Install and Configure Oracle Fusion Middleware
Oracle Health Insurance runs on an Oracle Fusion Middleware Application Server. This may also be referred to as Oracle WebLogic Server. When running on more than one managed server or node, the application servers should be configured as a cluster. Starting with WebLogic version 12.1.x Oracle added a DynamicCluster feature. A dynamic cluster uses a single server template to define configuration for a specified number of generated (dynamic) server instances. In a dynamic cluster, additional dynamic servers can be started without having to first manually configure and add them to the cluster. Oracle Health Insurance applications are certified to work with both static and dynamic clusters.
This guide assumes experience with the installation and set up of Oracle WebLogic Server. For details regarding the installation process please consult the product documentation.
The Certification information that is available for a specific release through My Oracle Support specifies the required Java version as well as the version of the Oracle WebLogic Server software that must be installed.
It also lists the matching Oracle Application Development Runtime version that is required for any Oracle Health Insurance application.
This chapter briefly outlines the installation of the Oracle WebLogic Server software.
Installing Oracle Fusion Middleware and Creating a Domain
Start with the installation of Oracle Fusion Middleware. For that purpose make sure to use the Oracle Fusion Middleware Infrastructure installer.
A WebLogic Domain can be created using the Fusion Middleware Configuration Wizard or by using WLST scripts. When using the Configuration Wizard, make sure to select the "Oracle JRF" option on the Templates page (next to the Basic WebLogic Server Domain template that is selected by default). Note that the WebLogic Coherence Cluster Extension will be selected automatically as it is required with the Oracle JRF template. Any other templates are optional and are not required for running Oracle Health Insurance applications.
When using the Configuration Wizard, Oracle recommends to accept the default Coherence Cluster Name and Unicast Listen Port. Coherence Cluster settings will be adjusted through the WebLogic Administration Console.
Domain configuration for Oracle Health Insurance
This chapter contains directions for the following topics:
- 
Redirecting console log output 
- 
Setting up Oracle Health Insurance Authorizations properties files 
- 
Coherence settings 
- 
Setting Oracle Health Insurance Domain environment variables 
- 
Setting the enforce-valid-basic-auth-credentials flag 
Redirect JVM Output to a Log File
By default, the JVM output for a WebLogic server is written to the console.
It is recommended to redirect the console output to file.
Note that in development mode, the default size of a logfile before it is rotated is only 500Kb. Hence, it is also recommended changing the size of the log files before rollover to 10240 Kb and to specify the number of log files that will be retained. These configuration settings can be changed through the WebLogic Server Console.
Setting up Oracle Health Insurance Authorizations Properties Files
Create a directory that will hold Oracle Health Insurance Authorizations properties and configuration files. This directory will be referenced as <CONFIG_ROOT> throughout this document.
Copy the following files that were delivered as part of the specific release from the <OHI_ROOT>/properties directory to the <CONFIG_ROOT>:
- 
logback.xml 
- 
ohi-authorizations.properties.template 
Rename the copied ohi-authorizations.properties.template to ohi-authorizations.properties. A description of the properties file is available elsewhere in this guide.
Also copy file <OHI_ROOT>/util/security/ohi-security.config to the <CONFIG_ROOT>.
Coherence settings
Oracle Health Insurance applications use Oracle Coherence. The IT infrastructure on which the system is installed determines the configuration for Oracle Coherence. Coherence Cluster settings are maintained using the WebLogic Administration Console. This paragraph describes the following configuration options:
- 
Control multiple Coherence clusters that are spread across multiple machines 
- 
Control multiple Coherence clusters that are executed on one machine 
- 
Specific settings for running Coherence in a Production environment 
Define a Coherence Cluster for Oracle Health Insurance
Oracle recommends creating an application-specific Coherence cluster that will be associated with the (application-specific) WebLogic Cluster in which the Oracle Health Insurance application is executed. For example: for Oracle Health InsuranceAuthorizations, create a authorizations_cluster and a authorizations_coherence_cluster. Associate the authorizations_cluster with the authorizations_coherence_cluster using the WebLogic Administration Console:navigate to the authorizations_cluster, under the Configuration tab select the Coherence sub tab and select the authorizations_coherence_cluster from the Coherence Cluster drop down list. Make sure to enable Local Storage Enabled.
Run multiple Coherence clusters of multiple JVMs on the same machine or same set of machines
In order to control which JVMs can join in a particular Coherence cluster, the following options are available:
- 
Use multicast addressing and have every member that needs to join the cluster define the cluster name 
- 
Use the Coherence Well Known Addresses (WKA) feature 
Use your feature of choice to:
- 
Control multiple Coherence clusters that are spread across multiple machines 
- 
Control multiple Coherence clusters that are executed on one machine 
- 
Example: use Well Known Addresses to Control which Members are allowed to join a Coherence Cluster* 
Assuming a WebLogic cluster authorizations_cluster that consists of the following server members:
- 
An Administration Server 
- 
Two Managed Servers, authorizations_node1 and authorizations_node2. 
The authorizations_cluster is associated with an existing authorizations_coherence_cluster.
Step 1: For the authorizations_coherence_cluster define two well known addresses via the WebLogic Administration Console: navigate to the authorizations_coherence_cluster, under the Configuration tab select the Well Known Addresses sub tab. Use the New button to create two Well Known Addresses with the following characteristics:
| Name | Listen Address | 
|---|---|
| wka1 | Name of the host machine that runs the managed server | 
| wka2 | Name of the host machine that runs the managed server | 
Step 2: for each Managed Server, navigate to the Settings page, under the Configuration tab select the Coherence sub tab. Given that authorizations_cluster is already associated with the authorizations_coherence_cluster, the Coherence sub tab should already list the authorizations_coherence_cluster. Change the settings as follows:
| Settings for … | Unicast Listen Address | Unicast Listen Port | 
|---|---|---|
| authorizations_node1 | Name of the host machine that runs the managed server | wka1 port, i.e. 27111 (as used in the example) | 
| authorizations_node2 | Name of the host machine that runs the managed server | wka2 port, i.e. 27111 (as used in the example) | 
Make sure to activate the changes that were made.
For more information please check the Fusion Middleware documentation on https://docs.oracle .com/middleware/1221/wls/CLUST/coherence.htm[Administering Clusters for Oracle WebLogic Server].
Specific settings for running Coherence in a Production environment
By default, Oracle Coherence runs in Development mode. The production checklist in the Coherence documentation states that it is recommended to use the development mode for all pre-production activities, such as development and testing. This is an important safety feature, because Coherence automatically prevents these nodes from joining a production cluster. The production mode must be explicitly specified when using Coherence in a production environment.
In the Production environment (and only in the Production environment), the system property tangosol.coherence.mode should be set to value prod in the script that is used to start Coherence nodes.
-Dtangosol.coherence.mode=prod
Set Environment Variables for Oracle Health Insurance Authorizations
Environment variables for Oracle Health Insurance Authorizations can be set in startWebLogic.sh script. An alternative approach (offered as a best practice) is to create a separate shell script named setAuthorizationsEnv.sh in a directory (referred to hereafter as <SET_ENV_VAR_DIR>). Rationale:
- 
The startWebLogic.sh file is generated by WLS and large (clutters the view). 
- 
The startWebLogic.sh file can be changed by WebLogic if the cluster configuration changes. A separate setAuthorizationsEnv.sh file shields from these changes. 
Make sure that <SET_ENV_VAR_DIR> is a shared directory for all the managed servers in the cluster. The following is a sample setAuthorizationsEnv.sh script (which may have been formatted for readability):
# Memory Args
MEM_ARGS="-Xmx4096m"
MEM_ARGS="${MEM_ARGS} -XX:+UseG1GC"
export MEM_ARGS
# Java Options
JAVA_OPTIONS="${JAVA_OPTIONS} -Dohi.properties.file=/config/ohi-authorizations.properties"
JAVA_OPTIONS="${JAVA_OPTIONS} -Dlogback.configurationFile=/config/logback_authorizations.xml"
JAVA_OPTIONS="${JAVA_OPTIONS} -Djava.security.auth.login.config=/config/ohi-security.config"
JAVA_OPTIONS="${JAVA_OPTIONS} -Dtangosol.coherence.mode=prod"
JAVA_OPTIONS="${JAVA_OPTIONS} -Dcom.sun.org.apache.xml.internal.dtm.DTMManager=
  com.sun.org.apache.xml.internal.dtm.ref.DTMManagerDefault"
JAVA_OPTIONS="${JAVA_OPTIONS} -Djavax.xml.datatype.DatatypeFactory=
  com.sun.org.apache.xerces.internal.jaxp.datatype.DatatypeFactoryImpl"
JAVA_OPTIONS="${JAVA_OPTIONS} -Djavax.xml.stream.XMLInputFactory=
  com.sun.xml.internal.stream.XMLInputFactoryImpl"
JAVA_OPTIONS="${JAVA_OPTIONS} -Djavax.xml.stream.XMLOutputFactory=
  com.sun.xml.internal.stream.XMLOutputFactoryImpl"
JAVA_OPTIONS="${JAVA_OPTIONS} -Djavax.xml.stream.XMLEventFactory=
  com.sun.xml.internal.stream.events.XMLEventFactoryImpl"
export JAVA_OPTIONS
# To make Jersey filters that set certain CORS related HTTP Headers work
JAVA_OPTIONS="${JAVA_OPTIONS} -Dsun.net.http.allowRestrictedHeaders=true"
# Optional settings for JMX management
JAVA_OPTIONS="${JAVA_OPTIONS} -Dcom.sun.management.jmxremote.authenticate=false"
JAVA_OPTIONS="${JAVA_OPTIONS} -Dcom.sun.management.jmxremote.ssl=false"
JAVA_OPTIONS="${JAVA_OPTIONS} -Djavax.management.builder.initial=
weblogic.management.jmx.mbeanserver.WLSMBeanServerBuilder"
export JAVA_OPTIONS
# Optional settings to enable monitoring Coherence through JMX
JAVA_OPTIONS="${JAVA_OPTIONS} -Dtangosol.coherence.management=all"
JAVA_OPTIONS="${JAVA_OPTIONS} -Dtangosol.coherence.management.remote=true"
export JAVA_OPTIONS
Use the tangosol.coherence.mode property for production environments only.
Go to the domain directory and edit bin/startWebLogic.sh script. Add the following line (highlighted below) at the beginning as shown in this sample:
# Call setDomainEnv here.
DOMAIN_HOME="/home/domains/ohi_domain"
. ${DOMAIN_HOME}/bin/setDomainEnv.sh noderby $*
if [ "${SERVER_NAME}" = "<ohi admin server name>" ] ; then
   MEM_ARGS="-Xmx1024m"
   export MEM_ARGS
else
   . <SET_ENV_VAR_DIR>/setAuthorizationsEnv.sh ${SERVER_NAME}
fi
SAVE_JAVA_OPTIONS="${JAVA_OPTIONS}"
Setting the enforce-valid-basic-auth-credentials flag
RESTful services in Oracle Health Insurance applications' HTTP API make use of Basic Authentication as the default authentication mechanism. The RESTful API requests that use HTTP BASIC authentication must pass WebLogic Server authentication. Upon successful authentication, WebLogic Server creates HTTP session objects in JVM memory. The default session-timeout value in WebLogic Server is 3600 seconds, so the HTTP session objects are invalidated/GC’ed only after 3600 seconds.
Since Basic Authentication is handled by Oracle Health Insurance applications, Weblogic Server’s Basic Authentication mechanism should be disabled. To do so, set the domain wide flag 'enforce-valid-basic-auth-credentials' to false. For more information, please check the https://docs.oracle .com/middleware/1221/wls/SCPRG/thin_client.htm#SCPRG150[WebLogic documentation] as well as Oracle support documents: 2178771.1 and 2235898.1.
Limited support for the X window system
For displaying gauges in UI pages on systems that do not have the X windows system or have limited access to it add the following JAVA_OPTIONS option:
JAVA_OPTIONS="$JAVA_OPTIONS -Djava.awt.headless=true"
See the Java documentation for more information. Typically, on a system that lacks X windows support and that does not have this option specified, gauges will not display correctly and the following exception will be in the logs (formatted for displaying it in this guide):
<Aug 31, 2011 12:39:00 PM CEST> <Error> <oracle.adfinternal.view.faces.config.rich.RegistrationConfigurator> <BEA-000000> <ADF_FACES-60096:Server Exception during PPR, #1 javax.servlet.ServletException: java.lang.InternalError: Can't connect to X11 window server using ':0' as the value of the DISPLAY variable.