LDAP Authentication (Active Directory) setup in SOA 11g

This is a short post explaining how to do AD (Active directory) setup in SOA 11g weblogic admin console. AD helps to authenticate users trying to access BPM Worklist or BPM Workspace.

In Weblogic Admin console go to Home >Security Realms >myrealm >Providers

Once done Click on New and provide Name (say ADProvider) and Type as ActiveDirectoryAuthenticator

You can Reorder the Authentication Providers and make sure ADProvider is the topmost one.

Provide the AD specific configuration details on below screen. You may get these details/credentials from your LDAP administrator.

Once all changes are done, save and Activate changes. Then restart the servers and test the LDAP authentication by logging into BPM Workspace or Worklist and ensure that only authenticated users are allowed to login.

HTTP Binding Adapter in SOA 11g - Continued

This is a continuation of my earlier post on HTTP Binding Adapter support in SOA 11g.
HTTP Binding Adapter in SOA 11g
In this post have captured some screenshots and other tips for getting this to work on SOA 11.1.1.4. First the basic configuration screenshots. Drag the HTTP Binding adapter icon from component palette to the External References section of composite.

 Specify the EndPoint URL which you want to call.

Provide details about the Request and Response schemas (xsd files) here. Based on this the XML gets posted

Finally finish the adapter configuration and move on to configuring the Invoke activity to call this adapter.

Incase you want to make the endpointURI dynamic you can leverage the endpointURI property. You also need to specify the username and password properties. Now the javax.xml.ws.security.auth.username property is available on the UI (properties tab), but the javax.xml.ws.security.auth.password isn't. So you can add this to the code directly. Once added the code will look something as below in your .bpel file

<invoke>
..
..
<bpelx:inputProperty name="endpointURI" expression="....."/>
<bpelx:inputProperty name="javax.xml.ws.security.auth.username" expression="....."/>
<bpelx:inputProperty name="javax.xml.ws.security.auth.password" expression="...."/>
</invoke>

You can either set the username password as BPEL preferences or fetch from DB or some other sources and set the expression above accordingly. That's it ! The code is ready to be deployed and tested. You should now be able to successfully invoke the http binding service.

SOA 11g: Managed server startup fails with "Persistency service internal error"

While starting SOA managed server ran into below error.

[soa_server1] [ERROR] [] [oracle.soa.services.common] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [APP: soa-infra] <.> Persistency service internal error.[[
Persistency service internal error.
Check the underlying exception and correct the error. If the error persists, contact Oracle Support Services.
 ORABPEL-9732
Persistency service internal error.
Persistency service internal error.
Check the underlying exception and correct the error. If the error persists, contact Oracle Support Services.
        at oracle.bpel.services.workflow.repos.PersistencyDriver.initNonTransactionDataSource(PersistencyDriver.java:271)
        at oracle.bpel.services.workflow.repos.PersistencyDriver.getNonTransactionConnection(PersistencyDriver.java:297)
...
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'FabricConfigManager' defined in ServletContext resource [/WEB-INF/fabric-config.xml]: Cannot resolve reference to bean 'MediatorServiceEngine' while setting bean property 'configurables' with key [2]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'MediatorServiceEngine' defined in ServletContext resource [/WEB-INF/fabric-config-mediator.xml]: Cannot resolve reference to bean 'FaultRecoveryManager' while setting bean property 'faultRecoveryManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'FaultRecoveryManager' defined in ServletContext resource [/WEB-INF/fabric-config.xml]: Cannot resolve reference to bean 'BPELServiceEngine' while setting bean property 'serviceEngines' with key [1]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'BPELServiceEngine' defined in ServletContext resource [/WEB-INF/fabric-config-bpel.xml]: Invocation of init method failed; nested exception is java.lang.RuntimeException:
ORABPEL START-UP ERROR!!!!!!!!
OraBPEL run-time system failed to start due to exception:


Restart the SOA Infra database to get rid of this error. Once done restart the admin and managed servers and  the managed server should come up fine now.

Using the JRockit Mission Control with SOA 11g

In one of my earlier posts I had covered about "VisualGC" which was a performance monitoring tool with SunJDK.
VisualGC: Performance Monitoring tool for Oracle SOA Suite

In this post I would like to cover a similar powerful tool called "JRockit Mission Control" which gets shipped along with JRockit JVM and can be used for performance monitoring and JVM profiling.

For enabling this tool, you first have to modify the setDomainEnv.sh file and add the java properties as mentioned below.

EXTRA_JAVA_PROPERTIES="${EXTRA_JAVA_PROPERTIES} -Xmanagement:ssl=false,authenticate=false,autodiscovery=true"
export EXTRA_JAVA_PROPERTIES

This enables the client machine to connect to the WLS server and pull the JVM stats. I have not specified the port argument above. By default it is 7091, incase a different port is to be used the same can be appended to the comma separated argument list above.

Now you can go to the Jrockit installation folder on your windows/linux machine and navigate to the bin folder where you can find the jrmc file. Run the same and after starting JRMC the following screen appears

 Create a new connection to your Weblogic Server

Next you can start monitoring the JVM/CPU usage and drill down into other JVM options in real time.

I will be covering deep dive details about JRMC in a later post. For now lets enjoy the cockpit styled UI :)

ORABPEL-05207 Error deploying BPEL archive:Premature end of file

Recently I came across an issue on a SOA 10g server where one of the BPEL processes wasn't loading after server restart. On checking the bpel domain.log file found the below error message
Error while loading process 'XXXX, rev '1.0': Error deploying BPEL archive.An error occurred while attempting to deploy the BPEL archive file "[ domain = default, process = XXXX, revision = 1.0, state = 0, lifecycle = 0 ]"; the exception reported is: Premature end of file.
ORABPEL-05207
Error deploying BPEL archive
An error occurred while attempting to deploy the BPEL archive file "[ domain = default, process = XXXX, revision = 1.0, state = 0, lifecycle = 0 ]"; the exception reported is: Premature end of file.

When Fusion server restart happens the BPEL archive files are loaded from the corresponding temp directories. Apparently the server had reached 100% space utilization and the subsequent server restart caused the bpel.xml for this process to get corrupted (0 KB as shown in highlighted section below). As a result this process was not getting loaded now and gave the error Premature end of file.

$pwd

/soa/OracleAS_1/bpel/domains/defaut/tmp/.bpel_XXXX_1.  0_9f89464f4c3e38.tmp

$ ls -lrt

..

-rw-r----- 1 soauser soauser   0   Jul 27 13:45 bpel.xml

To fix the issue had to redeploy the BPEL process. But the question was how did the server reach 100% space utilization. On digging further, I found that someone had turned on the DEBUG mode for loggers and left it that way for few days....this had generated 40-50 GB log files and filled up the space.

This is the highest mode of logging and should only be turned on if troubleshooting any issues and should be turned off or switched to a lower logging level immediately (especially on Production Servers).

Lessons learnt the hard way :)

Enabling the BPMN Service Engine on EM Console

In order to enable the BPMN Service engine in EM Console, below steps need to be followed:
1. set bpm.enabled=false in setDomainEnv.sh

        EXTRA_JAVA_PROPERTIES="${EXTRA_JAVA_PROPERTIES}  -Dbpm.enabled=true"
        export  EXTRA_JAVA_PROPERTIES

2. Restart the Admin Server for the change to take effect.

How to specify different heap settings for Weblogic Admin Server and Managed Server

It is a general requirement in Dev/QA/PROD environments to have different heap size settings for Admin Server and Managed Server. The usual practice for server start up is as below:

1. Startup the Managed Server from command line
   $nohup ./startWeblogic.sh &
2. Start the Node Manager from command line
  $nohup ./startNodeManager.sh &
3. Start Manager server from Admin console.

Now if we don't specify separate start up parameters for Admin & Managed server, both start with same heap size settings and that is an over kill for Admin server which doesn't require huge heap.

So to set the heap size of the managed server which is managed by NodeManager do the following:

1. You can specify your start up parameters in the "Arguments" field in the console so that they are used when you start the Managed server through the admin console.

2. Modify the nodemanager.properties file and set the StartScriptEnabled value to false. Without this the managed server won't take the changed heap size into effect after restart. It will still taking the values set in setDomainenv.sh script (same as admin server).

3. Restart Node Manager and Managed server for the new parameters to take affect.