I am using WebLogic server 10.x (11g) to deploy and service my applications. However, our production environment consists of a proxy server which is causing troubles if I try to access certain sites.
Therefore, I would love to know if any feasible solution available to resolve this by configuring the proxy server details on our
WebLogic Environment
Application Level - I am using Java to develop my applications
Thanks in advance.
There are two possible ways to aaccomplish this.
Configuring WebLogic Env.
Programatically
Let's look at these.
Proxy Configuration in Application Server
Let's take WebLogic application server to illustrate the desired configuration
Configure WebLogic Server to Enable Proxy
1. Using WebLogic Administration Console
Login into Administration console
Go to Domain -> Environment -> Servers -> Admin Server -> Configuration -> Server Start
Inside Arguments section enter following and save.
-jvmargs -Dhttp.proxySet=true -Dhttp.proxyHost=server_url -Dhttp.proxyPort=port
Restart the WebLogic Server
2. Using WebLogic Startup Scripts
Open WebLogic domain configuration script at
Search for the following phrase "JAVA_OPTIONS"
Enter following details after that.
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dhttp.proxyHost=server_url -Dhttp.proxyPort=port
Save script and start the WebLogic server
Using Programatically
There are several implementations available and let's discuss few approaches which I think would be useful.
Proxy Configuration Using Values
As highlights below you can configure a proxy using programatically defined values inside your application.
System.setProperty("http.proxyHost", "proxy_url");
System.setProperty("http.proxyPort", "port");
Configuration with User Credentials
Sometimes you may need to provide exact credentials to get through proxy server. Here is an implementation which will help you to achieve this.
import java.net.Authenticator;
import java.net.PasswordAuthentication;
public class MyAuthenticator extends Authenticator {
private String username;
private String password;
public MyAuthenticator(String username, String password){
this.username = username;
this.password = password;
}
public PasswordAuthentication getPasswordAuthentication () {
return new PasswordAuthentication (username, password.toCharArray());
}
}
The defined Authenticator class can be used to inject credentials to the proxy configuration as below.
System.setProperty("http.proxyHost", "proxy_url");
System.setProperty("http.proxyPort", "port");
Authenticator.setDefault (new MyAuthenticator("domain_name\\user_name","password"));
In either case you need to implement the usages at program level as given below. Otherwise, proxy communication will not success and end up throwing exceptions.
final URL url = new URL(null, urlString, new sun.net.www.protocol.http.Handler());
To configure WebLogic proxy file is modified setDomainEnv.cmd (Windows) that is located in the bin folder of the domain.
For example for the integrated server is here
C: \ Users \ [YOUT USER NAME] \ AppData \ Roaming \ JDeveloper \ system11.1.1.4.37.59.23 \ DefaultDomain \ bin
The following property must be placed on file with the details of your proxy
#REM Estableciendo proxi
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dhttp.proxySet=true -Dhttp.proxyHost=192.168.101.11 -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts=localhost
See the next link
Configure WebLogic Proxi
I had a similar problem in my developer environment running WebLogic 14.1.1.0.0 inside Eclipse IDE. I spend a day finding a working solution to configure a proxy server.
Finally I set the variable EXTRA_JAVA_PROPERTIES in startWebLogic.cmd
set EXTRA_JAVA_PROPERTIES=-Dhttp.proxyHost=proxy.example.com -Dhttp.proxyPort=3128 -Dhttps.proxyHost=proxy.example.com -Dhttps.proxyPort=3128
here is a tiny JSP page to test, if proxy setting are applied to the JVM:
<html>
<body>
<p><%=System.getProperty("http.proxyHost") %></p>
<p><%=System.getProperty("http.proxyPort") %></p>
<p><%=System.getProperty("https.proxyHost") %></p>
<p><%=System.getProperty("https.proxyPort") %></p>
</body>
</html>
There are solutions I tried, but which DID NOT WORK for me:
Setting EXTRA_JAVA_PROPERTIES in setDomainEnv.cmd as recommended by Oracle [1]
Setting JAVA_OPTIONS in startWebLogic.cmd as recommended by Aviro and Manish Kumar Gupta [2]
Setting Server Start Arguments over Administration Console
[1] Configure Proxy Settings for WebLogic Server
https://docs.oracle.com/cd/E53672_01/doc.111191/e53673/GUID-36A18CFA-55F1-4D19-B371-A6D15EBF2E24.htm
[2] Proxy server configuration for Weblogic Server !!!
https://kumarsoablog.blogspot.com/2016/10/proxy-server-configuration-for-weblogic.html
Related
I would like to send JMS messages to my local JBoss 7.2 server. For this purpose I tried using JMeter with the JMS Point-to-Point step. I configured everything as you can see in the picture below:
JNDI properties:
java.naming.security.principal = ca2
java.naming.security.credentials
= 12346578
What I've tried on the server side:
created an Application User (with the credentials in the JNDI properties)
deleted security realm from <http-connector name="http-remoting-connector"
connector-ref="default" security-realm="ApplicationRealm"/>
The server is up and running, but in both cases I got the following errors:
Response message: javax.naming.AuthenticationException: Failed to connect to any server. Servers tried: [http-remoting://127.0.0.1:8080 (Authentication failed: all available authentication mechanisms failed:
DIGEST-MD5: Server rejected authentication)] [Root exception is javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
DIGEST-MD5: Server rejected authentication]
What else should I try?
These ca2 and 12346578 values don't look to be MD5-encoded to me, I think you need to use UsernamePasswordHashUtil in order to encrypt the credentials like
java -classpath /path/to/jboss/sasl/jar org/jboss/sasl/util/UsernamePasswordHashUtil <username> [realm name] <password>
Alternatively you can consider using jboss-ejb-client and send your message programmatically from the JSR223 Sampler and Groovy language, something like:
def config = AuthenticationConfiguration.empty()
.setSaslMechanismSelector(SaslMechanismSelector.NONE.addMechanism("DIGEST-MD5")).useName("ca2")
.usePassword("12345678");
def ctx = AuthenticationContext.empty().with(MatchRule.ALL.matchHost("127.0.0.1"), config);
Turned out my configuration was completely wrong.
I apologize to everyone who tried to help me. It was a great lesson to learn for me.
Here is what I had to do, and you should consider if you are in a similar situation:
Remove jboss-client.jar from jmeter's lib/ext folder. (It caused the connection to close too soon for some reason)
Change JMeter Poin-to-Point step's Communication style to
request_only
Create a JBoss Application user and add it to the guest group
(./add-user.sh -a --user ca2 --password 12345678 -g guest)
Activate the jboss profile in server config (add the system property:
<property name="spring.profiles.active" value="jboss"/>)
And of course configure the JMS consumer properly in the Java code (one can check in the management console whether the consumer exists)
Thanks for everyone who helped me.
If I open jvisualvm and go to File >> Add Remote Host I am prompted to create a new remote server entry. I enter a host name of myapp01.example.org, and then I see that server show up under the Remote section of the Applications tree on the left-hand side. When I right-click that server, and click Add JMX Connection, I see the following dialog:
Let's say I have a Java app (WAR deployed to Tomcat) running on myapp01.example.org:8443. To SSH into the server, I use username skroob and a password of 12345 (hey, that's the combination on my luggage!):
ssh skroob#myapp01.example.org
skroob#myapp01.example.org's password: 12345
When I fill out the dialog as follows:
Connection: myapp01.example.org:8443
Username: skroob
Password: 12345
I get the following error:
Cannot connect to skroob#myapp01.example.org:8443 using service:jmxLrmi:///jndi/rmi://myapp01.example.org:8443/jmxrmi
I believe this may be because I'm not configuring JMX to be exposed on Tomcat itself. Or maybe I'm just entering the wrong info. Maybe both. Either way:
What do I need to do to configure this with proper JMX info?
What do I need to do to configure this properly for jstatd?
That's not how JMX connection is specified. For tomcat the best way is to create a bin/setenv.sh file This is best because the Apache scripts are already set up to look for it and call it if present.
This is the place where you are intended to set any installation specific parameters.
You will go far with something like this:
#
# PORT for debug
export JPDA_ADDRESS='8000'
echo start with 'jpda start' parameters to enable debugging. Tomcat will listen on $JPDA_ADDRESS
CATALINA_OPTS="\
-Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=1299 \
-Dcom.sun.management.jmxremote.authenticate=true \
-Dcom.sun.management.jmxremote.password.file=../conf/jmxremote.password \
-Dcom.sun.management.jmxremote.access.file=../conf/jmxremote.access \
-Dcom.sun.management.jmxremote.ssl=false
jmxremote.access:
monitorRole readonly
controlRole readwrite
jmxremote.password: This file MUST be READONLY by the ID that starts Tomcat or JMX WILL NOT WORK! i.e. chmod 400 jmxremote.password
monitorRole readpass
controlRole changepass
Basically you are setting up 2 JMX user IDs. One that can access exposed getters. The other that can also access setters and arbitary mbean methods. In practice you'll usually want to supply the latter so you can do more than just look.
SO....
In your dialog above it becomes
Connection: myapp01.example.org:1299
Username: controlRole
Password: changepass
I'm trying to monitor my WLP v8.5.5 with JConsole.
My Liberty profile is up and running and has SSL properlly configured.
I also have configured as features the monitor-1.0 and restConnector-1.0.
After that I sftp'ed from my WLP the restConnector.jar to my machine and created a keystore on my machine as described here
After that I'm trying to start JConsole with this command:
jconsole -J-Djava.class.path="C:\Program Files\Java\jdk1.7.0_67\lib\jconsole.jar;
C:\Program Files\Java\jdk1.7.0_67\lib\tools.jar;
<whereIDownloaded>\restConnector.jar"
-J-Djavax.net.ssl.keyStore="<locationToCreated>\keystore.jks"
-J-Djavax.net.ssl.keyStorePassword=<password>
-J-Djavax.net.ssl.keyStoreType=jks
-J-Dcom.ibm.ws.jmx.connector.client.disableURLHostnameVerification=true
However, when I try to connect to my WLP via remote with the string:
service:jmx:rest://<ip>:<httpsPort>/IBMJMXConnectorREST
As a credential I'm passing a user configured on <administrator-role>.
I get a JConsole error saying:
Secure connection failed. Retry insecurely?
I don't get why I'm seeing this error, and I don't see any logs to see why it failed.
My next step if getting the keystore from WLP and try that on my machine but I don't think that makes much sense.
Does anyone have any suggestion on where should I look for logs or on that I'm doing wrong?
Thanks in advance!
Reference:
http://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.wlp.nd.doc/ae/twlp_mon.html?cp=SSAW57_8.5.5%2F1-3-11-0-6&lang=en
Ensure you don't have localConnector-1.0 feature. If you have that, please remove it. You can find more details here Remote monitoring of Liberty with Health Center. Although it discusses Health Center connection, I was testing using JConsole also.
UPDATE
You might be invoking console with incorrect params - it should be trustStore not keystore see below. And for start use key.jks copied from Liberty (as you need Liberty certificate as trusted)
jconsole -J-Djava.class.path=%JAVA_HOME%/lib/jconsole.jar;
%JAVA_HOME%/lib/tools.jar;
%WLP_HOME%/clients/restConnector.jar
-J-Djavax.net.ssl.trustStore=key.jks
-J-Djavax.net.ssl.trustStorePassword=Liberty
-J-Djavax.net.ssl.trustStoreType=jks
For details check Configuring secure JMX connection to the Liberty
As an additional note - you must not have a webAppSecurity entry with loginFormURL set in your server.xml as this will cause the JMX login to fail (e.g., <webAppSecurity loginFormURL="login.html"/> is problematic). Each individual WAR needs to set their own login-config and not rely on any global method of configuring logins.
`
I want to reload nginx when I send a http request to the web application. So In the web application's servlet, I execute the nginx reload command. The Java code is :
"Runtime.getRuntime().exec("/etc/init.d/nginx reload").waitFor();". I have tried it but it has no use. But if I login the server as user root, then execute the Java code above, it works!
So I guess the reason is that the tomcat user has no authority to reload nginx. The tomcat process is running as user tomcat6. The nginx master process is running as user root and the nginx worker processes are running as user www-data. How could I solve this problem? Thanks.
My environment :
OS:Ubuntu 10.04
tomcat: 6.0.24
nginx: 1.2.2.
Tomcat and nginx are both installed via the Ubuntu's way "apt-get".
You can use sudo command. Also you can grant corresponding authorities to tomcat user. Also you can perform su to change user to some that have corresponding authorities and then perform nginx reload. Actually there are a lot of different ways to solve this issue.
I think that it will be better to write and test some script which can reload nginx from tomcat user session and use it for reloading instead of /etc/init.d/nginx reload command.
I'm behind a squid HTTP proxy requiring authentication and want to make API requests to an external server. However when I do so, I get the following error :
Caused by: java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.0 407 Proxy Authentication Required"
I've tried setting the proxy configuration by going to Control Panel > Java > Network Settings, but to no avail.
How to solve this?
You should set the proxy-settings in java.
System.getProperties().put("http.proxyHost", "someProxyURL");
System.getProperties().put("http.proxyPort", "someProxyPort");
System.getProperties().put("http.proxyUser", "someUserName");
System.getProperties().put("http.proxyPassword", "somePassword");
Copy from http://www.it.iitb.ac.in/~roshan/articles/javahttpproxy.html:
Tomcat Settings: catalina.properties
Append these properties to the catalina.properties file in Tomcat: ${CATALINA_OME}/conf/catalina.properties file:
http.proxyHost=yourProxyURL
http.proxyPort=yourProxyPort
http.proxyUser=yourUserName
http.proxyPassword=yourPassword
Tomcat Settings: catalina.bat
Add all the parameters defined above in the ${CATALINA_HOME}/bin/catalina.bat (for Windows) or ${CATALINA_HOME}/bin/catalina.bat (for *nix):
JAVA_OPTS="-Dhttp.proxyHost=yourProxyURL ..."
(Each option is seperated by spaces.)