Faisal Archive

Unable to start managed server from nodemanager

When we try to start the managed server from nodemanager, we get the following error.

<BEA-090064> <The DeployableAuthorizer “myrealm_weblogic.security.providers.xacml.authorization.XACMLAuthorizationProviderImpl” returned an error: weblogic.security.spi.ResourceCreationException: [Security:090310]Failed to create resource.>

This errror comes because the managed server ldap server (slave) is not in sync with the Admin Server ldap server ( master).

To overcome this issue we can use two very important configurations.

 

Refresh Replica at Startup and Master First.

 

master first

 

Master First ensures managed server always connect to the ldap server of the admin server.

Refresh Replica at startup ensures that whenever managed server is restarted, it takes the latest ldap data from the admin server.

 

 

How to prevent CSRF attack

Sometimes when one application tries to call another application running on another server you get an error window with the message potential CSRF attack. At the same time you will see the following error message in the log files.

<BEA-000000> <A request has been denied as a potential CSRF attack.>

This issues arises due to the fact that WLS is not able to set the jsession id in the request made to the other server.

To address this issue we need to add the following in weblogic.xml

<session-descriptor>
<cookie-http-only>false</cookie-http-only>
</session-descriptor>

 

If the issue still persists, we need to add the following in the web.xml

<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>

 

 

 

Using JConsole to view JMX MBeans of Weblogic Server

1. Set the environment using setWLSEnv.cmd

2. Start JMX Console using the below arguments and connect to the local/remote process.

jconsole -J-Djmx.remote.protocol.provider.pkgs=weblogic.management.remote -J-Dcom.sun.tools.jconsole.mbeans.keyPropertyList=Location,type,Type,j2eeType,name,Name -debug

connect

 

3. Go to the Mbeans tab and view the Mbeans

 

Mbeans

How to configure SSL on JBoss EAP

Create Connector

Picture1

Picture2

Picture3

Picture4

Create Keystores

keytool -genkey -alias mykey -keyalg RSA -keysize 1024 -dname “CN=myserver.beasys.com, OU=Customer Support, O=BEA Systems Inc, L=Denver, ST=Colorado, C=US” -keypass password -keystore identity.jks -storepass password

keytool -selfcert -v -alias mykey -keypass password -keystore identity.jks -storepass password -storetype jks

keytool -export -v -alias mykey -file rootCA.der -keystore identity.jks -storepass password

keytool -import -v -trustcacerts -alias mykey -file rootCA.der -keystore trust.jks -storepass password

Configure Keystore using CLI

[standalone@localhost:9999 /] /subsystem=web/connector=https/ssl=configuration:a
dd(certificate-key-file=C:/LABS/identity.jks,password=password,key-alias=mykey)
{“outcome” => “success”}

Shared Library example for Oracle Weblogic Server

1. Compile your code and package it in a jar file. In this example I have written a simple program that has a function that just takes a string as input and prints hello infront of the string.

 

package wonders;


public class MyTestClass
{

static {
System.out.println("MyTestClass class Loaded From sf1.jar");
}

public String sayHello(String name)
{
System.out.println("sf1.jar sayHello() called"); ;
return name;
}


}

2. Deploy the jar file on the server as a library.

3. Refer the shared library in the weblogic-application.xml present under EAR\META-INF folder.

 

<?xml version="1.0" encoding="ISO-8859-1"?>


<weblogic-application xmlns="http://xmlns.oracle.com/weblogic/weblogic-application” 
xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance 
xsi:schemaLocation=”http://xmlns.oracle.com/weblogic/weblogic-application 
http://xmlns.oracle.com/weblogic/weblogic-application/1.0/weblogic-application.xsd">

   <application-param>
      <param-name>webapp.encoding.default</param-name>
      <param-value>UTF-8</param-value>
   </application-param>
   <library-ref> 
   <library-name>sf1</library-name> 
   </library-ref>

</weblogic-application>

4. Access the library from your application. In my example I am calling the function from a jsp.

 <html> 
 
 <body> Hi this is hello from sl1.jar<BR> 
 
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1" import="wonders.*" %>
 
 
 <% wonders.MyTestClass mtc=new wonders.MyTestClass(); 
 System.out.println("Hello to "+ mtc.sayHello("Wonders")); %> 
 

 </body> 
 
 </html>

shared library

 

shared library1

Using WLDF to view Historical Data

1. Go to the Home Page and click on Monitoring Dashboard under charts & graph

charts and graph

2. This will open the dashboard in a new tab. There are some built in views. You can select JVM Runtime Heap and click on the start button on the top.

dashboard

3. You should be able to see the Heap Size Current ( Yellow Line) and Heap Free Current ( Blue Line)

JVM Runtime Heap View

 

4. You can also change the chart type

bar graph

5. You can create your own view’s as well to monitor. Select My Views and click on New symbol on the top.

New View

6. Create the view and go to Metric Browser. Select the server. Select the Mbean Type, Instance and the attribute you want to monitor.

Operating System Mbean

7. Select your view and create a new chart, add a metric and then start the recording. You can add multiple metrics as I have done in this example. I am monitoring the System Load, Process CPU Time and Total Physical Memory.

New chart

add metric

metrics