Sunday Aug 23, 2015

Extending the Weblogic Console by adding Books, Pages and Portlets by Peter van Nes

In this video is demonstrated how you can customize the weblogic console by adding Books, Pages and Porlets displaying SLA Information related to the domain.

clip_image002

Watch the video here.

WebLogic Partner Community

For regular information become a member in the WebLogic Partner Community please visit: http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn Forum Wiki

Thursday Jun 18, 2015

Creating graphs from DMS Metrics Peter van Nes

clip_image002When analyzing a (performance) issue in Fusion Middleware components, Dynamic Monitoring Service (DMS) Metrics can support you with the necessary information to support resolving the issue. DMS Metrics can be accessed using a variety of tools like JConsole, Oracle EM, WLDF, WLST and the DMS Spy servlet. The DMS Spy servlet is a perfect tool to get insight in the actual metrics but does not provide a way to store or graph these metrics over time. In Oracle EM Fusion Middleware Control you can view graphs of some metrics over time, but it is not possible to store these for review. To quickly get the needed graphs i wrote a WLST script that recorded the selected metrics to a csv which i could upload to plot.ly to generate graphs in minutes.

To record the DMS metrics to a csv file execute the script with the required arguments as shown in the example below. For more information on the argument metrictables follow this link; metrictables. Make sure to enclose the metrictables argument in single quotes, even if you only need one metric table. e.g. ‘”OIM_*”‘. Read the complete article here.

WebLogic Partner Community

For regular information become a member in the WebLogic Partner Community please visit: http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn Forum Wiki

Friday May 01, 2015

Securing passwords in Coherence override files by Peter van Nes

clip_image002In a previous post i wrote how to Secure Coherence communications for FMW SOA by enabling SSL through a Coherence override file. Setting up SSL involves setting up a keystore and truststore which are protected by a passsword. To access the key- and truststores Coherence retrieves the required passwords from the elements in the Coherence override files. Currently Coherence does not support encryption of these password element values. A possible solution to prevent clear-text keystore passwords in the Coherence override files is to use a System Property override for these password elements.

You can override element values in the Coherence override file using the attribute system-property. The value assigned to this attribute is the System Property containing the value overriding the element value in de Coherence override file. Let’s make it more clear using a snippet from a Coherence override file below. The default private keystore password at line 8 is intentionally left empty and the attribute system-property is added to the password element. The value assigned to the attribute system-property, coh.override.keyst.pwd, is the name of the System Property which is used to override the value in the password element.

So now we can set the value for the private keystore password using the System Property ‘coh.override.keyst.pwd’. You could set this system property for example by adding the next two lines to the setDomainEnv.sh.

But really, this is not a great improvement, the clear-text password has moved from one file to another! Also the password now can be retrieved by anyone who has access to the system by displaying the active processes. What we have learned from here is that the use of System Properties allows us override the value for the password elements in the Coherence override file. If there is a possibility to read the keystore password values from an encrypted file and set the corresponding system properties when starting a Managed Server the it would improve the protection of the keystore passwords.

And yes, it is possible. For those who are not interested in the nitty gritty details but just want to store the keystore passwords in the Coherence Override file in a secure manner here the concise installation instructions first.

Download the Weblogic Startup classes in CoherenceKeystorePasswordCipher.jar here.
Copy this jar into the lib folder of your domain_home and add the jar file to the classpath.
This can be done, for example, by adding the next line to the setDomainEnv.sh
POST_CLASSPATH="${DOMAIN_HOME}/lib/CoherenceKeystorePasswordCipher.jar${CLASSPATHSEP}${POST_CLASSPATH}"

Edit the Coherence override file and change all elements for which you want to secure the password.

Remove the value (password) from the password element.

Add the attribute system-property to the password element and assign a descriptive and unique system property name

For example, change Read the complete article here.

WebLogic Partner Community

For regular information become a member in the WebLogic Partner Community please visit: http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn Forum Wiki

Sunday Apr 05, 2015

Securing Coherence unicast communications for FMW SOA by Peter van Nes

clip_image002When confidentiality is required for an Oracle Fusion Middleware environment, the first thing you probably will do is configure SSL for the domain. You might think that this will secure all your connections in the domain, but various FMW applications utilize different frameworks like JGroups or Oracle Coherence which connections are not secured by configuring SSL for the domain.

Various FMW applications, like Oracle Identity Manager, use FMW SOA which utilizes Oracle Coherence for Unicast communications. As Oracle recommends Unicast communication for SOA enterprise deployments in the Fusion Middleware Enterprise Deployment Guide for Oracle SOA Suite, you probably will have setup Unicast communication in your production environments accordingly by adding the Java properties tangosol.coherence.wka[1-n] and tangosol.coherence.localhost.

Instead of adding the properties to the Server Start arguments for each server individually you could add these settings to the setDomainEnv.sh. This way you have consolidated view of all the configuration settings for the Coherence cluster. Securing Unicast communications

Unicast (TCMP) communications for Coherence can be secured using by defining a SSL Socket Provider.  [Coherence Security Guide; Using SSL to Secure TCMP Communication]

A pre-defined SSL Socket Provider ‘ssl’ is defined in the tangosol-coherence.xml file of java archive coherence.jar which can be found in the lib directory of your coherence installation in the <MW_HOME>. The pre-defined SSL Socket Provider expects a key- and truststore with the name keystore.jks which must be present in the classpath. Therefore this Socket Provider is less suitable for production environments where truststores and keystores are defined in separate Keystores. Best practice is not to replace tangosol-coherence.xml, but to override the operational and run-time settings using  an Operational Override File. The property tangosol.coherence.override specifies the name of the override file to be used instead of the default. In this override file the cluster-config element should be defined to enable SSL for TCMP (Unicast). The cluster-config element contains three sub-elements; member-identity, unicast-listener and socket-provider.

The member-identity element contains the cluster-name of the Coherence cluster. This is the same name as the cluster name set in property tangosol.coherence.cluster when configuring unicast communications. Element unicast-listener defines the well- known-addresses, listen-ports and other properties of all cluster nodes. This are the values you assigned to the properties tangosol.coherence.wka[1-n] and tangosol.coherence.localhost when setting up unicast communications. The element socket-provider should have the same value as attribute id of the socket-provider element which will be described next. Read the complete article here.

WebLogic Partner Community

For regular information become a member in the WebLogic Partner Community please visit: http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn Forum Wiki

Tuesday Feb 24, 2015

Full recovery of a corrupt WebLogic embedded LDAP server by Peter van Nes

clip_image002Today one of the Adminservers failed to re-start and was flooding the AdminServer.out with multiple EmbeddedLDAP java.lang.ArrayIndexOutOfBoundException messages per second. I do admit, this is not the first article about how to recover from this issue, and probably not the last. Although i was able to Google multiple articles and blogs on this exception, all of the suggested solutions left me with a seed embedded LDAP. The good news is that  by default a backup is made of the embedded LDAP every day at 23:05 and the last 7 copies are retained. You can find these setting by selecting the domain in the domainstructure of the Weblogic console and then open the tab Security > Embedded LDAP.

So you can recover fully from a corrupt Weblogic embedded LDAP server, just follow these few steps.

· Shutdown admin server

· Move the current data directory so you can access it later.
mv <domain_home>/servers/AdminServer/data to <domain_home>/servers/AdminServer/data.bkp

· Start the admin server Read the complete article here.

WebLogic Partner Community

For regular information become a member in the WebLogic Partner Community please visit: http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn Forum Wiki

Tuesday May 13, 2014

A Weblogic Admin Console with a dynamic look and feel by Peter van Nes

In my previous post i explained how to build your a custom look and feel for the Weblogic Administration Console, which is a result of research into a possibility to distinguish Weblogic Consoles in DTAP environments. My initial plan was to develop a separate look and feel for each specific environment, simply because i did not know what the possibilities were. I quickly abandoned this plan and developed one Weblogic Admin Console look and feel which adapts itself to the environment wherein it is deployed.

At most sites there is a way to determine if your host is running in a Development, Test, Acceptation or Production environment. The key data used to differentiate these environments depends on the infrastructure. It can be for example the IP-address, DNS name or Weblogic Domain name. A customer for example has standardized the weblogic domain names in such a way that the first position of the domain name corresponds with the environment. A Weblogic Development domain therefore always starts with a ‘D’, test with ‘T’, etc.  In this article i will show you how to make the Weblogic Console adapt its look and feel based on the Weblogic Domain name.

The Weblogic Admin Console login page is defined in /login/LoginForm.jsp which imports the MBeanUtils.class file. This class contains a lot of valuable methods. One of those methods, getDomainName() returns as it says the name of the Weblogic Domain. Simply by adding the following single line of Java as a JSP expression to LoginForm.jsp gives you the Weblogic domain name for which the Admin Console is opened. Read the complete article here.

WebLogic Partner Community

For regular information become a member in the WebLogic Partner Community please visit: http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn Mix Forum Wiki

Search

Archives
« September 2015
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today