5 Configuring WebLogic for Oracle Real-Time Decisions

Oracle RTD is supported on both UNIX and Windows platforms for the Oracle WebLogic application server. The following sections explain how to install the Real-Time Decision Server on WebLogic.

Note:

Although the Real-Time Decision Server runs on either UNIX or Windows, the Oracle RTD client tools must be run from a Windows platform.

This section contains the following topics:

• Section 5.1, "Creating and Starting an Oracle RTD Domain"

• Section 5.2, "Starting the Node Manager and the WebLogic Server"

• Section 5.3, "Creating a Managed Server"

• Section 5.4, "Configuring Managed Server Properties"

• Section 5.5, "Creating and Adding a Machine to the Managed Server"

• Section 5.6, "Starting the Managed Server"

• Section 5.7, "Creating a JDBC Provider for the Oracle RTD Database"

• Section 5.8, "Creating Oracle RTD Roles and Users"

• Section 5.9, "Deploying Oracle RTD to the Managed Server"

• Section 5.10, "Assigning Permissions to Custom Roles"

• Section 5.11, "Starting Oracle Real-Time Decisions"

• Section 5.12, "Uninstalling the Oracle Real-Time Decisions Application from WebLogic"

• Section 5.13, "Configuring SSL for Real-Time Decision Server (Recommended)"

• Section 5.14, "Setting Up JConsole Security for WebLogic"

• Section 5.15, "Changing the Oracle Real-Time Decisions Port Number in WebLogic"

5.1 Creating and Starting an Oracle RTD Domain

To create the domain for Oracle RTD, perform the following steps:

1. Start the Configuration Wizard:

   Start > All Programs > Oracle WebLogic > WebLogic Server > Tools > Configuration Wizard.

2. In the Welcome dialog, select the Create a new WebLogic Domain radio button.

3. Click Next.

4. In the Domain Source dialog, select Generate a domain configured automatically to support the following products radio button.

5. Click Next.

6. In the Configure Administration Username and Password dialog, enter admin username/password, for example weblogic/weblogic.

7. Click Next.

8. In the Configure Server Start Mode and JDK dialog, under WebLogic Domain Startup Mode, select the appropriate development mode. Note that for Production mode, you will need to use Edit & Lock key for changes.

9. In the Configure Server Start Mode and JDK dialog, under JDK Selection, select Available JDKs radio button, then select a JDK that is supported for your system configuration, for example, Sun, JRockit.

10. Click Next.

11. In the Customize Environment and Services Settings dialog, select No.

12. Click Next.

13. In the Create WebLogic Domain dialog, for Domain Name, enter a name for the Oracle RTD domain, such as RTD_domain and click Create.

14. Wait until the installation finishes.

15. Check the Start Admin Server checkbox.

16. Click Done.

17. Stop the Example domain:

    Start > All Programs > Oracle WebLogic > WebLogic Server > Examples > Stop Examples Server

18. Start the domain:

    Start > All Programs > Oracle WebLogic > User Projects > domain_name > Start Admin Server for Weblogic Server Domain

5.2 Starting the Node Manager and the WebLogic Server

To start the Node Manager and the WebLogic Server, perform the following steps:

1. Navigate the path:

   Start > All Programs > Oracle WebLogic > WebLogic Server > Tools > Node Manager

2. Start the WebLogic Server:

   In Windows, navigate the path:

   Start > All Programs > Oracle WebLogic > QuickStart

5.3 Creating a Managed Server

To create a managed server, perform the following steps:

1. Open the Administration Console for your Oracle RTD domain.

   http://weblogic_host:port/console

   For example, http://localhost:7001/console.

2. For the WebLogic Server, enter the Username and Password for the domain, and click Log In.

3. In the tree on the left, expand Environment and choose Servers.

4. Add a new server, and specify the Server Name, for example, RTD_Server.

5. For the Server Listen Port, enter the port number that you want to use for Oracle RTD, for example, 8080.

6. Click Finish.

5.4 Configuring Managed Server Properties

To add JVM and startup arguments to the managed server, perform the following steps:

1. Navigate the path:

   Environment > Servers > managed_server_name > Configuration > Start Server tab.

2. For Java Home and Java Vendor, enter the location and vendor name of the JDK that is supported for your system configuration.

   For example, C:\Oracle\Middleware\jdk160_23 and Sun, or C:\Oracle\Middleware\jrockit_1.6.0_20 and BEA.

3. Add the appropriate path for your configuration to ClassPath:

   On Windows

   • For Oracle

     MW_HOME\wlserver_10.3\server\lib\weblogic.jar;RTD_HOME\lib\jdbc\ojdbc14.jar

   • For SQLServer

     MW_HOME\wlserver_10.3\server\lib\weblogic.jar;RTD_HOME\lib\jdbc\sqljdbc.jar

   • For DB2

     MW_HOME\wlserver_10.3\server\lib\weblogic.jar;RTD_HOME\lib\jdbc\db2jcc.jar; RTD_HOME\lib\jdbc\db2jcc_license_cu.jar

   On Linux/Unix

   • For Oracle

     MW_HOME\wlserver_10.3\server\lib\weblogic.jar:RTD_HOME\lib\jdbc\ojdbc14.jar

   • For SQLServer

     MW_HOME\wlserver_10.3\server\lib\weblogic.jar:RTD_HOME\lib\jdbc\sqljdbc.jar

   • For DB2

     MW_HOME\wlserver_10.3\server\lib\weblogic.jar:RTD_HOME\lib\jdbc\db2jcc.jar: RTD_HOME\lib\jdbc\db2jcc_license_cu.jar

4. For the Arguments field, add the following, all on one line:

   -Dorg.eclipse.emf.ecore.EPackage.Registry.INSTANCE=com.sigmadynamics.emf.util.SDEMFRegistry -Djavax.xml.parsers.SAXParserFactory=com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=12345 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.net.preferIPv4Stack=true -Dweblogic.wsee.skip.async.response=true -XX:MaxPermSize=256m
   

5. Save.

5.5 Creating and Adding a Machine to the Managed Server

To create a machine and add it to the managed server, perform the following steps:

1. Logon to the Administration Console:

   http://weblogic_host:port/console

2. In the tree to the left under Domain Structure, expand Environment and click Machines.

3. Click New.

4. For Name, enter the WebLogic server host name, for example, MyMachine.

5. Click Save.

6. Under Environments > Machines > <your_newly_created_machine>, click the Servers tab, then Add.

7. In the Add A Server to the Machine page, select the server that you created in step 4 of Section 5.3, "Creating a Managed Server" from the dropdown list.

8. Click Finish.

5.6 Starting the Managed Server

Note:

The instructions in the main part of this section are for Oracle RTD deployed onto WebLogic managed servers when they are started and stopped through node manager.

For the WebLogic server startup instructions where you deploy Oracle RTD onto the WebLogic admin server, or where you start managed servers without going through node manager, see Section 5.6.1, "Starting Oracle RTD When Deployed to Admin Server or Through Startup Scripts."

To start the managed server, perform the following steps:

1. Logon to the Administration Console:

   http://weblogic_host:port/console

2. In the tree to the left under Domain Structure, expand Environment and click Servers.

3. Click the Control tab.

4. Select the checkbox for the managed server that you created in Section 5.3, "Creating a Managed Server.", and start the server.

5. Wait a few seconds before refreshing the page.

   The server that you selected should be in a Running state.

5.6.1 Starting Oracle RTD When Deployed to Admin Server or Through Startup Scripts

If you deploy Oracle RTD onto the WebLogic admin server, or if you start managed servers without going through node manager, you must specify the JVM arguments as detailed in step 4 of Section 5.4, "Configuring Managed Server Properties" in one of two ways:

1. Update the appropriate startup scripts:

• startWebLogic.cmd and startWebLogic.sh for admin server

• startManagedWebLogic.cmd and startManagedWebLogic.sh for managed servers

by adding the JVM arguments that follow to the top of the script, with one line for each JVM argument.

For example, for Windows (extra blank lines are shown for clarity, but are not required in the script):

set JAVA_OPTIONS=%JAVA_OPTIONS% -Dorg.eclipse.emf.ecore.EPackage.Registry.INSTANCE=com.sigmadynamics.emf.util.SDEMFRegistry

set JAVA_OPTIONS=%JAVA_OPTIONS% -Djavax.xml.parsers.SAXParserFactory=com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl

set JAVA_OPTIONS=%JAVA_OPTIONS% -Dcom.sun.management.jmxremote=true
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dcom.sun.management.jmxremote.port=12345
set JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.authenticate=false
set JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.ssl=false
set JAVA_OPTS=%JAVA_OPTS% -Djava.net.preferIPv4Stack=true
set JAVA_OPTS=%JAVA_OPTS% -Dweblogic.wsee.skip.async.response=true
set JAVA_OPTS=%JAVA_OPTS% -XX:MaxPermSize=128m

For example, for Unix (extra blank lines are shown for clarity, but are not required in the script):

JVMARGS=$JVMARGS -Dorg.eclipse.emf.ecore.EPackage.Registry.INSTANCE=com.sigmadynamics.emf.util.SDEMFRegistry

JVMARGS=$JVMARGS -Djavax.xml.parsers.SAXParserFactory=com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl

JVMARGS=$JVMARGS -Dcom.sun.management.jmxremote=true
JVMARGS=$JVMARGS -Dcom.sun.management.jmxremote.port=12345
JVMARGS=$JVMARGS -Dcom.sun.management.jmxremote.authenticate=false
JVMARGS=$JVMARGS -Dcom.sun.management.jmxremote.ssl=false
JVMARGS=$JVMARGS -Djava.net.preferIPv4Stack=true
JVMARGS=$JVMARGS -Dweblogic.wsee.skip.async.response=true
JVMARGS=$JVMARGS -XX:MaxPermSize=128m

2. When calling the scripts to start the admin server or managed servers, pass in the JVM arguments.

For example:

>startManagedWebLogic.sh Managed_Server_Name http://${IP_ADDRESS}:${MS_PORT} -Dorg.eclipse.emf.ecore.EPackage.Registry.INSTANCE=com.sigmadynamics.emf.util.SDEMFRegistry -Djavax.xml.parsers.SAXParserFactory=com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=12345 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.net.preferIPv4Stack=true -Dweblogic.wsee.skip.async.response=true -XX:MaxPermSize=128m

Note:

If you are not using the WebLogic built-in JDBC drivers to set up the Oracle RTD Database, add the appropriate JDBC drivers bundled with Oracle RTD (RTD_HOME\lib\*.jar) to the WebLogic classpath.

5.7 Creating a JDBC Provider for the Oracle RTD Database

Use the WebLogic Server Administration Console to create a JDBC provider for the Oracle RTD Database. Before you begin, ensure that WebLogic is started.

Notes:

1. For general information about configuring WebLogic JDBC data sources, see Oracle Fusion Middleware Configuring and Managing JDBC for Oracle WebLogic Server.

2. If your WebLogic version is 11g 10.3.3+ and your Oracle RTD database is in an Oracle database server, see Section 5.7.1, "Creating an Oracle JDBC Provider for the Oracle RTD Database on WebLogic 11g 10.3.3+."

To create a JDBC provider for the Oracle RTD Database:

1. Access the WebLogic Server Administration Console for your Oracle RTD domain at the URL http://weblogic_host:port/console. At the login prompt, enter the administrator user name and password. On Windows, you can also access the WebLogic Server Administration Console through Start > Programs > Oracle WebLogic > User Projects > domain_name > Admin Server Console.

2. Navigate the path Services -> Data Sources -> New -> Generic Data Source.

3. On the JDBC Data Source Properties page, follow these steps:

   1. For Name, enter a descriptive data source name, such as RTD_DS.

   2. For JNDI Name, enter SDDS.

   3. For Database Type, select Other.

   4. Ensure that the Database Driver is set to Other, then click Next.

4. On the Transaction Options page, deselect Supports Global Transactions, then click Next.

5. On the Connection Properties page, follow these steps:

   1. For Database Name, enter the name of the Oracle RTD Database you created in Section 2.2.

   2. For Host Name, enter the name of the computer hosting the database server.

   3. For Port, enter the port number on the database server used to connect to the database (such as 1433 for SQL Server, 1521 for Oracle Database, or 50000 for DB2).

   4. For Database User Name, enter the name of the database run-time user.

   5. For Password, enter the password of the database run-time user, then click Next.

6. On the Test Database Connection page, for Driver Class Name, enter the full package name of the JDBC driver class used to create the physical database connections in the connection pool (note that this driver class must be in the classpath of any server to which it is deployed):

   • SQL Server: com.microsoft.sqlserver.jdbc.SQLServerDriver

   • Oracle Database: oracle.jdbc.pool.OracleDataSource

   • DB2: com.ibm.db2.jcc.DB2Driver

7. For URL, enter the URL of the database to which you want to connect. The format of the URL varies by database type:

   • SQL Server: jdbc:sqlserver://db_host:db_port

     Note:

     If the database is on a SQL Server named instance, specify the db_host parameter using the format host_name\instance_name.

   • Oracle Database: jdbc:oracle:thin:@db_host:db_port:sid

   • DB2: jdbc:db2://db_host:db_port/db_name

8. In the Properties field, enter properties and their values required by the JDBC driver. The properties you need to provide vary by database type:

   • For SQL Server, enter the properties user=db_user_name and DatabaseName=db_name on separate lines

   • For Oracle Database, enter the property user=db_user_name

   • For DB2, enter the property user=db_user_name

9. Scroll to the bottom of the page and enter SDAPPS for Test Table Name.

10. Click Test Configuration. If the test fails, go back and check your settings. If the test succeeds, click Next.

11. Select the server where you want the data source to be made available (for example, RTD_Server). You must perform this step before completing the data source configuration.

12. Click Finish.

5.7.1 Creating an Oracle JDBC Provider for the Oracle RTD Database on WebLogic 11g 10.3.3+

To create a JDBC provider when your Oracle RTD database is in an Oracle database server, and Oracle RTD is deployed on WebLogic 11g 10.3.3+, perform the following steps:

1. Log into the WebLogic Server Administration Console with the administrator user name and password.

2. Navigate the path Services -> Data Sources -> New -> Generic Data Source.

3. On the JDBC Data Source Properties page, follow these steps:

   1. For Name, enter a descriptive data source name, such as RTD_DS.

   2. For JNDI Name, enter SDDS.

   3. For Database Type, select Oracle.

   4. For the Database Driver, select Oracle's Driver (Thin) for Instance connections; Versions: 9.0.1 and later, then click Next.

4. On the Transaction Options page, deselect Supports Global Transactions, then click Next.

5. On the Connection Properties page, follow these steps:

   1. For Database Name, enter the name of the Oracle RTD Database you created in Section 2.2.

   2. For Host Name, enter the name of the computer hosting the database server.

   3. For Port, enter the port number on the database server used to connect to the database.

   4. For Database User Name, enter the name of the database run-time user.

   5. For Password, enter the password of the database run-time user, then click Next.

6. On the Test Database Connection page, leave all the settings already filled, except enter SDAPPS for Test Table Name.

7. Click Test Configuration. If the test fails, go back and check your settings. If the test succeeds, click Next.

8. Select the server where you want the data source to be made available (for example, RTD_Server). You must perform this step before completing the data source configuration.

9. Click Finish, then click Activate Changes.

5.8 Creating Oracle RTD Roles and Users

Note:

For general information about roles and permissions in Oracle RTD, see Chapter 7, "Configuring Security for Oracle Real-Time Decisions."

In WebLogic, Oracle RTD roles are defined in terms of user groups. A user is in a role if the user is in any of the groups referenced by the role. So the process is to create the groups, then create the roles that reference the groups. Users may be assigned to or removed from the groups at any time to add them or remove them from the referencing roles.

The following topics describe the stages of the process of creating Oracle RTD roles for WebLogic:

• Section 5.8.1, "Creating User Groups for Standard Roles"

• Section 5.8.2, "Creating User Groups for Custom Roles"

• Section 5.8.3, "Specifying Subgroups"

• Section 5.8.4, "Creating Roles"

• Section 5.8.5, "Creating the Oracle RTD Administrator and Other Users"

• Section 5.8.6, "No Deployment Descriptor Update Required"

5.8.1 Creating User Groups for Standard Roles

To create user groups for standard roles, perform the following steps:

1. Open the WebLogic Administration Console.

2. In the tree on the left, select Security Realms.

3. In the window on the right, select the security realm to use. The default realm is myrealm.

4. Select the Users and Groups tab.

5. Select the Groups sub-tab.

6. Create each of these groups, or names of your own choosing:

   • RTDUserGroup

   • RTDAdminGroup

   • RTDBatchAdminGroup

   • RTDChoiceEditorGroup

   • RTDDCEditorGroup

   • RTDDCUserGroup

   • RTDStudioDeployerGroup

   • RTDStudioDownloaderGroup

5.8.2 Creating User Groups for Custom Roles

Create enterprise-specific groups, if Inline Service developement and access is to be controlled for separate Inline Services.

For example:

• ILS2DevGroup - Developers for Inline Service ILS2

• ILS2UserGroup - Business users for Inline Service ILS2

5.8.3 Specifying Subgroups

Select each of the Oracle RTD groups in turn, except for RTDUserGroup, and make each of them a member of the group RTDUserGroup. This will allow any user to be automatically added to the RTDUserGroup when they are added to one of the other Oracle RTD groups.

The individual steps for each group are as follows:

1. Select the group.

2. Select its Membership tab.

3. Select RTDUserGroup in the Available column and move it to the Chosen column.

4. Click Save.

5.8.4 Creating Roles

Create standard Oracle RTD roles and any custom roles needed by the enterprise. Standard roles are the ones to which Oracle RTD automatically assigns realm permissions. Custom roles require cluster permission assignments through JMX.

The following table shows the standard roles and some custom roles, as well as the groups to associate with the roles, to illustrate the steps described in this section.

Table 5-1 Role and Group Associations

Role	Group	Standard or Custom
RTDUsers	RTDUserGroup	Standard
RTDAdministrators	RTDAdminGroup	Standard
RTDDecisionCenterEditors	RTDDCEditorGroup	Standard
RTDDecisionCenterUsers	RTDDCUserGroup	Standard
RTDStudioDeployers	RTDStudioDeployerGroup	Standard
RTDStudioDownloaders	RTDStudioDownloaderGroup	Standard
RTDBatchAdministrators	RTDBatchAdminGroup	Standard
RTDChoiceEditors	RTDChoiceEditorGroup	Standard
ILS2Developers	ILS2DevGroup	Custom - an example
ILS2Users	ILS2UserGroup	Custom - an example

Perform the following steps:

1. Select the Roles and Policies tab of the security realm.

2. Expand the Global Roles item in the Name column of the Roles.

3. Select Roles.

   The following steps enable you to create the roles and to reference the corresponding group, as shown in the preceding table.

4. For each role, perform the following steps:

   1. Click New to create a new global role.

   2. Enter the role name, as in Table 5-1.

   3. Click OK.

   4. Open the new role by clicking on its name in the global roles list.

   5. Click Add Conditions.

   6. Make sure that the Predicate List drop-down shows Group.

   7. Click Next.

   8. Enter the group name in the GroupArgument Name field, as in Table 5-1.

   9. Click Add.

   10. Click Finish.

   11. Click Save.

   12. Go back to the Global Roles list by clicking Global Roles in the list of bread-crumbs at the top of the screen.

5.8.5 Creating the Oracle RTD Administrator and Other Users

To create an Oracle RTD Administrator, perform the following steps:

1. Go to the myrealm page, and select the Users and Groups tab.

2. Select the Users sub-tab.

3. Create an Oracle RTD administrator.

4. Click the New button.

5. Enter the user's name and password.

6. Click OK.

7. Click the user name, to edit the user properties.

8. Select the Groups tab.

9. Select the RTDAdminGroup in the left list, Available, and click the right arrow to move it to the right list, Chosen.

10. Click Save.

11. Return to the Users and Groups tab by selecting Users and Groups in the list of bread-crumbs at the top of the screen.

To create more users and put them into appropriate groups referenced by the roles, perform steps 4 through 11 of the preceding list of steps for each user.

5.8.6 No Deployment Descriptor Update Required

WebLogic does not require the updating of Oracle RTD's deployment descriptors to reference any custom roles.

5.9 Deploying Oracle RTD to the Managed Server

To deploy Oracle RTD to the managed server, perform the following steps:

1. Logon to the Administration Console:

   http://weblogic_host:port/console

2. In the tree to the left under Domain Structure, navigate to Deployments > Install.

3. In the Install Application Assistant page, set the Path of the deployment to the location of deployment to the expanded folder that you set up in either Section 2.1.1, "Installing Oracle RTD on a Single Windows Computer" or Section 2.1.2, "Installing Real-Time Decision Server on UNIX."

   For example, RTD_HOME\package\expanded.

4. Set Install this deployment as an application.

5. Set the Name as OracleRTD.

6. In the Security area, select Custom Roles.

   Note:

   Use roles that are defined in the Administration Console; use policies that are defined in the deployment descriptor.

7. In the Source accessibility area, select Copy this application onto every target for me under Recommended selection.

8. Select the managed server that you created in Section 5.3, "Creating a Managed Server" as the target on which to deploy.

   After deployment, Oracle RTD is started automatically.

   The Oracle RTD log file can be found at RTD_RUNTIME_HOME/log/server.log, for example, MW_HOME/user_projects/domains/domain_name/servers/server_name/stage/OracleRTD/log/server.log.

5.10 Assigning Permissions to Custom Roles

As described in Section 7.4, "Assigning Permissions," assign Cluster permissions, Inline Service permissions, and Decision Center Perspective permissions to any custom roles.

5.11 Starting Oracle Real-Time Decisions

Restart Oracle RTD by stopping and then restarting the WebLogic server or cluster that Oracle RTD is deployed into.

5.12 Uninstalling the Oracle Real-Time Decisions Application from WebLogic

You can use the WebLogic Server Administration Console to uninstall Oracle RTD from WebLogic. Before you begin, ensure that WebLogic is started.

To uninstall Oracle RTD from WebLogic:

1. Access the WebLogic Server Administration Console for your Oracle RTD domain at the URL http://weblogic_host:port/console. At the login prompt, enter the administrator user name and password. On Windows, you can also access the WebLogic Server Administration Console through Start > Programs > Oracle WebLogic > User Projects > domain_name > Admin Server Console.

2. In the tree on the left, click Deployments.

3. Select OracleRTD and click Stop > Force Stop Now.

4. Select OracleRTD and click Delete.

These steps uninstall Oracle RTD from WebLogic, but they do not remove the Oracle RTD files from the operating system.

To be able to redeploy Oracle RTD, you must delete the Oracle RTD files manually, with the managed server shut down. Delete the apps folder under the directory into which you expanded the file RTD.ear when you installed Oracle RTD. For more information about this directory, see Step 2 of Section 2.1.1, "Installing Oracle RTD on a Single Windows Computer" or Step 2 of Section 2.1.2, "Installing Real-Time Decision Server on UNIX."

5.13 Configuring SSL for Real-Time Decision Server (Recommended)

Follow the steps in this section to set up SSL for all client connections to Real-Time Decision Server. Before you begin, ensure that you followed the instructions in Section 2.6 to change the default Oracle RTD keystore and truststore passwords. Also, ensure that WebLogic is started.

Note:

If you want to use your own keystore and truststore, you do not need to complete the instructions in Section 2.6.

To configure SSL for Real-Time Decision Server:

1. Access the WebLogic Server Administration Console for your Oracle RTD domain at the URL https://weblogic_host:port/console. At the login prompt, enter the administrator user name and password. On Windows, you can also access the WebLogic Server Administration Console through Start > Programs > Oracle WebLogic > User Projects > domain_name > Admin Server Console.

2. In the tree on the left, expand Environment and choose Servers.

3. Click the name of the RTD Managed Server (for example, RTD_Server).

4. In the General tab, select SSL Listen Port Enabled, then enter 8443 for SSL Listen Port.

5. Click the Keystores tab, then provide the following values:

   1. For Keystores, select Custom Identity and Custom Trust.

   2. For Custom Identity Keystore, enter RTD_HOME/etc/ssl/sdserver.keystore. Alternatively, if you do not want to use the default Oracle RTD keystore, enter the path to your own keystore.

   3. For Custom Identity Keystore Type, enter JKS.

   4. For Custom Identity Keystore Passphrase and Confirm Custom Identity Keystore Passphrase, enter the password for your keystore. If you are using the default Oracle RTD keystore, enter the password you created in Section 2.6.

   5. For Custom Trust Keystore, enter RTD_HOME/etc/ssl/sdtrust.store. Alternatively, if you do not want to use the default Oracle RTD truststore, enter the path to your own truststore.

   6. For Custom Trust Keystore Type, enter JKS.

   7. For Custom Trust Keystore Passphrase and Confirm Custom Trust Keystore Passphrase, enter the password for your truststore. If you are using the default Oracle RTD truststore, enter the password you created in Section 2.6.

6. Click the SSL tab, then provide the following values:

   1. For Identity and Trust Locations, select Keystores.

   2. For Private Key Alias, enter tc-ssl.

      For Private Key Passphrase and Confirm Private Key Passphrase, enter the password for your keystore. If you are using the default Oracle RTD keystore, enter the password you created in Section 2.6.

7. Click Save.

8. Restart the RTD Managed Server.

   Note:

   For a truly secure environment, you should also disable the regular HTTP port to ensure that all client connections are routed through the SSL port. To do this, perform the following step:

   1. Disable the HTTP port for your Web server using application server tools. Refer to the WebLogic documentation for more information.

9. If you are using your own keystore and truststore, perform the following additional steps to enable SSL for Decision Center and Load Generator. You do not need to perform these steps if you are using the default Oracle RTD keystore and truststore.

   1. Open RTD_HOME\eclipse\eclipse.ini for editing.

   2. Locate the following line:

      -Djava.net.ssl.trustStore="..\etc\ssl\sdtrust.store"
      

   3. Replace ..\etc\ssl\sdtruststore with the full path to your truststore file.

   4. Save and close the file.

   5. Open RTD_HOME\scripts\sdexec.cmd for editing.

   6. Locate the line beginning with %SD_START%, near the bottom of the file. Near the end of the line, locate the following string:

      -Djavax.net.ssl.trustStore="%SD_ROOT%\etc\ssl\sdtrust.store"
      

   7. Replace %SD_ROOT%\etc\ssl\sdtruststore with the full path to your truststore file.

   8. Save and close the file.

5.13.1 Testing the SSL Configuration

To verify that the SSL port is functioning properly, go to Decision Center at the URL https://server_name:ssl_port/ui. If the SSL port is functioning property, your browser will display the "Welcome to Decision Center" login screen.

You may get a message from your Web browser, similar to “Do you want to accept this certificate?” This message is generated because the browser does not know about the self-signed certificate that was shipped with the default Oracle RTD keystore. This self-signed certificate is suitable for development and test environments, but it is not recommended for production environments.

For production environments, Oracle recommends the self-signed certificate be replaced with a certificate from a trusted certificate authority (CA), like Verisign/Thawte, by submitting to the CA a certificate request generated by Sun's keytool utility. For instructions on generating a certificate request, and for importing the certificate from the CA into the keystore, go to the following URL:

http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html

5.14 Setting Up JConsole Security for WebLogic

Perform the following steps to set up security for the JConsole management tool.

1. Navigate the path:

   Environment > Servers > managed_server_name > Configuration > Start Server tab.

2. For the Arguments field, add the following, all on one line:

   -Dcom.sun.management.jmxremote.authenticate=true 
   

3. Save.

4. Go to MW_HOME/jdkversion/jre/lib/management. Then, create a copy of the jmxremote.password.template file and rename it to jmxremote.password.

   Note:

   If WebLogic is running on HP-UX or an AIX-based system, go to JDK_HOME/jre/lib/management instead, where JDK_HOME is the installation directory of the JDK being used by the WebLogic application server. See Section 1.3.4 for information about which JDK to use for WebLogic on those platforms.

5. Open the jmxremote.password file for editing. At the end of the file, remove the pound character (#) in front of the following two lines:

   monitorRole QED
   controlRole R&D
   

   Each line lists a set of credentials, or in other words, a user name followed by the corresponding password. Optionally, you can add new user names and passwords on separate lines. If you decide to keep the default user names monitorRole and controlRole, change the default passwords to new ones of your choice.

   By default, the user name monitorRole allows JConsole MBean read-only permissions, while the user name controlRole allows for full JMX MBean control. The following step explains how to change these default permissions.

6. To set permissions for each set of credentials, open the jmxremote.access file, located in the same directory, for editing. Then, use the keywords readonly and readwrite to specify the access level for each set of credentials. For example:

   monitorRole readonly
   controlRole readwrite
   

   Make sure to add permissions for any new credentials you added to the jmxremote.password file.

7. Because the jmxremote.password file contains passwords in clear text, you need to restrict access to this file to the file owner by changing the file access permissions, as follows:

   • On Windows: Follow the instructions at:

     http://java.sun.com/j2se/1.5.0/docs/guide/management/security-windows.html
     

   • On UNIX: Run the command chmod 600 jmxremote.password

   For more information on JConsole security, go to:

   http://java.sun.com/j2se/1.5.0/docs/guide/management/agent.html#PasswordAccess
   

   Important:

   You must change the file access permissions for the jmxremote.password file. Do not skip this step.

8. Restart the managed server.

You can now run JConsole and log in, using the user name and password combination defined in the jmxremote.password file. See Section 15.1, "Accessing JConsole" for more information.

5.15 Changing the Oracle Real-Time Decisions Port Number in WebLogic

To change the Oracle RTD application port number in WebLogic, perform the following steps:

1. Access the WebLogic Server Administration Console for your Oracle RTD domain at the URL http://weblogic_host:port/console. At the login prompt, enter the administrator user name and password. On Windows, you can also access the WebLogic Server Administration Console through Start > Programs > Oracle WebLogic > User Projects > domain_name > Admin Server Console.

2. In the tree on the left, expand Environment and choose Servers.

3. Click the name of the managed server where Oracle RTD is running, for example, RTD_Server.

4. Click the Configuration tab, then the General subtab.

5. For Listen Port, enter the new port number you want to use for Oracle RTD.

6. Select Listen Port Enabled.

7. Click Save.

8. Restart the managed server on which Oracle RTD is running.