Sunday, March 22, 2015

How to enable SSL debug tracing in Weblogic Server?

How to enable SSL debug tracing in Weblogic Server?

Add the following start up options to the start up file startWebLogic.cmd/startWebLogic.sh or startManagedWebLogic.cmd/startManagedWebLogic.sh based on which file is used to start the server to enable SSL debug tracing in Weblogic Server.

JAVA_OPTIONS="${JAVA_OPTIONS} -Dweblogic.debug.DebugSecuritySSL=true -Dweblogic.debug.DebugSSL=true -Dweblogic.StdoutDebugEnabled=true -Dweblogic.log.StdoutSeverityLevel=Debug -Dweblogic.log.LogSeverity=Debug"



Invocation of https/SSL service is not working from OSB

Invocation of https/SSL service is not working from OSB

We were trying to install the wildcard certificate to enable the communication from OSB to end system, but the following exception was displayed in the log file and also the communication to the end system is failing even though the certificate installation was successful;

<Jan 23, 2015 10:45:05 PM PST> <Notice> <Security> <localhost> <AdminServer> <[ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <bac54c313ca42523:46f5522b:14b61066510:-7ffd-000000000008b798> <1423456801909> <BEA-090898> <Ignoring the trusted CA certificate "CN=*.sample.com,O=Sample,L=Sample,ST=Sample,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
After analysis, we found that JSSE flag should be enabled along with Custom Host Name Verification (weblogic.security.utils.SSLWLSWildcardHostnameVerifier) to support wildcard certificate.

ssl_config

 After enabling the JSSE flag, none of the https communication from OSB is working but https communication from BPEL is working fine even with the wildcard certificate(BPEL and OSB is running in the same server).

The following exception is thrown while invoking the https service from OSB.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>
BEA-380000: General runtime error: java.lang.NullPointerException
</faultstring>
<detail>
<con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-380000</con:errorCode>
<con:reason>
General runtime error: java.lang.NullPointerException
</con:reason>
<con:location>
<con:node>RouteToSFDC_SearchService_BS</con:node>
<con:path>request-pipeline</con:path>
</con:location>
</con:fault>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>

This is the internal OSB server issue; the cause of the issue is that the AsyncResponseHandler does not properly register JSSEFilter for JSSE SSL.
The Weblogic patch 11866509 based on the Weblogic server version (this issues is identified in Weblogic server version 10.3.4 and 10.3.5) should be installed to resolve the issue.


Tuesday, May 13, 2014

Enabling/Disabling the Debug flags through WLST script - Weblogic

Enabling/Disabling the Debug flags through WLST script in Weblogic Server

The Debugging flags will help us to enable/disable the debugging for different modules in weblogic.
This can done in different ways.

JVM start arguments:

Add the flags with -D to the server start up script
-DDebugEjbCaching=true

Through Admin Console:

Environment-->Servers--><<Server>>-->Debug
Select the required flags and click on Enable/Disable.


WLST Script:

EnableORDisableDFlags.py

adminURL='t3://localhost:8000'
adminUserName='weblogic'
adminPassword='welcome1'
connect(adminUserName, adminPassword, adminURL)

edit()
startEdit()
serverNames=cmo.getServers()
for name in serverNames:
cd('/Servers/'+name.getName()+'/ServerDebug/'+name.getName())
set('DebugSSL','true')
print 'Modified the DFlag for '+name.getName()
save()
activate()
disconnect()

Execute the script.
cd %WLS_HOME%\common\bin
wlst.sh EnableORDisableDFlags.py



Saturday, May 3, 2014

Enabling the weblogic server to Backup/Archive the configurations(config directory) through WLST script

Enabling the weblogic server to Backup/Archive the configurations(config directory) through WLST script

By enabling the backup/archiving in Weblogic, the administration Server can automatically backups the domain configuration (the entire domain-name/config directory) during the server boot to DOMAIN_HOME\config-original.jar and config-booted.jar. Also multiple versions of the domain config will be archived by the Administration Server, each time the domain configuration is modified into the DOMAIN_CONFIG\configArchive folder.The configuration archives can be used for system restoration in cases where accidental configuration changes need to be reversed.

The below WLST script will help us to enable the backup/archiving.

EnableArchiving.py

adminURL='t3://localhost:8000'
adminUserName='weblogic'
adminPassword='welcome1'
connect(adminUserName, adminPassword, adminURL)
domainRuntime()
edit()
startEdit()
cmo.setConfigBackupEnabled(true)
cmo.setArchiveConfigurationCount(5)
save()
activate()

Execute the script.
cd %WLS_HOME%\common\bin
wlst.sh EnableArchiving.py

Verify the configuration

To verify the configuration- Login to admin console-->Click on Domain in the left panel-->Expand the Advanced in General Configuration section


When the Admin Server starts up it automatically makes a backup of  DOMAIN_HOME/config directory and stores it in DOMAIN_HOME/config-original.jar(original configuration file while restarting the server) and once the start up  completed(booted) successfully it makes a backup of DOMAIN_HOME/config directory and stores it in DOMAIN_HOME/config-booted.jar(the config file on which the server is booted successfully) .



Tuesday, April 29, 2014

Setting the XA Transaction timeout values for a datasource in weblogic server through WLST script

Setting the XA Transaction timeout values for a datasource in weblogic server through WLST script

This post explain the approach to set some of the important timeout properties for XA datasources in weblogic server through WLST script.

Set XA Transaction Timeout:

Enables WebLogic Server to set a transaction branch timeout based on the value for XaTransactionTimeout.

When enabled, the WebLogic Server Transaction Manager calls XAResource.setTransactionTimeout() before calling XAResource.start, and passes either the XA Transaction Timeout value or the global transaction timeout.

XA Transaction Timeout:

The number of seconds to set as the transaction branch timeout.
If set, this value is passed as the transaction timeout value in the XAResource.setTransactionTimeout() call on the XA resource manager, typically the JDBC driver.

When this value is set to 0, the WebLogic Server Transaction Manager passes the global WebLogic Server transaction timeout in seconds in the method.

If set, this value should be greater than or equal to the global WebLogic Server transaction timeout.

XA Retry Duration:

Determines the duration in seconds for which the transaction manager will perform recover operations on the resource. A value of zero indicates that no retries will be performed.

XA Retry Interval:

The number of seconds between XA retry operations if XARetryDurationSeconds is set to a positive value.

SetXATimeoutProperties.py

def setXATimeoutProperties():
   dsName='SOADataSource'
   edit()
   startEdit()
       
   server='AdminServer'
   cd("Servers/"+server)
   target=cmo
 
   print '========================================='
   print 'Setting the timeout properties for DataSource....'
   print '========================================='  
           
   cd('/JDBCSystemResources/'+dsName+'/JDBCResource/'+dsName+'/JDBCXAParams/'+dsName)
   cmo.setXaSetTransactionTimeout(true)

   cd('/JDBCSystemResources/'+dsName+'/JDBCResource/'+dsName+'/JDBCXAParams/'+dsName)
   cmo.setXaTransactionTimeout(3000)

   cd('/JDBCSystemResources/'+dsName+'/JDBCResource/'+dsName+'/JDBCXAParams/'+dsName)
   cmo.setXaRetryDurationSeconds(300)

   cd('/JDBCSystemResources/'+dsName+'/JDBCResource/'+dsName+'/JDBCXAParams/'+dsName)
   cmo.setXaRetryIntervalSeconds(60)

   save()
   activate()

   print 'Timeout settings for the datasource '+dsName+' has been completed'
 
 
def main():
     
    adminURL='t3://localhost:7201'
    adminUserName='weblogic'
    adminPassword='Test1234'
    connect(adminUserName, adminPassword, adminURL)
    setXATimeoutProperties()
    disconnect()

     

main()

Execute the script:
cd %WLS_HOME%\common\bin
wlst.sh SetJDBCTimeoutProperties.py

Restart the server after successful execution.