From May 2016

OTD in FMW 12.2.1


Now in FMW version 12.2.1 Oracle Traffic Director (OTD) is integrated with Entreprise Manager. OTD is a software balancer solution included in ExaLogic and Oracle Public Cloud PaaS offering such as JCS, SOACS, …

OTD allows internal load balancing between different FMW components such as OSB, BPM, WCP, WCC, MFT, … without the need to route internal traffic through the external LBR, hence improving performance by reducing latency as well as simplifying configuration and dependencies in network admistrator staff: the only configuration you’ll have to request to the F5 administrators is the pool of http servers.

From /em console you can create all OTD stuff such as listeners, proxies, server pools, failover groups, …:

This slideshow requires JavaScript.

Monitoring features are included as well:

This slideshow requires JavaScript.

Failover configuration and the rest of OTD features are also included in the new Alta look & feel:

This slideshow requires JavaScript.

Resources:

IMPORTANT NOTE: Read OTD licensing information regarding its utilization.

Enjoy 😉

Q: Where does the 5000ms timeout come from when I get “process(Lweblogic.cluster.messaging.internal.ClusterMessage;) timed out after: 5000ms..”?


And we said:

The 5000ms is the currently default value for DatabaseLessLeasingBasisMBean.MessageDeliveryTimeout mbean propety.

This is the stack trace generated by a weblogic managed server leader in a cluster defined with consensus migration in wich another cluster node probably died (or was very busy):

Apr 25, 2016 10:47:42 AM CEST> <Warning> <RJVM> <BEA-000573> <RequestTimeout for 
message id 71,049 with message: RJVM response from 'weblogic.rjvm.RJVMImpl@4d7a17a8 
- id: '2862061204926831748S:172.16.78.135:[7003,-1,-1,-1,-1,-1,-1]:PRENOMAD:
prenomad2' connect time: 'Mon Apr 25 09:30:02 CEST 2016'' for 'process
(Lweblogic.cluster.messaging.internal.ClusterMessage;)' timed out after: 5000ms..> 
 weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception 
 at weblogic.cluster.messaging.internal.RMIClusterMessageEndPointImpl_12130_WLStub.
process(Unknown Source) 
 at weblogic.cluster.messaging.internal.RMIClusterMessageSenderImpl.send
(RMIClusterMessageSenderImpl.java:115) 
 at weblogic.cluster.messaging.internal.RMIClusterMessageSenderImpl.send
(RMIClusterMessageSenderImpl.java:93) 
 at weblogic.cluster.messaging.internal.RMIClusterMessageSenderImpl.send
(RMIClusterMessageSenderImpl.java:88) 
 at weblogic.cluster.messaging.internal.ClusterMessageSenderWrapper.send
(ClusterMessageSenderWrapper.java:56) 
 at weblogic.cluster.leasing.databaseless.ServerFailureDetectorImpl$PingTimer.
timerExpired(ServerFailureDetectorImpl.java:309) 
 at weblogic.timers.internal.TimerImpl.run(TimerImpl.java:304) 
 at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run
(SelfTuningWorkManagerImpl.java:548) 
 at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311) 
 at weblogic.work.ExecuteThread.run(ExecuteThread.java:263) 
 Caused by: weblogic.rmi.extensions.RequestTimeoutException: RJVM response from 
'weblogic.rjvm.RJVMImpl@4d7a17a8 - id: '2862061204926831748S:172.16.78.135:
[7003,-1,-1,-1,-1,-1,-1]:PRENOMAD:prenomad2' connect time: 'Mon Apr 25 09:30:02 
CEST2016'' for 'process(Lweblogic.cluster.messaging.internal.ClusterMessage;)' 
timed out after: 5000ms. 
 at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:255) 
 at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:304) 
 ... 10 more

Enjoy 😉

Securing some parts of a WebApp in WebLogic


These are the steps to protect some urls of a web application deployed in WebLogic:

AUTHENTICATION PROVIDERS

Create appropiate authentication provider configuration. Restart WebLogic AdminServer and check that you are getting users, groups and user/groups membership from the external ldap repository

DEPLOYMENT DESCRIPTORS

Supose:

  • You have a group in LDAP called extranetgroup. User joe belongs to extranetgroup
  • You want to protect application under /extranet/* url pattern

web.xml:

Create the appropiate security configuration in web.xml:

 <security-constraint>
        <display-name>mySecurityConstraint</display-name>
        <web-resource-collection>
            <web-resource-name>extranet</web-resource-name>
            <description/>
            <url-pattern>/extranet/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>extranetrole</role-name>
        </auth-constraint>
        <user-data-constraint>
            <description/>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    <security-role>
        <description/>
        <role-name>extranetrole</role-name>
    </security-role>

weblogic.xml:

Create the appropiate security in weblogic.xml*. Here is where you map roles to LDAP principals (users or groups)

<security-role-assignment>
    <role-name>extranetrole</role-name>
    <principal-name>extranetgroup</principal-name>
</security-role-assignment>

Please notice that you don’t need to inform

Deploy or redeploy your applicaction with DDonly security model

DDonly-deployment

(*) If your application is ear packaged (with weblogic-application.xml included) bear in mind that this file has preference over weblogic.xml

Enjoy 😉

ApacheDS, user groups membership and WebLogic


In ApacheDS, the ldap search for getting the group names a user (for instance cn=juan,ou=usuarios,0=acmecorp) belongs to is as follows:

(&
(objectClass=groupofuniquenames)
(uniqueMember=2.5.4.3=juan,2.5.4.11=usuarios,2.5.4.10=acmecorp)
)

In weblogic, for the supported ldap auth providers, the user membership configuration pattern setting is:

(&(<someattribute>=%M)(objectclass=<someobjectclass>))

Therefore a custom authenticator provider is needed in order to get it working.

Enjoy 😉

 

Q: Why af:selectOneChoice unselectedLabel is not catched by valueChangeListener?


And we said: unselectedLabel has associated a null value, it is intended for end user information purposes the first time the drop-down list is loaded on page. Hint: set required=true and requiredMessageDetail=whatevermessagetext if you want to force the user to select a value from drop-down list.

Enjoy 😉

To Cache or not to cache, that is the question, which is the answer?


The answer as almost always is: it depends!

We are living in a cached world, otherwise the information systems would be crashing on and on. But caches are not the best solution if you have hidden defects. Let’ review a few recipes:

Are you doing functional an acceptance testing?

you’d better disable all of them and test everyone of your functionalities to find out what heavens you really have in your hands

What about the solution builder in the development environment(whatever it is)?

You must switch on and off constantly in order to probe all uses cases, cached and not cached

Are you doing stress testing, performance test results are  horrendous and someone recommends you “cache them all or you won’t be able go live!”

You are died! Your system beaviour will be erratic and need to be bounced at peek times every day, help desk collapsed, users crying and  red faces managers pated on the back when meeting people in the corridors,…

Your solution runs smoothly, no latencies, very short response time, no bottleneck at all and you need to scale up/out?

Probably you can cache it, but don’t let your guard down! Test it again and again and if every is OK you will be able to cache and save money with a small sizing than the in not cached approach. Consider the cost of the cache solution, not all stuff is good and cheap, trust me!

Enjoy 😉