Using WLDF to trace the time taken by your methods

WLDF stands for WebLogic Diagnostic Framework.

It's shipped within WebLogic Server and allow three types of features to help you diagnose your application and/or server :

  • => Collected Metrics
  • => Watch & Notification
  • => Instrumentation

We're going to focus on the AOP feature, commonly known as "Instrumentation".

I assume you're familiar with AOP concepts.


Sample Application : presentation


Our application is composed of three classes, calling each other the following way :

Component1 -> Component2 -> Component3

Each call will be delayed by a pause, in order to be able to observe some concrete data later.




For instance, here's the code for Component1 :


package fr.mbutton.blog.wldf;

* @author mbutton
public class Component1 implements CallerInterface {
    public void call () {
        try {
        } catch (InterruptedException e) {
            // TODO Auto-generated catch block
        CallerInterface comp = new Component2();



Configuring WLDF


From the application point of view


The configuration is pretty easy. It is embodied in a file weblogic-diagnostics.xml, which resides in the META-INF directory.

(I have chosen application scope, but you may chose the server scope. This is discussed in the official documentation)




Here's the content of this file :


<wldf-resource xmlns="http://www.bea.com/ns/weblogic/90/diagnostics"
    <name>Sample WLDF resource</name>
            <pointcut>execution( * fr.mbutton.blog.wldf.* call*(...));</pointcut>


Let's take a closer look to the tags :

  • => enabled : has obviously to be set to true :) for both instrumentation & monitor
  • => name : has to be unique
  • => action : the action that has to be performed. Can be one of the following :


  • => location-type : before / after / around
  • => pointcut : the kind of execution on which the AOP behavior has to be performed

For more information, as usual, take a look at the official documentation.


From the server point of view


You have to configure a DyeInjectionMonitor.

To do so, activate the instrumentation by creating a module, and activating the instrumentation like shown below :




You may configure the DyeInjectionMonitor by adding some "Dye Flag".




For instance, here I added the dye flag "ADDR1". Make sure the flag you've chosen appears in the authorized constants.


Deploy your application to the server.


You may encounter the following error while deploying from Workshop.




It comes from the fact the console in development mode does not use (in theory) the configuration management,

aka the "Lock & Edit" feature.

To fix that, use WLST to release the lock, like :




I know it's not cool, but sometimes that's just the way it is.

And if you're not familiar with WLST, it will be the perfect occasion :)

Once deployed, launch the class Component1.


Displaying the data with the WLDF console extension


Installing the console extension


The console extension has to be installed into your domain. A console extension is a single JAR file.

For the WLDF extension, it's shipped within the standard WLS distribution.

You will find it here : BEA_HOME \ wlserver_10.3 \ server \ lib \ console-ext \ diagnostics-console-extension.jar

Then copy it in the directory : DOMAIN_HOME \ console-ext

Restart your server and you should see a new tab :




Viewing the collected data


Click this new tab, and then go in the "Request" tab.

Choose the server on which you have the EAR deployed (if many)

If no data is visible, click reload and then refresh.

You should get something like :




If you chose a particular method call, you may see a more detailed view like :




Let's zoom the contextual window :




There you go : you have a powerful tool, right here with no extra product ! :)

Hope it gave you a good example of the AOP use of WLDF.

If you want more info about WLDF, take a look at the page :



Have fun !




How to configure WebLogic to use SSL with Apache ?

We will start this example from the very beginning.

We'll create a certificate, a keystore and will perform all the different steps needed to get us started (using Keytool & OpenSSL)

Then we'll configure WebLogic to use that keystore.

Once a browser is able to access WebLogic, we will configure Apache to use SSL with WebLogic.


1 - Create a CSR & a keystore

In order to create these components, the tool used is Keytool from Sun. You have it in any JVM install :

For me it's : %BEA_HOME%\jdk160_05\bin\keytool.exe

For this example, as I'm lazy sometimes, I'm going to use Keytool UI, which is a graphical version of keytool, as its name tells.

First, let's create a sample and empty JKS. (JKS stands for Java KeyStore)




In this example, the password used is "weblogic".


Then just create a CSR (Certificate Signing Request)

Specify the previously created JKS and the algorithm to use :




Fill in the different fields, as you would with Keytool :




The creation should result in a small popup :




Viewing the content of the keystore




I used the following for the private key :

  • alias : privatekey
  • password : weblogic


2 - Configure WebLogic to use the previously created keystore

That's the easy part :)

Start your server and check that you have SSL enabled.




Then just change the identity of the server to point towards our keystore.




Here are the different options proposed. In our example, the option that best fits our need is "Custom identity & Java Standard Trust".

"Custom Identity" means we're using our own keystore and "Java Standard Trust" means we use the truststore from the JDK.


A truststore is a keystore containing all the trusted certificates.

You may print the truststore, just to see what's inside :




You can see that Verisign, Thawte and many other CA (Certificate Authorities) are listed.






We only have to specify the keystore we created, the type which is JKS and the password.

As for the Trust, just type the default password, which is "changeit".


A quick look in the WLS console shows :


<10 nov. 2008 23 h 47 CET> <Error> <WebLogicServer> <BEA-000297>
<Inconsistent security configuration, weblogic.management.configuration.ConfigurationException:
Cannot retrieve identity certificate and private key on server AdminServer, because the keystore entry alias is not specified.>

<10 nov. 2008 23 h 47 CET> <Error> <Server> <BEA-002618>
<An invalid attempt was made to configure a channel for unconfigured protocol "Cannot retrieve identity certificate
and private key on server AdminServer, because the keystore entry alias is not specified.".>


It's because we didn't supply the private key alias.




Just type the alias (privatekey) and the password (weblogic) and save.

This time, WLS seems to be happier :


<10 nov. 2008 23 h 52 CET> <Notice> <Security> <BEA-090171>
<Loading the identity certificate and private key stored under the alias privateKey from the JKS keystore
file D:\BEA_ROOT\user_projects\domains\essex\ssl\blog\mbutton.jks.>

<10 nov. 2008 23 h 52 CET> <Notice> <Security> <BEA-090169>
<Loading trusted certificates from the jks keystore file D:\BEA_ROOT\WLS_10.3\JDK160~1\jre\lib\security\cacerts.>

<10 nov. 2008 23 h 52 CET> <Notice> <Server> <BEA-002613>
<Channel "DefaultSecure" is now listening on for protocols iiops, t3s,

<10 nov. 2008 23 h 52 CET> <Notice> <Server> <BEA-002613>
<Channel "DefaultSecure[1]" is now listening on for protocols iiops, t3s,


Let's try to access the console using the secure port (7002).

A popup shows up :




Just some warning message saying that the certificate has been emitted by someone I don't trust

and that the certificate name doesn't match the site name.




It works.


3 - Display the certificate presented by WebLogic


To display the certificate, we've got two possibilities :

Click the lock in the browser window and use the built-in functionality to display the certificates.




Or use OpenSSL, which is the method I prefer.



C:\Documents and Settings\mbutton>openssl s_client  -connect localhost:7002
Loading 'screen' into random state - done
depth=0 /emailAddress=mbutton@bea.com/C=FR/ST=Hauts-de-seine/L=Courbevoie/O=Oracle-BEA/OU=Consulting/CN=fr.mbutton.blog
verify error:num=18:self signed certificate
verify return:1
depth=0 /emailAddress=mbutton@bea.com/C=FR/ST=Hauts-de-seine/L=Courbevoie/O=Oracle-BEA/OU=Consulting/CN=fr.mbutton.blog
verify return:1
Certificate chain
0 s:/emailAddress=mbutton@bea.com/C=FR/ST=Hauts-de-seine/L=Courbevoie/O=Oracle-BEA/OU=Consulting/CN=fr.mbutton.blog
Server certificate

No client certificate CA names sent
SSL handshake has read 829 bytes and written 306 bytes
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: 48076FBB49156AD46E8B1DE5C6761319
    Master-Key: 0FE8F6A1A4A498FBE9832D7BE2FD999C2DA9C697F1311F6DE39A461293AD643E12DB8089828082581352D8FD5FF8E310
    Key-Arg   : None
    Start Time: 1226358012
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)


The section in red represents the certificate presented by the server.

ASCII delimited by "-----BEGIN CERTIFICATE-----" & "-----END CERTIFICATE-----" means it's a PEM.

We need to isolate it. Then just copy it in a file and name it "server.pem" for instance.


4 - Configure Apache SSL to access WebLogic


First, copy the apache plugin in the apache modules directory.


towards %APACHE_HOME%\modules

In your httpd.conf, add the following lines to have a clean and separate configuration for WebLogic.


############## WLS 10 Proxy Plugin
<IfModule !mod_weblogic.c>
    LoadModule weblogic_module modules/mod_wl_22.so

<IfModule mod_weblogic.c>
  # Config file for WebLogic Server that defines the parameters
  Include conf/weblogic.conf


These few lines include the file weblogic.conf.

This file looks like :


<IfModule mod_weblogic.c>

    <Location  /console>
            SetHandler weblogic-handler
            WebLogicHost localhost
            WebLogicPort 7002

    # SSL
    SecureProxy ON
    WLProxySSL ON
    RequireSSLHostMatch false
    TrustedCAFile D:\BEA_ROOT\user_projects\domains\essex\ssl\blog\server.pem
    EnforceBasicConstraints false

    # DEBUG
    WLLogFile D:\BEA_ROOT\user_projects\domains\essex\ssl\blog\wlproxy.log
    Debug ALL
    DebugConfigInfo ON


As you may have noticed, the "TrustedCAFile" is the full path towards our server certificate (the one we got from OpenSSL !)

For more information about configuring WebLogic plugin, http://edocs.bea.com/wls/docs100/plugins/apache.html


Then accessing the console through the following URL : http://localhost/console shows in the wlproxy.log :


Tue Nov 11 00:08:43 2008 <502412263585231>
================New Request: [GET /console HTTP/1.1] =================
Tue Nov 11 00:08:43 2008 <502412263585231> INFO: SSL is configured
Tue Nov 11 00:08:43 2008 <502412263585231> SSL Main Context not set. Calling InitSSL
Tue Nov 11 00:08:43 2008 <502412263585231> INFO: SSL configured successfully
Tue Nov 11 00:08:43 2008 <502412263585231> Using Uri /console
Tue Nov 11 00:08:43 2008 <502412263585231> After trimming path: '/console'
Tue Nov 11 00:08:43 2008 <502412263585231> The final request string is '/console'
Tue Nov 11 00:08:43 2008 <502412263585231> Host extracted from serverlist is [localhost]
Tue Nov 11 00:08:43 2008 <502412263585231> Initializing lastIndex=0 for a list of length=1
Tue Nov 11 00:08:43 2008 <502412263585231> getListNode: created a new server node: id='localhost:7002' server_name='localhost', port='80'
Tue Nov 11 00:08:43 2008 <502412263585231> attempt #0 out of a max of 5
Tue Nov 11 00:08:43 2008 <502412263585231> Trying a pooled connection for ''
Tue Nov 11 00:08:43 2008 <502412263585231> getPooledConn: No more connections in the pool for Host[] Port[7002] SecurePort[7002]
Tue Nov 11 00:08:43 2008 <502412263585231> general list: trying connect to ''/7002/7002 at line 2619 for '/console'
Tue Nov 11 00:08:43 2008 <502412263585231> New SSL URL: match = 0 oid = 22
Tue Nov 11 00:08:43 2008 <502412263585231> Connect returns -1, and error no set to 10035, msg 'Unknown error'
Tue Nov 11 00:08:43 2008 <502412263585231> EINPROGRESS in connect() - selecting
Tue Nov 11 00:08:43 2008 <502412263585231> Setting peerID for new SSL connection
Tue Nov 11 00:08:43 2008 <502412263585231> 7f00 0001 5a1b 0000                          ....Z...
Tue Nov 11 00:08:43 2008 <502412263585231> Local Port of the socket is 1782
Tue Nov 11 00:08:43 2008 <502412263585231> Remote Host Remote Port 7002
Tue Nov 11 00:08:43 2008 <502412263585231> general list: created a new connection to ''/7002 for '/console', Local port:1782
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from clnt:[Accept]=[image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, ...

Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from clnt:[Accept-Language]=[fr]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from clnt:[Accept-Encoding]=[gzip, deflate]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from clnt:[User-Agent]=[Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ...

Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from clnt:[Host]=[localhost]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from clnt:[Connection]=[Keep-Alive]
Tue Nov 11 00:08:43 2008 <502412263585231> URL::sendHeaders(): meth='GET' file='/console' protocol='HTTP/1.1'
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[Accept]=[image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, ...

Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[Accept-Language]=[fr]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[Accept-Encoding]=[gzip, deflate]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[User-Agent]=[Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ...

Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[Host]=[localhost]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[Connection]=[Keep-Alive]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[WL-Proxy-SSL]=[true]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[WL-Proxy-Client-IP]=[]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[Proxy-Client-IP]=[]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[X-Forwarded-For]=[]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[X-WebLogic-KeepAliveSecs]=[30]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
Tue Nov 11 00:08:43 2008 <502412263585231> INFO: Certificate validation succeeded
Tue Nov 11 00:08:43 2008 <502412263585231> INFO: Negotiated to cipher: 3
Tue Nov 11 00:08:43 2008 <502412263585231> SSLWrite sent 782
Tue Nov 11 00:08:43 2008 <502412263585231> SSLWrite completed, sent 782
Tue Nov 11 00:08:43 2008 <502412263585231> Reader::fill() SSLRead success, read: 202
Tue Nov 11 00:08:43 2008 <502412263585231> URL::parseHeaders: CompleteStatusLine set to [HTTP/1.1 302 Moved Temporarily]
Tue Nov 11 00:08:43 2008 <502412263585231> URL::parseHeaders: StatusLine set to [302 Moved Temporarily]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from WLS:[Date]=[Mon, 10 Nov 2008 23:08:43 GMT]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from WLS:[Transfer-Encoding]=[chunked]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from WLS:[Location]=[https://localhost/console/]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from WLS:[X-WebLogic-JVMID]=[-353258681]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs from WLS:[X-Powered-By]=[Servlet/2.5 JSP/2.1]
Tue Nov 11 00:08:43 2008 <502412263585231> parsed all headers OK
Tue Nov 11 00:08:43 2008 <502412263585231> sendResponse() : r->status = '302'
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to client (reset):[Date]=[Mon, 10 Nov 2008 23:08:43 GMT]
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to client (reset):[Location]=[https://localhost/console/]
Tue Nov 11 00:08:43 2008 <502412263585231> for, updated JVMID: -353258681
Tue Nov 11 00:08:43 2008 <502412263585231> Hdrs to client (reset):[X-Powered-By]=[Servlet/2.5 JSP/2.1]
Tue Nov 11 00:08:43 2008 <502412263585231> Reader::fill() SSLRead success, read: 255
Tue Nov 11 00:08:43 2008 <502412263585231> Reader::fill() SSLRead success, read: 8
Tue Nov 11 00:08:43 2008 <502412263585231> canRecycle: conn=1 status=302 isKA=1 clen=-1 isCTE=1
Tue Nov 11 00:08:43 2008 <502412263585231> closeConn: pooling for ''
Tue Nov 11 00:08:43 2008 <502412263585231> request [/console] processed sucessfully..................


And if we set a bad certificate name, restart Apache, an access to the same URL shows :



Tue Nov 11 00:09:59 2008 <340812263585991>
================New Request: [GET /console HTTP/1.1] =================
Tue Nov 11 00:09:59 2008 <340812263585991> INFO: SSL is configured
Tue Nov 11 00:09:59 2008 <340812263585991> SSL Main Context not set. Calling InitSSL
Tue Nov 11 00:09:59 2008 <340812263585991> ERROR: SSL initialization failed


So this it ...

Hope it was clear and useful. Anyway, here are just the main lines. Don't go in production with such a configuration :)

(even if it's not worst than using WebLogic DemoTrust & DemoCertificates ...)



Mots clés Technorati : ,,,,,


[Book Review] BPEL for Web Services 2nd Edition


Lately (thanks to the fact we've been absorbed by Oracle), I've been quite interested in BPEL and especially in Oracle BPEL Process Manager.

I ran into some tutorials, easily findable on OTN and that gave me the will to go further.

Unfortunately, since I'm still a BEA consultant, I'm not working with this product

and therefore, I can't play with it in my everyday life (and I don't think my clients would appreciate :D)


I then decided to get a book covering the subject, but which one ?

As usually, I looked at Packt Publishing, who's covering (generally well) that kind of topic.

Bingo ! I found that book "Business Process Execution Language" for Web Services - 2nd Edition" which matches at 100% my need !

Actually, I got this one, which is the french version :)


I particularly appreciated the book "Service Oriented Architecture with Java" but this one is awesome.

It goes with a general presentation on how BPEL links with SOA. Then, the webservice stack is detailed (WSSE, WS-Coordination ...)

And after that appetizer, we dive into BPEL, and its implementation in OPM (Oracle BPEL Process Manager).

That's was really agreable to read, I wouldn't say it's like a roman, but ...

Next chapter, Advanced BPEL : we see some more elaborate process.

Well, I could go on but go take a look at the full TOC and you'll see what I'm talking about.

A special note for the chapter 6, which deals with proprietary behaviors from OPM and WSIF (which personnally reminds me a bit of an EAI ...)


You may get a taste of it by reading this sample chapter.


As you may have understood, this book is excellent for who wants to work with BPEL and OPM.

(the last chapter deals with Microsoft BizTalk, but I didn't read it !)


Strongly recommended !!!


JDeveloper 11 & SOA / BPEL

Today, I downloaded JDeveloper 11 production version, the brand new version of the Oracle IDE.

First look, that's not bad : quite sexy indeed.

Okay, let's leave that look 'n' feel matter and back to business ! Let's design a sample BPEL process ...

After 5 minutes of furious clicks (yes, I'm more used to Eclipse / Workshop 10), I checked whether I had forgotten a naughty option but no ...

I couldn't definitely find how to create a "SOA Project".


Thanks to Google (definitely my friend), I found that link :



Heidi Buelow, our SOA Suite Product Manager (if I'm not mistaken) says that the current production release does NOT support BPEL.

To be able to work with it, you will have to download the JDeveloper SOA TP4 !


Okay, let's get it !

I don't know why but I tried 4 times to download the file from OTN (with a simple browser) and each time, my download stopped at about 90%.

I used a download tool (GetRight) and now JDev 11G SOA TechPreview 4 is mine.


But no, still doesn't work ! I could recently check on Metalink (Oracle Support) what was to be done to activate the SOA sugar.

Go in the directory JDEV_HOME \ jdev \ bin  and edit the file "jdev.conf".

Comment the line starting with "AddVMOption -Dide.noextension=oracle.bam [...]" by adding a # in front of it.


And that's it : you will be able to do some BPEL with your favorite 11g IDE.


Edit : Now, the brand new version is out, you still may encounter a problem to use the "SOA Tier".

After installing Jdev (11g), go in the menu "Help > Check for Updates" and you should see "Oracle SOA Composite Editor".





After the install, simply restart and you're done.


Mots clés Technorati : ,,,,

How to manage a server overload thanks to WorkManagers ?

In WebLogic 8, you had the ExecuteQueues to perform some tuning about the number of threads, assigning different scope of execution ...

In WebLogic 9+, the concept of WorkManager has been introduced.

BEA strongly recommends the use of WorkManagers instead of ExecuteQueues.

However, if you want to use the old mechanism, you may by specifying the option "-Dweblogic.Use81StyleExecuteQueues=true" in your JVM startup script.


One of the interesting use of WorkManager is to avoid an overload to a server by specifying a maximum request number.

Beyond that number, the server will reject new requests. Of course, it has a meaning only if you're using a cluster ...

Else, you would have some 5XX exceptions coming back to your users !


One of the prerequisites for that solution to work is that you use the WebLogic plugin,

and that you let the IdemPotent & the Dynamic Server List options set to true (which should be the case by default) in your plugin configuration.


Creating the resources


First, you will have to define a capacity constraint. Target it on the chosen instance.




Then, specify the maximum number of requests your instance can handle.




Then create the wrapping WorkManager and choose the subcomponent previously created (capacity constraint).




Assign that WorkManager to the server, (same instance targetted by the capacity constraint).


Checking the creation


Then check that your WorkManager and the capacity constraint are correctly targetted




You're done.


And when the 101st request arrives on the server, the latter will send a HTTP 503 error.

Combined to the configuration of your plugin, this will dispatch the request to the next WebLogic Server instance in the cluster,

as shown below.