Researchers have identified a major security flaw (CVE 2017-9805) in the Apache framework (Apache Struts REST Plugin) which could allow the hackers to inject malicious code to either steal critical customer data or cause service disruption of any server running an application built using the Struts framework and using the popular REST communication plugin.
Note: In older versions of Jboss Application Server ex. Version 5, it provided a provision of overriding the global session time out setting from the Jboss web.xml file under the location $JBOSS_HOME \server\default\deploy\jboss-web.deployer
Performance and high availability of production systems are critical for any business. Hence there is a plethora of monitoring tools available in the market that helps you to monitor your production systems, generate alerts, and trigger emails in down time situations. Few commercially available monitoring tools in the market are wily introscope, Appdynamics etc.
Apart from commercially available monitoring tools, there are few freely available monitoring tools like jconsole, jhat, jstack and weblogic’s very own JRMC, WLDF (For performance monitoring).
This post is a sample illustration of how we can configure Jconsole with WebLogic Application Server for monitoring.
What is JConsole?
The JConsole graphical user interface is a monitoring tool that complies to the Java Management Extensions (JMX) specification. JConsole uses the extensive instrumentation of the Java Virtual Machine (Java VM) to provide information about the performance and resource consumption of applications running on the Java platform.
Features provided by the Application Servers in which applications can be automatically deployed / undeployed on to the server. The App Server provides a mechanism where they scan certain folders for the applications for ex. autoDeploy folder in weblogic, deploy folder in tomcat / Jboss etc.
The process of adding new components (such as WAR files, EJB Jar files, enterprise Java beans, servlets, and JSP files) to a running server without having to stop the application server process and start it again.
Hot deployment is mainly used to update the individual modules or jsps/servlets/classes in a module without redeploying the complete app.
Auto Deployments of Web Applications in WebLogic Server:
This is the simplest form of deployment. When enabled the Admin Server periodically scans the autoDeploy folder and deploy all the applications present in there.
Note: This feature is disabled in the production mode.
Production mode of the application server can be changed using the handle –Dweblogic.ProductionModeEnabled=true in the server startup file.
Need of Auto Deployment:
This is a very quick way of deploying the application which can be using during development and unit testing phase to reduce the deployment time.
How to auto Deploy:
1. Start the WebLogic Server domain in development mode.
2. Place the application’s exploded directory structure or archive file in this autodeploy directory.
It is present under $DOMAIN_HOME folder structure.
Hot Deployment (Redeployment Strategies) in Weblogic server:
This can be achieved by using different Redeployment Strategies.
Production redeployment strategy involves deploying a new version of an updated application alongside an older version of the same application. WebLogic Server automatically manages client connections so that only new client requests are directed to the new version. Clients already connected to the application during the redeployment continue to use the older version of the application until they complete their work, at which point WebLogic Server automatically retires the older application.
In-place redeployment immediately replaces a running application’s deployment files with updated deployment files. In contrast to production redeployment, in-place redeployment of an application or stand-alone J2EE module does not guarantee uninterrupted service to the application’s clients. This is because WebLogic Server immediately removes the running classloader for the application and replaces it with a new classloader that loads the updated application class files.
Partial Redeployment of Static Files:
WebLogic Server enables you to redeploy selected files in a running application, rather than the entire application at once. This feature is generally used to update static files in a running Web application, such as graphics, static HTML pages, and JSPs. Partial redeployment is available only for applications that are deployed using an exploded archive directory.
Partial Redeployment of J2EE Modules :
Partial redeployment also enables you to redeploy a single module or subset of modules in a deployed Enterprise Application. Again, partial deployment is supported only for applications that are deployed using an exploded archive directory.
JSP Precompilation in WebLogic Application Server:
Performance is paramount for any production system. A few seconds saved at the bottle neck is few seconds gained in the over all performance of the system. Compilation of JSP at runtime in a production environment can infuse an overhead. Hence it is a best practice to pre compile those JSP in such scenarios.
Precompilation offers below advantages:
Enhances the performance by ensuring pre compilation of all the JSPs before deployment of the application.
The Syntax errors in the sciptlet codes and custom tag elements could be detected at the compile time itself rather when the end user is accessing the application.
In WebLogic Server this can be achieved by weblogic.appc tool.
It’s an utility that generates and compiles the classes needed to deploy EJBs and JSP to WebLogic Application Server. It provides other features like deployment descriptor validations for standards compliance at both individual module level and the application level.
java weblogic.appc [options] <ear, jar, or war file or directory>
Using weblogic.appc as ant task:
You can incorporate appc in build.xml using an ant task wlappc..
Caused by: com.ibm.websphere.management.exception.AdminException: ADMU7707E: Failed while trying to determine the Windows Service name for server: nodeagent; probable error executing WASService.exe: com.ibm.websphere.management.exception.AdminException: ADMU7709E: Unexpected exception while processing server: nodeagent; exception = java.io.IOException: Cannot run program “D:\Softwares\bin\WASService.exe”: CreateProcess error=740, The requested operation requires elevation.
Check whether the node agent service is present or not. If not create a node agent service as below.