In an use case I was working, I needed to access the Weblogic 12c runtime properties.
I searched for it in Oracle documentation, but I could not find a complete example, so I decided to create this blog post and a github example.
In this example, I will show only how to make local connections to the Weblogic’s Domain Runtime MBean Server, because my use case only required that, but you can also make remote connections from Java applications not deployed in the Weblogic server.
After some research, I discovered how to get the parameters by name, and also how to get all the server parameters, if you don’t know the exact name of your parameter but you know the value that it should have.
Then I created a jsp page to display all those parameters.
First, let’s take a look at the WeblogicDataRetrieverServletContextListener class, it is a ServletContextListener, and this class executes its contextInitialized(ServletContextEvent servletContextEvent) method when the application starts, and it executes the contextDestroyed(ServletContextEvent servletContextEvent) method when the application is undeployed.
In the contextInitialized() method, I get all the weblogic parameters only once and store them in the application / servletcontext scope, so all the users have access to this information.
There are some parameters that cannot be displayed as clear-text because of the Weblogic’s security configurations:
The parameters are:
JavaStandardTrustKeyStorePassPhrase,
CustomIdentityKeyStorePassPhrase,
CustomTrustKeyStorePassPhrase,
DefaultIIOPPassword,
DefaultTGIOPPassword.
If we don’t filter them when retrieving the server properties, an exception will happen:
Image 1 – Application initialized with error when we don’t filter the runtime parameters.
com.ribas.andrei.servletlistener.WeblogicDataRetrieverServletContextListener failed: weblogic.management.NoAccessRuntimeException: Access to sensitive attribute in clear text is not allowed due to the setting of ClearTextCredentialAccessEnabled attribute in SecurityConfigurationMBean. Attr: JavaStandardTrustKeyStorePassPhrase, MBean name: com.bea:Name=AdminServer,Type=Server. weblogic.management.NoAccessRuntimeException: Access to sensitive attribute in clear text is not allowed due to the setting of ClearTextCredentialAccessEnabled attribute in SecurityConfigurationMBean. Attr: JavaStandardTrustKeyStorePassPhrase, MBean name: com.bea:Name=AdminServer,Type=Server at weblogic.management.mbeanservers.internal.SecurityInterceptor.checkGetSecurity(SecurityInterceptor.java:595) at weblogic.management.mbeanservers.internal.SecurityInterceptor.getAttribute(SecurityInterceptor.java:298) at weblogic.management.jmx.mbeanserver.WLSMBeanServer.getAttribute(WLSMBeanServer.java:279) at com.ribas.andrei.servletlistener.WeblogicDataRetrieverServletContextListener.contextInitialized(WeblogicDataRetrieverServletContextListener.java:84) at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:661) Truncated. see log file for complete stacktrace
In the end of the article I will show how to enable the clear text credential access, to access the value of those those properties in clear text.
Connecting to the MBeanServer:
To get a JMX connection to Weblogic, we use JNDI to get a reference to the MBeanServer:
InitialContext ctx = new InitialContext(); MBeanServer server = (MBeanServer) ctx.lookup("java:comp/env/jmx/runtime");
Then we can already get some data from the server, like the default domain name and the list of domains in which any MBean is currently registered:
String[] domains = mbeanServer.getDomains(); String defaultDomain = mbeanServer.getDefaultDomain();
To get all the server runtime properties, first we need to get the server name in the system property:
String serverName = System.getProperty("weblogic.Name");
Now we create an ObjectName with the server name, and retrieve all the attributes for the server:
ObjectName objName = new ObjectName("com.bea:Name=" + serverName + ",Type=Server"); MBeanAttributeInfo[] beanInfoAttributesArray = mbeanServer.getMBeanInfo(objName).getAttributes();
The next step is to iterate over that array and create a new object with the attributes name, description, value and type, and then add it to a collection:
for (MBeanAttributeInfo info : beanInfoAttributesArray) { Object attributeValue = "not allowed to show"; if (isAttributeAllowedToShow(info.getName())) { attributeValue = mbeanServer.getAttribute(objName, info.getName()); if (attributeValue == null) { attributeValue = ""; } } serverPropertiesInfoCollection.add(new ServerPropertiesInfo(info.getName(), info.getType(), attributeValue, info.getDescription())); }
Finally, we create a new object will all the data we got and store it in the ServletContext, so all users have access to the data:
ServerProperties serverProperties = new ServerProperties(serverName, defaultDomain, domains, serverPropertiesInfoCollection); servletContextEvent.getServletContext().setAttribute("serverProperties", serverProperties);
In the created page, you can see that there are a lot of information.
At the top, you can see the server name, the default domain and all the server domains in which any MBean is currently registered:
Image 2 – Initial server properties
Then in the next section, we iterate over all the server attributes collection exhibiting the name, type, value and description.
If the attribute’s value cannot be shown, like the “forbidden” attributes we mentioned in the beginning of the article, it’s value is set to “not allowed to show”.
If the value is null, we exhibit [null]:
In my use case, I needed only to get the ListenAddress and the ListenPort attribute values during runtime, but I did this nice example if anyone needs to access other properties.
To enable the Clear Text Credential Access:
In Weblogic console, click your domain:
Image 4 – Locating the domain
In the next page, click the Security Tab, then the Advanced link:
Image 5 – Locating the Advanced security settings
Then you will see the option Clear Text Credential Access Enabled, click it and then click the Save button, then the Activate Changes button.
Image 6 – Updating the “Clear Text Credential Access Enabled” property
If you edit my code and remove the not displayed property from the NOT_ALLOWED_ATTRIBUTES array, then they will be exhibited in Weblogic.
In my case, all those forbidden properties were blank / null.
Before:
Image 7 – Application deployed before changing the Clear Text Credential Access server security configuration, the secured data is not being displayed:
After:
Image 8 – Application deployed after changing the Clear Text Credential Access server security configuration and also changing the code to not filter the value of the password properties