e-docs > WebLogic Server > Administration Guide > WebLogic Server Command-Line Interface Reference |
Administration Guide |
WebLogic Server Command-Line Interface Reference
The following sections discuss the WebLogic Server command-line interface syntax, and describe each WebLogic Server administration, connection pool administration, and MBean management command:
To deploy J2EE modules on a WebLogic Server instance, use the weblogic.Deployer command-line utility. See "Deployment Tools and Procedures" in Deploying WebLogic Server Applications.
About the Command-Line Interface
As an alternative to the Administration Console, WebLogic Server offers a command-line interface to its administration tools, as well as to many configuration and run-time MBean properties.
Use the command-line interface if:
Before you use the weblogic.Admin utility, set up your environment as follows:
Using WebLogic Server Administration Commands
This section presents the syntax and required arguments for using WebLogic Server administration commands. The commands are not case-sensitive.
java weblogic.Admin [-url URL]
[ { -username username [-password password] } |
{ [-userconfigfile config-file] [-userkeyfile admin-key] }
]
COMMAND arguments
Connection and User Credentials Arguments
When you invoke most weblogic.Admin commands, you specify the arguments in Table 13-1 to connect to a WebLogic Server instance and to specify the user credentials of a WebLogic Server user who has permission to invoke the command.
Specifies one of the following:
The format is hostname:port. The default is localhost:7001. Note: If you want to specify an administration port, make sure your system administrator has set up an administration port for all server instances in the domain as described in "Configuring a Domain-Wide Administration Port" in the Creating and Configuring WebLogic Server Domains guide. |
|
Username that has permission to invoke the command you specify. If you do not specify this argument, weblogic.Admin uses a user-configuration file and key file. For information about permissions for system administration tasks, refer to Protecting System Administration Operations. |
|
The password that is associated with the username. If you specify -username username but do not specify the -password argument, weblogic.Admin prompts you for a password. If WL_HOME\server\bin is specified in the PATH environment variable, weblogic.Admin uses a set of WebLogic Server libraries that prevent the password from being echoed to standard out. For information on setting environment variables, see Setting the Classpath. |
|
Specifies the name and location of a user-configuration file, which contains an encrypted username and password. The encrypted username must have permission to invoke the command you specify. If you do not specify -userconfigfile config-file, weblogic.Admin searches for a user-configuration file at the default path name. (See STOREUSERCONFIG.) |
|
Specifies the name and location of the key file that is associated with the user-configuration file you specify. When you create a user-configuration file, the STOREUSERCONFIG command uses a key file to encrypt the username and password. Only the key file that encrypts a user-configuration file can decrypt the username and password. If you do not specify -userkeyfile admin-key, weblogic.Admin searches for a key file at the default path name. (See STOREUSERCONFIG.) |
Note: The exit code for all commands is 1 if the Administration client cannot connect to the server.
Summary of User Credentials Arguments
Table 13-1 describes the alternatives that the weblogic.Admin utility provides for passing usernames and passwords to a server instance.
In a development environment in which security is not a top priority, you can use the -username and -password arguments when invoking the weblogic.Admin utility directly on the command line or in scripts. With these arguments, the username and password are not encrypted. If you store the values in a script, the user credentials can be used by anyone who has read access to the script.
In an environment in which security is a top priority, create user-configuration files and key files. A user-configuration file contains encrypted user credentials that can be decrypted only by a single key file. You can include the -userconfigfile config-file and -userkeyfile admin-key arguments in scripts without exposing the plain text user credentials to those with read privileges for the script. For information about creating a user-configuration and key file, see STOREUSERCONFIG.
The following list summarizes the order of precedence for the weblogic.Admin user-credentials arguments:
These arguments take precedence over the { -userconfigfile config-file -userkeyfile admin-key } arguments. If you specify both { -username username -password password } and { -userconfigfile config-file -userkeyfile admin-key }, the weblogic.Admin utility uses the { -username username -password password } arguments and ignores the user-configuration and key file arguments.
Examples of Providing User Credentials
The following command specifies the username weblogic and password weblogic directly on the command line:
java weblogic.Admin -username weblogic -password weblogic COMMAND
The following command uses a user-configuration file and key file that are located at the default pathname:
java weblogic.Admin COMMAND
See Configuring the Default Path Name.
The following command uses a user-configuration file named c:\wlUser1-WebLogicConfig.properties and a key file named e:\secure\myKey:
java -userconfigfile c:\wlUser1-WebLogicConfig.properties
-userkeyfile e:\secure\myKey COMMAND
WebLogic Server Administration Command Reference
The following sections provide information about the WebLogic server administration commands.
Table B-1 presents an overview of WebLogic Server administration commands. The following sections describe command syntax and arguments, and provide an example for each command.
See also WebLogic Server Connection Pools Administration Command Reference.
(Deprecated) Cancels the SHUTDOWN command for the WebLogic Server that is specified in the URL. |
||
Makes the specified number of connections to the WebLogic Server and returns two numbers representing the total time for each round trip and the average amount of time (in milliseconds) that each connection is maintained. |
||
Provides syntax and usage information for all WebLogic Server commands (by default) or for a single command if a command value is specified on the HELP command line. |
||
Lists the licenses for all the WebLogic Server instances installed on a specific server. |
||
(Deprecated) Locks a WebLogic Server against non-privileged logins. Any subsequent login attempt initiates a security exception which may contain an optional string message. |
||
Migrates a JMS service or a JTA service to a targeted server within the cluster. |
||
Sends a message to verify that a WebLogic Server is listening on a port, and is ready to accept WebLogic client requests. |
||
Makes a server available to receive requests from external clients. |
||
Displays the server log file generated on a specific server. |
||
Uses a configured Node Manager to start a Managed Server in the RUNNING state. |
||
Start a remote managed WebLogic Server and place it in the STANDBY state |
Uses a configured Node Manager to start a Managed Server and place it in the STANDBY state. |
|
Creates an encrypted user-configuration file and its associated key file. You can pass the encrypted values to a server instance instead of entering a username and password on the command line. |
||
Provides a real-time snapshot of the WebLogic Server threads that are currently running. |
||
(Deprecated) Unlocks the specified WebLogic Server after a LOCK operation. |
||
Displays the version of the WebLogic Server software that is running on the machine specified by the value of URL. |
Note: The exit code for all commands is 1 if the Administration client cannot connect to the server.
(Deprecated) The CANCEL_SHUTDOWN command cancels the SHUTDOWN command for a specified WebLogic Server.
When you use the SHUT_DOWN command, you can specify a delay (in seconds). An administrator may cancel the shutdown command during the delay period. Be aware that the SHUTDOWN command disables logins, and they remain disabled even after cancelling the shutdown. Use the UNLOCK command to re-enable logins.
This command is deprecated because the ability to specify a delay in the SHUTDOWN command is also deprecated. Instead of specifying a delay in the SHUTDOWN command, you can now set attributes to control how a server shuts down. For more information, refer to "Setting the Timeout Period for Forced Shutdown Operations" in the Administration Console Online Help.
java weblogic.Admin [Connection and User Credentials Arguments] CANCEL_SHUTDOWN
In the following example, a system user named weblogic with a password of weblogic requests to cancel the shutdown of the WebLogic Server listening on port 7001 on machine localhost:
java weblogic.Admin -url t3://localhost:7001 -username weblogic
-password weblogic CANCEL_SHUTDOWN
Makes the specified number of connections to the WebLogic Server and returns two numbers representing the total time for each round trip and the average amount of time (in milliseconds) that each connection is maintained.
java weblogic.Admin [Connection and User Credentials Arguments] CONNECT count
In the following example, a user with the name adminuser and the password gumby1234 runs the CONNECT command to establish 25 connections to a server named localhost and return information about those connections:
java weblogic.Admin -url localhost:7001 -username adminuser
-password gumby1234 CONNECT 25
Immediately terminates a server process.
When you issue this command, the server notifies all applications and subsystems to drop all current work and release all resources. A forceful shutdown could result in rolled back transactions and session loss for some clients. You can shut down a server forcefully from any state.
If you use this command for a Managed Server and it fails to respond, and if you started the server with the Node Manager, the Node Manager kills the server process.
For information on performing this task from the Administration Console, refer to Forcing Shutdown of a Server in the Administration Console Online Help.
This command is affected by the timeout period for LifeCycle operations. For more information, refer to Timeout Period for LifeCycle Operations in the WebLogic Administration Guide and Setting the Timeout Period for LifeCycle Operations in the Administration Console Online Help.
java weblogic.Admin [Connection and User Credentials Arguments] FORCESHUTDOWN [targetserver]
Optional. The name of the server to shut down. If you do not specify a value, the command shuts down the server that you specified in the -url argument. |
In the following example, a user with the username adminuser and password gumby1234 forces a server named MyServer to shut down via the Administration Server:
java weblogic.Admin -url myAdminServer:7001 -username adminuser
-password gumby1234 FORCESHUTDOWN MyServer
In the following example, the Administration Server is not available. The same user logs on to a Managed Server's host machine and issues the following command:
java weblogic.Admin -url localhost:7001 -username adminuser
-password gumby1234 FORCESHUTDOWN
Returns the current state of a server.
For more information about server states, refer to The Server Lifecycle.
java weblogic.Admin [Connection and User Credentials Arguments] GETSTATE targetserver
Optional. The name of the server to shut down. If you do not specify a value, the command returns the state of the server that you specified in the -url argument. |
In the following example, a user with the adminuser username and password gumby1234 attempts to determine the state of a server named MyServer via the Administration Server:
java weblogic.Admin -url myAdminServer:7001 -username adminuser
-password gumby1234 GETSTATE MyServer
Provides syntax and usage information for all WebLogic Server commands (by default) or for a single command if a command value is specified on the HELP command line.
java weblogic.Admin HELP [COMMAND]
In the following example, information about using the PING command is requested:
java weblogic.Admin HELP PING
The HELP command returns the following to stdout:
Usage: weblogic.Admin [-url url] -username username
[-password password] <COMMAND> <ARGUMENTS>
PING <count> <bytes>
Lists the licenses for all WebLogic Server instances installed on the specified server.
java weblogic.Admin [Connection and User Credentials Arguments] LICENSES
In the following example, an administrator using the default username (installadministrator) and default password (installadministrator) requests the license information for a WebLogic Server running on port 7001 of machine localhost:
java weblogic.Admin -url localhost:7001 -username installadministrator
-password installadministrator LICENSES
Lists the bindings of a node in the JNDI naming tree.
java weblogic.Admin [Connection and User Credentials Arguments] LIST context
In this example, user adminuser, who has a password of gumby1234, requests a list of the node bindings in weblogic.ejb:
java weblogic.Admin -url localhost:7001 -username adminuser -password gumby1234 LIST weblogic.ejb
(Deprecated) Locks a WebLogic Server against non-privileged logins. Any subsequent login attempt initiates a security exception which may contain an optional string message.
Note: This command is privileged. It requires the password for the WebLogic Server administrative user.
Instead of using the LOCK command, start a server in the STANDBY state. In this state, a server instance responds only to administrative requests over the domain-wide administration port. For more information, refer to STARTINSTANDBY.
java weblogic.Admin [Connection and User Credentials Arguments] LOCK "string_message"
Optional. Message, in double quotes, to be supplied in the security exception that is thrown if a non-privileged user attempts to log in while the WebLogic Server is locked. |
In the following example, a WebLogic Server is locked.
java weblogic.Admin -url localhost:7001 -username adminuser
-password gumby1234
LOCK "Sorry, WebLogic Server is temporarily out of service."
Any application that subsequently tries to log into the locked server with a non-privileged username and password receives the specified message: Sorry, WebLogic Server is temporarily out of service.
Migrates a JMS service or a JTA Transaction Recovery service to a targeted server within a server cluster.
java weblogic.Admin [Connection and User Credentials Arguments]
MIGRATE -migratabletarget "serverName (migratable)"
-destination serverName [-sourcedown] [-destinationdown]
java weblogic.Admin [-url URL]
-username username [-password password]
MIGRATE -jta -migratabletarget serverName
-destination serverName [-sourcedown] [-destinationdown]
In the following example, a JMS service is migrated from myserver2 to myserver3.
java weblogic.Admin -url AdminHost:7001 -username adminuser
-password gumby1234 MIGRATE
-migratabletarget "myserver2 (migratable)"
-destination myserver3
In the following example, a JTA Transaction Recovery service is migrated from myserver2 to myserver3.
java weblogic.Admin -url AdminHost:7001 -username adminuser
-password gumby1234 MIGRATE -jta
-migratabletarget myserver2 -destination myserver3 -sourcedown
Sends a message to verify that a WebLogic Server is listening on a port, and is ready to accept WebLogic client requests.
java weblogic.Admin [Connection and User Credentials Arguments] PING [round_trips] [message_length]
Optional. Size of the packet to be sent in each ping. Requests for pings with packets larger than 10 MB throw exceptions. |
In the following example, the command checks a WebLogic Server running on port 7001 of machine localhost ten (10) times.
java weblogic.Admin -url localhost:7001 -username adminuser
-password gumby1234 PING 10
Moves a server from the STANDBY state to the RUNNING state.
For information on performing this task from the Administration Console, refer to Resuming a Server in the Administration Console Online Help. For more information about server states, refer to The Server Lifecycle.
java weblogic.Admin [Connection and User Credentials Arguments] RESUME [targetserver]
Optional. The name of the server to shut down. If you do not specify a value, the command resumes the server that you specified in the -url argument. |
In the following example, a user with the adminuser username and password gumby1234 attempts to resume a server named MyServer via the Administration Server:
java weblogic.Admin -url myAdminServer:7001 -username adminuser
-password gumby1234 RESUME MyServer
Displays the log file generated on a specific server.
java.weblogic.Admin [Connection and User Credentials Arguments] SERVERLOG [[starttime]|[endtime]]
In the following example, a request is made for a running display of the log for the server listening on port 7001 on machine localhost.
java weblogic.Admin -url localhost:7001 -username adminuser
-password gumby1234 SERVERLOG "2001/12/01 14:00" "2001/12/01 16:00"
The request specifies that the running display should begin at 2:00 p.m. on December 1, 2001, and end at 4:00 p.m. on December 1, 2001.
Shuts down the specified WebLogic Server.
When you issue this command, the server invokes any shutdown classes that you have configured. It then notifies all applications and subsystems to stop receiving new requests from external clients and to complete all current work. You can shut down a server gracefully only from the RUNNING or STANDBY states.
In release 6.x, this command included an option to specify a number of seconds to wait before starting the shutdown process. This option is now deprecated. To support this deprecated option, this command must assume that any numerical value that you supply in the field immediately after the SHUTDOWN command is intended to express seconds. You cannot use this command to gracefully shut down a server whose name is made up entirely of numbers. Instead, you must use the Administration Console. For information, refer to Shutting Down a Server in the Administration Console Online Help.
Instead of specifying a delay in the SHUTDOWN command, you can now set attributes to control how a server shuts down. For more information, refer to Timeout Period for LifeCycle Operations in the WebLogic Administration Guide and Setting the Timeout Period for LifeCycle Operations in the Administration Console Online Help.
java weblogic.Admin [Connection and User Credentials Arguments] SHUTDOWN [targetserver]
(Deprecated) java weblogic.Admin [-url URL] -username username
[-password password] SHUTDOWN
[seconds ] ["lockMessage"] ]
In the following example, a user with the adminuser username and password gumby1234 shuts down a server named MyServer via the Administration Server:
java weblogic.Admin -url MyAdminServer:7001 -username adminuser
-password gumby1234 SHUTDOWN MyServer
Starts a remote Managed Server using Node Manager.
Starts a remote Managed Server using Node Manager.
This command requires the following environment:
For information on performing this task from the Administration Console, refer to Starting a Server in the Administration Console Online Help.
Note: In the Administration Console, the Servers
java weblogic.Admin [Connection and User Credentials Arguments]
START targetserver
In the following example, a user with the adminuser username and password gumby1234 attempts to start a server named MyServer via the Administration Server:
java weblogic.Admin -url myAdminServer:7001 -username adminuser
-password gumby1234 START MyServer
Starts a remote Managed Server using Node Manager and places it in a STANDBY state. In this state, a server is not accessible to requests from external clients.
This command requires the following environment:
Note: In the Administration Console, the Servers
For information on performing this task from the Administration Console, refer to Starting a Server in the STANDBY State in the Administration Console Online Help. For more information about server states, refer to The Server Lifecycle.
java weblogic.Admin [Connection and User Credentials Arguments] STARTINSTANDBY [targetserver]
Optional. The name of the WebLogic Server to start in the STANDBY state. If you do not specify a value, the command starts the server that you specified in the -url argument. |
In the following example, a user with the adminuser username and password gumby1234 attempts to start a server named MyServer via the Administration Server:
java weblogic.Admin -url myAdminServer:7001 -username adminuser
-password gumby1234 STARTINSTANDBY MyServer
Creates a user-configuration file and an associated key file. The user-configuration file contains an encrypted username and password. The key file contains a secret key that is used to encrypt and decrypt the username and password.
When you use other weblogic.Admin or weblogic.Deployer commands, you can specify the user-configuration file and key file instead of entering an unencrypted username and password on the command line or including unencrypted credentials in scripts. See Summary of User Credentials Arguments.
Only the key file that originally encrypted the username and password can decyrpt the values. If you lose the key file, you must create a new user-configuration and key file pair.
Caution: You must ensure that only authorized users can access the key file. Any user who accesses a valid user-configuration and key file pair gains the privileges of the encrypted username. To secure access to the key file, you can store the key file in a directory that provides read and write access only to authorized users, such as WebLogic Server administrators. Alternatively, you can write the key file to a removable medium, such as a floppy or CD, and lock the medium in a drawer when it is not being used.
Unlike other weblogic.Admin commands, the STOREUSERCONFIG command does not connect to a WebLogic Server instance. The data encryption and file creation are accomplished by the JVM in which the STOREUSERCONFIG command runs. Because it does not connect to a WebLogic Server instance, the command cannot verify that the username and password are valid WebLogic Server credentials.
java weblogic.Admin
-username username [-password password]
[ -userconfigfile config-file ] [ -userkeyfile keyfile ]
STOREUSERCONFIG
Specifies a file pathname at which the STOREUSERCONFIG command creates a user-configuration file. The pathname can be absolute or relative to the directory from which you enter the command. If a file already exists at the specified pathname, the command overwrites the file with a new file that contains the newly encrypted username and password. If you do not specify this option, STOREUSERCONFIG does the following:
|
|
Specifies a file pathname at which the STOREUSERCONFIG command creates a key file. The pathname can be absolute or relative to the directory from which you enter the command. If a file already exists at the specified pathname, STOREUSERCONFIG uses the existing key file to encrypt the new user-configuration file. If you do not specify this option, STOREUSERCONFIG does the following:
|
|
Specifies the username and password to encrypt. The STOREUSERCONFIG command does not verify that the username and password are valid WebLogic Server user credentials. If you omit the -password password argument, STOREUSERCONFIG prompts you to enter a password. |
Configuring the Default Path Name
If you do not specify the location in which to create and use a user-configuration file and key file, the weblogic.Admin and weblogic.Deployer utilities supply the following default values:
Where user-home-directory is the home directory of the operating-system user account as determined by the JVM, and username is your operating-system username.
The value of the home directory varies depending on the SDK and type of operating system. For example, on UNIX, the home directory is usually "~username." On Windows, the home directory is usually "C:\Documents and Settings\username".
You can use the following Java options to specify values for user-home-directory and username:
For example, the following command configures the user-home directory to be c:\myHome and the user name to be wlAdmin. The command will search for the following user-configuration file and user key file:
c:\myHome\wlAdmin-WebLogicConfig.properties
c:\myHome\wlAdmin-WebLogicKey.properties
java -Duser.home=c:\myHome -Duser.name=wlAdmin
weblogic.Admin COMMAND
Creating User-Configuration and Key Files
To create user-configuration and key files:
You can change the name and location of a user-configuration file or a key file after you create them, as long as you use the two files as a pair.
Using a Single Key File for Multiple User-Configuration Files
To use one key file to encrypt multiple user-configuration files:
In the following example, a user who is logged in to a UNIX operating system as joe encrypts the username wlAdmin and password wlPass:
java weblogic.Admin -username wlAdmin -password wlPass
STOREUSERCONFIG
The command determines whether a key file named ~joe/joe-WebLogicKey.properties exists. If such a file does not exist, it prompts the user to select y to confirm creating a key file. If the command succeeds, it creates two files:
~joe\joe-WebLogicConfig.properties
~joe\joe-WebLogicKey.properties
The file joe-WebLogicConfig.properties contains an encrypted version of the strings wlAdmin and wlPass. Any command that uses the ~joe\joe-WebLogicConfig.properties file must specify the ~joe\joe-WebLogicKey.properties key file.
In the following example, the user joe is a System Administrator who wants to create a user-configuration file for an operating-system account named pat. For the sake of convenience, joe wants to create the user-configuration file in pat's home directory, which will simplify the syntax of the weblogic.Admin commands that pat invokes. For added security, only one key file exists at joe's organization, and it is located on a removable hard drive.
To create a user configuration file in pat's home directory that is encrypted and decrypted by a key file name e:\myKeyFile:
java -Duser.name=pat -Duser.home="C:\Documents and Settings\pat" weblogic.Admin -username wlOperatorPat -password wlOperator1 -userkeyfile e:\myKeyFile
STOREUSERCONFIG
A user who logs in to pat's account can use the following syntax to invoke weblogic.Admin commands:
java weblogic.Admin -userkeyfile e:\myKeyFile COMMAND
For information on using user-configuration and key files, see Summary of User Credentials Arguments.
Prints a snapshot of the WebLogic Server threads that are currently running for a specific server instance. The server instance prints the snapshot to its standard out.
Note: The THREAD_DUMP command is supported only on Sun JVM and JRockit.
java weblogic.Admin [Connection and User Credentials Arguments] THREAD_DUMP
The following example causes a server instance that is running on a host named ManagedHost to print a thread dump to standard out:
java weblogic.Admin -url ManagedHost:8001 -username weblogic
-password weblogic THREAD_DUMP
If the command succeeds, the command itself returns the following:
Thread Dump is available in the command window that is running the server.
The server instance prints a thread dump to its standard out, which, by default, is the shell (command prompt) within which the server instance is running.
(Deprecated) Unlocks the specified WebLogic Server after a LOCK operation.
This command is deprecated because the LOCK command is deprecated. Instead of LOCK and UNLOCK, use STARTINSTANDY and RESUME. For more information, refer to RESUME.
java weblogic.Admin [Connection and User Credentials Arguments] UNLOCK
Required. A valid administrative username must be supplied to use this command. |
|
Required. A valid administrative password must be supplied to use this command. |
In the following example, an administrator named adminuser with a password of gumby1234 requests the unlocking of the WebLogic Server listening on port 7001 on machine localhost:
java weblogic.Admin -url localhost:7001 -username adminuser
-password gumby1234 UNLOCK
Displays the version of the WebLogic Server software that is running on the machine specified by the value of URL.
java weblogic.Admin [Connection and User Credentials Arguments] VERSION
In the following example, a user requests the version of the WebLogic Server running on port 7001 on machine localhost:
java weblogic.Admin -url localhost:7001 -username installadministrator
-password installadministrator VERSION
Note: In this example, the default value of both the username and password arguments, installadministrator, is used.
WebLogic Server Connection Pools Administration Command Reference
Table B-2 presents an overview of WebLogic Server administration commands for connection pools. The following sections describe command syntax and arguments, and provide an example for each command.
For additional information about connection pools see Programming WebLogic JDBC and Managing JDBC Connectivity in the Administration Guide.
Allows creation of connection pool while WebLogic Server is running. For more information, see Creating a Connection Pool Dynamically in Programming WebLogic JDBC.
java weblogic.Admin [Connection and User Credentials Arguments] CREATE_POOL poolName aclName=aclX,
props=myProps,initialCapacity=1,maxCapacity=1,
capacityIncrement=1,allowShrinking=true,shrinkPeriodMins=15,
driver=myDriver,url=myURL
In the following example, a user with the name weblogic and the password weblogic runs the CREATE_POOL command to create a dynamic connection pool:
java weblogic.Admin -url localhost:7001 -username weblogic
-password weblogic CREATE_POOL MyPool
java weblogic.Admin -url t3://forest:7901 -username weblogic
-password weblogic CREATE_POOL dynapool6 "aclName=someAcl,
allowShrinking=true,shrinkPeriodMins=10,
url=jdbc:weblogic:oracle,driver=weblogic.jdbc.oci.Driver,
initialCapacity=2,maxCapacity=8,
props=user=SCOTT;password=tiger;server=bay816"
Connections are closed and removed from the pool and the pool dies when it has no remaining connections.
java weblogic.Admin [Connection and User Credentials Arguments] DESTROY_POOL poolName [true|false]
In the following example, a user with the name adminuser and the password gumby1234 runs the DESTROY_POOL command temporarily freeze the active pool connections:
java weblogic.Admin -url localhost:7001 -username adminuser
-password gumby1234 DESTROY_POOL MyPool false
You can temporarily disable a connection pool, preventing any clients from obtaining a connection from the pool.
You have to options for disabling a pool. 1) Freezing the connections in a pool that you later plan to enable, and 2) destroy the connections.
java weblogic.Admin [Connection and User Credentials Arguments] DISABLE_POOL poolName [true|false]
In the following example, a user with the name adminuser and the password gumby1234 runs the DISABLE_POOL command to freeze a connection that is to be enabled later:
java weblogic.Admin -url localhost:7001 -username adminuser
-password gumby1234 DISABLE_POOL MyPool false
When a pool is enabled, the JDBC connection states for each in-use connection are exactly as they were when the connection pool was disabled; clients can continue JDBC operations exactly where they left off.
java weblogic.Admin [Connection and User Credentials Arguments] ENABLE_POOL poolName
In the following example, a user with the name adminuser and the password gumby1234 runs the ENABLE_POOL command to reestablish connections that have been disabled (frozen):
java weblogic.Admin -url localhost:7001 -username adminuser
-password gumby1234 ENABLE_POOL MyPool
Tests whether a connection pool with a specified name exists in the WebLogic Server. You can use this method to determine whether a dynamic connection pool has already been created or to ensure that you select a unique name for a dynamic connection pool you want to create.
java weblogic.Admin [Connection and User Credentials Arguments] EXISTS_POOL poolName
In the following example, a user with the name adminuser and the password gumby1234 runs the EXISTS_POOL command to determine wether or not a pool with a specific name exists:
java weblogic.Admin -url localhost:7001 -username adminuser
-password gumby1234 EXISTS_POOL MyPool
This command resets the connections in a registered connection pool.
This is a privileged command. You must supply the username and password for the WebLogic Server administrative user to use this command. You must know the name of the connection pool, which is an entry in the config.xml file.
java weblogic.Admin [Connection and User Credentials Arguments] RESET_POOL poolName
This command refreshes the connection pool registered as "demoPool" for the WebLogic Server instance listening on port 7001 of the host xyz.com.
java weblogic.Admin -url t3://xyz.com:7001 -username system
-password gumby RESET_POOL demoPool
MBean Management Command Reference
Table B-3 presents an overview of the MBean management commands. The following sections describe command syntax and arguments, and provide an example for each command.
All of the MBean management commands can accept a -type argument, which causes the command to operate on all MBeans that are an instance of a type that you specify. An MBean's type refers to the interface class of which the MBean is an instance. All WebLogic Server MBeans are an instance of one of the interface classes defined in the weblogic.management.configuration or weblogic.management.runtime packages. For configuration MBeans, type also refers to whether an instance is an Administration MBean or a Local Configuration MBean. For a complete list of all WebLogic Server MBean interface classes, refer to the WebLogic Server Javadoc for the weblogic.management.configuration or weblogic.management.runtime packages.
To determine the value that you provide for the -type argument, do the following:
All of the MBean management commands include a -url argument that you use to specify the WebLogic Server instance that hosts the MBean.
To work with Administration MBeans, you must use the -url argument to specify the Administration Server. To work with Local Configuration MBeans or Runtime MBeans, you must use the -url argument to specify the WebLogic Server instance that hosts the MBeans.
If all of the following conditions are true, you can use weblogic.Admin to access any MBean in the entire domain:
For example, if all of the above conditions are true, then you can determine the state of all servers in the domain by issuing the following command:
java weblogic.Admin -username weblogic -password weblogic GET -type ServerRuntime -property State
Creates an instance of a WebLogic Server Administration MBean. Returns OK to stdout when successful. This command cannot be used for Runtime MBeans and we recommend that you do not use it to create Local Configuration MBeans.
When you use this command to create an Administration MBean instance, WebLogic Server populates the MBean with default values and saves the MBean's configuration in the domain's config.xml file. WebLogic Server does not create the corresponding Local Configuration MBean replica until you restart the server instance that hosts the underlying managed resource. For example, if you create a JDBCConnectionPool Administration MBean to manage a JDBC connection pool on a Managed Server named MyServer, you must restart MyServer so that it can create its local replica of the JDBCConnectionPool Administration MBean that you created. For more information on MBean replication and the lifecycle of MBeans, refer to "MBeans for Configuring Managed Resources" in the Programming WebLogic Management Services with JMX guide.
java weblogic.Admin [Connection and User Credentials Arguments] CREATE -name name -type mbean_type
[-domain domain_name]
java weblogic.Admin [-url URL] -username username
[-password password] CREATE -mbean mbean_name
The WebLogic Server instance that is the target of the command. For more information, refer to Specifying Servers. |
|
The type of MBean that you are creating. For more information, refer to Specifying MBean Types. |
|
Fully qualified object name of an MBean in the WebLogicObjectName format. For example: For more information, refer to the Javadoc for WebLogicObjectName. |
|
Name of the domain in which you want to create the MBean instance. If domain_name is not specified, the command assumes the domain to which the target server belongs. |
The following example uses the -name and -type arguments to create a JDBCConnectionPool Administration MBean named MyPool on an Administration Server:
java weblogic.Admin -url AdminHost:7001 -username weblogic
-password weblogic CREATE -name MyPool -type JDBCConnectionPool
If the command succeeds, it prints the following to standard out:
The following example uses the -mbean argument and WebLogicObjectName conventions to create a JDBCConnectionPool Administration MBean named MyPool on an Administration Server:
java weblogic.Admin -url AdminHost:7001 -username weblogic
-password weblogic
CREATE -mbean "MyDomain:Type=JDBCConnectionPool,Name=MyPool"
Deletes an MBean. If you delete an Administration MBean, WebLogic Server removes the corresponding entry from the domain's config.xml file. Returns OK in stdout when successful.
Note: When you delete an Administration MBean, a WebLogic Server instance does not delete the corresponding Configuration MBean until you restart the server instance.
java weblogic.Admin [Connection and User Credentials Arguments]
{-type mbean_type|-mbean mbean_name}
The WebLogic Server instance that is the target of the command. For more information, refer to Specifying Servers. |
|
Deletes all MBeans of the specified type. For more information, refer to Specifying MBean Types. |
|
Fully qualified object name of an MBean in the WebLogicObjectName format. For example: For more information, refer to the Javadoc for WebLogicObjectName. |
The following example deletes the JDBCConnectionPool Administration MBean named MyPool:
java weblogic.Admin -url AdminHost:7001 -username weblogic
-password weblogic DELETE -mbean
MyDomain:Name=MyPool,Type=JDBCConnectionPool
If the command succeeds, it prints the following to standard out:
The following example deletes the JDBCConnectionPool Local Configuration MBean named MyPool on a server instance named MyServer:
java weblogic.Admin -url ManagedHost:8001 -username weblogic
-password weblogic DELETE -mbean
MyDomain:Location=MyServer,Name=MyPool,
Type=JDBCConnectionPoolConfig
The following example deletes all JDBCConnectionPool Local Configuration MBeans for all server instances in the domain:
java weblogic.Admin -adminurl AdminHost:7001 -username weblogic
-password weblogic DELETE -type JDBCConnectionPoolConfig
The following example deletes all JDBCConnectionPool Local Configuration MBeans for a Managed Server that runs on a computer named ManagedHost:
java weblogic.Admin -url ManagedHost:8001 -username weblogic
-password weblogic DELETE -type JDBCConnectionPoolConfig
Displays MBean properties (attributes) and JMX object names (in the WebLogicObjectName format).
The output of the command is as follows:
{MBeanName object-name {property1 value} {property2 value}. . .} {MBeanName object-name {property1 value} {property2 value} . . .}
. . .
Note that the properties and values are expressed as name-value pairs, each of which is returned within curly brackets. This format facilitates parsing of the output by a script.
If -pretty is specified, each property-value pair is displayed on a new line and curly brackets are not used to separate the pairs:
MBeanName: object-name
property1: value
property2: value
.
.
.
MBeanName: object-name
property1: value
abbribute2: value
java weblogic.Admin [Connection and User Credentials Arguments]
GET [-pretty] {-type mbean_type|-mbean mbean_name}
[-property property1] [-property property2]...
The WebLogic Server instance that is the target of the command. For more information, refer to Specifying Servers. |
|
Returns information for all MBeans of the specified type. For more information, refer to Specifying MBean Types. |
|
Fully qualified object name of an MBean in the WebLogicObjectName format: For more information, refer to the Javadoc for WebLogicObjectName. |
|
The name of the MBean property (attribute) or properties to be listed. Note: If property is not specified using this argument, all properties are displayed. |
The following example displays all properties of the JDBCConnectionPool Administration MBean for a connection pool named MyPool. Note that the command must connect to the Administration Server to retrieve information from an Administration MBean:
java weblogic.Admin -url AdminHost:7001 -username weblogic
-password weblogic GET -pretty -mbean
MyDomain:Name=MyPool,Type=JDBCConnectionPool
If the command succeeds, it returns output similar to the following truncated example:
---------------------------
MBeanName: "MyDomain:Name=MyPool,Type=JDBCConnectionPool"
ACLName:
CachingDisabled: true
CapacityIncrement: 1
ConnLeakProfilingEnabled: false
ConnectionCreationRetryFrequencySeconds: 0
ConnectionReserveTimeoutSeconds: 10
...
The following example displays all instances of all JDBCConnectionPoolRuntime MBeans for all servers in the domain.
java weblogic.Admin -adminurl AdminHost:7001 -username weblogic
-password weblogic GET -pretty -type JDBCConnectionPoolRuntime
The following example displays all instances of all JDBCConnectionPoolRuntime MBeans that have been deployed on the server instance that listens on ManagedHost:8001:
java weblogic.Admin -url ManagedHost:8001 -username weblogic
-password weblogic GET -pretty -type JDBCConnectionPoolRuntime
Invokes a management operation for one or more MBeans. For WebLogic Server MBeans, you usually use this command to invoke operations other than the getAttribute and setAttribute that most WebLogic Server MBeans provide.
java weblogic.Admin [Connection and User Credentials Arguments] INVOKE {-type mbean_type|-mbean mbean_name} -method
methodname [argument . . .]
The WebLogic Server instance that is the target of the command. For more information, refer to Specifying Servers. |
|
Invokes the operation on all MBeans of a specific type. For more information, refer to Specifying MBean Types. |
|
Fully qualified object name of an MBean, in the WebLogicObjectName format: For more information refer to the Javadoc for WebLogicObjectName. |
|
Arguments to be passed to the method call. When the argument is a String array, the arguments must be passed in the following format: |
The following example enables a JDBC connection pool by invoking the enable method of the JDBCConnectionPoolRuntime MBean:
java weblogic.Admin -url AdminHost:7001 -username weblogic
-password weblogic INVOKE
-mbean MyDomain:Location=MyServer,Name=MyPool,
ServerRuntime=MyServer,Type=JDBCConnectionPoolRuntime
-method enable
If the command succeeds, it returns the following:
{MBeanName="MyDomain:Location=MyServer,Name=MyPool,ServerRuntime=
MyServer,Type=JDBCConnectionPoolRuntime"}
Ok
The following example enables all JDBC connection pools in the domain by invoking the enable method of all the JDBCConnectionPoolRuntime MBeans:
java weblogic.Admin -adminurl AdminHost:7001 -username weblogic
-password weblogic INVOKE
-type JDBCConnectionPoolRuntime -method enable
Sets the specified property (attribute) values for a configuration MBean. Returns OK on stdout when successful. This command cannot be used for runtime MBeans.
If you use this command for an Administration MBean, the new values are saved to the config.xml file or the security realm, depending on where the new values have been defined.
java weblogic.Admin [Connection and User Credentials Arguments]
SET {-type mbean_type|-mbean mbean_name}
-property property1 property1_value
[-property property2 property2_value] . . .
The WebLogic Server instance that is the target of the command. For more information, refer to Specifying Servers. |
|
Sets the properties for all MBeans of a specific type. For more information, refer to Specifying MBean Types. |
|
Fully qualified object name of an MBean in the WebLogicObjectName format. For example: For more information, refer to the Javadoc for WebLogicObjectName. |
|
"domain:Name=name,Type=type;domain:Name=name,Type=type"
|
The following example sets to 64 the StdoutSeverityLevel property of the local configuration instance of the ServerMBean for a server named MyServer:
java weblogic.Admin -url http://ManagedHost:8001
-username weblogic -password weblogic
SET -mbean
MyDomain:Location=MyServer,Name=MyServer,Type=ServerConfig
-property StdoutSeverityLevel 64
If the command succeeds, the server instance writes a log message similar to the following:
<Sep 16, 2001 12:11:27 PM EDT> <Info> <Logging> <000000> <Log messages of every severity will be displayed in the shell console.>
The command prints Ok to standard out.
The following example sets to 64 the StdoutSeverityLevel property for all administration instances of ServerMBean in the current domain:
java weblogic.Admin -url http://AdminHost:7001
-username weblogic -password weblogic
SET -type Server -property StdoutSeverityLevel 64
Example: Targeting a JDBC Connection Pool
The following example targets a JDBC connection pool named MyPool to a server named MS1:
java weblogic.Admin -url http://AdminHost:7001
-username weblogic -password weblogic
GET -type Server
Because the -url argument specifies the Administration Server, the command returns a Server Administration MBean for all server instances in the domain. The output includes the object name for ServerMBean that represents MS1:
MBeanName: "examples:Name=MS1,Type=Server"
AcceptBacklog: 50
AdministrationPort: 0
AutoKillIfFailed: false
.
.
.
java weblogic.Admin -url http://AdminHost:7001
-username weblogic -password weblogic
GET -type JDBCConnectionPool
The command returns a JDBCConnectionPool Administration MBean for all JDBC Connection Pools in the domain. The output includes the object name of the MyPool connection pool:
MBeanName: "examples:Name=MyPool,Type=JDBCConnectionPool"
ACLName:
CachingDisabled: true
CapacityIncrement: 1
java weblogic.Admin -url http://AdminHost:7001
-username weblogic -password weblogic
SET -mbean "examples:Name=MyPool,Type=JDBCConnectionPool"
-property Targets "examples:Name=MS1,Type=Server"
Because you must modify an Administration MBean (JDBCConnectionPoolMBean) to complete this task, the -url option must specify the domain's Administration Server. See "MBeans for Configuring Managed Resources" in Programming WebLogic Management Services with JMX.
Using weblogic.Admin Commands to Manage Users and Groups
In the WebLogic Security Service, an Authentication provider is the software component that proves the identity of users or system processes. An Authentication provider also remembers, transports, and makes that identity information available to various components of a system when needed. A security realm can use different types of Authentication providers to manage different sets of users and groups. See "Authentication Providers" in Developing Security Providers for WebLogic Server.
You can use the weblogic.Admin utility to invoke operations on the following types of Authentication providers:
The following sections describe basic tasks for managing users and groups with the weblogic.Admin utility:
For information about additional tasks that the AuthenticationProvider and the optional MBeans support, refer to the Javadoc for the weblogic.management.security.authentication package.
Finding the Object Name for an AuthenticationProvider MBean
To invoke operations on an Authentication provider, you must specify the object name of the provider's AuthenticationProviderMBean.
The object name of the WebLogic Authentication provider is:
Security:Name=realmNameDefaultAuthenticator
where realmName is the name of a security realm. For example, Security:Name=myrealmDefaultAuthenticator.
The object name of the LDAP authentication providers is:
Security:Name=realmNameLDAPAuthenticator
BEA recommends that you follow a similar convention when you create your own Authentication providers:
Security:Name=realmNameAuthenticatorName
If you use the Administration Console to add an Authentication provider to the realm, your AuthenticationProviderMBean name will follow the recommended naming convention.
To create a user, invoke the UserEditorMBean.createUser method, which is extended by the security realm's AuthenticationProvider MBean. See the Javadoc for the createUser method.
The method requires three input parameters:
username password user-description
Separate the parameters with a space. If any parameter contains a space, surround it with quotes.
The following example invokes createUser on the WebLogic Authentication provider:
java weblogic.Admin -adminurl localhost:8001 -username weblogic -password weblogic invoke -mbean Security:Name=myrealmDefaultAuthenticator
-method createUser my-user1 mypassword "my user"
If the command succeeds, it prints OK to standard out.
To add a user to a group, invoke the GroupEditorMBean.addMemberToGroup method, which is extended by the security realm's AuthenticationProvider MBean. See the Javadoc for the addMemberToGroup method.
The method requires two input parameters:
The following example invokes addMemberToGroup on the WebLogic Authentication provider:
java weblogic.Admin -adminurl localhost:8001 -username weblogic -password weblogic invoke -mbean Security:Name=myrealmDefaultAuthenticator
-method addMemberToGroup Administrators my-user1
If the command succeeds, it prints OK to standard out.
Verifying Whether a User is a Member of a Group
To verify whether a user is a member of a group, invoke the GroupEditorMBean.isMember method, which is extended by the security realm's AuthenticationProvider MBean. See the Javadoc for the isMember method.
The method requires three input parameters:
where boolean specifies whether the command searches within child groups. If you specify true, the command returns true if the member belongs to the group that you specify or to any of the groups contained within that group.
The following example invokes isMember on the WebLogic Authentication provider:
java weblogic.Admin -adminurl localhost:8001 -username weblogic -password weblogic invoke -mbean Security:Name=myrealmDefaultAuthenticator
-method isMember Administrators weblogic true
If the user is a member of the group, the command prints true to standard out.
Listing Groups to Which a User Belongs
To see a list of groups that contain a user or a group, invoke the MemberGroupListerMBean.listMemberGroups method, which is extended by the security realm's AuthenticationProvider MBean. See the Javadoc for the listMemberGroups method.
The method requires one input parameter:
where memberUserOrGroupName specifies the name of an existing user or a group.
The following example invokes listMemberGroups on the WebLogic Authentication Provider:
java weblogic.Admin -adminurl localhost:8001 -username weblogic -password weblogic invoke -mbean Security:Name=myrealmDefaultAuthenticator
-method listMemberGroups my-user1
The method returns a cursor, which refers to a list of names. The weblogic.management.utils.NameLister.haveCurrent, getCurrentName, and advance methods iterate through the returned list and retrieve the name to which the current cursor position refers. See the Javadoc for the weblogic.management.utils.NameLister interface.
Limiting Group Membership Searching in an LDAP Server
Unlimited, recursive searches for group membership can take up considerable time and produce a performance bottleneck. To control the depth of group membership searches, you can set the value of GroupMembershipSearching on the WebLogic Authentication provider, LDAP Authentication providers, or any other Authentication provider that implements the AuthenticationProvider interface.
To limit group searches, set the value of GroupMembershipSearching on the WebLogic Authentication provider or LDAP Authentication providers to limited. The GroupMembershipSearching attribute has the following valid values:
where limited specifies whether the command searches within one or more levels of a nested group hierarchy. If you specify a limited search, the MaxGroupMembershipSearchLevel attribute must be specified. The default is an unlimited search.
The MaxGroupMembershipSearchLevel attribute specifies how many levels of group membership to search. Valid values are 0 and positive integers, where 0 specifies that the command searches only within direct group memberships. A positive integer specifies the number of levels to search.
For example, when searching for membership in Group A, 0 indicates that only direct members of Group A will be found. If Group B is a member of Group A, the members of Group B will not be found by this search. If the attribute is set to 1, a search for membership in Group A will return direct members of Group A and any members of groups which are direct members of Group A. If Group B is a member of Group A, the members of Group B will also be found by this search. However, if Group C is a member of Group B, the members of Group C will not be found by this search.
See the Javadoc for GroupMembershipSearching and MaxGroupMembershipSearchLevel.
The following example gets the GroupMembershipSearching property on the WebLogic Authentication provider:
java weblogic.Admin -username xxxx -password yyyy -url t3://localhost:7001 get -mbean Security:Name=myrealmDefaultAuthenticator -pretty -property GroupMembershipSearching -commotype