Monthly Archive: February 2012

General Weblogic Server Interview Questions

I often get mails from people asking what are the questions generally asked in Weblogic by interviewers.
Generally for an Administrator’s positions, in addition to Weblogic questions, there are a lot of Unix questions and a few questions related to process and case handling.

These are the important questions that I cover while interviewing.

1. How do you differentiate between a server hang and server crash issue?

When a Server crahes, the JAVA process no longer exists. When the Server is hung, it stops responding.
We can use the weblogic.ADMIN utilty to ping the server. In case of a hang situation we can take multiple thread dumps and analyze the cause of hang.

2. What can be the various reasons for a server crash?

a) Native IO
b) SSL Native Libraries
c) JVM
d) Supported Configuration
e) JDBC Driver issue

3. How do you troubleshoot a crash?

JVM crash generates a hs_err_pid file. We need to look into the stack trace of the hs_err_pid file .
If the thread is from a native io, we need to disable native io.
if the stack trace is from the driver, we need to get in touch with the drive team.
Quite possibly its a problem with driver. Changing the type of driver can be a workaround.
If the thread shows it coming from an optimzed code, we can turn of optimization.
If the stack is from native calls of application, its a bug with the application and it has to b modified.

4. Ho do you troubleshoot Server Hang?

We can use java weblogic.Admin PING to check if we get a normal response.
We need to take multiple thread dumps with kill -3 pid on unix and CTLR Break on Windows.
Analyze the thread dump to find the root cause.

5. What can be the reasons of Server hang?

Memory leak, databse query taking a long time to return, Deadlock.

6. What is memory leak?

Memory leak is when objects are not romved from the heap even when they are not required.

7. What are the various causes for OUT OF MEMORY?

a) Insufficient heap size, not able to match the extra load.
b) Objects licing too long, like HTTP Sessions.
c) Memory leak in application code.
d) Full GC not happening due to JVM Bug.

8. How to troubleshoot and overcome such issues?

Gather memory data by enabling GC verbose.
If its due to Http Session, timing out http session after certain interval might help.
Look into the code for jdbc connection handling.
Optimizing the heap size according to the load.

9. When does High CPU Usage occur?

It occurs when one process or one thread utilizes unexpectedly high proportion of CPU.

10. How to troubleshoot it?

In Solaris environment, we need to take pstack and prstack and see what the threads are doing.
In Windows we need to use pslist and process explorer.

11. What is Clustering and what is achieved through it?

Clustering is the grouping together of servers for the purpose of high availability and scalability.
Load balancing and Failover is achieved.

12. How does Cluster Communication Happen?

Members of the Cluster communicate over the Cluster Multicast IP and Port by sending periodic heart beat messages.

13. What is the difference between the Sun JVM and BEA JRockit JVM?

The most well know JVM is the implementation from Sun. The Sun JVM is called HotSpot. The Sun JVM is shipped in the Java Developer’s Kit (JDK) and Java Runtime Environment (JRE) from Sun.

The BEA JRockit JVM from BEA systems is optimized for reliability and performance for server side applications. To achieve this, BEA JRockit JVM uses technologies such as code generation, hot spot detection, code optimization, advanced garbage collection algorithms and tight operating system integration.

14. TUning JVM Parameters.

If you have a single processor, single thread machine then you should use the serial collector (default for some configurations, can be enabled explicitly for with -XX:+UseSerialGC). For multiprocessor machines where your workload is basically CPU bound, use the parallel collector. This is enabled by default if you use the -server flag, or you can enable it explicitly with -XX:+UseParallelGC. If you’d rather keep the GC pauses shorter at the expense of using more total CPU time for GC, and you have more than one CPU, you can use the concurrent collector (-XX:+UseConcMarkSweepGC). Note that the concurrent collector tends to require more RAM allocated to the JVM than the serial or parallel collectors for a given workload because some memory fragmentation can occur.

15. How do you do performance tuning of WLS?

It can be categorized in 4 parts.
a. Application Tuning.
jsp precompilation, ejb pool size cache..

b. OS Tuning

Setting tcp ip parameter.

c. Core Server Tuning.

tune workmanager, tune chuck size and chunck pool size, using performance packs, conenction backlog buffering.

d. JVM Tuning
tuning gc strategy, monitoring garbage collection..

16. What is the difference between Development mode and Production mode of Weblogic Server?

Development Mode:

1. The default JDK for development domain is Sun Hotspot.
2. You can use the demo certificates for SSL.
3. Auto deployment(to admin server only) is enabled.
4. Server instances rotate their log files on start-up.

5. Admin Server uses an automatically created during start-up.

6. The default maximum capacity for JDBC Datasource is 15.
7. The debugFlag which is used to start the WebLogic Workshop Debugger is enabled.
8. In Development Mode any configuration change being done by a user doesn’t need him to take a Lock and Edit session.
9. Availability of web service test client.
10. Nodemanger username and password: Default Admin credentials.
11. Availability of Classloader Analysis Tool: Yes.
12. Default start parameters when using Sun JDK and the default startWebLogic script : java -client -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=256m.

Production Mode:

1. The default JDK for production domain is JRockit.
2. If you use the demo certificates for SSL a warning is displayed.
3. Auto deployment(to admin server only) is disabled.
4. Server instances rotate their log files when it reaches 5MB.
5. Admin Server prompts for username and password during start-up.
6. The default maximum capacity for JDBC Datasource is 25.
7. The debugFlag which is used to start the WebLogic Workshop Debugger is disabled.
8. In Production Mode the user needs to procure a Lock and Edit session before trying to make any configurational changes.
9. No Availability of web service test client.
10. Nodemanger username and password: Randomly generated
11. Availability of Classloader Analysis Tool: No.
12. Default start parameters when using Sun JDK and the default startWebLogic script : java -server -Xms256m -Xmx512m -XX:MaxPermSize=256m.

Ref :-

17. What is HTTP tunneling? How can we configure it on Weblogic?

HTTP tunneling provides a way to simulate a stateful socket connection between WebLogic Server and a Java client when your only option is to use the HTTP protocol. It is generally used to tunnel through an HTTP port in a security firewall. HTTP is a stateless protocol, but WebLogic Server provides tunneling functionality to make the connection appear to be a regular T3Connection.
Steps to configure Http tunneling.

Login into the Admin Console, click on the server on which you want to enable he Http Tunneling feature
Click on the Protocols tab ? General ? check the “Enable Tunneling” check box.

Now you can communicate with the JVMs (Server Instances) using protocols other than t3

18. What is the difference between T3 and HTTP protocol?

WebLogic uses the T3 protocols for internal and external connections to the servers. The T3 protocol often is used in WebLogic’s implementation of RMI. Proprietary of WebLogic Server.

Http protocols are used primarily for HTTP communication between the browser and the web server. Standard follows the W3C (World Wide Web Consortium).

Note: All of these protocols are, by default, multiplexed over the same connection to the server’s address and port. So you can access a web page hosted by the server using a URL such as http://host:port/page.jsp. An external client can set up an initial JNDI context to a server using the URL t3://host:port/. All that has changed is the protocol over which the client must communicate with the server.



Webservice Security – WS-Trust and WS-SecureConversation an overview


“A Web Service is a system designed to support interoperable communication from machine to machine over a network. It includes an interface described in a machine-processable format (WSDL), and is typically conveyed using HTTP with XML serialization.”
Webservices exist in a wide range of architecture, technologies and software design. They provide an interaction mechanism between Business to Business applications. Webservices rely on SOAP Protocol for the interaction between the B2B applications. SOAP is and XML Based protocol that uses HTTP as its base transport protocol. Following is an example of a SOAP Request and SOAP Response




POST /SecureHelloWorldService/SecureHelloWorldService

HTTP/1.1 User-Agent: BEA WebLogic Server

Content-Type: text/xml; charset=utf-8 SOAPAction: “”


Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2

Connection: keep-alive Content-Length: 187


<env:Envelope xmlns:env=””>

<env:Header />


<m:sayHello xmlns:m=””>








HTTP/1.1 200 OK Date: Tue, 24 Jan 2012 06:15:42 GMT

Transfer-Encoding: chunked

Content-Type: text/xml; charset=utf-8

SOAPAction: “” X-Powered-By: Servlet/2.5 JSP/2.1




<env:Header />


<m:sayHelloResponse xmlns:m=””>

<m:return>Hello World</m:return>





Webservices Security

For a secure environment data exchange cannot happen in clear text as sensitive information might be exchanged. Also securing the communication channel for all communication is an overhead and might not be acceptable in all scenarios. Hence many specifications exist which allows to secure the data exchanged. One such framework is WS-Policy which defines how secure messages can be exchanged. To demonstrate this I have secured the above Webservice using standard policies and captured the SOAP Request and SOAP Response


@Policies({    @Policy(uri=”policy:Auth.xml”, direction=Policy.Direction.inbound),    @Policy(uri=”policy:Sign.xml”),    @Policy(uri=”policy:Encrypt.xml”)})


The message body is encrypted

<env:Body wsu:Id=”Body_FE10KgY262Y31ZRm” xmlns:wsu=””>

<ns1:EncryptedData Id=”3ZpXu9BlqgQNKF4s” Type=”” MimeType=”text/xml” Encoding=”UTF-8″ xmlns:ns1=””> <ns1:EncryptionMethod Algorithm=”” /> <ns1:CipherData> <ns1:CipherValue> T7MoCfhyDwXRjLrpRhZ62es3qK2jhTbY2ReS1ZSWhRaBidi8DwW5EbzNQKgudtPa8m7zxkW/ljebMV5dSvIZrJC1o+6peC111iFgPC4jMyA= </ns1:CipherValue>





In addition to this, security tokens need to be passed for authentication and authorization purpose.

Username Password Token

<wsse:UsernameToken wsu:Id=”unt_CQbnapvDgXSDnTtZ” xmlns:wsu=””> <wsse:Username>weblogic</wsse:Username>

<wsse:Password Type=””> weblogic </wsse:Password>



Binary Security Token

<wsse:BinarySecurityToken wsu:Id=”bst_MIWyV2RKFBlLh9AT”xmlns:wsu=””ValueType=”″EncodingType=””>MIICYTCCAgugAwIBAgIQsAtcv4jhs9Rpsu6m…..





Following is the lists of supported tokens that can be used for authentication and authorization purposes

Lists of tokens (Table 1)

Table 1

Token Type Description
User Name Token-Plain Carries basic information (username and a clear text password or shared secret) for purposes of authenticating the user identity to the WSP. Communication is done in plain text so SSL over HTTPS transport must be used to protect the credentials.
Kerberos Token Carries basic information (username and, optionally, a password or shared secret), in a Kerberos token, for purposes of authenticating the user identity to the WSP.
X.509 Token Contains an X.509 formatted certificate for authentication using credentials created with a public key infrastructure (PKI). In this case, the WSC and WSP must trust each other’s public keys or share a common, trusted certificate authority.
SAML-Holder-Of-Key Token Uses the SAML holder-of-key confirmation method whereby the WSC supplies a SAML assertion with public key information as the means for authenticating the requester to the web service provider. A second signature binds the assertion to the SOAP payload. Can use either SAML v1.x or SAML v2.
SAML-Sender Vouches Token Uses the SAML sender-vouches confirmation method whereby the WSC adds a SAML assertion and a digital signature to a SOAP header. A sender certificate or public key is also provided with the signature. Can use either SAML v1.x or SAML v2.


Key Exchange using WS-Trust

In the model above it’s the responsibility of the server to validate the tokens, signatures and perform authentication and authorization. This again can be an overhead, especially if the numbers of clients are very high. Also if the client is not known to the Service, it becomes difficult to establish a trust with the client. To address this situation WS-Trust standard has been adopted.  In this model, the responsibility of establishing the trust has been assigned to a third party. Clients request for a Security Token from a Secure Token Server (STS). Once they get the token, they present the token to the Service. The exchange mechanism and standard format of the token has been provided in WS-Trust specification.  In my test, I used opensso (an open source STS Server) and captured the request-response interaction as depicted in Figure below.


1)Client requests for a Security token to a Secure Token Server

<soap:Envelope  xmlns:wsa=””  xmlns:wsu=””  xmlns:wsse=””  xmlns:soap=””>

<soap:Header>      <wsa:To>http://demo</wsa:To>

<wsse:Security soap:mustUnderstand=”1″>  ….      </wsse:Security>    </soap:Header>    <soap:Body wsu:Id=”Id-d7fceab4-62ed-45fb-bc09-69310ff1712e”>      <wsse:RequestSecurityToken>        <wsse:TokenType>wsse:SecurityContextToken</wsse:TokenType>        <wsse:RequestType>wsse:ReqIssue</wsse:RequestType>        <wsp:AppliesTo xmlns:wsp=””>          <wsa:EndpointReference>            <wsa:Address>http://localhost:7001//SecureHelloWorldService/SecureHelloWorldService</wsa:Address>          </wsa:EndpointReference>


</wsse:RequestSecurityToken>    </soap:Body>


2)Secure Token Server provides the token to the Client.

<soap:Envelope xmlns:wsa=””  xmlns:wsu=””  xmlns:wsse=””  xmlns:soap=””>

<soap:Header>      <wsse:Security soap:mustUnderstand=”1″> ….


</soap:Header>    <soap:Body wsu:Id=”Id-aa53632b-2211-46c8-451-4234b12ecf834″>

<xenc:EncryptedData xmlns:xenc=””>        <xenc:EncryptionMethod Algorithm=”” />        <xenc:CipherData>          <xenc:CipherValue>…




</soap:Body>  </soap:Envelope>

3)Using the token, the service is invoked.

<soap:Envelope xmlns:soap=””  xmlns:xsi=””  xmlns:xsd=””  xmlns:wsa=””  xmlns:wsu=””  xmlns:wsse=””>

<soap:Header>      <wsa:To>http://quoteservice</wsa:To>

<wsse:Security soap:mustUnderstand=”1″> ….      </wsse:Security>

</soap:Header>    <soap:Body wsu:Id=”Id-aa53632b-2211-46c8-451-4234b12ecf834″>

<xenc:EncryptedData xmlns:xenc=””> …

</xenc:EncryptedData>    </soap:Body>



4)Response from the service

<soap:Envelope xmlns:soap=””  xmlns:xsi=””  xmlns:xsd=””  xmlns:wsa=””  xmlns:wsu=””>    <soap:Header>    </soap:Header>    <soap:Body>       <m:sayHelloResponse xmlns:m=””>

<m:return>Hello World</m:return>       </m:sayHelloResponse>





1) Webservices Vulnerabilities, Security Compass Inc 2007
2) WS Trust Specification
3) WS Security Specification
4) Open SSO STS Solution