Hungry minds BEA weblogic server bible feb 2002 ISBN 0764548549 pdf
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (15.04 MB, 741 trang )
BEA WebLogic Server Bible
Joe Zuffoletto
Gary Wells, Brian Gill, Geoff Schneider, Barrett Tucker, Rich Helton, Michael Madrid, Sunil
Makhijani
Published by Hungry Minds, Inc.
909 Third Avenue
New York, NY 10022
/>Copyright © 2002 Hungry Minds, Inc. All rights reserved. No part of this book, including interior design,
cover design, and icons, may be reproduced or transmitted in any form, by any means (electronic,
photocopying, recording, or otherwise) without the prior written permission of the publisher.
Library of Congress Control Number: 2001118280
ISBN: 0−7645−4854−9
Printed in the United States of America
10 9 8 7 6 5 4 3 2 1
1B/RV/QS/QS/IN
Distributed in the United States by Hungry Minds, Inc.
Distributed by CDG Books Canada Inc. for Canada; by Transworld Publishers Limited in the United
Kingdom; by IDG Norge Books for Norway; by IDG Sweden Books for Sweden; by IDG Books Australia
Publishing Corporation Pty. Ltd. for Australia and New Zealand; by TransQuest Publishers Pte Ltd. for
Singapore, Malaysia, Thailand, Indonesia, and Hong Kong; by Gotop Information Inc. for Taiwan; by ICG
Muse, Inc. for Japan; by Intersoft for South Africa; by Eyrolles for France; by International Thomson
Publishing for Germany, Austria, and Switzerland; by Distribuidora Cuspide for Argentina; by LR
International for Brazil; by Galileo Libros for Chile; by Ediciones ZETA S.C.R. Ltda. for Peru; by WS
Computer Publishing Corporation, Inc., for the Philippines; by Contemporanea de Ediciones for Venezuela;
by Express Computer Distributors for the Caribbean and West Indies; by Micronesia Media Distributor, Inc.
for Micronesia; by Chips Computadoras S.A. de C.V. for Mexico; by Editorial Norma de Panama S.A. for
Panama; by American Bookshops for Finland.
For general information on Hungry Minds’ products and services please contact our Customer Care
department within the U.S. at 800−762−2974, outside the U.S. at 317−572−3993 or fax 317−572−4002.
For sales inquiries and reseller information, including discounts, premium and bulk quantity sales, and
foreign−language translations, please contact our Customer Care department at 800−434−3422, fax
317−572−4002 or write to Hungry Minds, Inc., Attn: Customer Care Department, 10475 Crosspoint
Boulevard, Indianapolis, IN 46256.
For information on licensing foreign or domestic rights, please contact our Sub−Rights Customer Care
department at 212−884−5000.
1
Table of Contents
BEA WebLogic Server Bible..............................................................................................................................1
Part I: Preparing Your Enterprise for WebLogic...........................................................................................5
In This Part...............................................................................................................................................5
Chapter 1: A Quick Tour of WebLogic Server................................................................................................6
Introducing WebLogic Server..................................................................................................................6
Taking WebLogic for a Spin....................................................................................................................8
Spotting WebLogic in the Real World...................................................................................................10
Sparks.com................................................................................................................................12
Surveying WebLogic’s Features, Services, and Architecture...............................................................12
HTTP server..............................................................................................................................12
J2EE containers.........................................................................................................................13
Gateway to the J2EE APIs........................................................................................................13
Web Services............................................................................................................................14
J2EE Connector Architecture...................................................................................................14
CORBA support........................................................................................................................14
Security services.......................................................................................................................15
Clustering services....................................................................................................................16
Management and monitoring tools...........................................................................................16
Understanding WebLogic’s Role in the Enterprise...............................................................................17
Is WebLogic Right for Your Project?....................................................................................................18
Summary................................................................................................................................................18
Chapter 2: Assembling and Managing a WebLogic Development Team....................................................20
What WebLogic Developers Need to Know.........................................................................................20
Object−oriented programming in Java.....................................................................................20
J2EE..........................................................................................................................................21
Object−Oriented Analysis and Design.....................................................................................21
HTML and JavaScript...............................................................................................................22
XML..........................................................................................................................................22
TCP/IP networking and distributed systems.............................................................................22
Relational databases and SQL..................................................................................................23
Legacy systems.........................................................................................................................23
Collaborative discipline............................................................................................................24
Project Team Roles and Responsibilities...............................................................................................26
Project manager........................................................................................................................26
Application architect.................................................................................................................27
Database designer/database administrator................................................................................27
User Interface (UI) designer.....................................................................................................28
Java/J2EE developer.................................................................................................................28
Quality Assurance (QA) team...................................................................................................29
Documentation team.................................................................................................................30
WebLogic administrator...........................................................................................................30
Project Management Strategies..............................................................................................................31
Gathering requirements.............................................................................................................31
Designing the solution..............................................................................................................32
Managing development.............................................................................................................32
Planning the rollout...................................................................................................................33
Keeping morale high.................................................................................................................34
Summary................................................................................................................................................35
Table of Contents
Chapter 3: Designing WebLogic Applications...............................................................................................36
Overview................................................................................................................................................36
Understanding Multitier Applications...................................................................................................36
How J2EE separates applications into tiers..............................................................................36
The Model−View−Controller design pattern............................................................................37
Model−View−Controller in action: An ATM machine............................................................38
Model−View−Controller as a methodology for designing multitier applications....................38
Building Multitier Applications with J2EE: Containers and Components............................................39
Containers.................................................................................................................................39
Components..............................................................................................................................40
Organizing Components into Applications............................................................................................41
Model tier patterns....................................................................................................................42
View tier patterns......................................................................................................................43
Controller tier patterns..............................................................................................................44
Deploying Components in WebLogic’s Containers..............................................................................46
Designing an Example Application: WebLogic Online Brokerage.......................................................47
Identifying requirements...........................................................................................................47
Organizing requirements by user role.......................................................................................49
Expressing requirements in use case diagrams.........................................................................51
Exploding use cases into activity diagrams..............................................................................52
Mapping functionality to MVC with swimlanes......................................................................53
Selecting appropriate J2EE components and modeling their interactions................................55
Other considerations.................................................................................................................56
Summary................................................................................................................................................58
Chapter 4: Creating a WebLogic Environment.............................................................................................59
Overview................................................................................................................................................59
Configuring a Computer for Development............................................................................................59
Obtaining a Copy of WebLogic Server.................................................................................................60
Installing WebLogic Server...................................................................................................................60
Running the installer.................................................................................................................61
Starting WebLogic Server........................................................................................................65
Running the WebLogic Console...............................................................................................66
Shutting down WebLogic Server..............................................................................................66
Optimizing the WebLogic Server startup process for development.........................................67
Examining the environment......................................................................................................68
Adding domains for testing and production.............................................................................70
Installing JDBC Drivers.........................................................................................................................73
Selecting an IDE to use with WebLogic Server....................................................................................74
Summary................................................................................................................................................74
Part II: WebLogic and the J2EE APIs...........................................................................................................75
In This Part.............................................................................................................................................75
Chapter 5: Working with WebLogic JDBC...................................................................................................76
Overview................................................................................................................................................76
Understanding JDBC.............................................................................................................................76
JDBC versions and packages....................................................................................................76
JDBC architecture.....................................................................................................................77
Understanding WebLogic JDBC...........................................................................................................83
WebLogic and third−party drivers............................................................................................83
MultiPools.................................................................................................................................85
Table of Contents
Chapter 5: Working with WebLogic JDBC
DataSources..............................................................................................................................86
Clustered JDBC........................................................................................................................87
Configuring WebLogic JDBC...............................................................................................................87
Configuring connection pools...................................................................................................87
Configuring MultiPools............................................................................................................93
Configuring DataSources..........................................................................................................95
Configuring Tx DataSources....................................................................................................97
Programming WebLogic JDBC.............................................................................................................97
Obtaining connections..............................................................................................................98
Using Connections to execute Statements and process Results.............................................101
Closing connections................................................................................................................102
Summary..............................................................................................................................................103
Chapter 6: Working with WebLogic JTA....................................................................................................104
Overview..............................................................................................................................................104
Understanding Transactions.................................................................................................................104
What is a transaction?.............................................................................................................104
Transactions and the ACID test..............................................................................................105
Resources and resource managers..........................................................................................105
Local and distributed transactions..........................................................................................105
Transaction isolation levels....................................................................................................106
Transaction demarcation.........................................................................................................108
Two−phase commit and the XA interface..............................................................................109
Understanding JTA..............................................................................................................................109
JTA versions and packages.....................................................................................................110
JTA architecture......................................................................................................................110
Transaction−aware resource managers...................................................................................110
Configuring WebLogic JTA................................................................................................................112
Programming WebLogic JTA..............................................................................................................113
Programming a local transaction with the WebLogic JTS driver...........................................113
Programming a distributed transaction with the Oracle XA driver........................................116
Summary..............................................................................................................................................120
Chapter 7: Working with WebLogic JNDI..................................................................................................121
Overview..............................................................................................................................................121
Understanding JNDI............................................................................................................................121
JNDI versions and packages...................................................................................................121
JNDI architecture....................................................................................................................122
Programming WebLogic JNDI............................................................................................................125
Obtaining a reference to WebLogic’s context........................................................................125
Binding objects to the WebLogic JNDI tree...........................................................................127
Using subcontexts to organize the JNDI tree..........................................................................127
Performing lookups on objects bound to the WebLogic JNDI tree........................................128
Performing lookups against an LDAP directory.....................................................................129
Using WebLogic JNDI to Deploy Objects in a Clustered Environment.............................................133
Write an RMI proxy for the custom object.............................................................................134
Pin the custom object to one server........................................................................................134
Deploy the custom object separately to all servers.................................................................134
Summary..............................................................................................................................................135
Table of Contents
Chapter 8: Working with WebLogic RMI...................................................................................................136
Overview..............................................................................................................................................136
Understanding RMI.............................................................................................................................136
RMI versions and packages....................................................................................................136
RMI architecture.....................................................................................................................138
Comparing WebLogic RMI to JavaSoft RMI......................................................................................140
Ease−of−use............................................................................................................................141
Performance and scalability....................................................................................................141
Writing Your First WebLogic RMI Application.................................................................................144
Write the remote interface......................................................................................................145
Write the server.......................................................................................................................145
Compile the remote interface and the server..........................................................................146
Generate stubs and skeletons for the server............................................................................147
Write a client that remotely calls the server...........................................................................147
Compile the client...................................................................................................................148
Configure the RMI server as a WebLogic startup class.........................................................148
Stop and restart WebLogic Server..........................................................................................150
Verify correct deployment of the RMI server........................................................................150
Run the client and test the server............................................................................................151
Using WebLogic RMI with JNDI and Multiple Clients......................................................................152
Building a server.....................................................................................................................152
Building the clients.................................................................................................................155
Invoking Client Methods from RMI Servers.......................................................................................161
Calling EJBs from RMI Servers..........................................................................................................166
Summary..............................................................................................................................................168
Chapter 9: Working with WebLogic JMS....................................................................................................169
Understanding JMS..............................................................................................................................169
JMS versions and packages....................................................................................................169
JMS architecture.....................................................................................................................169
Configuring WebLogic JMS................................................................................................................173
Creating a connection factory.................................................................................................174
Defining a file backing store...................................................................................................176
Defining a JDBC backing store..............................................................................................177
Defining destination keys.......................................................................................................178
Defining templates..................................................................................................................179
Defining a JMS server............................................................................................................180
Creating a message queue.......................................................................................................181
Creating a message topic........................................................................................................182
Programming WebLogic JMS.............................................................................................................183
Sending messages...................................................................................................................183
Receiving messages synchronously........................................................................................191
Receiving messages asynchronously......................................................................................196
Receiving messages concurrently using session pools...........................................................202
Filtering incoming messages..................................................................................................205
Browsing messages in a queue...............................................................................................207
Creating durable subscribers to topics....................................................................................208
Working with Transactions..................................................................................................................210
Working with JMS transacted sessions..................................................................................210
Working with JTA transactions..............................................................................................211
Summary..............................................................................................................................................219
Table of Contents
Chapter 10: Working with WebLogic JavaMail..........................................................................................221
Understanding JavaMail......................................................................................................................221
JavaMail versions and packages.............................................................................................221
JavaMail architecture..............................................................................................................221
Configuring WebLogic JavaMail........................................................................................................226
Creating a mail session...........................................................................................................226
Adding POP3 to WebLogic....................................................................................................227
Sending Messages with WebLogic JavaMail......................................................................................228
Obtaining a mail session via JNDI.........................................................................................228
Sending a simple message......................................................................................................229
Deployment descriptor for the examples................................................................................229
Example: Send Mail servlet....................................................................................................230
Overriding mail session properties.........................................................................................232
Authenticating a mail session.................................................................................................233
Sending an enclosure using a MimeMultipart........................................................................234
Example: Send Mail servlet 2.................................................................................................234
Sending a message to multiple recipients (bulk mail)............................................................237
Navigating stores....................................................................................................................238
Retrieving and Displaying Messages with WebLogic JavaMail.........................................................241
Listing messages.....................................................................................................................242
Example: Display messages....................................................................................................242
Analyzing message flags........................................................................................................246
Deleting a message.................................................................................................................247
Expunging messages...............................................................................................................247
Example: Displaying message details.....................................................................................248
Summary..............................................................................................................................................253
Part III: Developing Web Components........................................................................................................254
In This Part...........................................................................................................................................254
Chapter 11: Developing Servlets...................................................................................................................255
Overview..............................................................................................................................................255
Understanding Servlets........................................................................................................................256
The servlet API: Versions and packages................................................................................256
The Web container and Web applications..............................................................................257
How servlets work..................................................................................................................259
When to use servlets...............................................................................................................261
The servlet life cycle...............................................................................................................261
Programming Servlets..........................................................................................................................262
Creating a simple Web application.........................................................................................262
Writing a simple servlet..........................................................................................................264
Deploying and testing the servlet............................................................................................266
Advanced Servlet Programming Techniques.......................................................................................267
Working with sessions............................................................................................................267
Working with the servlet context............................................................................................272
Dispatching requests to other resources..................................................................................273
Securing your application.......................................................................................................274
Building an Advanced Application with Servlets................................................................................277
Gathering the requirements.....................................................................................................277
Brainstorming a design...........................................................................................................278
Building the application..........................................................................................................278
Deploying the application as a WAR file...............................................................................294
Table of Contents
Chapter 11: Developing Servlets
Summary..............................................................................................................................................295
Chapter 12: Developing JavaServer Pages...................................................................................................296
Overview..............................................................................................................................................296
Understanding JavaServer Pages.........................................................................................................296
Product of evolution................................................................................................................296
How JSPs work.......................................................................................................................297
Model−View−Controller........................................................................................................298
Configuring WebLogic Server for JSPs..............................................................................................299
The JSP compiler....................................................................................................................299
Configuring the WebLogic Application Extension Deployment Descriptor..........................300
Deploying your first JSP in WebLogic Server.......................................................................307
Support for JSP 1.2.................................................................................................................310
Programming JavaServer Pages...........................................................................................................310
Tag conventions......................................................................................................................311
Directives................................................................................................................................311
Scripting..................................................................................................................................314
Comments...............................................................................................................................317
Implicit objects.......................................................................................................................318
Actions....................................................................................................................................320
JSP example............................................................................................................................322
Error handling.........................................................................................................................329
Debugging...............................................................................................................................330
Programming JSPs with JavaBeans.....................................................................................................332
Deploying your first JavaBean...............................................................................................332
JSP bean tags..........................................................................................................................334
JSP and JavaBean example.....................................................................................................339
Using servlets to handle requests............................................................................................341
Summary..............................................................................................................................................345
Chapter 13: Developing Tag Libraries.........................................................................................................346
Understanding Tag Libraries...............................................................................................................346
Tag handler lifecycle..............................................................................................................346
Tag handlers and the Tag Extension API...............................................................................349
Main interfaces.......................................................................................................................349
Convenience classes...............................................................................................................350
Supporting interfaces and classes...........................................................................................354
Programming and Using a Tag Extension...........................................................................................357
Programming a tag handler class............................................................................................357
Defining a Tag Library Descriptor.........................................................................................360
Configuring the WebLogic Web application deployment descriptor.....................................364
Using a tag extension within a JSP.........................................................................................365
Resolving a tag extension.......................................................................................................369
Programming a TagExtraInfo Class.....................................................................................................370
WebLogic Tag Libraries......................................................................................................................373
WebLogic JSP form validation tags.......................................................................................373
WebLogic custom JSP tags.....................................................................................................375
WebLogic EJB−to−JSP Integration Tool............................................................................................375
Summary..............................................................................................................................................376
Table of Contents
Part IV: Developing EJB Components.........................................................................................................377
In This Part...........................................................................................................................................377
Chapter 14: Understanding Enterprise JavaBeans.....................................................................................378
Overview..............................................................................................................................................378
EJB Architecture..................................................................................................................................379
EJB Types............................................................................................................................................379
Session beans..........................................................................................................................379
Entity beans.............................................................................................................................380
Message−driven beans............................................................................................................380
EJB Client−Access Models.................................................................................................................381
EJB Components..................................................................................................................................381
Home interface........................................................................................................................382
Remote interface.....................................................................................................................383
Implementation class..............................................................................................................384
Deployment descriptors..........................................................................................................386
WebLogic’s EJB Container Services...................................................................................................389
Lifecycle management............................................................................................................389
Transaction support.................................................................................................................389
Persistence..............................................................................................................................391
Clustering support...................................................................................................................391
Security...................................................................................................................................392
EJB 1.1 versus 2.0................................................................................................................................392
New: Message−driven beans..................................................................................................392
Improved: CMP for entity beans............................................................................................392
Summary..............................................................................................................................................394
Chapter 15: Developing Session Beans.........................................................................................................395
Overview..............................................................................................................................................395
Common session bean uses..................................................................................................................396
Using session EJBs to model workflow..............................................................................................396
Client−server architecture.......................................................................................................396
EJB Container functionality....................................................................................................396
No synchronization issues......................................................................................................396
Inherently reusable..................................................................................................................396
Scalability...............................................................................................................................397
Comparing Stateless and Stateful Beans..............................................................................................397
Programming Session Beans...............................................................................................................399
Home interfaces......................................................................................................................399
Session EJB interfaces............................................................................................................400
Implementation class..............................................................................................................401
Stateful EJB example—AnalyzePortfolio..............................................................................413
Clustering Session Beans.....................................................................................................................419
Programming Transactions in Session Beans......................................................................................420
Summary..............................................................................................................................................420
Chapter 16: Developing Entity Beans...........................................................................................................421
Overview..............................................................................................................................................421
Understanding Entity Beans................................................................................................................421
Entity beans and persistence...................................................................................................421
Types of entity beans..............................................................................................................421
Entity bean lifecycle...............................................................................................................421
Table of Contents
Chapter 16: Developing Entity Beans
EJB 2.0.................................................................................................................................................422
CMP relationships...................................................................................................................422
Local interfaces.......................................................................................................................423
CMP abstract persistence schema...........................................................................................423
EJB QL...................................................................................................................................423
Entity Bean Component Files..............................................................................................................424
Programming BMP..............................................................................................................................424
Define the home interface.......................................................................................................424
Define the local home interface..............................................................................................425
Define the remote interface.....................................................................................................425
Define the local interface........................................................................................................426
Create the bean........................................................................................................................426
Create the primary key class (optional)..................................................................................434
Create value object class (optional)........................................................................................434
Create the deployment descriptors..........................................................................................436
Notes.......................................................................................................................................438
Programming CMP..............................................................................................................................438
Create the Department bean....................................................................................................438
Define the Course bean...........................................................................................................443
Create the deployment descriptors..........................................................................................447
Deployment to WebLogic....................................................................................................................458
Advanced WebLogic Features for Entity Beans..................................................................................458
Concurrency and locking........................................................................................................458
Automatic table creation.........................................................................................................460
CMP, BMP, and Other Options...........................................................................................................460
Trade−offs between BMP and CMP.......................................................................................460
Session beans..........................................................................................................................461
Java Data Objects....................................................................................................................461
Third−Party Tools................................................................................................................................461
WebGain Studio......................................................................................................................461
JBuilder...................................................................................................................................461
Cocobase Enterprise O/R........................................................................................................462
TogetherSoft Control Center..................................................................................................462
Summary..............................................................................................................................................462
Chapter 17: Developing Message−Driven Beans.........................................................................................463
Overview..............................................................................................................................................463
Understanding Message−Driven Beans...............................................................................................463
Versions and packages............................................................................................................463
How message−driven beans differ from other EJBs..............................................................463
Deciding whether to write a message−driven bean or a JMS client.......................................464
Programming Message−Driven Beans................................................................................................465
The MessageDrivenBean interface—javax.ejb.MessageDrivenBean....................................465
The message−driven bean context..........................................................................................465
Implementing business logic..................................................................................................466
Deploying Message−Driven Beans in WebLogic Server....................................................................467
Deployment descriptors..........................................................................................................467
Transaction attributes..............................................................................................................468
Deploying message−driven beans using WebLogic Console.................................................469
Building an Application Using Message−Driven Beans and XML....................................................470
The business problem: Sending medical prescriptions over a wireless network....................470
Table of Contents
Chapter 17: Developing Message−Driven Beans
Application design issues........................................................................................................470
Source code.............................................................................................................................471
Deploying the message−driven bean......................................................................................476
Summary..............................................................................................................................................478
Part V: Deploying and Testing Enterprise Applications.............................................................................479
In This Part...........................................................................................................................................479
Chapter 18: Assembling and Deploying WebLogic Applications..............................................................480
Packaging J2EE Applications..............................................................................................................480
Deployment descriptors..........................................................................................................480
JAR—Java archive format......................................................................................................481
Web Applications Structure and Packaging........................................................................................482
Steps to create a Web application...........................................................................................482
Web application directory structure........................................................................................483
Configuring your Web application.........................................................................................484
Packaging Enterprise JavaBeans..........................................................................................................494
Packaging Enterprise Applications......................................................................................................494
Classloading in Enterprise Applications and WebLogic Server..........................................................496
Third−Party and Utility Classes...........................................................................................................497
Root classloader......................................................................................................................497
Put it everywhere....................................................................................................................497
The JAR manifest file class−path header...............................................................................497
Summary..............................................................................................................................................498
Chapter 19: Testing and Tuning WebLogic Applications..........................................................................499
Understanding Performance Tuning....................................................................................................499
Determining performance goals..............................................................................................499
Load testing.............................................................................................................................500
Areas of performance tuning..................................................................................................504
WebLogic Server Performance Monitoring.........................................................................................505
Monitoring WebLogic Servers with the console....................................................................505
Monitoring performance graphs from the console.................................................................505
Monitoring active queues, connections, and sockets..............................................................506
Monitoring CPU utilization....................................................................................................507
JVM options for performance monitoring..............................................................................508
Tuning WebLogic Server.....................................................................................................................509
Basic server configuration......................................................................................................509
JDBC tuning considerations...................................................................................................512
EJB tuning considerations......................................................................................................513
Tuning the WebLogic Server’s JVM...................................................................................................513
Heap sizes...............................................................................................................................513
Garbage collection..................................................................................................................514
Client/Server JVM options.....................................................................................................514
Tuning WebLogic Server Applications...............................................................................................514
Tuning JDBC modules within your application.....................................................................514
EJB considerations..................................................................................................................515
Asynchronous components.....................................................................................................515
Singletons................................................................................................................................516
Transaction considerations.....................................................................................................516
Logging considerations...........................................................................................................516
Table of Contents
Chapter 19: Testing and Tuning WebLogic Applications
Compiler settings....................................................................................................................516
Nonsynchronized collections..................................................................................................516
Placing objects in sessions......................................................................................................516
WebLogic Server clustering overview...................................................................................517
Tuning Process Example......................................................................................................................518
Define performance goals.......................................................................................................518
The application tuning process...............................................................................................518
Load testing.............................................................................................................................519
Summary..............................................................................................................................................521
Part VI: Implementing Security....................................................................................................................522
In This Part...........................................................................................................................................522
Chapter 20: Understanding Security Fundamentals...................................................................................523
Overview..............................................................................................................................................523
Security Layers....................................................................................................................................523
Authentication layer................................................................................................................525
Authorization layer.................................................................................................................526
Integrity layer..........................................................................................................................533
Auditing layer.........................................................................................................................537
Security Perimeters..............................................................................................................................537
Security Attacks...................................................................................................................................539
IP spoofing..............................................................................................................................539
DNS spoofing.........................................................................................................................539
Trapdoors................................................................................................................................540
Logic bombs...........................................................................................................................540
Worms.....................................................................................................................................540
Trojan horses...........................................................................................................................540
Ciphers, Keys, and Secure Sockets......................................................................................................541
Summary..............................................................................................................................................544
Chapter 21: Understanding WebLogic’s Security Architecture................................................................545
Introduction to WebLogic Security Architecture................................................................................545
Understanding JAAS...........................................................................................................................546
Pluggable Authentication Modules.........................................................................................546
LoginContext..........................................................................................................................547
Security realms.......................................................................................................................548
WebLogic Service Provider Interface.....................................................................................550
WebLogic Enterprise Connectivity......................................................................................................550
Authentication layer................................................................................................................551
Authorization layer.................................................................................................................554
Summary..............................................................................................................................................555
Chapter 22: Securing a WebLogic Application...........................................................................................556
Introduction to JAAS Programming....................................................................................................556
Writing and configuring the LoginContext............................................................................557
Writing a LoginModule..........................................................................................................560
Writing the CallbackHandler..................................................................................................562
Writing JAAS for WebLogic Server......................................................................................564
Authorization and the Security Realm.................................................................................................570
Building a Custom RDBMS Security Realm......................................................................................571
Table of Contents
Chapter 22: Securing a WebLogic Application
Define the data store...............................................................................................................571
Define the custom classes.......................................................................................................571
Authenticate users...................................................................................................................578
Determining if the user belongs to a group.............................................................................579
Get users and groups from security store................................................................................579
Auditing in WebLogic Server..............................................................................................................581
Summary..............................................................................................................................................582
Part VII: WebLogic Server Administration.................................................................................................583
In This Part...........................................................................................................................................583
Chapter 23: Working with WebLogic’s Administration Tools..................................................................584
Overview..............................................................................................................................................584
Administering WebLogic Server Using the WebLogic Console.........................................................584
Console...................................................................................................................................585
Domain information................................................................................................................586
Servers....................................................................................................................................594
Clusters...................................................................................................................................614
Machines.................................................................................................................................615
Deployments...........................................................................................................................616
Services...................................................................................................................................616
Security...................................................................................................................................628
Domain log filters...................................................................................................................628
Administering WebLogic Using Command−Line Tools.....................................................................629
Summary..............................................................................................................................................630
Chapter 24: Working with WebLogic Clusters...........................................................................................631
Overview..............................................................................................................................................631
Building a Simple Cluster....................................................................................................................632
Designing the cluster topology...............................................................................................632
Creating the cluster.................................................................................................................633
Accessing a Cluster through an HTTP Proxy......................................................................................637
Deploying a Web Application to the Cluster.......................................................................................639
Testing a Clustered Web Application..................................................................................................643
Session State Persistence Strategies.....................................................................................................645
Clusters and J2EE Services..................................................................................................................646
Cluster−wide JNDI tree..........................................................................................................646
Load balancing JDBC connections.........................................................................................646
Load balancing JMS connection factories..............................................................................647
Clustering of RMI Objects and EJBs...................................................................................................648
Summary..............................................................................................................................................648
Chapter 25: Managing WebLogic Security..................................................................................................649
Overview..............................................................................................................................................649
Configuring the File Realm.................................................................................................................649
Configuring the NT Realm..................................................................................................................654
Configuring the Unix Realm................................................................................................................655
Configuring the LDAP Realm.............................................................................................................655
Configuring the RDBMS realm..............................................................................................661
Configuring the Secure Socket Layers (SSL) protocol..........................................................665
Configuring the connection filter............................................................................................667
Table of Contents
Chapter 25: Managing WebLogic Security
Summary..............................................................................................................................................669
Part VIII: Enterprise Application Integration.............................................................................................671
In This Part...........................................................................................................................................671
Chapter 26: Working with Web Services, SOAP, and WSDL...................................................................672
Web Services and Java Data Type Restrictions...................................................................................672
How Web Services Work in WebLogic...............................................................................................674
XML........................................................................................................................................674
HTTP......................................................................................................................................674
SOAP......................................................................................................................................675
WSDL.....................................................................................................................................675
Jakarta Ant..............................................................................................................................675
Building Web Services........................................................................................................................676
Types of Web services............................................................................................................676
Getting the Client.jar file and the WSDL...............................................................................678
Creating a Remote Procedure Call Web service.....................................................................679
Creating a Consumer Message−Style Web service................................................................684
Building a Message−Style producer Web service..................................................................688
Other Web−Service Technologies.......................................................................................................692
Jakarta Ant..............................................................................................................................693
UDDI......................................................................................................................................698
Future J2EE and IDE support.................................................................................................698
Summary..............................................................................................................................................698
Chapter 27: Working with WebLogic and the J2EE Connector Architecture.........................................699
Overview..............................................................................................................................................699
Understanding the J2EE Connector Architecture................................................................................700
Key concepts...........................................................................................................................700
System contracts.....................................................................................................................703
Security Management contract...............................................................................................707
Common Client Interface........................................................................................................708
Using the J2EE Connector Architecture in WebLogic........................................................................712
Configuration..........................................................................................................................714
Development...........................................................................................................................715
Logging...................................................................................................................................715
Deployment.............................................................................................................................715
Summary..............................................................................................................................................717
Appendix: Upgrading to WebLogic Server 6.1 from Earlier Versions.....................................................719
Upgrading WebLogic Server...............................................................................................................719
Upgrading the WebLogic license file.....................................................................................719
Converting the weblogic.properties file..................................................................................720
Upgrading WebLogic Applications.....................................................................................................726
Migrating J2EE Web applications..........................................................................................726
Migrating EJB applications....................................................................................................728
Migrating EJBs from 1.1 to 2.0..............................................................................................728
Removed and Deprecated Features......................................................................................................729
Removed APIs and features....................................................................................................729
Deprecated APIs.....................................................................................................................730
Where to Find More Information.........................................................................................................730
Part I: Preparing Your Enterprise for WebLogic
In This Part
Chapter 1: A Quick Tour of WebLogic Server
Chapter 2: Assembling and Managing a WebLogic Development Team
Chapter 3: Designing WebLogic Applications
Chapter 4: Creating a WebLogic Environment
5
Chapter 1: A Quick Tour of WebLogic Server
In this chapter, I take you on a quick tour of WebLogic Server (often referred to as “WebLogic”). I introduce
you to WebLogic and fire it up to show you what it looks like. After showing how some of WebLogic’s
capabilities are used in real−world Web sites, I show you some of WebLogic’s components in more detail and
discuss how they fit into its overall architecture. The chapter closes with a few questions that you can ask
yourself to determine whether WebLogic is right for your projects.
Introducing WebLogic Server
WebLogic Server is an industrial−strength application server developed and marketed by BEA Systems, Inc.
of San Jose, California. WebLogic is a pure−Java implementation of the Java 2 Platform, Enterprise Edition,
more commonly known as J2EE. J2EE represents Sun’s serious effort to make Java a powerful platform for
developing enterprise applications. It defines a set of runtime architectures, network services, and application
programming interfaces (APIs) that make it easy for developers to write distributed, network−aware software
components and applications. WebLogic has long been recognized as one of the best ( if not the best ) J2EE
implementations on the market.
Note Although this book is not intended to be a tutorial on J2EE, WebLogic and J2EE are so tightly bound
that you will inevitably learn a great deal about J2EE from this book. For the most part, however, I will
assume that you are already familiar with J2EE.
The current shipping version of WebLogic Server is 6.1. Version 6.1 has a lot in common with its immediate
predecessors, especially versions 5.1 and 6.0, but there are also significant differences. Therefore, instead of
trying to cover multiple versions of WebLogic Server, this book focuses on version 6.1.
Like a database or mail server, WebLogic runs almost invisibly on a computer and provides services to clients
that connect to it. The most common use of WebLogic is to deliver secure, data−driven applications to Web
clients over corporate intranets or the Internet. But WebLogic can also be used as a general−purpose
application server for non−Web clients such as wireless devices and desktop applications. Basically, if you
can design it with J2EE, you can build it and run it with WebLogic.
The WebLogic Server family consists of three products:
•
WebLogic Server—the focus of this book
•
WebLogic Server Enterprise—WebLogic Server plus the BEA Tuxedo transaction engine
•
WebLogic Express—WebLogic Server without EJBs, RMI, and CORBA, used for building Web
applications only
BEA’s WebLogic product line contains several products that run on top of WebLogic Server. Although these
products are beyond the scope of this book, you may want to explore them further on your own:
•
WebLogic Portal—for managing access to Web−based information by customers, employees, and
partners
•
6
Chapter 1: A Quick Tour of WebLogic Server
WebLogic Personalization Server—for managing customization of Web content delivery based on
individual user preferences
•
WebLogic Integration—for managing business process, application integration using JCA, and B2B
integration
•
WebLogic Java Adapter for Mainframe—for bringing mainframe applications and data into the Java
fold
These products provide many common capabilities you may not want to write yourself. You can find more
information about them at />The WebLogic product line runs on all of today’s popular enterprise computing platforms, including
Windows NT/2000, Sun Solaris, HP/UX, IBM AS/400, and Linux. Because WebLogic is a pure Java product,
it is installed, configured, and managed almost identically on all platforms.
Companies around the world use WebLogic Server to build large−scale, industrial−strength Web applications
for both internal and external use. They choose WebLogic because of its performance, reliability,
cross−platform capability, versatility, and strong support for the J2EE standard. With WebLogic Server you
can
•
Host Web sites for one or more Internet domains on one computer with one IP address, or on multiple
computers bundled together in a cluster, or on multiple computers managed by a proxy server
•
Deploy server−side Java code written to the J2EE standard, including servlets, JavaServer Pages
(JSPs), JavaBeans, and Enterprise JavaBeans (EJBs)
•
Integrate disparate computing systems using J2EE’s extensive network services, including JDBC for
database connectivity, JMS for messaging, JNDI for network directory access, JTA for distributed
transactions, and JavaMail for electronic mail
•
Deploy Java−only distributed applications by using Remote Method Invocation (RMI)
•
Deploy CORBA−accessible distributed applications by using RMI over Internet Inter−ORB Protocol
(RMI−IIOP)
•
Implement robust security by using Secure Sockets Layer (SSL) and WebLogic’s built−in support for
user authentication and authorization
•
Provide high availability, load balancing, and failover by combining multiple WebLogic servers into a
cluster
•
7
Chapter 1: A Quick Tour of WebLogic Server
Take advantage of Java’s cross−platform capabilities by deploying WebLogic servers on Windows
NT/2000, Sun Solaris, HP/UX, and other operating systems supported by WebLogic
•
Easily manage one or more WebLogic servers on your network, regardless of platform, by using
WebLogic’s intuitive, Web−based management and monitoring tools
Now that you have some idea of what WebLogic is, let’s take it for a spin on a Windows 2000 machine and
see what it looks like.
Taking WebLogic for a Spin
WebLogic Server runs either as an application or service on Windows 2000. In this section, you’re going to
start WebLogic as an application and have a look under the hood by using the WebLogic Administration
Console.
Cross Reference
I discuss the various options for starting WebLogic Server in Chapter 4.
To start WebLogic on Windows 2000, select Start Default Server from the WebLogic program group. Enter
the server’s password (defined during the installation process) and the server will start. Figure 1−1 shows the
console output from starting WebLogic Server.
Figure 1−1: WebLogic Server 6.1 started and ready for connections
Caution Once you start the server, you must either leave this window open or minimize it. Closing it shuts
down the server!
The simple output in the command line window belies the complexity of the engine running beneath. You can
gain a better appreciation by looking at the server through the lens of the Administration Console. From the
WebLogic program group, select Start Default Console. After entering the username and password for your
server, you’ll see a Console display in your Web browser, similar to Figure 1−2.
8
Chapter 1: A Quick Tour of WebLogic Server
Figure 1−2: WebLogic Server Administration Console start screen
Now it’s beginning to look like you got your money’s worth. On the left side of the screen is the domain tree
showing the contents of the WebLogic domain (mydomain) to which this Console is pointed.
Note A WebLogic domain is a collection of one or more WebLogic servers logically bundled together for
administrative purposes, and possibly for clustering as well. Every WebLogic server belongs to one and
only one domain. mydomain and myserver are default names set by WebLogic’s installer. You can
change your domain and server names to anything you want when you install your own servers.
On the right side of the screen is the entity table for the last item you clicked in the domain tree. You just
started the Console and haven’t clicked any items, so the entity table displayed is actually the Console home
page, which is just a task−and service−oriented view of the domain tree.
You’ll see a lot more of the Administration Console as you work through this book. For now, let’s take a
quick look at the status of the server started earlier. In the domain tree, expand the Servers node; then click
myserver.
The entity table for myserver is shown in Figure 1−3. It shows basic information about your server, including
its name, machine, the TCP/IP port it’s listening on, and so on.
Figure 1−3: The Administration Console’s view of your WebLogic Server
This is only one of several sections of data about the server. Notice the dark tabs across the top for
Configuration, Monitoring, Logging, and so on. Clicking one of these takes us to a different section of the
entity table. Below these are subsections of the selected section. You’re now looking at the General subsection
of the Configuration section.
9
Chapter 1: A Quick Tour of WebLogic Server
To get information about WebLogic Console itself, click Console at the top of the domain tree. The
Preferences tab, shown in Figure 1−4, allows you to change the Console’s defaults, including which language
you want for on−screen displays, refresh intervals, and so on.
Figure 1−4: The Preferences tab of the Console Preferences page
The Console’s Versions tab, shown in Figure 1−5, displays the product versions of the Console and the
WebLogic Server to which it is pinned.
Figure 1−5: The Versions tab of the Console Preferences page
As you can see, the WebLogic Administration Console is an excellent tool for visualizing the innards of your
server and understanding how it works. It is also an essential tool for managing your server and keeping it
healthy. I explore these topics in greater depth throughout this book.
Spotting WebLogic in the Real World
As I mentioned before, companies around the world use WebLogic Server to build large−scale,
industrial−strength Web applications. BEA maintains a partial customer list at
surfing the Web sites of these companies may give you some idea
of how they are putting WebLogic Server to work.
Not surprisingly, BEA itself uses WebLogic Server to drive a number of applications appearing on its
corporate Web site at In the Education area, for example, you can browse a course
catalog provided by BEA Education Services, and then enroll in the WebLogic courses of your choice. Figure
1−6 shows a calendar of upcoming classes, which is generated on the fly from a database. The database stores
course dates, locations, prices, and seating availability. If the database indicates that a course is full, the
calendar shows "full" in the Availability column, and you cannot enroll in the class. Otherwise, the calendar
10
Chapter 1: A Quick Tour of WebLogic Server
provides a link to enroll. The developers of this site have even implemented additional business logic that
shows when a course has limited seating. Apparently, when the number of empty seats in a course falls below
a certain threshold, the "Enroll" link changes to "Limited Seating." This is a great way to motivate
procrastinators to enroll before their course fills up!
Figure 1−6: WebLogic drives BEA’s online course catalog.
Clicking Enroll for a course takes you through a user registration process, which is also database driven. After
you have registered, you can enroll in the course. Figure 1−7 shows the enrollment page. This is an input form
where you enter your personal contact information to enroll in the given course. When you click the Submit
Info button, BEA adds you to the course roster and reduces by one the number of empty seats remaining in the
course.
Figure 1−7: Enrolling in a WebLogic class
Notice that you can also use this form to update your personal profile in BEA’s database, by clicking the
Update My Profile button. BEA uses this profile to save you the trouble of re−typing your personal
11
Chapter 1: A Quick Tour of WebLogic Server
information when using the other applications on their Web site. This is a user−friendly approach you may
want to use in your own WebLogic applications.
Sparks.com
One of BEA’s customers, Sparks.com ( uses WebLogic to drive their online store for
paper−based greeting cards, as shown in Figure 1−8. You can search, select, and purchase from a dizzying
array of cards on this site. Sparks.com, being a high−volume e−commerce site (especially during the
holidays), offers compelling proof that WebLogic applications can scale to support thousands of simultaneous
users. The site uses WebLogic clustering to ensure high availability and performance, even under heavy user
loads.
Figure 1−8: WebLogic driving a high−volume e−commerce site
Surveying WebLogic’s Features, Services, and Architecture
Now that we know the things WebLogic can do, let’s examine the components of its architecture to gain a
clearer understanding of how it does them.
HTTP server
If you think of WebLogic Server as a big house where your Web applications live, its HTTP server is the front
door. All requests made to your applications from Web browsers must pass through it.
WebLogic’s integrated HTTP server allows you to host Web sites that contain HTML/ XML pages only or
HTML/XML pages plus JSPs and servlets. For applications requiring secure connections, WebLogic supports
the HTTP−Secure (HTTPS) protocol, which requires you to purchase a certificate for your server from a
certifying authority. If your environment requires you to deploy WebLogic behind Apache, Microsoft, or
Netscape Web servers, you can do so using WebLogic’s proxy plug−ins for those servers.
New Feature
WebLogic 6.1 supports virtual hosting, which allows you to map multiple Web sites to a
single WebLogic server. For sites upgrading from earlier WebLogic versions, this may
eliminate the need to proxy requests to WebLogic servers from other Web servers, if the only
12
Chapter 1: A Quick Tour of WebLogic Server
reason for doing so is to support virtual hosting.
J2EE containers
WebLogic Server implements a Web container and an EJB container, which are the two server−side
containers mandated by the J2EE standard. These containers give your applications a runtime environment
and access to the J2EE APIs. The containers are an integral part of WebLogic Server and are available for use
once the server is started.
Web container
WebLogic’s Web container hosts servlets and JSPs. These application components are used to service
requests originating from Web browsers.
Note The first time JSPs are invoked, they are automatically compiled into servlets, and the servlet executes
instead of the JSP itself. WebLogic manages this process invisibly and automatically as required by the
J2EE specification.
EJB container
As you might expect, WebLogic’s EJB container hosts EJBs, including session beans, entity beans, and
message beans. These application components are used to implement business logic, data access, and
asynchronous messaging. They service requests from non−Web clients, such as client applications written in
Java, or from Java code living in a servlet or JSP. They generally cannot be accessed directly from Web
browsers, unless there is an applet embedded in the page.
Note The default download for WebLogic Server 6.1 includes J2EE 1.3 and supports the EJB 2.0 and 1.1
specifications. You can also download a version that includes J2EE 1.2, and supports EJB 1.1 only.
Gateway to the J2EE APIs
WebLogic Server provides your Java applications with runtime access to the J2EE APIs, which are JDBC,
JMS, JNDI, JTA, RMI, and JavaMail. As mentioned earlier, WebLogic Server includes J2EE 1.3.
Figure 1−9 shows the relationships among WebLogic’s HTTP server, J2EE containers, the J2EE APIs, and
external systems.
13
Chapter 1: A Quick Tour of WebLogic Server
Figure 1−9: WebLogic’s J2EE architecture and its relationship to external systems
Web Services
Starting with version 6.1, WebLogic Server supports emerging standards for implementing and deploying
Web Services. Web Services is an exciting new technology that allows the construction and deployment of
self−describing, modular, and reusable application components that can be made available to any other
application running on a corporate intranet or the global Internet. WebLogic Server supports Web Services
Description Language (WSDL) version 1.1 and Simple Object Access Protocol (SOAP) version 1.1, which
are the enabling technologies behind Web Services.
Cross Reference
WebLogic’s support for Web Services, WSDL, and SOAP is covered in Chapter 26.
J2EE Connector Architecture
Also starting with version 6.1, WebLogic Server supports the J2EE Connector Architecture version 1.0, which
defines a portable, open standard for integrating with back−end systems such as Enterprise Resource Planning
(ERP) systems, Customer Relationship Management (CRM) systems, and other enterprise−class software and
database systems.
Cross Reference
WebLogic’s support for the J2EE Connector Architecture is covered in Chapter 27.
CORBA support
Many large corporations use CORBA (Common Object Request Broker Architecture) to implement
distributed applications on their corporate networks. CORBA provides a means by which software objects can
find and call each other remotely over a network. The communication protocol used for this process is IIOP,
or Internet Inter−ORB Protocol, which sits on top of TCP/IP.
CORBA is a separate standard that predates J2EE and was indeed the inspiration for RMI, J2EE’s remote
object protocol. But unlike RMI, CORBA provides support for objects written in many languages, not just
Java.
14
Chapter 1: A Quick Tour of WebLogic Server
WebLogic Server includes CORBA support in the form of RMI over IIOP. RMI uses a communication
protocol that is incompatible with CORBA; RMI/IIOP converts the RMI protocol into IIOP, and vice−versa,
so RMI objects can coexist with CORBA objects on a network.
Security services
WebLogic provides a platform for three levels of application security: encryption, user authentication, and
user authorization.
Encryption
Data transmitted to and from WebLogic Server can be encrypted by using Secure Sockets Layer (SSL). SSL is
implemented for Web applications via HTTP−Secure (HTTPS), and is used in native form over RMI
connections.
To use SSL, you must purchase a certificate for your server from a certificate vendor such as VeriSign. When
clients request secure connections, the server sends the certificate to the client for validation. Once validated,
the client and server exchange encrypted keys and establish the secure connection. WebLogic Server also
supports mutual authentication, where the client and server both exchange certificates before establishing a
secure connection.
User authentication and authorization
User authentication is the process of ensuring that a user has the proper credentials to gain access to an
application. User authorization is the process of mapping authenticated users to individual application
services, usually at the group level. Sales managers, for example, have access to commission reports in a
CRM application, whereas sales representatives do not.
Applications usually authenticate users by prompting them for a login name and password, and then
validating these against a database. After the user is authenticated, authorization is performed by matching the
user’s group membership against a list of resources available to that group. This list is called an Access
Control List (ACL).
WebLogic calls authentication/authorization databases realms and provides support for five different types.
The default realm is the File realm, which is simply a disk file of users, groups, encrypted passwords, and
ACL’s. The contents of the file are managed by using WebLogic’s Administration Console. The other four
realms WebLogic supports are
•
Lightweight Directory Access Protocol (LDAP), such as Microsoft Active Directory or Netscape
Directory Server
•
Windows NT/2000 domains
•
Unix login service
•
Relational databases
15
