Wednesday, January 30, 2013

JAVA_HOME property hidden in the WebLogic binaries and used in domain creation

When installing WebLogic, a JDK is picked up, and stored in several "hidden" files:

$WEBLOGIC_HOME/coherence_3.6/.product.properties (JAVAHOME and JAVA_HOME)

$WEBLOGIC_HOME/oracle_common/inventory/Components21/oracle.swd.oui/11.1.0.9.0/context.xml

$WEBLOGIC_HOME/osb/inventory/Components21/oracle.swd.oui/11.1.0.9.0/context.xml

$WEBLOGIC_HOME/wlserver_10.3/.product.properties (JAVA_HOME, WLS_JAVA_HOME, JAVAHOME)

and possibly others
One of these values is stored in the $DOMAIN_HOME/bin/setDomainEnv.sh
If by any chance you change JDK (NOT RECOMMENDED AT ALL!!!), I would recommend to reinstall the binaries altogether.


Saturday, January 26, 2013

WebLogic: developing Web Applications

Developing WebLogic Web Applications has proven quite tricky to me; and I remember that it was tricky 8 years ago, last time I did it.... so not much seems to have changed.

As a rule, when things act weird:

- clear cookies
- rm -rf $DOMAIN_HOME/servers/$SERVER_NAME/tmp/
- rm -rf $DOMAIN_HOME/servers/$SERVER_NAME/cache/
- update webapp
- restart server



In Tomcat I never had all these problems.... mystery....

Thursday, January 24, 2013

WebLogic secured Web Application

web.xml:

here I define a role "webuser" to protect my resources:


<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
 id="WebApp_ID" version="2.5">
 <display-name>PVWebApp</display-name>

 <welcome-file-list>
  <welcome-file>index.html</welcome-file>
  <welcome-file>index.htm</welcome-file>
  <welcome-file>index.jsp</welcome-file>
  <welcome-file>default.html</welcome-file>
  <welcome-file>default.htm</welcome-file>
  <welcome-file>default.jsp</welcome-file>
 </welcome-file-list>

 <security-constraint>
  <web-resource-collection>
   <web-resource-name>Success</web-resource-name>
   <url-pattern>/index.jsp</url-pattern>
   <http-method>GET</http-method>
   <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
   <role-name>webuser</role-name>
  </auth-constraint>
 </security-constraint>


 <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>default</realm-name>
  <form-login-config>
   <form-login-page>/login.jsp</form-login-page>
   <form-error-page>/error.jsp</form-error-page>
  </form-login-config>
 </login-config>

 <security-role>
  <role-name>webuser</role-name>
 </security-role>

</web-app>



weblogic.xml:

here associate the role "webuser" to a principal myGroup


<!DOCTYPE weblogic-web-app PUBLIC "-//BEA Systems, Inc.//DTD Web Application 8.1//EN" "http://www.bea.com/servers/wls810/dtd/weblogic 810-web-jar.dtd">

<weblogic-web-app>

  <security-role-assignment>
   <role-name>webuser</role-name>
   <principal-name>myGroup</principal-name>
  </security-role-assignment>

</weblogic-web-app>



I have tried to record the creation of the myGroup and myUser in WebLogic, but I got a message "A security change to a role, policy, user, group or credential mapping was made, but this change was not recorded"

Manually, just click on Security Realms, myrealm, Users and Groups, groups, new, create myGroup, then Users, create myUser and assing it the group "myGroup".

With WLST:
connect('Pierluigi', 'weblogic1', 't3://myhost.com:7001')
atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthenticationProvider('DefaultAuthenticator')


group = 'proton_group'
atnr.createGroup(group,group)

user = 'proton_user'
password= 'proton_password'
atnr.createUser(user,password,user)
atnr.addMemberToGroup(group,user)



WebLogic, OpenLDAP and Active Directory

Excellent tutorial on how to use Active Directory to authenticate WebLogic users:



Download AD (application mode) here http://www.microsoft.com/en-us/download/details.aspx?id=4201

Follow instructions here http://weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/



OpenLDAP

For Windows:

Installation instructions http://www.userbooster.de/en/support/feature-articles/openldap-for-windows-installation.aspx (contains link to download)

Start it, then use http://jxplorer.org/ to add users

2 interesting posts by Jambay

https://blogs.oracle.com/jamesbayer/entry/using_ldap_as_a_userstore_for

https://blogs.oracle.com/jamesbayer/entry/using_openldap_with_weblogic_s

Personally I quite give up, OpenLDAP seems to be a very unstable and poorly documented product, I install it and when I run I get:

destination attributeType 'samaccountname' is not defined

which is quite obscene for a OOTB installation.



WebLogic transaction recovery and TLOGs

Just read this excellent collection of experiments, priceless and essential reading to understand what a TLOG is and how to recover transactions.
Also known as "anatomy of a TLOG". Found googling StoreTransactionLoggerImpl.

Friday, January 18, 2013

There is one who does....

When I was working as a IT volunteer (actually getting paid, for a NGO) in Africa (Chad), I heard a proverb more or less like this:

il y en a un qui fait
il y en a dix qui ecrivent des livres sur ce qu'a fait celui qui fait
il y en a cent qui organisent des conferences sur les livres que les dix ont ecrit
...

which translates to:

there is one who does
there are ten who write books on what the one who does has done
there are a hundred who organise conferences on the books that the ten have written
....

Very often it's the same in IT.


Thursday, January 17, 2013

How do I make a weblogic server fail?

I needed to start a WebLogic Managed Server and make it fail, to test that the start script correctly reports the issue.

Untargeting the wlsbjmsrpDataSource datasource didn't work - it's not a fatal error unless you use the datasource for Database migration.

The first idea that occurred to me is to set its listen port to the same port used by the Admin Server: in this case the server goes into FAILED_NOT_RESTARTABLE




Tuesday, January 15, 2013

Giacomo Naretti, an Italian engineer at the court of Johannes IV of Ethiopia

It's a wonderful story of adventure, intelligence, wisdom and craftsmanship, an Italian carpenter works for 15 years in Ethiopia at the court of Emperor Johannes IV:

https://sites.google.com/site/giacomonaretti/






Monday, January 14, 2013

Muslims don't allow Catholic Churches to be built in their Countries

If I could get 1 USD cent every time some christian bigot says "Muslims don't allow Catholic Churches to be built in their Countries", I would be rich by now.

This statement is blatantly false.

Read here:

http://www.examiner.com/article/are-christian-churches-allowed-muslim-countries

and here

http://www.politifact.com/truth-o-meter/statements/2010/oct/06/franklin-graham/rev-franklin-graham-says-churches-and-synagogues-a/

I don't care about religions, they are only good at manipulating people for political purposes. I simply get really irritated when people make false historical statements purely to cover their political agenda.



Shelled, Shell script editor in Eclipse

If you are stuck with Eclipse, especially on a VISTA 32 bit as I am, well then I can only sympathize with you, probably after a few days of use you have become so negative and aggressive that you wife divorced you and your children have joined a foster family.

Yet here is a nice add-in to make it easier to write Shell scripts:

http://sourceforge.net/projects/shelled/

http://sourceforge.net/apps/trac/shelled/wiki/Documentation/InstallGuide

To install with the Update mechanism (I tried downloading the zip but installation failed saying that some dependencies were missing, of course STINKING Eclipse dones't tell you which ones)

Help/

https://downloads.sourceforge.net/project/shelled/shelled/ShellEd%202.0.2/update

Sunday, January 13, 2013

More IPhone rants.... IPHONE SUCKS, ITUNES SUCKS

Just wasted one hour because IPuke (sorry, ITunes) hangs when I start it...


At startup, it doesn't even offer you the option to automatically start the Apple Mobile Device service, no no no, you must start it yourself manually... then it offers you to download an update, but it gets stuck... you restart it, and it gets stuck again...


Do yourself a favour, just steer clear of this product, it's really one of the most irritating software I have ever seen.




PS 132K matches in google for "iphone sucks", 116K for "itunes sucks"

I have just joined the facebook "itunes sucks" page.







In memory of a young genius



Aaron Swartz

I have read some of his articles (for instance on "who writes Wikipedia") and I really like the way he thinks out of the box and questions common assumptions.

In many aspects, he reminds me Evariste Galois, one of my "school times" heroes.





Surely, a rare breed in the IT community, where 99% of the people are just completely passive in front of political issues (well, the same is true for all other professions really, we live in a world were people are increasingly skeptic and uninterested about changing the world).

I hope someone will write a note about me the day I die. I doubt. I am one of the pathetic useless 99%.

Read a very nice memorial here

Thursday, January 10, 2013

SQLDeveloper and the connections.xml file

I am trying to generate the connections.xml file used by SQLDeveloper to contain all connection info. It doesn't seem too difficult, the only trick is to encrypt the password.

<?xml version = '1.0' encoding = 'UTF-8'?>
<References xmlns="http://xmlns.oracle.com/adf/jndi">
   <Reference name="hqblln422.acme.com:1551_TST_OSB_ts1_pippo_gm" className="oracle.jdeveloper.db.adapter.DatabaseProvider" xmlns="">
      <Factory className="oracle.jdeveloper.db.adapter.DatabaseProviderFactory"/>
      <RefAddresses>
         <StringRefAddr addrType="OracleConnectionType">
            <Contents>ADVANCED</Contents>
         </StringRefAddr>
         <StringRefAddr addrType="oraDriverType">
            <Contents>thin</Contents>
         </StringRefAddr>
         <StringRefAddr addrType="user">
            <Contents>ts1_pippo_gm</Contents>
         </StringRefAddr>
         <StringRefAddr addrType="role">
            <Contents/>
         </StringRefAddr>
         <StringRefAddr addrType="NoPasswordConnection">
            <Contents>TRUE</Contents>
         </StringRefAddr>
         <StringRefAddr addrType="subtype">
            <Contents>oraJDBC</Contents>
         </StringRefAddr>
         <StringRefAddr addrType="KERBEROS_AUTHENTICATION">
            <Contents>false</Contents>
         </StringRefAddr>
         <StringRefAddr addrType="OS_AUTHENTICATION">
            <Contents>false</Contents>
         </StringRefAddr>
         <StringRefAddr addrType="RaptorConnectionType">
            <Contents>Oracle</Contents>
         </StringRefAddr>
         <StringRefAddr addrType="ConnName">
            <Contents>hqblln422.acme.com:1551_TST_OSB_ts1_pippo_gm</Contents>
         </StringRefAddr>
         <StringRefAddr addrType="customUrl">
            <Contents>jdbc:oracle:thin:@//hqblln422.acme.com:1551/TST_OSB</Contents>
         </StringRefAddr>
         <StringRefAddr addrType="password">
            <Contents>053F1E4CDCA2D3C78B79D97CC5A0ED93CA39ADBDA8ED2CB2D3</Contents>
         </StringRefAddr>
         <StringRefAddr addrType="SavePassword">
            <Contents>true</Contents>
         </StringRefAddr>
         <StringRefAddr addrType="driver">
            <Contents>oracle.jdbc.OracleDriver</Contents>
         </StringRefAddr>
      </RefAddresses>
   </Reference>
</References>



Here a post telling you how to encrypt:

http://stackoverflow.com/questions/1032721/does-anybody-know-what-encrypting-technique-is-jdeveloper-sql-developer-using-to

and here how to decrypt:

http://jvzoggel.wordpress.com/tag/sqldeveloper/

You need these libraries:

/opt/oracle/fmw11_1_1_5/oracle_common/modules/oracle.adf.model_11.1.1/db-ca.jar

/opt/oracle/fmw11_1_1_5/oracle_common/modules/oracle.ldap_11.1.1/ojmisc.jar

and the code is

import oracle.jdevimpl.db.adapter.DatabaseProviderHelper;


cleartextPassword = DatabaseProviderHelper.comingIn(encryptedPassword)


encryptedPassword = DatabaseProviderHelper.goingOut(cleartextPassword)



Friday, January 4, 2013

Testing host connectivity in WLST

Excellent post on all the possible ways to invoke a OS command in Python/WLST

Since in WLST we don't have the option to use "subprocess" (please Oracle there is no need to upgrade WLST to more recent versions of Python, you could sprain an ankle doing that and it's too dangerous), we must use os.popen(command).

Problem with popen is that stderr is not captured, so I found it easier to redirect stderr to stdout


import os

def pingHost(hostname):
    cmd = 'ping -c 4 ' + hostname + ' 2>&1'
    success = False
    result = ''
    for line in os.popen(cmd).readlines():
        result = result + line  
        if "4 packets transmitted, 4 received" in line:
            success = True
    
    return success, result 






To test the actual connection, we should use a socket Since I don't have netcat or nmap, I am using plain old stinky telnet.
export HOST='myhost.acme.com'
export PORT=1522
sleep 5 | telnet $HOST $PORT
this will ensure that the process will be terminated (no hanging, no need to inject a CTRL-] and quit via expect) within 5 seconds.


this will return 1 if connection was successful, 0 otherwise:
sleep 5 | telnet $HOST $PORT | grep -v "Connection refused" | grep "Connected to" | grep -v grep | wc -l

The alternative (faster, no need for timeouts) is using Python sockets:

import socket
host = 'myhost.acme.com'
port = 1522
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect=s.connect((host,port))


so this function works very well:
import socket

def connectToHost(hostname, port):
    try:
        s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
        connect=s.connect((hostname, int(port)))
        s.close()
        return True
    except:
        return False



Make sure you cast port into a int, otherwise you will get the infamous "Address must be a tuple of (hostname, port)" error.

Thursday, January 3, 2013

Next time I want to be a Dolphin



maybe we should learn from dolphins how to have a joyful life without destroying the planet with cars and consumerism