Accessing Domain Value Maps in OSB using Custom XPath

As all know, current version of OSB doesn’t support DVM out of the box. So if you want to do lookups for a large amount of data then doing it in a Xquery or doing database lookups becomes bit complicated to handle. Instead, we can do similar functionality to BPEL’s dvm and dvm lookups in OSB. Basically, we put the dvm xml file in an OSB server classpath and then write a custom xpath function which can lookup data from these files. The custom xpath function uses XMLBeans api to parse the dvm xml and return the requested column of data.

The xpath method we are going to implement has the following signature :

String lookupDVM(String dvmName,String keyColumnName,String keyValue,String targetColumnName,String defaultValue)

dvmName : Name of the dvm file to query
keyColumnName : Name of the column in the dvm containg the key
keyValue : lookup key
targetColumn: Column in the dvm whose value to be retrieved
defaultValue : default value to return from dvm if no matches are found.

sample State.dvm


<?xml version="1.0" encoding="UTF-8"?>
<dvm name="State" xmlns="http://xmlns.oracle.com/dvm">

	<description>Maintain LOV Mappings for State </description>

	<columns>
		<column name="Code"/>
		<column name="Value"/>		
	</columns>

	<rows>
		<row>
			<cell>NSW</cell>
			<cell>New South Wales</cell>			
		</row>
		<row>
			<cell>VIC</cell>
			<cell>Victoria</cell>			
		</row>
		<row>
			<cell>TAS</cell>
			<cell>Tasmania</cell>			
		</row>
		<row>
			<cell>WA</cell>
			<cell>West Australia</cell>			
		</row>
		<row>
			<cell>QLD</cell>
			<cell>Queensland</cell>			
		</row>
		<row>
			<cell>SA</cell>
			<cell>South Australia</cell>			
		</row>		
	</rows>
	
</dvm>

Place this dvm file in server classpath. I placed this in $DOMAIN_HOME for the testing.

Java Code for the custom xpath function

import org.apache.xmlbeans.XmlObject;
import org.apache.xmlbeans.XmlCursor;
import org.apache.xmlbeans.XmlException;

import java.io.IOException;
import java.util.HashMap;
public class OSB_DVM {
	private static HashMap  dvmCollection = new HashMap();
	/* Driver Method */
	public static void main(String [] args)throws Exception
	{
		System.out.println(lookupDVM("State","Code","NSW","Value","default"));
	}
	/* Lookup DVM from DVMCollection */
	public static XmlObject getDVM(String dvmName)throws Exception
	{
		XmlObject dvm=(XmlObject)dvmCollection.get(dvmName);
		if (dvm==null)
		{
			dvm=loadDVM(dvmName);
			if (dvm!=null && validateDVM(dvm,dvmName))
				dvmCollection.put(dvmName, dvm);
			else throw new Exception ("Cannot find DVM "+dvmName+" on disk");
		}

		return dvm;
	}
	/* Load DVM from disk */
	public static XmlObject loadDVM(String dvmName)
	{
	 String xmlFilePath = dvmName+".dvm";
	 XmlObject dvm=null;
	 try
	 {
	 dvm=XmlObject.Factory.parse(Thread.currentThread().getContextClassLoader().getResource(xmlFilePath));
	 }
	 catch(IOException ex)
	 {

	 ex.printStackTrace();
	 }
	 catch(XmlException ex)
	 {
	 ex.printStackTrace();
	 }
	 return dvm;
	}

	public static boolean validateDVM(XmlObject dvm, String dvmName) throws Exception
	{
		String path="declare namespace xq='http://xmlns.oracle.com/dvm';" +
	    "./xq:dvm/xq:columns/xq:column";
		XmlObject [] columns = dvm.selectPath(path);
		if (columns.length == 0)
			throw new Exception("Invalid DVM -"+dvmName+" column defintions Not found");
		path="declare namespace xq='http://xmlns.oracle.com/dvm';" +
	    "./@name";
		for (int i=0;i<columns.length;i++)
		{

			XmlObject [] columnNames=columns[i].selectPath(path);

			if (columnNames.length !=1)
			throw new Exception("Invalid DVM - "+dvmName+" Zero or Multiple name Attributes found for column definitions");
		}
		return true;
	}

	public static String lookupDVM(String dvmName,String keyColumnName,String keyValue,String targetColumnName,String defaultValue)throws Exception
	{
		XmlObject dvm = getDVM(dvmName);
		String path="declare namespace xq='http://xmlns.oracle.com/dvm';" +
	    "./xq:dvm/xq:columns/xq:column";

		XmlObject [] columns = dvm.selectPath(path);

		int keyColumnIndex=-1;
		int targetColumnIndex=-1;
		path="declare namespace xq='http://xmlns.oracle.com/dvm';" +
	    "./@name";
		for (int i=0;i<columns.length;i++)
		{
			String columnName = columns[i].selectPath(path)[0].newCursor().getTextValue();
			if (columnName.equals(keyColumnName))
					keyColumnIndex=i+1;
			else if (columnName.equals(targetColumnName))
				    targetColumnIndex=i+1;

		}
		if (keyColumnIndex == -1 || targetColumnIndex ==-1 )
			throw new Exception("Invalid Column Names "+keyColumnName+" "+targetColumnName);
		String returnValue=null;
		path="declare namespace xq='http://xmlns.oracle.com/dvm';" +
	    "./xq:dvm/xq:rows/xq:row[xq:cell["+keyColumnIndex+"]='"+keyValue+"']/xq:cell["+targetColumnIndex+"]";

		XmlObject [] cells = dvm.selectPath(path);
		if ( cells.length == 0)
			returnValue=defaultValue;
		else
		returnValue = cells[0].newCursor().getTextValue();

		return returnValue;

	}

}

Since this code uses xpath based on predicates, you will need extra jars in your project build path if you are testing in OEPE. This is true even if you enable Apache XMLBeans facet for the project. The following jars will be required for testing in OEPE

  • xbean_xpath : From XML Beans project
  • saxon9 : From Saxon Project
  • saxon9-dom : From Saxon project
  • Compile this code and create a jar file called osb_dvm.jar.
    Place the jar in OSB_HOME/config/xpath-functions. Also create the osb_dvm.properties and osb_dvm.xml required for the custom xpath file in this same directory.

    osb_dvm.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <xpf:xpathFunctions xmlns:xpf="http://www.bea.com/wli/sb/xpath/config">
        <xpf:category id="%OSB_FUNCTIONS%">
            <xpf:function>
                <xpf:name>lookupDVM</xpf:name>
                <xpf:comment>looks up a DVM in filesystem and returns transformed value</xpf:comment>
                <xpf:namespaceURI>http://www.bea.com/xquery/xquery-functions</xpf:namespaceURI>
                <xpf:className>OSB_DVM</xpf:className>
                <xpf:method>java.lang.String lookupDVM(java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)</xpf:method>
                <xpf:isDeterministic>false</xpf:isDeterministic>
                <xpf:scope>Pipeline</xpf:scope>
                <xpf:scope>SplitJoin</xpf:scope>
            </xpf:function>       
            
        </xpf:category>
    </xpf:xpathFunctions>
              
    
    

    osb_dvm.properties

    %OSB_FUNCTIONS%=Service Bus Functions
    

    Restart the server.
    I created a dummy proxy service with an ASSIGN action to test the custom xpath function.

    Now add new dvm called Country.dvm to DOMAIN_HOME

    <?xml version="1.0" encoding="UTF-8"?>
    
    <dvm name="State" xmlns="http://xmlns.oracle.com/dvm">
    
    	<description>Maintain LOV Mappings for Countries </description>
    
    	<columns>
    		<column name="Code"/>
    		<column name="Value"/>		
    	</columns>
    
    	<rows>
    		<row>
    			<cell>AU</cell>
    			<cell>Australia</cell>			
    		</row>
    		
    	</rows>
    	
    </dvm>
    

    Now test using fn-bea:lookupDVM(“Country”,”Value”,”Australia”,”Code”,”default”);
    You can see result AU being returned.

    Thus this is an extensible framework whereyou can create any new dvm’s ( and in the same oracle format, so you can use JDeveloper to create or reuse from a soa application), and make OSB to perform lookups by just placing these dvm files in the classpath. No code change or server restart will be required.
    For performance reason I am caching the dvm in memory once loaded, so if a loaded dvm changes then you might need a restart. To prevent restart you can have another method , which loads the dvm from filesystem and updates the cache

    /* Refreshes changed dvm from file system and updates cache                                 */
    	public static boolean refreshDVM(String dvmName) throws Exception
    	{
    		XmlObject dvm = loadDVM(dvmName);
    		dvmCollection.put(dvmName,dvm);
    		return true;
    		
    	}
    

    Add refreshDVM also to the list of exposed xpath functions in osb-dvm.xml Then you can use a utility proxy service which accepts the dvm name in the request and perform a refreshDVM() call for that dvm. This will load the new version into the cache.

    Advertisements
    Posted in Domain Value Maps, OSB | Tagged , , , | 4 Comments

    Using xalan:evaluate to ‘parameterize’ XPATH

    This is in reference to this OTN post.The poster there had the below XML:

    
    <?xml version="1.0" encoding="ISO-8859-1"?>
     <catalog>
     <cd>
     <title>Empire Burlesque</title>
     <artist>Bob Dylan</artist>
     <country>USA</country>
     <company>Columbia</company>
     <price>10.90</price>
     <year>1985</year>
     </cd>
     </catalog>
    
    

    And he wanted to extract the value of /catalog/cd/title. The problem is that this xpath needs to be parameterized and not hardcoded, which means it requires dynamic XPATH evaluation. This can be done in OSB using a XSLT transformation leveraging  xalan:evaluate.

    First lets create the xslt for doing this:

    
    <xsl:stylesheet version="1.0"
    xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
    xmlns:xalan="http://xml.apache.org/xalan">
    
    <xsl:param name="xpath"/>
    
    <xsl:template match="/">
    <XalanResult> <xsl:value-of select="xalan:evaluate($xpath)"/></XalanResult>
    
    </xsl:template>
    
    </xsl:stylesheet>
    
    

    Register this as a XSLT resource in OSB. Next create a proxy service to test this XSLT.
    We will use a ASSIGN action to test this. This action just assigns the result of XSLT to the xalanEvaluationResult variable.

    We configure it to pass content of $body as source input. The second parameter is the string representation of the Xpath we want to apply on the source XML.
    Click the test button to test this.

    For $body we pass the xml in that post.

    The test result shows XSLT function applying the ‘parameterised’ xpath on the source xml and returning the result.

    Posted in OSB, XSLT | Tagged , , | Leave a comment

    Mapping Network drives in Weblogic (Windows)

    In situations where you need to talk to a remote file system from OSB running in Windows machines, you need to map the remote file system to a local drive letter. This scenario caters for two requirements.

    1. When you have your OSB cluster spanning multiple servers and all servers need access to a common file (for read only purpose), it is better to have this file sit in a file share accessible by all machines. An example is when using OSB to connect to MQ as foreign JMS, the .bindings file containing the remote JNDI tree for MQ objects can be placed in a file share.

    2. In File integrations where you need OSB to read from or write to an external file system.

    OSB’s file transport doesn’t support UNC format names for accessing files. Hence mapping to a drive letter is mandatory. This can be done in at-least in 3 ways:

    1. If OSB servers are started locally from windows user session.
    Map network drive and assign drive letter in windows explorer


    Use File endpoint URI starting with the drive letter. Example, Use K :\< file-name> to access files within my_directory

    2. IF OSB servers are started as windows service or started by node managers which runs as windows service (typical in SIT or Prod environments) then the Weblogic process will be running in a different user session. In this case you can follow one of the below approach for mapping

    a) Do the mapping in setDomainEnv for the domain
    E.g. add the below line in setDomainEnv.cmd script in $DOMAIN_HOME/bin directory
    NET USE K: \\10.11.2.32\my_directory /user:atheek Dec@2011

    K: – is the mapped drive letter

    \\10.11.2.32\my_directory  – is the root of remote file system

    atheek – name of user authorized to connect to remote file system.

    Dec@2011 – password for user atheek
    then you can use K:\file to access files within my_directory

    Limitation with this method is that password is in clear text. If you don’t want outsiders to see the password, make sure to secure the file system containing DOMAIN_HOME

    This setting works only for 1 domain as it is set on the setDomainEnv for the domain. Example, to map a filesystem used only in a specific File integration

    Instead if you want to have the mapping across all servers belonging to different domains  running on the same machine, then set the mapping details in node manager service.

    b) Do the mapping in Node Manager Service.

    Node Managers are usually configured as Windows service. This makes the node managers to start automatically when the machine starts. Since the WebLogic server processes are started by Node Manager, they are child processes to the Node Manager process. Hence if we do the drive mapping in Node Manager it will be available to all child Weblogic server processes started by it.

    The drive mapping is configured in the script used to install the node manager service. The location for this script is $MIDDLEWARE_HOME/wlserver_10.3/server/bin/installNodeManagerSvc.cmd.

    Edit this script to add the following:

    -localname:”K:” -remotename:”\\10.11.2.32\my_directory″ -remoteuser:”atheek” -remotepassword:”Dec@2011”

    Run this modified script which will create the windows service for node manager.


    Now access windows registry key for this service. This key is HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services/Oracle WebLogic NodeManager (C_Oracle_Middleware_wlserver_10.3)/parameters

    As seen above the password is in encrypted form. Any weblogic servers started by this nodemanager can access the remote file system using the mapped drive K: The limitation with this method is that it allows only one file system to be mapped.

    Posted in Weblogic | Tagged , , | 3 Comments

    Resolving SSL Renegotiation issue in OSB – IIS Server 2 way SSL

    A friend of mine recently faced this SSL handshake  issue when configuring OSB to do a  2 way SSL with an IIS server hosted by Microsoft. OSB was at the client side and was trying to access a webservice provided by the Windows live platform. The endpoint to which OSB connected was an IIS Server which did the SSL handshaking with OSB.OSB side was configured correctly with PKI credential mapper, service key provider etc.
     The below stack trace was returned for the error with SSL debugging turned on.
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default KeyAgreement for algorithm ECDH>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm DESede/CBC/NoPadding>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm DES/CBC/NoPadding>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm AES/CBC/NoPadding>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSL Session TTL :90000>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSL enableUnencryptedNullCipher= false>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loading server SSL identity>
    ####<07/12/2011 12:12:09 PM EST> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias XXXXXX from the jks keystore file XXXXXXX.jks.>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Loaded public identity certificate chain:>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=XXXXXXX, OU=IT, O=XXXXXXX, L=XXXXX, ST=XXXXX, C=XXXXX; Issuer: CN=XXXXXXXXXX, OU=IT, O=XXXXXX, L=XXXX, ST=XXXX, C=XXX>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
    ####<07/12/2011 12:12:09 PM EST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file YYYYYYYYYYY.jks.>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loaded 4 trusted CAs from YYYYYYYYYYY.jks>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=XXXXXX, OU=IT, O=XXXXXXXX, L=XXXXXX, ST=XXXXXX, C=AU; Issuer: CN=XXXXXXX, O=XXXX, C=XXXXX>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=thawte Primary Root CA, OU=”(c) 2006 thawte, Inc. – For authorized use only”, OU=Certification Services Division, O=”thawte, Inc.”, C=US; Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=Thawte SSL CA, O=”Thawte, Inc.”, C=US; Issuer: CN=thawte Primary Root CA, OU=”(c) 2006 thawte, Inc. – For authorized use only”, OU=Certification Services Division, O=”thawte, Inc.”, C=US>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=ZZZZZZZZ, OU=ZZZZ, O=ZZZZZZ, L=ZZ, ST=ZZZZZ, C=ZZZZ; Issuer: CN=ZZZZZZZZ, OU=ZZZZZZZZ, OU=ZZZZZZZ, O=ZZZZ, C=ZZZZZ>
    ####<07/12/2011 12:12:09 PM EST> <Info> <WebLogicServer> <BEA-000307> <Exportable key maximum lifespan set to 500 uses.>
    ####<07/12/2011 12:12:09 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
    ####<07/12/2011 12:12:10 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
    ####<07/12/2011 12:12:10 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 64750357>
    ####<07/12/2011 12:12:10 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
    ####<07/12/2011 12:12:10 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write SSL_20_RECORD>
    ####<07/12/2011 12:12:10 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
    ####<07/12/2011 12:12:10 PM EST> <Debug> <SecuritySSL> <BEA-000000> <64734525 SSL3/TLS MAC>
    ####<07/12/2011 12:12:10 PM EST> <Debug> <SecuritySSL> <BEA-000000> <64734525 received HANDSHAKE>
    ####<07/12/2011 12:12:10 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
    ####<07/12/2011 12:12:10 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
    ####<07/12/2011 12:12:17 PM EST> <Debug> <SecuritySSL> <BEA-000000> <64058782 SSL3/TLS MAC>
    ####<07/12/2011 12:12:17 PM EST> <Debug> <SecuritySSL> <BEA-000000> <64058782 received HANDSHAKE>
    ####<07/12/2011 12:12:17 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: WARNING, Type: 100
    java.lang.Exception: New alert stack
    ….
     The key is the alert type 100 which the wiki page on Transport Layer Security says is a No Renegotiation alert. Researchers recently discovered a security vulnerability in SSL Renegotiation ( google for details) which made many SSL implementations to disable this feature. The OSB domain had default SSL configuration i.e it used the default Certicom implementation for SSL.
      SSL renegotiation is not supported by Certicom by default. To enable it back set the flag -Dweblogic.security.SSL.enable.renegotiation=true in setDomainEnv . As per Oracle support this is documented only within Oracle internal documentation.
     What is SSL Renegotiation ?
     Check this infoq link to understand the anatomy of  a SSL handshake. In short, SSL  communication starts with a handshake where certificates and session keys are exchanged between client and server. Once handshake is complete, all further communications are for exchanging data. If a handshake is re-initiated in middle of data exchange, that is called SSL Re-Negotiation.  This can be initiated either by the client or the server. In this case, IIS server started the renegotiation to request the client certificate. This was in contrast to usual SSL server 2 way ssl  behaviour where  client certificates are requested by server in the initial handshake before any data exchange.
    Posted in Security, Weblogic | Tagged , , , , | Leave a comment

    OWSM Agent Setup for OSB Domain – Checklist

    In OSB 11 g, there is a out of box support for OWSM Agents at the domain level which can perform policy enforcements for the web services running in the domain.

    To install the agent, check Oracle Service Bus OWSM Extension, when creating the domain using the domain configuration wizard.

    This will create the domain with the necessary deployments for the OWSM agent to work. You will also need to setup the mds-owsm datasource in the later datasource configuration section of the configuration wizard. This datastore will be used by the OWSM agent for policy enforcement.

    At a recent customer I faced the below issue when accessing the sbconsole to apply an OWSM policy for a proxy service.

    oracle.wsm.policymanager.PolicyManagerException: WSM-02118 : The query service cannot be created. [Possible Cause : While trying to lookup ‘QueryService#oracle.wsm.policymanager.ejb.IStringQueryServiceRemote’ didn’t find subcontext ‘QueryService#oracle’. Resolved ”]

    This particular domain was initially created without OWSM support. The admin guy who created the domain forgot to check the OWSM checkbox in the domain configuration Wizard. Domain had a 2 managed server OSB cluster. Later, an attempt was made to extend the domain to enable OWSM. This was done incorrectly and OWSM components were targeted on admin server instead of the OSB cluster.

    I had to re-arrange targeting of OWSM components to fix this issue. The below checklist can be used to ensure owsm agent is configured correctly in the domain. This will be useful if you face any issues in applying OWSM policies to the proxy or business services and suspect an incorrect agent configuration.

    1.      The owsm data source mds-owsm is deployed on both admin and osb server (or osb cluster) and is active

    2.      The deployment OWSM Policy Support in OSB Initializer Application is deployed on both admin and osb server ( or OSB cluster)  and is active

    3.       The deployment wsm-pm is deployed only on the OSB server ( or OSB Cluster) and is active.

    Posted in OSB, OWSM | Tagged , | 1 Comment

    Connecting to secured foreign JMS destinations from OSB / weblogic MDB

    A secured foreign JMS destination is one in which an user credential is required to pass to carry out various operations (send, receive etc) on it. Weblogic JMS used the userid on the thread for this purpose while many other JMS providers including Websphere MQ and JBOSS JMS expects the user credentials to be passed on the ConnectionFactory.createConnection call to the provider.

    Configuring OSB as below ensures that the user credentials is passed in the createConnection() call to the JMS provider.

    Business Service [ To send message to the secured destination ]
    1) configure a foreign JMS server that references the foreign vendor’s JNDI URL, JNDI classname, and, if needed, a JNDI user/pass
    2) configure a foreign destination and foreign CF in the foreign JMS server
    3) specify a user/pass as part of the foreign CF configuration in step 2

    4) Configure the JMS URL as in the business service as :
    jms://localWLSHost:port/ForeignLocalConnectionFactoryJNDI/ForeignQueueLocalJNDI

    Proxy Service [ To receive message from the secured destination ]

    Apply steps(1) to (3) in the Business Service section above

    Step (4)

    From OSB 10gR3

    Do not specify hostname:port in URL,
    Here is the format for JMS URI:
    jms:///ForeignLocalConnectionFactoryJNDI/ForeignQueueLocalJNDI

    For ALSB 2.6,2.6RP1 and ALSB 3.0

    Contact customer support and request a patch for this bug <>. This patch is required for sbconsole to support JMS URI in following format
    jms:///ForeignLocalConnectionFactoryJNDI/ForeignQueueLocalJNDI

    Weblogic MDB

    When configuring an Weblogic MDB to secured foreign JMS destination, we can configure the  username/password to be passed in the foreign connection factory configuration .

    To make use of the userid details specified in the foreign JMS connection factory section, make sure that no provider URL is specified in the weblogic-ejb.xml deployment descriptor for the MDB. The wrapper code is bypassed if provider URL is specified.

    From Oracle support:

    
    Symptoms
    
    When configuring MDBs to listen to a foreign service (that is, the remote service’s JNDI is mapped to the local Weblogic JNDI), if the url-provider is specified in &gt;the weblogic-ejb-jar.xml, then the behavior will likely not be as expected. The MDB will make a direct (remote) connection to the service.
    
    In our example, the customer configured Tibco EMS as a foreign service, and the service is configured to authenticate credentials. The credentials are set in &gt;the configuration of the foreign service. The symptom of the issue was that the MDBs on Weblogic were not passing the credentials to Tibco.
    
    ERROR
    
    javax.naming.ServiceUnavailableException: Failed to query JNDI: Failed to connect to any server at: tcp://XXXXXXXXXXXXXXX:xxxx, tcp://XXXXXXXXXX:xxxx &gt;[Root exception is javax.jms.JMSException: Failed to connect to any server at: tcp://XXXXXXXX:xxxx, tcp://XXXXXXXXX:xxxx]
    at com.tibco.tibjms.naming.TibjmsContext.lookup(TibjmsContext.java:676)
    at com.tibco.tibjms.naming.TibjmsContext.lookup(TibjmsContext.java:500)
    at javax.naming.InitialContext.lookup(InitialContext.java:351)
    
    We could also see in the logs the following:
    
    Cause
    
    As mentioned, if one specifies the provider-url tag in the weblogic-ejb-jar.xml file, the MDBs to make a direct (remote) connection to foreign service instead of &gt;a local JNDI lookup.
    
    So the credentials set in the foreign service configuration are not used. In fact, as documented in Bug 8048271 and Bug 8193565 only when provider-url is not &gt;specified do we lookup using the local JNDI. And if provider-url is specified, Weblogic looks for credentials from a credential mapper rather than the foreign &gt;service &gt;configuration.
    

    Below are relevant sections for a MDB to connect to a secured JBoss JMS destination:

    queue/A – JNDI name of a JMS destination in JBOSS JMS
    ConnectionFactory – JNDI name of a connection Factory in JBOSS JMS
    esbuser : An user in JBOSS who has read access to the JMS queue queue/A
    {3DES}90sIZwo6Llr9r73p+VXkvQ== : Password for esbuser in encrypted form. Actual password esbpassword.

    Foreign JMS

    <foreign-server name=”ForeignServer”>
    <default-targeting-enabled>true</default-targeting-enabled>
    <foreign-destination name=”A”>
    <local-jndi-name>A</local-jndi-name>
    <remote-jndi-name>queue/A</remote-jndi-name>
    </foreign-destination>
    <foreign-connection-factory name=”FConf”>
    <local-jndi-name>FConf</local-jndi-name>
    <remote-jndi-name>ConnectionFactory</remote-jndi-name>
    <username>esbuser</username>
    <password-encrypted>{3DES}90sIZwo6Llr9r73p+VXkvQ==</password-encrypted>
    </foreign-connection-factory>
    <initial-context-factory>org.jnp.interfaces.NamingContextFactory</initial-context-factory>
    <connection-url>jnp://localhost:1099</connection-url>
    </foreign-server>
    
    

    weblogic-ejb-jar.xml

    <?xml version=’1.0′ encoding=’UTF-8′?>
    <web:weblogic-ejb-jar xmlns:web=”http://www.bea.com/ns/weblogic/weblogic-ejb-jar”>
    <web:weblogic-enterprise-bean>
    <web:ejb-name>RequestEJB-2518965873970113789–2352f820.127bd3f293c.-7fdb</web:ejb-name>
    <web:message-driven-descriptor>
    <web:pool>
    <web:max-beans-in-free-pool>1000</web:max-beans-in-free-pool>
    <web:initial-beans-in-free-pool>1</web:initial-beans-in-free-pool>
    </web:pool>
    <web:destination-jndi-name>A</web:destination-jndi-name>
    <web:connection-factory-jndi-name>FConf</web:connection-factory-jndi-name>
    </web:message-driven-descriptor>
    <web:transaction-descriptor>
    <web:trans-timeout-seconds>600</web:trans-timeout-seconds>
    </web:transaction-descriptor>
    <web:resource-description>
    <web:res-ref-name>jms/ConnectionFactory</web:res-ref-name>
    <web:jndi-name>FConf</web:jndi-name>
    </web:resource-description>
    <web:resource-description>
    <web:res-ref-name>jms/QueueName</web:res-ref-name>
    <web:jndi-name>A</web:jndi-name>
    </web:resource-description>
    </web:weblogic-enterprise-bean>
    </web:weblogic-ejb-jar>
    
    
        
    
    
    
    Posted in JMS, OSB, Weblogic | Tagged , , , | Leave a comment

    Auto Restart of WL Servers after system crash using Node Manger

    Faced this interesting issue in Windows 2008 environment. Managed Servers were started by node manager and it was expected that on a system restart after a crash, the node manager will restore the state of the managed servers to the state it was before the crash. Node Manger was configured to run as a windows service. Hence it started after the server restart. But the individual managed servers were not getting started. Interestingly, for the managed servers started by the node manager there were no.lck file in the/data/NodeManger folder.

    To fix this always set the following properties in the nodemanager.properties on the node manager home directory.

    CrashRecoveryEnabled=true /* This by default is set to false. This needs to be turned for auto restart after crash to work */

    NativeVersionEnabled=true /* This is by default set to true and it should be set as such. If you turn this off on platforms for which weblogic provide native JNI libraries ( e.g. as in Windows 2008) then this wont create the .lck file and hence node manager wont restart the managed server after the crash.

    Note: As per official documentation .lck files are required for weblogic node managers to do auto restart after system crash

    From Official documentation:

    After the system is restarted, Node Manager checks each managed domain specified in the nodemanager.domains file to determine if there are any server instances that were not cleanly shutdown. This is determined by the presence of any lock files which are created by Node Manager when a WebLogic Server process is created. This lock file contains the process identifier for WebLogic Server startup script. If the lock file exists, but the process ID is not running, Node Manager will attempt to automatically restart the server.
    If the process is running, Node Manager performs an additional check to access the management servlet running in the process to verify that the process corresponding to the process ID is a WebLogic Server instance.
    After the system is restarted, Node Manager checks each managed domain specified in the nodemanager.domains file to determine if there are any server instances that were not cleanly shutdown. This is determined by the presence of any lock files which are created by Node Manager when a WebLogic Server process is created. This lock file contains the process identifier for WebLogic Server startup script. If the lock file exists, but the process ID is not running, Node Manager will attempt to automatically restart the server.If the process is running, Node Manager performs an additional check to access the management servlet running in the process to verify that the process corresponding to the process ID is a WebLogic Server instance.

    Posted in Weblogic | Tagged , | Leave a comment