2 How to Modify WLEC Applications for Oracle WebLogic Tuxedo Connector

The following sections provide information on the steps required to convert your WLEC applications for use with Oracle WebLogic Tuxedo Connector:

• How to Modify Your Tuxedo Environment

• How to Modify Your WebLogic Server Environment

• How to Modify WLEC Applications

How to Modify Your Tuxedo Environment

Tuxedo users need to make the environment changes described in the following sections:

• Create a Tuxedo dmconfig File

• Modify the Tuxedo UBBCONFIG File

Create a Tuxedo dmconfig File

A new dmconfig file must be created to provide connectivity between your Tuxedo and WebLogic Server applications. For more information on how to create Tuxedo domains, see Planning and Configuring CORBA Domains at http://e-docs.bea.com/tuxedo/tux90/add/adcorb.htm.

Modify the Tuxedo UBBCONFIG File

You need to modify the UBBCONFIG file so your application uses the Tuxedo /T Domain gateway. To do this, add the Tuxedo domain servers to the *SERVERS section of this file.

For example:

DMADM SRVGRP=SYS_GRP SRVID=7
GWADM SRVGRP=SYS_GRP SRVID=8
GWTDOMAIN SRVGRP=SYS_GRP SRVID=9

Oracle WebLogic Tuxedo Connector does not use ISL. If you no longer have other applications that require ISL, you can remove the ISL from the *SERVERS section from the UBBCONFIG file. Alternatively, you may comment out the ISL, as in the following example:

#     ISL
#          SRVGRP  = SYS_GRP
#          SRVID   = 5
#           CLOPT   = "-A -- -n //lchp15:2468 -d /dev/tcp"

How to Modify Your WebLogic Server Environment

The following sections explain how to modify your WebLogic Server Environment.

• How to Configure Oracle WebLogic Tuxedo Connector

• How to Update the ejb-jar.xml File

How to Configure Oracle WebLogic Tuxedo Connector

Note:

For more information on how to configure Oracle WebLogic Tuxedo Connector, see "Configuring Oracle WebLogic Tuxedo Connector for Your Applications" in WebLogic Tuxedo Connector Administration Guide for Oracle WebLogic Server.

This section provides basic information about creating a WTC Service for a migrated WLEC application using the WebLogic Server Administration Console. A WTC Service represents configuration information that WebLogic Server uses to create a connection to a Tuxedo application. Typical WTC Service configurations for migrated WLEC applications consist of a local Tuxedo access point, a remote Tuxedo access point, and an imported service.

Complete the steps described in the following sections to create a configuration to administer your application:

1. Create a WTC Service

2. Create a Local Tuxedo Access Point

3. Create a Remote Tuxedo Access Point

4. Create an Imported Service

Create a WTC Service

To create and configure a WTC service using the WebLogic Server Administration Console:

1. In the Administration Console, expand Interoperability and select WTC Servers in the navigation tree.

2. On the WTC Servers page, click New.

3. On the Create a New WTC Server page, enter the name of your WTC Service in the Name field. For example, mySimpapp.

4. Click OK.

Your new WTC Service appears in the WTC Servers list.

Create a Local Tuxedo Access Point

Note:

When configuring the Network Address for a local access point, the port number used should be different from any port numbers assigned to other processes. For example, setting the Network Address to //mymachine:7001 is not valid if the WebLogic Server listening port is assigned to //mymachine:7001.

To configure a local Tuxedo access point:

1. In the Administration Console, expand Interoperability and select WTC Servers.

2. On the WTC Servers page, click the name of a WTC Service, such as mySimpapp, to access the settings page.

3. Click the Local APs tab.

4. Enter the following values for the following fields on the WTC Local Access Points page:

   • In Access Point, enter a name that uniquely identifies this local Tuxedo access point within a WTC Service configuration. This allows you to create Local Tuxedo Access Point configurations that have the same Access Point ID.

   • In Access Point Id, enter the connection name used when establishing a session connection to remote Tuxedo access points. The Access Point Id must match the corresponding DOMAINID in the *DM_REMOTE_DOMAINS section of your Tuxedo DMCONFIG file.

   • In Network Address, enter the network address and port for this local Tuxedo access point. For example, //123.123.123.123:5678.

5. Click OK.

6. If you are connecting to a Tuxedo 6.5 domain:

   1. Click the Connections tab.

   2. Set the Interoperate field to Yes.

   3. Click Save.

Create a Remote Tuxedo Access Point

To configure a remote Tuxedo access point:

1. In the Administration Console, expand Interoperability and select WTC Servers.

2. On the WTC Servers page, click the name of a WTC Service, such as mySimpapp.

3. Click the Remote APs tab.

4. Enter the following values for the following fields on the WTC Remote Access Points page:

   • In Access Point, enter a name that uniquely identifies this remote Tuxedo access point within a WTC Service configuration. This allows you to create Remote Tuxedo Access Point configurations that have the same Access Point ID.

   • In Access Point Id, enter the connection name used to identify a remote Tuxedo access point when establishing a connection to a local Tuxedo access point. The Access Point Id of a remote Tuxedo access point must match the corresponding DOMAINID in the *DM_LOCAL_DOMAINS section of your Tuxedo DMCONFIG file.

   • In Local Access Point, enter the name of the local access point for this remote domain.

   • In Network Address, enter the network address and port for this remote domain. For example, //123.123.123.123:1234.

5. Click OK.

Create an Imported Service

To configure an imported service:

1. In the Administration Console, expand Interoperability and select WTC Servers.

2. On the WTC Servers page, click the name of a WTC Service, such as mySimpapp.

3. Click the Imported tab.

4. Enter the following values for the following fields on the WTC Imported Services page:

   • In Resource Name, enter a name to identify this imported service configuration. This name allows you create unique Imported Services configurations that have the same Remote Name within a WTC Service.

   • Set Local Access Point to the name of the Local Tuxedo Access Point that uses the service.

   • In Remote Access Point List, enter a list of Remote Access Point names that offer this imported service.

   • In Remote Name, enter //domain_id where domain_id is the DOMAINID specified in the Tuxedo UBBCONFIG file. The maximum length of this unique identifier for CORBA domains is 15 characters and includes the //. For example, //simpappff.

5. Click OK.

How to Update the ejb-jar.xml File

Oracle WebLogic Tuxedo Connector uses the Domain gateway to connect WebLogic and Tuxedo applications. IIOP connection pool are not used and the descriptors can be removed from the ejb-jar.xml file. The following is a code snippet from the wlec/ejb/simpapp example:

Example 2-1 IIOP Connection Pool Descriptors for the wlec/ejb/simpapp Example

.
.
.
<env-entry>
         <env-entry-name>IIOPPoolName</env-entry-name>
         <env-entry-type>java.lang.String</env-entry-type>
         <env-entry-value>simplepool</env-entry-value>
       </env-entry>
.
.
.

How to Modify WLEC Applications

The following sections explain how to modify WLEC applications to interoperate with WebLogic Server and Tuxedo CORBA objects using Oracle WebLogic Tuxedo Connector:

• How to Modify WLEC EJBs to Reference CORBA Objects Used by Oracle WebLogic Tuxedo Connector

• Transaction Issues

How to Modify WLEC EJBs to Reference CORBA Objects Used by Oracle WebLogic Tuxedo Connector

Complete the steps described in the following sections to modify your EJB so that it uses Oracle WebLogic Tuxedo Connector to invoke CORBA objects deployed in Tuxedo:

• Initialize the WTC ORB

• Use the ORB to get the FactoryFinder Object

Initialize the WTC ORB

WLEC uses the weblogic.jndi.WLInitialContextFactory to return a context used by the Tobj_Bootstrap object.

Properties p = new Properties();
p.put(Context.INITIAL_CONTEXT_FACTORY,
     "weblogic.jndi.WLInitialContextFactory");
InitialContext ic = new InitialContext(p);
rootCtx = (Context)ic.lookup("java:comp/env");

Replace the WLEC context reference and instantiate the WTC ORB in your Bean. For example:

// Initialize the ORB.
String args[] = null;
Properties Prop;
Prop = new Properties();
Prop.put("org.omg.CORBA.ORBClass",
"weblogic.wtc.corba.ORB");

orb = (ORB)new InitialContext().lookup("java:comp/ORB");

Use the ORB to get the FactoryFinder Object

Each WLEC connection pool has a Tobj_Bootstrap FactoryFinder object used to access the Tuxedo domain. For example:

Tobj_Bootstrap myBootstrap = Tobj_BootstrapFactory.getClientContext("myPool");
org.omg.CORBA.Object myFFObject = 
    myBootstrap.resolve_initial_references("FactoryFinder");

Remove references to the Tobj_Bootstrap Factory Finder object. Use the following method to obtain the FactoryFinder object using the ORB:

// String to Object.
org.omg.CORBA.Object fact_finder_oref =               orb.string_to_
object("corbaloc:tgiop:simpapp/FactoryFinder");

// Narrow the factory finder.
FactoryFinder fact_finder_ref =
FactoryFinderHelper.narrow(fact_finder_oref);

// Use the factory finder to find the simple factory.
org.omg.CORBA.Object simple_fact_oref =
fact_finder_ref.find_one_factory_by_id(SimpleFactoryHelper.id());

Transaction Issues

Note:

For more information how to implement JTA transactions, see Programming JTA for Oracle WebLogic Server.

The following section provides information about how to modify WLEC applications that use transactions.

• WLEC applications using JTA transactions require no changes.

• WLEC applications using CosTransactions need to convert to JTA. If the WLEC client is running within a transaction and needs to invoke a new CosTransaction, the new transaction is implemented in a new transaction context. To implement the same behavior in JTA, do the following:

  • Suspend the original transaction.

  • Start a new transaction.

  • Resume the original transaction after the new transaction has been completed.

How to Manage Security Issues Migrating from WLEC to WTC

The following table provides some mapping guidelines for security issues between WLEC and WTC as well as their relationship to Tuxedo.

Table 2-1 Security Mapping Guidelines Migrating from WLEC to WTC

WLEC Security Items	Map to in WTC/WLS	Tuxedo
user name	Access the WTC Servers page and click the Local APs tab. Use the user name in the Access Point ID field.	DOMAINID in the DM_REMOTE_DOMAINS section of the DMCONFIG file
user password	Password pair in the password (rather than one password, you must define one for the local access point and one for the remote access point to form mutual authentication.) You can use the weblogic.wtc.gwt.genpasswd utility to generate the encrypted password pair and then cut and paste to the Console WTC Password page.	Use dmadmin to add the password pair to each defined TDomain session.
role	Not supported. WTC depends on impersonating user and uses the impersonated user role defined in Tuxedo.	Not applicable
application password	The password in the WTC Resources page. Use the weblogic.wtc.gwt.genpasswd utility to generate the encrypted application password.	No special configuration needs.
min encryption level	Access the WTC Servers page and click the name of a WTC Service. Click Remote APs tab. Click the Security tab and select the Min Encryption Level required.	MINENCRYPTBITS in the DM_TDOMAIN section of the DMCONFIG file.
max encryption level	Access the WTC Servers page and click the name of a WTC Service. Click Remote APs tab. Click the Security tab and select the Max Encryption Level required.	MAXENCRYPTBITS in the DM_TDOMAIN section of the DMCONFIG file.
certificate auth	Not supported.	Not applicable
security context propagation	Access the WTC Servers page and click the name of a WTC Service. Click Remote APs tab. Click the Security tab and select Global for the Credential Policy field to propagate user credential to Tuxedo.	ACL="GLOBAL" in the DM_REMOTE_DOMAINS section of the DMCONFIG file.

The following considerations may assist you in understanding how your current WLEC security can map to WTC and Tuxedo security.

• The WLEC user name in the certificate can be used as your Access Point ID in the WTC Local APs page.

• You must configure Access Point ID in the WTC Remote APs page using the remote Tuxedo domain gateway's DOMAINID. (This DOMAINID should be one of the entries in the DM_LOCAL_DOMAINS section in the DMCONFIG file.)

• You must configure the user in both Tuxedo and WTC if you want security context propagation.

• If you do not want security context propagation, do not configure credential-policy. By default, credential-policy is set to "LOCAL" which means no propagation. Also, do not configure ACL_POLICY in Tuxedo. By default ACL_POLICY is set to "LOCAL" which means do not accept any remote security context received. In this case, if the Tuxedo security level is higher than USER_AUTH, then the DOMAINID for WTC which is configured in the DM_REMOTE_DOMAINS section of the DMCONFIG file is used.

• From the Security tab of the WTC Local APs page, select Domain Password for the Security field. You need to configure 'SECURITY="DM_PW"' in one of the entries in DM_LOCAL_DOMAINS section of the DMCONFIG file for Tuxedo. In this case, password must be configured for both WTC and the TDomain Gateway and application password is not required.

• If you do not want to set Security to Domain Password, you can set it to Application Password. In this case, you do not have to configure password pair in the WTC Passwords page, but you need to configure App Password and App Password IV fields in the WTC Resources page.