Installing on Oracle WebLogic Server | ||
---|---|---|
Previous | Next | |
iKnowBase Quickstart embedded web server | Installing on GlassFish Server |
Installation on Oracle WebLogic Server has the following tasks:
Install a domain containing
WebDav must be deployed to context root / and since ikbViewer also typically is deployed to /, we recommend creating a WebLogic virtual host and target WebDav to this virtual host. A web request to / on the WebDav virtual host will be routed to WebDav, and on all other hosts be routed to the Viewer.
From the administrative console (http://localhost:7001/console), create a data source with
Create groups in the default realm for each of the iknowbase roles user, developer and sysadmin. The groups must be named after the roles, e.g. IKB_USERS, IKB_DEVELOPERS and IKB_SYSADMINS.
For each of the application archives, deploy using the WebLogic console:
The iKnowBase web applications are configured to replicate HTTP sessions when they are targeted to an application server cluster. This enhances support for failover and reduces impact for the user during a failover scenario.
The session replication mechanism configured is
<session-descriptor>
<persistent-store-type>replicated_if_clustered</persistent-store-type>
</session-descriptor>
The persistent-store-type “replicated_if_clustered” requires a homogeneous deployment to the cluster. You cannot target applications with this setting to selected parts of the cluster.
The persistent-store-type can be changed with deployment plans. See weblogic.xml session descriptor element for available options.
Note: ikbWebdav does not support clustering and is not configured with persistent-store-type.
WebLogic allows simple configuration of authentication providers. Configure as appropriate by following this procedure:
It is possible to authenticate directly against the iKnowBase user tables, through the custom IKBAuthenticationPlugin supplied as part of iKnowBase.
When installed, this provider will lookup usernames and passwords from the IKB_USER-table in the iKnowBase database schema, where the passwords are stored in encrypted form (SHA1-hash algorithm). A user will be authenticated if the username matches the one in the database, and the hashed password from the database matches what the user enters.
Further, the provider will provide group information to the WebLogic server. The list of group names is the union of all external keys in all groups the user is a member of. For proper use with the iKnowBase-applications, you should have groups with external keys “IKB_USERS”, “IKB_DEVELOPERS” and “IKB_SYSADMINS”, matching the users roles required for the java applications to work.
To install the plugin, perform the following steps:
PRE_CLASSPATH=/app/oracle/Middleware/wlserver_12.1/server/ext/iknowbase-weblogic-plugin-VERSION.jar
By default, the plugin does not write any log information. However, if the java system property “com.iknowbase.weblogic.IKBAuthenticationPlugin.log” is set to the value “true”, the plugin will log operations to standard out, which is normally captured into the server log file (AdminServer.log for the admin server). Enable the system property in the startup script, like this (note that this is two lines only; they are broken into multiple lines here for layout purposes).
PRE_CLASSPATH=/app/oracle/Middleware/wlserver_12.1/server/ext/iknowbase-weblogic-plugin-VERSION.jar
EXTRA_JAVA_PROPERTIES="-Dcom.iknowbase.weblogic.IKBAuthenticationPlugin.log=true"
With this, you will see log output matching this:
<Sep 25, 2009 7:05:30 PM CEST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
IKBAuthenticationPlugin.lookupPassword: username=weblogic
IKBAuthenticationPlugin.lookupPassword: Found password for user=weblogic
IKBAuthenticationPlugin.userExists: Searching for username=weblogic
IKBAuthenticationPlugin.userExists: Search for username=weblogic returns true
IKBAuthenticationPlugin.lookupUserGroups: Searching for username=weblogic
IKBAuthenticationPlugin.lookupUserGroups: Search for username=weblogic returns[]
We strongly recomment using SSL (https) for all production sites.
The procedures for terminating SSL directy in the application server can be found in the WebLogic documentation.
If you terminate SSL in an external proxy, that proxy will typically use HTTP (an unsecured connection) to talk to the application server. Then, the application server will not be aware that the browser sees a secure connection, and will by default generate links to an unsecure site. To avoid this, note the following items:
If using Apache httpd for ssl-termination, the following configuration in httpd.conf should set the required header:
<Virtualhost ...>
...
RequestHeader set WL-Proxy-SSL true
...
</Virtualhost>
In the WebLogic domain configuration (config.xml), you would find the following snippet:
<web-app-container>
<weblogic-plugin-enabled>true</weblogic-plugin-enabled>
</web-app-container>
Previous | Top | Next |
iKnowBase Quickstart embedded web server | Installing on GlassFish Server |