Arquivo

Archive for the ‘Weblogic’ Category

Creating custom keystores for weblogic environment

On my example below I have 3 managed servers.

1 – Declare your variables:

#EXPORT DOMAIN AND JAVA HOME
export JAVA_HOME=/u01/oracle/products/fmw/$env/jdk/bin/keytool
export DOMAIN_HOME=/u01/oracle/config/$env/domains/$env

#FILL WITH THE LISTEN ADDRESS FROM ADMIN SERVERS AND NODE MANAGERS
export ADMIN=Admin-server01
export MN_SERVER1=node-server01
export MN_SERVER2=node-server02
export MN_SERVER3=node-server03

#CREATE A KEYPASS AND DELETE the PASS AFTER GENERATE IT 😉
export KEYPASS=mykeypass01

#FILL THE CERT INFORMATION WITHOUT HOSTNAME

export CERT_DATA=”OU=mycompany,O=myOrg,L=MyLocal,ST=MyState,C=MC”

# FOLDER TO CREATE THE KEYSTORE
mkdir  $DOMAIN_HOME/keystore

2 – Create the keystores:

#CREATING A NEW KEYSTORE for Admin and managed servers

$JAVA_HOME/bin/keytool -keystore $ADMIN-trust.jks -genkey -alias $ADMIN-trust -keystore $DOMAIN_HOME/keystore/$ADMIN-trust.jks -storepass $KEYPASS -dname “CN=$ADMIN-trust,$CERT_DATA” -keypass $KEYPASS
$JAVA_HOME/bin/keytool -keystore $ADMIN-identity.jks -genkey -alias $ADMIN -keystore $DOMAIN_HOME/keystore/$ADMIN-identity.jks -storepass $KEYPASS -dname “CN=$ADMIN,$CERT_DATA” -keypass $KEYPASS

$JAVA_HOME/bin/keytool -keystore $MN_SERVER1-trust.jks -genkey -alias $MN_SERVER1-trust -keystore $DOMAIN_HOME/keystore/$MN_SERVER1-trust.jks -storepass $KEYPASS -dname “CN=$MN_SERVER1-trust,$CERT_DATA” -keypass $KEYPASS
$JAVA_HOME/bin/keytool -keystore $MN_SERVER1-identity.jks -genkey -alias $MN_SERVER1 -keystore $DOMAIN_HOME/keystore/$MN_SERVER1-identity.jks -storepass $KEYPASS -dname “CN=$MN_SERVER1,$CERT_DATA” -keypass $KEYPASS

$JAVA_HOME/bin/keytool -keystore $MN_SERVER2-trust.jks -genkey -alias $MN_SERVER2-trust -keystore $DOMAIN_HOME/keystore/$MN_SERVER2-trust.jks -storepass $KEYPASS -dname “CN=$MN_SERVER2-trust,$CERT_DATA” -keypass $KEYPASS
$JAVA_HOME/bin/keytool -keystore $MN_SERVER2-identity.jks -genkey -alias $MN_SERVER2 -keystore $DOMAIN_HOME/keystore/$MN_SERVER2-identity.jks -storepass $KEYPASS -dname “CN=$MN_SERVER2,$CERT_DATA” -keypass $KEYPASS

$JAVA_HOME/bin/keytool -keystore $MN_SERVER3-trust.jks -genkey -alias $MN_SERVER3-trust -keystore $DOMAIN_HOME/keystore/$MN_SERVER3-trust.jks -storepass $KEYPASS -dname “CN=$MN_SERVER3-trust,$CERT_DATA” -keypass $KEYPASS
$JAVA_HOME/bin/keytool -keystore $MN_SERVER3-identity.jks -genkey -alias $MN_SERVER3 -keystore $DOMAIN_HOME/keystore/$MN_SERVER3-identity.jks -storepass $KEYPASS -dname “CN=$MN_SERVER3,$CERT_DATA” -keypass $KEYPASS

$JAVA_HOME/bin/keytool -export -keystore $DOMAIN_HOME/keystore/$ADMIN-identity.jks -alias $ADMIN -file $DOMAIN_HOME/keystore/$ADMIN.crt -keypass $KEYPASS
$JAVA_HOME/bin/keytool -export -keystore $DOMAIN_HOME/keystore/$MN_SERVER1-identity.jks -alias $MN_SERVER1 -file $DOMAIN_HOME/keystore/$MN_SERVER1.crt -keypass $KEYPASS
$JAVA_HOME/bin/keytool -export -keystore $DOMAIN_HOME/keystore/$MN_SERVER2-identity.jks -alias $MN_SERVER2 -file $DOMAIN_HOME/keystore/$MN_SERVER2.crt -keypass $KEYPASS
$JAVA_HOME/bin/keytool -export -keystore $DOMAIN_HOME/keystore/$MN_SERVER3-identity.jks -alias $MN_SERVER3 -file $DOMAIN_HOME/keystore/$MN_SERVER3.crt -keypass $KEYPASS

3 – Import all as trusted

#IMPORT ALL THE TRUSTED CERTS TO ALL THE KEYSTORES
$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$ADMIN-trust.jks -storepass $KEYPASS -alias $ADMIN -file $DOMAIN_HOME/keystore/$ADMIN.crt -noprompt
$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$MN_SERVER1-trust.jks -storepass $KEYPASS -alias $ADMIN -file $DOMAIN_HOME/keystore/$ADMIN.crt -noprompt
$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$MN_SERVER2-trust.jks -storepass $KEYPASS -alias $ADMIN -file $DOMAIN_HOME/keystore/$ADMIN.crt -noprompt
$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$MN_SERVER3-trust.jks -storepass $KEYPASS -alias $ADMIN -file $DOMAIN_HOME/keystore/$ADMIN.crt -noprompt

$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$ADMIN-trust.jks -storepass $KEYPASS -alias $MN_SERVER1 -file $DOMAIN_HOME/keystore/$MN_SERVER1.crt -noprompt
$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$MN_SERVER1-trust.jks -storepass $KEYPASS -alias $MN_SERVER1 -file $DOMAIN_HOME/keystore/$MN_SERVER1.crt -noprompt
$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$MN_SERVER2-trust.jks -storepass $KEYPASS -alias $MN_SERVER1 -file $DOMAIN_HOME/keystore/$MN_SERVER1.crt -noprompt
$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$MN_SERVER3-trust.jks -storepass $KEYPASS -alias $MN_SERVER1 -file $DOMAIN_HOME/keystore/$MN_SERVER1.crt -noprompt

$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$ADMIN-trust.jks -storepass $KEYPASS -alias $MN_SERVER2 -file $DOMAIN_HOME/keystore/$MN_SERVER2.crt -noprompt
$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$MN_SERVER1-trust.jks -storepass $KEYPASS -alias $MN_SERVER2 -file $DOMAIN_HOME/keystore/$MN_SERVER2.crt -noprompt
$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$MN_SERVER2-trust.jks -storepass $KEYPASS -alias $MN_SERVER2 -file $DOMAIN_HOME/keystore/$MN_SERVER2.crt -noprompt
$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$MN_SERVER3-trust.jks -storepass $KEYPASS -alias $MN_SERVER2 -file $DOMAIN_HOME/keystore/$MN_SERVER2.crt -noprompt

$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$ADMIN-trust.jks -storepass $KEYPASS -alias $MN_SERVER3 -file $DOMAIN_HOME/keystore/$MN_SERVER3.crt -noprompt
$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$MN_SERVER1-trust.jks -storepass $KEYPASS -alias $MN_SERVER3 -file $DOMAIN_HOME/keystore/$MN_SERVER3.crt -noprompt
$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$MN_SERVER2-trust.jks -storepass $KEYPASS -alias $MN_SERVER3 -file $DOMAIN_HOME/keystore/$MN_SERVER3.crt -noprompt
$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$MN_SERVER3-trust.jks -storepass $KEYPASS -alias $MN_SERVER3 -file $DOMAIN_HOME/keystore/$MN_SERVER3.crt -noprompt

4 – Import custom certs:

#IMPORTING CUSTOM CERTS (LDAP IN E.G.). Uncomment this session if you want custom certs to be imported. copy these lines for each cert.

#$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$ADMIN-trust.jks -storepass $KEYPASS -alias <YOUR ALIAS HERE!!> -file <YOUR KEY FILE HERE!!> -noprompt
#$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$MN_SERVER1-trust.jks -storepass $KEYPASS -alias <YOUR ALIAS HERE!!> -file <YOUR KEY FILE HERE!!> -noprompt
#$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$MN_SERVER2-trust.jks -storepass $KEYPASS -alias <YOUR ALIAS HERE!!> -file <YOUR KEY FILE HERE!!> -noprompt
#$JAVA_HOME/bin/keytool -import -keystore $DOMAIN_HOME/keystore/$MN_SERVER3-trust.jks -storepass $KEYPASS -alias <YOUR ALIAS HERE!!> -file <YOUR KEY FILE HERE!!> -noprompt

Create a shellscript with all these lines above. 😉

Cheers

Anúncios

Simple way to log your spring component inside your weblogic domain

With these simple steps below you can debug / log your spring component.

  1. create your log4j.properties

log4j.rootCategory=INFO, stdout

log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{ABSOLUTE} %5p %t %c{2}:%L – %m%n

log4j.category.org.springframework.beans.factory=DEBUG

2. Edit your startup parameters:

-Dlog4j.configuration=file:/foo/bar/log4j.properties -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger -Dweblogic.log.Log4jLoggingEnabled=true

3. You need to install two libs: wllog4j.jar and log4j.jar. just search in your middle home for the wllog4j.jar and download the log4j.jar from the web.

4 . Restart your environment. and pay me a beer.

Cheers. 😉

 

Categorias:Weblogic Tags:, ,

java.lang.ClassNotFoundException: oracle.as.scheduler.security.MetadataPermissionId

Is this error below?

 

<Failed to initialize the application “EssNativeHostingApp [Version=V1.0]” due to error weblogic.application.ModuleException: java.lang.ClassNotFoundException: oracle.as.scheduler.security.MetadataPermissionId
weblogic.application.ModuleException: java.lang.ClassNotFoundException: oracle.as.scheduler.security.MetadataPermissionId
at weblogic.application.internal.ExtensibleModuleWrapper.prepare(ExtensibleModuleWrapper.java:114)
at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:100)
at weblogic.application.internal.flow.ModuleStateDriver$1.next(ModuleStateDriver.java:175)
at weblogic.application.internal.flow.ModuleStateDriver$1.next(ModuleStateDriver.java:170)
at weblogic.application.utils.StateMachineDriver$ParallelChange.run(StateMachineDriver.java:80)
Truncated. see log file for complete stacktrace
Caused By: java.lang.ClassNotFoundException: oracle.as.scheduler.security.MetadataPermissionId
at weblogic.utils.classloaders.GenericClassLoader.findLocalClass(GenericClassLoader.java:357)
at weblogic.utils.classloaders.GenericClassLoader.findClass(GenericClassLoader.java:318)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at weblogic.utils.classloaders.GenericClassLoader.loadClass(GenericClassLoader.java:186)
Truncated. see log file for complete stacktrace

You have a library missing.
find the ess-sec.jar on your FMW installation and check if exists in your classpath. 😉

Cheers

 

 

javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

I will post how you can do a workaround on this issue, but I strongly recommend you think twice before do it on your production environment.

If you are getting messages like this:

<BEA-000000> <[Thread[[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’,5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.wrap(ByteBuffer,ByteBuffer).
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.Handshaker.activate(Handshaker.java:470)
at sun.security.ssl.SSLEngineImpl.kickstartHandshake(SSLEngineImpl.java:714)
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1213)
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1169)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
at weblogic.security.SSL.jsseadapter.JaSSLEngine$1.run(JaSSLEngine.java:68)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:732)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.wrap(JaSSLEngine.java:66)
at weblogic.socket.JSSEFilterImpl.wrapAndWrite(JSSEFilterImpl.java:619)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:91)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59)
at weblogic.socket.JSSESocket.startHandshake(JSSESocket.java:170)

  1. Enable SSL debug (-Djavax.net.debug=ssl)
  2. try to find on your logs the protocol type that you are using, On my example is SSLv3

<[Thread[[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’,5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setEnabledProtocols(String[]): value=SSLv3.>

Edit this file:

<$JAVA_HOME>/jre/lib/security/java.security

Now, search for your protocol type. My example was SSLv3. Put a comment(#), remove or if on your debug you are getting the error with the key size, reduce the KeySize parameter on this line:

jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768

Cheers

 

 

Error on EM – Flow diagram for this BPEL process instance is unavailable… composite has been undeployed

Situation:

You have the composite working and started, you have sure that you do not made any undeploy,  but you are not able to open the flow chart.

 

composite_undeployed

Solution:

Try to figure out on your AdminServer if you have problems with the socket size. On my case i had messages as below:

weblogic.socket.MaxMessageSizeExceededException: Incoming message of size: ‘10043392’ bytes exceeds the configured maximum of: ‘10000000’ byt
es for protocol: ‘t3’.
weblogic.socket.MaxMessageSizeExceededException: Incoming message of size: ‘10043392’ bytes exceeds the configured maximum of: ‘10000000’ byte
s for protocol: ‘t3’
at weblogic.rjvm.t3.MuxableSocketT3.read(MuxableSocketT3.java:711)
at weblogic.socket.NIOSocketMuxer.readFromSocket(NIOSocketMuxer.java:617)
at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:930)
at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:907)
at weblogic.socket.NIOSocketMuxer.process(NIOSocketMuxer.java:495)
Truncated. see log file for complete stacktrace

If you have something similar to this message above, You need to increase the “Maximum Message Size” of your server.

– Login into WLS Admin Console
– Expand Environment -> Servers -> (Corresponding server)
– Protocols -> General tab
– Increase the “Maximum Message Size” value accordingly.

Cheers 😉

Categorias:SOA, Weblogic Tags:, , , ,

Weblogic Server Crashed With Error ‘X connection to localhost:10.0 broken’

If you are getting this error on your log, try to do the steps below:

1) Kill the Node Manager
2) on shell, type “unset DISPLAY”

[oracle@mywlsserver]$ unset DISPLAY

3) Start the Node Manager again

Explanation:

On some Weblogic old versions and old JDK versions, we have this bug.

The symptoms indicate that the application configuration is setting the DISPLAY variable somewhere or is being run from X-forward command prompt. When this occurs, WLS tries to forward the output to an X display. However, this will fail if X is not used or not even installed on the OS.

Bye.
😉

 

 

Categorias:Middleware, Unix, Weblogic Tags:,

<Failed to join cluster wliCluster at address X.X.X.X due to: java.net.SocketException: No such device. java.net.SocketException: No such device

This is not hard to solve. Check my example below:

<Mar 13, 2015 10:32:40 AM BRT> <Error> <Cluster> <BEA-000116> <Failed to join cluster wliCluster at address 237.0.0.2 due to: java.net.SocketException: No such device.
java.net.SocketException: No such device
at java.net.PlainDatagramSocketImpl.join(Native Method)
at java.net.PlainDatagramSocketImpl.join(PlainDatagramSocketImpl.java:134)
at java.net.MulticastSocket.joinGroup(MulticastSocket.java:274)
at weblogic.cluster.FragmentSocket.initializeMulticastSocket(FragmentSocket.java:92)
at weblogic.cluster.FragmentSocket.start(FragmentSocket.java:109)
at weblogic.cluster.MulticastManager.startListening(MulticastManager.java:172)
at weblogic.cluster.ClusterCommunicationService.initialize(ClusterCommunicationService.java:43)
at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:924)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:670)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:344)
at weblogic.Server.main(Server.java:32)
>
<Mar 13, 2015 10:32:40 AM BRT> <Critical> <WebLogicServer> <BEA-000364> <Server failed during initialization. Exception:weblogic.server.ServerLifecycleException: Failed to listen on multicast address
weblogic.server.ServerLifecycleException: Failed to listen on multicast address
at weblogic.cluster.ClusterCommunicationService.initialize(ClusterCommunicationService.java:48)
at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:924)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:670)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:344)
at weblogic.Server.main(Server.java:32)
Caused by: java.net.SocketException: No such device
at java.net.PlainDatagramSocketImpl.join(Native Method)
at java.net.PlainDatagramSocketImpl.join(PlainDatagramSocketImpl.java:134)
at java.net.MulticastSocket.joinGroup(MulticastSocket.java:274)
at weblogic.cluster.FragmentSocket.initializeMulticastSocket(FragmentSocket.java:92)
at weblogic.cluster.FragmentSocket.start(FragmentSocket.java:109)
at weblogic.cluster.MulticastManager.startListening(MulticastManager.java:172)
at weblogic.cluster.ClusterCommunicationService.initialize(ClusterCommunicationService.java:43)
… 4 more
>
<Mar 13, 2015 10:32:40 AM BRT> <Emergency> <WebLogicServer> <BEA-000342> <Unable to initialize the server: weblogic.server.ServerLifecycleException: Failed to listen on multicast addressNo such device>
***************************************************************************
The WebLogic Server did not start up properly.
Exception raised: ‘java.net.SocketException: No such device’
Reason: weblogic.server.ServerLifecycleException: Failed to listen on multicast addressNo such device
***************************************************************************

The problem is that you have no multicast route on your server. To solve this problem try to do something like this:

1) who is my multicast address?
– On my example, my Cluster IP is 237.0.0.2, so my multicast address is 237.0.0.0/8

2) add the route, using the same interface that you need to bind:

route add -net 237.0.0.0/8 eth1

This must solve your issue.

bye 😉