Advertisements
RSS

Tag Archives: Weblogic

Using the Weblogic External Listen Address to support Network Address Translation (NAT) firewalls

When trying to connect or deploy from JDeveloper 12.2.2 to our Oracle Fusion Middleware 12.2.1 domain in the Amazon EC cloud I keep having connection problems. Contacting the consoles is not a problem, however extending the IDE Connection results in this error:

Pic0

t3://127.0.0.1:7011: [RJVM:000575]Destination 127.0.0.1, 7011 unreachable.; nested exception is:
java.net.ConnectException: Connection refused: connect; [RJVM:000576]No available router to destination.; nested exception is: java.rmi.ConnectException: [RJVM:000576]No available router to destination.Dec 08, 2015 9:50:35 AM oracle.tip.tools.ide.soabrowser.LogUtil logStackTrace

And deploying an artifact to the server results the same

PicError

Weblogic configuration

I couldn’t find anything regarding the error on Oracle Support, but luckily my collegue Daljit Singh had the answer. Since the Amazon EC2 uses a public IP (which we use to connect to the admin server) the internal passthrough to the Managed Servers fails. To solve this we should use the Weblogic “external listen address” configuration. The external listen address and port are used to support Network Address Translation (NAT) firewalls. These should match the IP address or DNS name that clients use to access application on the server.

Go to the Weblogic console -> Environment -> Servers -> Managed Server -> Configuration -> General -> Advanced

Make sure the public ip-adres is stored in the External Listen Address here

Pic2

Your managed server requires a restart afterwards. But then the connection issue is solved.

restart

Advertisements
 
2 Comments

Posted by on 08-12-2015 in Weblogic

 

Tags: , , ,

JPS-01050: Opening of wallet based credential store failed

After installing a new Oracle Fusion Middleware 12.2.1 domain on a Ubuntu server (for development purposes) and starting the AdminServer I get the following error:

<Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: There are 1 nested errors: oracle.security.jps.JpsException: JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException at oracle.security.jps.internal.config.OpssCommonStartup.preStart(OpssCommonStartup.java:334)
at oracle.security.jps.JpsStartup.preStart(JpsStartup.java:286) at oracle.security.jps.wls.JpsBootStrapService.start(JpsBootStrapService.java:80)

However, when checking the cwallet file it is there with proper access rights

ubuntu@ip-10-0-1-170:/opt/oracle/config/domains/rbx_dev/config/fmwconfig$ ls -l cwallet.sso
-rw——- 1 ubuntu ubuntu 194 Dec 1 13:11 cwallet.sso

So when searching we found this Oracle Support Doc ID 1923395.1

Unable Start AdminServer: JPS-01050: Opening of wallet based credential store failed. The FMW WebLogic Server (WLS) installation has been configured to use a non-default Java temporary files directory, i.e. the following has been set in the WebLogic startup or setDomainEnv.sh script:

EXTRA_JAVA_PROPERTIES=”-Djava.io.tmpdir=/appl/oracle/temp_java_files ${EXTRA_JAVA_PROPERTIES}”

Reference: How to Change the WebLogic Server Location for Temporary Files (Doc ID 1336002.1)
When the Middleware home was restored the directory specified by java.io.tmpdir parameter was missing,
Therefore an IOException occurred when opening the wallet and WLS was unable to initialize the OPSS successfully.

The description however is not completely accurate for our specific problem, but pointed us in the right direction. Since in our case the default /tmp folder is owned by root on Ubuntu and the “normal” ubuntu:ubuntu user/group running the Weblogic scripts has no access.

So we could fix the issue in 2 ways:

    1. Using a custom tmp folder in our setDomainEnv.sh script which the ubuntu user had access
      ## CUSTOM FOR RBX_DEV ##
      EXTRA_JAVA_PROPERTIES=”-Djava.io.tmpdir=/opt/oracle/tmp -Djava.security.egd=file:/dev/./urandom ${EXTRA_JAVA_PROPERTIES}”
      export EXTRA_JAVA_PROPERTIES
      ## CUSTOM FOR RBX_DEV ##
    2. Giving access to the default /tmp folder for our ubuntu user
      sudo chmod o+rwx /tmp
 
Leave a comment

Posted by on 08-12-2015 in Weblogic

 

Tags: , ,

Using Upstart to automatically start Weblogic on Linux

upstart80

Recent releases of Ubuntu & RedHat both support Upstart which is a new way to automatically turn programs into daemons so you are able execute them on system start-up. I tried to make my Weblogic domain start automatically on a development Ubuntu server and this is the result.

It only required me to create a few configuration files.

Ubuntu:

For Ubuntu 14.04 the following config files should be placed:

/etc/init/ofmw_admin.conf

start on runlevel [2345]
exec start-stop-daemon --start -u ubuntu -c ubuntu:ubuntu --exec /opt/oracle/config/domains/rbx_dev/bin/startWebLogic.sh

/etc/init/ofmw_nodemgr.conf

start on runlevel [2345]
exec start-stop-daemon --start -u ubuntu -c ubuntu:ubuntu --exec /opt/oracle/config/domains/rbx_dev/nodemanager/startNodeManager.sh

And for each 1-n managed server: /etc/init/ofmw_<managedserver>.conf

start on runlevel [2345]
exec start-stop-daemon --start -u ubuntu -c ubuntu:ubuntu --exec /opt/oracle/config/domains/rbx_dev/bin/startManagedWebLogic.sh soa_server1

RedHat:

RedHat works a little bit different. I couldn’t test it, but it is explained here by Fusion Security:

/etc/init/ofmw_admin.conf

start on runlevel [345]
exec /bin/su - oracle -- /opt/oracle/config/domains/rbx_dev/bin/startWebLogic.sh

/etc/init/ofmw_nodemgr.conf

start on runlevel [345]
exec /bin/su - oracle --/opt/oracle/config/domains/rbx_dev/nodemanager/startNodeManager.sh

 

And for each 1-n managed server: /etc/init/ofmw_<managedserver>.conf

start on runlevel [345]
exec /bin/su - oracle -- /opt/oracle/config/domains/rbx_dev/bin/startManagedWebLogic.sh soa_server1

Commands

With the following commands I’m now able to start, stop and get the status of my daemon:

[ubuntu@rbxdev]# start ofmw_bamserver1
ofmw_bamserver1 start/running, process 9464

[ubuntu@rbxdev]# status ofmw_bamserver1
ofmw_bamserver1 start/running, process 9464

[ubuntu@rbxdev]# stop ofmw_bamserver1
ofmw_bamserver1 stop/waiting

references:

Updates:

  • 2015-12-08: Added nodemanager configuration
 
2 Comments

Posted by on 18-09-2015 in Oracle

 

Tags: ,

Error with Weblogic Domain Configuration Wizard (containing UCM)

When creating a new DEV domain for BPM, SOA and UCM 11.1.1.6 and using the config.sh wizard the following error occured:

DomainCreationError

ERROR create_gui com.oracle.cie.wizard.domain.gui.tasks.DomainCreationGUITask - Generation Error!!
Traceback (innermost last):
File "<iostream>", line 17, in ?
TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'

The solution is simple when you now the answer (as always). Instead of using the “default” config script in %MIDDLEWARE_HOME%/wlserver_10.3/common/bin

You should use the config.sh script in:
%MIDDLEWARE_HOME%/Oracle_ECM1/common/bin

References:

 
2 Comments

Posted by on 25-02-2013 in Oracle, Weblogic

 

Tags: , ,

How to Configure WebLogic Server to Send a Notification When Its Configuration is Changed

My former collegue, Java maven (no not that one, this one) and friend Pierluigi contacted me about my post regarding the Weblogic Security Audit Provider. As always Pier is very political correct ;)

Comment

To my positive surprise he found a great solution for the limitation of the security audit provider. He discovered a way to configure WebLogic server to send a notification when it’s configuration is changed [Knowledge Base ID 1377733.1].

Which is awesome if you have a large Oracle environment and maintenance team and want to keep track of all the changes. Wish we knew this last year at the huge envuironment I was working then.

His blogpost contains all the code, scripts, etc so go and check it out!!! :)

And to end with his favourite quote:

Failure is not an option

References:

 
Leave a comment

Posted by on 21-02-2013 in Java, Oracle, Weblogic, WLST

 

Tags: , , , ,

Overview of Oracle SOA Suite 11.1.1.6 diagnostics tools

This post on the SOA Community blog by Jürgen linked me to this very very very interesting article on the Oracle.com website it’s SOA ProActive Support section. The article explains the multiple tools available, and how they relate, for diagnosing SOA Suite 11g issues. The tools addressed are:

Because I know 100% for sure that in the next years I will need this article I just had to create a perma-link like this on my own blog. Check out the full article for all the details.

 
Leave a comment

Posted by on 08-08-2012 in Oracle, SOA Suite, Weblogic

 

Tags: , ,

Weblogic EJB security roles

In my earlier blog I’ve mentioned the option for a Oracle Service Bus custom reporting provider and used a simple MDB to show the content of the report java objects. To make sure I have an example at my disposal at all time, and to help out in general: during deployment you might run into the next error/warning:

<Warning> <EJB> <BEA-010061> <The Message-Driven EJB: QueueMessageDrivenEJBBean is unable to  connect to the JMS destination: wli/reporting/jmsprovider/queue. The Error was: javax.naming.NoPermissionException: User <anonymous> does not have permission on wli.reporting to perform lookup operation.

The reason for this is the fact that your EJB wants to connect to the queue wli/reporting/jmsprovider/queue where unauthorised access is prohibited. If we check the queues security policy (select queue -> security -> policies) we can see that only 2 roles have authorisation:

So we can change the policy on the queue (not to be advised) or make sure our EJB uses proper authentication. The most basic version could be:

basic weblogic-ejb-jar.xml


<?xml version="1.0" encoding="UTF-8"?>
<!--weblogic-version:10.3.5-->
<wls:weblogic-ejb-jar xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-ejb-jar" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd http://xmlns.oracle.com/weblogic/weblogic-ejb-jar http://xmlns.oracle.com/weblogic/weblogic-ejb-jar/1.2/weblogic-ejb-jar.xsd">

<!-- this 1st segment is not necessary, if no run-as-principal-name is specified in
 run-as-role-assignment or in bean specific run-as-principal-name tag, then EJB container
 chooses first principal-name in the security-role-assignment below and uses that
 principal-name as run-as-principal-name -->
 <wls:weblogic-enterprise-bean>
 <wls:ejb-name>CustomOsbReportProvider</wls:ejb-name>
 <wls:run-as-principal-name>weblogic</wls:run-as-principal-name>
 </wls:weblogic-enterprise-bean>

<wls:security-role-assignment>
 <wls:role-name>adminsEJB</wls:role-name>
 <wls:principal-name>weblogic</wls:principal-name>
 </wls:security-role-assignment>
</wls:weblogic-ejb-jar>

basic ejb-jar.xml


<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:ejb="http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd" version="3.0">
<display-name>CustomOsbReportProvider </display-name>

<enterprise-beans>
 <message-driven>
 <ejb-name>CustomOsbReportProvider</ejb-name>
 <ejb-class>nl.rubix.CustomOsbReportHandler</ejb-class>
 <transaction-type>Container</transaction-type>
 <security-identity>
 <run-as>
 <description>EJB role used</description>
 <role-name>adminsEJB</role-name>
 </run-as>
 </security-identity>
 </message-driven>
 </enterprise-beans>

<ejb-client-jar>CustomOsbReportProviderClient.jar</ejb-client-jar>
</ejb-jar>

However with the help of the original JMSReportingProvider.jar it’s fairly easy to create a more elegant version:

deluxe weblogic-ejb-jar.xml

</pre>
<wls:weblogic-ejb-jar xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-ejb-jar" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd http://xmlns.oracle.com/weblogic/weblogic-ejb-jar http://xmlns.oracle.com/weblogic/weblogic-ejb-jar/1.2/weblogic-ejb-jar.xsd">
 <!--weblogic-version:10.3.5-->

<wls:weblogic-enterprise-bean>
 <wls:ejb-name>CustomOsbReportProvider</wls:ejb-name>
 <wls:message-driven-descriptor>
 <wls:pool>
 <wls:max-beans-in-free-pool>100</wls:max-beans-in-free-pool>
 <wls:initial-beans-in-free-pool>3</wls:initial-beans-in-free-pool>
 </wls:pool>
 <wls:destination-jndi-name>wli.reporting.jmsprovider.queue</wls:destination-jndi-name>
 <wls:max-messages-in-transaction>5</wls:max-messages-in-transaction>
 </wls:message-driven-descriptor>
 <wls:transaction-descriptor>
 <wls:trans-timeout-seconds>600</wls:trans-timeout-seconds>
 </wls:transaction-descriptor>
 <wls:run-as-principal-name>alsb-system-user</wls:run-as-principal-name>
 </wls:weblogic-enterprise-bean>

<wls:transaction-isolation>
 <wls:isolation-level>TransactionReadCommitted</wls:isolation-level>
 <wls:method>
 <wls:description>Ensure the container starts a ReadCommitted transaction</wls:description>
 <wls:ejb-name>CustomOsbReportProvider</wls:ejb-name>
 <wls:method-name>*</wls:method-name>
 </wls:method>
 </wls:transaction-isolation>
 <wls:disable-warning>BEA-010001</wls:disable-warning>

</wls:weblogic-ejb-jar>
<pre>

deluxe ejb-jar.xml


</pre>
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:ejb="http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd" version="3.0">
 <display-name>CustomOsbReportProvider </display-name>
 <enterprise-beans>
 <message-driven>
 <description>Custom Reporting Provider for OSB</description>
 <ejb-name>CustomOsbReportProvider</ejb-name>
 <ejb-class>nl.rubix.CustomOsbReportHandler</ejb-class>
 <transaction-type>Container</transaction-type>
 <message-destination-type>javax.jms.Queue</message-destination-type>
 <activation-config>
 <activation-config-property>
 <activation-config-property-name>acknowledgeMode</activation-config-property-name>
 <activation-config-property-value>Auto-acknowledge</activation-config-property-value>
 </activation-config-property>
 </activation-config>
 <security-identity>
 <run-as>
 <description>EJB role used</description>
 <role-name>ALSBSystem</role-name>
 </run-as>
 </security-identity>
 </message-driven>
 </enterprise-beans>

 <assembly-descriptor>
 <container-transaction>
 <method>
 <ejb-name>CustomOsbReportProvider</ejb-name>
 <method-name>*</method-name>
 </method>
 <trans-attribute>Required</trans-attribute>
 </container-transaction>
 </assembly-descriptor>

 <ejb-client-jar>CustomOsbReportProviderClient.jar</ejb-client-jar>
</ejb-jar>
<pre>

References:

 
Leave a comment

Posted by on 22-02-2012 in Weblogic

 

Tags: , , ,