Monthly Archive: September 2013

Mutual Authentication with Weblogic Server

Mutual authentication is a process in which the Server sends its certificate to the client ( thin client / fat client) and the client validates the certificates, then the server requests for a certificate from the client and validates it.

In this example we have created a .pfx certificate which contains the public and the private keys. We installed the pfx certificate in the browser.

1

 

 

Then we exported the public key and imported it into the trust store of Weblogic Server.

C:\bea103\wlserver_10.3\server\lib>keytool -v -import -keystore DemoTrust.jks -f
ile Fabrizio.cer -alias fabrizio -storepass DemoTrustKeyStorePassPhrase
Owner: CN=Fabrizio
Issuer: CN=Fabrizio
Serial number: 0
Valid from: Fri May 15 20:02:49 IST 2009 until: Mon May 13 20:02:49 IST 2019
Certificate fingerprints:
MD5: 6B:45:89:C2:F0:4A:35:EB:8C:54:06:9F:5C:F1:D4:DB
SHA1: CE:2F:81:25:73:E0:52:77:C2:48:0E:70:FC:52:AE:3E:66:C6:33:9B
Signature algorithm name: MD5withRSA
Version: 1
Trust this certificate? [no]: yes
Certificate was added to keystore
[Storing DemoTrust.jks]

Created a user Fabrizio in the Default Authenticator

4

Configured the DefaultIdentityAsserter to process X509 Tokens

Home >Summary of Security Realms >myrealm >Providers >DefaultIdentityAsserter

Common
Active Types: X.509

2

Provider Specific
Trusted Client Principals: Fabrizio
Default User Name Mapper Attribute Type: CN
Use Default User Name Mapper : Checked

3

Enabled SSL Port

5

Configured the Server to request for Client Certificates.

AdminServer > SSL > Advanced

Hostname Verification: None
Two Way Client Cert Behavior: Client Certs Requested and Enforced

6

Deployed an application that uses CLIENT-CERT authentication and accessed it. Will cover the details of such an application in another post.

access the protected application

Once we select the appropriate certificate we were able to access the application.

Please let us know if you have any queries related to the configuration or require additional details.

Cheers!
Wonders Team

Clustering in WebSphere Application Server

Clustering is a very critical aspect of any middleware enterprise application. It provides capabilities of high availability by providing fail over and load balancing mechanism.

This post is a sample demonstration of configuring a cluster in WebSphere Application Server Network Deployment 7.0.

Prerequisites:

Deployment Manager Profile created using profile management tools.

 

Steps:

1. Create Cluster definition.

Log into WAS Admin console — > Servers — > Clusters — > WebSphere application server clusters.

Clustering in WebSphere

Clustering in websphere

Clustering in websphere

 

2. Create cluster members.

Provide the details about the cluster members.

Clustering in WebSphere

 

Define the node on which the cluster member would reside.

Also define whether the server would be generated based on a server template.

You can add additional members to the cluster.

Clustering in WebSphere

Cluster-Complete

Once the cluster is created successfully, it would be in stopped state by default.

3. Make sure the node agent is started.

Go to System administration from left panel — > Node agents — > Check the status.

 

Clustering in WebSphere

Clustering in WebSphere

 

If the Node Agent is not  started, you can execute the below script to start the same.

WAS_HOME/profiles/YOUR_PROFILE_NAME/bin/startNode.cmd

4. Start the cluster.

 

Cluster-Start

 

Further reading:

http://pic.dhe.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=%2Fcom.ibm.websphere.nd.doc%2Finfo%2Fae%2Fae%2Ftrun_wlm_cluster.html

 

Some common issues while configuring a cluster in WebSphere Application Server.

Issues:

1.

Cluster member MyServer1 will not be started because the Node Agent on node Node02 is not active. Cluster members can be started individually from the cluster member collection panel.

Remedy:

Make sure you start the Node Agent.

2.

The node agent on node Node02 must be started to perform the restart operation. Node agents in stopped state cannot be started from the console.

Remedy:

You would need to start the node agent from command line as below.

WAS_HOME/profiles/YOUR_PROFILE_NAME/bin/startNode.cmd

 

3.

 

Caused by: com.ibm.websphere.management.exception.AdminException: ADMU7707E: Failed while trying to determine the Windows Service name for server: nodeagent; probable error executing WASService.exe: com.ibm.websphere.management.exception.AdminException: ADMU7709E: Unexpected exception while processing server: nodeagent; exception = java.io.IOException: Cannot run program “D:\Softwares\bin\WASService.exe”: CreateProcess error=740, The requested operation requires elevation.

 

Remedy:

Check whether the node agent service is present or not. If not create a node agent service as below.

 

WAS_HOME\bin> wasservice -add Dmgr01_NodeAgent

-servername server1 -profilePath “D:\Softwares\profiles\Dmgr01”

-wasHome “D:\Softwares” -logFile “D:\Softwares\profiles\Dmgr01\logs\nodeagent\startNode.log”

-logRoot “D:\Softwares\profiles\Dmgr01logs\nodeagent” -restart true -startType automatic

 

4.

The node LTADKAW7Node01 is not synchronized with the master configuration. This may prevent cluster member MyServer1 from starting correctly.

Remedy: Synchronize the node.

 

Cheers,

Wonders team 🙂

 

 

 

Weblogic Dynamic Cluster configuration

This is a new feature available in Weblogic 12c (12.1.2).

Dynamic cluster contains one or more dynamic servers. It allows you to add a new server dynamically at peak loads.  This would eliminate the need of adding the managed server manually to a cluster.  The businesses can define number of servers that needs to be added dynamically anticipating the peak loads.

The concept of dynamic cluster is based on a single shared server template.

For further reading on server template please refer the below post.

Prerequisites:

  1. Configured machine .

 

You can create the setup in two ways.

  1. From Administration console
  2. Using WLST

 

I. Using Administration console:

1. Login into the administration console  — >  Cluster  — > Click on new — > Select Dynamic Cluster from the drop down.

 

Weblogic Dynamic Cluster

Weblogic Dynamic Cluster

 

2. Select the messaging mode and define number of servers you would need at the peak load.

You can either create a new server template or use an already existing one.

Dynamic Cluster-NoOfServers

Dynamic Cluster-NoOfServers

 

 

3. Associate dynamic servers with machines.

Note: Associating dynamic servers with machines is essential if you intend to use the Node Manager and the Administration Console (or WLST) to start servers.

 

Weblogic Dynamic Cluster-Machine

Weblogic Dynamic Cluster-Machine

 

 

4. Specify Listen port bindings:

You would need to define port bindings for only one dynamic server, and each subsequent server will be given an incremental port.

Weblogic Dynamic Cluster

Weblogic Dynamic Cluster

weblogic Dynamic Cluster

weblogic Dynamic Cluster

 

Weblogic Dynamic Cluster Details

Weblogic Dynamic Cluster Details

 

This would create a server template based on the dynamic cluster configuration, which can be reused.

Dynamic Cluster Server Template

Dynamic Cluster Server Template

 

 

 

II . Using WLST:

You can use the below WLST to create a dynamic cluster.

# This example demonstrates the WLST commands needed to create a dynamic cluster
# (dynamic-cluster). The dynamic cluster utilizes a server template    
# dynamic-cluster-server-template. To keep this example simple, error handling
# was omitted.
#

connect()

edit()

startEdit()

#
# Create the server template for the dynamic servers and set the attributes for
# the dynamic servers. Setting the cluster is not required.
#

dynamicServerTemplate=cmo.createServerTemplate("dynamic-cluster-server-template")

dynamicServerTemplate.setAcceptBacklog(2000)

dynamicServerTemplate.setAutoRestart(true)

dynamicServerTemplate.setRestartMax(10)

dynamicServerTemplate.setStartupTimeout(600)

#
# Create the dynamic cluster and set the dynamic servers.
#

dynCluster=cmo.createCluster("dynamic-cluster")

dynServers=dynCluster.getDynamicServers()

dynServers.setMaximumDynamicServerCount(10)

dynServers.setServerTemplate(dynamicServerTemplate)

#
# Dynamic server names will be dynamic-server-1, dynamic-server-2, ...,
# dynamic-server-10.
#

dynServers.setServerNamePrefix("dynamic-server-")

#
# Listen ports and machines assignments will be calculated. Using a round-robin
# algorithm, servers will be assigned to machines with names that start with
# dyn-machine.
#

dynServers.setCalculatedMachineNames(true)
dynServers.setMachineNameMatchExpression("dyn-machine*")

#
# activate the changes
#
activate()

 

 

Further  reading:

http://docs.oracle.com/middleware/1212/wls/CLUST/dynamic_clusters.htm#CLUST678

Cheers,

Wonders Team 🙂

 

 

 

 

Common NodeManager exceptions (UnsatisfiedLinkError)

Below are few most common issues you might run into when trying to start a NodeManager.

1.

weblogic.nodemanager.common.ConfigException: Native version is enabled but NodeManager native library could not be loaded

Caused by: java.lang.UnsatisfiedLinkError: no nodemanager in java.library.path

Remedy:

You would need to point your jmv to point to the native library nodemanager.dll file.

This can be done in two ways.

set LD_LIBRARY_PATH=%BEA_HOME%\wlserver\serve\native\win\32

set JAVA_OPTIONS=%JAVA_OPTIONS%; %LD_LIBRARY_PATH%;

or

set JAVA_OPTIONS=%JAVA_OPTIONS%;  -Djava.library.path=”C:\Oracle\Middleware\Oracle_Home\wlserver\server\native\win\32″

 

2.

Caused by: java.lang.UnsatisfiedLinkError: C:\Oracle\Middleware\Oracle_Home\wlserver\server\native\win\32\nodemanager.dll: Can’t load IA 32-bit .dll on a AMD 64 -bit platform

Remedy:   

1.  Create a nodemanager folder under   <BEA_HOME>\ common folder if it’s a fresh installation as by default this folder is not created

2. Create a nodemanager.properties file under the created nodemanager folder and set the below property.

 NativeVersionEnabled=false

3. Start the NodeManager using the startNodeManager script.

What’s new in Weblogic 12c (12.1.2).

WebLogic 12c (12.1.2) is the latest version released. It is robust, provides unmatched performance and high availability.

This can be downloaded from the below URL.

http://www.oracle.com/technetwork/middleware/fusion-middleware/downloads/index.html

Below are few new features that are introduced in WebLogic 12.1.2.

1. Dynamic Cluster Support:

It is one of the most striking features of WebLogic 12.1.2. This release introduces use of the dynamic cluster for a highly scalable systems, high availability environment.  Dynamic cluster allows the managed servers to be automatically added based on a server template.

2. Support with Oracle Database 12c.

This release of WebLogic Server adds support for Oracle Database 12c

3. JMS enhancements:

Supports clustered targeted JMS Servers for providing high availability  eliminating the need to configure many JMS resources for every single server.

4. Enhanced maven support.

Support for POMs, Maven 3.0.4.

5. WebSocket support.

Supports for WebSocket Protocol (RFC 6455),which provides two-way, full-duplex communication over a single TCP connection between clients and servers, where each side can send data independently from the other. The WebSockets communication model occurs in real-time and promotes user interaction.

 

For further reading, please refer the official documentation.

http://docs.oracle.com/middleware/1212/wls/NOTES/index.html#NOTES254

Weblogic Server Stuck thread and very high cpu usage when executing a query

We were observing frequent server hangs.
On taking thread dumps at the time of hang we found the following culprit thread.

[STUCK] ExecuteThread: ‘6’ for queue: ‘weblogic.kernel.Default (self-tuning)'” daemon prio=1 tid=01baae30 nid=55 lwp_id=9965842 runnable [1ff05000..1ff03878]
at oracle.jdbc.oci8.OCIDBAccess.do_fetch(Native Method)
at oracle.jdbc.oci8.OCIDBAccess.executeFetch(OCIDBAccess.java:1758)
– locked < 36582dd0> (a oracle.jdbc.oci8.OCIDBAccess)
at oracle.jdbc.driver.OracleStatement.doExecuteQuery(OracleStatement.java:2659)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:2832)
at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:608)
– locked < ae1c1400> (a oracle.jdbc.driver.OraclePreparedStatement)
– locked < 36589900> (a oracle.jdbc.driver.OracleConnection)
at oracle.jdbc.driver.OraclePreparedStatement.executeQuery(OraclePreparedStatement.java:536)
– locked < ae1c1400> (a oracle.jdbc.driver.OraclePreparedStatement)
– locked < 36589900> (a oracle.jdbc.driver.OracleConnection)
at weblogic.jdbc.wrapper.PreparedStatement.executeQuery(PreparedStatement.java:100)

We solved the issue by switching to Type 4 driver.