Monthly Archive: June 2010

Securing the JNDI with Admin Role in 11g

We need to go to the server and access the link for the jndi. The jndi tree will show up in a new window.

Check the default roles and policies
By default, everyone has access to the JNDI

Remove the role

And then add the admin role. This will enable only the Admin user to have access to the JNDI

If we try to access the JNDI now without the Admin credentails, we get the following exceptions

javax.naming.NoPermissionException: User <anonymous> does not have permission on
StringJndiName to perform modify operation. [Root exception is javax.naming.NoP
ermissionException: User <anonymous> does not have permission on StringJndiName
to perform modify operation.]
at weblogic.rjvm.ResponseImpl.unmarshalReturn(
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef

Configuring SAF ( Store and Forward ) between two Weblogic Server Domains

Create two Domains –
SAFSource         localhost 7001
SAFDestination    localhost 7003
Source Side Configuration
1. Create a persistent Store
2. Create a JMS Server and target it to Admin Server

3. Create a JMS System Module, target it to Admin Server and add Resources to it.

4. Create a connection factory within the JMS Module targetted to the Admin Server

5. Create Remote SAF Context in the JMS Module

6. Create SAF Imported Destination in Jms Module.
7. Create a Queue in SAF Imported Destination
8. Create a Store and Forward Agent and have the agent type as Both. Target it to the Admin Server.
9. Activate the changes!
Destination side Configurations
1. Create a FileStore and target it to the Admin Server
2. Create a JMS Server and target it to the Admin Server
3. Create a JMS Module
4. Add resources to the system module
5. Create a Connection Factory and Target it to the Admin Server
6. Create a Queue with the same JNDI Name provided in the Remote JNDI Name of the SAFQueue.
In the example I have used rsafq
7. Create a sub deployment.

8. Activate the changes

Edit the QueueSend and QueueReceive receive program present in the WL_HOME\samples\server\examples\src\examples\jms\queue folder to send messgaes to the SAFQueue.

Check the JNDI of the server to the the JNDI Name of the SAF Queue, also modify the JNDI name for the connection factories and the Queue in the  QueueSend and QueueReceive Programs.

Using JProfiler with Weblogic Server

What Jprofiler Does?

* JProfiler works both as a stand-alone application and as a plug-in for the Eclipse software development environment.
* JProfiler supports local profiling (analysis of applications running on the same machine as the JProfiler software) and remote profiling (analysis of Java applications running on remote machines)
* Enables both memory profile to assess memory usage and dynamic allocation leaks and CPU profiling to assess thread conflicts.
* Provides visual representation for the virtual machine load in terms of active and total bytes, instances, threads, classes, Garbage Collector activity.

Download JProfiler from the link below.

You will be asked to provide your name and e-mail id.
An Evaluation Key will be mailed to you.

NOTE: It is not recommended to use JProfiler in Production Environments …as it consumes more resources..which may not be desired in Production Envs.

At the time of installation, you will be prompted for the installation key, copy it from your mail and paste it as shown in the screenshots.

How to modify Weblogic Default Roles and Policies

This post is basically screenshots that demonstrates how to modify the existing roles and policies in Weblogic. We mostly have our users and groups in LDAP/ Database Servers. We integrate them with WLS for authentication purpose by configuring the authenticators. If we want to assign certain default roles, we can do it following the screenshots below. As a example I am assigning Admin role to TestGroup from the database.

In Summary we need to do this

Home > Summary of Security Realms > myrealm > Realm Roles > Expand Global Roles > Expand Roles > Click View Role Conditions under Role Policy of Admin > Clieck Add Conditions > Select a Group/User from the predicate list > In the Group/User Argument Name provide the name (of AD User/Group) and clieck Add , Click Finish > Click Save