Thursday Feb 09, 2012

Analyzing Thread Dumps in Middleware - Part 4

This posting is the fourth and final section in the series Analyzing Thread Dumps in Middleware

In this post, we will see a new version of TDA (Thread Dump Analysis) tool developed by the author of this blog (Sabha Parameswaran in collaboration with his colleague, Eric Gross, also from Oracle A-Team) and its capabilities as well as some real world samples of thread dump analysis before concluding the series.

Analyzing Thread Dumps - Series:

Part 4: TDA A-Team and real world samples

Part 3: TDA tools

Part 2: How to capture and analyze Thread Dumps, navigate lock chains

Part 1: Basics of Thread states and thread locking

[Read More


Wednesday Feb 08, 2012

Analyzing Thread Dumps in Middleware - Part 3

This posting is the third section in the series Analyzing Thread Dumps in Middleware.

In this post, we will discuss some of the tools that can help with thread dump analysis as well as their limitations. In the next and final section in this series, we will look a new tool developed by the author of this blog in collaboration with his colleague in Oracle to fill the gaps mentioned with some of existing TDA tools in general as well as look at some real world thread dump analysis.


Analyzing Thread Dumps - Series:

Part 3: TDA tools

Part 2: How to capture and analyze Thread Dumps, navigate lock chains

Part 1: Basics of Thread states and thread locking

[Read More


Analyzing Thread Dumps in Middleware - Part 2

This posting is the second section in the series Analyzing Thread Dumps in Middleware

This section details with when and how to capture and analyze thread dumps with special focus on WebLogic Application Server related thread dumps as well as some tips and pointers and what to look for and optimize. The next post will go into tools that can help automate thread dumps analysis, some real world examples and limitations of thread dumps.

Analyzing Thread Dumps - Series:

Part 2: How to capture and analyze Thread Dumps, navigate lock chains

Part 1: Basics of Thread states and thread locking

[Read More


Analyzing Thread Dumps in Middleware - Part 1

How to analyze Thread dumps, for improving Middleware Performance (at App Server or Application level) as well as for general troubleshooting? 

This is part 1 of a series of posts on how to analyze thread dumps. In this post, we will go over basics of thread states and thread locking. In the following posts, we will drill deeper into capturing and analyzing Thread Dumps with special look into WebLogic Application Server specific thread dumps. 

Please see my blog for more details.


Tuesday Oct 11, 2011

Offloading SSL from WLS to the F5

Having trouble with your WebLogic Admin console?  Getting strange HTTPS or SSL messages from your browser when trying to save updates to the EM or Admin console?  So was I.  My browser presented me with the following warning, "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.  Are you sure you want to continue sending this information?" And, the WebLogic Server console did not save my changes. But, I was able to correct my configuration to resolve the issue.  So, I thought I would share my notes on the pieces involved.

In my case, there are three pieces involved:  F5, OHS (Oracle HTTP Server), and WLS (WebLogic Server 10.3.4).  SSL (or HTTPS) is terminated at the F5 (BIG-IP LTM) and HTTP traffic from the F5 to OHS is in plain-text.  OHS was necessary to support a third-party Single-Sign On (SSO) solution.

Starting with the F5, I needed to configure a header to be passed with the requests called WL-Proxy-SSL and set the value to true (WL-Proxy-SSL: true).  I found this well-documented in http://www.f5.com/pdf/deployment-guides/f5-weblogic10-dg.pdf in the section "Creating an HTTP profile".  The F5 will set this header when it receives an HTTPS request bound for WebLogic Server. This lets WebLogic Server know that the original request was initiated over SSL.  This header should not be sent if the inbound traffic to the F5 was not SSL (HTTPS).

The second piece of the puzzle was the WebLogic plugin for OHS. The plug-in parameter documentation can be found here.  WLProxySSLPassThrough should be set to ON, so that the OHS proxy/plug-in will pass the WL-Proxy-SSL header on to WebLogic Server. The parameter applies to each Location element and should look something like:

<Location /console>
    SetHandler weblogic-handler
    WebLogicHost MyHostName
    WeblogicPort 7001
    WLProxySSLPassThrough ON
</Location>

The next two changes are checkbox changes in the WebLogic Server console.  The first checkbox can be found on the WebLogic console under Preferences->Shared Preferences (banner at the top of the initial console splash page).  The field is called "Follow Configuration Changes" and is enabled by default.  This setting should be disabled so that the console does not trigger a reload of configuration pages when an activation of changes occurs.  Deselect the "Follow Configuration Changes" checkbox.

The final change was to configure the Adminserver so that it would acknowledge the proxy plugin headers.  This field is titled "WebLogic Plug-In Enabled" and can be found on the page Configuration->General in the Advanced section. This checkbox defaults to false, but should be changed to true when using the proxy plug-in.  Care should be taken when enabling this flag as it can open a potential security risk.  If this flag is enabled, the server should be secured so that client traffic can only come through your known proxy and not a rogue client masquerading as a proxy.  Additional details can be found in Chapter 11: Using WebLogic Security of Professional Oracle WebLogic Server.

About


This is the blog for the Oracle FMW Architects team fondly known as the A-Team. The A-Team is the central, technical, outbound team as part of the FMW Development organization working with Oracle's largest and most important customers. We support Oracle Sales, Consulting and Support when deep technical and architectural help is needed from Oracle Development.
Primarily this blog is tailored for SOA issues (BPEL, OSB, BPM, Adapters, CEP, B2B, JCAP)that are encountered by our team. Expect real solutions to customer problems, encountered during customer engagements.
We will highlight best practices, workarounds, architectural discussions, and discuss topics that are relevant in the SOA technical space today.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today