Oracle Proxy Plugin - IIS - Certificates
I have a setup where IIS fronts for Oracle Application Server using the Oracle Proxy Plugin. I understand this is fairly routine, however; I have run into a situation where I need Client Certificate information pushed back to a single application on the Oracle Server. According to documentation, the plugin does not backend requests SSL even in an SSL environment. This effectively blocks certificate information from anything sitting behind the plugin. Has anyone found or created a clean workaround/alternative solution to this problem? Unfortunately, IIS has to remain in front and Oracle has to remain behind.
All,
Solved it myself and it works with OC4J only.
Regards,
MB
Similar Messages
-
Windows Oracle Proxy Plug-in with Apache
I've loaded and configured the Oracle Proxy Plug-in for use on an IIS system, but would now like to configure this for Apache (as in an IAS) on a Windows platform.
I've mimicked the LoadModule and AddModule commands as a best guess, but I haven't been able to deduce the path information for the serverdef.conf file. As a result the HTTPD service fails to start.
Is anybody able to help?
Best regards,
MalcolmHello Malcolm
I was intrigued to see that you have successfully configured Oracle App Server proxy plugin for IIS. I have been trying to do this for a while but have not been successful. I would be really grateful for any assistance please.
I'm using Ora App server 10.1.2.0.2 and IIS 6. I've also put the proxy dll from the 10.1.2..0.2 Companion CD. I've even tried to use port 80 in the proxy.txt file.
All registry keys are setup for the dll and the log entries.
If I forward all requests - ie have the URLRule for all requests, then just typing the IIS server name (http://iisserver) dies forward to the APp server's welcome page on the Application Server.
The following are in the oas_proxy.txt file
oproxy.serverlist=ias1
# Hostname to use when communicating with a specific server.
oproxy.ias1.hostname=farswserver1.ads.autodesk.com
# Port to use when communicating with a specific server.
oproxy.ias1.port=80
# Description of URL(s) that will be redirected to this server.
oproxy.ias1.urlrule=/*
Much appreciate all help please.
Many thanks
Shashi -
Weblogic proxy plugin closes keep-alive connections to clients randomly
In short we have following arhitecture:
clients ---> wl proxy plugin 1 ----> weblogic 1
clients ---> wl proxy plugin 2 ----> weblogic 2
Beacuse of the application/installation specific requirements, we are not using failover, one wl proxy always forwards requests to one weblogic (simple configuration).
Application is TR-069 protocol based (SOAP over HTTP) so it very much relays on persistence TCP connections (Connection: keep-alive). This TCP persistence has to work correctly in order that TR-069 messages are exchanged in required order, otherwise we have a error on application layer.
Here and there we've noticed applications errors which suggest that we have some problems in TCP connection between the client and the weblogic server. After sniffing, we've noticed that weblogic proxy plugin (Apache) randomly, or because of some other reason we do not know, decides to close TCP connection to client, even app on weblogic did not request so ???
As a result, client opens new connection to the server with new TR-069 session and it gets bounced beacuse it allready has one open on weblogic server.
We've sniffed, traced everything we could, we were searching for patterns in time, etc... but we can not find the reason why proxy plugin decides to close the connection to the client (not to the weblogic server).
Trace (replaced sensitive information):
Thu Apr 29 15:05:50 2010 <958012725463463784> URL::parseHeaders: CompleteStatusLine set to [HTTP/1.1 200 OK]
Thu Apr 29 15:05:50 2010 <958012725463463784> URL::parseHeaders: StatusLine set to [200 OK]
Thu Apr 29 15:05:50 2010 <958012725463463784> parsed all headers OK
Thu Apr 29 15:05:50 2010 <958012725463463784> sendResponse() : r->status = '200'
Thu Apr 29 15:05:50 2010 <958012725463463784> canRecycle: conn=1 status=200 isKA=1 clen=545 isCTE=0
Thu Apr 29 15:05:50 2010 <958012725463463784> closeConn: pooling for '$IP$/$PORT$'
Thu Apr 29 15:05:50 2010 <958012725463463784> request [$URL$] processed successfully..................
!!!! Now it closes the TCP connection and inserts "Connection: close" HTTP header !!!
WL proxy plugin conf params are:
WebLogicCluster $IP$:$PORT$
DynamicServerList OFF
KeepAliveTimeout 90
MaxKeepAliveRequests 0
KeepAliveSecs 55
Apache worker configuration is:
<IfModule mpm_worker_module>
PidFile var/run/httpd-worker.pid
LockFile var/run/accept-worker.lock
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 200
ThreadsPerChild 200
MaxClients 2000
MaxRequestsPerChild 0
AcceptMutex pthread
</IfModule>
Why weblogic proxy plugin ignores Keep-alive directive and decides to close connection to the client by itself?
Any help?If a WebLogic Server instance listed in either the WebLogicCluster parameter or a dynamic cluster list returned from WebLogic Server fails, the failed server is marked as "bad" and the plug-in attempts to connect to the next server in the list.
MaxSkipTime sets the amount of time after which the plug-in will retry the server marked as "bad." The plug-in attempts to connect to a new server in the list each time a unique request is received (that is, a request without a cookie).
Note: The MaxSkips parameter has been deprecated as the MaxSkipTime parameter.
See also here: http://download-llnw.oracle.com/docs/cd/E13222_01/wls/docs81/plugins/plugin_params.html
You said the problem arises under significant load. Maybe, it is wise to tune the number file descriptor's on your operating system. HTTP connections are nothing more than TCP sockets on the operating system. All modern operating systems treat sockets as a specialized form of file access and use data structures called file descriptors to track open sockets and files for an operating system process. To control resource usage for processes on the machine, the operating system restricts the number of open file descriptors per process. You should be aware that all TCP connections that have been gracefully closed by an application will go into what is known as the TIME_WAIT state before being discarded by the operating system.
On most unix systems you can use netstat -a | grep TIME_WAIT | wc -l to detemine the number of socket in time_wait state. You have to check with your system adminstrator how to tune the tcp_time_wait_interval. On solaris you can use: /usr/sbin/ndd -set /dev/tcp tcp_time_wait_interval 60000 -
Load balancing by the proxy plugin
Has anyone encountered this before:
I have a cluster of two WLS 5.1 servers, hosting servlets that serve web
requests. The requests are proxied through a web server ( I have tried
Weblogic, Apache as well as IIS). I also have a tool that simulates
concurrent web requests and fires them to the proxy server.
As per documentation, as the load balancing while proxying requests to
servlets is round robin, I expect that the requests are uniformly
distributed across the two weblogic servers. But what I see is a bit
different. In one case I fired 15 requests and found that 11 went to first
server and 4 went to the other.
Second time when I fired again 2 of them went to the first server and 13 to
the second one. I would expect that around half of the total requests
should be routed to each server everytime so that there is a proper load
balancing done by the proxy. I have not changed any configuration related
to the default load balancing algorithm. So I expect it is round-robin.
Has anyone encountered this before ? This happens to me irrespective of
which proxy server I use (i.e which proxy plugin I use). Is there some
other configuration required and I am missing something or is there some
inherent problem with the load balancing of the proxy plugins. Any info
would be highly appreciated.
Thanks
MainakCould you post this in weblogic.developer.interest.plug-in? This group is for
ejb related questions. Thanks.
Bill
Mainak Datta wrote:
Has anyone encountered this before:
I have a cluster of two WLS 5.1 servers, hosting servlets that serve web
requests. The requests are proxied through a web server ( I have tried
Weblogic, Apache as well as IIS). I also have a tool that simulates
concurrent web requests and fires them to the proxy server.
As per documentation, as the load balancing while proxying requests to
servlets is round robin, I expect that the requests are uniformly
distributed across the two weblogic servers. But what I see is a bit
different. In one case I fired 15 requests and found that 11 went to first
server and 4 went to the other.
Second time when I fired again 2 of them went to the first server and 13 to
the second one. I would expect that around half of the total requests
should be routed to each server everytime so that there is a proper load
balancing done by the proxy. I have not changed any configuration related
to the default load balancing algorithm. So I expect it is round-robin.
Has anyone encountered this before ? This happens to me irrespective of
which proxy server I use (i.e which proxy plugin I use). Is there some
other configuration required and I am missing something or is there some
inherent problem with the load balancing of the proxy plugins. Any info
would be highly appreciated.
Thanks
Mainak -
Title says it all.... Lost 3 days finding what was the problem.
The version of Oracle Eclipse Plugin 1.3.0.200909171310
is completelly unable to a version 10.3.1.0 Server.
The server starts correctly on the command line.
In Eclipse the server instance and runtime are created correctly, but when you
try to start it from eclipse bang!
Unable to validate WebLogic domain.Please make sure the running WebLogic instance is an Administration Server
java.lang.Exception:
at oracle.eclipse.tools.weblogic.server.internal.WlsJ2EEDeploymentHelper.validateRemote(WlsJ2EEDeploymentHelper.java:1670)
at oracle.eclipse.tools.weblogic.server.internal.WeblogicServerBehaviour.validateRemote(WeblogicServerBehaviour.java:2647)
at oracle.eclipse.tools.weblogic.server.internal.ServerWatcher.runOnce(ServerWatcher.java:574)
at oracle.eclipse.tools.weblogic.server.internal.ServerWatcher.run(ServerWatcher.java:482)
at java.lang.Thread.run(Thread.java:619)Well, the server is not running, i just try to start it.
The message pops instantly, like in 0.5 seconds, it looks like nothing is even performed.
- what does the <name> element look like in domain/config.xml ? Does it match the server definition?
<name>dintiruni</name>
<server>
<name>intiruni0</name>
<ssl>
<name>intiruni0</name>
<enabled>true</enabled>
<listen-port>443</listen-port>
</ssl>
<listen-port>80</listen-port>
<listen-address/>
</server>
<admin-server-name>intiruni0</admin-server-name>
yep : C:\owls11gR1\domains\dintiruni\servers\intiruni0
- what is your version of JDK running Eclipse?
Sun JDK 1.6.0_17, downloaded manually.
Same JDK i use during install to run WebLogic 10.3.2.0, I had to do that, since 10.3.2.0 JDK 1.6.0_14
is not a recongnized JDK when you use -vm parameter in eclipse.ini (10.3.1.0 was working)
- Try create a new domain, make sure set it as development mode.
I think i reinstalled WebLogic more than 3 times, recreated the domain with all possible options.
Reinstalled Eclipse (J2EE with Reporting 3.5.1) with only Oracle Plugin. Recreated my workspace
3-4 times.
Additional info:
I have this message as parent item of the stacktrace in the eclipse Log tree: Another server is detected.
I had a server version 10.3.1.0, wich i just renamed the installation directory to C:\owls11gR1_10.3.1.0 and installed the 10.3.2.0 in the same directory C:\owls11gR1
I uninstalled everything, went in regedit, deleted all weblogic keys references.
Always the same problem. Im starting to loose patience... i have rarelly seen something like that.
Edit:
I also tryed with a Server version 10.3.2.0. (I abandonned 10.3.1.0 since i cannot even create the instance in eclipse)
Edited by: Rouche on Jan 7, 2010 11:42 AM -
WebLogic proxy plugin: getPooledConn: No more connections in the pool
Hi,
We have weblogic proxy plugin installed in Sun One web server. but frequently we are getting following errors in proxy log:
<1670612410085901> attempt #0 out of a max of 5
<1670612410085901> Trying a pooled connection for '<IP>/<port>/<port>'
<1670612410085901> getPooledConn: No more connections in the pool for Host [<IP>] Port[<port>] SecurePort[<port>]
Can anybody please tell how this proxy plugin manages connection pools? I don't find any minimum / maximum number of conection to mention anywhere or how exactly it works?Try increasing the "AcceptBackLog" settings on the weblogic server and then verify for any changed behavior.
Raise the Accept Backlog value from the default by 25 percent. Continue increasing the value by 25 percent until the messages cease to appear.
Link :[http://e-docs.bea.com/wls/docs81/perform/WLSTuning.html#1136287] -
Oracle Jena Plugin and "?Resource" in select
If I execute a SPARQL query like below:
SELECT ?Resource where { ?Resource ?p ?o .}
In Jena, it generates the following SEM_MATCH query that results in an error:
(SimpleLog.java:57) - Final clause = SELECT Resource$RDFVTYP, decode(Resource$RDFVTYP, 'BLN', ('_:'||substr(Resource,instr(Resource,'m',4)+1)), Resource) Resource FROM table(sdo_rdf_match('(?Resource ?p ?o) ', sdo_rdf_models('model_name_here'), null, null, null, NULL,' '))
which results in a ORA-00936: missing expression.
If I change the select statement to something like ?Res rather than ?Resource, a proper statement is generated and I get no error. Is resource a reserved keyword or something? Are there a list of these somewhere?
Thanks,
RyanSo no PL/SQL keyword can appear in the select clause of a SPARQL statement? Shouldn't the code that translates a SPARQL statement into a SEM_MATCH statement just change that into a valid string? I'm not writing the PL/SQL statement, the Oracle Jena plugin is the one creating the improper statement.
-Ryan -
IP address lost in Weblogic proxy plugin
Hi,
We have 4 web servers that forward requests for jsps to 10 weblogic instances
working in a cluster. The web servers have IPlanet with weblogic proxy plugin.
One of the jsps has logic to retrieve the client's IP address and then return
the name of the country to which the IP address belongs. But since the jsp always
receives requests from one of the 4 web servers on the same LAN, it gets only
the internal IP address of the web server and returns no country code. To retrieve
the IP address of the caller in the jsp, I'm using
ipAddress = request.getRemoteAddr();
How can I make my jsp know the actual source IP address of the client (i.e the
end user)?
Any help would be appreciated.
Dipak Jha
Try increasing the "AcceptBackLog" settings on the weblogic server and then verify for any changed behavior.
Raise the Accept Backlog value from the default by 25 percent. Continue increasing the value by 25 percent until the messages cease to appear.
Link :[http://e-docs.bea.com/wls/docs81/perform/WLSTuning.html#1136287] -
Oracle Proxy Authentication and WLS 8.1/CMP
Hey folks,
Is there any way to configure WLS 8.1 to automatically set the Oracle CLIENT_IDENTIFIER
variable or use Oracle Proxy Authentication on JDBC connections? I'm interested
in using Oracle auditing with my CMP entity beans, but would like to capture the
app tier user identity, instead of the data source pool user.
Thanks."Brent Smith" <[email protected]> wrote in message
news:3fa15807$[email protected]..
>
Hey folks,
Is there any way to configure WLS 8.1 to automatically set the OracleCLIENT_IDENTIFIER
variable or use Oracle Proxy Authentication on JDBC connections? I'minterested
in using Oracle auditing with my CMP entity beans, but would like tocapture the
app tier user identity, instead of the data source pool user.
I would ask in the weblogic.developer.interest.jdbc newsgroup. -
Hi,
I'm working with the oracle/realserver plugin and all works fine. Like it says in the installion file, i've added the following line to a mountpoint:
select t.source.getContent() as data,
t.source.getMimeType() as mimetype,
from tracks t
where t.id = %url1%
No problem so far. Now I've stored the audio tracks as a bfile instead of a blob. I thought it would be sufficient to change the first line in:
select t.source.getBFile() as data
However, this doesn't work.
Does anyone know if the plugin supports bfiles and if yes, how to implement it?
Thanks in advance,
PeterPeter,
What are the reasons you're trying to use BFILEs instead of BLOBs? I thiks BLOBs have more advantages than BFILEs. Last ones are not portable between different OS and it's always difficult to maintain consistency (especially non-transactional) between database internal objects and any external storage. BTW, I finaly got my Oracle plugin 8.1.7 loaded by RealServer8 on Solaris7.
All the best
Eugene
null -
Oracle APEX Plugin Development in v4.2.2
I was wondering if people could please assist with Oracle APEX Plugin development and whether the following requirement is possible and if so, would appreciate the type of coding behind it.
I basically would like to be able, via a plugin, create a form with say six page items, where two of those page items might be LOVs, another two are page items are text fields, where users have to enter values and the remaining two are display items only.
Based on this form requirement, I want to be able to upload/install this plugin within other Oracle Application Express apps/schemas, so when installed within other apps, this plugin is rendered within a region and the data is stored within a table in that schema, but using the form described above.
Can this be achieved building a plugin in Oracle APEX and if so, any pointers on how, would be much appreciated.
Thanks.
Tony.This was a known issue with 4.2.3, and I believe is rectified in 4.2.4
Oracle Application Express 4.2.3 - Known Issues -
Dear all,
i don't know that i am a correct place, but i have a question about a bea weblogic proxy plugin.
The situation is, that we have a BEA 10.2 32 bit application server in use, and want to use 64 bit iPlanet webserver. I have an error message when i try to start the 64 bit webserver with a 32bit proxy plugin, and think that i must use an 64Bit wl-proxy plugin. But i think so to, that the question is that would this work correctly?
thanks for any help (link to a correct forum - maybe iplanet webserver?)
regards,
Ferenc JunkertThis one has given me the run around for several days now. I
had exactly the same condition. The fix, in my case, was as
follows.
Uninstall Shockwave Player. I used the 'sw_uninstaller.exe'
file from the Adobe website as I had already downloaded it, but it
should do just as well to run C:\
Windows\System32\Macromed\Shockwave10\UNWISE.EXE or 'Adobe
Shockwave Player' in 'Add/Remove Programs'.
Once Shockwave Player is uninstalled run the latest Mozilla
Firefox installation file over the top of the existing program even
if you are running the latest version. Currently this is 'Firefox
Setup 2.0.0.9.exe'.
Once that is done I found that the Shockwave plugin installed
correctly. It appears, if you need to reinstall Firefox for any
reason, you also need to uninstall Shockwave (and probably Flash
Player too) before the Adobe plugin(s) are reinstalled. -
Proxy plugin misbehaves on certain ppath
I have the following definitions in obj.conf of iplanet 4.1 SP11 under solaris
5.7.
<Object name="spotbid" ppath="*/spotbid/*">
Service fn="wl_proxy" WebLogicHost="###.###.###.####" WebLogicPort="7012" DebugConf
igInfo="ON"
</Object>
<Object name="old" ppath="*">
Service fn="wl_proxy" WebLogicHost="###.###.###.####" WebLogicPort="8009" DebugConf
igInfo="ON"
</Object>
The problem:
Every single request goes to the spotbid even if the request does not go to start
with /spotbid. For example: http://host/foo will go to port 7012, instead of 8009.
If I change from ppath="*/spotbid/*" to ppath="*/nothing/*"
it works as excepted.
"spotbid" is the user iplanet runs under. It is also the first directory in the
path to iplanet "/spotbid/.../iplanet4/https-proxy"
I have tried this with the proxy plugins from weblogic 5.1 and 6.1 and both exhibit
the same problem.I tried myself with playing proxy settings of browser along with above configuration.Finally I got it.
-
The important parameters controlling behaviour of the Proxy Plugin
The 7.0 Proxy Plugin has various crucial parameter controlling its operation. These are n:
#1. poll-timeout parameter that determines how long it waits for a reply before
considering a request as having failed.
The poll-timeout can be increased by adding the poll-timeout parameter to the end of
the Service entry within the obj.conf file. For example:
Service type="magnus-internal/passthrough" fn="service-passthrough"
servers="http://sunflash.red.iplanet.com" poll-timeout="600000"
Default timeout is 5 minutes, or 300000 milliseconds
Maximum timeout is 6 hours, or 21600000 milliseconds
Minimum timeout is 1 second, or 1000 milliseconds
#2. connect-timeout parameter that determines how long to wait for a connection
Minimum = 10 ms
Maximum = 75 seconds (75 * 1000)
Default = 5 seconds (5 * 1000)
#3. connect-interval parameter that determines Interval between connect() calls
Minimum = 10 ms
Maximum = 30 seconds (30 * 1000)
Default = 500 ms
AND
#4. keep-alive-timeout parameter that determines Maximum time to let connections idle
Minimum = 0
Maximum = 6 hours (6 * 60 * 60 * 1000)
Default = 30 seconds (30 * 1000)JoachimSauer wrote:
I wouldn't care about efficiency in this kind of methods. Only optimize,
when you find out that this method is indeed a bottleneck, otherwise just
write a simple implementation (simple implementations are usually easier
to optimize for the JIT compiler, than "clever" impelementations).I agree with you, and when you recommend to basically "write dumb code", this interview with Brian Goetz crosses my mind: http://java.sun.com/developer/technicalArticles/Interviews/goetz_qa.html
But given that the prolem at hand is Boolean, why not make a simple straightforward approach:
!((a & b) | (a & c) | (a & d) | (b & c) | (b & d) | (c & d)), which leads to
!((a & (b | c | d)) | (b & (c | d)) | (c & d)) or
boolean xor(final boolean a, final boolean b, final boolean c, final boolean d) {
return !((a & (b | c | d)) || (b & (c | d)) || (c & d));
}I consider this an acceptable solution, too.
EDIT:
No, not anymore! It may look nice and all, but is not quite XOR... so I apologize for being careless and not double-checking what I wrote (my "xor" returns true even if all arguments are false) -- sorry!
This should (hopefully) be correct:
EDIT2:
<del>[...]</del>
Aarrgh, but it's still horribly wrong! Made the same mistake twice, now I'll take some time to really think before totally embarrassing myself today...
But I have to admit that JoachimSauer's solution is indeed simpler and is probably the right choice...
Message was edited (2x) by:
oebert: correction
Message was edited by:
oebert -
EM12c - update Oracle DB plugin
I'm trying to install a new update 12.1.0.3 [u130402] Oracle DB plugin for EM12c.
During the "Deploy on Management Server" getting the error -
2013-06-26 11:07:17,855 [main] ERROR pluginca.PluginCADriver - EM-04018: Server side Plug-in deployment failed because some mandatory patches are missing. Plug-in oracle.sysman.db:12.1.0.3.0:20130402 requires the patches 16412381, to be applied on host EM12C. Retry after applying the missing patches
I can not find patch 16412381 on MySupport.
How to find this patch?
Is it passible to update without this patch?Hi, can you download this path now, i just checked on MOS. It take few hours for a patch to get live on MOS but now its avaliable
Maybe you are looking for
-
How much RAM can my Macbook Pro (early 2011) actually hold?
I currently only have 2x2 RAM in my Mac, but I've been reading I can put up to 16GB... Is this true? I want to upgrade to 16, but I'm unsure if my system will actually accept it or not, which is why I'm here... I've been reading on Apples site that i
-
Max number of TCP connections to one IP?
Is there any limit, imposed by the TCP protocol, to the number of active connections to one IP address on one interface? I'm asking this because it's easy to add more servers behind a load balancer, but I wonder if the TCP protocol limits in some fun
-
Artwork off artboard disappears
My artwork disappears if it's not on an artboard; how can I change this so graphics off to the side are still visible even if they're not on an artboard?
-
Service Manager 2012 R2 Self Service Portal Request Offering page length
How can I control the number of fields displayed in the SSP for my request offerings? I would like to only ask a few questions per page and have the end user click next to continue asking questions.
-
Mac OS X 10.4 and Samba on S10U6 versus CIFS Server on OpenStroage 7410
We have a Solaris 10 Update 6 server running the latest Sun-provided Samba (3.0.37) to provide SMB shares. We currently limit the shared filesystems to 2TB (1.99 actually), since Mac OS X 10.4 and older will show "Zero K" available space on any share