When installing WebLogic, a JDK is picked up, and stored in several "hidden" files:
$WEBLOGIC_HOME/coherence_3.6/.product.properties (JAVAHOME and JAVA_HOME)
$WEBLOGIC_HOME/oracle_common/inventory/Components21/oracle.swd.oui/11.1.0.9.0/context.xml
$WEBLOGIC_HOME/osb/inventory/Components21/oracle.swd.oui/11.1.0.9.0/context.xml
$WEBLOGIC_HOME/wlserver_10.3/.product.properties (JAVA_HOME, WLS_JAVA_HOME, JAVAHOME)
and possibly others
One of these values is stored in the $DOMAIN_HOME/bin/setDomainEnv.sh
If by any chance you change JDK (NOT RECOMMENDED AT ALL!!!), I would recommend to reinstall the binaries altogether.
Wednesday, January 30, 2013
Saturday, January 26, 2013
WebLogic: developing Web Applications
Developing WebLogic Web Applications has proven quite tricky to me; and I remember that it was tricky 8 years ago, last time I did it.... so not much seems to have changed.
As a rule, when things act weird:
- clear cookies
- rm -rf $DOMAIN_HOME/servers/$SERVER_NAME/tmp/
- rm -rf $DOMAIN_HOME/servers/$SERVER_NAME/cache/
- update webapp
- restart server
In Tomcat I never had all these problems.... mystery....
As a rule, when things act weird:
- clear cookies
- rm -rf $DOMAIN_HOME/servers/$SERVER_NAME/tmp/
- rm -rf $DOMAIN_HOME/servers/$SERVER_NAME/cache/
- update webapp
- restart server
In Tomcat I never had all these problems.... mystery....
Thursday, January 24, 2013
WebLogic secured Web Application
web.xml:
here I define a role "webuser" to protect my resources:
weblogic.xml:
here associate the role "webuser" to a principal myGroup
I have tried to record the creation of the myGroup and myUser in WebLogic, but I got a message "A security change to a role, policy, user, group or credential mapping was made, but this change was not recorded"
Manually, just click on Security Realms, myrealm, Users and Groups, groups, new, create myGroup, then Users, create myUser and assing it the group "myGroup".
With WLST:
here I define a role "webuser" to protect my resources:
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>PVWebApp</display-name> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> </welcome-file-list> <security-constraint> <web-resource-collection> <web-resource-name>Success</web-resource-name> <url-pattern>/index.jsp</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>webuser</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>default</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>webuser</role-name> </security-role> </web-app>
weblogic.xml:
here associate the role "webuser" to a principal myGroup
<!DOCTYPE weblogic-web-app PUBLIC "-//BEA Systems, Inc.//DTD Web Application 8.1//EN" "http://www.bea.com/servers/wls810/dtd/weblogic 810-web-jar.dtd"> <weblogic-web-app> <security-role-assignment> <role-name>webuser</role-name> <principal-name>myGroup</principal-name> </security-role-assignment> </weblogic-web-app>
I have tried to record the creation of the myGroup and myUser in WebLogic, but I got a message "A security change to a role, policy, user, group or credential mapping was made, but this change was not recorded"
Manually, just click on Security Realms, myrealm, Users and Groups, groups, new, create myGroup, then Users, create myUser and assing it the group "myGroup".
With WLST:
connect('Pierluigi', 'weblogic1', 't3://myhost.com:7001') atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthenticationProvider('DefaultAuthenticator') group = 'proton_group' atnr.createGroup(group,group) user = 'proton_user' password= 'proton_password' atnr.createUser(user,password,user) atnr.addMemberToGroup(group,user)
WebLogic, OpenLDAP and Active Directory
Excellent tutorial on how to use Active Directory to authenticate WebLogic users:
Download AD (application mode) here http://www.microsoft.com/en-us/download/details.aspx?id=4201
Follow instructions here http://weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/
OpenLDAP
For Windows:
Installation instructions http://www.userbooster.de/en/support/feature-articles/openldap-for-windows-installation.aspx (contains link to download)
Start it, then use http://jxplorer.org/ to add users
2 interesting posts by Jambay
https://blogs.oracle.com/jamesbayer/entry/using_ldap_as_a_userstore_for
https://blogs.oracle.com/jamesbayer/entry/using_openldap_with_weblogic_s
Personally I quite give up, OpenLDAP seems to be a very unstable and poorly documented product, I install it and when I run I get:
destination attributeType 'samaccountname' is not defined
which is quite obscene for a OOTB installation.
Download AD (application mode) here http://www.microsoft.com/en-us/download/details.aspx?id=4201
Follow instructions here http://weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/
OpenLDAP
For Windows:
Installation instructions http://www.userbooster.de/en/support/feature-articles/openldap-for-windows-installation.aspx (contains link to download)
Start it, then use http://jxplorer.org/ to add users
2 interesting posts by Jambay
https://blogs.oracle.com/jamesbayer/entry/using_ldap_as_a_userstore_for
https://blogs.oracle.com/jamesbayer/entry/using_openldap_with_weblogic_s
Personally I quite give up, OpenLDAP seems to be a very unstable and poorly documented product, I install it and when I run I get:
destination attributeType 'samaccountname' is not defined
which is quite obscene for a OOTB installation.
WebLogic transaction recovery and TLOGs
Just read this excellent collection of experiments, priceless and essential reading to understand what a TLOG is and how to recover transactions.
Also known as "anatomy of a TLOG". Found googling StoreTransactionLoggerImpl.
Also known as "anatomy of a TLOG". Found googling StoreTransactionLoggerImpl.
Labels:
tlog
Friday, January 18, 2013
There is one who does....
When I was working as a IT volunteer (actually getting paid, for a NGO) in Africa (Chad), I heard a proverb more or less like this:
il y en a un qui fait
il y en a dix qui ecrivent des livres sur ce qu'a fait celui qui fait
il y en a cent qui organisent des conferences sur les livres que les dix ont ecrit
...
which translates to:
there is one who does
there are ten who write books on what the one who does has done
there are a hundred who organise conferences on the books that the ten have written
....
Very often it's the same in IT.
il y en a un qui fait
il y en a dix qui ecrivent des livres sur ce qu'a fait celui qui fait
il y en a cent qui organisent des conferences sur les livres que les dix ont ecrit
...
which translates to:
there is one who does
there are ten who write books on what the one who does has done
there are a hundred who organise conferences on the books that the ten have written
....
Very often it's the same in IT.
Thursday, January 17, 2013
How do I make a weblogic server fail?
I needed to start a WebLogic Managed Server and make it fail, to test that the start script correctly reports the issue.
Untargeting the wlsbjmsrpDataSource datasource didn't work - it's not a fatal error unless you use the datasource for Database migration.
The first idea that occurred to me is to set its listen port to the same port used by the Admin Server: in this case the server goes into FAILED_NOT_RESTARTABLE
Untargeting the wlsbjmsrpDataSource datasource didn't work - it's not a fatal error unless you use the datasource for Database migration.
The first idea that occurred to me is to set its listen port to the same port used by the Admin Server: in this case the server goes into FAILED_NOT_RESTARTABLE
Tuesday, January 15, 2013
Giacomo Naretti, an Italian engineer at the court of Johannes IV of Ethiopia
It's a wonderful story of adventure, intelligence, wisdom and craftsmanship, an Italian carpenter works for 15 years in Ethiopia at the court of Emperor Johannes IV:
https://sites.google.com/site/giacomonaretti/
https://sites.google.com/site/giacomonaretti/
Monday, January 14, 2013
Muslims don't allow Catholic Churches to be built in their Countries
If I could get 1 USD cent every time some christian bigot says "Muslims don't allow Catholic Churches to be built in their Countries", I would be rich by now.
This statement is blatantly false.
Read here:
http://www.examiner.com/article/are-christian-churches-allowed-muslim-countries
and here
http://www.politifact.com/truth-o-meter/statements/2010/oct/06/franklin-graham/rev-franklin-graham-says-churches-and-synagogues-a/
I don't care about religions, they are only good at manipulating people for political purposes. I simply get really irritated when people make false historical statements purely to cover their political agenda.
This statement is blatantly false.
Read here:
http://www.examiner.com/article/are-christian-churches-allowed-muslim-countries
and here
http://www.politifact.com/truth-o-meter/statements/2010/oct/06/franklin-graham/rev-franklin-graham-says-churches-and-synagogues-a/
I don't care about religions, they are only good at manipulating people for political purposes. I simply get really irritated when people make false historical statements purely to cover their political agenda.
Shelled, Shell script editor in Eclipse
If you are stuck with Eclipse, especially on a VISTA 32 bit as I am, well then I can only sympathize with you, probably after a few days of use you have become so negative and aggressive that you wife divorced you and your children have joined a foster family.
Yet here is a nice add-in to make it easier to write Shell scripts:
http://sourceforge.net/projects/shelled/
http://sourceforge.net/apps/trac/shelled/wiki/Documentation/InstallGuide
To install with the Update mechanism (I tried downloading the zip but installation failed saying that some dependencies were missing, of course STINKING Eclipse dones't tell you which ones)
Help/
https://downloads.sourceforge.net/project/shelled/shelled/ShellEd%202.0.2/update
Yet here is a nice add-in to make it easier to write Shell scripts:
http://sourceforge.net/projects/shelled/
http://sourceforge.net/apps/trac/shelled/wiki/Documentation/InstallGuide
To install with the Update mechanism (I tried downloading the zip but installation failed saying that some dependencies were missing, of course STINKING Eclipse dones't tell you which ones)
Help/
https://downloads.sourceforge.net/project/shelled/shelled/ShellEd%202.0.2/update
Sunday, January 13, 2013
More IPhone rants.... IPHONE SUCKS, ITUNES SUCKS
Just wasted one hour because IPuke (sorry, ITunes) hangs when I start it...
At startup, it doesn't even offer you the option to automatically start the Apple Mobile Device service, no no no, you must start it yourself manually... then it offers you to download an update, but it gets stuck... you restart it, and it gets stuck again...
Do yourself a favour, just steer clear of this product, it's really one of the most irritating software I have ever seen.
PS 132K matches in google for "iphone sucks", 116K for "itunes sucks"
I have just joined the facebook "itunes sucks" page.
At startup, it doesn't even offer you the option to automatically start the Apple Mobile Device service, no no no, you must start it yourself manually... then it offers you to download an update, but it gets stuck... you restart it, and it gets stuck again...
Do yourself a favour, just steer clear of this product, it's really one of the most irritating software I have ever seen.
PS 132K matches in google for "iphone sucks", 116K for "itunes sucks"
I have just joined the facebook "itunes sucks" page.
In memory of a young genius
Aaron Swartz
I have read some of his articles (for instance on "who writes Wikipedia") and I really like the way he thinks out of the box and questions common assumptions.
In many aspects, he reminds me Evariste Galois, one of my "school times" heroes.
Surely, a rare breed in the IT community, where 99% of the people are just completely passive in front of political issues (well, the same is true for all other professions really, we live in a world were people are increasingly skeptic and uninterested about changing the world).
I hope someone will write a note about me the day I die. I doubt. I am one of the pathetic useless 99%.
Read a very nice memorial here
Thursday, January 10, 2013
SQLDeveloper and the connections.xml file
I am trying to generate the connections.xml file used by SQLDeveloper to contain all connection info. It doesn't seem too difficult, the only trick is to encrypt the password.
Here a post telling you how to encrypt:
http://stackoverflow.com/questions/1032721/does-anybody-know-what-encrypting-technique-is-jdeveloper-sql-developer-using-to
and here how to decrypt:
http://jvzoggel.wordpress.com/tag/sqldeveloper/
You need these libraries:
/opt/oracle/fmw11_1_1_5/oracle_common/modules/oracle.adf.model_11.1.1/db-ca.jar
/opt/oracle/fmw11_1_1_5/oracle_common/modules/oracle.ldap_11.1.1/ojmisc.jar
and the code is
<?xml version = '1.0' encoding = 'UTF-8'?> <References xmlns="http://xmlns.oracle.com/adf/jndi"> <Reference name="hqblln422.acme.com:1551_TST_OSB_ts1_pippo_gm" className="oracle.jdeveloper.db.adapter.DatabaseProvider" xmlns=""> <Factory className="oracle.jdeveloper.db.adapter.DatabaseProviderFactory"/> <RefAddresses> <StringRefAddr addrType="OracleConnectionType"> <Contents>ADVANCED</Contents> </StringRefAddr> <StringRefAddr addrType="oraDriverType"> <Contents>thin</Contents> </StringRefAddr> <StringRefAddr addrType="user"> <Contents>ts1_pippo_gm</Contents> </StringRefAddr> <StringRefAddr addrType="role"> <Contents/> </StringRefAddr> <StringRefAddr addrType="NoPasswordConnection"> <Contents>TRUE</Contents> </StringRefAddr> <StringRefAddr addrType="subtype"> <Contents>oraJDBC</Contents> </StringRefAddr> <StringRefAddr addrType="KERBEROS_AUTHENTICATION"> <Contents>false</Contents> </StringRefAddr> <StringRefAddr addrType="OS_AUTHENTICATION"> <Contents>false</Contents> </StringRefAddr> <StringRefAddr addrType="RaptorConnectionType"> <Contents>Oracle</Contents> </StringRefAddr> <StringRefAddr addrType="ConnName"> <Contents>hqblln422.acme.com:1551_TST_OSB_ts1_pippo_gm</Contents> </StringRefAddr> <StringRefAddr addrType="customUrl"> <Contents>jdbc:oracle:thin:@//hqblln422.acme.com:1551/TST_OSB</Contents> </StringRefAddr> <StringRefAddr addrType="password"> <Contents>053F1E4CDCA2D3C78B79D97CC5A0ED93CA39ADBDA8ED2CB2D3</Contents> </StringRefAddr> <StringRefAddr addrType="SavePassword"> <Contents>true</Contents> </StringRefAddr> <StringRefAddr addrType="driver"> <Contents>oracle.jdbc.OracleDriver</Contents> </StringRefAddr> </RefAddresses> </Reference> </References>
Here a post telling you how to encrypt:
http://stackoverflow.com/questions/1032721/does-anybody-know-what-encrypting-technique-is-jdeveloper-sql-developer-using-to
and here how to decrypt:
http://jvzoggel.wordpress.com/tag/sqldeveloper/
You need these libraries:
/opt/oracle/fmw11_1_1_5/oracle_common/modules/oracle.adf.model_11.1.1/db-ca.jar
/opt/oracle/fmw11_1_1_5/oracle_common/modules/oracle.ldap_11.1.1/ojmisc.jar
and the code is
import oracle.jdevimpl.db.adapter.DatabaseProviderHelper; cleartextPassword = DatabaseProviderHelper.comingIn(encryptedPassword) encryptedPassword = DatabaseProviderHelper.goingOut(cleartextPassword)
Labels:
sqldeveloper
Friday, January 4, 2013
Testing host connectivity in WLST
Excellent post on all the possible ways to invoke a OS command in Python/WLST
Since in WLST we don't have the option to use "subprocess" (please Oracle there is no need to upgrade WLST to more recent versions of Python, you could sprain an ankle doing that and it's too dangerous), we must use os.popen(command).
Problem with popen is that stderr is not captured, so I found it easier to redirect stderr to stdout
To test the actual connection, we should use a socket Since I don't have netcat or nmap, I am using plain old stinky telnet.
this will return 1 if connection was successful, 0 otherwise:
sleep 5 | telnet $HOST $PORT | grep -v "Connection refused" | grep "Connected to" | grep -v grep | wc -l
The alternative (faster, no need for timeouts) is using Python sockets:
so this function works very well:
Make sure you cast port into a int, otherwise you will get the infamous "Address must be a tuple of (hostname, port)" error.
Since in WLST we don't have the option to use "subprocess" (please Oracle there is no need to upgrade WLST to more recent versions of Python, you could sprain an ankle doing that and it's too dangerous), we must use os.popen(command).
Problem with popen is that stderr is not captured, so I found it easier to redirect stderr to stdout
import os def pingHost(hostname): cmd = 'ping -c 4 ' + hostname + ' 2>&1' success = False result = '' for line in os.popen(cmd).readlines(): result = result + line if "4 packets transmitted, 4 received" in line: success = True return success, result
To test the actual connection, we should use a socket Since I don't have netcat or nmap, I am using plain old stinky telnet.
export HOST='myhost.acme.com' export PORT=1522 sleep 5 | telnet $HOST $PORTthis will ensure that the process will be terminated (no hanging, no need to inject a CTRL-] and quit via expect) within 5 seconds.
this will return 1 if connection was successful, 0 otherwise:
sleep 5 | telnet $HOST $PORT | grep -v "Connection refused" | grep "Connected to" | grep -v grep | wc -l
The alternative (faster, no need for timeouts) is using Python sockets:
import socket host = 'myhost.acme.com' port = 1522 s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) connect=s.connect((host,port))
so this function works very well:
import socket def connectToHost(hostname, port): try: s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) connect=s.connect((hostname, int(port))) s.close() return True except: return False
Make sure you cast port into a int, otherwise you will get the infamous "Address must be a tuple of (hostname, port)" error.
Labels:
WLST
Thursday, January 3, 2013
Next time I want to be a Dolphin
maybe we should learn from dolphins how to have a joyful life without destroying the planet with cars and consumerism
Subscribe to:
Posts (Atom)