PREGUNTAS O COMENTARIOS
2. PLAN DE GESTION DE OLORES Diseño e implementación PREGUNTAS O COMENTARIOS
SETTING CONTENTS
JMX Enablement System Userid Userid used for logging onto JMX Mbeans
JMX Enablement System Password Password to be used for JMX Enablement System Userid RMI Port for JMX Web Port number to allocate to the JMX for the Web Application Server
This information is added to the spl.properties file in the etc/conf/root/WEB- INF/classes subdirectory for the environment, for the Web Application Server. An example of
the applicable settings is shown below:
spl.runtime.management.rmi.port=.. spl.runtime.management.connector.url.default=service:jmx:rmi: ///jndi/rmi://hostname:../oracle/ouaf/webAppConnector jmx.remote.x.password.file=scripts/ouaf.jmx.password.file jmx.remote.x.access.file=scripts/ouaf.jmx.access.file ouaf.jmx.com.splwg.base.support.management.mbean.JVMInfo=enab led ouaf.jmx.com.splwg.base.web.mbeans.FlushBean=enabled The following settings are important to the JMX monitor:
• The spl.runtime.management.connector.url.default is the JMX url to be
used in the JMX console or JMX browser.
• The jmx.remote.x.password.file and jmx.remote.x.access.file are
the default security setup for the JMX. These are for basic security setup. For more information about the files and alternative security setups refer to http://java.sun.com/javase/6/docs/technotes/guides/management/agent.html.
• The ouaf.jmx.* settings enable individual beans at startup time. These may be enabled at
runtime.
Once the Web Application Server component is started; the JMX Mbeans defined in this configuration are started and a JSR160 compliant JMX console or JMX browser can be used to connect to the JMX Mbeans. The remote URL and credentials are provided as configured above.
Within the JMX console or JMX browser there are a number of specific facilities that are available: • It is possible to manage the data within the Web Application Server cache from JMX. In past
releases of Oracle Utilities Application Framework this was possible using utility URLS's which required the IT group to logon to the product to issue commands. This is still possible but can be replaced with JMX console commands. This is controlled by the FlushBean
Mbean.
• It is possible to get environmental information about the Web Application Server Java Virtual Machine (JVM) for support purposes. . In past releases of Oracle Utilities Application Framework this was possible using utility URLS's which required the IT group to logon to the product to issue commands. This is still possible but can be replaced with JMX console commands. This is controlled by the JVMInfo Mbean.
• It is possible to get internal JVM information about the Web Application Server using the JVMSystem Mbean. This is an extension of the base Java MXBeans (http://java.sun.com/javase/6/docs/api/java/lang/management/package-summary.html). By default these are disabled and can be seen by executing the enableJVMSystemBeans
operation from the BaseMasterBean. When enabled the following additional areas can be
monitored via JMX for the Web Application Server: • Class Loading statistics
• Memory statistics
• Operating System statistics (statistics vary by platform). • JVM Runtime information (additional to JVMInfo)
• Thread statistics – Statistics on individual java threads.
Note: No confirmation (i.e. Are You Sure?) dialog is provided with most JMX consoles or JMX browser so care should be taken when issuing commands.
Enabling autodeployment for Oracle WebLogic console
Note: The technique shown below applies to Oracle Utilities Application Framework V4.1 and above. For other versions of the Oracle Utilities Application Framework custom templates or manual changes are necessary from the Oracle WebLogic console. Refer to the Configuration And Operations Guides for those products for more information.
By default, Oracle WebLogic is deployed on demand, on first use, when using the default templates supplied by the product. This behavior can be altered to autodeploy the console at startup to save the initial delays when first using the console.
To autodeploy the console on startup add the following to the
%SPLEBASE%\templates\CM_config.xml.win.exit_3.include user exit file (for
Windows) or $SPLEBASE/templates/CM_config.xml.exit_3.include user exit file
(for Linux/Unix):
<internal-apps-deploy-on-demand-enabled>false</internal-apps-deploy-on-demand-enabled>
Run the initialSetup utility to reflect the change. This configuration will be added to the Oracle
WebLogic configuration.
Password Management solution for Oracle WebLogic
One of the common requests for an enhancement is the ability for users to change their application passwords from within the product. Typically password management is scoped outside the product's domain as it is considered infrastructure. This does not mean the product need not provide the interface to change the password, but it is the infrastructure's responsibility to provide a mechanism to change the passwords used in the security store.
The issue becomes then if the infrastructure provides such an interface for the product to hook into. There are a number of patterns in this area:
• Customers implement an identity management solution to manage the passwords, expiry and rules. In this case the implementation needs to interface to the identity management solution by calling the appropriate facilities in the identity management solution around passwords. Of course, the J2EE Web Application Server used is then interfaced into the identity management solution or the related security store to provide the authentication mechanism. • Customers link the security store for authentication directly to the security configuration of
the J2EE Web Application Server. In this case, the J2EE Web Application Server provides the interface to the password change facility.
In the latter case, if you are a customer using Oracle WebLogic, there is an example JSP available under Oracle TechNet (registration required) under Code Samples (project S20) to allow an application to change the passwords, irrespective of the security used. This example can be altered to suit your sites standards and linked to the product as a custom JSP via a Navigation key to link to the appropriate menu.
Error configuring Oracle WebLogic credentials
When the product is installed with Oracle WebLogic, the security repository used by the environment is populated with an initial Administration System userid (usually system) to be used to create other
credentials post installation. To use this user within Oracle WebLogic it must encrypted (along with the password) before it can be used. The installer calls a java class within Oracle WebLogic to encrypt this userid and password, but if the path to Oracle WebLogic is incorrect, specified in the
WEB_SERVER_HOME (or WL_HOME6
…<crit> Error occured while running java -
Dweblogic.RootDirectory=…/splapp weblogic.security.Encrypt : ) parameter the installer will return this error when attempting to encrypt the user:
Output is Exception in thread "main"
java.lang.NoClassDefFoundError: weblogic/security/Encrypt Caused by: java.lang.ClassNotFoundException:
weblogic.security.Encrypt …
Could not find the main class: weblogic.security.Encrypt. Program will exit.
To fix this issue set the WEB_SERVER_HOME using the configureEnv[.sh] –i utility (or set WL_HOME) to access the appropriate security encryption classes.
6 WL_HOME is used by Oracle Utilities Application Framework V2.x. WEB_SERVER_HOME is used by
Corrupted SPLApp.war
By default, the product installer uses archive mode for the product deployment (this is true for Oracle WebLogic and IBM WebSphere – though in Oracle WebLogic expanded mode is also supported). When using
archive mode the product utilities build the product into a set of J2EE WAR and EAR files prior to deployment.
The WAR and EAR build is performed by the initialSetup[.sh] utility. Refer to the Server
Administration Guides or Configuration and Operations Guides
If, for any reason, the WAR or EAR files are not built completely, and are therefore are corrupted, then
the product start may abort. This can manifest in a number of error messages depending on the nature of the corruption:
for the product for a detailed description of the options and operations supported by this utility.
… <info> ERROR: …/splapp/applications/SPLApp.war war file does not exist. Problem with the environment. Exiting. or
weblogic.management.DeploymentException: Unexpected end of ZLIB input stream
at
weblogic.application.internal.EarDeploymentFactory.findOrCrea teComponentMBeans(EarDeploymentFactory.java:189)
…
To resolve this issue then rerun the initialSetup[.sh] utility to recompile the WAR and EAR
files.
Web Application Server Logs
In the Server Administration Guide or Operations and Configuration Guide for your product the product specific logs are outlined including the formats and location. Given the product runs within a J2EE Web Application Server, that server also has a set of configuration files that can be used for diagnostic information.
The table below outlines the default set of J2EE Web Application Server log files: TABLE 18 – WEB APPLICATION SERVER LOGS
ORACLE WEBLOGIC ($SPLEBASE/LOGS/SYSTEM) IBM WEBSPHERE ($WAS_HOME/PROFILES/APPSVR01/LOGS/<SERVER>)
myserver.log SystemErr.log
weblogic_current.log SystemOut.log
access.log startServer.log
exception.log activity.log
IBM WebSphere Specific Advice
The Oracle Utilities Application Framework supports both Oracle WebLogic and IBM WebSphere. Most of the J2EE Web Application server specific advice in this document pertains to Oracle WebLogic. This section outlines some advice specific to IBM WebSphere installations.
Refer to http://publib.boulder.ibm.com/infocenter/pvcsensa/v7r0m0/index.jsp?topic=/com.ibm.wse.doc_7.0
.0/ts_common.html for common IBM WebSphere tips and techniques.
Note: If your site does not use IBm WebSphere then ignore this section.
Class Loading Issues
By default IBM WebSphere loads its own classes ahead of any classes used by products running within WebSphere. If there is a conflict or a different version of the class the default behavior under IBM WebSphere then the IBM WebSphere versions are used and that may cause conflicts if the product uses a different version (such as a newer version of the class libraries). To avoid issues with the classes provided with IBM WebSphere and any Oracle Utilities Application Framework based product, it is highly recommended to set the class loadinf within IBM WebSphere to load parent (i.e. WebSphere) class libraries last.
Note: The Oracle Utilities Application Framework does not
To set this value, navigate to the Enterprise Applications [Web Enterprise Application Name] Manage Modules option within the IBM WebSphere console. Select Class Loader Order and then choose Classes loaded with local class loader first (parent last) to set the correct value.
include its own class loader as it uses the class loading options in the J2EE Web Application Server.
If this setting is not set then startup or runtime errors may occur similar to the one below: [12/28/10 23:14:31:854 PST] 00000000 FfdcProvider W
com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere70-
64/AppServer/profiles/AppSrv01/logs/ffdc/server8_35c035c_10.1 2.28_23.14.31.7522146543044581884850.txt com.ibm.ws.webcontainer.webapp.WebApp.notifyServletContextCre ated 1341 [12/28/10 23:14:31:896 PST] 00000000 webapp E com.ibm.ws.webcontainer.webapp.WebApp
notifyServletContextCreated SRVE0283E: Exception caught while initializing context: {0} java.lang.NoSuchMethodError: com/ibm/icu/math/BigDecimal.<init>(Ljava/math/BigDecimal;)V at com.splwg.base.support.sql.NumericSQLTypeHelper.getFromResult Set(NumericSQLTypeHelper.java:50)
Note: Oracle Utilities Application Framework V4.x and above , uses Enterprise Java Beans (EJB) for the Business Application Server. This advice therefore only applies to that version.
By default during the deployment process the product configuration settings within IBM WebSphere are set correctly. If there is an issue with the deployment, for any reason, typically the EJB definitions are the most likely to be set incorrectly.
Typically an error similar to the one below is displayed:
12/28/10 23:14:40:039 PST] 00000000 WASSessionCor I SessionContextRegistry getSessionContext SESN0176I: Will create a new session context for application key
default_host/ouaf/help
[12/28/10 23:14:40:103 PST] 00000000 webcontainer I com.ibm.ws.wswebcontainer.VirtualHost addWebApplication SRVE0250I: Web Module null has been bound to
default_host[*:9081,*:80,*:9444,*:5065,*:5064,*:443,*:9083]. [12/28/10 23:14:40:152 PST] 00000000 ApplicationMg A
WSVR0221I: Application started: SPLWeb-server8
[12/28/10 23:14:40:176 PST] 00000000 CompositionUn A WSVR0191I: Composition unit WebSphere:cuname=SPLWeb-server8 in BLA WebSphere:blaname=SPLWeb-server8 started.
[12/28/10 23:14:40:200 PST] 00000000 ContainerHelp E WSVR0501E: Error creating component
com.ibm.ws.runtime.component.CompositionUnitMgrImpl@67a067a com.ibm.ws.exception.RuntimeWarning:
javax.naming.NameAlreadyBoundException: The
com.splwg.ejb.service.Service interface of the SPLServiceBean bean in the spl-servicebean-4.1.0.jar module of the
SPLService-server8 application cannot be bound to the ouaf/servicebean name location. The
com.splwg.ejb.liteservice.api.ServiceRemote interface of the TUGBULiteServiceBean bean in the spl-servicebean-4.1.0.jar module of the SPLService-server8 application has already been bound to the ouaf/servicebean name location.
To correct this the WAR/EAR files can either be rebuilt and redeployed using the
initialSetup[.sh] utility or the target JNDI name definition for the default EJB module
TUGBULiteServiceBean be set correctly (to <Web Context
Root>/TUGBULiteServiceBean where <Web Context Root> is the context assigned for
the environment URL [usually ouaf]).
CORBA Transient Security Errors
In IBM WebSphere a number of users are setup by the installation process in the initial setup. These users are:
• A user to administrate the product on the IBM WebSphere console (by default wasadmin).
• A user for the Web Application Server to securely connect to the Enterprise Java Beans on the Business Application Server (by default webjndi).
If these users are not setup correctly (directly or indirectly) then the product will experience a
org.omg.CORBA.TRANSIENT error thrown by IBM WebSphere. To correct this navigate to the
Environment Naming CORBA Naming Service Users option and ensure both the users that are used
above (in particular webjndi) have the following CORBA roles: • Cos Naming Read
• Cos Naming Write • Cos Naming Create • Cos Naming Delete
User Profile Errors
The userid from the product is passed as part of the application context in each transaction between the browser client and the Web Application Server. If the security components are not configured correctly then an error stating No User profile found for user=' ' (though authenticated to web server as 'null') can
occur. For example:
… 0000001a SystemOut O - 006177-10-1 2011-05-03 11:39:03,681 [WebContainer : 1] WARN
(web.services.InitializeUserTag) No user profile found for user='' (though authenticated to web server as 'null') com.splwg.shared.common.ApplicationError: (Server Message) Category: 11001
Number: 902 Call Sequence:
Program Name: InitializeUserService
Text: User does not have Display Profile.
Description: The current user does not have a valid Display Profile. Please refer to the Display Profile setting on the User record.
Table: null Field: null at com.splwg.base.domain.web.InitializeUserService.read(Initiali zeUserService.java:71) at com.splwg.base.support.pagemaintenance.AbstractPageMaintenanc e.readItem(AbstractPageMaintenance.java:91)…
To resolve it is important to ensure that the security configuration of IBM WebSPhere is correct. At a minimum the following should be enabled in the IBM WebSphere console in the relevant security section:
• Enable administrative security • Enable application security • Enable LTPA