Oracle® Role Manager Installation Guide Release 10g (10.1.4.2) Part Number E14608-04 |
|
|
View PDF |
This chapter includes the following sections:
This procedure assumes that JBoss is installed on the application server host for Role Manager.
You must configure JBoss server in SSL mode to operate in a secure environment. For information about configuring SSL for JBoss server, refer to the following URL:
http://docs.jboss.org/jbossas/guides/webguide/r2/en/html_single/#ch9.https.sec
To configure JBoss for Role Manager
Copy the orm-ds.xml
and orm-service.xml
files from:
ORM_HOME/samples/jboss/4.2.3
to the JBoss server where you want to deploy Role Manager. For example:
JBOSS_HOME/server/default/deploy
Set the session ID to false in the following path:
JBOSS_HOME/server/default/deploy/jboss-web.deployer/server.xml file
setting emptySessionPath="false" for the HTTP/1.1 Connector
For example:
<Connector port="8080" address="${jboss.bind.address}" maxThreads="250" maxHttpHeaderSize="8192" emptySessionPath="true" protocol="HTTP/1.1" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" />
Set the JTA transaction timeout parameter by performing the following steps:
Open the jboss-service.xml
file from the following path:
JBOSS_HOME/server/default/conf/jboss-service.xml file
Locate the configuration for mbean with the name, "mbean code="com.arjuna.ats.jbossatx.jta.TransactionManagerService".
Change the TransactionTimeout
attribute value to 1200:
<attribute name="TransactionTimeout">1200</attribute>
Note:
For more information about the JBoss Application Server, refer to the following link:http://www.jboss.org/docs/
Encrypt the password of the Role Manager application user defined in Section 6.3.
Note:
This step 4 is optional. Perform this step for development or non-production environments, where password encryption is not needed.Edit the orm-ds.xml
file as follows:
Change the two occurrences of connection-url
to match your database environment:
<connection-url>jdbc:oracle:thin:@//SERVER_NAME:PORT/SERVICE_NAME</connection-url>
Change the two occurrences of user-name
and password
to match the credentials of the Role Manager application user and password:
<user-name>USER_NAME</user-name> <password>PASSWORD</password>
Copy the server.ear file from ORM_HOME/lib to the JBoss directory used above.
Copy the webui.war file from ORM_HOME/webui/jboss/4.2.3 to the JBoss directory used above.
If JBoss is not already running, start the JBoss server using the following command:
For UNIX:
JBOSS_HOME/bin/run.sh
For Windows:
JBOSS_HOME\bin\run.bat
To test the server installation, ensure that you can get to the Role Manager administrative console from a Web browser. For example:
http://localhost:8080/ormconsole
To test the Role Manager Web application installation:
In a Web browser, navigate to the Role Manager Web UI. For example:
http://localhost:8080/webui
Log in as the Role Manager Administrator created in Section 3.3, "Installing Role Manager."
You should see the Home page of the Role Manager Web application.
Note:
Data must be loaded into the system to expose all the functionality of the application. Refer to Section 7.2, "Loading Sample Data," for instructions.This section includes the following topics:
Caution:
Deploying an application in a clustered installation is a complex procedure. This document assumes that you have expertise in installing and using applications in a JBoss Application Server cluster. These instructions provide the Oracle Role Manager-specific details only. They are not complete instructions for setting up a JBoss Application Server cluster. For more information about clustering, see JBoss Application Server documentation.Follow the installation steps for Oracle Role Manager in Section 3.3, "Installing Role Manager," or Section 3.4, "Performing a Silent Installation Using a Response File" to install Oracle Role Manager.
To configure JBoss server on the first node:
Copy the orm-service.xml
file from ORM_HOME/samples/jboss/4.2.3 to JBOSS_HOME/server/all/deploy-hasingleton/jms.
Copy the orm-ds.xml
file from ORM_HOME/samples/jboss/4.2.3 to JBOSS_HOME/server/all/farm.
Edit the orm-ds.xml
file as follows:
Change the two occurrences of connection-url to match your database environment:
<connection-url>jdbc:oracle:thin:@//SERVER_NAME:PORT/SERVICE_NAME</connection-url>
Change the two occurrences of user name and password to match the credentials of the Role Manager application user with the newly encrypted password:
<user-name>USER_NAME</user-name>
<password>PASSWORD</password>
Copy the server.ear
file from ORM_HOME/lib to JBOSS_HOME/server/all/farm.
Copy the webui.war
file from ORM_HOME/webui/jboss/4.2.3 to JBOSS_HOME/server/all/farm.
Configure Cluster Name to DefaultPartition on jboss-service.xml
of JBOSS_HOME/server/all/deploy/jboss-web-cluster.sar/META-INF.
To set up the network for cluster:
Use IPv4 to ensure that you specify -Djava.net.preferIPv4Stack=true, otherwise JGroups might not start up.
Explicitly specify the network interface. On servers with multiple NICs, ensure that you select a specific NIC, otherwise JGroups may not be able to select a unique address for each node in the cluster.
Check firewalls to ensure firewalls and switches allow multi-cast IP on the server LAN.
Check for proper broadcast address to ensure the broadcast address is set properly on the NICs. Broadcast addresses are generally, x.y.z.255 where x.y.z is the subnet address.
All NICs used for the JBoss cluster should have the same broadcast address.
Note:
You must ensure that the name and path of the JAVA_HOME directory used by Oracle Role Manager is same across all nodes of the cluster. For each additional node in your JBoss Application Server cluster, copy the JBoss and Oracle Role Manager installation directories from the first node to all other nodes, ensuring to maintain the original directory structure and hierarchy throughout this process.JBoss can be configured to use TCP or UDP based clustering. By default, JBoss is configured for UDP. For more information about UDP based clustering, refer to the JBoss Clustering guide available at: http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/
TCP uses unicast messages to communicate with other nodes whereas UDP uses multicast messages over the network. If there are more than 2 nodes in the cluster then TCP would cause increased network traffic. If your internal network policy does not allow UDP, then TCP is needed. If you are on Windows, change UDP element's attribute loopback
to true
.
For using TCP based clustering to automatically detect a node in a multi-homed JBoss setup, modify the configuration file, cluster-service.xml
located in JBOSS_HOME/server/all/deploy as follows:
Comment out the following UDP section to use a multicast group for the cluster communication:
<!-- <Config> <UDP mcast_addr="${jboss.partition.udpGroup:228.1.2.3}" mcast_port="45566" ip_ttl="${jgroups.mcast.ip_ttl:8}" ip_mcast="true" mcast_recv_buf_size="2000000" mcast_send_buf_size="640000" ucast_recv_buf_size="2000000" ucast_send_buf_size="640000" loopback="true"/> <PING timeout="2000" num_initial_members="3" up_thread="true" down_thread="true"/> <MERGE2 min_interval="10000" max_interval="20000"/> <FD_SOCK down_thread="false" up_thread="false"/> <FD shun="true" up_thread="true" down_thread="true" timeout="10000" max_tries="5"/> <VERIFY_SUSPECT timeout="3000" num_msgs="3" up_thread="true" down_thread="true"/> <pbcast.NAKACK gc_lag="50" retransmit_timeout="300,600,1200,2400,4800" max_xmit_size="8192" up_thread="true" down_thread="true"/> <UNICAST timeout="300,600,1200,2400,4800" window_size="100" min_threshold="10" down_thread="true"/> <pbcast.STABLE desired_avg_gossip="20000" max_bytes="400000" up_thread="true" down_thread="true"/> <FRAG frag_size="8192" down_thread="true" up_thread="true"/> <pbcast.GMS join_timeout="5000" join_retry_timeout="2000" shun="true" print_local_addr="true"/> <pbcast.STATE_TRANSFER up_thread="true" down_thread="true"/> </Config> -->
Uncomment the following section to use a TCP stack:
<Config> <TCP bind_addr="THISHOST" start_port="7800" loopback="true" recv_buf_size="2000000" send_buf_size="640000" tcp_nodelay="true" up_thread="false" down_thread="false"/> <TCPPING initial_hosts="THISHOST[7800],OTHERHOST[7800]" port_range="3" timeout="3500" num_initial_members="3" up_thread="false" down_thread="false"/> <MERGE2 min_interval="5000" max_interval="10000" up_thread="false" down_thread="false"/> <FD_SOCK down_thread="false" up_thread="false"/> <FD shun="true" up_thread="false" down_thread="false" timeout="10000" max_tries="5"/> <VERIFY_SUSPECT timeout="1500" down_thread="false" up_thread="false" /> <pbcast.NAKACK up_thread="false" down_thread="false" gc_lag="100" retransmit_timeout="300,600,1200,2400,4800"/> <pbcast.STABLE desired_avg_gossip="20000" max_bytes="400000" down_thread="false" up_thread="false" /> <pbcast.GMS join_timeout="5000" join_retry_timeout="2000" shun="true" print_local_addr="true" up_thread="false" down_thread="false"/> <FC max_credits="2000000" down_thread="false" up_thread="false" min_threshold="0.10"/> <FRAG2 frag_size="60000" down_thread="false" up_thread="true"/> <pbcast.STATE_TRANSFER up_thread="false" down_thread="false"/> </Config>
Replace THISHOST
and OTHERHOST
with the IP addresses of the hosts in the cluster.
Add additional OTHERNODE
entries as needed to support additional cluster members.
If you are using TCP, then change the 3 multi cast ports from 7800 to 45777 (this port change avoids warnings about discarded message from another partition, because the Tomcat-DefaultPartition now uses another set of ports).
When you copy cluster-service.xml
to JBOSS_HOME/server/all/deploy on other cluster nodes, remember to modify THISHOST
with the IP address of the node.
To set up JMS on JBoss:
Copy the ORM_HOME/lib/ojdbc14.jar file to JBOSS_HOME/server/all/lib.
Update the JBoss Persistence Manager service by performing the following steps.
Copy JBOSS_HOME/docs/examples/jms/oracle-jdbc2-service.xml
to JBOSS_HOME/server/all/deploy-hasingleton/jms.
Modify the oracle-jdbc2-service.xml
file to provide DefaultDS
as the value for PersistenceManager:
<depends optional-attribute-name="ConnectionManager">jboss.jca:service=DataSourceBinding,name=DefaultDS</depends>
Delete the deploy-hasingleton/jms/hsqldb-jdbc2-service.xml
file
Delete the JBOSS_HOME/server/all/farm/hsqldb-ds.xml file
.
Deploy the data source descriptor for your database by renaming JBOSS_HOME/server/all/deploy-hasingleton/jms/hsqldb-jdbc-state-service.xml
to oracle-jdbc-state-service.xml
and provide DefaultDS
as the value for Connection Manager:
<depends optional-attribute-name="ConnectionManager">jboss.jca:service=DataSourceBinding,name=DefaultDS</depends>
Navigate to JBOSS_HOME/server/all/deploy/jms, open hajndi-jms-ds.xml
and change the bind address to IP or DNS hostname of the machine.
For Example:
java.naming.provider.url=${jboss.bind.address:192.168.1.25}:1100
Navigate to JBOSS_HOME/server/all/farm, open orm-ds.xml
and include the following block and change the url, username, password at two places:
<no-tx-datasource> <jndi-name>DefaultDS</jndi-name> <!-- Oracle version: replace SERVER_NAME and SERVICE_NAME --> <driver-class>oracle.jdbc.OracleDriver</driver-class> <connection-url>jdbc:oracle:thin:@// SERVER_NAME:port_no/service_name</connection-url> <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name> <!-- Authentication: replace USER_NAME and PASSWORD --> <user-name>username</user-name> <password>password</password> <!-- To set the database authentication in a secure form (i.e. not clear text) refer to the Oracle Role Manager installation guide. --> <check-valid-connection-sql>select 1 from model</check-valid-connection-sql> <!-- The minimum connections in a pool/sub-pool. Pools are lazily constructed on first use --> <min-pool-size>5</min-pool-size> <!-- The maximum connections in a pool/sub-pool --> <max-pool-size>50</max-pool-size> <!-- this will be run before a managed connection is removed from the pool for use by a client--> <check-valid-connection-sql>select count(model_id) from model</check-valid-connection-sql> <metadata> <type-mapping>Oracle9i</type-mapping> </metadata> </no-tx-datasource> <local-tx-datasource> <jndi-name>DefaultXADS</jndi-name> <!-- Oracle version: replace SERVER_NAME and SERVICE_NAME --> <driver-class>oracle.jdbc.OracleDriver</driver-class> <connection-url>jdbc:oracle:thin:// SERVER_NAME:port_no/service_name</connection-url> <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name> <!-- Authentication: replace USER_NAME and PASSWORD --> <user-name>username</user-name> <password>password</password> <!-- To set the database authentication in a secure form (i.e. not clear text) refer to the Oracle Role Manager installation guide. --> <check-valid-connection-sql>select 1 from model</check-valid-connection-sql> <!-- The minimum connections in a pool/sub-pool. Pools are lazily constructed on first use --> <min-pool-size>5</min-pool-size> <!-- The maximum connections in a pool/sub-pool --> <max-pool-size>50</max-pool-size> <!-- this will be run before a managed connection is removed from the pool for use by a client--> <check-valid-connection-sql>select count(model_id) from model</check-valid-connection-sql> <metadata> <type-mapping>Oracle9i</type-mapping> </metadata> </local-tx-datasource>
The server.ear
file, supplied in the lib directory in the Oracle Role Manager installation directory needs the additional files and modifications to configuration files in order to work properly in a clustered server environment.
To modify server.ear:
Using a utility such as WinZip or jar, extract the contents of server.ear
(located ORM_HOME/lib) into temporary directory.
Within the extracted server.ear directory, you should see two additional application archives, server.jar
and ormconsole.war
.
Extract the contents of server.jar
and ormconsole.war
into two different temporary directories.
Modify the contents of server.jar
as follows:
Navigate to the root directory of the expanded server.jar
in the temporary location.
You should see two directories, META-INF
and oracle
.
In this root directory, create a file named jndi.properties
file with the following contents:
java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces java.naming.provider.url=jnp://orm_node1_ip_address:1100,orm_node2_ip_address:1100/
Note:
If JBoss is getting bound to the DNS name, use the DNS name of the node instead of the IP address.In the META-INF directory open the ejb-jar.xml
file with a text editor and remove the following four bean and transaction elements for BtFinisherEJB and BtFinisherMessageEJB:
<entity id="Entity_1183672362011"> ... <display-name>Finalization Server Bean</display-name> <ejb-name>BtFinisherEJB</ejb-name> ... </entity> <message-driven id="MessageDriven_1183672362010"> <description>Message bean for handling incoming business transaction finalizations</description> <display-name>Finalization Server Message Bean</display-name> <ejb-name>BtFinisherMessageEJB</ejb-name> ... </message-driven> <method> <ejb-name>BtFinisherEJB</ejb-name> <method-name>*</method-name> </method> <method> <ejb-name>BtFinisherMessageEJB</ejb-name> <method-name>*</method-name> </method>
In the same location, open the jboss.xml
file with a text editor and remove the following entries for BtFinisherEJB and BtFinisherMessageEJB:
<entity> <ejb-name>BtFinisherEJB</ejb-name> <jndi-name>ejb/BtFinisher</jndi-name> </entity> <message-driven> <ejb-name>BtFinisherMessageEJB</ejb-name> <destination-jndi-name>queue/orm/BtFinisherQueue</destination-jndi-name> <configuration-name>Singleton MDB</configuration-name> </message-driven>
Repackage the contents of server.jar
.
The directory layout in server.jar
should include the added file as follows:
jndi.properties META-INF/ oracle/
Modify the contents of ormconsole.war
as follows:
Navigate to the WEB-INF
directory of the expanded ormconsole.war
in the temporary location.
In the WEB-INF directory, create a file named jboss-web.xml
with the following content:
<?xml version='1.0' encoding='UTF-8' ?> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd"> <jboss-web> <replication-config> <replication-trigger>SET_AND_NON_PRIMITIVE_GET</replication-trigger> <replication-granularity>SESSION</replication-granularity> <replication-field-batch-mode>true</replication-field-batch-mode> </replication-config> </jboss-web>
Create a subdirectory in the WEB-INF directory named classes
.
Copy the jndi.properties
file created in Step 3b into the newly created classes
directory.
Repackage the contents of ormconsole.war
.
The directory layout in ormconsole.war
should include the added files as follows:
login/ META-INF/ styles/ WEB-INF/ jboss-web.xml weblogic.wml web.xml ibm-web-bnd.xmi classes/ jndi.properties
Repackage the contents of server.ear
, ensuring to include the both updated server.jar
and ormconsole.war
files.
The directory layout in server.ear
should be as follows:
META-INF/ thirdparty/ ormconsole.war server.jar
Copy server.ear
to JBOSS_HOME/server/all/farm on all cluster nodes.
The finalization-server.ear
file, must be created, configured ,and deployed as an additional archive in order to work properly in a clustered server environment.
To create finalization-server.ear:
Make a copy of the repackaged server.ear file and name it finalization-server.ear
.
Using a utility such as WinZip or jar, extract the contents of finalization-server.ear
into temporary directory.
Within the extracted finalization-server.ear directory, you should see the server.jar
file.
Navigate to the root directory of the expanded finalization-server.jar
in the temporary location.
You should see two directories, META-INF
and oracle
.
In the META-INF directory open the ejb-jar.xml
file with a text editor and edit the file to contain only the content as follows:
<?xml version="1.0" encoding="UTF-8"?> <ejb-jar version="2.1" id="EJBJar_1183672362010" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd"> <enterprise-beans> <session id="Session_1183672362010"> <description>The single source for the SubsystemRegistry for use by other beans</description> <display-name>Singleton Bean</display-name> <ejb-name>SingletonEJB</ejb-name> <local-home>oracle.iam.rm.server_api.ejb.SingletonLocalHome</local-home> <local>oracle.iam.rm.server_api.ejb.SingletonLocal</local> <ejb-class>oracle.iam.rm.server_api.ejb.SingletonBean</ejb-class> <session-type>Stateless</session-type> <transaction-type>Container</transaction-type> <resource-ref id="ResourceRef_118367236209"> <res-ref-name>jdbc/server</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> <res-sharing-scope>Shareable</res-sharing-scope> </resource-ref> <resource-ref id="ResourceRef_1183672362010"> <res-ref-name>jdbc/serverxa</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> <res-sharing-scope>Shareable</res-sharing-scope> </resource-ref> <resource-ref id="ResourceRef_1183672362012"> <res-ref-name>jms/topicConFac</res-ref-name> <res-type>javax.jms.TopicConnectionFactory</res-type> <res-auth>Container</res-auth> <res-sharing-scope>Shareable</res-sharing-scope> </resource-ref> <resource-ref id="ResourceRef_1183672362013"> <res-ref-name>jms/queueConnectionFactory</res-ref-name> <res-type>javax.jms.QueueConnectionFactory</res-type> <res-auth>Container</res-auth> <res-sharing-scope>Shareable</res-sharing-scope> </resource-ref> <resource-ref id="ResourceRef_1183672362014"> <res-ref-name>ejb/BtFinisherConnectionFactory</res-ref-name> <res-type>javax.jms.QueueConnectionFactory</res-type> <res-auth>Container</res-auth> <res-sharing-scope>Shareable</res-sharing-scope> </resource-ref> <resource-ref id="ResourceRef_1183672362015"> <res-ref-name>ejb/BtFinisherQueue</res-ref-name> <res-type>javax.jms.Queue</res-type> <res-auth>Container</res-auth> <res-sharing-scope>Shareable</res-sharing-scope> </resource-ref> <resource-env-ref id="ResourceEnvRef_1183672362010"> <resource-env-ref-name>jms/loaderQueue</resource-env-ref-name> <resource-env-ref-type>javax.jms.Queue</resource-env-ref-type> </resource-env-ref> <resource-env-ref id="ResourceEnvRef_1183672362011"> <resource-env-ref-name>jms/notification</resource-env-ref-name> <resource-env-ref-type>javax.jms.Topic</resource-env-ref-type> </resource-env-ref> <security-identity> <description>The role to use for managing finalization server message delivery.</description> <run-as> <role-name>ORMServer</role-name> </run-as> </security-identity> </session> <entity id="Entity_1183672362011"> <description>An Entity Bean that is used to manage the "single commit server" model. Only one should ever exist at one time in a cluster.</description> <display-name>Finalization Server Bean</display-name> <ejb-name>BtFinisherEJB</ejb-name> <local-home>oracle.iam.rm.temporal.impl.ejb.BtFinisherHome</local-home> <local>oracle.iam.rm.temporal.impl.ejb.BtFinisher</local> <ejb-class>oracle.iam.rm.temporal.impl.ejb.BtFinisherBean</ejb-class> <persistence-type>Bean</persistence-type> <prim-key-class>java.lang.String</prim-key-class> <reentrant>false</reentrant> <ejb-local-ref id="EJBLocalRef_1183672362014"> <ejb-ref-name>ejb/singleton</ejb-ref-name> <ejb-ref-type>Session</ejb-ref-type> <local-home>oracle.iam.rm.server_api.ejb.SingletonLocalHome</local-home> <local>oracle.iam.rm.server_api.ejb.SingletonLocal</local> <ejb-link>SingletonEJB</ejb-link> </ejb-local-ref> </entity> <message-driven id="MessageDriven_1183672362010"> <description>Message bean for handling incoming business transaction finalizations</description> <display-name>Finalization Server Message Bean</display-name> <ejb-name>BtFinisherMessageEJB</ejb-name> <ejb-class>oracle.iam.rm.temporal.impl.ejb.BtFinisherMessageBean</ejb-class> <transaction-type>Container</transaction-type> <message-destination-type>javax.jms.Queue</message-destination-type> <ejb-local-ref id="EjbLocalRef_1183672362012"> <ejb-ref-name>ejb/BtFinisher</ejb-ref-name> <ejb-ref-type>Entity</ejb-ref-type> <local-home>oracle.iam.rm.temporal.impl.ejb.BtFinisherHome</local-home> <local>oracle.iam.rm.temporal.impl.ejb.BtFinisher</local> <ejb-link>BtFinisherEJB</ejb-link> </ejb-local-ref> <ejb-local-ref id="EJBLocalRef_1183672362015"> <ejb-ref-name>ejb/singleton</ejb-ref-name> <ejb-ref-type>Session</ejb-ref-type> <local-home>oracle.iam.rm.server_api.ejb.SingletonLocalHome</local-home> <local>oracle.iam.rm.server_api.ejb.SingletonLocal</local> <ejb-link>SingletonEJB</ejb-link> </ejb-local-ref> </message-driven> <assembly-descriptor> <security-role> <description>The role used for internal server management processes.</description> <role-name>ORMServer</role-name> </security-role> <container-transaction> <method> <ejb-name>SingletonEJB</ejb-name> <method-name>*</method-name> </method> <trans-attribute>NotSupported</trans-attribute> </container-transaction> <container-transaction> <method> <ejb-name>BtFinisherEJB</ejb-name> <method-name>*</method-name> </method> <method> <ejb-name>BtFinisherMessageEJB</ejb-name> <method-name>*</method-name> </method> <trans-attribute>Required</trans-attribute> </container-transaction> </assembly-descriptor> </enterprise-beans> </ejb-jar>
In the same location, open the jboss.xml
file with a text editor and edit the file to contain only the content as follows:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 4.0//EN" "http://www.jboss.org/j2ee/dtd/jboss_4_0.dtd"> <jboss> <enterprise-beans> <session> <ejb-name>SingletonEJB</ejb-name> <configuration-name>Singleton Stateless Session Bean</configuration-name> <resource-ref> <res-ref-name>jdbc/server</res-ref-name> <jndi-name>java:/ORMServerDS</jndi-name> </resource-ref> <resource-ref> <res-ref-name>jdbc/serverxa</res-ref-name> <jndi-name>java:/ORMServerXADS</jndi-name> </resource-ref> <resource-ref> <res-ref-name>jms/topicConFac</res-ref-name> <jndi-name>java:/JmsXA</jndi-name> </resource-ref> <resource-ref> <res-ref-name>jms/queueConnectionFactory</res-ref-name> <jndi-name>java:/JmsXA</jndi-name> </resource-ref> <resource-ref> <res-ref-name>ejb/BtFinisherConnectionFactory</res-ref-name> <jndi-name>java:/JmsXA</jndi-name> </resource-ref> <resource-ref> <res-ref-name>ejb/BtFinisherQueue</res-ref-name> <jndi-name>queue/orm/BtFinisherQueue</jndi-name> </resource-ref> <resource-env-ref> <resource-env-ref-name>jms/notification</resource-env-ref-name> <jndi-name>topic/orm/NotificationTopic</jndi-name> </resource-env-ref> <resource-env-ref> <resource-env-ref-name>jms/loaderQueue</resource-env-ref-name> <jndi-name>queue/orm/LoaderQueue</jndi-name> </resource-env-ref> <clustered>true</clustered> <cluster-config> <partition-name>ORM_CLUSTER</partition-name> </cluster-config> </session> <entity> <ejb-name>BtFinisherEJB</ejb-name> <jndi-name>ejb/BtFinisher</jndi-name> </entity> <message-driven> <ejb-name>BtFinisherMessageEJB</ejb-name> <destination-jndi-name>queue/orm/BtFinisherQueue</destination-jndi-name> <configuration-name>Singleton Message Driven Bean</configuration-name> </message-driven> </enterprise-beans> <container-configurations> <container-configuration> <container-name>Singleton Stateless Session Bean</container-name> <call-logging>false</call-logging> <invoker-proxy-binding-name>stateless-rmi-invoker</invoker-proxy-binding-name> <container-interceptors> <interceptor>org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor</interceptor> <interceptor>org.jboss.ejb.plugins.LogInterceptor</interceptor> <interceptor>org.jboss.ejb.plugins.SecurityInterceptor</interceptor> <!-- CMT --> <interceptor transaction="Container">org.jboss.ejb.plugins.TxInterceptorCMT</interceptor> <interceptor transaction="Container">org.jboss.ejb.plugins.CallValidationInterceptor</interceptor> <interceptor transaction="Container">org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor</interceptor> <!-- BMT --> <interceptor transaction="Bean">org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor</interceptor> <interceptor transaction="Bean">org.jboss.ejb.plugins.TxInterceptorBMT</interceptor> <interceptor transaction="Bean">org.jboss.ejb.plugins.CallValidationInterceptor</interceptor> <interceptor>org.jboss.resource.connectionmanager.CachedConnectionInterceptor</interceptor> </container-interceptors> <instance-pool>org.jboss.ejb.plugins.StatelessSessionInstancePool</instance-pool> <instance-cache></instance-cache> <persistence-manager></persistence-manager> <container-pool-conf> <MinimumSize>1</MinimumSize> <MaximumSize>1</MaximumSize> </container-pool-conf> </container-configuration> </container-configurations> </jboss>
Repackage the contents of server.jar
.
The directory layout in server.jar
should be as follows:
jndi.properties META-INF/ oracle/
Navigate up one directory and then to finalization-server/META-INF
.
You should see the application.xml file.
Open the application.xml
file with a text editor and edit the file to contain only the content as follows:
<?xml version="1.0" encoding="UTF-8"?> <application version="1.4" id="ORM_Finalization_Server" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/application_1_4.xsd"> <display-name>ORM Finalization Server</display-name> <module id="server"> <ejb>server.jar</ejb> </module> </application>
Repackage the contents of finalization-server.ear
, ensuring to include the both updated server.jar
and configuration files
The directory layout in finalization-server.ear
should be as follows:
META-INF/ thirdparty/ server.jar
Note:
The file ormconsole.war must not be present in the finalization-server.ear file. If it is, remove it and repackage the EAR file.Copy the new finalization-server.ear
file to JBOSS_HOME/server/all/deploy-hasingleton on all cluster nodes.
The webui.war
supplied in the webui/jboss/4.2.3 directory in the Oracle Role Manager installation directory needs the following additional configuration to work properly in a cluster.
To modify webui.war:
Using a utility such as WinZip or jar, extract the contents of webui.war
(located ORM_HOME/webui/jboss/4.2.3) into temporary directory.
Within the extracted webui.war directory, you should see the WEB-INF directory.
In the WEB-INF directory, edit the jboss-web.xml
file to add the replication configuration as shown in bold:
<?xml version='1.0' encoding='UTF-8' ?> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd"> <jboss-web> <ejb-ref> <ejb-ref-name>ejb/server</ejb-ref-name> <jndi-name>ejb/orm/ServerEJB</jndi-name> </ejb-ref> <replication-config> <replication-trigger>SET_AND_NON_PRIMITIVE_GET</replication-trigger> <replication-granularity>SESSION</replication-granularity> <replication-field-batch-mode>true</replication-field-batch-mode> </replication-config> </jboss-web>
Create a subdirectory in the WEB-INF directory named classes
.
In this classes directory, create a file named jndi.properties
file with the following content:
java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces java.naming.provider.url=jnp://orm_node1_ip_address:1100,orm_node2_ip_address:1100/
Note:
If JBoss is getting bound to the DNS name, use the DNS name of the node instead of the IP address.Repackage the web.war
file, ensuring it has the same layout as the previous web.war
file.
Copy web.war
to JBOSS_HOME/server/all/farm on all cluster nodes.
Navigate to the directory JBOSS_HOME\bin, and then run the following command:
On Microsoft Windows:
run –c all –b <bind_address> -Djboss.partition.name=ORM_CLUSTER
On UNIX:
/run.sh –c all –b <bind_address> -Djboss.partition.name=ORM_CLUSTER
Access the Administration console by opening a browser and pointing it to the
following URL and verify that you can successfully create and update IT Roles, Business Roles, or Organizations:
http://IP_address:portNo/webui
Note:
You must ensure that the name and path of the JAVA_HOME directory used by Oracle Role Manager is same across all nodes of the cluster. For each additional node in your JBoss Application Server cluster, copy the JBoss and Oracle Role Manager installation directories from the first node to all other nodes, ensuring to maintain the original directory structure and hierarchy throughout this process.To copy and start additional JBoss Server Nodes:
If using TCP, edit cluster-service.xml
in JBOSS_HOME/server/all/deploy on each cluster node and replace TCPPING initialhost
with the IP address of the node.
Edit the JBOSS_HOME/server/all/deploy/jms/hajndi-jms-ds.xml
file and change the bind address to the IP Address or DNS hostname of the machine. For example:
java.naming.provider.url=${jboss.bind.address:192.168.1.25}:1100
Start JBoss Application Server on each node using the similar command as of the first node.
This section describes how to encrypt the Role Manager database password in JBoss application server deployments. Specifically, you must perform the following steps to manually encrypt a password, and then modify the orm-ds.xml
and login-config.xml files so that they can access the encrypted form of the password instead of the clear text version.
To encrypt the Role Manager database password:
Open a console window and navigate to the JBOSS_HOME directory.
Stop the JBoss server.
Run one of the following commands to encrypt the Role Manager database password. In this command, replace password
with the actual password that you want to encrypt.
For UNIX:
java -cp "$JBOSS_HOME/lib/jboss-jmx.jar:$JBOSS_HOME/lib/jboss-common.jar:$JBOSS_HOME/server/default/lib/jboss-jca.jar:$JBOSS_HOME/server/default/lib/jbosssx.jar" org.jboss.resource.security.SecureIdentityLoginModule password
For Windows:
java -cp "%JBOSS_HOME%/lib/jboss-jmx.jar;%JBOSS_HOME%/lib/jboss-common.jar;%JBOSS_HOME%/server/default/lib/jboss-jca.jar;%JBOSS_HOME%/server/default/lib/jbosssx.jar" org.jboss.resource.security.SecureIdentityLoginModule password
This command returns an encoded form of the password you specify. For example, the password Welcome1
is encoded as 3146f9cc50afd6a6df8592078de921bc
.
Highlight and copy the encoded password to paste later in the JBoss application policy element definitions.
Open the JBOSS_HOME/server/default/deploy/orm-ds.xml
file in a text editor.
Delete the <user-name>
and <password>
elements from the <no-tx-datasource>
element.
Add the following <security-domain>
element to the end of the <no-tx-datasource>
element:
<security-domain>EncryptDBPassword</security-domain>
Delete the <user-name>
and <password>
elements from the <local-tx-datasource>
element.
Add the following <security-domain>
element to the end of the <local-tx-datasource>
element:
<security-domain>EncryptXADBPassword</security-domain>
Save and close the orm-ds.xml
file.
Open the JBOSS_HOME/server/default/conf/login-config.xml
file in a text editor.
Add the following to <application-policy>
element at the end of the <policy> element while replacing datasource_username
with the data source user name and encoded_password
with the encoded password you copied in step 3:
<application-policy name = "EncryptXADBPassword"> <authentication> <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required"> <module-option name = "username">datasource_username</module-option> <module-option name = "password">encoded_password</module-option> <module-option name = "managedConnectionFactoryName"> jboss.jca:service=LocalTxCM,name=ORMServerXADS</module-option> </login-module> </authentication> </application-policy>
<application-policy name = "EncryptDBPassword"> <authentication> <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required"> <module-option name = "username">datasource_username</module-option> <module-option name = "password">encoded_password</module-option> <module-option name = "managedConnectionFactoryName">jboss.jca:service=NoTxCM,name=ORMServerDS</module-option> </login-module> </authentication> </application-policy>
Save and close the login-config.xml
file.