dinsdag 21 mei 2013

Oracle FMW 11g R2 and JDK 7 : solving OHS error in EM

Installing the OHS-component as part of Forms and/or Reports 11g R2, based on JDK 7, gives the following error in the EM, when you try to navigate to it:

Failed to invoke operation load on MBean ...

The error itself seems to be very terrible, but don't worry, you can easily solve it.
You just have to doe the following:
(1) Shutdown your OHS-component.
(2) Go to the admin.conf file located in the <<INSTANCE_HOME>>/config/OHS/<<ohs_component>> and just change this line:
SSLProtocol nzos_Version_3_0
SSLProtocol nzos_Version_1_0 nzos_Version_3_0
(3) Start again your OHS-component.

This error occurs both on Linux and Windows Operating Systems, the cause of the error is JDK 7, because it does not occur with earlier versions of Java.

donderdag 11 april 2013

Oracle Forms Builder 11g R2 on Oracle Linux 6

If you want to run the Forms Builder utility (by executing the $INSTANCE_HOME/bin/frmbld.sh script) on your Oracle Linux 6 system, it is possible that you receive this error:

# A fatal error has been detected by the Java Runtime Environment:
#  SIGSEGV (0xb) at pc=0x00007fb7d0b1c2c3, pid=11590, tid=140427416176448
# JRE version: 6.0_35-b10
# Java VM: Java HotSpot(TM) 64-Bit Server VM (20.10-b01 mixed mode linux-amd64 compressed oops)
# Problematic frame:
# C  [libclntsh.so.11.1+0xee72c3]  __intel_new_memcpy+0x14e3
# An error report file with more information is saved as:
# /opt/oracle/Oracle/Middleware/asinst_1/bin/hs_err_pid11590.log
# If you would like to submit a bug report, please visit:
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.

That's because you forgot something during your OS preparation.
In fact, you have to set the NLS_LANG environment variable for your user, e.g. in the .bash_profile file:

When you have this variable, you can run Forms Builder without any problem!

Reports showjobs : decreasing the size of the queue

The default maximum size of the reports queue is 1000.
This value can be retrieved from the rwserver.conf file (path = $DOMAIN_HOME/config/fmwconfig/servers/WLS_REPORTS/applications/reports_11.1.2/configuration/rwserver.conf):
    <queue maxQueueSize="1000"/>

You can define a lower value for this parameter.

If you specify for example the value 5, you will see (after a server restart) that the engine reorganizes the queue en will keep only the last 5 reports.
On the file system, you will see also only the last 5 reports in the cache directory:

dinsdag 26 februari 2013

Storing your Reports jobs queue in the database

If you want to have a better look into your reports queue, you can store as well all your reports jobs into a database, e.g. your database where your application is running on.

Create a database schema with the necessary system grants.
Connect to the database with this new user and execute this script:

Now, we have to create a credential key for the just created user.
In the EM, select your domain.  In the dropdown menu, go to "Security" - "Credentials".
Select the reports item and click on "Create Key".
Please give in your data.  Choose a clear key name like "repo".

In the EM, go to the "Advanced Configuration" section of the reports application on your reports managed server.  Go to the "Job Status Repository" section, activate "Enable Job Status Repository DB" and give in the credentials of your database user.  As password key, you don't have to specify the password of the database user, but a string that contains your key map: "csf:reports:repo".
Apply your changes and restart the WLS_REPORTS managed server.

Note: you also have a "Job Repository" section.  This must be used when you run your reports in a HA environment with a reports cluster.

When the reports server is back up and running, try to execute a report.
Afterwards, you should see a new entry in the "showjobs" page.  In the database table RW_SERVER_JOB_QUEUE you should see this entry as well.
In the database package RW_SERVER you will find the following functions:
* insert_job : create a reports job
* remove_job : remove a particular job
* clean_up_queue : to remove all the jobs from the queue
Important to know: removing records in this table will not result in a modification in the <<reports>>.dat file, and thus not into a change in the showjobs page as well.

Secure your Reports showjobs page

When you run your reports, you can afterwards check your executed reports through the "showjobs" page:
By default, the info on this page is not secured, what means that everybody who navigates to this page can see the executed reports.  In some business environments where user security is an important issue, this could be a serious problem.
But fortunately, we can easily overrule this lack of security.

In the EM, go to the "Advanced Configuration" section of the reports application on your reports managed server.
In the "Reports Security" block, normally the value of "Web Command Access Level" is "None".  You'll have to change this to "L1".
Apply your changes.

The rwserver.conf file must be modified (path = $DOMAIN_HOME/config/fmwconfig/servers/WLS_REPORTS/applications/reports_11.1.2/configuration/rwserver.conf).
First backup this file.
Open the file and locate the following lines (normally at the end of the file):
    <queue maxQueueSize="1000"/>
    <pluginParam value="%MAILSERVER_NAME%" name="mailServer"/>
Between these 2 lines, add this line:
    <identifier encrypted="no">$USER/$PASSWORD</identifier>
    <identifier encrypted="no">tom/tom123</identifier>
Save the file and restart your WLS_REPORTS managed server.
When navigating now to the showjobs page, you will see this error in the web page:
REP-52262: Diagnostic output is disabled.
You will notice that your credentials in the rwserver.conf file will be encrypted, e.g.:
   <identifier encrypted="yes">QQxdV12tLRTWlg==</identifier>

To see back the reports queue, you'll have to add the authid parameter to your url:

maandag 24 september 2012

Packt Publishing 1000th Title Marketing Campaign

To celebrate the publication of their 1000th title, Packt Publishing has launched a marketing campaign whereby you can download one of the ebooks for free.

Check this document and register yourself on their website before the end of this month and select your ebook!

dinsdag 21 augustus 2012

Generated LOV-buttons in Forms

When using LOV's in your form, you would like to indicate the end users which text fields are linked with an LOV.
When you are positioned into such a text field, you can see at the status bar of the applet that the field is linked with an LOV:

To make your form more user friendly, you can add a push button with a nice icon, but you can also use automatically generated LOV-buttons.  When you point the cursor in such a text field, you will see a small button with 3 dots:

It is very easy to implement this feature without doing changes in the source code of your form.
In the EM, you navigate to the Forms screen.
Next, in the "Forms" menu, you choose "Font and Icon Mapping" and you set the value for "app.ui.lovButtons" to "yes" (default = "no").

P.S.: this change will be recorded in the "registry.dat" file.

Restart your Forms server process and test the feature in your application!

dinsdag 29 mei 2012

Implementing the OpenLDAP Authenticator

In an older blog post I explained the steps you'll have to execute to implement the SQL Authenticator.
In this article, I will explain you how to implement an OpenLDAP authenticator.
You can download the sources here.
Architecture of my setup:
* First Oracle Linux 5 server machine with the Open LDAP setup:
suffix          "dc=mycompany,dc=com"
rootdn        "cn=manager,dc=mycompany,dc=com"
rootpw       <<Your_Encrypted_Password>>
* Second Oracle Linux 5 server machine with WebLogic Server 11g with a basic domain.

To populate the LDAP tree, you can use the attached ldif file (fill_openldap_full.ldif):
ldapadd -f fill_openldap_full.ldif -xv -D "cn=manager,dc=mycompany,dc=com" -w <<Your_Password>>
Result of this operation:
* 4 users (organizational unit = people): bill, harry, kelly and stuart.
* 2 groups (organizational unit = groups): java_dev (with members kelly and stuart) and wls_admin (with members bill, harry and stuart)

Create the OpenLDAP Authenticator.

Fill in the "Provider Specific" tab page with the following data:
Host                                                             myOpenLDAPServer
Port                                                              389
Principal                                                       cn=manager,dc=mycompany,dc=com
User Base DN                                              ou=people,dc=mycompany,dc=com
User From Name Filter                                 (&(cn=%u)(objectclass=person))
User Name Attribute                                     cn
User Object Class                                         person
Group Base DN                                            ou=groups,dc=mycompany,dc=com
Group From Name Filter                               (&(cn=%g)(objectclass=groupofnames))
Static Group Name Attribute                         cn
Static Group Object Class                             groupofnames
Static Member DN Attribute                         member
Static Group DNs from Member DN Filter    (&(member=%M)(objectclass=groupofnames))

Set the Control Flag for the default authenticator to OPTIONAL.

Restart the servers within your domain and verify afterwards if you see the OpenLDAP users and groups in the console.

Deploy the file openldap_scrty.war into your WLS domain and verify that only the users who belong to the group wls_admin can successfully access the application.

maandag 26 maart 2012

Calling a report with parameter form through the SSL WebCache port

When you execute your Forms 11g application through the SSL WebCache port (e.g. https://machine:8094/forms/frmservlet?config=...), normally you will run your reports developed in Oracle Reports 11g through the same port.  This can be done by executing "web.show_document('/reports/rwservlet?...');".
If you run report without first using the automatic parameter form, this works fine.
But if you use this form, Oracle tries to run the report with the normal http protocol and with the SSL port.  Of course, this causes troubles...

To solve this, you'll have to do the following:

Open the file INSTANCE_HOME/config/OHS/ohs1/moduleconf/reports_ohs.conf and add this line:
to the "<Location /reports>" tag.

Restart OHS.

* Navigate to the WLS Console : Servers - WLS_REPORTS - Configuration - General
* Click on "Lock & Edit"
* Click on "Advanced"
* Activate "WebLogic Plug-In Enabled"
* Click "Save"
* Click "Activate Changes"


After this, Oracle will show after the parameter form, the correct url: with the https protocol and the SSL WebCache port.

woensdag 25 januari 2012

Classloader Analysis Tool

Oracle introduced in WLS the Classloader Analysis Tool (CAT).  CAT helps you to detect class loading conflicts, debug application classpaths etc.

This tool is available through this url:

You can find a more detailed presentation on YouTube under the OracleWebLogic channel:

vrijdag 20 januari 2012

Setting up and testing the SQL Authenticator

Please download sql_authenticator.zip for the source files.

To configure the SQL Authenticator, please follow these steps:

In the database, create a user that holds the security data (sqlauth_ddl1.sql).

Create some tables in your security schema (sqlauth_ddl2.sql).
P.S.: in this script the default structure is defined.  If you want to use another table structure, you'll have to change the SQL statements in your provider (see further).

Insert data in the tables (sqlauth_dml.sql).

Connect to the WLS Administration Console.

Create a data source that points to the schema you created.

In the WLS Administration Console, go to Security Realms.
Select myrealm - Providers and click on the New button.

Choose a name and select SQLAuthenticator in the Type poplist.
Click OK.

In the overview of the providers, your new provider is available.
Select your provider.
In the next screen go to the Configuration - Provider Specific tab.

In this screen you'll have to check the Plaintext Password Enabled checkbox, define your Data Source Name and select PLAINTEXT for Password Style.
Keep the defaults for the other fields.

P.S.: if you defined another table structure defined in the second step, you'll have to modify the SQL statements here.

For the DefaultAuthenticator, the Control Flag must be set on OPTIONAL (default value = REQUIRED).  If you don't do this, the users defined in your SQL Authenticator will not be able to log in.

Restart your domain.

If you go to the Users and Groups section of myrealm, you should see your users and groups defined in your database schema.  Here you can reorganise your users and groups.  All the provider-specific changes are written to the database.

Deploy sql_scrty.war to test your new security provider.
Please note that only access for the users who belong to the group SQL_Administrators is granted in the deployment descriptors of the application.

donderdag 19 januari 2012

How upgrading your ADF-environment?

You have installed a WLS 11g version 10.3.3 and ADF installed on it, and you want to upgrade your environment to WLS 10.3.5 and ADF and you don't know the steps you'll have execute.

This might be a great help:
* Verify the amount of deployments in your domain
* Shutdown your domain components
* Download and execute the upgrade installer for WLS 10.3.5
* Download and execute the ADF patch set
* Open a terminal window and go to the $MW_HOME/oracle_common/common/bin directory and open WLST by executing the wlst.sh script
* When WLST is active; execute the command upgradeJRF('<<YOUR_DOMAIN_HOME_DIRECTORY>>')
* Restart your entire domain and verify the new amount of deployments

woensdag 4 januari 2012

Silent Install

Create a xml file (e.g. silent.xml) with this content:

<?xml version="1.0" encoding="UTF-8"?>
<data-value name="BEAHOME" value="/opt/oracle/Oracle/Middleware" />
<data-value name="WLS_INSTALL_DIR" value="/opt/oracle/Oracle/Middleware/wlserver_10.3" />
<data-value name="COMPONENT_PATHS" value="WebLogic Server/Core Application Server|WebLogic Server/Administration Console|WebLogic Server/Configuration Wizard and Upgrade Framework|WebLogic Server/Web 2.0 HTTP Pub-Sub Server|WebLogic Server/WebLogic SCA|WebLogic Server/WebLogic JDBC Drivers|WebLogic Server/Third Party JDBC Drivers|WebLogic Server/WebLogic Server Clients|WebLogic Server/WebLogic Web Server Plugins|WebLogic Server/UDDI and Xquery Support|WebLogic Server/Server Examples|WebLogic Server/Evaluation Database|Oracle Coherence/Coherence Product Files|Oracle Coherence/Coherence Examples" />
<data-value name="LOCAL_JVMS" value="/opt/jdk/jdk1.6.0_27" />

Execute the (generic) installer in silent mode:

export PATH=/opt/jdk/jdk1.6.0_27/bin:$PATH
java -d64 -jar wls1035_generic.jar -mode=silent -silent_xml=silent.xml -log=silent.log

maandag 19 december 2011

Configure the Apache HTTP Server Plug-In for your WebLogic Server cluster

Suppose, you have in your WLS domain 3 clustered managed servers and you want to install and configure the Apache plug-in for your cluster.
I executed this demo on an Oracle Linux 5.7 64-bit system.
To achieve this, you'll have to execute these steps:
(1) Install WLS + configure domain (admin server + managed servers + cluster) + install the necessary rpm's + define the correct properties in the file "/etc/hosts".

(2) Download the latest Apache installer for your OS (http://httpd.apache.org/download.cgi).

(3) Copy the file to the desired directory and unzip the file

(4) Configure Apache

(5) Make Apache

(6) Make Install Apache

(7) Copy the mod_wl_22.so file to the apache directory structure

(8) Open the file /opt/apache/conf/httpd.conf and edit some general parameters (like ServerName, User, Group etc)

(9) In the same file, load the mod_wl_22.so into Apache and define the properties of your WLS domain

(10) Log in as root to start or shut down Apache

P.S.: On Oracle Linux you can of course install Apache through yum.

maandag 21 november 2011

How upgrading your WLS-environment?

Suppose you want to upgrade your 11g WLS environment version to version
How do you have to do this?
Well, here I will try to give you the answer.

First of all, you have 2 different WLS-installers:
* The full installers that you can directly download from the Oracle website
* The upgrade installers that you have to download from "My Oracle Support - Patches & Updates".

It is important that you know the difference because if you try to execute the full installer of in the same MIDDLEWARE_HOME directories of the existing, you will encounter this error message:
The product maintenance level of the current installer (WebLogic Server: is not compatible with the maintenance level of the product installed on your system (WebLogic Server: Please obtain a compatible installer or perform maintenance on your current system to achieve the desired level.

The patch number of the (generic) installer is 12395574.
There you download your zip-file.  When downloaded, unpack the zip-file and execute the jar-file.

vrijdag 18 november 2011

Oracle WebLogic Server 12c

Oracle WebLogic Server 12c will be launched on December1, 2011.

zondag 13 november 2011

Compiling your Forms 11g on Database 10g

In fact, Forms 11g is designed to run on a 11g database. But if you want to compile your fmb's and pll's through a batch/shell script on one of the first versions of a 10g database, it is possible that you face internal errors for every DB call in a PL/SQL unit. To solve this, you'll find an interesting article on My Oracle Support: "Compiling Forms Fails with PL/SQL ERROR 801, internal error [phd_get_defn:DI_U_NAM RHS] [ID 1058803.1]".
Just install the patch an re-execute your script!

donderdag 13 oktober 2011

Forms 11g - Windows Java client hangs with message "The application's digital signature cannot be verified."

After modifying the webconfiguration values for the paremeters "webutilArchive" and "archive", I had a very annoying problem.
When I activated the application url, I got the following popup message and I couldn't accept/deny this message.

Warning - Security
The application's digital signature cannot be verified.
Do you want to run the application?

Name:      ... 
Publisher: ... 
From:      ... 
[ ] Always trust content from this publisher. 

[Run] [Cancel]

Although, there is a checkbox in the message and 2 buttons, I couldn't do anything else than shutting down my browser through the Windows Task Manager.

There are 2 solutions for this problem:

(1) Using this sequence of jar-files for webutilArchive
webutilArchive=jacob.jar, frmwebutil.jar
More info on Oracle Support:
WebUtil Form HangsWhen Acknowledging Security Warning - The application's digital signature cannot be verified [ID 1328039.1]

(2) Applying patch 9463433 if the archive parameter is the cause of the problem
More info on Oracle Support:
Windows Java Client Hangs On Accepting Not Verified Signature Of jar Files [ID 1173365.1]

Installing Forms/Reports 11g on SUSE Linux Enterprise Server (SLES) 11 SP 1

I want to share some issues to you about installing Forms/Reports on SLES11 SP1.

* Every OUI must be executed with the -ignoreSysPrereqs option
./runInstaller -ignoreSysPrereqs
./config.sh -ignoreSysPrereqs

More info:

* On the Oracle website, you'll find the list of rpm's that must be installed on the OS before installing the Oracle software.
In fact, they forgot 2 rpm's: gcc-32bit-4.3-62.198 and gcc43-32bit-4.3.3_20081022-11.18
If you don't install these rpm's first, you will encounter errors during the Oracle software installation.

More info:

P.S.: Like on SLES 10 (see one of my previous posts) you'll have to delete the lok- and DAT-files before starting the servers.

vrijdag 7 oktober 2011

Deassociating OID from Reports 11g

At a customer site, I faced this problem when trying to activate the showjobs-url of the reports server.
The installation was done by someone else. On the server machine (OS: Windows Server 2008 SP2), the IDM 11g Suite was first installed and then the Fusion Middleware 11g Suite. During the configuration, they associated the OID to the Reports components.
When I arrived a few months later to do some other configuration changes, the customer wanted to deassociate the link between OID and Reports. When we did the deassociation, we received this error in the showjobs-url:
REP-52266: The in-process Reports Server rep_wls_name failed to start.oracle.reports.RWException: IDL:oracle/reports/RWException:1.0

In the rwserver_diagnostics.log file, we found these 2 errors:
* REP-50125 : An internal exception occurred: oracle.security.jps.service.credstore.CredStoreException: Could not find the key specified.
* REP-50125 : An internal exception occurred: oracle.security.jps.service.credstore.CredStoreException: JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException: PKI-02002: Unable to open the wallet. Check password.

We could solve this issue by commenting some tags:
(1) rwservlet.properties -> we commented the oidconnection-tag
(2) rwserver.conf -> we commented the security-tag

After that, we stopped our environment and restarted all the processes. Result: everything worked fine!

donderdag 6 oktober 2011

Maximum Number Of Open Files (Soft/Hard) on Linux when installing Forms/Reports 11g

One of the prerequisite checks during the installation is verifying the maximum number of open files.
By default this is, both for hard and soft nofile, 1024.
These values can be retrieved by executing these commands;
for hard number of files:
ulimit -Hn
for soft number of files:
ulimit -Sn
The returned values are applicable for the current user.

At least, for the user who executes the installer, these values must be 4096.

The user root can apply a different value for each user separately or for all users.
This can be done by modifying the file "/etc/security/limits.conf".
For example, if the user "oracle" executes the installer, these lines must be added to the file at the end:
oracle soft nofile 4096
oracle hard nofile 4096

maandag 12 september 2011

Installing Forms/Reports 11g on SUSE Linux Enterprise Server (SLES) 10

At one of our customers, I had to implement a complete new Forms/Reports 11g environment on 2 brand new machines (DEV/PREPROD and PROD) hosting SLES 10 as OS. The installation of the WLS + Fusion Middleware software succeeded. But when configuring the environment on the first machine, I encountered a problem when the installer tried to restart the AdminServer : the wizard was "hanging". After a very long time this step had the status Failed. The log file of the AdminServer showed me that there had been a locking error and a persistent store exception raised during the restart. When I executed these commands, I could restart the AdminServer through the command line:
rm /opt/oracle/Oracle/Middleware/user_projects/domains/ClassicDomain/servers/AdminServer/data/store/default/_WLS_ADMINSERVER000000.DAT
rm /opt/oracle/Oracle/Middleware/user_projects/domains/ClassicDomain/servers/AdminServer/tmp/AdminServer.lok
After this, I could continue the configuration.
I repeated the same steps for WLS_FORMS and WLS_REPORTS:
rm /opt/oracle/Oracle/Middleware/user_projects/domains/ClassicDomain/servers/WLS_FORMS/data/store/default/_WLS_WLS_FORMS000000.DAT
rm /opt/oracle/Oracle/Middleware/user_projects/domains/ClassicDomain/servers/WLS_FORMS/tmp/WLS_FORMS.lok

rm /opt/oracle/Oracle/Middleware/user_projects/domains/ClassicDomain/servers/WLS_REPORTS/data/store/default/_WLS_WLS_REPORTS000000.DAT
rm /opt/oracle/Oracle/Middleware/user_projects/domains/ClassicDomain/servers/WLS_REPORTS/tmp/WLS_REPORTS.lok
During the installation on the second server machine, I deleted these files directly between the start and restart of the servers. This resulted in a successful configuration!

Afterwards, on both machines, I integrated the remove commands in the default WLS startup scripts.

P.S.: Installation on Oracle Linux does not raise this error.

woensdag 7 september 2011

Automatic startup of WLS servers when booting Linux

On the My Oracle Support website you can find the article "RC Initialization Scripts for Starting and Stopping WebLogic Server as a UNIX Daemon [ID 877902.1]".
Here in this post, I will describe an alternative method.
I tested out on a Oracle Linux 5.6 system.
These are the steps that must/can be performed:

Create for each server within your domain a boot.properties file (My Oracle Support: "How to Start a WebLogic 10.3.x Domain AdminServer Without Interactively Supplying the Username / Password? [ID 980292.1]").

Login as root

Navigate to /etc/init.d and create a file wls with this content:
# oracle Init file for starting and stopping WLS
# chkconfig: 35 80 30
# description: Oracle WLS startup script
# Source function library

. /etc/rc.d/init.d/functions


case "$1" in
echo -n $"Starting WLS:"
su - $ORACLE_OWNER -c "$DOMAIN_HOME/bin/startWebLogic.sh > /dev/null 2>&1 &"
su - $ORACLE_OWNER -c "$DOMAIN_HOME/bin/startManagedWebLogic.sh ManagedServer1 > /dev/null 2>&1 &"
su - $ORACLE_OWNER -c "$DOMAIN_HOME/bin/startManagedWebLogic.sh ManagedServer2 > /dev/null 2>&1 &"
echo "OK"
echo -n $"Stopping WLS:"
su - $ORACLE_OWNER -c "$DOMAIN_HOME/bin/stopManagedWebLogic.sh ManagedServer1"
su - $ORACLE_OWNER -c "$DOMAIN_HOME/bin/stopManagedWebLogic.sh ManagedServer2"
su - $ORACLE_OWNER -c "$DOMAIN_HOME/bin/stopWebLogic.sh"
echo "OK"
echo $"Usage: $0 {start|stop}"

In a terminal window, execute these commands:
chmod 750 /etc/init.d/wls
chkconfig --add wls --level 0356