Using Web Server Plug-Ins with WebLogic Server
The Microsoft Internet Information Server Plug-In proxies requests from a Microsoft Internet Information Server (IIS) to WebLogic Server. The plug-in enhances an IIS installation by allowing WebLogic Server to handle those requests that require the dynamic functionality of WebLogic Server.
You use the Microsoft Internet Information Server Plug-In in an environment where the Internet Information Server (IIS) serves static pages such as HTML pages, while dynamic pages such as HTTP Servlets or JavaServer Pages are served by WebLogic Server. WebLogic Server may be operating in a different process, possibly on a different host. To the end user—the browser—the HTTP requests delegated to WebLogic Server still appear to be coming from IIS. The HTTP-tunneling facility of the WebLogic client-server protocol also operates through the plug-in, providing access to all WebLogic Server services.
You target a WebLogic Server instance using the WebLogicHost and WebLogicPort parameters in the plug-in configuration file. You target a WebLogic Server cluster or group of non-clustered servers using the WebLogicCluster parameter. For information about setting plug-in parameters, see Parameters for Web Server Plug-Ins.
The Microsoft Internet Information Server Plug-In improves connection performance by using a pool of connections from the plug-in to WebLogic Server. The plug-in implements HTTP 1.1 keep-alive connections between the plug-in and WebLogic Server by re-using the same connection for subsequent requests from the same client. If the connection is inactive for more than 30 seconds, (or a user-defined amount of time) the connection is closed. The connection with the client can be reused to connect to the same client at a later time if it has not timed out. You can disable this feature if desired. For more information, see KeepAliveEnabled.
The Microsoft Internet Information Server Plug-In is supported on Windows. Plug-ins are not supported on all operating systems for all releases. For information on platform support for specific versions of Microsoft Internet Information Server Plug-In, see Platform Support for WebLogic Server Plug-ins and Web Servers in Supported Configurations for WebLogic Server 8.1.
The WebLogic Server plug-in module for the Microsoft Internet Information Server is a dynamic link library called
iisproxy.dll. It is supported by an
iisproxy.ini file that contains name=value pairs that define configuration parameters for the plug-in.
iisproxy.dllfile from the WL_HOME/server
/bindirectory of your WebLogic Server installation (where WL_HOME represents the top-level directory for the WebLogic Platform and Server and contains the WebLogic Server installation files) into a convenient directory that is accessible to IIS. BEA recommends that this directory also contain the
iisproxy.inifile that you will create in step 4. Set the user permissions for the iisproxy.dll file to include the name of the user who will be running IIS. One way to do this is by right clicking on the iisproxy.dll file and selecting Permissions, then adding the username of the person who will be running IIS.
iisproxy.dllfile exists; now it checks that files requested from the proxy exist in the root directory of the Web server. If the check does not find the files there, the
iisproxy.dllfile will not be allowed to proxy requests to WebLogic Server.
iisproxy.inifile.) Proxying by path takes precedence over proxying by MIME type.
You can also proxy multiple websites defined in IIS by path. For more information, see Proxying Requests from Multiple Virtual Websites to WebLogic Server.
iisforward.dllfile in the same directory as the
iisproxy.dllfile and add the
iisforward.dllfile as a filter service in IIS (WebSite Properties
iisforward dll). Set the user permissions for the iisforward.dll file to include the name of the user who will be running IIS. One way to do this is by right clicking on the iisproxy.dll file and selecting Permissions, then adding the username of the person who will be running IIS.
WlForwardPathdefines the path that is proxied to WebLogic Server, for example:
WlForwardPathwhen necessary. For example, using
DefaultFileNameparameter to the name of the welcome page of the Web Application to which the request is being proxied. The value of this parameter is appended to the URL.
iisproxy.ini file contains name=value pairs that define configuration parameters for the plug-in. The parameters are listed in General Parameters for Web Server Plug-Ins.
Use the example
iisproxy.ini file in this section (Sample iisproxy.ini File on page 3-9) as a template for your
BEA recommends that you locate the
iisproxy.ini file in the same directory that contains the
iisproxy.dll file. If you place the file elsewhere, note that WebLogic Server searches for
iisproxy.ini in the following directories, in the following order:
iisproxy.inifile. For example:
iisproxy.inifile. For example:
iisproxy.inifile. A complete list of parameters is available in the appendix General Parameters for Web Server Plug-Ins.
iisproxy.dll. Use the IIS Manager console to enable the Plug-In:
inifiles used to define the proxy.
iisforward.ini. Place this file in the same directory that contains
iisforward.dll. This file should contain the following entry for each virtual website defined in IIS:
Nis an integer representing the virtual website. The first virtual website you define should use the integer 1 and each subsequent website should increment this number by 1.
websiteNameis the name of the virtual website as registered with IIS.
portis the port number where IIS listens for HTTP requests.
dll_directoryis the path to the directory you created in step 1 of Installing and Configuring the Microsoft Internet Information Server Plug-In.
iisproxy.inifile for the virtual Web sites, as described in step 4 of this procedure. Copy this
iispoxy.inifile to the directory you created in step 1 of this procedure.
A WebLogic Identity Assertion Provider authenticates tokens from outside systems that access your WebLogic Server application, including users who access your WebLogic Server application through the Microsoft Internet Information Server Plug-In. Create an Identity Assertion Provider that will safely secure your Plug-In as follows:
clientCertProxyattribute to True in the
web.xmldeployment descriptor file for the Web application (if using a cluster, you can instead set the
ClientCertProxyEnabledattribute to true for the whole cluster on the Administration Console Cluster-->Configuration-->General tab). See context-param in Developing Web Applications for WebLogic Server.
clientCertProxy, be sure to use a connection filter to ensure that WebLogic Server accepts connections only from the machine on which the Microsoft Internet Information Server Plug-In is running. See Using Network Connection Filters in Programming WebLogic Security.
See Identity Assertion Providers in Developing Security Providers for WebLogic Server for more information about Identity Assertion Providers.
You can use the Secure Sockets Layer (SSL) protocol to protect the connection between WebLogic Server and the Microsoft Internet Information Server Plug-In. The SSL protocol provides confidentiality and integrity to the data passed between the Microsoft Internet Information Server Plug-In and WebLogic Server.
The Microsoft Internet Information Server Plug-In does not use the transport protocol (
https) to determine whether the SSL protocol will be used to protect the connection between the proxy plug-in and the Microsoft Internet Information Server. In order to use the SSL protocol with the Microsoft Internet Information Server Plug-In, configure the WebLogic Server instance receiving the proxied requests to use the SSL protocol. The port on the WebLogic Server that is configured for secure SSL communication is used by the Microsoft Internet Information Server Plug-In to communicate with the Microsoft Internet Information Server.
WebLogicPortparameter in the
iisproxy.inifile to the listen port configured in step 2.
keytoolutility to export a trusted Certificate Authority file from the
DemoTrust.jkskeystore file that resides in
iisproxy.inifile that define the SSL connection. For a complete list of parameters, see SSL Parameters for Web Server Plug-Ins.
You can proxy servlets by path if the
iisforward.dll is registered as a filter service in IIS (WebSite Properties-->ISAPI-->Filters tab). You would then invoke your servlet with a URL similar to the following:
virtualName is the URL pattern defined in the
<servlet-mapping> element of the Web Application deployment descriptor (
web.xml) for this servlet and
ext is a file type (extension) registered with IIS for proxying to WebLogic Server. The
anyfile part of the URL is ignored in this context.
.jpg) with IIS. You can, however, choose to serve these images directly from IIS if desired.
When the Microsoft Internet Information Server Plug-In attempts to connect to WebLogic Server, the plug-in uses several configuration parameters to determine how long to wait for connections to the WebLogic Server host, and, after a connection is established, how long the plug-in waits for a response. If the plug-in cannot connect or does not receive a response, the plug-in attempts to connect and sends the request to other WebLogic Servers in the cluster. If the connection fails or there is no response from any WebLogic Server instance in the cluster, an error message is sent.
Figure 3-1 demonstrates how the plug-in handles failover.
Failure of any WebLogic Server instance in the cluster to respond, could indicate that WebLogic Server is not running or is unavailable, a hung server, a database problem, or other application failure.
If you are running a single instance or multiple non-clustered instances of WebLogic Server, the plug-in only attempts to connect to the server defined with the WebLogicHost parameter. If the attempt fails, an
HTTP 503 error message is returned. The plug-in continues trying to connect to WebLogic Server until ConnectTimeoutSecs is exceeded.
When you specify a list of WebLogic Server instances in the
WebLogicCluster parameter, the plug-in uses that list as a starting point for load balancing among the members of the cluster. After the first request is routed to one of these servers, a dynamic server list is returned containing an updated list of servers in the cluster. The updated list adds any new servers in the cluster and deletes any that are no longer part of the cluster or that have failed to respond to requests. This list is updated automatically with the HTTP response when a change in the cluster occurs.
When a request contains a session information stored in a cookie, in the POST data, or by URL encoding, the session ID contains a reference to the specific server in which the session was originally established (called the primary server) and a reference to an additional server where the original session is replicated (called the secondary server). A request containing a cookie attempts to connect to the primary server. If that attempt fails, the request is routed to the secondary server. If both the primary and secondary servers fail, the session is lost and the plug-in attempts to make a fresh connection to another server in the dynamic cluster list. For more information see Figure 3-1 Connection Failover.
Note: If the POST data is larger than 64K, the plug-in will not parse the POST data to obtain the session ID. Therefore, if you store the session ID in the POST data, the plug-in cannot route the request to the correct primary or secondary server, resulting in possible loss of session data.
WebLogicPortwas specified in the
WebLogicHostparameter specified in the
httpd.conffile, exceeds 65535.
POSTdata from client.
POSTdata to the temp file.
POSTdata from the temp file.