Skip to main content

Deploying weblogic 9.2 with openldap

Install weblogic 9.2


Installed under
/usr/local/bea





Admin console:



http://localhost:7001/console





Start / stop


By default weblogic
comes with some preinstalled examples:


/usr/local/bea/weblogic92/samples/domains/wl_server


To start/stop a
weblogic domain:



  • bin/startWebLogic.sh


  • bin/stopWebLogic.sh



You can also stop
weblogic by killing the pid.


Also in the admin
console, environment, servers.





Quick start



/usr/local/bea/weblogic92/common/bin/quickstart.sh





Domains


Create domain


Create a new domain
with the configuration wizard



/usr/local/bea/weblogic92/common/bin/config.sh



  • create a new
    domain


  • generate
    automatically for weblogic server


  • username/password
    weblogic/weblogic


  • development mode,
    sun sdk 1.5


  • additional
    configuration: yes


  • Adminserver
    defaults: 7001


  • Add managed
    server: name ms1, 7001


  • No clusters


  • No specific
    machines


  • domain name
    domain_oraxe, location /usr/local/bea/user_projects/domains






Delete a domain


Delete the directory
/usr/local/bea/user_projects/domains/<domain>








Configure


Configure wl92 for
xxx


Start administration
server for domain_oraxe



/usr/local/bea/user_projects/domains/domain_oraxe/bin/startWebLogic.sh





Jdbc



  • Jdbc - datasources
    - new


  • name AuditTrail


  • jndi
    AuditTrail.DataSource


  • type Oracle


  • driver Default
    weblogic Oracle XA driver


  • connection pool


  • database xe


  • server localhost


  • username/password
    xxx/xxx


  • test configuration


  • assign to
    administration server


  • open properties


  • connection pool


  • maximum capacity
    50


  • Save, activate
    changes






Another datasource for
jms messages storage.


Make sure you do not
use a xa-enabled jdbc driver.



  • Jdbc - datasources
    - new




  • oracleJmsStorageDS


  • oracleJmsStorageDS


  • Oracle bea type 4
    (not xa)


  • Do not support
    global transactions




  • Assign to
    administration server


  • open properties


  • connection pool


  • maximum capacity
    25


  • Save, activate
    changes.






JMS Server


Services, Messaging,
jms server



  • Create new jms
    server


  • Jms-server-0


  • New jdbc store


  • JDBCStore-Jms


  • AdminServer


  • oracleJmsStorageDS


  • prefix name jms


  • Persistent store -
    JDBCStore-Jms


  • Target AdminServer






Jms Modules



  • Services,
    Messaging, jms modules


  • New system module:
    JmsModulexxx


  • default descriptor
    and location


  • Target adminserver


  • Add resources: no
    (doing later).


  • Save, activate.






Subdeployment


Add a subdeployment to the created jms module.
This will link the jms module to the jms server.



  • Edit
    JmsModulexxx


  • Tab
    subdeployments: New


  • Name JmsServer0


  • Target
    Jms-Server-0


  • Save, activate






Queues and connectionfactory





Connection factory



  • xxxConnectionFactory,
    jndi: xxxConnectionFactory


  • Advanced targets:
    subdpeloyment JmsServer0


  • Edit
    xxxConnectionFactory: Transactions: xa enabled


  • Save, activate






Queues


xxxApplicationQueue


xxxDaemonQueue


xxxSystemQueue


TestJMSQueue



  • All with same name
    and jndi.


  • All with
    subdeployment JmsServer0.


  • After creating
    each queue, open its properties again and go to the delivery failure
    tab; set redelivery delay override to 1000 and redelivery limit to
    10.


  • Save, activate









Save configuration


Create template



/usr/local/bea/weblogic92/common/bin/config_builder.sh


Saves template under
/usr/local/bea/user_templates








Client setup



  • java.home must be
    a jdk 1.5


  • Add
    server/lib/weblogic.jar to the client's classpath.



It seems that wl92 does
not recognise a client's jndi.properties, so add jndi properties
hard-coded in a hash-table:



Hashtable
ht = new Hashtable();



ht.put(Context.INITIAL_CONTEXT_FACTORY,



"weblogic.jndi.WLInitialContextFactory");



ht.put(Context.PROVIDER_URL,



"t3://localhost:7001");







Context
ctx = new InitialContext(ht);









Setting up a different authentication provider


Ldap


In security realm,
myrealm, providers tab, authentication


Add a new openldap
provider.


Edit the properties



  • Name
    openldap-provider


  • Control flag:
    optional


  • Group base dn:
    ou=groups, dc=de, dc=xxx, dc=ag, dc=test


  • User name
    attribute: uid


  • Static group
    object class: groupOfnames


  • Port: 389


  • User base dn:
    ou=people, dc=de, dc=xxx, dc=ag, dc=test


  • User object class:
    person


  • Static group name
    attribute: cn


  • Principal:
    cn=Manager, dc=de, dc=xxx, dc=ag, dc=test


  • Host: localhost


  • Credential:
    carldap


  • Static Group DNs
    from Member DN Filter: (&(member=%M)(objectclass=groupofnames))


  • Static Member DN
    Attribute: member


  • User from name
    filter: (&(uid=%u)(objectclass=person))


  • Group from name
    filter: (&(cn=%g)(objectclass=groupofnames))






This is based on an
openldap with rootdn cn=Manager, dc=de, dc=xxx, dc=ag, dc=test and
password carldap.





To get this working,
load a ldif into ldap that contains following:



dn:
dc=de,dc=xxx,dc=ag,dc=test



objectclass:
top



objectclass:
dcObject



objectclass:
organization



dc:
de



o:
xxx







dn:
ou=People,dc=de,dc=xxx,dc=ag,dc=test



objectclass:
top



objectclass:
organizationalUnit



ou:
People







dn:
uid=weblogic,ou=People,dc=de,dc=xxx,dc=ag,dc=test



objectClass:
top



objectclass:
uidObject



objectclass:
person



sn:
Weblogic



cn:
Weblogic System Account



uid:
weblogic



userpassword:
weblogic







dn:
ou=Groups,dc=de,dc=xxx,dc=ag,dc=test



objectclass:
top



objectclass:
organizationalUnit



ou:
Groups







dn:
cn=Administrators,ou=Groups,dc=de,dc=xxx,dc=ag,dc=test



objectClass:
groupOfNames



objectClass:
top



cn:
Administrators



description:
Administrators group for weblogic



member:
uid=weblogic,ou=People,dc=de,dc=xxx,dc=ag,dc=test





That is, make sure you
have at least the admin weblogic user defined (the user you defined
when setting up the domain), and that this admin user belongs to a
group called Administrators.


When weblogic server
boots, it will read the file <domain>/servers/AdminServer/security/


boot.properties.If you
want to use a different user, make sure you adapt this file too.


To load the above file
(myldap.ldif)



/etc/init.d/ldap
stop && rm /var/lib/ldap/* && /etc/init.d/ldap start



ldapadd
-xv -D 'cn=Manager,dc=de,dc=xxx,dc=ag,dc=test' -w carldap -f
myldap.ldif





Test optional ldap authentication provider


We put the control flag
on OPTIONAL first. If configuration is not right, we should still be
able to login into the admin console.





The easiest is to add
an extra group to the ldif file, and make weblogic member of it:



dn:
cn=TestGroup,ou=Groups,dc=de,dc=xxx,dc=ag,dc=test



objectClass:
groupOfNames



objectClass:
top



cn:
TestGroup



description:
TestGroup for weblogic



member:
uid=weblogic,ou=People,dc=de,dc=xxx,dc=ag,dc=test


In the security realm
providers now add a audit provider that audits all security related
information. It will create a logfile under server/AdminServer/logs.


Now reboot the server.


In the audit log file
you can find the principals that get assigned to a successful login.
If all is well, you should also see a principal TestGroup now ( the
Administrators principal was already created by the default
authentication).


If you do not see then
you will need to debug the ldap connection. If all is well, you can
set the ldap authentication provider to required and the default to
optional.





Debug ldap problems


Under environment,
servers, adminserver you can set debugs.


Set debugs for



  • weblogic.security.adjudicator


  • weblogic.security.atn


  • weblogic.security.atz


  • weblogic.security.rolemap


  • debug security



This is the same as
adding a section to the config/config.xml file:



<server>



<name>AdminServer</name>



<server-debug>



<debug-scope>



<name>weblogic.security.adjudicator</name>



<enabled>true</enabled>



</debug-scope>



<debug-scope>



<name>weblogic.security.atn</name>



<enabled>true</enabled>



</debug-scope>



<debug-scope>



<name>weblogic.security.atz</name>



<enabled>true</enabled>



</debug-scope>



<debug-scope>



<name>weblogic.security.rolemap</name>



<enabled>true</enabled>



</debug-scope>



<debug-security>true</debug-security>



</server-debug>



<listen-address></listen-address>



</server>





Now restart the server,
and you will find a ldap trace file and extensive log files.





Deploying xxx





Settings for weblogic 92


Client:


<wsp>/lib:



  • weblogic.jar






<wsp>/etc/xxx.properties



JNDI.InitialContextFactory
= weblogic.jndi.WLInitialContextFactory



JNDI.URL
= t3://localhost:7001



JNDI.User
= weblogic



JNDI.Password
= weblogic



JNDI.PackagePrefixes
= -







Server:





     
  • xxx-engine.jar/xxx.properties



EJB.ServerVendor
= WEBLOGIC


JMS.MessageListener.ProcessingFailure.Pause
= 1000


Client.ServiceFactory
= ag.xxx.workflow.ejb.EjbEnvServiceFactory











Settings for weblogic 92 with ldap

Client:

<wsp>/lib:


     
  • weblogic.jar

     
  • weblogic-auth.jar
     (this jar holds the xxx specific weblogic authentication classes
     from xxx_HOME/examples/weblogic-auth)





<wsp>/etc/xxx.properties


JNDI.InitialContextFactory
= weblogic.jndi.WLInitialContextFactory


JNDI.URL
= t3://localhost:7001


JNDI.User
= weblogic


JNDI.Password
= weblogic


JNDI.PackagePrefixes
= -


Credential.Provider
= 


Secure.Session.Factory
=
ag.xxx.examples.authentication.weblogic.WeblogicSecureSessionFactory


Security.Authentication.ConfigurationName
= 





server


     
  • xxx.ear/ldap-sync.jar
     (from xxx_HOME/examples/ldap-sync)

     
  • xxx.ear/xxx-engine.jar/xxx.properties



EJB.ServerVendor
= WEBLOGIC


JMS.MessageListener.ProcessingFailure.Pause
= 1000


Security.Authentication.Mode
= principal






Security.Authorization.SynchronizationProvider
= ag.xxx.examples.authorization.ldap.LDAPSynchronizationProvider






LDAPSynchronization.ServerName
= localhost






LDAPSynchronization.ServerPort
= 389






LDAPSynchronization.RootDN
= dc=de,dc=xxx,dc=ag,dc=test






LDAPSynchronization.UserFilter
= (&(uid=%v)(objectclass=inetOrgPerson))






LDAPSynchronization.ParticipantFilter
=
(&(objectClass=groupOfUniqueNames)(uniqueMember=uid=%v,ou=People,dc=de,dc=xxx,dc=ag,dc=test))






Client.ServiceFactory
= ag.xxx.workflow.ejb.EjbEnvServiceFactory





Problem with cleanup runtime / synchronization
caches

Currently some tests fail as the synchronization
between ldap and audittrail occurs too late. Timerbasedstrategy is
set at 10s. 

If your run a cleanup, but cache is still there,
the engine might think audittrail is uptodate, where in fact it is
empty.







































Comments








Post a Comment













Popular posts from this blog



















Create a groovy console and bind to selenium




























  Required groovy files  In the previous posting we defined the pom file that we need for our build environment. Now we will setup some groovy files to get selenium and groovy running interactively.    ConsoleWaiter.groovy  The idea of Groovy Console I found on some other sides. Honour goes for instance too: http://josefbetancourt.wordpress.com/tag/eclipse-2/  I copied some code of this, and put it under src/test/groovy/com/jankester/selenium/test/utils:  package com.jankester.selenium.test.utils  /**  * File:  ConsoleWaiter.groovy  */  import groovy.lang.Binding; import groovy.ui.Console;  /**  * Provides a wrapper for the console.  *  * Based on source by John Green  * Adapted from:  http://www.oehive.org/files/ConsoleWaiter.groovy  * Released under the Eclipse Public License  * http://www.eclipse.org/legal/epl-v10.html  *  * I added methods to allow use from Java.  *  * The run() method launches the console and causes this thread  * to sleep until the console's window is closed.




















1 comment









Read more




























SSL handshake failed: Secure connection truncated




























Got this problem on Ubuntu 9.10 and 10.10.   svn co --username=xx https:/yy zz “SSL handshake failed: Secure connection truncated”   According to this link bug-ubuntu   The solution is:  sudo apt-get install libneon27 cd /usr/lib/ sudo rm libneon-gnutls.so.27 sudo ln -s /usr/lib/libneon.so.27 libneon-gnutls.so.27 




















13 comments









Read more




























Junit4 running parallel junit classes




























 To run junit testcases parallel, you can create your own class to run junit with:   Add this tag to your class declaration.   @RunWith(Parallelized.class)   Implementation of this class looks like:   package mypackage; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import java.util.concurrent.TimeUnit; import org.junit.runners.Parameterized; import org.junit.runners.model.RunnerScheduler; public class Parallelized extends Parameterized {         private static class ThreadPoolScheduler implements RunnerScheduler     {         private ExecutorService executor;                 public ThreadPoolScheduler()         {             String threads = System.getProperty("junit.parallel.threads", "16");             int numThreads = Integer.parseInt(threads);             executor = Executors.newFixedThreadPool(numThreads);         }                 public void finished()         {             executor.shutdown();             try            




















Post a Comment









Read more