xsi:nil="true"></plan-staging-mode>


For the pepsi partition, there is a similar <virtual-target> element and the <partition> element for pepsi added in the config.xml.

From now on, the domain with 2 partitions are created and ready to serve requests. Users can access their applications deployed onto this domain. Check this blog Application MBean Visibility in Oracle WebLogic Server 12.2.1 regarding how to access the application MBeans registered on WebLogic Server MBeanServers in MT in 12.2.1.

3. Debug Flags

In case of errors during domain creation, there are debug flags which can be used to triage the errors:

  • If the error is related to security realm setup, restart the WLS server with these debug flags:
    • -Dweblogic.debug.DebugSecurityAtn=true -Dweblogic.debug.DebugSecurity=true -Dweblogic.debug.DebugSecurityRealm=true
  • If the error is related to a bean config error in a domain, restart the WLS server with these debug flags:
    • -Dweblogic.debug.DebugJMXCore=true -Dweblogic.debug.DebugJMXDomain=true
  • If the error is related to an edit session issue, restart the WLS server with these debug flags:
    • -Dweblogic.debug.DebugConfigurationEdit=true -Dweblogic.debug.DebugDeploymentService=true -Dweblogic.debug.DebugDeploymentServiceInternal=true -Dweblogic.debug.DebugDeploymentServiceTransportHttp=true 

4. Conclusion

An Oracle WebLogic Server domain in 12.2.1 can contain partitions. Creating a domain with partitions needs additional steps compared to creating a traditional WLS domain. This article shows the domain creation using WLST. There are other ways to create domains with partitions, e.g., FMW Control.  For more information on how to create a domain with partitions, please check the "References" section.

5. References

WebLogic Server domain

Domain partitions for multi tenency

Enterprise Manager Fusion Middleware Control (FMWC)

Config Wizard

Creating WebLogic domains using WLST offline

Restricted JRF template

WebLogic Server Security

WebLogic Server Deployment

WebLogic Server Debug Flags


Tuesday Nov 03, 2015

Using Eclipse with WebLogic Server 12.2.1

With the installation of WebLogic Server 12.2.1 now including the Eclipse Network Installer, which enables developers to  download and install Eclipse including the specific features of interest, getting up and running with Eclipse and WebLogic Server has never been easier.

The Eclipse Network Installer presents developers with a guided interface to enable the custom installation of an Eclipse environment through the selection of an Eclipse version to be installed and which of the available capabilities are required - such as Java EE 7, Maven, Coherence, WebLogic, WLST, Cloud and Database tools amongst others.  It will then download the selected components and install them directly on the developers machine

Eclipse and the Oracle Enterprise Pack for Eclipse plugins continue to provide extensive support for WebLogic Server enabling it to be used to throughout the software lifecycle; from develop and test cycles with its Java EE dialogs,  assistants and deployment plugins; through to automation of configuration and provisioning of environments with the authoring, debugging and running of scripts using the WLST Script Editor and MBean palette.

The YouTube video WebLogic Server 12.2.1 - Developing with Eclipse provides a short demonstration on how to install Eclipse and the OEPE components using the new Network Installer that is bundled within the WebLogic Server installations.  It then shows the configuring of a new WebLogic Server 12.2.1 server target within Eclipse and finishes with importing a Maven project that contains a Java EE 7 example application that utilizes the new Batch API that is deployed to the server and called from a browser to run.

Monday Nov 02, 2015

Getting Started with the WebLogic Server 12.2.1 Developer Distribution

The new WebLogic Server 12.2.1 release continues down the the path of providing an installation that is smaller to download and able to be installed with a single operation, providing a quicker approach for developers to get started with the product.

New with the WebLogic Server 12.2.1 release is the use of the quick installer technology which packages the product into an executable jar file, which will silently install the product into a target directory.  Through the use of the quick installer, the installed product can now be patched using the standard Oracle patching utility - opatch - enabling developers to download and apply any patches as needed and to also enable a high degree of consistency with downstream testing and production environments.

Despite it's smaller distribution size the developer distribution delivers a full featured WebLogic Server including the rich administration console, the comprehensive scripting environment with WLST, the Configuration Wizard and Domain Builders, the Maven plugins and artifacts and of course all the new WebLogic Server features such as Java EE 7 support, MultiTenancy, Elastic Dynamic Clusters and more.

For a quick look at using the new developer distribution, creating a domain and accessing the administration console, check out the YouTube video: Getting Started with the Developer Distribution.

Thursday Oct 29, 2015

Oracle WebLogic Server 12.2.1 Continuous Availability

New in Oracle WebLogic Server 12.2.1, Continuous Availability! Continuous Availability is an end to end solution for building Multi Data Center architectures. With Continuous Availability, applications running in multi data center environments can run in Active-Active environments continuously. When one site fails the other site will recover work for the failed site. During upgrades, applications can still run continuously with zero down time. What ties it all together is automated data site failover, reducing human error and risk during failover or switchover events.

Reduce Application Downtime

· WebLogic Zero Down Time Patching (ZDT): Automatically orchestrates the rollout of patches and updates, while avoiding downtime and session loss. Reduces risk, cost and session downtime by automating the rollout process. ZDT automatically retries on failure and rollsback on retry failure retry.  Please read the blog Zero Downtime Patching Released!  to learn more about this feature.

· WebLogic Multitenant Live Partition Migration: In Multitenant environments Live Partition Migration is the ability to move running partitions and resource groups from one cluster to another, without impacting application users. During upgrade, load balancing, or imminent failure partitions can be migrated with zero impact to applications.

· Coherence Persistence: Persists cache data and metadata to durable storage. In case of failure of one or more Coherence servers, or the entire cluster, the persisted data and metadata can be recovered.

Replicate State for Multi-Datacenter Deployments

· WebLogic Cross Domain XA Recovery: When a WebLogic Server domain fails in one site or the entire site comes down, the ability to automatically recover transactions in a domain on the surviving site. This allows automated transaction recovery in Active-Active Maximum Availability Architectures.

· Coherence Federated Caching: Distributes Coherence updates across distributed geographical sites with conflict resolution. The modes of replication are Active-Active with data being continuously replicated and providing applications access to their local cached data, Active-Passive with the passive site serving as backup of the active site, and Hub Spoke where the Hub replicates the cache data to distributed Spokes.

Operational Support for Site Failover

· Oracle Traffic Director (OTD): Fast, reliable, and scalable software load balancer that routes traffic to application servers and web servers in the network. Oracle Traffic Director is aware of server availability, when a server is added to the cluster OTD starts routing traffic to that server. OTD itself can be highly available either in Active-Active or Active-Passive mode.

· Oracle Site Guard: Provides end-to-end Disaster Recovery automation. Oracle Site Guard automates failover or switchover by starting stopping site components in a predetermined order, running scripts and post failover checks. Oracle Site guard minimizes down time and human error during failover or switchover.

Continuous Availability provides flexibility by supporting different topologies to meet application needs.

· Active-Active Application Tier with Active-Passive Database Tier

· Active-Passive Application Tier with Active-Passive Database Tier

· Active-Active Stretch Cluster with Active-Passive Database Tier

Continuous Availability provide applications with Maximum Availability and Productivity, Data Integrity and Recovery, Local Access to data in multi data center environments, Real Time access to data updates, Automated Failover and Switchover of sites, and Reduce Human Error and Risk during failover/switchover. Protect your applications from down time with Continuous Availability. If you want to learn more please read Continuous Availability documentation or watch the Continuous Availability video.

Thursday Feb 05, 2015

OpenWorld 2014: Next up, Coherence Strategy & Roadmap

Oracle Coherence 12c leads the market with its in-memory data grid. Entries can be reliably processed in place, queried, and aggregated. Coherence scales applications to support growth, offloads and protects shared services in addition to delivering information in real time. Coherence is part of the Cloud Application Foundation along with WebLogic Server and Tuxedo.

Coherence has introduced a range of new features to help customers deliver next generation applications that scale to handle mobile, social, and "internet of things" demands. HotCache makes database updates available in real-time to applications. It detects and reflects database changes in cache in real time while leveraging existing technologies i.e. GoldenGate and TopLink Grid in order to broaden the applicability and usability of Coherence. Meanwhile, Managed Coherence Servers quickens time-to-market and simplifies operations. These servers combine WebLogic and Coherence infrastructure while introducing the Grid Archive (GAR).

This session reviews these features and takes a look at our most recent features and coming roadmap. Coherence provides new options for integration, including support for JCache (JSR-107), and new monitoring capabilities. We will also look at exciting innovative features like Recoverable Caching, Federated Caching, Multitenancy, and support for the Oracle Cloud. For other CAF sessions at OpenWorld you may want to review, visit

Friday Jan 30, 2015

Exciting News: Prime Content from OpenWorld 2014… Highlighting WebLogic Strategy and Roadmap

This one is for those of you who haven’t developed that app [iphone or otherwise] which defies the laws of physics and lets us be at two sessions at once at OpenWorld. The good folks at Oracle University recorded many OpenWorld sessions and some of the most prominent Cloud Application Foundation sessions are now available here. I wanted to kick it off with the WebLogic Server Strategy and Roadmap session hosted by Will Lyons, Head of WebLogic Product Management. So sit back, relax, and enjoy your weekend watching the show!

Will talks about how to leverage WebLogic today and in the future, sharing WebLogic’s current features as well as illustrating the product’s future capabilities in the impending 2015 release of WebLogic 12.1.3. Oracle is investing in several strategic areas for WebLogic and Java Cloud Service (JCS) to ensure complete flexibility for our customers with their cloud and on-premises applications. The investment areas include improved performance, scalability, and availability for applications deployed on WebLogic and JCS, cloud-level management to simplify provisioning of WebLogic environments, multitenancy, ease of deployment flexibility, improved developer environment, and more.

Recap WebLogic 12.1.3 — Easier Development, Cloud Scale Management, and the Java Cloud Service

In the most recent WebLogic version 12.1.3, released in July 2014, new features include improved Oracle Fusion Middleware product support, mobile client application development features, and performance and availability innovations from the beginning of the development lifecycle.

For instance, the OTN Free Developer license makes WebLogic easier to get started and free for development on developer desktops, and includes refined language to broaden applicability and usage. With traditional Oracle licensing, developers could develop on their desktop for free but once applications were put in production, licensing fees would apply on the desktop where applications were developed. Now, the entire development lifecycle is free. Developer zip updates also update zip distributions with Patch Set updates for automatic bug fixes and common developer issues.

Other improvements include high availability and performance via simplified disaster recovery with 3x better output due to transactional updates without TLOG transaction writes, and Exalogic optimizations such as JMS replicated stores. Improvements in cloud scale management also see dynamic clusters that eliminate the need to create clustered configuration and managed server configurations to those clusters (ie machines, listen ports, etc.), allowing for enhanced JMS support and maximum scaling. In doing this, there is seamless upgrade, application compatibility, and interoperability with previous WebLogic versions, as well as flexibility and choice for development and runtime. Developers can now take advantage of all the latest Java SE technology, such as JDK 8 improved memory management features.

Perhaps one of the most exciting developments in WebLogic 12.1.3 is the release of Oracle Java Cloud Service, which allows customers to deploy full-featured WebLogic instances anywhere with full ability to move applications on-premise to the cloud and vice versa. Java Cloud Service includes a self-service provisioning interface which makes it easier to provision clusters and domains. There is also an option of exposing the entire surface area of the WebLogic server to do whatever you need to replicate on-premise environments to the Oracle cloud and vice-versa, with full compatibility.

WebLogic 12.2.1 Roadmap — What is Coming?

WebLogic 12.2.1, to be released in 2015, will see even further advancements including multitenancy, built-in elasticity, a REST-based management infrastructure, disaster recovery improvements, Java EE 7 support, and more seamless Exalogic integration. A truly differentiating factor is WebLogic’s multitenancy capabilities - in other words, its ability to run applications supporting multiple tenants within the same server cluster, domain, or instance.

A brand new innovation in WebLogic is a new configuration construct called a partition, which represents a ‘slice’ of a domain that can span all the servers running in your domain. Each partition can be dedicated to tenants, providing appropriate levels of end-to-end isolation of resources among partitions so you can deploy resources individually though they share a domain. Examples include memory and CPU isolation at the JVM level, or separate work managers. This concept is highly significant as it dramatically decreases density of deployments on WebLogic server, and allows customers to get far better utilization of their infrastructure. It is also a great use for consolidation--ie departmental applications that maintain isolation between multiple applications but want the same domain.

This multitenancy provides strategic end-to-end value that is completely unique to Oracle, as it will be implemented not just at the application server level but will be integrated into the entire Cloud Application Foundation stack. Elastic clusters in WebLogic 12.2.1 will also define configurable rules for cluster scaling that will help customers define actions like scaling a cluster up or down, scheduling defined by workloads or time of day, or driving other configuration changes.

Finally, there are also improvements to the Exalogic Elastic Cloud Software 12c, on which WebLogic Server is supported and optimized for. In 2015, Exalogic will allow for capabilities to build private clouds that run on the same IaaS and PaaS provisioning technology in Java Cloud Service, as well as similar interfaces.

Well, I really cant cover 45 minutes worth of content in one blog, although I tried. So go ahead and take a listen at Will’s sessions that is hosted at Next week, we will highlight the Coherence Roadmap and Strategy session for the in-memory data grid buffs amongst you.

Monday Jan 12, 2015

WebLogic Server and the Oracle Maven Repository

The Oracle Maven Repository has just gone live and is now available for public access. 

This really is excellent news and provides developers with free and easy access (registration required) to APIs, libraries and utilities they regularly use to build applications with WebLogic Server. 

From a WebLogic Server perspective, the Oracle Maven Repository provides publicly accessible, online, on-demand access to the full set of Maven product artifacts that have been provided in the 12c (12.1.2, 12.1.3) releases. This includes the WebLogic Server APIs, the client libraries and the WebLogic Server Maven Plugin.  It also includes the similar set of Coherence artifacts that ship within the WebLogic Server product distributions as well as other artifacts from the Oracle Fusion Middleware stack. 

To access the Oracle Maven Repository, there are two fundamental requirements to be aware of:

1. You must be using Maven 3.2.5 or later.  This contains the version of the component (Wagon 2.8) that has been enhanced to support access to artifacts that are protected by HTTP authentication schemes.

2. You must be registered with OTN and have accepted the agreement to access and use the Oracle Maven Repository.  This can be done with either a new or an existing OTN user account by accessing the site and clicking the registration link.  

Once registered, you then just need to configure your local Maven environment with the details of the Oracle Maven Repository, including information that relates to the authentication model specifying your OTN username and password.  Thorough documentation is provided and linked to from the main Oracle Maven Repository page.

The Maven provided password-encryption feature can be used to securely encrypt the password for convenient storage in a configuration file so that is not stored in human readable form and can be presented automatically when requested as part of accessing the Oracle Maven Repository. 

Once the repository is configured, developers can include dependencies on WebLogic Server artifacts in their projects and have them automatically retrieved from the Oracle Maven Repository as needed when the projects are being built or tests are being run from a Continuous Integration environment. 

The Oracle Maven Repository provides a significant step up for developer ease-of-use and productivity when working with WebLogic Server.

Thursday Jan 08, 2015

Can you put a dollar value on saving lives?

Did you know that dirty water kills about 5000 children per day? This according to The Guardian, a Pulitzer prize winning British newspaper. That's almost 2 million children per year! And this is not counting people who fall sick from ingesting dirty water and the lack of productivity for parents and children who invest [waste?] a fair part of their day in search of clean water. Heartbreaking! This is why Safe Water Kenya was born and Don Arnold, a veteran of the plumbing industry, took it upon himself to leverage his expertize and correct this situation.

Although Don started with Kenya, Safe Water has plans to expand to Ghana, Uganda and greater part of Africa. Once Oracle and mFrontiers joined hands with Don, we encouraged him to expand to Asia, where, inspite of all the progress and countries being super powers and what not, a vast majority of the people still dont have access to clean water.

Come and listen to this heart warming story of how Safe Water leveraged a Mobile app built on enterprise software technology, like WebLogic and the Oracle Database, to provide clean water to Kenyans and to provide accountability to its donors with complete and immediate transparency.

Friday Nov 14, 2014

But what about portability and migration?


Providing traditional RASP [Reliability, Availability, Scalability, and Performance] support is necessary but not enough for cloud success. According to about 80 percent of survey respondents, achieving unified, standards-based interoperability among public and private clouds—as well as traditional datacenters—is critical. This includes the ability to use the same standards and code base to deploy applications on either public or private clouds without the cost and delay of rewriting or retesting those applications.


With all the enthusiasm around public and private clouds, respondents are fully aware of areas of caution about migrating both applications and data to the cloud. The most important, cited by 78 percent for private cloud users and 76 percent for public cloud users, is migrating high-performance applications—or those with stringent security requirements—to either type of cloud. Other concerns include both public and private cloud not being able to support mission-critical applications, legal and regulatory requirements, security and isolation from other customers, vendor viability, vendor lock-in, integration cost and delays, and lack of reliable usage metrics.

For more insights into what the market and experts are considering on this topic, please read the ComputerWorld Survey Report.

Friday Oct 17, 2014

Customers Speak: Cloud Needs Guarantees, PaaS Growing Rapidly

Do you want to know what mission-critical capabilities the market is prioritizing for cloud platform as a service [PaaS]? Are you wondering what development language your peers are choosing for cloud?

A new survey of 300 IT executives conducted by ComputerWorld Strategic Marketing Services on Cloud adoption helps answer these questions and more. The report highlights:

  • The current state of cloud adoption in the marketplace
  • Key challenges to cloud PaaS adoption
  • The most critical cloud PaaS capabilities
  • User requirements the market prioritizes
Read this Computer World Survey Report to learn how your cloud plans stack against your peers’ and what your priorities should be.

Thursday Oct 16, 2014

What does a Telecom Services Provider have in common with a Travel Group?

Verizon Communications and TUI Travel are winners of the Oracle Excellence Awards for Fusion Middleware Innovation for the Cloud Application Foundation category at this year's OpenWorld. They were honored at the Oscar-like ceremony held on Tuesday, Sept 30th. [You can find an overview of the Fusion Middleware Innovation Awards Ceremony and the full list of winners across all 12 categories in the following blog post: And The Winners Are.... ].

Verizon's goal was to build a robust, high-availability solution that provides responses in less than 500 milliseconds while ensuring data integrity across multiple data centers. They wanted to create a common service layer and expose the in-memory grid as a service, which will allow other systems to leverage this platform and provide a better customer experience. The Verizon system now caches the entire customer base on Oracle Coherence grid (5 TB across multiple data centers) which reduces the load on the back-end Oracle Database by about 60 percent and improves the response time from 2.8 second to approx. 0.3 seconds. The Coherence grid-as-a-service enables customer information to be stored in one place and provides a 360-degree view of the customer from ordering to billing. 

The use case for TUI Travel, as expected, is very different. TUI's new transfer redesign project included a complete new set of functionalities to ensure that transfers during travel could be sold door to door or from any place to any place. In order to achieve this, a point in polygon algorithm is loaded in the Coherence Grid. This can detect if a given GPS point is inside the subset of polygons loaded into each Coherence grid node. Instead of refreshing (polling) the data from the database to Coherence, TUI Travel uses Golden Gate HotCache to push the changes to Coherence as soon as they happen. WebLogic 12c helps TUI to do side by side deployments and enables horizontal scaling. WebLogic also enabled TUI to reduce risks in the deployment and minimize total time for deployment.

Congratulations to Verizon and TUI Travel for winning this year's Oracle Excellence Awards for Fusion Middleware Innovation in the Cloud Application Foundation category! 

Thursday Jun 26, 2014

Indian Government Organization Saves $125,000 with Real-Time Insight for Decision-Making

Chhattisgarh Infotech and Biotech Promotion Society (CHiPS) is run by the government of Chhattisgarh, which became India’s newest and tenth-largest state in November 2000. CHiPS deployed Oracle WebLogic Server Enterprise Edition with Oracle WebCenter products as well as Oracle Web Tier to automate document workflow processes and provide a consistent and transparent decision-making process to meet statutory requirements. It reduced paper and document management costs by US$125,000 in one year, extended visibility for decision-making processes, enhanced collaboration between departments, increased business productivity through anytime-anywhere access to information, and enhanced citizen satisfaction. For more details, read this customer snapshot.

Friday May 09, 2014

BA, the German federal employment agency, ensures labor market services availability and performance

Bundesagentur für Arbeit (BA), the German federal employment agency, is the leading provider of labor-market services in Germany. With more than 100,000 employees, BA is the largest German government agency and one of the largest employers in the country. Supporting more than 6 million customers and a rapidly growing IT department, BA needed an application infrastructure and management solution that could help to increase IT efficiency while decreasing complexity. To provide a comprehensive solution for its Oracle application platform, the agency decided to deploy Oracle WebLogic Server and Oracle Enterprise Manager. The combination provided BA with the availability, scalability, and performance to meet critical requirements, such as on-time job placements and compensation provisioning—while significantly reducing IT administration costs. Get more details from the recent BA case study and review their press release.

The official blog for Oracle WebLogic Server fans and followers!

Stay Connected


« November 2015