Weblogic wonders!!!

How to secure specific URL’s of an application on Weblogic

Faisal — Thu, 01 Mar 2012 16:20:44 +0000

We can do that by using the DD Model as Custom Roles and Polcies and Defining the URL Pattern Scoped Policies.

The screenshots below will give an idea. If you have any queries feel free to let us know.

1.Deploy the application using DD Model as Custom Roles and Policies

Create a new user testuser

Go to

Deployments > TestApp > Security > URL Patterns > Roles

Click new and provide url pattern as /protected/* and role as testrole

Click on the testrole and add user testuser to the role condition. Remember to save!

Go to

Deployments > TestApp > Security > URL Patterns > Policies

Create a new policy /protected/* and add testrole to that policy.

General Weblogic Server Interview Questions

Faisal — Wed, 22 Feb 2012 01:36:43 +0000

I often get mails from people asking what are the questions generally asked in Weblogic by interviewers.
Generally for an Administrator’s positions, in addition to Weblogic questions, there are a lot of Unix questions and a few questions related to process and case handling.

These are the important questions that I cover while interviewing.

1. How do you differentiate between a server hang and server crash issue?

When a Server crahes, the JAVA process no longer exists. When the Server is hung, it stops responding.
We can use the weblogic.ADMIN utilty to ping the server. In case of a hang situation we can take multiple thread dumps and analyze the cause of hang.

2. What can be the various reasons for a server crash?

a) Native IO
b) SSL Native Libraries
c) JVM
d) Supported Configuration
e) JDBC Driver issue

3. How do you troubleshoot a crash?

JVM crash generates a hs_err_pid file. We need to look into the stack trace of the hs_err_pid file .
If the thread is from a native io, we need to disable native io.
if the stack trace is from the driver, we need to get in touch with the drive team.
Quite possibly its a problem with driver. Changing the type of driver can be a workaround.
If the thread shows it coming from an optimzed code, we can turn of optimization.
If the stack is from native calls of application, its a bug with the application and it has to b modified.

4. Ho do you troubleshoot Server Hang?

We can use java weblogic.Admin PING to check if we get a normal response.
We need to take multiple thread dumps with kill -3 pid on unix and CTLR Break on Windows.
Analyze the thread dump to find the root cause.

5. What can be the reasons of Server hang?

Memory leak, databse query taking a long time to return, Deadlock.

6. What is memory leak?

Memory leak is when objects are not romved from the heap even when they are not required.

7. What are the various causes for OUT OF MEMORY?

a) Insufficient heap size, not able to match the extra load.
b) Objects licing too long, like HTTP Sessions.
c) Memory leak in application code.
d) Full GC not happening due to JVM Bug.

8. How to troubleshoot and overcome such issues?

Gather memory data by enabling GC verbose.
If its due to Http Session, timing out http session after certain interval might help.
Look into the code for jdbc connection handling.
Optimizing the heap size according to the load.

9. When does High CPU Usage occur?

It occurs when one process or one thread utilizes unexpectedly high proportion of CPU.

10. How to troubleshoot it?

In Solaris environment, we need to take pstack and prstack and see what the threads are doing.
In Windows we need to use pslist and process explorer.

11. What is Clustering and what is achieved through it?

Clustering is the grouping together of servers for the purpose of high availability and scalability.
Load balancing and Failover is achieved.

12. How does Cluster Communication Happen?

Members of the Cluster communicate over the Cluster Multicast IP and Port by sending periodic heart beat messages.

13. What is the difference between the Sun JVM and BEA JRockit JVM?

The most well know JVM is the implementation from Sun. The Sun JVM is called HotSpot. The Sun JVM is shipped in the Java Developer’s Kit (JDK) and Java Runtime Environment (JRE) from Sun.

The BEA JRockit JVM from BEA systems is optimized for reliability and performance for server side applications. To achieve this, BEA JRockit JVM uses technologies such as code generation, hot spot detection, code optimization, advanced garbage collection algorithms and tight operating system integration.

14. TUning JVM Parameters.

If you have a single processor, single thread machine then you should use the serial collector (default for some configurations, can be enabled explicitly for with -XX:+UseSerialGC). For multiprocessor machines where your workload is basically CPU bound, use the parallel collector. This is enabled by default if you use the -server flag, or you can enable it explicitly with -XX:+UseParallelGC. If you’d rather keep the GC pauses shorter at the expense of using more total CPU time for GC, and you have more than one CPU, you can use the concurrent collector (-XX:+UseConcMarkSweepGC). Note that the concurrent collector tends to require more RAM allocated to the JVM than the serial or parallel collectors for a given workload because some memory fragmentation can occur.

15. How do you do performance tuning of WLS?

It can be categorized in 4 parts.
a. Application Tuning.
jsp precompilation, ejb pool size cache..

b. OS Tuning

Setting tcp ip parameter.
tcp_time_wait_interval
tcp_conn_req_max_q

c. Core Server Tuning.

tune workmanager, tune chuck size and chunck pool size, using performance packs, conenction backlog buffering.

d. JVM Tuning
tuning gc strategy, monitoring garbage collection..

Webservice Security – WS-Trust and WS-SecureConversation an overview

Faisal — Fri, 03 Feb 2012 19:34:24 +0000

Webservices

“A Web Service is a system designed to support interoperable communication from machine to machine over a network. It includes an interface described in a machine-processable format (WSDL), and is typically conveyed using HTTP with XML serialization.”
Webservices exist in a wide range of architecture, technologies and software design. They provide an interaction mechanism between Business to Business applications. Webservices rely on SOAP Protocol for the interaction between the B2B applications. SOAP is and XML Based protocol that uses HTTP as its base transport protocol. Following is an example of a SOAP Request and SOAP Response

REQUEST

POST /SecureHelloWorldService/SecureHelloWorldService

HTTP/1.1 User-Agent: BEA WebLogic Server 10.3.0.0

Content-Type: text/xml; charset=utf-8 SOAPAction: “”

Host: 127.0.0.1:7000

Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2

Connection: keep-alive Content-Length: 187

World

RESPONSE

HTTP/1.1 200 OK Date: Tue, 24 Jan 2012 06:15:42 GMT

Transfer-Encoding: chunked

Content-Type: text/xml; charset=utf-8

SOAPAction: “” X-Powered-By: Servlet/2.5 JSP/2.1

xmlns:env=”http://schemas.xmlsoap.org/soap/envelope/”>

Hello World

Webservices Security

For a secure environment data exchange cannot happen in clear text as sensitive information might be exchanged. Also securing the communication channel for all communication is an overhead and might not be acceptable in all scenarios. Hence many specifications exist which allows to secure the data exchanged. One such framework is WS-Policy which defines how secure messages can be exchanged. To demonstrate this I have secured the above Webservice using standard policies and captured the SOAP Request and SOAP Response

@Policies({ @Policy(uri=”policy:Auth.xml”, direction=Policy.Direction.inbound), @Policy(uri=”policy:Sign.xml”), @Policy(uri=”policy:Encrypt.xml”)})

The message body is encrypted

T7MoCfhyDwXRjLrpRhZ62es3qK2jhTbY2ReS1ZSWhRaBidi8DwW5EbzNQKgudtPa8m7zxkW/ljebMV5dSvIZrJC1o+6peC111iFgPC4jMyA=

In addition to this, security tokens need to be passed for authentication and authorization purpose.

Username Password Token

weblogic

weblogic

Binary Security Token

MIICYTCCAgugAwIBAgIQsAtcv4jhs9Rpsu6m…..

…………………………………………………………………………………xuT69jAN

BgkqhkiG9w0BAQQFADB5MQswCQYDVQQGEwJVUzEQM

/wsse:BinarySecurityToken>

Following is the lists of supported tokens that can be used for authentication and authorization purposes

Lists of tokens (Table 1)

Table 1

Token Type	Description
User Name Token-Plain	Carries basic information (username and a clear text password or shared secret) for purposes of authenticating the user identity to the WSP. Communication is done in plain text so SSL over HTTPS transport must be used to protect the credentials.
Kerberos Token	Carries basic information (username and, optionally, a password or shared secret), in a Kerberos token, for purposes of authenticating the user identity to the WSP.
X.509 Token	Contains an X.509 formatted certificate for authentication using credentials created with a public key infrastructure (PKI). In this case, the WSC and WSP must trust each other’s public keys or share a common, trusted certificate authority.
SAML-Holder-Of-Key Token	Uses the SAML holder-of-key confirmation method whereby the WSC supplies a SAML assertion with public key information as the means for authenticating the requester to the web service provider. A second signature binds the assertion to the SOAP payload. Can use either SAML v1.x or SAML v2.
SAML-Sender Vouches Token	Uses the SAML sender-vouches confirmation method whereby the WSC adds a SAML assertion and a digital signature to a SOAP header. A sender certificate or public key is also provided with the signature. Can use either SAML v1.x or SAML v2.

Key Exchange using WS-Trust

In the model above it’s the responsibility of the server to validate the tokens, signatures and perform authentication and authorization. This again can be an overhead, especially if the numbers of clients are very high. Also if the client is not known to the Service, it becomes difficult to establish a trust with the client. To address this situation WS-Trust standard has been adopted. In this model, the responsibility of establishing the trust has been assigned to a third party. Clients request for a Security Token from a Secure Token Server (STS). Once they get the token, they present the token to the Service. The exchange mechanism and standard format of the token has been provided in WS-Trust specification. In my test, I used opensso (an open source STS Server) and captured the request-response interaction as depicted in Figure below.

1)Client requests for a Security token to a Secure Token Server

http://demo

…. wsse:SecurityContextToken wsse:ReqIssue http://localhost:7001//SecureHelloWorldService/SecureHelloWorldService

2)Secure Token Server provides the token to the Client.

….

…

3)Using the token, the service is invoked.

http://quoteservice

….

…

4)Response from the service

Hello World

References

1) Webservices Vulnerabilities, Security Compass Inc 2007
2) WS Trust Specification

http://specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf

3) WS Security Specification

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf

4) Open SSO STS Solution

http://en.wikipedia.org/wiki/OpenSSO

http://www.oracle.com/technetwork/testcontent/opensso-091890.html

Converting certificate formats

Faisal — Wed, 25 Jan 2012 11:23:36 +0000

Converting Certificate from JKS to P12 Format

keytool -importkeystore -srckeystore Fabrizio.jks -destkeystore Fabrizio.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass weblogic1 -deststorepass weblogic1 -srcalias {4d390f81-7f7a-4a0a-ae76-9a5ea5ba567f} -destalias {4d390f81-7f7a-4a0a-ae76-9a5ea5ba567f} -srckeypass weblogic1 -destkeypass weblogic1

Converting certificate from PFX to JKS Format

java -classpath ./jetty-6.1.1.jar org.mortbay.jetty.security.PKCS12Import Fabrizio.pfx Fabrizio.jks

Converting certificate from P12 to PFX Format

1. Import the certificate in the browser using certificate import wiward by double clicking on the p12 certificate.
2. Go to Internet Options > Content > Certificates > Personal
3. Choose your certificate and click export.
4. Select Yes Export the Private Key
5. Select Personal Information Exchange Format and provide the password.
6. Store the file as .pfx.

Thread Dumps

anandraj — Wed, 05 Oct 2011 04:26:16 +0000

There could be scenarios like Server Hang, Crashes, Performance delays where you might need to capture Thread Dumps for further analysis.

Thread dumps provide a snapshot of the current active threads. It provides the stack trace of all the java threads in the JVM.

There are different ways to capture thread dumps; some are based on the operating systems.

On Windows:

Go to the server standard output and press a Control + Break and copy the thread dump onto a file

On UNIX/ Linux

Find the process id for your server

Ps –ef | grep java
Kill -3

WebLogic utilities to capture thread dumps

1. webLogic.Admin utility

a. Open a command prompt , set the classpath running /bin/setDomain.env

b. Execute the below command

java weblogic.Admin -url t3://localhost:7001 -username weblogic -password weblogic1 THREAD_DUMP

Note: Thread Dump will be printed to the servers standard out (by default, the shell in which the server is running).

2. Using Admin Console

a. Log into the Admin Console , click on the server

b. Click onto the Server –> Monitoring –> Threads

c. Click on the Dump Thread Stack

3. Using WLST (WebLogic Scripting Tool)

a. Save and execute the below snippet as ThreadDump.py

************************************

connect(‘weblogic’,'weblogic1′,’t3://localhost:7001′)

cd(‘Servers’)

cd(‘AdminServer’)

threadDump()

disconnect()

exit()

************************************

Note: The thread dumps get stored in the location from where you run the WLST script

If your Server is running as windows service, then follow the below steps

1. Open a command prompt and execute the below command

WL_HOME\bin\beasvc -dump -svcname:service-name

There are other tools that can be used to capture thread dumps for example jrcmd (for JRockit) ,Samurai etc.

NOTE: It is recommended to capture a set of 6-7 thread dumps at an interval 8-10 seconds to find a pattern in the thread execution.

Cheers,

Wonders Team

How and Why we need to SECURE our Web Server

Shiva Shankar — Tue, 26 Jul 2011 14:55:19 +0000

Introduction: Over the year’s internet and the internet based applications had revolutioned our life. They had created many new global business opportunities for enterprises conducting online business. However, the security risks associated with conducting e-business have resulted in security becoming a major factor for online success or failure.

Any high-profile hacking attack has proven that web security still remains a serious issue for any business that’s running its operations online. Web servers are one of the most targeted public faces of an organization, because of the sensitive data they usually host. Hence, securing web server is as important as securing the website or web application itself. If we have a secure web application and an insecure web server, or vice versa, it still puts business at a huge risk. Therefore, it is important for us to have a secured web server.

What is a Web Server?? A Web Server can be defined as an HTTP protocol dependant server used for re-direction of the client requests to the appropriate application servers. Following is the pictorial representation of the purpose of a web server:

*Security Implementation in Apache Web Server: Below is the schematic representation of the communication with a secured web server.

The security implementation inside the web server is implemented in two different steps:-

1) Installation of SSL Certificate

2) By following the security guide lines

Installation of certificate:- The installation of the SSL certificates for apache servers involves the following stages:

1. Create a Certificate Signing Request (CSR)
2. Apply online
3. Installing your Certificate
4. Displaying your Secure Site Seal

For a webserver generate a CSR and a private key, use the following command: openssl req -config openssl.cnf -new -out my-server.csr

2. Removes the pass phrase from the private key because it contains the entropy information for creating the key and could be used for cryptographic attacks against your private key using the command:

rsa -in privkey.pem -out my-server.key

3. Use the below command to generate the self signed certificate (later replace this with the certificate from Certifying Authority)

x509 -in my-server.csr -out my-server.cert -req -signkey my-server.key -days 365

4. Create an Apache/conf/ssl directory and move my-server.key and cert into it

5. Open the httpd.conf file and add the following lines:

LoadModule ssl_module modules/mod_ssl.so

6. Add the following to the end of httpd.conf:

        SSLMutex sem

        SSLRandomSeed startup builtin

        SSLSessionCache none

        SSLLog logs/SSL.log

        SSLLogLevel info

        SSLEngine On

        SSLCertificateFile conf/ssl/my-server.cert

        SSLCertificateKeyFile conf/ssl/my-server.key

Restart the Apache server and access the applications with the SSL mode.

Following are some of the tips and guidelines implementing, will help our apache servers to be more and more secured:-

1) Update the Apache Server with the latest security patched and fix pack. (stable version of Apache)

2) Hide the Apache Version number, and other sensitive information as below inside httpd.conf:

                       ServerSignature Off

                       ServerTokens Prod

Note: ServerSignature Off tells apache not to display the server version on error pages, or other pages it generates.

ServerTokens Prod tells apache to only return Apache in the Server header, returned on every page request.

3) Many at times the apache installation run as anonyms or root, make sure that the apache is running under its own user account and group. You can check this information in httpd.conf:

        User apache

        Group apache

4) Make sure that apache doesn’t use/access any of the files outside its web root directory (this is the location where we have all of apache files):

                 Order Deny,Allow

                 Deny from all

                 Options None

                 AllowOverride None

                 Order Allow,Deny

                 Allow from all

5) In typical operation, Apache is started by the root user. Set the right permissions on ServerRoot Directories as follows:

mkdir /usr/local/apache
cd /usr/local/apache
mkdir bin conf logs
chown 0 . bin conf logs
chgrp 0 . bin conf logs
chmod 755 . bin conf logs

6) **Server Side Includes (SSI) presents an administrator with several potential security risks like increased load on the server, etc. Hence, turn off server side includes by Options directive inside a Directory tag inside the httpd.conf file. Set Options to either None or –Includes.

7) Allowing users to execute ***CGI scripts in any directory should only be considered if:

Ø You trust your users not to write scripts which will deliberately or accidentally expose your system to an attack.

Ø You consider security at your site to be so feeble in other areas, as to make one more potential hole irrelevant.

Ø You have no users, and nobody ever visits your server

8) Watch logs to keep up-to-date about what is actually going on against your server you have to check the Log Files. They will give you some understanding of what attacks is thrown against the server and allow you to check if the necessary level of security is present.

chown -R root:root /usr/local/apache

               chmod -R o-rwx /usr/local/apache

Note: /usr/local/apache is Apache installation directory

9) Lower the time out and restrict request body requests as follows:

               Timeout 45

               LimitRequestBody 1048576

10) Restrict the accessing of resource by using the IP restriction:

               Order Deny,Allow

               Deny from all

               Allow from 127.0.0.1

Note: **Server Side Include page is typically an HTML page with embedded command(s) that are executed by the Web server.

***CGI program is any program designed to accept and return data that confirms to the CGI specification. The program could be written in any programming language, including C, Perl, Java, or Visual Basic. CGI programs are the most common way for Web servers to interact dynamically with users

References:

1) http://httpd.apache.org/docs/2.0/misc/security_tips.html

2) http://www.google.com

3) http://www.modssl.org/docs/2.8/ssl_reference.html

All Server States using WLST

anandraj — Wed, 20 Jul 2011 06:26:53 +0000

This is an extension to my earlier post which gives the runtime attributes about the alive servers.

http://weblogic-wonders.com/weblogic/2011/03/16/weblogic-server-runtime-using-wlst/

However there could be scenarios where you might want to keep a track of all the server states like RUNNING, SHUTDOWN etc in the domain.

The below WLST script provides a list of all the servers in the domains and their respective server states. To check the servers which are in shutdown state.

Steps:-

1. Script to monitor all the Server States in the domain.

a. Save the below script AllServerStatus.py on to your local machine.

**************************************************************************

username = 'weblogic'

password = 'weblogic1'

URL='t3://localhost:7001'

connect(username,password,URL)

domainConfig()

serverList=cmo.getServers();

domainRuntime()

cd('/ServerLifeCycleRuntimes/')

for server in serverList:

name=server.getName()

cd(name)

serverState=cmo.getState()

if serverState=='SHUTDOWN':

print '**** Shutdown Servers ****'

print 'Server *****'+ name +'***** State *****'+serverState

break

print 'Server *****'+ name +'***** State *****'+serverState

cd('..')

**************************************************************************

2. Execute the WLST Script

a. Set the CLASSPATH by running the setDomainEnv script from the

Alternatively you can set the CLASSPATH by specifying the –cp argument while executing the WLST Script

For Ex: java –cp $BEA_HOME/wlserver_10.3/server/lib/weblogic.jar weblogic.WLST AllServerStatus.py

Downloads

You can download the WLST script from the below link.

serverStateAll.py

Note: Save the script as AllServerStatus.py

References:

http://download.oracle.com/docs/cd/E11035_01/wls100/config_scripting/monitoring.html

Regards,

Wonders Team.

Certificate Management in WebSphere Application Server

Shiva Shankar — Wed, 06 Jul 2011 18:41:48 +0000

Before, trying to understand about the certificate management, installation of certificates inside the WebSphere application server we should first understand why we need ssl communication and what is the impact of not installing the certificates.

During the olden days whenever we want to make any banking transaction (e.g.: depositing the money, with draw money, transfer money, etc), make a reservation for Air travel, etc… we used to visit the branches, stand in the queue and wait for our turn and complete the transaction. But, in present day with time constraint, busy world none of us wants to waste time being in queue. Thanks to the internet based applications which made every work possible with a finger click. But, always a question remains how about the security to these transactions on the internet??.

The JSSE (JAVA Secured Socket Extension) is a set of packages that enable secure Internet communications. It implements a Java technology version of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It includes functionality for data encryption, server authentication, message integrity & optional client authentication.

SSL configuration: SSL configuration help us in making secured communication between the application deployed inside the websphere and external client (browser) by encapsulating the data as required by JSSE. These certificates inside the websphere are mainly of 2 different types. They are as follows:-

(a) Self Signed certificates ( or Internal or Default Certificates)

(b) Signer Certificates (or Digital Certificates)

Self Signed Certificates: From websphere application server 6.1 onwards the self signed certificates are created automatically during the profile creation .i.e., whenever the profile is federated to cell self signed certificated are created automatically. The management of these self signed certificates is automatically taken care. The expiration of these certificates is monitored on a pre-defined schedule with notifications sent to system logs and email-sending capabilities. The certificates will be automatically replaced before expiration, by default, and, there will of course be a warning prior to the certificate replacement.

Signer Certificates: A signer certificate represents certificate and public key associated with some personal certificate. The signer certificate explicitly trusts connections made to or by the owner of the associated personal certificate. The signer certificate is typically made completely public by the owner of the personal certificate, but it’s up to the receiving entity to determine if it is a trusted signer prior to adding it to the trust store.

Following are the steps involved for installing the SSL signer certificates:-

1) **Invoke the ikeyman from the profiles bin directory.

2) In the IBM Key Management Utility, click on Key Database File and then New

3) Choose Key database type and select JKS. Give any name to keystore like Test_key.jks.

4) Click the Browse button and give location where we want to store keystore file.

5) Click OK. Enter a password and click OK.

6) Click Create then New Certificate Request to bring up the Create New Key and Certificate Request window.

7) Type a Key Label, Common Name, Organization, Locality, State, and select a Country. Select 1024 for Key Size.

8) Click on Key Database File and then Open. Locate the keystore file that you created when you generated the CSR. Type the password and click OK.

9) Select Signer Certificates from the pull-down list.

10) Click the button to Add…

11) Login to WAS console with the valid credentials and Expand “Security” link at left hand side pane.

12) Click on “SSL certificate and key management”.

13) Click on “SSL configurations” link.

14) Click on “Key stores and certificates” link.

15) Select the scope by clicking on CellDefaultTrustStore (or NodeDefaultTrustStore) link from the list.

16) Click on “Signer certificates” link.

17) Click on Add button.

18) Give alias name as “Test_Cert”.

19) Give filename as complete path of “Test_Cert.cer” on server.

20) Click apply and then OK and restart all the WAS server instances.

Regards,

Weblogic-wonders Team

Installation of WAS Fix pack

Shiva Shankar — Wed, 06 Jul 2011 06:14:34 +0000

Steps to install the Fixpack:-
Following is the step-by-step approach for installing the fixpacks for WebSphere Application Server environment:-

(1) Take the back-up of the existing configuration. You run the below command to take the backup of the existing
configuration from the individual profiles-
(a) ./backupConfig.sh name_config.zip (unix)
(b) backupConfig.bat name_config.zip (windows)

(2) Download the update installer (for WAS6.1 use http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24012718)

Note: While downloading the update installer make sure that the version of update installer is more than your websphere application server installation. Check the WAS version by running the below commands from appserver profiles bin folder) :

(a) ./versionInfo.sh (unix)

(b) versionInfo.bat (windows)

(3) Now, we can start the installation of fix pack to the existing WAS installation by using the following two different ways-
(a) Silent Mode — Generally, this mode is used for windows or UNIX based OS
(b) Graphical Mode — This mode is generally used for windows based OS

Graphical User Interface: Following are the steps for installation of fix packs using the GUI mode:-

(1) Download the required fix pack from the official IBM support Web site (http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27004980#ver61) in to temporary directory updi_root /maintenance directory.

(2) Make the current working directory: updi_root.

(3) Ensure that you stop all running processes. (we can use ps -ef|grep java and kill -9)

(4) Launch the Update Installer. For example:
(a) Windows – update.bat
(b) Windows Vista – update.exe
(c) AIX,HP-UX,Linux,Solaris – ./update.sh

(5) The Welcome panel will display. Click Next.

(6) The system will prompt for the location of the product that you want updated. Click Next.

(7) The system will present the choices of Install or Uninstall maintenance. The install option is the default. Click Next.

(8) The system will prompt for the maintenance location where packages can be found. Enter the directory name containing the packages, or browse for the required directory. Click Next.

(9) The following options exist for installing a fix pack:
(a) For installing the fix pack without the feature pack, select the desired fix pack. Click Next.
(b) For installing the fix pack with the feature pack, select the desired fix pack. Another panel is displayed that prompts you to install the enabling interim fix. Click Next.

(10) Before the installation, the Confirmation panel will confirm which packages will be installed.

(11) After the installation, the Summary panel will list which packages have been installed.

(12) After you install the fix pack, check the installation log to verify that the install was successful. The log can be found at app_server_root /logs/update/maintenance_package.install.

Note: (1) By any one of the following messages in the log file we can confirm the status of fix pack installation.
(a) INSTCONFSUCCESS – The operation was a success.
(b) INSTCONFPARTIALSUCCESS – The operation was partially successful, refer to the log for more details.
(c) INSTCONFFAILED – The operation failed, refer to the log for more details

(2)*** The update installer and WAS installation should be installed by using the same user id belonging to the group id.

regards,

weblogic-wonders team

BASIC Authentication in Websphere Application Server

Faisal — Fri, 01 Jul 2011 12:19:16 +0000

1 ) Secure the application resources using the descriptor (web.xml)

index.jsp

Constraint-0

Constraint-0
/*

pegaadmin

NONE

BASIC

pegaadmin

2) Deploy the application on Websphere Application Server.

3) Go to

Enterprise Applications > Test_Basic_war > Security role to user/group mapping

You will see the application role configured in the web.xml. Map the users to this role from WAS Console.

Step 4) Go to

Security> Secure administration, applications, and infrastructure and Check Enable application security.

Restart your Server.

Step 5) Access your application, you will be prompted for authentication.

Let us know if you face any issues.

Cheers!

Wonders Team