Month: April 2006

[problem]

Sometimes there is an audit requirement, to let customers know a link is off your site and therefore you take no further responsibility for it. For example, a reference to an external associate site.

[/problem]

[solution]

I’ve just used some simple javascript code, which is triggered by the click (onclick event). This pops up a warning, which can be accepted or rejected. Accepting goes to the desired site, whilst reject just aborts.

[/solution]

[example]

Or you can see it in its own page here:

Here is the source code of the link:

 <script> function Terms() {     popup=window.open('/common/demoP/popup.html','windowName','width=500,height=300');     if (!popup.opener) popup.opener = self; } </script>  Hi there - below you'll see a link to www.securityfocus.com.  When you click it, a popup will appear that you need to accept to follow the link.

  <a href="#" onClick="Terms()">www.securityfocus.com 

Here is the source of the popup:

 <script> function supressError() { return true; }  function load(url) { window.onerror = supressError;     opener.location.href = url; } </script>  Warning you are about to leave my cool site,
 only click 'Leave' if you absolutely want too!  <form> <input type=submit value="Don't Leave!" onClick="javascript:self.close()"> <input type=submit value="Leave" onClick="javascript:load('http://www.securityfocus.com');self.close()"> </form> 

[/example]

[problem]

You want to implement encryption between the web server and the backend Weblogic server.

[/problem]

[solution]

Save yourself the 8 hours it took me to debug this one! 🙂

Handed to you on a plate – clear simple and proven. 😉

Generate a self signed cert as describe in my

One gotcha is if your WLS has only an export license, which then requires a maximum of 56bits encryption via a 512 byte cert.

[/solution]

[example]

Therefore you need to generate the cert like this (2 years):

openssl req -newkey rsa:512 -days 730 -keyout newreq.pem -out newreq.pem

To check if you have an export license,

grep -i export /opt/bea/license.xml

– will show something like this:

license component="SSL/Export" expiration="never …

Another suggested tip by BEA is to ensure the files (cert, key and ca cert) should all end with the extension .pem.

Once you have the new key, cert and your CA cert (default demoCA/cacert.pem), copy it into /opt/bea/wlserver6.1/config/bpmdomain/myserver (or the location where you have Weblogic installed).

In our version we use wlintegration – so our path is /opt/bea/wlintegration2.1/config/bpmdomain/myserver

[/example]

[reference]

Subsequently these files are referenced from config.xml as explain below(replace file names with the ones you created and your ca):

ServerCertificateChainFileName="./config/bpmdomain/myserver/ca…..pem" ServerCertificateFileName="./config/bpmdomain/myserver/…crt…..pem" ServerKeyFileName="./config/bpmdomain/myserver/…key….pem" TrustedCAFileName="./config/bpmdomain/myserver/ca…..pem"/>

For apache to work, need to modify configs to look something like this (after copying your cacert file to location designated below):

...IfModule mod_weblogic.c... WebLogicHost hostname WebLogicPort 7002 SecureProxy On trustedCAFile yourcafile.pem RequireSSLHostMatch false ConnectTimeoutSecs 60 Debug Off ErrorPage https://xxxx/outage.html .../IfModule...

Notice the different port (7002) – default Weblogic SSL port. You need to ensure this is open from the firewall.

See my perl
You can use listenport code as well to listen on 7002 on application server, then scanport code to attempt to connect from the web server.

Therefore ensure it will work, even before entering change control! 🙂

[/reference]

[reference]

– WebLogic Forum at Tek-Tips

[/reference]

[problem]

You want to be able to view BEA Weblogic Server status from the command line.

[/problem]

[solution]

Works beautifully with weblogic 6.1 and wlintegration 2.1 on Solaris – untested with Weblogic 7 or 8, etc.

[/solution]

[example]

If your setenv.sh is different, update to correct path – same with password and port (7001).
To obtain the JVM stats, just run it like this:

./wladmin GET -pretty -type JVMRuntime

 ===================    wladmin script ========================== #!/bin/zsh  # script to run command line weblogic stuff  [ $# -eq 0 ] && {  echo " Usage: $0 Command  Examples:  $0 HELP $0 GET -pretty -type Server $0 GET -pretty -type Server $0 GET -pretty -type Security $0 GET -pretty -type WebAppComponent $0 GET -pretty -type WebAppComponent Runtime -property Status $0 GET -pretty -type Application $0 GET -pretty -type Realm $0 GET -pretty -type ServletRuntime $0 GET -pretty -type JVMRuntime $0 GET -pretty -type JDBCConnectionPool $0 GET -pretty -type JDBCConnectionPoolRuntime $0 GET -pretty -type Machine $0 GET -pretty -type Cluster $0 GET -pretty -type ClusterRuntime $0 GET -pretty -type JTA $0 GET -pretty -type JTARuntime $0 GET -pretty -type ExecuteQueue $0 GET -pretty -type ExecuteQueueRuntime  " exit 1  }  . /opt/bea/wlserver6.1/setenv.sh > /dev/null   java -cp $CLASSPATH weblogic.Admin -url localhost:7001 -username system -password YOUR_PASSWORD $*  exit 0 ===================    wladmin script ========================== 

The HeapFreeCurrent is the value of interest.

Capture can then be automated with a script run by cron, that additionally pumps out the date to correlate timings with stats.

[/example]

[reference]

[/reference]