Friday, December 4, 2015

Enabling / Installing Oracle API Manager in Embedded SOA Suite that comes with Jdeveloper 12.2.1.


Below are the steps to install Oracle API Manager in Embedded SOASuite
  1. Stop the Embedded Server in JDeveloper
  2. Go to program files. Go to your 12.2.1 start menu select the “Configuration Wizard” in tools
    image

  3. Select Update an Existing Domain and select the domain in the
    %APPDATA%\Roaming\JDEVELOPER
    Click next
    image

  4. Select Oracle API Manager and hit next
    image

  5. Don’t change anything on this screen and Click Nextimage

  6. Click Update
    image

  7. Click Next when Progress is complete
    image

  8. Click Finish
    image
  9. Start the Embedded Server
  10. Now to open APIManager 
    Use the following URL  http://localhost:7101/apimanager

    image
Posted by at No comments:
Labels: , , , ,

Connecting to SOA Derby Database in JDeveloper 12.2.1


To connect to local derby use the following settings in the Jdeveloper Connection Properties
Leave the password empty
image
Posted by at 12 comments:
Labels:

Sunday, August 2, 2015

Using setWhereClause in ADFBC properly

Avoid SQL Injection in ADFBC.
Securely using ADFBC.
ADF BC is a robust framework that lets developers simplify code for Data Access in ADF Application.  ADF does a great Job by using prepared statements across all SQLs it generates. Thus improving security of the application. 
ADF developers are also given a access to write their own where clause on a view Object using the setWhereClause method on View Object.
Most developers tend to misuse this method by typing in statements by appending strings. Which can be used to inject SQL
for e.g.
Wrong Way
vo.setWhereClause(OrderNumber = ‘”+   pOrderNo  + “’”)
vo.executeQuery()



The best way to use this method securely is

Correct Way

vo.setWhereClause(OrderNumber = ?)
vo.setWhereClauseParams(new Object[] { pOrderNo  });
vo.executeQuery()
vo.setWhereClauseParams(null);
Posted by at No comments:
Labels: ,

Monday, June 29, 2015

Working with Class loading problems on Weblogic

Figuring out which jar file is a java class loaded from in a web application might be cumbersome. Weblogic makes it easy with an inbuilt application called Classloader Analysis Tool(wls-cat).

How to access it?

This can be accessed from http://<Weblogic URL>:<port>/wls-cat.
for e.g  http://localhost:7101/wls-cat

I tried the URL, But cannot access it

This is deployed on demand only in development mode.
If you created a domain in production mode. You can deploy it onto that server. The application comes with Weblogic installation. You can find it in wlserver\server\lib\ directory. The war file you need to install is wls-cat.war

What can I do with it?

You can dig into it by application. See the order in which jars are loaded. you can search a class and see where was it loaded from. Enough detail to understand and solve almost all class loading issues.


image
image
Posted by at No comments:
Labels:

Wednesday, June 24, 2015

Stop Weblogic from validating basic authentication automatically


If you have custom code written in your web service/application that uses basic authentication. And you don't want the weblogic to authenticate the user. Instead you want to write the authentication in your application code.

Weblogic by default automatically authenticates the user if it finds an authentication in the HTTP header against the realm and gives a “404 – unauthorized” back. This will happen even if you don't have any security configured in your web.xml.

To stop this from happening.
Add  <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>  in the <security-configuration> tag  inside config.xml of your Weblogic domain. 
 
for e.g. 
<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd">
  <name>base_domain</name>
  <domain-version>12.1.3.0.0</domain-version>
  <security-configuration>
    <name>base_domain</name>
    <realm>
      <sec:authentication-provider xsi:type="wls:default-authenticatorType">
        <sec:name>DefaultAuthenticator</sec:name>
      </sec:authentication-provider>
      <sec:authentication-provider xsi:type="wls:default-identity-asserterType">
        <sec:name>DefaultIdentityAsserter</sec:name>
        <sec:active-type>AuthenticatedUser</sec:active-type>
      </sec:authentication-provider>
      <sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType">
        <sec:name>XACMLRoleMapper</sec:name>
      </sec:role-mapper>
      <sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType">
        <sec:name>XACMLAuthorizer</sec:name>
      </sec:authorizer>
      <sec:adjudicator xsi:type="wls:default-adjudicatorType">
        <sec:name>DefaultAdjudicator</sec:name>
      </sec:adjudicator>
      <sec:credential-mapper xsi:type="wls:default-credential-mapperType">
        <sec:name>DefaultCredentialMapper</sec:name>
      </sec:credential-mapper>
      <sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType">
        <sec:name>WebLogicCertPathProvider</sec:name>
      </sec:cert-path-provider>
      <sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
      <sec:name>myrealm</sec:name>
      <sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
        <sec:name>SystemPasswordValidator</sec:name>
        <pas:min-password-length>8</pas:min-password-length>
        <pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
      </sec:password-validator>
    </realm>
    <default-realm>myrealm</default-realm>
    <credential-encrypted>{AES}yU9xHRMY0WFsY6F4Yf6DQ09xjtmR7VPGpdrwT+c7kaXxSB8Wky+64z8kZ+fBudis+VsHIMoFCjo7zqaF2aVfCY6RHeorI90oo8siu+wn31duct2QI1CmhRKuCCZylPei</credential-encrypted>
    <node-manager-username>weblogic</node-manager-username>
    <node-manager-password-encrypted>{AES}6iWAp7ftiYlStgO/SyX9iHQ0frHRYdcHkzagtc9hoE8=</node-manager-password-encrypted>
    <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
  </security-configuration>

Posted by at No comments:
Labels:

Tuesday, June 23, 2015

How to Deploy ADF10g applications on Weblogic 12C.

You might ask me why, we had a scenario where it’s easier to manage fewer variety of application servers.  legacy 10g applications will be replaced by new applications in a couple of years. Until then reduce infrastructure’s load.

Weblogic Server Setup.

You might ask me why, we had a scenario where it’s easier to manage fewer types of application servers.  And it was too expensive to re write legacy 10g applications and decided to let some new systems take over the old applications. Until then reduce infrastructure team’s load and their ability to train. 

  1. Create a basic Weblogic domain. And add clusters and servers as required

    image
  2. Once the servers are set up and running.

    If you need JDeveloper to be able to deploy directly to the server
    Go to the admin console and select servers and go to Protocols - > HTTP and check “Enable Tunneling”.
    This is only needed if you want to deploy from jdeveloper 10.1.3 directly

    image
  3. Create necessary data sources for the application.

JDeveloper 10.1.3.4 setup
You need Weblogic 9.x‘s weblogic.jar to configure JDeveloper 10g to be able to deploy directly to Weblogic 12c.  I was able to find it in DOC ID 1401953.1.


  1. Copy the Weblogic.jar (Weblogic 9.x) from Weblogic server/lib directory to /jdev/lib/ext directory in JDeveloper 10g.

    You can create a Weblogic 9.2 connection and point the server to 12c to be able to deploy as illustrated in the images below

    image

    image

    image

    image

ADF 10g Application Setup.

Couple of problems I faced was some JSF and Oracle libraries were loaded through Weblogic.jar. When I added the 10g libraries in the CLASSPATH, some of the classes were loaded earlier as a part of Weblogic.jar and causing problems. Adding a PRE-CLASSPATH was not helping as Weblogic need the latest version of some jars files to start up. So the only option I found was to load the required libraries as a part of WEB-INF lib for 12c. In case of Weblogic 10.x you could load the required libraries as a part of CLASSPATH.


  1. Add required Weblogic descriptors.
    Add weblogic.xml in WEB-INF.
  2. Add the required jars in the application classpath
    I added the below jars in the classpath

    adf-connections.jarbc4jctejb.jarconcurrent.jarojdbc6dms.jarordhttp.jartranslator.jar
    adfbinding.jarbc4jdomorcl.jardc-adapters.jarojdl.jarordim.jarwsclient.jar
    adfcm.jarbc4jimdomains.jardms.jarojmisc.jarosdt_cert.jarwsdl.jar
    adfm.jarbc4jmt.jarhttp_client.jarojpse.jarosdt_core.jarwssecurity.jar
    adfmweb.jarbc4jmtejb.jarjazncore.jaroracle-el.jarosdt_saml.jarxml.jar
    adfs-jazn.jarbc4jsyscat.jarjdev-cm.jaroraclepki.jarosdt_wss.jarxmlef.jar
    adfs.jarcache.jarjsp-el-api.jarorajaxr.jarosdt_xmlsec.jarxmlparserv2.jar
    adfshare.jarcollections.jarmdds.jarorasaaj.jarruntime12.jarxsdlib.jar
    antlr.jarcommons-cli-1.0.jarmdsrt.jarorawsdl.jarshare.jarxsqlserializers.jar
    bc4jct.jarcommons-el.jarojdbc6.jarorawsrm.jartoplink.jarxsu12.jar
    adfmtl.jaradfui.jarbc4jdomgnrc.jar
  3. Make sure you have the below tag in the Weblogic.xml
    <container-descriptor>
    <prefer-web-inf-classes>false</prefer-web-inf-classes>
    <prefer-application-packages>
    <package-name>javax.faces.*</package-name>
    <package-name>com.sun.faces.*</package-name>
    <package-name>com.bea.faces.*</package-name>
    <package-name>oracle.*</package-name>
    </prefer-application-packages>
    <prefer-application-resources>
    <resource-name>javax.faces.*</resource-name>
    <resource-name>com.sun.faces.*</resource-name>
    <resource-name>com.bea.faces.*</resource-name>
    <resource-name>META-INF/services/javax.servlet.ServletContainerInitializer</resource-name>
    </prefer-application-resources>
    </container-descriptor>


Debugging Weblogic 12c applications using JDeveloper 10g.


I use remote Debugger. Since the Weblogic was running on my local machine. I did not find any lag and it was smooth.
Below are the steps to add remote debugging


  1. Change startWebLogic.cmd to add the below line
    set JAVA_OPTIONS=-Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,address=4000,server=y,suspend=n

    image
  2. Restart your Weblogic for this to take effect.
  3. Now in JDeveloper. Right click on the project you want to debug. And click on Run/Debug and Edit as in the image below.
    image
  4. Check Remote Debugging and Profile

    image
  5. Click on the Remote

    Change Protocol to “Attach with JPDA”
    Give the host and leave defaults for the other.
    image
  6. When you want to debug. You can right click on the class you want to debug and hit “Start remote Debugger”.
    image


































































Posted by at No comments:
Labels: ,

Tuesday, March 31, 2015

Accessing Oracle Advanced Queue (OAQ) directly using JNDI and plain JMS from a standalone java program


I spent a while trying to insert a message into AQ from a standalone Java program. All examples in the internet were using a foreign JMS in weblogic and then accessing the Queues. I didn't want to go that route and add an extra layer between my stand alone program and Oracle AQ. I hope this helps you. You can also use a similar technique to configure OAQ as JMS connection in any middleware software.

Basically there are 3 jars that are required to be in the class path
1. aqapi.jar
2. jmscommon.jar
3. ojdbc6.jar

The Initial Context

The context Factory should be oracle.jms.AQjmsInitialContextFactory
Context.INITIAL_CONTEXT_FACTORY oracle.jms.AQjmsInitialContextFactory
Context.SECURITY_PRINCIPAL dbusername
Context.SECURITY_CREDENTIALS dbpassword
"db_url" jdbc:oracle:thin:dbusername/dbpassword@hostname:1521:SID

Looking up Connection Factory

If you are looking up QueueConnectionFactory use the string QueueConnectionFactory. Below are some valid Values
ConnectionFactory
QueueConnectionFactory
TopicConnectionFactory
XAConnectionFactory
XAQueueConnectionFactory
XATopicConnectionFactory

Looking Up Queues or Factories

For Queues use Queues/QUEUENAME
For Topics use Topics/TOPICNAME

Working snippet

try {
    QueueConnectionFactory qcf = null;
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "oracle.jms.AQjmsInitialContextFactory");
    env.put(Context.SECURITY_PRINCIPAL, "dbusername");
    env.put(Context.SECURITY_CREDENTIALS, "dbpassword");
    env.put("db_url", "jdbc:oracle:thin:dbusername/dbpassword@hostname:1521:SID");
    InitialContext ctx = new InitialContext(env);
    qcf = (QueueConnectionFactory)ctx.lookup("QueueConnectionFactory");
    QueueConnection qc = qcf.createQueueConnection( "dbusername","dbpassword");
    QueueSession qsession = qc.createQueueSession(true, Session.AUTO_ACKNOWLEDGE);
    System.out.println("Successfully created AQ session");
    Queue q = (Queue)ctx.lookup("Queues/OTMQUEUE");
    QueueSender qs = qsession.createSender(q);
    TextMessage msg = qsession.createTextMessage();
    msg.setText("Message hello world");
    qs.send(msg);
    qs.close();
    qsession.commit();
    qsession.close();
    qc.close();
} catch (Exception ex) {
    ex.printStackTrace();
}
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)