Monday, June 30, 2014
AIX Commands
Find larger files
find /archive -type f -size +1000 -exec ls -lrt {} \; | sort -n +4
(http://lafirgk.blogspot.com/2010/11/finding-large-files-works-in-aix-unix.html)
-------------------------------------------------------------------------------------------------------------------
If there is a need to split a file based on record tags , we
can use the following awk command
awk
'/^HDR/{x="File"++i;}{print > x;}' sample_file
HDR à Tag
based on which the file has to be split
“File” à Name
of the split files .. File1,File2……..Filen
Sample_file à Input file --------------------------------------------------------------------------------------------------------------------
oslevel -a
6100 denotes AIX Version 6.1.0.0
06 denotes Technology Package
08 denotes Service Pack
1216 - First 2 characters(12) denote the 2 digit year (2012) in which the update happened.
Last 2 characters(16) denote the Week in which the update happened in a given year.
More AIX Commands from below:
http://www.ibm.com/developerworks/aix/library/au-aix_cmds/
Just copying into my blog to have the full text if in case the blog entry gets deleted...
Introduction
As you know, AIX has a vast array of commands that enable you to do a multitude of tasks. Depending on what you need to accomplish, you use only a certain subset of these commands. These subsets differ from user to user and from need to need. However, there are a few core commands that you commonly use. You need these commands either to answer your own questions or to provide answers to the queries of the support professionals.In this article, I'll discuss some of these core commands. The intent is to provide a list that you can use as a ready reference. The behavior of these commands should be identical in all releases of AIX. The exceptions have been noted where that is not true.
Commands
Kernel
How do I know if I am running a uniprocessor kernel or a multiprocessor kernel, or a 32-bit kernel or a 64-bit kernel?/unix
is a symbolic link to the booted kernel. To find out what kernel mode is running, enter ls -l /unix
and see what file /unix
it links to. The following are the three possible outputs from the ls -l /unix
command and their corresponding kernels:/unix -> /usr/lib/boot/unix_up # 32 bit uniprocessor kernel /unix -> /usr/lib/boot/unix_mp # 32 bit multiprocessor kernel /unix -> /usr/lib/boot/unix_64 # 64 bit multiprocessor kernel
AIX 5L Version 5.3 does not support a uniprocessor kernel.
How can I change from one kernel mode to another?
During the installation process, one of the kernels, appropriate for the AIX version and the hardware in operation, is enabled by default. Use the method from the previous question and assume that the 32-bit kernel is enabled. Also assume that you want to boot it up in the 64-bit kernel mode. This can be done by running the following commands in sequence:
ln -sf /usr/lib/boot/unix_64 /unix ln -sf /usr/lib/boot/unix_64 /usr/lib/boot/unix bosboot -ad /dev/hdiskxx shutdown -r
lslv -m hd5
In AIX V5.2, the 32-bit kernel is installed by default. In AIX V5.3, the 64-bit kernel is installed on 64-bit hardware and the 32-bit kernel is installed on 32-bit hardware by default.
Hardware
How do I know if my machine is capable of running AIX 5L Version 5.3?AIX 5L Version 5.3 supports all 32- bit and 64-bit Common Hardware Reference Platform (CHRP)-based IBM Power® hardware. Only 64-bit CHRP systems are supported with AIX 6.1 and AIX V7.1.
How do I know if my machine is CHRP-based?
Run the
prtconf
command. If it is a CHRP machine, the string chrp
appears on the Model Architecture line.How do I know if my Power Systems machine (hardware) is 32-bit or 64-bit?
Run the
prtconf
command.How much real memory does my machine have?
To display real memory in kilobytes (KB), type one of the following:
lsattr -El sys0 -a realmem
64-bit hardware is required to run the 64-bit kernel.
What are the values of attributes for devices in my system?
To list the current values of the attributes for the tape device, rmt0, type:
lsattr -l rmt0 -E
lsattr -l rmt0 -D
tty0
, type:lsattr -l tty0 -a login -R
lsattr -E -l sys0
To display the number of processors on your system, type:
lscfg | grep proc
To display the number of hard disks on your system, type:
lspv
To find details about hdisk1, for example, run the following command:
lspv hdisk1
Type the following:
lscfg
Option | Description |
---|---|
-p | Displays platform-specific device information. The flag is applicable to AIX V4.2.1 or later. |
-v | Displays the vital product data (VPD) found in the customized VPD object class. |
lscfg -vl rmt0
prtconf
command.How do I find out the chip type, system name, node name, model number, and so forth?
The
uname
command provides details about your system.Command | Description |
---|---|
uname -p | Displays the chip type of the system. For example, IBM PowerPC®. |
uname -r | Displays the release number of the operating system. |
uname -s | Displays the system name. For example, AIX. |
uname -n | Displays the name of the node. |
uname -a | Displays the system name, nodename, version, machine ID. |
uname -M | Displays the system model name. For example, IBM, 9114-275. |
uname -v | Displays the operating system version. |
uname -m | Displays the machine ID number of the hardware running the system. |
name -u | Displays the system ID number. |
AIX
What is the technology level of my system?To determine the highest technology level reached for the current version of AIX on the system, type:
oslevel -r lslpp -h bos.rte
lslpp -l "bos.rte.*"
oslevel -r -l 5300-01
oslevel -r -g 5300-01
oslevel -s
oslevel -sq
Known service packs ------------------- 6100-00-02-0750 6100-00-01-0748 6100-00-00-0000
oslevel -s -l 6100-00-01-0748
oslevel -s -g 6100-00-01-0748
The following command will create, within volume group testvg, a journaled file system (JFS) of 10 MB with mounting point /fs1:
crfs -v jfs -g testvg -a size=10M -m /fs1
crfs -v jfs2 -g testvg -a size=10M -p ro -m /fs2
crfs -v jfs -g rootvg -m /test -a \ size=32768 -a frag=512 -a nbpi=1024
To make a JFS on the rootvg volume group with nondefault fragment size and nondefault NBPI, enter:
crfs -v jfs -g rootvg -m /test -a size=16M -a frag=512 -a nbpi=1024
How do I change the size of a file system?
To increase the
/usr
file system size by 1000000 512-byte blocks, type:chfs -a size=+1000000 /usr
chfs -a size=24576 /test
To increase the size of the /test JFS, enter:
chfs -a size=+8192 /test
To change the mount point of a file system, enter:
chfs -m /test2 /test
To delete the accounting attribute from a file system, enter:
chfs -d account /home
To split off a copy of a mirrored file system and mount it read-only for use as an online backup, enter:
chfs -a splitcopy=/backup -a copy=2 /testfs
To change the file system size of the /test JFS, enter:
chfs -a size=64M /test
To reduce the size of the /test JFS2 file system, enter:
chfs -a size=-16M /test
Note:
In AIX V5.3, the size of a JFS2 file system can be shrunk, as well.
How do I mount a CD?
Type the following:
mount -V cdrfs -o ro /dev/cd0 /cdrom
The following command will mount file system /dev/fslv02 on the /test directory:
mount /dev/fslv02 /test
The following command will mount all such file systems:
mount {-a|all}
Type the following command to display information about all currently mounted file systems:
mount
mount -n nodeA /home/tom.remote /home/tom.local
VfsName parameter=remote
, which must be defined in the /etc/vfs file.To mount a file or directory from the /etc/file systems file with a specific type, enter the following command:
mount -t remote
type=remote
attribute.To mount a snapshot, enter the following command:
mount -o snapshot /dev/snapsb /home/janet/snapsb
To mount a file system and create a snapshot, enter the following command:
mount -o snapto=/dev/snapsb /dev/sb /home/janet/sb
To remount the mounted read-only JFS2 file system to a read-write file system, enter the following command:
mount –o remount,rw fsname
The
remount
option is not available in AIX 5.3.How do I unmount a file system?
Type the following command to unmount the /test file system:
umount /test
umount -n nodeA
Type the following command to remove the /test file system:
rmfs /test
How can I defragment a file system?
The
defragfs
command can be used to improve or report the status of contiguous space within a file system. For example, to defragment the file system /home, use the following command:defragfs /home
defragfs -r /data1
defragfs -s /data1
To list the file set that owns
/usr/bin/vmstat
, type:lslpp -w /usr/bin/vmstat
lslpp -w
installp
, type:lslpp -w "*installp*"
/usr/bin/svmon
, type:which_fileset svmon
Type the following command:
lslpp -l
lslpp -l "bos.rte.*"
lslpp -La bos.rte.filesystem
lslpp -f bos.rte.lvm
installp
, type:lslpp -w "*installp*"
Type the following command:
instfix -i | grep TL
To inform the user on whether fixes IX38794 and IX48523 are installed, type:
instfix -i -k "IX38794 IX48523"
To install APAR IY73748 from
/dev/cd0
, for example, enter the command:instfix -k IY73748 -d /dev/cd0
instfix -k IX38794 -d /dev/rmt0.1
instfix -T -d /dev/rmt0.1 | instfix -d /dev/rmt0.1 -f-
How do I verify if file sets have required prerequisites and are completely installed?
To show the file sets that need to be installed or corrected, type:
lppchk -v
Type the following command:
dump -Htv
dump -o a.out
dump -l a.out
dump -s a.out
dump -t a.out
Firmware-assisted dump is now the default dump type in AIX V7.1, when the hardware platform supports firmware-assisted dump. The traditional dump remains the default dump type for AIX V6.1, even when the hardware platform supports firmware-assisted dump.
# oslevel -s 6100-00-03-0808 # sysdumpdev -l primary /dev/lg_dumplv secondary /dev/sysdumpnull copy directory /var/adm/ras forced copy flag TRUE always allow dump FALSE dump compression ON type of dump traditional # oslevel -s 7100-00-00-0000 # sysdumpdev -l primary /dev/lg_dumplv secondary /dev/sysdumpnull copy directory /var/adm/ras forced copy flag TRUE always allow dump FALSE dump compression ON type of dump fw-assisted full memory dump disallow
# sysdumpdev -f require # sysdumpdev -l primary /dev/lg_dumplv secondary /dev/sysdumpnull copy directory /var/adm/ras forced copy flag TRUE always allow dump FALSE dump compression ON type of dump fw-assisted full memory dump require
# sysdumpdev -t traditional # sysdumpdev -l primary /dev/lg_dumplv secondary /dev/sysdumpnull copy directory /var/adm/ras forced copy flag TRUE always allow dump FALSE dump compression ON type of dump traditional
# sysdumpdev -t fw-assisted
The firmware-assisted system dump will be configured at the next reboot.
How do I determine the amount of paging space allocated and in use?
Type the following:
lsps -a
You can use the
chps -s
command to dynamically increase the size of a paging space. For example, if you want to increase the size of hd6 with three logical partitions, you issue the following command:chps -s 3 hd6
chps -s 4 myvg
How do I reduce a paging space?
You can use the
chps
-d
command to dynamically reduce the size of a paging space. For example, if you want to decrease the size of hd6 with four logical partitions, you issue the following command:chps -d 4 hd6
Your system is capable of SMT if it is an IBM POWER5 processor-based system or later running AIX 5L Version 5.3 or later.
How would I know if SMT is enabled for my system?
If you run the
smtctl
command without any options, it tells you if it is enabled or not.Is SMT supported for the 32-bit kernel?
Yes, SMT is supported for both 32-bit and 64-bit kernel.
Note:
AIX V5.3 32-bit kernel only supports SMT 2. For SMT 4 exploitation, you would need to run AIX V5.3 in a versioned workload partition (WPAR) on top of AIX V7.1 (described in the Workload partitions section). The 32-bit kernel was removed in AIX V6.1.
How do I enable or disable SMT?
You can enable or disable SMT by running the
smtctl
command. The following is the syntax:smtctl [ -m off | on [ -w boot | now]]
Option | Description |
---|---|
-m off | Sets SMT mode to disabled |
-m on | Sets SMT mode to enabled |
-w boot | Makes the SMT mode change effective on next and subsequent reboots if you run the bosboot command before the next system reboot
|
-w now | Makes the SMT mode change immediately but will not persist across reboot |
-w boot
option nor the -w now
option is specified, then the mode change is made immediately. It persists across subsequent reboots if you run the bosboot
command before the next system reboot.To disable simultaneous multithreading for the current boot cycle and for all subsequent boots, enter:
smtctl -m off
smtctl: SMT is now disabled. It will persist across reboots if you run the
bosboot
command before the next reboot.How do I get partition-specific information and statistics?
The
lparstat
command provides a report of partition information and utilization statistics. This command also provides a display of hypervisor information.To get the default LPAR statistics, enter the following command:
lparstat 1 1
lparstat –h 1 1
lparstat -i
lparstat –H 1 1
lparstat –m
The
m
option is not available in AIX 5.3.Volume groups and logical volumes
AIX V7.1 includes enhanced support for solid-state drive (SSD) in the AIX Logical Volume Manager (LVM). The commands
lsvg, mkvg, chvg, extendvg,
and replacepv
described in the following sections support creation, extension, and maintenance of volume groups consisting of SSDs.How do I know if my volume group is normal, big, or scalable?
Run the
lsvg
command on the volume group and look at the value for MAX PVs. The value is 32 for normal, 128 for big, and 1024 for scalable volume group.How can I create a volume group?
Use the following command, where
s
partition_size sets the number of megabytes (MB) in each physical partition where the partition_size
is expressed in units of MB from 1 through 1024. (It is 1 through 131072 for AIX V5.3.) The partition_size
variable must be equal to a power of 2 (for example: 1, 2, 4, 8). The default value for standard and big volume groups is the lowest value to remain within the limitation of 1016 physical partitions per physical volume. The default value for scalable volume groups is the lowest value to accommodate 2040 physical partitions per physical volume.mkvg -y name_of_volume_group -s partition_size list_of_hard_disks
mkvg -s 1 hdisk3 hdisk5 hdisk6
To create a volume group that can accommodate a maximum of 1024 physical volumes and 2048 logical volumes, type:
mkvg -S -v 2048 hdisk6
You use the following command to change the characteristics of a volume group:
chvg
chvg -a y vg03
smit chvg
fast path to run this command.How do I create a logical volume?
Type the following:
mklv -y name_of_logical_volume name_of_volume_group number_of_partition
mklv vg03 15 hdisk5 hdisk6 hdisk9
To increase the size of the logical volume represented by the lv05 directory by three logical partitions, for example, type:
extendlv lv05 3
You can display all logical volumes that are part of rootvg by typing the following command:
lsvg -l rootvg
lsvg -o
lsvg
lsvg vg02
How do I list information about logical volumes?
Run the following command to display information about the logical volume lv1:
lslv lv1
lslv -p hdisk2
LogicalVolume
parameter was included, the map does not contain logical partition numbers specific to any logical volume.To display information about the lv03 logical volume by physical volume, enter:
lslv -l lv03
How do I remove a logical volume from a volume group?
You can remove the logical volume lv7 by running the following command:
rmlv lv7
rmlv
command removes only the logical volume, but does not remove other entities, such as file systems or paging spaces that were using the logical volume.How do I mirror a logical volume?
mklvcopy
LogicalVolumeName Numberofcopies
syncvg
VolumeGroupName
syncvg
command synchronizes the logical volume copies.To add physical partitions to the logical partitions in the
lv01
logical volume, so that a total of three copies exist for each logical partition, enter:mklvcopy lv01 3
lv01
directory have three copies.How do I remove a copy of a logical volume?
You can use the
rmlvcopy
command to remove copies of logical partitions of a logical volume. To reduce the number of copies of each logical partition belonging to the testlv
logical volume, enter:rmlvcopy testlv 2
Queries about volume groups
To show volume groups in the system, type:
lsvg
rootvg
, type:lsvg rootvg
rootvg
, type:lsvg -p rootvg
Type the following:
extendvg VolumeGroupName hdisk0 hdisk1 ... hdiskn
hdisk3
and hdisk8
to volume group vg3
, enter:extendvg vg3 hdisk3 hdisk8
The volume group must be varied on before extending.
How do I find out the maximum supported logical track group (LTG) size of my hard disk?
You can use the
lquerypv
command with the -M
flag. The output gives the LTG size in KB. For instance, the LTG size for hdisk0 in the following example is 256 KB./usr/sbin/lquerypv -M hdisk0 256
lspv
command on the hard disk and look at the value for MAX REQUEST.What does the
syncvg
command do?The
syncvg
command is used to synchronize stale physical partitions. It accepts names of logical volumes, physical volumes, or volume groups as parameters.For example, to synchronize the physical partitions located on physical volumes
hdisk4
and hdisk5
, use:syncvg -p hdisk4 hdisk5
testvg
, use:syncvg -v testvg
vg04
and vg05
, enter:syncvg -v vg04 vg05
extendvg
VolumeGroupName hdisk_new
migratepv
hdisk_bad hdisk_new
reducevg -d
VolumeGroupName hdisk_bad
migratepv
moves allocated physical partitions from one physical volume to one or more other physical volumes.The
reducevg
command removes physical volumes from a volume group. When all the physical volumes are removed from the volume group, the volume group is deleted.How can I clone (make a copy of) the rootvg?
You can run the
alt_disk_copy
command to copy the current rootvg to an alternate disk. The following example shows how to clone the rootvg to hdisk1.alt_disk_copy -d hdisk1
Network
How can I display or set values for network parameters?The
no
command sets or displays current or next boot values for network tuning parameters.To display the maximum size of the mbuf pool, type:
no -o thewall
no -r -o tcp_sendspace=32768 no -r -o udp_recvspace=32768
no -o ipforwarding=1
no
command, type:no -L
Type one of the following commands:
ifconfig -a host Fully_Qualified_Host_Name
host cyclop.austin.ibm.com
Either of the following two commands will display the network interfaces:
lsdev -Cc if ifconfig -a
tr0
, run the command:ifconfig tr0
To activate the network interface
tr0
, run the command:ifconfig tr0 up
For example, to deactivate the network interface
tr0
, run the command:ifconfig tr0 down
To display routing table information for an Internet interface, type:
netstat -r -f inet
netstat -i -f inet
netstat -s -f inet
To record packets coming in and going out to any host on every interface, enter:
iptrace /tmp/nettrace
To record packets received on an interface
en0
from a remote host airmail over the Telnet port, enter:iptrace -i en0 -p telnet -s airmail /tmp/telnet.trace
Workload partitions
Workload partitions (WPARs), a set of completely new software-based system virtualization features, were introduced in IBM AIX Version 6.1. With AIX 6.1 TL4, the capability to create a WPAR with its root file systems on a storage device dedicated to that WPAR was introduced. With AIX 6.1 TL6, the capability to have Virtual I/O Server (VIOS)-based virtual Small Computer System Interface (VSCSI) disks in a WPAR was introduced. Storage area network (SAN) support for rootvg system WPAR released with AIX 6.1 TL 6 provided the support of individual devices (disk or tapes) in a WPAR.With AIX 7.1, the support of kernel extension load and VIOS disks and their management within a WPAR has been added, allowing a rootvg WPAR that supports VIOS disks. A new product named AIX 5.2 Workload Partitions for AIX 7 to support an AIX 5.2 environment in a versioned workload partition has been introduced in AIX 7.1. The enhancement introduced with the reliability, availability, and serviceability (RAS) error-logging mechanism has been propagated to WPARs with AIX 7.1. This RAS error-logging feature first became available in AIX 7.1 and was included in AIX 6.1 TL 06.
How do I create a workload partition?
To create a WPAR named temp with the IP address xxx.yyy.zzz.nnn, type:
mkwpar -n temp -N address= xxx.yyy.zzz.nnn
To create a workload partition based on an existing specification file wpar1.spec, type:
mkwpar -f /tmp/wpar1.spec
To create a specification file wpar2.spec for an existing workload partition
wpar1
, type:mkwpar -e wpar1 -o /tmp/wpar2.spec -w
To start the workload partition called
temp
, type:startwpar temp
To stop the workload partition called
temp
, type:stopwpar temp
To view the characteristics of all workload partitions, type:
lswpar Name State Type Hostname Directory --------------------------------------------------------------------------------- bar A S bar.austin.ibm.com /wpars/bar bar A S bar.austin.ibm.com /wpars/bar foo D S foo.austin.ibm.com /wpars/foo trigger A A trigger /
To log in to the workload partition named
wpar1
as user foo
, type:clogin wpar1 -l foo
To run the /usr/bin/ps command as user root in a workload partition named
howdy
, type:clogin howdy -l root /usr/bin/ps
To remove the workload partition called
temp
, type:rmwpar temp
temp
preserving data on its file system, type:rmwpar -p -s temp
Performance monitoring tools
Theiostat
command described below has been enhanced in AIX 6.1 TL6 and AIX 7.1 to capture useful data to help analyze I/O issues and identify and correct the problem quicker. A new flag, -b
, is available for the iostat
command to display block I/O device utilization statistics.How do I display virtual memory statistics?
To display a summary of the virtual memory statistics since boot, type:
vmstat
vmstat 2 5
vmstat scdisk13 scdisk14
vmstat -t
vmstat -vs
vmstat -@ ALL
vmstat -vs -@ ALL
To display a single set of statistics for all TTY, CPU, and disks since boot, type:
iostat
disk1
, type:iostat -d disk1 2
disk1
, type:iostat disk1 2 6
iostat -d 2 6
disk1
, disk2
, disk3
, enter the following command:iostat disk1 disk2 disk3 2 6
iostat -s
iostat -a 5
iostat -sat 20 10
iostat -sad hdisk0 hdisk7 30
iostat
, enter the following command:iostat -T 60
iostat -F -@ ALL
iostat -s -@ ALL
Type the following command:
topas
topas -P
topas -L
topas -D
topas -F
abc
, enter the following command:topas -@ abc
topas
WPAR mode, enter the following command:topas -@
Type the following command:
sar
sar -y -r 2 20
sar -@ wparname
sar -P ALL 1 1
sar -u -P 0,1
cpu %usr %sys %wio %idle 0 45 45 5 5 1 27 65 3 5
Conclusion
Admittedly, a list such as this can be helpful in quickly answering some of your own questions. However, it does not cover everything that you might need. You can extend the usefulness of such a list by adding other commands that answer additional questions not addressed here.Tuesday, June 24, 2014
Weblogic OWSM Username/Toket
http://cerebro.com.au/2012/11/05/osb-adding-owsm-wsse-username-policy-with-static-username-credential-keys/
Copying in case original post is removed.. ...
This assumes that you already have a project with a web service that you want to secure with WSSE Username Token with a Static username / password. This is generally when we are doing system level integration and have a system user. We recommend that each system would have a separate user created to enable meaningful auditing.
There is a concept of the Service Accounts within OSB, this can be used for HTTP user access but we are using an OWSM SOAP based policy that does not use these accounts. The OWSM policy needs to either have a user supplied (forwarded via service calls) or override the credentials with a credential key. If for example you are consuming from a JMS or database we may not have a user identity or we have only a static system user we will user credential keys.
We will now run through how to set up a credential key and connect it up to a business service.
ENTERPRISE MANAGER CONFIGURATION
We start by logging into the EM (Enterprise Manager), and then open the Weblogic Domain and right click on the domain to show the context menu.
In the domain context menu we will select Security > Credentials.
The existing credentials are shown; we are using an OWSM policy (oracle/wss_username_token_client_policy) therefore we need to create an oracle.wsm.security credential key.
We then hit the ‘Create Key’ button.
This will create a pop window for creating new credential keys.
The map needs to be ‘oracle.wsm.security’; the Key needs to be unique and should be something that explains the usage for operational support. The type is password and user is the system user ‘osbuser’ and the password is the actual system password setup in the system we are invoking. I also recommend entering a description of the key for later identification.
The server will show you a message for successful creation.
The key will now appear in the oracle.wsm.security group, the key must appear in here and in the correct group for the OWSM policy to use it. This is the end of the EM configurations, now we move over to the OSB console.
OSB CONFIGURATION
The first thing we need to do is to create an administration session (required to make modification). Once we have a session need to select the service that we want to add the security policy; we have selected a project and then select the outgoing business service BusinessService.
We need to go to the ‘Policies’ tab to see the applied policies.
We are using OWSM Policy Store; therefore we select the radio button which will enable the selection window.
The Add button will prompt you with a policy selection window. The policy that we want is ‘oracle/wss_username_token_client_policy’.
There are two pages the username policy is on the second page.
We will select the policy and hit the submit button.
The policy will appear in the policies tab; this then needs to applied via ‘Update’ button.
This will then show the successful message in the information panel.
This update will enable an additional tab, Security.
The security tab shows the configuration options for the policies that have been applied to the osb service.
The username token client policy will try to forward the identity; we want to set a system username. We will use the override value to set a static username/password.
We will return to the EM console to get the name of our ‘Credential Key’.
The credential key name is copied from the EM.
Into the ‘Override Value’ of the security tab in the service.
Once we entered the override value we will need to ‘Update’ the configuration to apply.
The information panel will display the confirmation of the update.
These changes are not yet active; we need to activate the session to apply these changes to the OSB.
As always we should enter a description and submit it to take effect.
We can then test that we have configured the security up correct. We have created a SOAPUI mock service and set the endpoint of the business service and do an execution. We can now see the message we have received.
As you can see the user token is now in the message and the username is that which we entered in the Enterprise Manager.
Friday, June 20, 2014
Weblogic SSL
http://techworldrocks.wordpress.com/2011/09/28/certicom-vs-jsse/
http://mavroprovato.net/blog/2013/05/16/use-jsse-ssl-for-weblogic-10/
http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#SSLOverview
http://mavroprovato.net/blog/2013/05/16/use-jsse-ssl-for-weblogic-10/
http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#SSLOverview
Tuesday, June 17, 2014
Single-Sign On with HttpClient
Recently we have to get rid of our Old Single Sign on Software(Siteminder) and had to onboard a new Single Sign on (OID/OIM). While doing so, not all of our applications are compatible with the new SSO application.
One of the requirements is,
We got an Production Existing Portal Application, (Say Portal-P) which is having a navigation link to another Web Application(Miserable-M). Portal-P is just having the static URL for Miserable-M and since both are SSO protected by Siteminder, the user specific credentials are being handled by Siteminder. Since we are removing Siteminder, the question is how the user credentials will be passed going P to M. To add to our woes, "Miserable-M" is also not LDAP compatible. But "M" has its own database where it will look for a "User Id"(No Passwords) for "Authorization" purposes.
So we removed the Siteminder protection to M and using Fiddler I captured all the http events happening at the background. There are multiple http request/responses that were happening before the actual user look up in M. Then I used Apache HttpClient Code to connect to M for authenticating a session. I got this code embedded into Portal-P. So when a user clicks on the Navigation link for "M", there will be a server call(Ajax or Servlet or Managed Bean) to get an authenticated session id and then a window.open() is used to open the new window in a popup.
http://stackoverflow.com/questions/133925/javascript-post-request-like-a-form-submit
http://stackoverflow.com/questions/5554896/window-open-post
http://www.mywebexperiences.com/2008/01/26/send-a-post-request-to-a-popup/
http://taswar.zeytinsoft.com/2010/07/08/javascript-http-post-data-to-new-window-or-pop-up/
http://stackoverflow.com/questions/220231/accessing-the-web-pages-http-headers-in-javascript
http://stackoverflow.com/questions/17829983/window-open-location-no-address-bar-is-not-visible-in-ie
http://stackoverflow.com/questions/14146883/how-can-i-open-a-window-popup-in-servlet-and-then-redirect-a-page
http://www.java-forums.org/javaserver-pages-jsp-jstl/38370-how-use-window-open-jsp-call-servlet-open-jsp-new-window.html
http://stackoverflow.com/questions/245124/setting-onload-event-for-newly-opened-window-in-ie6
http://stackoverflow.com/questions/1185305/add-onload-function-to-an-opening-window
http://stackoverflow.com/questions/14146883/how-can-i-open-a-window-popup-in-servlet-and-then-redirect-a-page
http://www.w3schools.com/jsref/met_win_open.asp
http://www.howtocreate.co.uk/perfectPopups.html
http://theheat.dk/blog/?p=2059
One of the requirements is,
We got an Production Existing Portal Application, (Say Portal-P) which is having a navigation link to another Web Application(Miserable-M). Portal-P is just having the static URL for Miserable-M and since both are SSO protected by Siteminder, the user specific credentials are being handled by Siteminder. Since we are removing Siteminder, the question is how the user credentials will be passed going P to M. To add to our woes, "Miserable-M" is also not LDAP compatible. But "M" has its own database where it will look for a "User Id"(No Passwords) for "Authorization" purposes.
So we removed the Siteminder protection to M and using Fiddler I captured all the http events happening at the background. There are multiple http request/responses that were happening before the actual user look up in M. Then I used Apache HttpClient Code to connect to M for authenticating a session. I got this code embedded into Portal-P. So when a user clicks on the Navigation link for "M", there will be a server call(Ajax or Servlet or Managed Bean) to get an authenticated session id and then a window.open() is used to open the new window in a popup.
http://stackoverflow.com/questions/133925/javascript-post-request-like-a-form-submit
http://stackoverflow.com/questions/5554896/window-open-post
http://www.mywebexperiences.com/2008/01/26/send-a-post-request-to-a-popup/
http://taswar.zeytinsoft.com/2010/07/08/javascript-http-post-data-to-new-window-or-pop-up/
http://stackoverflow.com/questions/220231/accessing-the-web-pages-http-headers-in-javascript
http://stackoverflow.com/questions/17829983/window-open-location-no-address-bar-is-not-visible-in-ie
http://stackoverflow.com/questions/14146883/how-can-i-open-a-window-popup-in-servlet-and-then-redirect-a-page
http://www.java-forums.org/javaserver-pages-jsp-jstl/38370-how-use-window-open-jsp-call-servlet-open-jsp-new-window.html
http://stackoverflow.com/questions/245124/setting-onload-event-for-newly-opened-window-in-ie6
http://stackoverflow.com/questions/1185305/add-onload-function-to-an-opening-window
http://stackoverflow.com/questions/14146883/how-can-i-open-a-window-popup-in-servlet-and-then-redirect-a-page
http://www.w3schools.com/jsref/met_win_open.asp
http://www.howtocreate.co.uk/perfectPopups.html
http://theheat.dk/blog/?p=2059
Thursday, June 5, 2014
Datasource/Admin Password Decryption in Weblogic
Original Source: http://techtapas.blogspot.com/2011/05/how-to-decrypt-weblogic-passwords-with.html
How to decrypt WebLogic passwords with WLST
Sooner or later you will find the situation where you do not remember any of the WebLogic Server password’s stored in the configuration files.
Some examples are:
a) The WebLogic Server administrator credentials (username and password) stored in the files config.xml and boot.properties
b) Node Manager password, stored also in the config.xml file (if you still have the default password, don’t wait and change it know!!)
c) Database password used by the JDBC Data Sources and stored in the file[DOMAIN_HOME]/config/jdbc/[datasource_name].xml
So, how to decrypt this data in 3 easy steps. Just follow this techtapa recipe:
Ingredients:
- 1 WLST script
- The path of the WebLogic Server domain
- The encrypted field, for example, username and password from boot.properties
Preparation:
1. Copy this WLST script (you can also download it here).
2. Set your environment (CLASSPATH, PATH,..). Open a console, go to[FMW_HOME]/wlserver_10.3/server/bin/ and run the script setWLSEnv.sh:
$ . ./setWLSEnv.sh
3.Run the script. Go to the path where you copied the WLST script ( decryptPassword.py) and run it. You must provide two arguments, the WebLogic Server domain Home full path and the string you want to decrypt, for example:
$ java weblogic.WLST decryptPassword.py /opt/oracle/Middleware/user_projects/domains/base_domain {AES}LU5dLPP0PliNb5Ml1Fo7rD2AbNFwLcyLtYUEDTb+8zY\=
Some examples are:
a) The WebLogic Server administrator credentials (username and password) stored in the files config.xml and boot.properties
b) Node Manager password, stored also in the config.xml file (if you still have the default password, don’t wait and change it know!!)
c) Database password used by the JDBC Data Sources and stored in the file[DOMAIN_HOME]/config/jdbc/[datasource_name].xml
So, how to decrypt this data in 3 easy steps. Just follow this techtapa recipe:
Ingredients:
- 1 WLST script
- The path of the WebLogic Server domain
- The encrypted field, for example, username and password from boot.properties
Preparation:
1. Copy this WLST script (you can also download it here).
import os import weblogic.security.internal.SerializedSystemIni import weblogic.security.internal.encryption.ClearOrEncryptedService def decrypt(domainHomeName, encryptedPwd): domainHomeAbsolutePath = os.path.abspath(domainHomeName) encryptionService = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domainHomeAbsolutePath) ces = weblogic.security.internal.encryption.ClearOrEncryptedService(encryptionService) clear = ces.decrypt(encryptedPwd) print "RESULT:" + clear try: if len(sys.argv) == 3: decrypt(sys.argv[1], sys.argv[2]) else: print "INVALID ARGUMENTS" print " Usage: java weblogic.WLST decryptPassword.py DOMAIN_HOME ENCRYPTED_PASSWORD" print " Example:" print " java weblogic.WLST decryptPassword.py D:/Oracle/Middleware/user_projects/domains/base_domain {AES}819R5h3JUS9fAcPmF58p9Wb3syTJxFl0t8NInD/ykkE=" except: print "Unexpected error: ", sys.exc_info()[0] dumpStack() raise
2. Set your environment (CLASSPATH, PATH,..). Open a console, go to[FMW_HOME]/wlserver_10.3/server/bin/ and run the script setWLSEnv.sh:
$ . ./setWLSEnv.sh
3.Run the script. Go to the path where you copied the WLST script ( decryptPassword.py) and run it. You must provide two arguments, the WebLogic Server domain Home full path and the string you want to decrypt, for example:
$ java weblogic.WLST decryptPassword.py /opt/oracle/Middleware/user_projects/domains/base_domain {AES}LU5dLPP0PliNb5Ml1Fo7rD2AbNFwLcyLtYUEDTb+8zY\=
Subscribe to:
Posts (Atom)