Fusion Middleware Documentation
Advanced Search


Command Reference for Oracle WebLogic Server
Close Window

Table of Contents

Show All | Collapse

3 weblogic.Server Command-Line Reference

This chapter describes the use of the weblogic.Server class.

The weblogic.Server class is the main class for a WebLogic Server instance. You start a server instance by invoking weblogic.Server in a Java command. You can invoke the class directly in a command prompt (shell), indirectly through scripts, or through the Node Manager.

Oracle recommends using java weblogic.Server primarily for initial development but not as a standard mechanism for starting production systems for the following reasons:

  • java weblogic.Server will not function if you select a product directory outside of the ORACLE_HOME directory.

  • When executing java weblogic.Server, patches will not be recognized by the WebLogic Server run time.

This chapter includes the following sections:

For information about using scripts to start an instance of WebLogic Server, see "Starting an Administration Server with a Startup Script" and "Starting Managed Servers With a Startup Script" in Administering Server Startup and Shutdown for Oracle WebLogic Server.

For information about using the Node Manager to start an instance of WebLogic Server, see "Using Node Manager to Control Servers" in the Administering Node Manager for Oracle WebLogic Server.

Required Environment and Syntax for weblogic.Server

This section describes the environment that you must set up before you can start a server instance. Then it describes the syntax for invoking weblogic.Server.

Environment

To set up your environment for the weblogic.Server command:

  1. Install and configure the WebLogic Server software, as described in Installing and Configuring Oracle WebLogic Server and Coherence.

  2. If desired, modify the CLASSPATH environment variable, as described in Modifying the Classpath.

  3. Include a Java Virtual Machine (JVM) in your PATH environment variable. You can use any JVM that is listed in Supported Configurations.

    If you do not include a JVM in the PATH environment variable, you must provide a pathname for the Java executable file that the JVM provides.

Modifying the Classpath

After installation, WebLogic Server's classpath is already set, but you may choose to modify it for a number of reasons such as adding a patch to WebLogic Server, updating the version of Derby you are using, or adding support for Log4j logging.

To apply a patch to ALL of your WebLogic Server domains without the need to modify the classpath of a domain, give the patch JAR file the name, weblogic_sp.jar, and copy it into the WL_HOME/server/lib directory. The commEnv.cmd/sh script will automatically include a JAR named weblogic_sp on the classpath for you.

If you would rather not use the name weblogic_sp.jar for your patch file or you would just like to make sure a JAR file, such as one mentioned below, comes before weblogic.jar on the classpath:

  • For ALL domains, edit the commEnv.cmd/sh script in WL_HOME/common/bin and prepend your JAR file to the WEBLOGIC_CLASSPATH environment variable.

  • To apply a patch to a SPECIFIC WebLogic Server domain, edit the setDomainEnv.cmd/sh script in that domain's bin directory, and prepend the JAR file to the PRE_CLASSPATH environment variable.

    Note:

    setDomainEnv is designed to be sourced from other scripts, such as the startWebLogic script. setDomainEnv should not be called directly from within an interactive shell. Doing so can cause unpredictable issues in the domain.

If you use Derby, the open-source all-Java database management system included with Oracle WebLogic Server for use by the sample applications and code examples, include the following files on the classpath:

  • WL_HOME/common/derby/lib/derbyclient.jar - for the driver on the client side

  • WL_HOME/common/derby/lib/derbynet.jar and WL_HOME/common/derby/lib/derby.jar - for running the Derby network server

If you use WebLogic Enterprise Connectivity, include the following files on the classpath:

WL_HOME/server/lib/wlepool.jar

WL_HOME/server/lib/wleorb.jar 

If you use Log4j logging, include the following file on the classpath:

WL_HOME/server/lib/log4j.jar 

The shell environment in which you run a server determines which character you use to separate path elements. On Windows, you typically use a semicolon (;). In a BASH shell, you typically use a colon (:).

Syntax

The syntax for invoking weblogic.Server is as follows:

java [options] weblogic.Server [-help]

The java weblogic.Server -help command returns a list of frequently used options.

Default Behavior

If you have set up the required environment described in Environment, when you enter the command java weblogic.Server with no options, WebLogic Server does the following:

  1. Looks in the domain_name/config directory for a file named config.xml.

  2. If config.xml exists in the domain_name/config directory, WebLogic Server does the following:

    1. If only one server instance is defined in config/config.xml, it starts that server instance.

      For example, if you issue java weblogic.Server from ORACLE_HOME\user_projects\domains\medrec, WebLogic Server starts the MedRec server.

    2. If there are multiple server instances defined in config/config.xml:

      • If an Administration Server is defined, it looks for the server with that name.

      • If an Administration Server is not defined, it looks for a server configuration named myserver. If it finds such a server configuration, it starts the myserver instance.

      • If it does not find a server named myserver, WebLogic Server exits the weblogic.Server process and generates an error message.

  3. If there is no config.xml file in the current directory, WebLogic Server prompts you to create one. If you respond y, WebLogic Server does the following:

    1. Creates a server configuration named myserver, and persists the configuration in a file named config/config.xml.

      Any options that you specify are persisted to the config.xml file. For example, if you specify -Dweblogic.ListenPort=8001, then WebLogic Server saves 8001 in the config.xml file. For any options that you do not specify, the server instance uses default values.

      You can configure WebLogic Server to make backup copies of the configuration files. This facilitates recovery in cases where configuration changes need to be reversed or the unlikely case that configuration files become corrupted. For more information, see "Configuration File Archiving" in Understanding Domain Configuration for Oracle WebLogic Server.

    2. Uses the username and password that you supply to create a user with administrative privileges. It stores the definition of this user along with other basic, security-related data in domain_name/security files named DefaultAuthenticatorInit.ldift, DefaultRoleMapperInit.ldift, and SerializedSystemIni.dat.

      WebLogic Server also encrypts and stores your username and password in a server_name/security/boot.properties file, which enables you to bypass the login prompt during subsequent instantiations of the server. For more information, see "Boot Identity Files" in Administering Server Startup and Shutdown for Oracle WebLogic Server.

    3. Creates two scripts, bin/startWebLogic.cmd and bin/startWebLogic.sh, which you can use to start subsequent instantiations of the server. You can use a text editor to modify startup options such as whether the server starts in production mode or development mode. The startWebLogic script contains comments that describe each option.

    Note that the server starts as an Administration Server in a new domain. There are no other servers in this domain, nor are any of your deployments or third-party solutions included. You can add them as you would add them to any WebLogic domain.

weblogic.Server Configuration Options

You can use weblogic.Server options to configure the attributes of a server instance. The following attributes are commonly used when starting a server instance:

WebLogic Server provides other startup options that enable you to temporarily override a server's saved configuration. For information about these startup options, see Options that Override a Server's Configuration.

Unless you are creating a new domain as described in Using the weblogic.Server Command Line to Create a Domain, all startup options apply to the current server instantiation; they do not modify the persisted values in an existing config.xml file. Use the Administration Console or WebLogic Scripting Tool (WLST) to modify the config.xml file. See "Creating Domains Using WLST Offline" in Understanding the WebLogic Scripting Tool.

For information on verifying the WebLogic Server attribute values that you set, see Verifying Attribute Values That Are Set on the Command Line.

JVM Parameters

Table 3-1 describes frequently used options that configure the Java Virtual Machine (JVM) in which the server instance runs. For a complete list of JVM options, see the documentation for your specific JVM. For a list of JVMs that can be used with WebLogic Server, see Supported Configurations.

Table 3-1 Frequently Used Options for Setting JVM Parameters

Option Description
-Xms and -Xmx

Specify the minimum and maximum values (in megabytes) for Java heap memory.

For example, you might want to start the server with the default allocation of 256 megabytes of Java heap memory to the WebLogic Server. To do so, start the server using the java -Xms256m and -Xmx512m options.

The values assigned to these parameters can dramatically affect the performance of your WebLogic Server and are provided here only as general defaults. In a production environment you should carefully consider the correct memory heap size to use for your applications and environment.

-classpath 

The minimum content for this option is described under Modifying the Classpath.

Instead of using this argument, you can use the CLASSPATH environment variable to specify the classpath.

-client
-server 

Used by some JVMs to start a HotSpot virtual machine, which enhances performance. For a list of JVMs that can be used with WebLogic Server, see Supported Configurations.

-Dfile.encoding=Canonical Name weblogic.Server

To display special characters on Linux browsers, set the JVM's file.encoding system property to ISO8859_1. For example:

java -Dfile.encoding=ISO8859_1 weblogic.Server

For a complete listing, see the Supported Encodings page available at http://docs.oracle.com/javase/7/docs/technotes/guides/intl/encoding.doc.html.


Location of Configuration Data

All server instances must have access to configuration data. Table 3-2 provides options for indicating the location of this data.

Table 3-2 Options for Indicating the Location of Configuration Data

Option Description
-Dweblogic.home=WL_HOME

Specifies the location of the WebLogic home directory, which contains essential information.

By default, weblogic.Server determines the location of the WebLogic home directory based on values in the classpath.

-Dweblogic.RootDirectory=path

Specifies the server's root directory. See "A Server's Root Directory" in Understanding Domain Configuration for Oracle WebLogic Server.

By default, the root directory is the directory from which you issue the start command.

-Dweblogic.management.GenerateDefaultConfig=true

Prevents the weblogic.Server class from prompting for confirmation when creating a config.xml file.

Valid only if you invoke weblogic.Server in an empty directory. See Default Behavior.

-Dweblogic.Domain=domain

Specifies the name of the domain.

If you are using weblogic.Server to create a domain, you can use this option to give the domain a specific name.

In addition, this option supports a directory structure that WebLogic Server required in releases prior to 7.0 and continues to support in current releases. Prior to 7.0, all configuration files were required to be located in the following pathname:

.../config/domain_name/config.xml

where domain_name is the name of the domain.

If your domain's configuration file conforms to that pathname, and if you invoke the weblogic.Server command from a directory other than config/domain_name, you can include the -Dweblogic.Domain=domain argument to cause WebLogic Server to search for a config.xml file in a pathname that matches config/domain_name/config.xml.


For information on how a Managed Server retrieves its configuration data, see the -Dweblogic.management.server entry in Table 3-3.

The Administration Console does not display values that you set on the command line. For information on verifying the attribute values that you set, see Verifying Attribute Values That Are Set on the Command Line.

Example

The following example starts a Managed Server instance named SimpleManagedServer. Specifying a config.xml file is not valid because Managed Servers contact the Administration Server for their configuration data. Multiple instances of WebLogic Server can use the same root directory. However, if your server instances share a root directory, make sure that all relative filenames are unique. In this example, SimpleManagedServer shares its root directory with SimpleServer. The command itself is issued from the D:\ directory after running WL_HOME\server\bin\setWLSEnv.cmd:

D:\> java -Dweblogic.Name=SimpleManagedServer 
 -Dweblogic.management.server=http://localhost:7001
 -Dweblogic.RootDirectory=c:\my_domains\SimpleDomain weblogic.Server

Options that Override a Server's Configuration

In most cases, you do not use startup options to override the configuration that is saved in the domain's config.xml file. However, in some extraordinary cases you might need to do so.

Tip:

When you use a startup option to override a configuration value, the server instance uses this value for the duration of its life cycle. Even if you use the Administration Console, the WebLogic Scripting Tool, or some other utility to change the value in the configuration, the value will remain overridden until you restart the server without using the override.

For example, in a production environment, your organization might have a policy against modifying the domain's config.xml file, but you need to shut down the Administration Server and restart it using a temporary listen port. In this case, when you use the weblogic.Server command to start the Administration Server, you can include the -Dweblogic.ListenPort=7501 startup option to change the listen port for the current server session. The server instance initializes its configuration MBeans from the config.xml file but substitutes 7501 as the value of its listen port. When you subsequently restart the server without passing the startup option, it will revert to using the value from the config.xml file, 8010. (See Figure 3-1.)

Figure 3-1 Overriding config.xml Values

Description of Figure 3-1 follows
Description of "Figure 3-1 Overriding config.xml Values"

The following options temporarily override a server's configuration:

Server Communication

Table 3-3 describes the options for configuring how servers communicate.

Table 3-3 Options for Configuring Server Communication

Option Description
-Dweblogic.management.server=
[protocol://]Admin-host:port 

Starts a server instance as a Managed Server and specifies the Administration Server that will configure and manage the server instance.

The domain's configuration file does not specify whether a server configuration is an Administration Server or a Managed Server. You determine whether a server instance is in the role of Administration Server or Managed Server with the options that you use to start the instance. If you omit the -Dweblogic.management.server option in the start command, the server starts as an Administration Server (although within a given domain, there can be only one active Administration Server instance). Once an Administration Server is running, you must start all other server configurations as Managed Servers by including the -Dweblogic.management.server option in the start command.

For protocol, specify HTTP, HTTPS, T3, or T3S. The T3S and HTTPS protocols require you to enable SSL on the Managed Server and the Administration Server and specify the Administration Server's SSL listen port.

Note: Regardless of which protocol you specify, the initial download of a Managed Server's configuration is over HTTP or HTTPS. After the RMI subsystem initializes, the server instance can use the T3 or T3S protocol.

For Admin-host, specify localhost or the DNS name or IP address of the machine where the Administration Server is running.

For port, specify the Administration Server's listen port. If you set up the domain-wide administration port, port must specify the domain-wide administration port.

For more information on configuring a connection to the Administration Server, see "Configuring Managed Server Connections to the Administration Server" in Administering Server Startup and Shutdown for Oracle WebLogic Server.

-Dweblogic.ListenAddress=host 

Specifies the address at which this server instance listens for requests. The host value must be either the DNS name or the IP address of the computer that is hosting the server instance.

This startup option overrides any listen address value specified in the config.xml file. The override applies to the current server instantiation; it does not modify the value in the config.xml file. Use the Administration Console or WLST to modify the config.xml file.

For more information, see "Configure listen addresses" in the Oracle WebLogic Server Administration Console Online Help and "Creating Domains Using WLST Offline" in Understanding the WebLogic Scripting Tool.

-Dweblogic.ListenPort=portnumber 

Enables and specifies the plain-text (non-SSL) listen port for the server instance.

This startup option overrides any listen port value specified in the config.xml file. The override applies to the current server instantiation; it does not modify the value in the config.xml file. Use the Administration Console or WLST to modify the config.xml file.

The default listen port is 7001.

For more information, see "Configure listen ports" in the Oracle WebLogic Server Administration Console Online Help and "Creating Domains Using WLST Offline" in Understanding the WebLogic Scripting Tool.

-Dweblogic.ssl.ListenPort=portnumber 

Enables and specifies the port at which this WebLogic Server instance listens for SSL connection requests.

This startup option overrides any SSL listen port value specified in the config.xml file. The override applies to the current server instantiation; it does not modify the value in the config.xml file. Use the Administration Console or WLST to modify the config.xml file.

The default SSL listen port is 7002.

For more information, see "Configure listen ports" in the Oracle WebLogic Server Administration Console Online Help and "Creating Domains Using WLST Offline" in Understanding the WebLogic Scripting Tool.

-Dweblogic.management.discover={true|false}

Note: This option was removed as of WebLogic Server 9.0.

Determines whether an Administration Server recovers control of a domain after the server fails and is restarted.

A true value causes an Administration Server to communicate with all known Managed Servers and inform them that the Administration Server is running.

A false value prevents an Administration Server from communicating with any Managed Servers that are currently active in the domain.

Tip: Specify false for this option only in the development environment of a single server. Specifying false can cause server instances in the domain to have an inconsistent set of deployed modules.

In WebLogic Server 9.0, this command is deprecated because if an Administration Server stops running while the Managed Servers in the domain continue to run, each Managed Server will periodically attempt to reconnect to the Administration Server at the interval specified by the ServerMBean attribute AdminReconnectIntervalSecs. For more information, see "Managed Servers and Re-started Administration Server" in Administering Server Startup and Shutdown for Oracle WebLogic Server.


The Administration Console does not display values that you set on the command line. For information on verifying the attribute values that you set, see Verifying Attribute Values That Are Set on the Command Line.

SSL

Each Weblogic Server instance uses an instance of weblogic.management.configuration.SSLMBean to represent its SSL configuration.

All of the options in the following table that start with -Dweblogic.security.SSL modify the configuration of the server's SSLMBean. For example, the -Dweblogic.security.SSL.ignoreHostnameVerification option sets the value of the SSLMBean's ignoreHostnameVerification attribute.

Table 3-4 describes the options for configuring a server to communicate using Secure Sockets Layer (SSL).

Note:

As of WebLogic Server version 12.1.1, JSSE is the only SSL implementation that is supported. The Certicom-based SSL implementation is removed and is no longer supported in WebLogic Server.

Table 3-4 Options for Configuring SSL

Option Description
-Dweblogic.security.SSL.
ignoreHostnameVerification=true 

Disables host name verification, which enables you to use the demonstration digital certificates that are shipped with WebLogic Server.

By default, when a WebLogic Server instance is in the role of SSL client (it is trying to connect to some other server or application via SSL), it verifies that the host name that the SSL server returns in its digital certificate matches the host name of the URL used to connect to the SSL server. If the host names do not match, the connection is dropped.

If you disable host name verification, either by using this option or by modifying the server's configuration in the config.xml file, the server instance does not verify host names when it is in the role of SSL client.

Note: Oracle does not recommend using the demonstration digital certificates or turning off host name verification in a production environment.

This startup option overrides any Host Name Verification setting in the config.xml file. The override applies to the current server instantiation; it does not modify the value in the config.xml file. Use the Administration Console or WLST to modify the config.xml file.

For more information, see "Using Hostname Verification" in Administering Security for Oracle WebLogic Server.

-Dweblogic.security.SSL.HostnameVerifier=
hostnameverifierimplementation 

Specifies the name of a custom Host Name Verifier class. The class must implement the weblogic.security.SSL.HostnameVerifier interface.

-Dweblogic.security.SSL.sessionCache.ttl=
sessionCacheTimeToLive 

Modifies the default server-session time-to-live for SSL session caching.

The sessionCacheTimeToLive value specifies (in milliseconds) the time to live for the SSL session. The default value is 90000 milliseconds (90 seconds). This means if a client accesses the server again (via the same session ID) within 90 seconds, WebLogic Server will use the existing SSL session. You can change this value by setting -Dweblogic.security.SSL.sessionCache.ttl in the server startup script.

For sessionCache.ttl:

  • The minimum value is 1

  • The maximum value is Integer.MAX_VALUE

  • The default value is 90000

-Dweblogic.security.SSL.CertificateCallback=
callback-handler

Specifies a certificate callback handler class, which evaluates details contained the end-user certificate passed in a secure connection request to WebLogic Server.

Depending on the details contained in the certificate, the callback handler returns a true or false, which determines whether authentication is successful.

Note: If you use a certificate callback implementation in WebLogic Server, a callback is generated whenever a request is received over a secure port. As a result, using certificate callbacks may impose a performance overhead that should be taken into consideration. For more information, see "Checking the Validity of End User Certificates" in Administering Security for Oracle WebLogic Server.

-Dweblogic.management.pkpassword=pkpassword 

Specifies the password for retrieving SSL private keys from an encrypted flat file.

Use this option if you store private keys in an encrypted flat file.

-Dweblogic.security.SSL.trustedCAKeyStore=
path 

Deprecated.

If you configure a server instance to use the SSL features that were available before WebLogic Server 8.1, you can use this argument to specify the certificate authorities that the server or client trusts. The path value must be a relative or qualified name to the Sun JKS keystore file (contains a repository of keys and certificates).

If a server instance is using the SSL features that were available before 8.1, and if you do not specify this argument, the WebLogic Server or client trusts all of the certificates that are specified in JAVA_HOME\jre\lib\security.

Oracle recommends that you do not use the demonstration certificate authorities in any type of production deployment.

For more information, see "Configuring SSL" in Administering Security for Oracle WebLogic Server.

-Dsecurity.use.interopCA=true

If you are using WebLogic Server version 12.1.2 together with a previous version of WebLogic Server, be aware that the demo trust keystore of the previous versions does not contain the demo CA certificate used by version 12.1.2. Therefore, if a 12.1.2 instance of WebLogic Server sends its public certificate to an instance of WebLogic Server running a prior version, that public certificate will not automatically be trusted.

Use this system property to generate interoperable demo certificates signed by the previous demo CA certificate.

-Dweblogic.security.SSL.protocolVersion=
protocol

Specifies the protocol that is used for SSL connections.

The protocol value can be one of the following:

  • SSL3 — Only SSL V3.0 messages are sent and accepted.

  • TLS1 — Only TLS V1 messages are sent and accepted.

  • ALL — Only SSL V3.0 and/or TLS V1 messages are sent and accepted. (This is the default.)

For more information, see "Using the weblogic.security.SSL.protocolVersion System Property" in Administering Security for Oracle WebLogic Server.

-Dweblogic.security.SSL.minimumProtocolVersion=
protocol

Specifies the minimum protocol version that is used for SSL connections.

The protocol value can be one of the following:

  • SSLv3 — Specifies SSL V3.0 as the minimum protocol version enabled in SSL connections.

  • TLSv1 — Specifies TLS V1.0 as the minimum protocol version enabled in SSL connections.

  • TLSvx.y — Specifies TLS Vx.y as the minimum protocol version enabled in SSL connections, where x is between 1 and 9, and y is between 0 and 9, inclusive.

For more information, see "Using the weblogic.security.SSL.minimumProtocolVersion System Property" in Administering Security for Oracle WebLogic Server.


The Administration Console does not display values that you set on the command line. For information on verifying the attribute values that you set, see Verifying Attribute Values That Are Set on the Command Line.

Setting Additional SSL Attributes

To set additional SSL attributes from the startup command, do the following:

  1. To determine which SSL attributes can be configured from startup options, view the WebLogic Server Javadoc for the SSLMBean and ServerMBean, described in MBean Reference for Oracle WebLogic Server. The Javadoc also indicates valid values for each attribute.

    Each attribute that SSLMBean and ServerMBean expose as a setter method can be set by a startup option.

  2. To set attributes in the SSLMBean, add the following option to the start command:

    -Dweblogic.ssl.attribute-name=value 
    

    where attribute-name is the name of the MBean's setter method without the set prefix.

  3. To set attributes in the ServerMBean, add the following option to the start command:

    -Dweblogic.server.attribute-name=value 
    

    where attribute-name is the name of the MBean's setter method without the set prefix.

For example, the SSLMBean exposes its Enabled attribute with the following setter method:

setEnabled()

To enable SSL for a server instance named MedRecServer, use the following command when you start MedRecServer:

java -Dweblogic.Name=MedRecServer
     -Dweblogic.ssl.Enabled=true weblogic.Server

The Administration Console does not display values that you set on the command line. For information on verifying the attribute values that you set, see Verifying Attribute Values That Are Set on the Command Line.

Security

Table 3-5 describes the options for configuring general security parameters.

Table 3-5 Options for General Security Parameters

Option Description
-Dweblogic.management.username=username 

Specifies the username under which the server instance will run.

As of WebLogic Server 12.1.1, the boot username property weblogic.management.username has been deprecated and will be removed in a future release, and you will no longer be able to specify the username in the command for starting WebLogic Server in production mode.

As an alternative, Oracle recommends that you use the boot.properties file to specify the boot username for WebLogic Server. For more information about the boot.properties file, see "Boot Identity Files" in Administering Server Startup and Shutdown for Oracle WebLogic Server.

For information about other methods you can use to provide user credentials, see "Provide User Credentials to Start and Stop Servers" in Administering Server Startup and Shutdown for Oracle WebLogic Server.

-Dweblogic.management.password=password 

Specifies the user password.

As of WebLogic Server 12.1.1, the boot password system property weblogic.management.password has been deprecated and will be removed in a future release, and you will no longer be able to specify the password in the command for starting WebLogic Server in production mode.

As an alternative, Oracle recommends that you use the boot.properties file to specify the boot password for WebLogic Server. For more information about the boot.properties file, see "Boot Identity Files" in Administering Server Startup and Shutdown for Oracle WebLogic Server.

For information about other methods you can use to provide user credentials, see "Provide User Credentials to Start and Stop Servers" in Administering Server Startup and Shutdown for Oracle WebLogic Server.

-Dweblogic.system.StoreBootIdentity=true 

Creates a boot.properties file in the server's root directory. The file contains the username and an encrypted version of the password that was used to start the server.

Do not specify this argument in a server's ServerStartMBean. For more information, see "Specifying User Credentials When Starting a Server with the Node Manager" in Administering Server Startup and Shutdown for Oracle WebLogic Server.

Oracle recommends that you do not add this argument to a startup script. Instead, use it only when you want to create a boot.properties file.

For more information, see "Boot Identity Files" in Administering Server Startup and Shutdown for Oracle WebLogic Server.

-Dweblogic.system.BootIdentityFile=
filename 

Specifies a boot identity file that contains a username and password.

The filename value must be the fully qualified pathname of a valid boot identity file. For example:

-Dweblogic.system.BootIdentityFile=
WL_HOME\mydomain\servers\myserver\security
\boot.properties

If you do not specify a filename, a server instance, or the WLST SHUTDOWN command, use the boot.properties file in the server's root directory.

If there is no boot identity file, when starting a server, the server instance prompts you to enter a username and password.

-Dweblogic.system.RemoveBootIdentity=true 

Removes the boot identity file after a server starts.

-Dweblogic.security.anonymousUserName=name

Assigns a user ID to anonymous users. By default, all anonymous users are identified with the string <anonymous>.

To emulate the security behavior of WebLogic Server 6.x, specify guest for the name value and create a user named guest in your security realm.

For more information, see "Users, Groups, and Security Roles" in Securing Resources Using Roles and Policies for Oracle WebLogic Server.

-Djava.security.manager
-Djava.security.policy[=]=filename 

Standard Java EE options that enable the Java security manager and specify a filename (using a relative or fully-qualified pathname) that contains Java 2 security policies.

To use the WebLogic Server sample policy file, specify WL_HOME\server\lib\weblogic.policy.

Using -Djava.security.policy==filename (note the double equal sign (==)) causes the policy file to override any default security policy. This causes WebLogic Server to ignore any policy files that are used for servlet and EJB authorization when JACC is enabled. A single equal sign (=) causes the policy file to be appended to an existing security policy.

For more information, see "Using the Java Security Manager to Protect WebLogic Resources" in Developing Applications with the WebLogic Security Service.

-Dweblogic.security.
fullyDelegateAuthorization=true 

By default, roles and security policies cannot be set for an EJB or Web application through the Administration Console unless security constraints were defined in the deployment descriptor for the EJB or Web application.

Use this option when starting WebLogic Server to override this problem.

This startup option does not work with EJBs or EJB methods that use <unchecked> or <restricted> tags or Web applications that do not have a role-name specified in the <auth-constraint> tag.

-Dweblogic.management.
anonymousAdminLookupEnabled=true 

Enables you to retrieve an MBeanHome interface without specifying user credentials. The MBeanHome interface is part of the WebLogic Server JMX API.

If you retrieve MBeanHome without specifying user credentials, the interface gives you read-only access to the value of any MBean attribute that is not explicitly marked as protected by the Weblogic Server MBean authorization process.

This startup option overrides the Anonymous Admin Lookup Enabled setting on the domain_name > Security > General page in the Administration Console.

By default, the MBeanHome API allows access to MBeans only for WebLogic users who are in one of the default security roles. more information, see "Users, Groups, an Security Roles" in Securing Resources Using Roles and Policies for Oracle WebLogic Server.

-Dweblogic.security.
identityAssertionTTL=seconds 

Configures the number of seconds that the Identity Assertion cache stores a Subject.

When using an Identity Assertion provider (either for an X.509 certificate or some other type of token), Subjects are cached within the server. This greatly enhances performance for servlets and EJB methods with <run-as> tags as well as for other places where identity assertion is used but not cached (for example, signing and encrypting XML documents). There might be some cases where this caching violates the desired semantics.

By default, Subjects remain in the cache for 300 seconds, which is also the maximum allowed value. Setting the value to -1 disables the cache.

Setting a high value generally improves the performance of identity assertion, but makes the Identity Assertion provider less responsive to changes in the configured Authentication provider. For example, a change in the user's group will not be reflected until the Subject is flushed from the cache and recreated.

-Djava.security.manager 
-Djava.security.policy=
<insert the location of your policy file here> 

-Djavax.security.jacc.PolicyConfigurationFactory
.provider=weblogic.security.jacc.simpleprovider
.PolicyConfigurationFactoryImpl

-Djavax.security.jacc.policy.provider=
weblogic.security.jacc.simpleprovider
.SimpleJACCPolicy

-Dweblogic.security.jacc.RoleMapperFactory.provider=
weblogic.security.jacc.simpleprovider
.RoleMapperFactoryImpl

Defining these five system properties is required to enable the use of the JACC provider in the security realm. When these providers are in use, the JACC handles authorization decisions for the EJB and Servlet containers for external applications. Any other authorization decisions for internal applications are handled by the authorization in the WebLogic Security framework. JACC authorization requires the use of Java SE security and therefore requires that WebLogic Server be booted with a Java EE security manager and a policy file (specified by the server startup properties, java.security.manager and java.security.policy). For more information, see "Using the Java Security Manager to Protect WebLogic Resources" in Developing Applications with the WebLogic Security Service.

The WebLogic JACC implementation expects that the policy object is the default sun.security.provider.PolicyFile class.

When starting, WebLogic Server attempts to locate and instantiate the classes specified by the JACC startup properties and fails if it cannot find or instantiate them (if, for example, the files specified by the startup properties are not valid classes).

-Dweblogic.security.ldap.
maxSize=<max bytes>

Limits the size of the data file used by the embedded LDAP server. When the data file exceeds the specified size, WebLogic Server eliminates from the data file space occupied by deleted entries.

-Dweblogic.security.ldap.
changeLogThreshold=<number of entries>

Limits the size of the change log file used by the embedded LDAP server. When the change log file exceeds the specified number of entries, WebLogic Server truncates the change log by removing all entries that have been sent to all Managed Servers.

-Dweblogic.security.providers.authentication.ldap.socketTimeout=seconds

Sets a timeout value for the LDAP Authentication provider connection to an LDAP server. If multiple LDAP servers are specified in the LDAPServerMBean.Host attribute, the socket timeout applies to each individual LDAP server connection attempt that is made. The default value is 0, which sets no socket timeout on connections.

Note that the LDAPServerMBean.ConnectTimeout attribute sets the timeout limit for all connection attempts that are made. Typically the socket timeout is used in conjunction with the connect timeout and the parallel connect delay. For more information, see "Configuring Failover for LDAP Authentication Providers" in Administering Security for Oracle WebLogic Server.


The Administration Console does not display values that you set on the command line. For information on verifying the attribute values that you set, see Verifying Attribute Values That Are Set on the Command Line.

Message Output and Logging

Table 3-6 describes options for configuring a server instance's message output.

Table 3-6 Options for Configuring Message Output

Option Description
-Dweblogic.Stdout="filename" 

Redirects the server and JVM's standard output stream to a file. You can specify a pathname that is fully qualified or relative to the WebLogic Server root directory.

For more information, see "Redirect JVM output" in the Oracle WebLogic Server Administration Console Online Help.

-Dweblogic.Stderr="filename" 

Redirects the server and JVM's standard error stream to a file. You can specify a pathname that is fully qualified or relative to the WebLogic Server root directory.

For more information, see "Redirecting JVM Output" in Configuring Log Files and Filtering Log Messages for Oracle WebLogic Server.

-Dweblogic.
AdministrationMBeanAuditingEnabled=
{true | false} 

Determines whether the Administration Server emits configuration auditing log messages when a user changes the configuration or invokes management operations on any resource within a domain.

By default, the Administration Server does not emit configuration auditing messages.

See "Enable configuration auditing" in the Oracle WebLogic Server Administration Console Online Help.


The Administration Console does not display values that you set on the command line. For information on verifying the attribute values that you set, see Verifying Attribute Values That Are Set on the Command Line.

Setting Logging Attributes

Each Weblogic Server instance uses an instance of weblogic.management.configuration.LogMBean to represent the configuration of its logging services.

To set values for LogMBean attributes from the startup command, do the following:

  1. To determine which log attributes can be configured from startup options, see LogMBean in MBean Reference for Oracle WebLogic Server. The Javadoc also indicates valid values for each attribute.

    Each attribute that the LogMBean exposes as a setter method can be set by a startup option.

  2. Add the following option to the start command:

    -Dweblogic.log.attribute-name=value 
    

    where attribute-name is the name of the MBean's setter method without the set prefix.

The LogMBean exposes its FileName attribute with the following setter method:

setFileName() 

To specify the name of the MedRecServer instance's local log file, use the following command when you start MedRecServer:

java -Dweblogic.Name=MedRecServer
     -Dweblogic.log.FileName="C:\logfiles\myServer.log"
     weblogic.Server

The Administration Console does not display values that you set on the command line. For information on verifying the attribute values that you set, see Verifying Attribute Values That Are Set on the Command Line.

Clusters

Table 3-7 describes options for configuring additional attributes of a cluster.

Table 3-7 Options for Configuring Cluster Attributes

Option Description
-Dweblogic.cluster.multicastAddress

Determines the Multicast Address that clustered servers use to send and receive cluster-related communications. By default, a clustered server refers to the Multicast Address that is defined in the config.xml file. Use this option to override the value in config.xml.

Note: The Administration Console does not display values that you set on the command line. For information on verifying the attribute values that you set, see Verifying Attribute Values That Are Set on the Command Line.

Regardless of how you set the Multicast Address, all servers in a cluster must communicate at the same Multicast Address.


Deployment

Table 3-8 describes options for configuring additional attributes for deployment.

Table 3-8 Options for Configuring Deployment Attributes

Option Description
-Dweblogic.deployment.IgnorePrepareStateFailures=true

Overrides the default deployment behavior by allowing a server to transition to Running even with static deployment Prepare failures.

Note: This server level flag may cause inconsistent deployment behavior within clusters, such as issues with HttpSessionReplication or SFSB replication.


Other Server Configuration Options

Table 3-9 describes options for configuring additional attributes of a server instance.

Table 3-9 Options for Configuring Server Attributes

Option Description
-DserverType={"wls" | "wlx"}

Specifies the Server Type, which determines the set of services that are started in the server runtime.

The default is "wls", which starts all WebLogic Server services, including EJB, JMS, Connector, Clustering, Deployment, and Management.

The "wlx" option starts a server instance that excludes the following services, making for a lighter weight runtime footprint:

  • Enterprise JavaBeans (EJB)

  • Java EE Connecter Architecture (JCA)

  • Java Message Service (JMS)

For an example of starting a lighter weight runtime instance in a WebLogic domain, see Using the weblogic.Server Command Line to Limit the WebLogic Server Run-Time Footprint . For more information about the lighter weight runtime, see "Limiting Runtime Footprint When Starting WebLogic Server" in Administering Server Startup and Shutdown for Oracle WebLogic Server.

-Dweblogic.Name=servername 

Specifies the name of the server instance that you want to start. The specified value must refer to the name of a server that has been defined in the domain's config.xml file.

-Dweblogic.ProductionModeEnabled=
{true | false}

This attribute is deprecated in WebLogic Server 9.0.

Determines whether a server starts in production mode.

A true value prevents a WebLogic Server from automatically deploying and updating applications that are in the domain_name/autodeploy directory.

If you do not specify this option, the assumed value is false.

To enable production mode, you can use WLST to set DomainMBean.isProductionModeEnabled to true, or use the Administration Console. See "Change to production mode" in the Oracle WebLogic Server Administration Console Online Help.

Note: It is recommended that you enable production mode via the Administration Console, in config.xml, or by supplying the production argument to startWebLogic script, for example, startWebLogic.cmd production. You should only enable production mode from the command line on the Administration Server.

Note: It is important to note that when ProductionModeEnabled is set from the command line on the Administration Server, this value is propagated to all Managed Servers.

-Dweblogic.management.startupMode=MODE 

The argument MODE represents either of the following:

  • STANDBY — Starts a server and places it in the STANDBY state. See "STANDBY state" in Administering Server Startup and Shutdown for Oracle WebLogic Server.

    To use this startup argument, the domain must be configured to use the domain-wide administration port.

    For information about administration ports, see "Administration Port and Administrative Channel" in Administering Server Environments for Oracle WebLogic Server and "Configure the domain-wide administration port" in the Oracle WebLogic Server Administration Console Online Help.

  • ADMIN — Starts a server and places it in the ADMIN state. See "ADMIN state" in Administering Server Startup and Shutdown for Oracle WebLogic Server.

Specifying the startup mode startup option overrides any startup mode setting in the config.xml file. The override applies to the current server instantiation; it does not modify the value in the config.xml file. Use the Administration Console or WLST to modify the config.xml file.

If you do not specify this value (either on the command line or in config.xml), the default is to start in the RUNNING state.

-Dweblogic.apache.xerces.maxentityrefs=
numerical-value 

Limits the number of entities in an XML document that the WebLogic XML parser resolves.

If you do not specify this option, the XML parser that WebLogic Server installs resolves 10,000 entity references in an XML document, regardless of how many an XML document contains.

-Dweblogic.jsp.windows.caseSensitive=true 

Causes the JSP compiler on Windows systems to preserve case when it creates output files names.

See "Using the WebLogic JSP Compiler" in Developing Web Applications, Servlets, and JSPs for Oracle WebLogic Server.

-Dweblogic.servlet.optimisticSerialization=
true

When optimistic-serialization is turned on, WebLogic Server does not serialize-deserialize context and request attributes upon getAttribute(name) when the request is dispatched across servlet contexts.

This means that you must make sure that the attributes common to Web applications are scoped to a common parent classloader (application scoped) or you must place them in the system classpath if the two Web applications do not belong to the same application.

When optimistic-serialization is turned off (default value), WebLogic Server serialize-deserializes context and request attributes upon getAttribute(name) to avoid the possibility of ClassCastExceptions.

The optimistic-serialization value can also be specified at domain level in the WebAppContainerMBean, which applies for all Web applications. The value in weblogic.xml, if specified, overrides the domain level value.

The default value is false.

-Dweblogic.jdbc.qualifyRMName=false

When set, restores pre-WebLogic Server 11gR1 (10.3.1) behavior of not qualifying the JTA registration name with the domain name.

-Dweblogic.ScatteredReadsEnabled=true

and

-Dweblogic.GatheredWritesEnabled=true

When each is set to true, increases efficiency during I/O in environments with high network throughput.

These command options are used together to optimize WebLogic Server performance for use with Oracle Exalogic. For more information, see the Oracle Exalogic Enterprise Deployment Guide.

-Dweblogic.replication.enableLazyDeserialization=true

When set to true, increases efficiency with session replication.

This command option is used to optimize WebLogic Server performance for use with Oracle Exalogic. For more information, see the Oracle Exalogic Enterprise Deployment Guide.

-Dweblogic.resourcepool.max_test_wait_secs=seconds

The amount of time, in seconds, WebLogic Server waits before considering a connection test failed. By default, a server instance is assigned a value of 10 seconds. If set to zero, the server instance waits indefinitely.

-Dweblogic.wsee.client.ssl.usejdk=true

When set to true, switches from WlsSSLAdapter to JdkSSLAdapter.

By default, WebLogic Server Web services use the weblogic.wsee.connection.transport.https.WlsSSLAdapter class for the SSL adapter. Setting the flag to true forces the use of JdkSSLAdapter from weblogic.wsee.connection.transport.https.JdkSSLAdapter.

The weblogic.wsee.connection.transport.https.HTTPSClientTransport class that defines the USE_JDK_SSL_PROPERTY is used only in JAX-RPC. The property is not currently supported in JAX-WS.

-Dweblogic.http.URIDecodeEncoding=charset-name

The argument charset-name specifies the encoding used by the WebLogic Server Web container to decode the URI of an HTTP request or to encode the Location header in an HTTP response. The default value is UTF-8.

For more information, see "Determining the Encoding of an HTTP Request" in Developing Web Applications, Servlets, and JSPs for Oracle WebLogic Server.

-Dweblogic.utils.http.requestparams.useArrayMap=true

When set to true in the server startup command, HTTP request parameters are stored using an ArrayMap. By default, HTTP request parameters are stored in a TreeMap.


The Administration Console does not display values that you set on the command line. For information on verifying the attribute values that you set, see Verifying Attribute Values That Are Set on the Command Line.

Using the weblogic.Server Command Line to Start a Server Instance

A simple way to start a server instance is as follows:

  1. In a command shell, set up the required environment variables by running the following script:

    WL_HOME\server\bin\setWLSEnv.cmd (on Windows)

    WL_HOME/server/bin/setWLSEnv.sh (on UNIX)

    where WL_HOME is the directory in which you installed the WebLogic Server software.

  2. In the command shell, change to the root of the domain directory, usually ORACLE_HOME\user_projects\domains\DOMAIN_NAME. For example, change to the ORACLE_HOME\user_projects\domains\medrec directory.

  3. To start an Administration Server, enter the following command:

    java weblogic.Server 
    

    Note:

    The password you use must be a string of at least 8 case-sensitive characters. The space character is not supported. For more information, see "Creating a WebLogic Domain" in Creating Domains Using the Configuration Wizard.

  4. If the domain's Administration Server is already running, and if you have already defined a Managed Server in the config.xml file, you can start a Managed Server as follows:

    java -Dweblogic.Name=managed-server-name 
    -Dweblogic.management.server=url-for-Administration-Server 
    weblogic.Server 
    

    For example, if you create a Managed Server named MedRecManagedServer in the MedRec domain, you can enter the following command:

    java -Dweblogic.Name=MedRecManagedServer 
    -Dweblogic.management.server=localhost:7011 
    weblogic.Server 
    

Note:

If you are using the demo certificates in a multi-server domain, Managed Server instances will fail to boot if you specify the fully-qualified DNS name of the Administration Server host machine, as in the argument url-for-Administration Server. For information about this limitation and suggested workarounds, see "Limitation on CertGen Usage" in Administering Security for Oracle WebLogic Server.

Using the weblogic.Server Command Line to Limit
the WebLogic Server Run-Time Footprint

WebLogic Server provides a startup option that offers a lighter weight run-time footprint by excluding a subset of these services from being started. The following services are excluded:

  • Enterprise JavaBeans (EJB)

  • Java EE Connector Architecture (JCA)

  • Java Message Service (JMS)

The lighter weight run-time instance can be started in any WebLogic domain. A simple way to start the lighter weight run-time instance is as follows:

  1. In a command shell, change to the domain bin directory. For example:

    cd DOMAIN_HOME\bin
    
  2. Run the setDomainEnv script.

  3. To start the lighter weight run-time instance, enter the following command:

    java weblogic.Server -DserverType="wlx"
    

For more information, see "Limiting Run-Time Footprint When Starting WebLogic Server" in Administering Server Startup and Shutdown for Oracle WebLogic Server.

Using the weblogic.Server Command Line to Create a Domain

You can use weblogic.Server to create a domain that contains a single server instance. You cannot use weblogic.Server to add Managed Server instances to a domain, nor can you use weblogic.Server to modify an existing domain.

As described in Default Behavior, if weblogic.Server is unable to find a config.xml file, it offers to create the file. Any command option that you specify and that corresponds to an attribute that is persisted in the config.xml file will be persisted. For example, the -Dweblogic.Name and -Dweblogic.Domain options specify the name of a server configuration and the name of a domain. If weblogic.Server is unable to find a config.xml file, both of these values are persisted in config.xml. However, the -Dweblogic.system.BootIdentityFile option, which specifies a file that contains user credentials for starting a server instance, is not an attribute that the config.xml file persists.

To create and instantiate a simple example domain and server, do the following:

  1. In a command shell, set up the required environment variables by running the following script:

    WL_HOME\server\bin\setWLSEnv.cmd (on Windows)

    WL_HOME/server/bin/setWLSEnv.sh (on UNIX)

    where WL_HOME is the directory in which you installed the WebLogic Server software.

  2. In the command shell, create an empty directory.

  3. In the empty directory, enter the following command:

    java -Dweblogic.Domain=SimpleDomain -Dweblogic.Name=SimpleServer
    -Dweblogic.management.username=weblogic  -Dweblogic.management.password=password
    -Dweblogic.ListenPort=7001 weblogic.Server
    

After you enter this command, WebLogic Server asks if you want to create a new config.xml file. If you enter y, it then instantiates a domain named SimpleDomain. The domain's Administration Server is configured as follows:

  • The name of the Administration Server is SimpleServer.

  • The domain's security realm defines one administrative user, weblogic, with a password of password.

  • For the listen address of the Administration Server, you can use localhost, the IP address of the host computer, or the DNS name of the host computer. For more information about setting the listen address, see "Configure listen addresses" in the Oracle WebLogic Server Administration Console Online Help.

  • The Administration Server listens on port 7001.

Entering the weblogic.Server command as described in this section creates the following files:

  • config.xml

  • DefaultAuthenticatorInit.ldift, DefaultRoleMapperInit.ldift, and SerializedSystemIni.dat, which store basic security-related data.

  • boot.properties file, which contains the username and password in an encrypted format. This file enables you to bypass the prompt for username and password when you start the server. For more information, see "Boot Identity Files" in Administering Server Startup and Shutdown for Oracle WebLogic Server.

  • startWebLogic.cmd and startWebLogic.sh, that you can use to start subsequent instantiations of the server.

    Note:

    Invoking weblogic.Server in an empty directory results in implicit domain creation which uses the same configuration process as WLST offline and the Configuration Wizard and thus ensures that you always see uniform domains. As a result, implicitly creating a domain in an empty directory using weblogic.Server may take around 15 seconds.

Verifying Attribute Values That Are Set on the Command Line

The Administration Console does not display values that you set on the command line because the startup options set attribute values for the server's local configuration MBean. To see the values that are in a server's local configuration MBean, use WLST as follows:

  1. Complete the procedure described in "Main Steps for Using WLST in Interactive or Script Mode" in Understanding the WebLogic Scripting Tool.

    >java weblogic.WLST
    
  2. Start a WebLogic Server instance (see "Starting and Stopping Servers" in Administering Server Startup and Shutdown for Oracle WebLogic Server) and connect WLST to the server using the connect command. For detailed information about the connect command, see "connect" in the WebLogic Scripting Tool Command Reference.

    wls:/(offline)> connect('username','password','t3s://localhost:7002')
    Connecting to weblogic server instance running at t3s://localhost:7002 as username weblogic ...
    
    wls:/mydomain/serverConfig>
    
  3. For example, to determine the multicast address that a cluster member is using, connect WLST to that server instance and enter the following commands:

    wls:/mydomain/serverConfig> cd('Clusters/cluster_name')
    wls:/mydomain/serverConfig/Clusters/mycluster> cmo.getMulticastAddress()
    
    '239.192.0.0'
    
  4. To determine the severity level of messages that the server instance prints to standard out, connect WLST to that server instance and enter the following commands:

    wls:/mydomain/serverConfig> cd('Servers/server_name/Log/server_name')
    wls:/mydomain/serverConfig/Servers/myserver/Log/myserver>cmo.getStdoutSeverity()
    
    'Notice'
    

For more information on using WLST, see Understanding the WebLogic Scripting Tool. For more information about configuration MBeans, see "Understanding WebLogic Server MBeans" in Developing Custom Management Utilities Using JMX for Oracle WebLogic Server.