e-docs > WebLogic Server > WebLogic Server Configuration Reference > Cluster

WebLogic Server Configuration Reference

 Previous Next Contents Index View as PDF  

Cluster

 

Description

This bean represents a cluster in the domain. Servers join a cluster by calling ServerMBean.setCluster with the logical name of the cluster. A configuration may define zero or more clusters. They may be looked up by logical name. The name of a cluster denotes its logical cluster name.

 

Syntax

<Cluster
  ClientCertProxyEnabled=( "true" | "false" )
  ClusterAddress="String"
  DefaultLoadAlgorithm=( "round-robin" | "weight-based" | "random" )
  HttpTraceSupportEnabled=( "true" | "false" )
  IdlePeriodsUntilTimeout="number"
  MulticastAddress="String"
  MulticastBufferSize="number of kilobytes"
  MulticastPort="number"
  MulticastSendDelay="number"
  MulticastTTL="number"
  Name="String"
  Notes="String"
  WeblogicPluginEnabled=( "true" | "false" )
/>

 

Parent Elements

 

Attributes

Table 4-1 Cluster attributes

Attribute

Description

Range of Values and Default

ClientCertProxyEnabled

A value of true causes proxy-server plugins to pass identity certificates from clients to all web applications that are deployed on all server instances in the cluster.

A proxy-server plugin encodes each identify certification in the WL-Proxy-Client-Cert header and passes the header to WebLogic Server instances. Each WebLogic Server instance takes the certificate information from the header, trusting that it came from a secure source, and uses that information to authenticate the user.

If you specify true, use a weblogic.security.net.ConnectionFilter to ensure that each WebLogic Server instance accepts connections only from the machine on which the proxy-server plugin is running. Specifying true without using a connection filter creates a potential security vulnerability because the WL-Proxy-Client-Cert header can be spoofed.

A value of true overrides the value that each server instance within the cluster specifies with ServerMBean#setClientCertProxyEnabled(boolean).

By default (or if you specify false):

  • Each server instance can determine whether its applications trust certificates sent from the proxy server plugin.

  • If a server instance does not set a value for its ClientCertProxyEnabled attribute (or if it specifies false), the weblogic.xml deployment descriptor for each web application determines whether the web application trusts certificates sent from the proxy server plugin.

  • By default (or if the deployment descriptor specifies false), users cannot log in to the web application from a proxy server plugin.

Admin Console field label: Client Cert Proxy Enabled

Required: no

Default: false

Secure value: false

ClusterAddress

Defines the address to be used by clients to connect to this cluster. This address may be either a DNS host name that maps to multiple IP addresses or a comma separated list of single address host names or IP addresses. If network channels are configured, it is possible to set the cluster address on a per channel basis.

Admin Console field label: Cluster Address

Required: no

DefaultLoadAlgorithm

Defines the algorithm to be used for load-balancing between replicated services if none is specified for a particular service.

Admin Console field label: Default Load Algorithm

Required: no

Default: round-robin

HttpTraceSupportEnabled

Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method. This attribute is for disabling HTTP TRACE support. It is duplicated both in ClusterMBean and ServerMBean so the attribute HttpTraceSupportEnabled can be used cluster-wide. ClusterMBean overrides ServerMBean

Required: no

Default: false

IdlePeriodsUntilTimeout

Maximum number of periods that a cluster member will wait before timing out a member of a cluster.

Required: no

Default: 3

Minimum: 3

MulticastAddress

Defines the multicast address used by cluster members to communicate with each other.

Admin Console field label: Multicast Address

Required: no

Default: 237.0.0.1

MulticastBufferSize

Defines the multicast socket send/receive buffer size.

Admin Console field label: Multicast Buffer Size

Required: no

Units: kilobytes

Default: 64

Minimum: 64

MulticastPort

Defines the multicast port used by cluster members to communicate with each other.

Admin Console field label: Multicast Port

Required: no

Default: 7001

Minimum: 1

Maximum: 65535

MulticastSendDelay

Defines the number of milliseconds to delay sending message fragments over multicast in order to avoid OS-level buffer overflow.

Admin Console field label: Multicast Send Delay

Required: no

Default: 12

Minimum: 0

Maximum: 100

MulticastTTL

Sets the time-to-live value for the cluster's multicast address.

Admin Console field label: Multicast TTL

Required: no

Default: 1

Minimum: 1

Maximum: 255

Name

The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.

Admin Console field label: Name

Required: no

Notes

Optional information that you can include to describe this configuration.

Admin Console field label: Notes

Required: no

WeblogicPluginEnabled

WLS HttpRequest.getRemoteAddr() used to rely on X-Forwarded-For for its returned value. This is a security hole due to HTTP header can be easily mocked and we end up with returning wrong value. This is improved by introducing a proprietary header WL-Proxy-Client-IP from our plugins and this header will only be used if WLS is configured to use our plugins. This is duplicated both in ClusterMBean and ServerMBean so the attribute WeblogicPluginEnabled can be used cluster-wide. ClusterMBean overrides ServerMBean

Admin Console field label: WebLogic Plug-In Enabled

Required: no

Default: false

Secure value: false

 

Back to Top Previous Next