2 What's New in Oracle WebLogic Server

This document describes the new features made in the initial release of 12c (12.2.1.0.0), and also describes the changes made in the subsequent patch set releases: 12.2.1.1.0, 12.2.1.2.0, 12.2.1.3.0, and 12.2.1.4.0.

Note:

Unless noted otherwise, the new and changed features described in this document were introduced in the initial release of Oracle WebLogic Server 12c (12.2.1.0.0).

This chapter includes the following topics:

WebLogic Server Update Summary

Oracle has released four patch set releases for Oracle WebLogic Server 12c (12.2.1.0.0).

These updates are summarized in the following sections, starting with the most recent release.

Oracle WebLogic Server version 12.2.1.4.0, also known as Patch Set 4, adds the features described in the following table.

Feature Description

Security

The October 2023 Patch Set Update (PSU) includes the following changes:

  • Adds support for SAML Single Logout (SLO) when WebLogic Server acts as a Service Provider. SAML SLO logs users out of all applications in their current SAML Single Sign-On session at once. See Configure SAML Single Logout in Administering Security for Oracle WebLogic Server.
  • Adds support to configure SAML Single Sign-On using WLST offline. See Configuring SAML Single Sign On in Understanding the WebLogic Scripting Tool.

The April 2022 Patch Set Update (PSU) includes the following changes:

  • Adds the KernelMBean attribute RMIDeserializationMaxTimeLimit and the weblogic.rmi.stream.deserialization.timelimitmillis system property which enable you to set a time limit when deserializing Java objects. See Setting the Deserialization Timeout Interval in Administering Security for Oracle WebLogic Server.

The October 2021 Patch Set Update (PSU) includes the following changes:

  • Adds support for allowlists in JEP 290 filtering. When using the allowlist model, WebLogic Server and the customer define a list of the acceptable classes and packages that are allowed to be deserialized, and blocks all other classes. With the blocklist model, WebLogic Server defines a set of well-known classes and packages that are vulnerable and blocks them from being deserialized, and all other classes can be deserialized. While both approaches have benefits, the allowlist model is more secure because it only allows deserialization of classes known to be required by WebLogic Server and customer applications. This PSU includes allowlist support in the WebLogic Server Administration Console. See Using JEP 290 in Oracle WebLogic Server in Administering Security for Oracle WebLogic Server.
  • Added support in WebLogic Server to detect the presence of a JEP 290 dynamic blocklist configuration file in the ORACLE_HOME/oracle_common/common/jep290 directory, and block deserialization of classes and packages specified in the file. See Using a Dynamic Blocklist Configuration File in Administering Security for Oracle WebLogic Server.
  • Enhances resolution guidance for security validation warnings in the Administration Console by providing links to relevant documentation. See Review Potential Security Issues in Securing a Production Environment for Oracle WebLogic Server

The July 2021 Patch Set Update (PSU) includes the following changes:

  • Added new security validation checks to determine if your domain meets Oracle recommended security guidelines. Warnings for failed validations are logged in the Administration Console. See Review Potential Security Issues in Securing a Production Environment for Oracle WebLogic Server.

The April 2021 Patch Set Update (PSU) includes the following changes:

  • Support for dynamic blocklists, which provide the ability to update your JEP 290 blocklist filters by creating a configuration file that can be updated or replaced while the server is running. See UsIng a Dynamic Blocklist Configuration File in Administering Security for Oracle WebLogic Server.

  • The ability to disable anonymous RMI T3 and IIOP requests. By default, WebLogic Server releases 14.1.1.0 and earlier enable clients to perform anonymous RMI requests. Disabling remote anonymous T3 and IIOP RMI requests will require that clients authenticate before invoking on WebLogic Server. Unauthenticated clients will be rejected. See Disable Remote Anonymous RMI T3 and IIOP Requests in Securing a Production Environment for Oracle WebLogic Server.

  • Support for RSA Crypto-J V6.2.5, RSA SSL-J V6.2.6, and RSA Cert-J V6.2.4.0.1. See Supported FIPS Standards and Cipher Suites in Administering Security for Oracle WebLogic Server.

  • Change to the default setting for the ClasspathServletSecureModeEnabled attribute in the ServerTemplateMBean from false to true. Setting the ClasspathServletSecureModeEnabled attribute to true enables secure mode by default and restricts access to several file types when using the bea_wls_internal web application. See Serving Resources from the CLASSPATH with the ClasspathServlet in Developing Web Applications, Servlets, and JSPs for Oracle WebLogic Server.

  • Added TLS v1.3 support for JDK 8 Update 261 (JDK 8u261) or later, and deprecated support for TLS v1.0 and v1.1. See Default Minimum TLS Protocol Version.

Previous new features include:

  • A complete reorganization of the document Securing a Production Environment for Oracle WebLogic Server to more clearly highlight the steps required to lock down your WebLogic Server production environment. To ensure that your system is sufficiently protected, Oracle strongly recommends that all WebLogic Server customers review the contents of this document, specifically the topic Critical Tasks for Locking Down WebLogic Server.

  • Added documentation support for HTTP Strict Transport Security (HSTS), which is a web security policy mechanism that allows a web server to be configured so that web browsers, or other user agents, can access the server using only secure connections, such as HTTPS. See Using HTTP Strict Transport Security in Developing Web Applications, Servlets, and JSPs for Oracle WebLogic Server.

  • Use of AES 256-bit encryption for sensitive configuration and run-time values. All new domains created in this release and later will use AES 256–bit encryption. In previous releases, domains used AES 128–bit encryption. See AES 256-Bit Encryption Used in New Domains.

  • Support for signing and encrypting SAML assertions for SAML 2.0. See Signing and Encryption Support for SAML 2.0 Assertions.

  • A new attribute, AllowedTargetHosts on the FederationServicesMBean and SingleSignOnServicesMBean that can be used to specify the list of allowed destination hosts where the SAML SP target URL may be redirected.

  • Enhancements to the JEP 290 implementation:

    • WebLogic Server now provides a system property, weblogic.oif.serialFilterLogging, that you can use to log the current blocklist classes and packages.

    • The scope of the default filter is now set to global.

    See JEP 290 Utilization.

  • Two new configuration attributes, ServerNotAvailableCounterInterval and ServerBackoffEnabled, were added to the OracleIdentityCloudIntegratorMBean to handle authentication failures that can occur when the Oracle Identity Cloud Service is unavailable or not responding to authentication requests. See Oracle Identity Cloud Service Security Provider.

  • Additional security recommendations were added to help reduce attack surface on the WebLogic Server development and production environments. These recommendations include:
    • Using network channels and connection filters to isolate incoming and outgoing application traffic
    • Limiting protocol for external channels
    • Running different protocols on different ports
    • Disabling tunneling on channels that are available external to the firewall
    • Preventing unauthorized access to your WebLogic Server resources such as JDBC, JMS or EJB resources.
    See Ensuring the Security of Your Production Environment in Securing a Production Environment for Oracle WebLogic Server.
Configuration Overriding

Configuration overriding lets administrators place configuration information, contained in an XML file, in a known location where running servers identify and load it, overriding aspects of the existing configuration. See Configuration Overriding.

In previous releases, configuration overrides required an expiration time and therefore were always temporary. See Temporary Configuration Overriding in Understanding Domain Configuration for Oracle WebLogic Server. Now, this limitation is removed.

JMS Per-JVM Load Balancing

You can now enable Per-JVM instead of Per-Member message load balancing behavior for new or forwarded messages. With Per-JVM, only one member of a distributed destination on each WebLogic Server JVM gets new messages regardless of the number of members hosted by a JVM. See JMS Per-JVM Load Balancing.

JMS Failover Limit

You can now set a Fail Over Limit to limit the number of cluster-targeted JMS Server or SAF Agent instances that can fail over to a particular JVM. See JMS Failover Limit.

Certification on Oracle GraalVM Enterprise Edition

Oracle WebLogic Server and Coherence are now certified on Oracle GraalVM Enterprise Edition. See Oracle GraalVM Enterprise Edition Certification.

WebLogic Server slim installer The slim installer is a lightweight installer that is much smaller than the generic or the Fusion Middleware Infrastructure installers. This installer does not have a graphical user interface and can be run from the command line only.
Deprecated components The following components are deprecated in this patch set and will be removed in a future release of WebLogic Server:
  • Simple Network Management Protocol (SNMP) v1 and v2. The default is now SNMPv3. See SNMPv3 Default Protocol.

  • ValidateCertChain Java utility file-based certificate chains.

  • WebLogic Server Multitenant domain partitions, resource groups, resource group templates, virtual targets, Resource Consumption Management, and proxy data sources are deprecated in WebLogic Server 12.2.1.4.0 and will be removed in the next release.

  • Active-Active XA Transaction Recovery (automated cross-site XA transaction recovery) is deprecated in WebLogic Server 12.2.1.4.0 and will be removed in the next release. See Automated Cross-Site XA Transaction Recovery Deprecated.

See Deprecated Functionality (Oracle WebLogic Server 12c 12.2.1.x).

Patch Set 3

Oracle WebLogic Server version 12.2.1.3.0, also known as Patch Set 3, adds the features described in the following table.

Feature Description

Service Restart In Place

Service Restart In Place adds support for the ability to use any custom store with any migration policy. See Service Restart In Place.

Message limit in a JMS message subscription

WebLogic JMS adds a message limit option to help prevent individual overloaded subscriptions from using up all available resources. See Message Limit in a Subscription.

Security

New features include:

  • The WebLogic Security Service adds the secured production mode feature, which helps ensure a highly secure environment for applications and resources. See Support for Secured Production Mode.

  • A new security provider, Oracle Identity Cloud Integrator, that is an authentication and identity assertion provider that can access users, groups, and Oracle Identity Cloud Service scopes and application roles stored in the Oracle Identity Cloud Service. See Oracle Identity Cloud Service Security Provider.

Updates to the SAML 2.0 implementation include:

  • Use of the SHA2 signature algorithm as the default for signing requests and responses. For backward compatibility, set the com.bea.common.security.saml2.useSHA1SigAlgorithm to true

  • By default, certificates that are expired or not yet valid are no longer used in SAML signing. To allow use of these certificates, set the com.bea.common.security.saml2.allowExpiredCerts to true.

    See SAML 2.0 Implementation Updates.

Zero Downtime Patching

ZDT Patching adds support for modifying workflows using custom hooks. See Zero Downtime Patching.

Applied Patches List

Oracle WebLogic Server adds the ability to obtain a list of patches that have been applied to a server instance. See Applied Patch List.

JDBC data sources

New features include:

JTA

WebLogic JTA adds transaction guard, which provides at-most-once execution during planned and unplanned outages and prevents duplicate submissions. See Transaction Guard.

Temporary Configuration Overriding

Temporary configuration overriding lets administrators place configuration information, contained in an XML file, in a known location where running servers identify and load it, overriding aspects of the existing configuration. See Configuration Overriding.

Apache Ant

This patch set release of WebLogic Server now includes Apache Ant 1.9.8, which may have an impact on the use of the clientgen Ant task. See Upgraded Version of Apache Ant in Upgrading Oracle WebLogic Server.

Deprecated components

The following components are deprecated in this patch set and will be removed in a future release of WebLogic Server:

  • The following WebLogic JMS features and components:

    • WebLogic Replicated Store, which is intended solely for use in Oracle Exalogic Elastic Cloud environments

    • JMS resource adapter

    • WebLogic JMS Automatic Reconnect

    • WebLogic JMS Application Modules for Deployment

  • WebLogic SAF Agent support for JAX-RPC Reliable Messaging

  • EJBGen utility

  • The AnonymousAdminLookupEnabled attribute on the SecurityConfigurationMBean

  • The RESTful management resources listed in Deprecated RESTful Management Features.

See Deprecated Functionality (Oracle WebLogic Server 12c 12.2.1.x).

Patch Set 2

Oracle WebLogic Server version 12.2.1.2.0, also known as Patch Set 2, adds the features described in the following table.

Feature Description

Oracle Server JRE 8

Oracle WebLogic Server 12.2.1.2.0 is certified for use with Oracle Server JRE 8.0. See JDK 8 and Server JRE 8 Certification.

JDBC data sources

WebLogic JDBC now supports gradual draining of connections in the JDBC connection pool, to improve performance during maintenance shutdowns. See Gradual Draining.

Security

The weblogic.jndi.Environment class has been enhanced for configuring two-way SSL authentication for Java clients using JNDI. See New Method for Two-Way SSL Authentication in Java Clients Using JNDI.

Patch Set 1

Oracle WebLogic Server version 12.2.1.1.0, also known as Patch Set 1, introduced the updates summarized in the following table.

Feature Description

Resource consumption management

A configurable, partition auto-restart trigger action has been added that restarts the partition on the server instance on which the partition's resource consumption quotas have been breached. See Triggers in Using Oracle WebLogic Server Multitenant.

Partition administration

The partition administrator role has been added. When logged in or connected to a partition as a member of the management identity domain, the partition administrator can manage the security realm data associated with the partition, such as managing users and groups, credential maps, roles, and policies. See Managing Security Data as a Partition Administrator: Main Steps and Examples in Using Oracle WebLogic Server Multitenant.

Domain to Partition Conversion Tool

The Domain to Partition Conversion Tool (D-PCT) has been added, which provides the ability to migrate existing applications and resources from a non-multitenant domain to a multitenant domain partition.

Cross-site transaction recovery

This patch set introduces a site leasing mechanism to provide automatic recovery when a site failure or mid-tier failure occurs. With site leasing, WebLogic Server provides a more robust mechanism to failover and failback transaction recovery without imposing dependencies on the TLog, which affect the health of the servers hosting the transaction manager. See Active-Active XA Transaction Recovery in Developing JTA Applications for Oracle WebLogic Server.

Continuous availability best practices documentation

New best practices for multi-data center deployments are described in Design Considerations for Continuous Availability in Continuous Availability for Oracle WebLogic Server.

Administration enhancements for Coherence

This patch set release includes enhancements to the WebLogic Server Administration Console for configuring the following Coherence features:

  • Coherence federated caching – You can now set up federation with basic active/active and active/passive configurations using the Administration Console, eliminating the need to use configuration files.

  • Coherence persistence – A persistence tab has been added that provides the ability to configure persistence-related settings that apply to all services.

See Configuring Cache Federation and Configuring Cache Persistence in Administering Clusters for Oracle WebLogic Server.

Zero Downtime Patching

Zero Downtime Patching includes the following new capabilities:

  • Support has been added for updating applications running in a multitenant partition without affecting other partitions that run in the same cluster.

  • Coherence applications can now be updated while maintaining high availability of the Coherence data during the rollout process.

  • The requirement to use Node Manager start the Administration Server to upgrade it has been removed.

See Zero Downtime Patching.

JDBC data sources

Enhancements include the following:

  • A configured connection initialization callback can now be called with any driver and any data source type.

  • New asynchronous, task-based operations have been added for data source suspend and shutdown.

  • Using JDBC Store's retry mechanism, you can now configure multiple retry attempts over a specified time period.

See JDBC Data Sources for more information about JDBC feature updates.

Diagnostics

The Policies and Actions component of the WebLogic Diagnostics Framework has been updated to support the heap dump and thread dump actions, which capture heap dumps or thread dumps, respectively, when certain runtime conditions are met. See Configuring Actions in Configuring and Using the Diagnostics Framework for Oracle WebLogic Server.

Java EE 7 Support

Oracle WebLogic Server 12c (12.2.1) is a fully compatible implementation of the Java Platform, Enterprise Edition (Java EE) Version 7.0. Java EE 7 enables developers to make use of the latest innovations in the Java Enterprise APIs, which include new programming models, as well as consolidating, enhancing, and in some cases simplifying existing specifications.

The Java EE 7 APIs and related capabilities simplify development of server applications accessed by "rich" clients using lightweight web-based protocols such as REST, WebSocket, and Server-Sent Events. Improvements to development tooling and open source support expand developer choices and simplify creation of development environments.

New Java EE 7 support updates provided in WebLogic Server 12c (12.2.1) are described in the following sections:

Batch Application Processing (JSR 352)

Oracle WebLogic Server 12c (12.2.1) adds support for Batch Processing Runtime for the Java EE 7 Platform (JSR 352), which provides support for defining, implementing, and running batch jobs.

The batch runtime in WebLogic Server uses a data source, also known as the job repository, and a managed executor service to execute asynchronous batch jobs. The executor service processes the jobs and the job repository data source stores the status of current and past jobs. The default batch runtime in each WebLogic domain can be used without any configuration using the Derby demo database. For environments that use an enterprise-level database schema, you can configure a dedicated job repository data source and executor service for each WebLogic domain.

For more information about configuring and managing the batch runtime, see Using the Batch Runtime in Administering Server Environments for Oracle WebLogic Server.

Concurrent Managed Objects (JSR 236)

Oracle WebLogic Server 12c (12.2.1) adds support for Concurrency Utilities for Java EE 1.0 (JSR 236), which is a standard API for providing asynchronous capabilities to Java EE application components, such as servlets and EJBs.

WebLogic Server provides concurrency capabilities to Java EE applications by associating the Concurrency Utilities API with the Work Manager to make threads container-managed. You configure concurrent managed objects (CMOs) and then make them available for use by application components. Similar to Work Managers, CMOs can be defined at the domain level, application level, and module level, by using the Administration Console, MBeans, or deployment descriptors:

For more information about configuring and managing concurrent resources, see Configuring Concurrent Managed Objects in Administering Server Environments for Oracle WebLogic Server.

Default Data Source

Oracle provides a default data source that is required by a Java EE 7-compliant runtime. This preconfigured data source can be used by an application to access the Derby Database that can be installed with WebLogic Server. See Using the Default Data Source in Administering JDBC Data Sources for Oracle WebLogic Server.

JMS 2.0 Support for Simplified JMS Application Development (JSR 343)

This release of WebLogic Server supports the JMS simplified API defined by the Java Message Service (JMS) 2.0 specification. See Understanding the Simplified API Programming Model in Developing JMS Applications for Oracle WebLogic Server.

Java EE Connector Architecture 1.7 (JSR 322)

Oracle WebLogic Server 12c (12.2.1) supports the Java EE Connector Architecture 1.7 specification. See Understanding Resource Adapters in Developing Resource Adapters for Oracle WebLogic Server.

Enterprise JavaBeans 3.2 (JSR-345)

Oracle WebLogic Server 12c (12.2.1) supports the Enterprise Java Beans (EJBs) 3.2 specification (JSR 352). See Understanding Enterprise JavaBeans in Developing Enterprise JavaBeans for Oracle WebLogic Server.

Clustering and High Availability Support for WebSocket 1.1 Applications

This release of Oracle WebLogic Server adds support for clustering and high availability with WebSocket applications. WebSocket clustering uses Coherence as part of its implementation to establish communication among all cluster members. WebSocket clustering enables horizontal scaling, allows you to send messages to all members of the cluster, increases the maximum number of connected clients, and decreases broadcast execution time.

GZIP Compression Support

Oracle WebLogic Server adds support for GZIP compression in the WebLogic Wweb container, which you can enable at the domain or web application level. With GZIP compression enabled, you can configure attributes, such as minimum content length and compression content types, and monitor related statistics. See Enabling GZIP Compression for Web Applications in Developing Web Applications, Servlets, and JSPs for Oracle WebLogic Server.

Java EE 7 Security Standards

Oracle WebLogic Server 12c (12.2.1) includes support for the following security standards:

  • Java Authorization Contract for Containers 1.5

  • Java Authentication Service Provider Interface for Containers 1.1 (JASPIC)

  • Packaged Permissions

  • Uncovered HTTP Methods (JSR 340 for Servlet 3.1)

See Security.

Sample Applications

The sample applications that can optionally be installed with WebLogic Server have been updated for Java EE 7, as described in the following sections:

Avitek Medical Records — MedRec

Avitek Medical Records (or "MedRec") is a comprehensive educational sample application that demonstrates WebLogic Server and Java EE features, as well as best practices. In Oracle WebLogic Server 12c (12.2.1), MedRec has been upgraded to demonstrate the following Java EE 7 features:

  • Java Persistence 2.1

  • Simplified API of JMS 2.0

  • Contexts and Dependency Injection 1.1

  • Batch 1.0

  • JAX-RS 2.0

  • JavaServer Faces 2.2

  • JSON Processing 1.0

  • HTML5

New Java EE 7 Examples

New sample applications have been added to show the following Java EE 7 features:

  • JSON Processing 1.0

  • Servlet 3.1

  • JavaServer Faces 2.2

  • Expression Language 3.0

  • Batch Processing

  • Concurrency Utilities

  • Contexts and Dependency Injection 1.1

  • Java EE Connector Architecture 1.7

  • Java Persistence 2.1

  • Java Message Service API 2.0

  • Enterprise JavaBeans 3.2

  • Java API for RESTful Web Services (JAX-RS) 2.0 asynchronous processing, filters and interceptors, and server-sent events (SSE) Jersey support.

JDK 8 and Server JRE 8 Certification

Oracle WebLogic Server 12c (12.2.1) is certified for use with JDK 8. Supported Oracle WebLogic Server 12c (12.2.1) clients are certified for use with JDK 7 and JDK 8 Update 40. A certified JDK is required for running the WebLogic Server installation program.

As of release 12.2.1.2.0, Oracle WebLogic Server is also certified for use with Oracle Server JRE 8, which is designed for server-side applications. The Server JRE makes storage and deployment faster and easier by including only the commonly required features and components from the JRE and JDK.

See the following topics:

WebLogic Server Slim Installer

In Oracle WebLogic Server 12.2.1.4.0, in addition to the generic installer and the Fusion Middleware Infrastructure installer, you can use the slim installer to install and configure Oracle WebLogic Server and Coherence.

The slim installer does not contain examples, WebLogic Server Administration Console, WebLogic clients, Maven plug-ins and Java DB, and hence, has a smaller image size.

You can use this WebLogic Server installer for development, testing, and production purposes, in any infrastructure, such as, on premises (physical servers and virtual machines) or containers. Because it produces smaller WebLogic Server Docker or CRI-O images, this installer is particularly suitable for containers.

The slim installer file name is fmw_12.2.1.4.0_wls_quick_slim.jar.

See Obtaining the Oracle WebLogic Server and Coherence Distribution in Installing and Configuring Oracle WebLogic Server and Coherence.

Oracle GraalVM Enterprise Edition Certification

Oracle WebLogic Server and Coherence 12.2.1.4.0 are certified to run on Oracle GraalVM Enterprise Edition.

Oracle GraalVM Enterprise Edition is a high performance runtime platform built on Oracle's enterprise-class Java SE. Its optimizing compiler accelerates WebLogic applications by rearranging compiled code, aggressive method inlining, escape analysis, advanced vectorization and more. Based on internal testing, you should experience up to a 5-10% performance improvement.

For details, see Running Oracle WebLogic Server and Coherence on GraalVM Enterprise Edition.

Docker Certification

Oracle WebLogic Server 12.2.1 is certified to run inside a Docker container. Docker is a Linux-based container technology that enables you to quickly create lightweight clustered and non-clustered WebLogic Server domain configurations on a single or multi host OS, or virtual machines, for either development or production environments.

As part of this certification, Oracle provides Docker files and supporting scripts for building images of Oracle WebLogic Server. These images are built as an extension of existing Oracle Linux images. These scripts and build images are available on GitHub at the following location:

https://github.com/oracle/docker/tree/master/OracleWebLogic

For information about using Docker with WebLogic Server, and the combinations of Oracle WebLogic Server, JDK, Linux and Docker versions that are certified for building your Docker images, see the Supported Virtualization Technologies with Oracle Fusion Middleware.

WebLogic Server Kubernetes Operator

Oracle provides an open-source WebLogic Server Kubernetes Operator which has several key features to assist you with deploying and managing WebLogic domains in a Kubernetes environment. The operator uses a common set of Kubernetes APIs to provide an improved user experience when automating operations such as: provisioning, life cycle management, application versioning, product patching, scaling, and security.

The operator is packaged in a Docker image which you can access from Docker Hub. For project documentation, scripts, samples, and files, see the Oracle WebLogic Server Kubernetes Operator GitHub repository.

Runtime Improvements

Oracle WebLogic Server 12c (12.2.1) builds on support from prior WebLogic Server versions to improve the reliability, availability, scalability and performance of WebLogic Server applications with regards to use of clustered environments, new Oracle Database features, and multi data center architectures.

These support improvements are described in the following topics:

Deployment

Oracle WebLogic Server 12c (12.2.1) includes the following new and changed deployment features:

Overriding Resource Group Template Application Configuration

Note:

Resource groups, resource group templates, and resource override configuration MBeans are deprecated in WebLogic Server 12.2.1.4.0 and will be removed in the next release.

When a resource group references a resource group template, it inherits the application configuration defined in the resource group template. You can customize a specific application in a resource group by overriding the default application configuration in the resource group template.

To override the application configuration defined in a resource group template, specify a different deployment plan that the application should use for its configuration. You can apply application overrides or remove existing overrides using the Administration Console, Fusion Middleware Control, or by using the update or redeploy command with one of the supported deployment clients.

See Overriding Application Configuration in Deploying Applications to Oracle WebLogic Server and Overriding Application Configuration in Using Oracle WebLogic Server Multitenant.

Parallel Deployment

This release of Oracle WebLogic Server adds support for parallel deployment. For use cases involving the deployment of multiple applications, the deployment of a single application with multiple modules, or the deployment of one or more applications across multiple partitions, parallel deployment improves startup and post-running deployment time. In multitenant environments, parallel deployment helps avoid cross-tenant performance impact.

For more information about parallel deployment, see Enabling Parallel Deployment for Applications and Modules in Deploying Applications to Oracle WebLogic Server and Enabling Parallel Deployment in Multitenant Environments in Using Oracle WebLogic Server Multitenant.

FastSwap Enhancements

This release of Oracle WebLogic Server enhances FastSwap to work with the Java EE Contexts and Dependency Injection (CDI) specification.

Used in development mode, FastSwap helps developers avoid redeployment of an application and reduce turnaround time during development iterations. To improve the developer experience, you can now use FastSwap with CDI. For more information about FastSwap, see Using FastSwap Deployment to Minimize Redeployment in Deploying Applications to Oracle WebLogic Server.

Deployment Performance Enhancements

This release of Oracle WebLogic Server adds several deployment performance enhancements. Improvements include:

  • Application class loading in parallel.

  • Indexing of class finder data to locate classes and resources faster.

  • Deployment factory caching during identification of a deployment, helping large deployments process faster.

  • Annotation scanning caching for libraries and applications, benefiting server restart and resulting in faster deployment time.

  • Annotation scanning in parallel so that each JAR file in the class path of a module is handled in parallel.

Behavior Change for Application Names

As of Oracle WebLogic Server 12.2.1, application names must be unique within each deployment scope. When deploying an application globally to a domain, if that application name is already in use in the current domain, the application deployment fails. This is a behavior change from previous WebLogic Server versions, when specifying the same application name caused WebLogic Server to automatically derive a unique name based on the specified name.

JDBC Data Sources

Oracle WebLogic Server 12c (12.2.1) includes the following new and changed features:

Simplified Driver Installation and Update

In previous releases, adding a new JDBC driver or updating a JDBC driver where the replacement JAR has a different name than the original JAR required updating the WebLogic Server's classpath to include the location of the JDBC driver classes. As of Oracle WebLogic Server 12.2.1, you can simply put the drivers in the $DOMAIN_HOME/lib directory without the need to change the classpath. See Adding Third-Party JDBC Drivers Not Installed with WebLogic Server in Administering JDBC Data Sources for Oracle WebLogic Server.

Proxy Data Source Support

Oracle provides a new data source type called the proxy data source, which provides the ability to switch between databases in a WebLogic Server Multitenant environment. See Using Proxy Data Sources in Administering JDBC Data Sources for Oracle WebLogic Server.

JDBC Data Source Support for Multitenancy

Data source configuration and monitoring support has been added for WebLogic Server Multitenant. See Configuring JDBC in Using Oracle WebLogic Server Multitenant.

Universal Connection Pool Data Sources

Universal Connection Pool (UCP) data sources are now available as an option if you wish to use UCP to connect to Oracle Databases. UCP provides an alternative connection pooling technology to WebLogic Server connection pooling. See Using Universal Connection Pool Data Sources in Administering JDBC Data Sources for Oracle WebLogic Server.

Connection Leak Profiling Enhancements

Connection leak profiling enhancements include:

  • A new attribute, Set Connection Leak Timeout Seconds, that can be used instead of Inactive Connection Timeout Seconds to specify the length of time before a reserved connection is considered leaked.

  • Two new profile records:

    • JDBC Object Closed Usage—Collect profile information about application components that close a connection, statement, or result set.

    • Local Transaction Connection Leak—Collect profile information about application components that leak a local transaction (start it but don't commit or rollback the transaction).

See Collecting Profile Information in Administering JDBC Data Sources for Oracle WebLogic Server.

Enhanced Connection-Based System Properties

You can set connection-based system properties using variables based on your environment. See Enabling Connection-Based System Properties in Administering JDBC Data Sources for Oracle WebLogic Server.

Application Continuity Runtime Statistics

Application Continuity (or replay) statistics are available using the JDBCReplayStatisticsRuntimeMBean for generic and Active GridLink data sources. See Viewing Runtime Statistics for Application Continuity in Administering JDBC Data Sources for Oracle WebLogic Server.

ONS Node List Configuration Enhancements

You can now use a property node list to configure the ONS node list. The property node list, which can be used instead of a single node list, is a string composed of multiple records, with each record consisting of a key=value pair. See ONS Client Configuration in Administering JDBC Data Sources for Oracle WebLogic Server.

DRCP Network Timeout Property

A system property weblogic.jdbc.attachNetworkTimeout is provided that, after an attach to the server, specifies a network timeout that forces a round trip to the database (using an Oracle ping database operation). The timeout is then unset. See Database Resident Connection Pooling in Administering JDBC Data Sources for Oracle WebLogic Server.

Enhanced Edition-Based Redefinition (EBR) Documentation

The documentation that describes this feature has been enhanced to include details about using EBR with JDBC connections, and describes how to configure WebLogic data sources to use Editions. See Using Edition-Based Redefinition in Administering JDBC Data Sources for Oracle WebLogic Server.

Guidelines for Planned Maintenance and Database Outages

Procedures and guidelines have been included for planning and managing database maintenance and downtimes for multi data source and Active GridLink (AGL) data sources. See the following topics in Administering JDBC Data Sources for Oracle WebLogic Server:

Enabling ONS and JDBC Debugging Changes

To enable ONS and JDBC replay debugging, you must configure java.util.logging. See the following topics in Administering JDBC Data Sources for Oracle WebLogic Server:

Support for Encrypted Passwords in a Data Source Definition

In previous releases, the PasswordEncrypted attribute was not supported in data source definitions. This restriction has been removed. See Using an Encrypted Password in a DataSourceDefinition in Developing JDBC Applications for Oracle WebLogic Server.

Enhanced Data Source Shutdown

In Oracle WebLogic Server 12.2.1.1.0, new asynchronous, task-based operations have been added for data source suspend and shutdown. When a data source is shutting down, suspend closes all idle connections immediately and closes connections when returned to the pool. See Shutting Down the Data Source in Administering JDBC Data Sources for Oracle WebLogic Server.

Retry Count

During a ConnectionInitializationCallback operation, the application may want to know when the connection work is being replayed. The getReplayAttemptCount method on the WLConnection interface is added in WebLogic Server 12.2.1.1.0 to obtain the number of times that replay is attempted on the connection. See Application Continuity Auditing in Administering JDBC Data Sources for Oracle WebLogic Server.

Connection Initialization Callback for Non-Oracle Drivers

As of Oracle WebLogic Server 12.2.1.1.0, you can now configure the connection initialization callback that can be called with non-Oracle drivers. See Create an Initialization Callback in Administering JDBC Data Sources for Oracle WebLogic Server.

JDBC Store Improved Retry Handling

In previous releases, a JDBC Store's retry mechanism would make one reconnect attempt, then throw a JDBCStoreException if it was not able to reconnect to the database. In Oracle WebLogic Server 12.2.1.1.0, Oracle allows you to configure multiple retry attempts over a specified time period. See Configuring JDBC Store Reconnect Retry in Administering the WebLogic Persistent Store.

JDBC Store Connection Caching Policy

Oracle WebLogic Server 12.2.1.1.0 adds an option to reduce the number of JDBC connections cached by a JDBC store.

See Configuring a JDBC Store Connection Caching Policy in Administering the WebLogic Persistent Store.

Gradual Draining

When planned maintenance occurs, a planned down service event is processed by WebLogic Server data source. By default, all unreserved connections in the pool are closed and borrowed connections are closed when returned to the pool.  This can cause an uneven performance because:

  • New connections need to be created on the alternative instances.

  • A logon storm on the other instances can occur.

It is desirable to gradually drain connections instead of closing them all immediately. The application can define the length of the draining period during which connections are closed.

In Oracle WebLogic Server 12.2.1.2.0, this feature is supported for an AGL data source running with Oracle RAC. See Gradual Draining in Administering JDBC Data Sources for Oracle WebLogic Server.

Shared Pooling

Oracle WebLogic Server now includes a shared pooling feature for WebLogic data sources. Shared pooling provides the ability for multiple data source definitions to share an underlying connection pool. See Using Shared Pooling Data Sources in Administering JDBC Data Sources for Oracle WebLogic Server.

WebLogic Server Integration with Oracle Database 12.2 Driver

In Oracle WebLogic Server 12.2.1.3.0, WebLogic JDBC adds the Oracle Database 12.2.0.1 client jar files and additional integration capabilities with several new Oracle Database 12.2 features. See WebLogic JDBC Features for Oracle Database 12.2 in Administering JDBC Data Sources for Oracle WebLogic Server.

Initial Capacity Enhancement in the Connection Pool

WebLogic Server 12.2.1.3 enhances creation of initial capacity connections in a data source by providing control over connection retry, early failure, and critical resources. See Initial Capacity Enhancement in the Connection Pool in Administering JDBC Data Sources for Oracle WebLogic Server.

JTA

This release of WebLogic Server includes the following new and changed JTA features:

Transactions without TLog Write

Oracle improves XA transaction performance by providing the option to eliminate the writing of XA transactions to the TLog. XA transaction resources (determiners) are used during transaction recovery when a TLog is not present. See XA Transactions without Transaction TLogs Write in Developing JTA Applications for Oracle WebLogic Server.

Transaction Guard

In release 12.2.1.3.0, Oracle WebLogic Server adds transaction guard integration with WebLogic JDBC data sources. Transaction guard provides at-most-once execution during planned and unplanned outages and prevents duplicate submissions. See Using Transaction Guard.

Network Channels for JTA Communication

Oracle WebLogic Server 12c (12.2.1.4.0) provides options to configure custom network channels for JTA communication. The network channels are used for JTA interserver communication. See Configuring Network Channels for JTA Communication in Developing JTA Applications for Oracle WebLogic Server.

Messaging

This release of WebLogic Server includes the following new and changed messaging features:

JMS Per-JVM Load Balancing

You can now enable 'Per-JVM' instead of 'Per-Member' message load balancing behavior for new or forwarded messages. With Per-JVM, only one member of a distributed destination on each WebLogic Server JVM gets new messages regardless of the number of members hosted by a JVM.

This is useful for evenly distributing messages among servers in a cluster that has been shrunk due to decreased loads, but that also retains failed over members in order to process any of the failed-over members' recovered messages. See Load-Balancing Heuristics in Administering JMS Resources.

JMS Failover Limit

You can now set a Fail Over Limit to limit the number of cluster targeted JMS Server or SAF Agent instances that can fail over to a particular JVM.

This is useful for preventing too many JMS instances from failing over to a single JVM. See Additional Configuration Options for JMS Services.

JMS Object-Based Security

WebLogic JMS clients can use a new simplified object-based security feature. This feature is useful for multithreaded clients that access secured WebLogic JMS destinations in order to minimize or even eliminate the need for additional code to transfer security subjects between threads. See Understanding JMS Security in Developing JMS Applications for Oracle WebLogic Server.

Messaging Support for Multitenancy

Note:

WebLogic Server Multitenant domain partitions, resource groups, resource group templates, and virtual targets are deprecated in WebLogic Server 12.2.1.4.0 and will be removed in the next release.

WebLogic JMS provides support for the WebLogic Messaging Service in WebLogic 12.2.1 and later environments, including:

  • Core WebLogic Messaging components including modules, JMS resources, path service, stores, and admin helpers such as one that can locate an available JMS destination

  • Integration solutions, including the Messaging Bridge, JMS pools, and foreign JMS servers

  • Store-and-Forward (SAF) agents

  • AQ JMS using foreign JMS servers

See Configuring Messaging in Using Oracle WebLogic Server Multitenant.

Simplified JMS Cluster Configuration and High Availability Enhancements

Oracle WebLogic Server 12.2.1 and later provides enhanced support for simplified messaging configurations that set up JMS using cluster targeting instead of individually configuring and targeting JMS resource artifacts on each server in a cluster. This enhanced support for cluster targeted JMS improves high availability and removes the limitations from previous releases.

Cluster targeting now supports:

  • High availability features:

    • Automatic service migration—automatically restarts a failed JMS instance on a different WebLogic Server instance.

    • Fail-back—returns an instance to its original host server when the host server restarts.

    • Restart-in-place—automatically restarts a failed JMS instance on its running WebLogic Server instance.

  • Unit-of-Order and Unit-of-Work messaging

  • Singleton destinations (in addition to already supported distributed destinations)

  • SAF agents, bridges, and path services (in addition to already supported JMS servers and stores)

See Simplified JMS Cluster and High Availability Configuration in Administering JMS Resources for Oracle WebLogic Server.

Service Restart In Place

Service Restart In Place automatically recovers a failed custom store and its dependent JMS services on their original running WebLogic Server.  It can be configured independently of whole server migration or service migration.

WebLogic Server 12.2.1.3.0 extends Service Restart In Place beyond previous versions to support any custom store with any migration policy, where the store can be targeted to a standalone server, a cluster, or a migratable target.

See Service Restart In Place in Administering the WebLogic Persistent Store.

Message Limit in a Subscription

In Oracle WebLogic Server 12.2.1.3.0, WebLogic JMS provides a message limit option at the topic subscription level as a way to help prevent individual overloaded subscriptions from using up all available resources. If a subscription reaches its configured limit on a FIFO sorted destination, then, by default, the oldest messages on the subscription are ejected to make room for newer messages. You can set a message limit on both stand-alone and distributed topics.

See Subscription Message Limits in Tuning Performance of Oracle WebLogic Server.

Monitoring WebSocket Applications

In Oracle WebLogic Server 12c (12.2.1), you can monitor message statistics and runtime properties for WebSocket applications and endpoints. Endpoint-level monitoring collects information per individual endpoint, while application-level monitoring aggregates information from all endpoints deploying in the given application.

The following MBeans have been added or modified to support WebSocket monitoring:

  • WebAppComponentRuntimeMBean

  • WebsocketApplicationRuntimeMBean

  • WebsocketEndpointRuntimeMBean

  • WebsocketMessageStatisticsRuntimeMBean

  • WebsocketBaseRuntimeMBean

You can also use the WebLogic Server Administration Console or Fusion Middleware Control to monitor WebSocket applications.

See Monitoring WebSocket Applications in Developing Applications for Oracle WebLogic Server.

Policy Classloader

This release of WebLogic Server integrates the policy classloader implementation as the default system class loader when using WebLogic start scripts. The policy classloader improves class loader performance and server startup time and is supported in all WebLogic modes (development and production).

See Class Caching With the Policy Classloader in Developing Applications for Oracle WebLogic Server.

ReadyApp Integration with WebLogic Server

This release of WebLogic Server integrates the ReadyApp framework. At times, applications are not fully initialized when WebLogic Server completed its startup process. By using the ReadyApp framework, applications can register with the WebLogic Server ReadyApp during the deployment process and influence the true readiness state of the server instance. Applications notify ReadyApp of their application state so server instances can determine if an application is fully initialized and ready to accept requests. ReadyApp also allows load balancers to detect server readiness by providing a reliable health-check URL.

See Using the ReadyApp Framework in Deploying Applications to Oracle WebLogic Server.

RESTful Web Services

This release of Oracle WebLogic Server provides the following new and changed features for RESTful web services:

  • Provides support for Jersey 2.x (JAX-RS 2.0 RI) by default in this release. Registration as a shared library with WebLogic Server is no longer required.

  • Provides enhanced monitoring of RESTful web services in the WebLogic Administration Console, including enhanced runtime statistics for your RESTful applications and resources, detailed deployment and configuration data, global execution statistics, and resource and resource method execution statistics. The following runtime MBeans have been modified or added to support enhanced monitoring:

    • JaxRsApplicationRuntimeBean

    • JaxRSExceptionMapperStatisticsRuntimeMbean

    • JaxRsExecutionStatisticsRuntimeMBean

    • JaxRsResourceMethodBaseRuntimeMBean

    • JaxRsResourceMethodRuntimeMBean

    • JaxRsResourceRuntimeMBean

    • JaxRsResponseStatisticsRuntimeMBean

    • JaxRsSubResourceLocatorRuntimeMBean

    • JaxRsUriRuntimeMBean

  • Includes the ability to disable RESTful web services monitoring at the individual application level, or globally at the domain level.

  • Reflects support for the Jersey 2.21.1 (JAX-RS 2.0 RI).

  • Supports securing Jersey 2.x (JAX-RS 2.0 RI) web services using Oracle Web Services Manager (OWSM) security policies.

  • Adds support for Java EE 7.

See Introduction to RESTful Web Services in Developing and Securing RESTful Web Services for Oracle WebLogic Server.

Simple WLST APIs for Dynamic Clusters

This release of WebLogic Server adds WLST commands to improve usability for dynamic cluster lifecycle operations. By using the WLST scaleUp and scaleDown commands, you can easily start and stop dynamic servers in a dynamic cluster and expand or shrink the size of a dynamic cluster.

See Starting and Stopping Servers in Dynamic Clusters and Expanding or Reducing Dynamic Clusters in Administering Clusters for Oracle WebLogic Server.

ThreadLocal Clean Out Support for Work Managers

This release of Oracle WebLogic Server enhances ThreadLocal clean out support in Work Managers. To clean up stray ThreadLocal use by applications and third-party libraries, configure the eagerThreadLocalCleanup attribute in the KernelMBean. By default, the self-tuning thread pool only cleans up ThreadLocal storage when a thread returns to a standby pool and after an application is undeployed. See ThreadLocal Clean Out in Administering Server Environments for Oracle WebLogic Server.

Manageability Improvements

Oracle WebLogic Server 12c (12.2.1) continues to provide new management features that simplify the configuration, monitoring, and ongoing management of WebLogic domains and applications with regard to elasticity support in dynamic clusters, multitenancy administration, REST, security, patching, and more.

These new features are described in the following sections:

Elasticity Support for Dynamic Clusters

This release of WebLogic Server introduces elasticity. Elasticity enables the automatic scaling of dynamic clusters and re-provisioning of associated resources based on demand. The Elasticity Framework leverages the WebLogic Diagnostic Framework (WLDF) policies and actions system. See Overview in Configuring Elasticity in Dynamic Clusters for Oracle WebLogic Server.

Resource Groups

Note:

Resource groups are deprecated in WebLogic Server 12.2.1.4.0 and will be removed in the next release.

WebLogic Server Multitenant introduces resource groups as a convenient way to group together Java EE applications and the resources they use into a distinct administrative unit within the domain. The resources and applications in a resource group are "fully qualified" in that the administrator provides all the information needed to start or connect to those resources, including credentials for connecting to a data source and targeting information for Java EE applications. A resource group will either contain these deployable resources directly or refer to a resource group template which contains the resources. Resource groups can be defined at the domain level, or be specific to a domain partition.

See Configuring Resource Groups in Using Oracle WebLogic Server Multitenant.

Resource Group Templates and Resource Overrides

Note:

Resource group templates and resource override configuration MBeans are deprecated in WebLogic Server 12.2.1.4.0 and will be removed in the next release.

Resource group templates are a named, domain-level collection of deployable resources intended to be used as a pattern by (usually) multiple resource groups. Each resource group that refers to a given template will have its own runtime copies of the resources defined in the template. A resource group template is a convenient way to define and replicate resources for multiple tenants. Resource group templates make it very easy to deploy the same collection of applications and resources to multiple domain partitions.

Resource group templates are particularly useful in SaaS environments where WebLogic Server Multitenant activates the same applications and resources multiple times, once per domain partition. Some of the information about such resources is the same across all domain partitions, while some of it, such as JMS queues and database connections, varies from one partition to the next. WebLogic Server Multitenant provides several methods for overriding resource definitions:

  • Resource Override Configuration MBeans

  • Resource deployment plans

  • Partition-specific application deployment plans

Administrators can employ and combine any of these techniques.

See Configuring Resource Group Templates and Configuring Resource Overrides in Using Oracle WebLogic Server Multitenant.

Named Concurrent Edit Sessions

In previous releases, WebLogic Server supported only one active configuration edit session at a time. The system administrator got a global edit lock, made changes, and then activated them. Other administrators could not make changes at the same time. However, this release of Oracle WebLogic Server enables multiple, named concurrent edit sessions, which allows more than one administrator to make configuration changes at the same time. This is typically useful when multiple administrators work in different parts of the system. Also, when configuring a system takes a long time because of the serial execution of configuration commands, a single administrator can open multiple named edit sessions. This saves time by running the configuration edit sessions in parallel.

In a multitenant environment, more than one administrator will need to make configuration changes concurrently. A multitenant WebLogic domain contains multiple partitions each with its own administrator. Partition administrators must be able to make configuration changes to their partitions and the resources deployed in them without affecting other partition administrators or the WebLogic system administrator. Multiple, named concurrent edit sessions support one or more configuration edit sessions per partition plus global configuration edit sessions.

See Managing Named Concurrent Edit Sessions in Using Oracle WebLogic Server Multitenant.

Configuration Overriding

Configuration overriding lets administrators place configuration information, contained in an XML file, in a known location where running servers identify and load it, overriding aspects of the existing configuration.

You can use configuration overriding (also called situational configuration) to change settings such as server debugging flags, timeout values, or diagnostics settings, without running the Administration Server. The configuration overrides are targeted to Managed Servers but can also be applied to the Administration Server.

Configuration overrides can update configuration information coming from the config.xml file or system resource files that exist in the jdbc, jms, and diagnostics subdirectories of the domain config directory. The overrides may have an expiration time or they can be permanent; no expiration time need be specified.

See Configuration Overriding in Understanding Domain Configuration for Oracle WebLogic Server.

REST Resources for WebLogic Server Management

RESTful Management Services are a publicly documented programming interface to Oracle WebLogic Server. In each release of WebLogic Server, the availability of REST resources for WebLogic Server administration has been enhanced and extended. In this release of Oracle WebLogic Server, WebLogic RESTful management resources provide a comprehensive public interface for configuring, monitoring, deploying and administering WebLogic Server in all supported environments.

For information about the RESTful management resources provided in this release of WebLogic Server, see About the WLS RESTful Management Interface in Administering Oracle WebLogic Server with RESTful Management Services.

Fusion Middleware Control

Fusion Middleware Control provides management support for all Fusion Middleware components, including WebLogic Server. Use Fusion Middleware Control to manage WebLogic Server when using other Fusion Middleware products in addition to WebLogic Server.

In this release of WebLogic Server, the following subsets of functionality are now available in Fusion Middleware Control:

  • Create WebLogic Server clusters, server instances, domains, machines, and server templates

  • Configure and deploy applications and libraries

  • Create and configure UCP and proxy data sources

  • Create and configure JMS servers, Store-and-Forward agents, JMS modules, JMS resources, path services, messaging bridges, and messaging bridge destinations

  • Create and configure security realms

  • Manage WebLogic Server diagnostics

  • Configure elasticity for dynamic clusters

  • Configure Coherence clusters

  • Manage WebLogic Server in a multitenant environment

See Administration in Administering Oracle WebLogic Server with Fusion Middleware Control.

As of release 12.2.1.1.0, you can use Fusion Middleware Control to connect directly to a domain partition instead of logging in at the domain level. When you do this the user name that you specify is validated against the security realm and the management identity domain for that partition. See Configuring Security in Using Oracle WebLogic Server Multitenant.

Security

The new security features provided in Oracle WebLogic Server 12c (12.2.1.x) are described in the following sections:

Support for Secured Production Mode

Oracle WebLogic Server 12.2.1.3.0 and later provides support for securing your production environment using the secured production mode feature. To ensure a highly secure environment for your WebLogic Server applications and resources, enable secured production mode and related security settings for your domain in one of the following ways:

  • Use the WebLogic Server Administration Console to enable secured production mode and related security settings for your domain. See Secure your production domain in Oracle WebLogic Server Administration Console Online Help.

  • Use the Fusion Middleware Control to enable secured production mode and related security settings. See Configure domain security in Administering Oracle WebLogic Server with Fusion Middleware Control.

  • Use WLST offline while creating the domain. The setOption WLST offline command includes a new secure value for the ServerStartMode argument to start your server in secured production mode. See setOption in WLST Command Reference for Oracle WebLogic Server.

  • Use WLST online to enable secured production mode for your existing production domain. See Using WLST Online to Update an Existing WebLogic Domain in Understanding the WebLogic Scripting Tool.

Note:

You cannot upgrade domains prior to 12.2.1.3.0 to run in secured production mode. Only domains new in 12.2.1.3.0 can be configured to run in secured production mode.

For more information about using secure mode, see the following topics:

Oracle Identity Cloud Service Security Provider

WebLogic Server 12.2.1.3.0 includes a new security provider, Oracle Identity Cloud Integrator, that combines authentication and identity assertion into a single provider. The provider establishes identity on WebLogic Server when the identity store is the Oracle Identity Cloud Service.

The Oracle Cloud Integrator provider supports:

  • Basic authentication with the Oracle Identity Cloud Service using user names and passwords.

  • Perimeter authentication (identity assertion) using Oracle Identity Cloud Service identity tokens. The provider also supports perimeter authentication for users authenticated by the Identity Cloud Service, and for protected resources using Oracle Identity Cloud Service access tokens.

  • A multiple identity store environment. You can use the provider to access the Oracle Identity Cloud Service as a single source of users, or in a hybrid environment in combination with other identity stores.

  • A Single Sign-on (SSO) Synchronization Filter to synchronize the remote cloud SSO session with the local container session. 

  • Identity domains, which are used to represent the tenancy of users and groups. 

  • One-way SSL to establish trust between the provider and the Oracle Identity Cloud Service.

In WebLogic Server 12.2.1.4.0, two new configuration attributes, ServerNotAvailableCounterInterval and ServerBackoffEnabled, were added to the OracleIdentityCloudIntegratorMBean to handle authentication failures that can occur when the Oracle Identity Cloud Service is unavailable or not responding to authentication requests.

See Configuring the Oracle Identity Cloud Integrator Provider in Administering Security for Oracle WebLogic Server.

New Method for Two-Way SSL Authentication in Java Clients Using JNDI

As of release 12.2.1.2.0 a new method, setSSLContext(), has been added to the weblogic.jndi.Environment class for configuring two-way SSL authentication for Java clients using JNDI. Alternatively, you can use loadLocalIdentity(). The methods previously recommended, setSSLClientCertificate() and setSSLClientKeyPassword(), have been deprecated in this release. See Two-Way SSL Authentication with JNDI in Developing Applications with the WebLogic Security Service.

Java EE 7 Standards Support

This release of WebLogic Server supports the following Java EE 7 standards and features for security:

  • Java Authorization Contract for Containers 1.5 (JSR 115)

  • Java Authentication Service Provider Interface for Containers (JASPIC) 1.1 (JSR 196)

  • Packaged Permissions (Java EE 7 Platform Specification)

  • Uncovered HTTP methods for Servlet 3.1 (JSR 340)

LDAP Authentication Provider Manageability Enhancements

The following enhancements have been added to the LDAP Authentication provider to improve the configuration process:

  • LDAP Authentication provider performance enhancements for improved caching, searching, and LDAP server connection handling, such as:

    • The ability to collect hit/miss metrics on user and group caching, allowing you to determine the best settings for user and group caching to maximize response time and throughput.

    • Support for specifying a timeout on the LDAP server connection.

  • Support for testing the LDAP server connection prior to activating the LDAP Authentication provider, similar to the way JDBC connections can be tested during data source configuration. Testing occurs automatically at the time you activate the this provider: if the test succeeds, the provider is activated.

See Improving the Performance of WebLogic and LDAP Authentication Providers in Administering Security for Oracle WebLogic Server.

Default Minimum TLS Protocol Version

WebLogic Server supports TLS v1.0, v1.1, v1.2, and v1.3. Note the following:

  • TLS v1.1 is the default minimum protocol version configured in this release of WebLogic Server. However, Oracle strongly recommends the use of TLS v1.2 or later in a production environment rather than TLS v1.0 or v1.1. In addition, TLS v1.0 or v1.1 may be disabled by default in certain JDK updates by the underlying JSSE provider.

  • Support for TLS v1.0 and v1.1 is deprecated.

  • WebLogic Server supports TLS v1.3 only with JDK 8 Update 261 (JDK 8u261) or later. If you are running an earlier JDK version, then TLS v1.3 may not be available.

  • WebLogic Server Web Server plug-ins currently support TLS v1.2 communication between Web Servers and WebLogic Server back ends. Customers who want to enable TLS v1.3 support through a load balancer to WebLogic Server back ends should evaluate load balancer alternatives such as hardware load balancers, or software load balancers such as NGINX.

  • When FIPS support is enabled, the RSA libraries support TLS v1.2.

See Specifying the SSL/TLS Protocol Version in Administering Security for Oracle WebLogic Server.

Support for weblogic-jwt-token

The WebLogic Identity Assertion and WebLogic Credential mapping providers have been enhanced to include support for the JSON web token, weblogic-jwt-token. This token type, which is configured by default in these security providers, is used internally for propagating identity among web applications in the domain.

SAML 2.0 Implementation Updates

The SAML 2.0 implementation includes the following updates in this release:

  • Use of the SHA2 signature algorithm as the default for signing SAML requests and responses. In previous releases, the SAML 2.0 implementation used the SHA1 signature algorithm to sign SAML requests and responses. If required for backward compatibility, you can use the SHA1 signature algorithm by setting the Java system property com.bea.common.security.saml2.useSHA1SigAlgorithm to true. To do so, specify the following option in the Java command that starts WebLogic Server:

    -Dcom.bea.common.security.saml2.useSHA1SigAlgorithm=true

  • By default, certificates that are expired or not yet valid are no longer used in SAML signing. To allow use of these certificates, set the Java system property com.bea.common.security.saml2.allowExpiredCerts to true. For example, specify the following option in the Java command that starts WebLogic Server:

    -Dcom.bea.common.security.saml2.allowExpiredCerts=true

JEP 290 Utilization
To improve security, WebLogic Server uses the JDK JEP 290 mechanism to filter incoming serialized Java objects and limit the classes that can be deserialized. Although it is a useful feature, serialization in Java can also be used to inject malicious code using serialized Java objects that can cause Denial of Service (DoS) or Remote Code Execution (RCE) attacks during deserialization. 

WebLogic Server uses the JDK JEP 290 mechanism to protect against these malicious attacks as follows:

  • Implements a WebLogic Server-specific object input filter to enforce a blocklist of prohibited classes and packages for input streams used by WebLogic Server. The filter also enforces a default value for the maximum depth of a deserialized object tree. In WebLogic Server 12.2.1.4.0 and later, the scope of the default filter is set to global and a system property, weblogic.oif.serialFilterLogging, has been added that you can use to log the contents of the current default filter.

  • Provides system properties that you can use to add or remove classes and packages from the default filter to blocklist or allowlist particular classes. You can also use the system properties to filter deserialized classes based on the nesting depth of the deserialized object, the number of internal references in the deserialized object, the size of object arrays, and/or the maximum size in bytes of a deserialized object.

See Configuring a Custom JEP 290 Deserialization Filter in Administering Security for Oracle WebLogic Server

AES 256-Bit Encryption Used in New Domains

As of Oracle WebLogic Server 12.2.1.4.0, WebLogic Server uses AES 256–bit encryption to protect sensitive configuration and runtime values. Only new domains created in this release and later use AES 256–bit encryption.

Domains created with earlier releases of WebLogic Server use AES 128–bit encryption. The encryption level of a domain cannot be upgraded. If you upgrade a domain to 12.2.1.4.0 or later, then the encryption level remains at AES 128-bit.

Note:

All server and Node Manager instances in a domain must be at the same encryption level. If you require AES 256-bit encryption, you cannot use an upgraded domain and must create a new 12.2.1.4.0 domain.
Signing and Encryption Support for SAML 2.0 Assertions

This release of WebLogic Server supports the following new features for SAML encryption and signing:

  • In previous releases, WebLogic Server did not require SAML assertions to be signed by default. If the signature section was omitted from a SAML response, then no signature verification was performed. This behavior could be used to bypass authentication and gain access as an arbitrary user. In WebLogic Server 12.2.1.4.0, the default setting is changed to accept only signed assertions. In the WebLogic Server Administration Console, the Only accept signed assertions setting on the SAML 2.0 Service Provider configuration page is now selected by default.

  • In this release, WebLogic Server supports encrypted SAML assertions for SAML 2.0. To implement confidentiality of individuals or organizations, the following new encryption attributes have been added to the SingleSignOnServicesMBean. You can configure these attributes using the WebLogic Server Administration Console or WLST:
    • AssertionEncryptionEnabled
    • KeyEncryptionAlgorithm
    • DataEncryptionAlgorithm
    • MetadataEncryptionAlgorithms
    • AssertionEncryptionDecryptionKeyAlias
    • AssertionEncryptionDecryptionKeyPassPhrase
    • AssertionEncryptionDecryptionKeyPassPhraseEncrypted

See Configuring SAML 2.0 Services in Administering Security for Oracle WebLogic Server.

Logging Enhancements

In this release of WebLogic Server, the WebLogic logging services include the following changes:

  • Partition scope logging — The logs for several WebLogic Server components, such as partition scope JMS, SAF, and servlet resources, are kept in partition-specific log files. The logs for server and domain scope resources, such as the server scope HTTP access log, the Harvester component, the Instrumentation component, and also the server and domain logs, can be tagged with partition-specific information to enable logging that is performed on behalf of a partition to be identified and made available to partition users.

    See Monitoring and Debugging Partitions in Using Oracle WebLogic Server Multitenant.

    Note:

    To revert the format of generated log messages to that they are compatible with the format used in versions of WebLogic Server prior to 12.2.1, you can enable the DomainMBean.LogFormatCompatibilityEnabled attribute. See Log File Format Compatibility with Previous WebLogic Server Versions in Configuring Log Files and Filtering Log Messages for Oracle WebLogic Server.

  • Monitoring for excessive logging — When enabled, the logging service monitors the domain for excessive rates of logging and, when present, suppresses messages that are being generated repeatedly.

    See Preventing Excessive Logging in Configuring Log Files and Filtering Log Messages for Oracle WebLogic Server.

  • Server log rotation behavior — In WebLogic Server 12.2.1.3.0, the logging behavior has changed for WebLogic Server instances that are started using Node Manager. In previous releases, Node Manager always rotated the server log file when the server was restarted. As of 12.2.1.3.0, the log file rotation on the startup of a Managed Server instance can be configured using the RotateLogOnStartup attribute on that server’s LogMBean. The default value of the RotateLogOnStartup attribute is true development mode, and false in production mode. Note that the behavior of other log file rotation parameters that are specified in the LogMBean for the Managed Server instance, such as size and time, are unaffected. However, the value of the RotateLogOnStartup setting is now honored by Node Manager.

WebLogic Diagnostic Framework

In this release of WebLogic Server, the WebLogic Diagnostic Framework (WLDF) includes the following changes:

  • The terms watch and notification are replaced by policy and action, respectively. However, the definition of these terms has not changed.

  • Four new action types are introduced as part of the Policy and Action component of WLDF. Actions are triggered when a policy expression evaluates to true. In addition to JMX notification actions, JMS message actions, SMTP (e-mail) actions, SNMP trap actions, and diagnostic image actions, WebLogic Server now supports the following new action types:

    • Elastic actions — scale a dynamic cluster up or down

    • REST notification — sends a notification to a REST endpoint

    • Script — executes an external command line script

    • Log — sends a custom message to the server log

    • Heap dump — captures heap dumps when certain runtime conditions are met (added in 12.2.1.1.0)

    • Thread dump — capture thread dumps when certain runtime conditions are met (added in 12.2.1.1.0)

    In addition, WLDF enhances the SMTP action to allow you to send custom subject and body elements in an email message.

    See Configuring Actions in Configuring and Using the Diagnostics Framework for Oracle WebLogic Server.

  • This release of WebLogic Server introduces dynamic debug patches. Dynamic debug patches allow you to capture diagnostic information using a patch that is activated and deactivated without requiring a server restart. Dynamic debug patching requires target WebLogic Server instances to be started with the WLDF instrumentation agent. See Using Debug Patches in Configuring and Using the Diagnostics Framework for Oracle WebLogic Server.

  • This release of WebLogic Server introduces smart rules. Smart rules are prepackaged policy expressions with a set of configurable parameters that allow the end user to create a complex policy expression just by specifying the values for these configurable parameters. See Configuring Smart Rule Based Policies in Configuring and Using the Diagnostics Framework for Oracle WebLogic Server.

  • When you initiate a diagnostic image capture, the images produced by the different server subsystems are captured and combined into a single .zip file. In previous releases of WebLogic Server, the components of a diagnostics image capture file all used the .img extension even though these files are all in text format and can be viewed in a text editor. As of WebLogic Server 12.2.1, the file extensions have been updated to either .txt or .xml to clarify that these are text files.

    See Data Included in the Diagnostics Image Capture File in Configuring and Using the Diagnostics Framework for Oracle WebLogic Server.

  • The Java Expression Language (EL) is now supported as the recommended language to use in policy expressions. The WLDF query language is deprecated.

  • The WLDFScheduleBean is now available for policies that are configured with the Harvester rule type and the Java EL expression language. These policies, called scheduled policies, use the WLDFScheduleBean for scheduling all metric collection. Even though these policies are configured as Harvester rule types, they do not use the Harvester for metric collection or for scheduling.

  • The following enhancements have been made to WLDF integration with Java Flight Recorder:
    • Improvements to execution context ID (ECID) tracing and correlation in servlet JFR events and SOAP JFR events

    • Support for relationship ID (RID) tracing, including within standalone WebLogic Server environments

    • Support for log level propagation in the diagnostic context within standalone WebLogic Server

    See Using WLDF with Java Flight Recorder.

  • WLST command changes, described in WLST.

WebLogic Server Development and Supplemental Distribution

As of WebLogic Server 12.2.1, the WebLogic Server Development and Supplemental distributions are available as JAR files and are installed using the java command. The installation uses the Oracle Universal Installer (OUI) and is automatically done in silent mode; you only need to specify the ORACLE_HOME location for the installation.

Zero Downtime Patching

WebLogic Zero Downtime Patching (ZDT Patching) automates the rollout of out-of-place patching or updates across a domain while allowing your applications to continue servicing requests. To use ZDT Patching, you create a workflow that orchestrates how updates are rolled out, and then you execute the workflow using use either WLST or the WebLogic Server Administration Console.

ZDT Patching supports the following workflow types:

Feature Description

Move servers to a patched Oracle Home

Transitions the Administration Server or clusters, or both, to another Oracle Home that has already been patched using OPatch.

Update to a new Java version

Updates the Administration Server or clusters, or both, to use a newly installed Java Home.

Deploy updated applications

Deploys updated applications to the selected clusters.

Perform a rolling restart of servers

Sequentially and safely restarts the Administration Server or servers in the selected clusters, or both, including graceful shutdown and restart.

For a comprehensive overview of ZDT patching, see Introduction to Zero Downtime Patching in Administering Zero Downtime Patching Workflows.

In Oracle WebLogic Server 12.2.1.1.0, ZDT Patching is enhanced to provide support for the following additional features:

  • Starting the Administration Server without a dependency on Node Manager— In the previous release, for the rollout to be successful, the Administration Server had to be started using Node Manager. This restriction is now removed. See Starting the Administration Server in Administering Zero Downtime Patching Workflows.

  • To support multitenancy and partitions, the following new features have been introduced:

    • Rolling restart of partitions—ZDT Patching allows WebLogic Server administrators and partition administrators to perform the rolling restart of partitions. See Initiating a Rolling Restart of Servers or Partitions in Administering Zero Downtime Patching Workflows

    • Rolling out application updates to partitions and resource groups—ZDT Patching now provides application rollout capabilities to both partitions and resource groups. See Rolling Out Updated Applications: Overview in Administering Zero Downtime Patching Workflows.

In Oracle WebLogic Server 12.2.1.3.0, ZDT Patching is enhanced to provide support for custom hooks. ZDT custom hooks provide a flexible mechanism for modifying the patching workflow by executing additional scripts at specific extension points in the patching rollout. This functionality can be used by administrators and application developers for a variety of purposes, including the following:

  • To modify Java properties files while the servers are down. For example, changing security settings in the Java home directory.

  • To perform additional backup operations on each node

  • To run any script on cloud servers while upgrading services

  • To include any operation that is specific to a particular type of rollout but that is not appropriate to include in the base patching workflow

For complete details about using custom hooks in ZDT Patching workflows, see Modifying Workflows Using Custom Hooks in Administering Zero Downtime Patching Workflows.

Applied Patch List

Oracle WebLogic Server 12.2.1.3.0 introduces the ability to obtain the list of patches that have been applied to a WebLogic Server instance. The applied patch list is available by accessing either the weblogic.log.DisplayPatchInfo system property or the ServerRuntimeMBean.PatchList attribute, as follows:

  • You can access the weblogic.log.DisplayPatchInfo system property at system startup by specifying the -Dweblogic.log.DisplayPatchInfo=true option, or by running the weblogic.version utility.

  • You can access the ServerRuntimeMBean.PatchList attribute using WLST, REST, the WebLogic Server Administration Console, or JMX.

See Obtaining a List of Applied Patches in Upgrading Oracle WebLogic Server.

WLST

This section describes new WLST commands for WebLogic Server and changes to existing WLST commands in this release of WebLogic Server.

New Domain Commands

The following WLST commands related to domain creation and domain extension are added in this release of WebLogic Server :

  • setTopologyProfile—Sets the topology profile at domain creation to either Compact or Expanded.

  • selectTemplate—Selects an existing domain or extension template for creating or extending a domain.

  • selectCustomTemplate—Selects an existing custom domain or extension template for creating or extending a domain.

  • loadTemplates—Loads all templates that were selected using the selectTemplate or selectCustomTemplate commands.

  • readTemplateForUpdate—Opens an existing domain template for template update.

  • unselectTemplate—Deselects a currently selected template.

  • unselectCustomTemplate—Deselects a currently selected custom template.

  • showTemplates—Displays all currently selected and loaded templates.

  • showAvailableTemplates—Displays all currently selected templates for loading.

New Diagnostic Commands

The following diagnostics commands were added in this release of WebLogic Server:

In addition, a new optional parameter, last, is available to the following commands:

  • exportDiagnosticData

  • exportDiagnosticDataFromServer

  • exportHarvestedTimeSeriesData

  • exportHarvestedTimeSeriesDataOffline

The last option allows you to specify the timestamp range specification for the last n records. When specified, the beginTimestamp and endTimestamp options are ignored. The format is XXd YYh ZZm. For example, 1d 5h 30m specifies data that is one day, five hours and 30 minutes old. You can specify any combination of day, hour, and minute components in any order.

New Node Manager Commands

The following Node Manager WLST commands were added in this release of WebLogic Server:

  • nmrestart—Restarts the Node Manager instance.

  • nmExecScript—Executes the named script using the connected Node Manager.

New Edit Session Commands

The following WLST edit session management commands were added in this release of WebLogic Server:

  • createEditSession—Creates a new WLST edit session.

  • showEditSession—Displays information about the specified edit sessions.

  • destroyEditSession —Removes an open edit session.

  • edit(editSessionName)—Creates a new edit session with the specified name or navigates to an existing edit session with the specified name.

  • resolve—Detects any external modifications and conflicts, and resolves them.

New System Component Commands

The following system component WLST commands were added in this release of WebLogic Server:

  • resync—Resynchronizes configuration files for a system component.

  • resyncAll—Resynchronizes configuration files for all system components.

  • showComponentChanges—Displays changes to a system component's configuration files on a remote node.

  • pullComponentChanges—Removes changes to a system component's configuration files on a remote node.

  • enableOverWriteComponentChanges—Forces changes to all system components during activation.

Other New Commands

Other WLST commands that were added in this release of WebLogic Server are:

  • setShowLSResult—Specifies whether the ls() command should log its output to standard output.

  • scaleUp—Increases the number of running dynamic servers in the specified dynamic cluster.

  • scaleDown—Decreases the number of running dynamic servers in the specified dynamic cluster.

Modifications to Existing Commands

The following modifications were made to existing WLST commands in this release of WebLogic Server.

  • The format argument has been added to the exportDiagnosticData and exportDiagnosticDataFromServer commands. Use this argument to specify the format in which data is exported.

  • The last argument has been added to the exportDiagnosticData, exportDiagnosticDataFromServer, exportHarvestedTimeSeriesData, and exportHarvestedTimeSeriesDataOffline commands. This argument is a timestamp range specification for the last n seconds.

  • The Server argument has been added to the getAvailableCapturedImages command. Use this argument to specify the server from which to obtain a list of available images.

  • The waitForAllSessions argument has been added to the shutdown command. Use this argument to specify whether WLST should wait for all HTTP sessions to complete while shutting down.

  • The following arguments were added to the startNodeManager command:

    • block—Specifies whether WLST should block until it successfully connects to Node Manager or fails to connect within the specified timeout.

    • nmConnectOptions—When block is true, use this argument to specify a list of Node Manager connection options.

    • timeout—The number of milliseconds to wait for Node Manager to connect.

idd Variable and Argument

The idd variable has been added to WLST. This WLST variable is the Identity Domain of the user who is currently connected to WLST.

In addition, the idd argument has been added to the connect command to specify the Identity Domain of the user who is connecting.

Resource Consumption Management

Note:

Resource Consumption Management is deprecated in WebLogic Server 12.2.1.4.0 and will be removed in the next release.

Resource Consumption Management allows WebLogic system administrators to specify resource consumption management policies (such as constraints, recourse actions, and notifications) on JDK-managed resources such as CPU, Heap, File, and Network. See Configuring Resource Consumption Management in Using Oracle WebLogic Server Multitenant.

A configurable, partition auto-restart trigger action has been added that restarts the partition on the server instance on which the partition's resource consumption quotas have been breached. See Triggers in Using Oracle WebLogic Server Multitenant.

SNMPv3 Default Protocol

By default, Simple Network Management Protocol (SNMP) is disabled in WebLogic Server. In WebLogic Server 12.2.1.4.0 and later, when you enable SNMP, the SNMPv3 protocol is enabled by default. The use of SNMPv1 and v2 protocols is deprecated in this release of WebLogic Server.

Because SNMPv1 and SNMPv2 use clear text passwords, they are not secure and can cause certain potential security problems to occur on the SNMP service, including unauthorized access and Denial of Service attacks. Oracle strongly recommends using the SNMPv3 protocol instead. If configuration attributes enable the use of the SNMPv1 and v2 protocols, WebLogic Server logs a deprecated warning at startup.

See Security for SNMP in Monitoring Oracle WebLogic Server with SNMP.

Continuous Availability

Oracle WebLogic Server Continuous Availability provides an integrated solution for building maximum availability architectures (MAA) that span data centers across distributed geographical locations. Integrated components include Oracle WebLogic Server, Oracle Coherence, Oracle Traffic Director, Oracle SiteGuard, and Oracle Database. The major benefits of this integrated solution are faster failover or switchover, increased overall application availability, data integrity, reduced human error and risk, recovery of work, and local access of real-time data.

Note:

Automated cross-site XA transaction recovery and WebLogic Server Multitenant domain partitions and resource groups are deprecated in WebLogic Server 12.2.1.4.0 and will be removed in the next release.

The key features in Continuous Availability include:

  • Automated cross-site XA transaction recovery— Provides automatic recovery of XA transactions across an entire domain, or across an entire site with servers running in a different domain or at a different site.

  • Zero Downtime Patching—Provides an automated mechanism to orchestrate the rollout of patches while avoiding downtime or loss of sessions.

  • WebLogic Server Multitenant live resource group migration— Provides the ability to migrate partition resource groups that are running from one cluster/server to another within a domain without impacting the application users.

  • Coherence federated caching—Replicates cache data asynchronously across multiple geographically distributed clusters.

  • Coherence GoldenGate HotCache—Detects and reflects database changes in cache in real time.

  • Oracle Traffic Director—Routes HTTP, HTTPS, and TCP traffic to application servers and web servers on the network.

  • Oracle Site Guard—Enables administrators to automate complete site switchover or failover.

For more information about the features in Continuous Availability and the supported MAA architectures, see What is Continuous Availability? in Continuous Availability for Oracle WebLogic Server.

Documentation Update History

The update history of the Oracle WebLogic Server documentation library summarizes the updates that have been made to various user and reference guides, as well as online help, since the initial release of version 12c (12.2.1).

The following table summarizes updates made to the Oracle WebLogic Server documentation library since its initial 12.2.1.0.0 release:

Date Description of Updates

June 21, 2016

Patch Set 1 (12.2.1.1.0) is generally available.

October 19, 2016

Patch Set 2 (12.2.1.2.0) is generally available.

January 30, 2017

  • Due to the removal of the wlx startup option, as explained in Startup Option for Lighter-Weight Runtime, the following topics have been removed from the WebLogic Server 12.2.1 documentation:

    • Using the weblogic.Server Command Line to Limit the WebLogic Server Run-Time Footprint, in Command Reference for Oracle WebLogic Server

    • Limiting Run-Time Footprint When Starting WebLogic Server, in Administering Server Startup and Shutdown for Oracle WebLogic Server

  • In Deploying Applications to Oracle WebLogic Server, the section Enabling Parallel Deployment for Applications and Modules was updated to clarify the circumstances in which parallel deployment is either enabled or disabled.

    The section Parallel Deployment has been added to Upgrading Oracle WebLogic Server to explain this behavior.

  • In Developing Web Applications, Servlets, and JSPs for Oracle WebLogic Server, the information about the <session-descriptor> element of the weblogic.xml deployment descriptor has been updated to describe the new <auth-cookie-id-length> subelement, which defines the length of the secure cookie, _WL_AUTHCOOKIE_JSESSIONID.

August 23, 2017

Patch Set 3 (12.2.1.3.0) is generally available. Library changes include:

October 6, 2017

The topic Obtaining a List of Applied Patches was added to Upgrading Oracle WebLogic Server.

April 17, 2018

August 31, 2018 Added the topic Configuring a Custom JEP 290 Deserialization Filter to Administering Security for Oracle WebLogic Server
September 27, 2019 Patch Set 4 (12.2.1.4.0) is generally available. Library changes include:
  • The topic Configuration Overriding has replaced Temporary Configuration Overriding in Understanding Domain Configuration for Oracle WebLogic Server.

  • The topic Using JMS 2.0 Asynchronous Message Sends has been added to Tuning Performance of Oracle WebLogic Server.

  • Updated the following topics in Administering Security for Oracle WebLogic Server:

  • Added the following new topics in Administering Security for Oracle WebLogic Server:

  • Updated the following topics to describe the deprecation of SNMPv1 and v2 protocols, and the change to SNMPv3 as the default behavior:

  • Updated the topic ValidateCertChain in Command Reference for Oracle WebLogic Server to indicate that the file-based certificate chain options are deprecated.

  • Updated the following topics in Tuning Performance of Oracle WebLogic Server:

  • Updated the chapter Ensuring the Security of Your Production Environment in Securing a Production Environment for Oracle WebLogic Server to include the following security recommendations for reducing the attack surface on WebLogic Server development and production environments:
    • Using network channels and connection filters to isolate incoming and outgoing application traffic
    • Limiting protocol for external channels
    • Running different protocols on different ports
    • Disabling tunneling on channels that are available external to the firewall
    • Preventing unauthorized access to your WebLogic Server resources such as JDBC, JMS or EJB resources.

April, 2020

Added new guide Running Oracle WebLogic Server and Coherence on GraalVM Enterprise Edition.

May, 2020

Added a new topic, Default Users, to Securing Resources Using Roles and Policies for Oracle WebLogic Server.

October 2020

December 2020

April 2021 Updated the following documents for changes introduced in the April 2021 Patch Set Update (PSU):
July 2021 Updated the following documents for changes introduced in the July 2021 Patch Set Update (PSU):
September 2021
  • Updated Introduction topic in Upgrading Oracle WebLogic Server to clarify the use of Reconfiguration Wizard during upgrade process.
  • Updated Request Classes topic in Administering Server Environments for Oracle WebLogic Server to explain how time constrains affects work managers.
October 2021
  • Updated the following topics in Administering Security for Oracle WebLogic Server:
    • October 2021 Patch Set Update (PSU) - Updated Using JEP 290 in Oracle WebLogic Server to include support for allowlists and how to create and use them. Includes support for using allowlists in the WebLogic Server Administration Console.
    • Updated the topic Configuring the RDBMS Security Store to clarify the procedure for creating a domain and using WLST offline to create the RDBMS security store.
  • Updated the following topic in Securing a Production Environment for Oracle WebLogic Server
    • October 2021 Patch Set Update (PSU) - Updated Review Potential Security Issues to describe how to access more resolution information regarding security warnings in the WebLogic Server Administration Console.
April 2022
July 2023

Added a new guide Integrating Oracle WebLogic Server with Helidon.

October 2023
  • Added the new topic, Configure SAML Single Logout, to Administering Security for Oracle WebLogic Server to describe new SAML Single Logout enhancement.
  • Added the new topic, Configuring SAML Single Sign-On, to Understanding the WebLogic Scripting Tool to describe process to configure SAML Single Sign-On using WLST offline.

Standards Support, Supported Configurations, and WebLogic Server Compatibility

Oracle WebLogic Server 12c (12.2.1) provides Java EE 7 full platform support, Java SE 8 certification, support for web services standards, support on multiple operating system and JVM platforms, and support for several security standards such as X.509 v3 and SSL v3.

The following sections describe WebLogic Server standards support, supported system configuration, WebLogic Server compatibility, and WebLogic Server Installation Support on ARM-Based Oracle Cloud Infrastructure Ampere A1 (ARM OCI) Compute Instances:

Standards Support

WebLogic Server 12c (12.2.1) supports the following standards and versions:

Java Standards

Table 2-1 lists currently supported Java standards.

Note:

See WebLogic Server Security Standards in Administering Security for Oracle WebLogic Server for the currently supported security standards, such as JAAS, JASPIC, JACC, JCE, and so forth.

Table 2-1 Java Standards Support

Standard Version

Batch Application Processing (JSR 352)

1.0

Contexts and Dependency Injection for Java EE

1.1

Dependency Injection for Java EE

1.0

Concurrent Managed Objects (JSR 236)

1.0

Expression Language (EL)

3.0, 2.2, 2.1, 2.0

Only JSP 2.0 and greater supports Expression Language 2.x.

Java API for JSON Processing (JSR-353)

1.0

Java API for XML-Based Web Services (JAX-WS)

2.2, 2.1, 2.0

Java API for RESTful Web Services (JAX-RS)

2.0

Java API for WebSocket

1.1

JavaBeans Activation Framework

1.1

Java EE

7.0

Java EE Application Deployment

1.2

Java EE Bean Validation

1.1

Java EE Common Annotations

1.2

Java EE Connector Architecture

1.7

Java EE EJB

3.2, 3.1, 3.0, 2.1, 2.0, and 1.1

Java EE Enterprise Web Services

1.3, 1.2, 1.1

Java EE Interceptors

1.2

Java EE JDBC

4.0, 3.0

Java EE JMS

2.0, 1.1, 1.0.2b

Java EE JNDI

1.2

Java EE JSF

2.2, 2.1.*, 2.0, 1.2, 1.1

Java EE JSP

2.3, 2.2, 2.1, 2.0, 1.2, and 1.1

JSP 1.2. and 1.1 include Expression Language (EL), but do not support EL 2.x or greater.

Java EE Managed Beans

1.0

Java EE Servlet

3.1, 3.0, 2.5, 2.4, 2.3, and 2.2

Java RMI

1.0

JavaMail

1.5

Java Transaction API

1.2

JAX-B

2.2, 2.1, 2.0

JAX-P

1.3, 1.2, 1.1

JAX-R

1.0

JAX-RPC

1.1

JDKs

8.0 (8.0 and 7.0 for clients)

See JDK 8 and Server JRE 8 Certification for details.

JMX

1.4

JPA

2.1, 2.0., 1.0

JSR 77: Java EE Management

1.1

JSTL

1.2

Managed Beans

1.0

OTS/JTA

OTS 1.2 and JTA 1.2

RMI/IIOP

1.0

SOAP Attachments for Java (SAAJ)

1.3, 1.2

Streaming API for XML (StAX)

1.0

Web Services Metadata for the Java Platform

2.0, 1.1

Web Services Standards

For the current list of standards supported for WebLogic web services, see Features and Standards Supported by WebLogic Web Services in Understanding WebLogic Web Services for Oracle WebLogic Server.

Other Standards

Table 2-2 lists other standards that are supported in WebLogic Server 12c (12.2.1).

Note:

See WebLogic Server Security Standards in Administering Security for Oracle WebLogic Server for additional information on standards relating to security, such as SSL, TLS, and XACML, and so forth.

Table 2-2 Other Standards

Standard Version

X.509

v3

LDAP

v3

TLS

v1.1, v1.2

HTTP

1.1

SNMP

SNMPv1, SNMPv2, SNMPv3

xTensible Access Control Markup Language (XACML)

2.0

Partial implementation of Core and Hierarchical Role Based Access Control (RABC) Profile of XACML

2.0

Internet Protocol (IP)

Versions:

  • v6

  • v4

For more information about IPv6 support for all Fusion Middleware products, see the Oracle Fusion Middleware Supported System Configurations page on Oracle Technology Network.

Supported Configurations

For the most current information on supported configurations, see the Oracle Fusion Middleware Supported System Configurations page on Oracle Technology Network.

Please note the following restrictions and advice when running Oracle WebLogic Server 12c (12.2.1), and Oracle WebLogic Server 12c (12.2.1) applications, on Java SE 8:

  • Oracle WebLogic Server 12c (12.2.1) does not support applications using the new Java SE 8 fork/join and parallel streams features. Avoid these features when building Oracle WebLogic Server 12c (12.2.1) applications using Java SE 8. The reason for this restriction is that the threads used by the fork/join thread pool will not be WebLogic Server managed threads. Any of the work performed in these threads may not be able to make use of WebLogic Server or Java EE facilities because the state of these threads, including security and transaction state, may not be created properly. Further, these threads will not be controlled by WebLogic Server Work Manager thread management facilities, possibly resulting in excessive thread usage.

  • Check all third party vendor software you are using for Java SE 8 compatibility. It may be necessary to upgrade to a later version of the software that correctly handles Java SE 8 classes, and some software may not yet be compatible. For example, the current version of the open source tool "jarjar" does not work correctly with Java SE 8 yet.

  • Java SE 8 has new APIs for JDBC 4.2 that are supported for versions of WebLogic Server 12.1.3 and later that are running on Java SE 8 with a JDBC driver that supports JDBC 4.2. However, although the Oracle JDBC thin driver bundled with WebLogic Server is certified on Java SE 8, the Oracle JDBC thin driver does not support JDBC 4.2. The Derby 10.10 driver that is shipped with Oracle WebLogic Server as of release 12c (12.2.1) has been tested with JDBC 4.2 and may be used. The corresponding Derby documentation is available at http://db.apache.org/derby/docs/10.10/ref/rrefjdbc4_2summary.html.

  • When running using SSL connections with JCE on JDK 8, it may be necessary to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8. You can download the JCE Unlimited Strength Jurisdiction Policy Files for JDK 8 at http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html.

Licensing Information

For the most current information on Oracle Fusion Middleware Licensing, see Licensing Information User Manual.

WebLogic Server Compatibility

For the most current information on compatibility between the current version of WebLogic Server and previous releases, see WebLogic Server Compatibility in Understanding Oracle WebLogic Server.

Database Interoperability

The certification matrices and My Oracle Support Certifications define the following terms to differentiate between types of database support:

Application Data Access

Application Data Access refers to those applications that use the database for data access only and do not take advantage of WebLogic Server features that are Database dependant. WebLogic Server support of databases used for application data access only are less restrictive than for database dependent features.

WebLogic Server provides support for application data access to databases using JDBC drivers that meet the following requirements:

  • The driver must be thread safe.

  • The driver must implement standard JDBC transactional calls, such as setAutoCommit() and setTransactionIsolation(), when used in transactional aware environments.

Note the following restrictions:

  • JDBC drivers that do not implement serializable or remote interfaces cannot pass objects to an RMI client application.

  • Simultaneous use of automatic database connection failover and load balancing and global transactions (XA) with a highly-available (HA) DBMS architecture is supported with Oracle DB RAC only, and only for the Oracle DB RAC versions indicated on the System worksheet. These HA capabilities are only supported by Active GridLink for RAC and Multi Data Sources with RAC. These HA capabilities are not supported on other Oracle DB RAC versions or with other HA DBMS technologies on other non-Oracle DB products. Multi Data Sources are supported on other Oracle DB versions, and with non-Oracle DB technologies, but not with simultaneous use of automatic failover and load balancing and global transactions.

  • Application data access to databases meeting the restrictions articulated above is supported on other Oracle DB versions, in addition to those documented in the certification matrix.

  • WebLogic Type 4 JDBC drivers also support the following databases. For these databases, WebLogic Server supports application data access only, and does not support WebLogic Server database dependent features:

    • DB2 for z/OS 10.1

    • Informix 11.7+

Database Dependent Features

When WebLogic Server features use a database for internal data storage, database support is more restrictive than for application data access. The following WebLogic Server features require internal data storage:

  • Container Managed Persistence (CMP)

  • Rowsets

  • JMS/JDBC Persistence and use of a WebLogic JDBC Store

  • JDBC Session Persistence

  • RDBMS Security Providers

  • Database Leasing (for singleton services and server migration)

  • JTA Logging Last Resource optimization

  • JDBC TLog

WebLogic Server Installation Support on ARM-Based Oracle Cloud Infrastructure Ampere A1 (ARM OCI) Compute Instances

WebLogic Server 12c (12.2.1.4.0) is supported on ARM OCI Compute instances. See Oracle Fusion Middleware Supported System Configurations for more details.

Installation of WebLogic Server 12c (12.2.1.4) on ARM OCI Compute instances requires specific WebLogic Server installers.

For development purposes, you can download and install the fmw_12.2.1.4.0_wls_lite_generic_ARM_OCI.jar or fmw_12.2.1.4.0_wls_lite_quick_slim_generic_ARM_OCI.jar file from the Oracle Fusion Middleware Software Downloads page at https://www.oracle.com/middleware/technologies/weblogic-server-downloads.html.

For production purposes, you can download the same installer from Oracle Software Delivery Cloud (OSDC) at https://edelivery.oracle.com/osdc/faces/Home.jspx.

For more details about the standard WebLogic Server installation procedures, see Installing and Configuring Oracle WebLogic Server and Coherence.

WebLogic Server and Helidon Integration

The integration capabilities between Oracle WebLogic Server and the Helidon microservices framework simplify application modernization with microservices, by allowing WebLogic-hosted applications to communicate and interoperate with Helidon-based microservices over different protocols.

With this integration, WebLogic and Helidon -based components can communicate and interoperate in the following ways:

  • Bidirectional REST calls between WebLogic Server and Helidon.
  • JMS message consumption and production by Helidon using WebLogic as the JMS provider.
  • SOAP web service calls from Helidon to WebLogic Server Web Services.
  • Single sign-on (SSO) between WebLogic Server and Helidon using Oracle Identity Cloud Service (IDCS).

For more information about this integration, see Integrating Oracle WebLogic Server with Helidon.

Deprecated Functionality (Oracle WebLogic Server 12c 12.2.1.x)

The following functionality and components are deprecated in WebLogic Server 12c (12.2.1.x):

OPatchAuto

OPatchAutoFMW is deprecated as of WebLogic Server 12.2.1.4.0.

OPatchAutoFMW (installed in OPatch/auto/fmw directory) is deprecated and is automatically removed when you update to OPatch 13.9.4.2.2 or later. Zero Downtime Patching continues to be supported, see the Zero Downtime Patching documentation.

WebLogic jCOM

WebLogic jCOM is deprecated as of WebLogic Server 12.2.1.4.0.

jCOM has been provided as a migration path for interim solutions that require Java-to-COM integration. Oracle believes that web services and REST are the preferred way to communicate with Microsoft applications. Oracle recommends that you migrate legacy COM applications to .NET in order to use this type of communication.

Oracle Traffic Director (OTD)

As of 12.2.1.4.0, Oracle Traffic Director is deprecated.

In the future, for equivalent functionality, use Oracle HTTP Server, Microsoft IIS Web Server, or Apache HTTP Server plug-ins, or a native Kubernetes load balancer, such as Traefik.

Deprecated WebLogic Server Multitenant Functionality and Resource Consumption Management

WebLogic Server Multitenant domain partitions, resource groups, resource group templates, virtual targets, resource override configuration MBeans, Resource Consumption Management, and proxy data sources are deprecated in WebLogic Server 12.2.1.4.0 and will be removed in the next release.

WebLogic Server Multitenant domain partitions enable the configuration of a portion of a WebLogic domain that is dedicated to running application instances and related resources. Oracle recommends that customers using domain partitions as a container dedicated to specific applications and resources consider the use of alternative container-based architectures, including the deployment of WebLogic applications and services in Docker containers running in Kubernetes clusters. For more information, see Running Oracle WebLogic Server on Docker and WebLogic Server Kubernetes Operator.

Automated Cross-Site XA Transaction Recovery Deprecated

Active-Active XA Transaction Recovery (automated cross-site XA transaction recovery) is deprecated in WebLogic Server 12.2.1.4.0 and will be removed in the next release. For more information on XA transaction recovery solutions, see Understanding XA Transaction Recovery in Disaster Recovery.

Simple Network Management Protocol (SNMP) v1 and v2

The following configuration attributes are deprecated as of Oracle WebLogic Server 12.2.1.4.0:

  • CommunityPrefix in SNMPAgentMBean
  • CommunityBasedAccessEnabled in SNMPAgentMBean
  • Community in SNMPTrapDestinationMBean

ValidateCertChain Java Utility File-based Certificate Chains

The following file-based options of the ValidateCertChain utility are deprecated as of Oracle WebLogic Server 12.2.1.4.0:

  • java utils.ValidateCertChain -file pemcertificatefilename
  • java utils.ValidateCertChain -pem pemcertificatefilename
  • java utils.ValidateCertChain -pkcs12file pkcs12filename password

Oracle recommends that you use the -pkcs12store or the -jks keystore options instead.

SecurityConfigurationMBean.AnonymousAdminLookupEnabled Attribute

The AnonymousAdminLookupEnabled attribute on the SecurityConfigurationMBean is deprecated as of Oracle WebLogic Server 12.2.1.

ServerTemplateMBean.DefaultTGIOPUser Attribute

The DefaultTGIOPUser attribute on the ServerTemplateMBean is deprecated as of Oracle WebLogic Server 12.2.1.3.0.

WebLogic Full and Standard Clients

The following WebLogic clients are deprecated:

  • The WebLogic full client, wlfullclient.jar, is deprecated as of Oracle WebLogic Server 12.1.3. Oracle recommends using T3 client or Install client instead of WebLogic full client.

  • The WebLogic Server-IIOP client is deprecated as of WebLogic Server 12.1.3 because of its dependency on the wlfullclient.jar and it will be removed in a future release. Oracle recommends using T3 clients instead of IIOP clients.

  • The standard client, wlclient.jar, and the following clients that depend on it, are deprecated as of Oracle WebLogic Server 12.2.1.2.0:

    • The JMS client, wljmsclient.jar

    • The JMS SAF client, wlsafclient.jar

See Clients and Features in Developing Standalone Clients for Oracle WebLogic Server.

Log4j

The use of Log4j with the WebLogic logging service, as an alternative to Java logging, is deprecated as of WebLogic Server 12.1.3. Note that Log4j 2 and later is not supported in WebLogic Server.

LogMBean.ServerLoggingBridgeUserParentLoggersEnabled Attribute

The ServerLoggingBridgeUserParentLoggersEnabled attribute on the LogMBean is deprecated as of WebLogic Server 12.1.3.

User Name and Password System Properties

As of WebLogic Server 12.1.1, the boot user name and password system properties weblogic.management.username and weblogic.management.password have been deprecated and will be removed in a future release, and you will no longer be able to specify the user name and password in the command for starting WebLogic Server in production mode.

As an alternative, Oracle recommends that you use the boot.properties file to specify the boot user name and password for WebLogic Server. For more information about the boot.properties file, see Boot Identity Files in Administering Server Startup and Shutdown for Oracle WebLogic Server.

For information about other methods you can use to provide user credentials, see Provide User Credentials to Start and Stop Servers in Administering Server Startup and Shutdown for Oracle WebLogic Server.

Maven 11x Plug-In Deprecated

The weblogic-maven-plugin plug-in delivered in WebLogic Server 11g Release 1 is deprecated as of release 12.1.2. Oracle recommends that you instead use the WebLogic Server Maven plug-in introduced in version 12.1.2. See Using the WebLogic Development Maven Plug-in in Developing Applications for Oracle WebLogic Server for complete documentation.

JSP Tags for XML Processing

As of WebLogic Server 12.1.2, XSLT JSP tags and the WebLogic XSLT JSP Tag Library have been deprecated and will be removed in a future release. You can use JAXP to transform XML data. For more information, see Transforming XML Documents in Developing XML Applications for Oracle WebLogic Server.

Deprecated Functionality in WLST

The following functionality in WLST has been deprecated as of WebLogic Server 12.2.1.

Server Argument to WLST Diagnostics Commands

The Server argument to the following WLST diagnostics commands has been deprecated:

  • captureAndSaveDiagnosticImage

  • createSystemResourceControl

  • destroySystemResourceControl

  • disableSystemResource

  • enableSystemResource

  • listSystemResourceControls

The Server argument is being replaced by the Target argument. For more information, see Diagnostics Commands in WLST Command Reference for WebLogic Server.

The addTemplate and readTemplate Control Commands

The addTemplate and readTemplate commands have been deprecated as of WebLogic Server 12.2.1 and will be removed in a future release. Use the selectTemplate and loadTemplates commands instead. For more information and examples, see Creating and Updating a WebLogic Domain in Understanding the WebLogic Scripting Tool.

Implicit Importing of Modules Using WLST

Support for using WLST to implicitly import modules into an application has been deprecated. When using WLST to import modules, Oracle recommends doing the operation explicitly.

The following WLST snippet shows an explicit import of the module EJBResource from weblogic.security.service:

@ from weblogic.security.service import EJBResource
ejbRes = EJBResource('DDPoliciesEar', 'DDPolinEarMiniAppBean.jar', 'DDRolesAndPolicies', 'getSubject', 'Remote', None)

The configToScript Command

The configToScript command is deprecated in Oracle WebLogic Server 12.2.1. To replicate a server configuration, Oracle recommends that you use the pack and unpack commands. See Creating Templates and Domains Using the Pack and Unpack Commands.

Deprecated RESTful Management Features

The following RESTful management features are deprecated in this release of Oracle WebLogic Server.

RESTful Management Resources for Oracle WebLogic Server Multitenant

The following RESTful management resources for Oracle WebLogic Server Multitenant are deprecated in version 12.2.1.4.0 and will be removed in the next release:

  • /management/weblogic/latest/edit/partitions/
  • /management/weblogic/latest/domainConfig/partitions/
  • /management/weblogic/latest/domainRuntime/domainPartitionRuntimes/
  • /management/weblogic/latest/serverConfig/partitions/
  • /management/weblogic/latest/serverRuntime/partitionRuntimes/

Oracle recommends that customers using domain partitions as a container dedicated to specific applications and resources consider the use of alternative container-based architectures, including the deployment of WebLogic applications and services in Docker containers running in Kubernetes clusters.

RESTful Life Cycle Management Resources

The following RESTful Life Cycle Management (LCM) resources are deprecated in Oracle WebLogic Server as of version 12.2.1.3.0 and will be removed in a future release:

  • /lifecycle/{version}/runtimes/{runtime-name}/scaleUp

  • /lifecycle/{version}/runtimes/{runtime-name}/scaleDown

  • /lifecycle/{version}/runtimes/{runtime-name}/quiesce

  • /lifecycle/{version}/runtimes/{runtime-name}/start

  • /lifecycle/{version}/runtimes/{runtime-name}/sync

Oracle recommends that you migrate immediately to the corresponding /management/weblogic RESTful resources, which continue to be supported and enhanced. See Administering Oracle WebLogic Server with RESTful Management Services.

RESTful Resources for Monitoring and Management

The following RESTful management resources are deprecated in Oracle WebLogic Server as of version 12.2.1.3.0 and will be removed in a future release:

  • /management/tenant-monitoring, introduced in Oracle WebLogic Server 10.3.6

  • /management/wls, introduced in Oracle WebLogic Server 12.1.3

In Oracle WebLogic Server 12.2.1.4.0, /management/weblogic resource versions 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0 and 12.2.1.3.0 are now deprecated. The latest version is 12.2.1.4.0. For future releases, latest always refers to the most recent release.

Oracle recommends that you migrate immediately to the newer /management/weblogic RESTful resources. See Administering Oracle WebLogic Server with RESTful Management Services.

URL Format for REST Management

The URL format for REST management APIs has changed in 12.1.3. The URL format introduced in 12.1.2 will continue to work, but is deprecated as of Oracle WebLogic Server 12.1.3.

WebLogic Server/Spring Integration Features

Integration features for WebLogic Server/Spring are deprecated in Oracle WebLogic Server as of version 12.2.1. Also, as of version 12.2.1, the Oracle WebLogic Server Spring console extension is not supported when using JRF or restricted-JRF.

RESTful Web Services

The following JAX-RS functionality has been deprecated as of Oracle WebLogic Server 12.2.1.

Jersey 1.18 (JAX-RS 1.1 RI) Client APIs

Support for the Jersey 1.18 (JAX-RS 1.1RI) client APIs, including the com.sun.jersey and its nested packages, and the weblogic.jaxrs.api.client packages, are deprecated in this release of WebLogic Server but are maintained for backward compatibility. It is recommended that you update your RESTful client applications to use the JAX-RS 2.0 RI client APIs at your earliest convenience. For more information, see Introduction to RESTful Web Services in Developing and Securing RESTful Web Services for Oracle WebLogic Server.

Runtime Monitoring MBeans

The following runtime MBeans have been deprecated:

  • JaxRsMonitoringInfoRuntimeMBean

  • JaxRsResourceConfigTypeRuntimeMBean

Note:

The functionality provided by these MBeans has been replaced by new or updated MBeans. For more information, see Monitoring RESTful Web Services and Clients in Developing and Securing RESTful Web Services for Oracle WebLogic Server.

Deprecated Diagnostics Exceptions

The following exceptions in the Harvester component of the WebLogic Diagnostics Framework are deprecated:

weblogic.diagnostics.harvester.HarvesterException
weblogic.diagnostics.harvester.HarvesterException.AmbiguousInstanceName
weblogic.diagnostics.harvester.HarvesterException.AmbiguousTypeName
weblogic.diagnostics.harvester.HarvesterException.HarvestableInstancesNotFoundException
weblogic.diagnostics.harvester.HarvesterException.HarvestableTypesNotFoundException
weblogic.diagnostics.harvester.HarvesterException.HarvestingNotEnabled
weblogic.diagnostics.harvester.HarvesterException.MissingConfigurationType
weblogic.diagnostics.harvester.HarvesterException.TypeNotHarvestable

CacheFilter API

The WebLogic Server API weblogic.cache.filter.CacheFilter has been deprecated as of Oracle WebLogic Server 12.2.1.

JAX-RPC WebService-ReliableMessaging

WebLogic SAF Agent support for JAX-RPC Reliable Messaging is deprecated, along with the complete JAX-RPC API. Consequently, the SAF Agent Service Type attribute will be ignored and all SAF Agents will be treated as Service Type Sending-only in a future release. Oracle recommends use of JAX-WS Reliable Messaging as a replacement for this technology.

SSLMBean.ExportKeyLifespan Attribute

The SSLMBean.ExportKeyLifespan attribute is deprecated as of WebLogic Server 12.2.1. This attribute was used by the Certicom-based SSL implementation, which was removed from WebLogic Server in version 12.1.1 and replaced by JSSE. The JSSE implementation in WebLogic Server does not use the SSLMBean.ExportKeyLifespan attribute. For more information about JSSE, see Using the JSSE-Based SSL Implementation in Administering Security for Oracle WebLogic Server.

setSSLClientCertificate and setSSLClientKeyPassword Methods

The setSSLClientCertificate() and setSSLClientKeyPassword() methods in the weblogic.jndi.Environment class have been deprecated in this release. Use loadLocalIdentity() or setSSLContext() instead. For more information, see Two-Way SSL Authentication with JNDI in Developing Applications with the WebLogic Security Service.

EJBGen

EJBGen, an Enterprise JavaBeans 2.x code generator utility, is deprecated as of Oracle WebLogic Server 12.2.1.3.0, and will be removed in a future release.

WebLogic Replicated Store

The WebLogic Replicated Store, a WebLogic JMS messages storage option that is intended only for use in Oracle Exalogic Elastic Cloud environments, is deprecated as of Oracle WebLogic Server version 12.2.1.3.0 and will be removed in a future release.

Oracle recommends that you use either a JDBC store or a custom file store for JMS message storage.

JMS Interop Modules

JMS Interop Modules are deprecated in WebLogic Server 12.1.1. If you have a module named interop-jms.xml in your config.xml, convert it to a regular system module. See JMS System Module Configuration.

WebLogic JMS Resource Adapter

The WebLogic JMS resource adapter is deprecated as of Oracle WebLogic Server 12.2.1.3.0, and will be removed in a future release. Oracle recommends that you use either the thin T3 client or a message bridge to integrate applications running on non-WebLogic application servers through JMS. See the following topics:

Note:

The WebLogic JMS resource adapter is supported only on Oracle GlassFish Server, so only users of GlassFish Server are affected.

JMS Reconnect

The WebLogic JMS automatic reconnect feature is deprecated. The JMS connection factory configuration, javax.jms.extension.WLConnection API, and javax.jms.extension.JMSContext API for this feature will be removed or ignored in a future release. They do not handle all possible failures and so are not an effective substitute for standard resiliency best practices. Oracle recommends that client applications handle connection exceptions as described in Client Resiliency Best Practices in Administering JMS Resources for Oracle WebLogic Server.

JMS Deployable Configuration

WebLogic JMS Application Modules for Deployment are deprecated, including packaged and standalone modules. Support for JMS Application Modules will be removed in a future release. Oracle recommends creating required JMS configuration using system modules.

JMS Weighted Distributed Destinations

JMS Weighted Distributed Destinations were deprecated in WebLogic Server 10.3.4.0. Oracle recommends using Uniform Distributed Destinations.

DynamicServersMBean.MaximumDynamicServerCount Attribute

The DynamicServersMBean.MaximumDynamicServerCount attribute is deprecated as of WebLogic Server 12.2.1. This attribute is replaced by the DynamicServersMBean.DynamicClusterSize attribute, which the Elasticity Framework uses in conjunction with the MinDynamicClusterSize and MaxDynamicClusterSize attributes on the DynamicServersMBean to define the boundaries within which a dynamic cluster may be scaled up or down.

The MaximumDynamicServerCount attribute is presently retained for backwards compatibility, but will be removed in a future release. For more information about using the DynamicClusterSize attribute, see Configuring Dynamic Clusters in Configuring Elasticity in Dynamic Clusters for Oracle WebLogic Server.

Compatibility Setting for JTA Security Interoperability Mode

The compatibility setting for JTA Security Interoperability Mode is deprecated in this release of WebLogic Server and will be removed in a future release. For more information about how to configure compatible communication channels between servers in global transactions with participants in the same or different domains, see Security Interoperability Mode in Developing JTA Applications for Oracle WebLogic Server.

DDInt Utility

DDInt, a utility for generating deployment descriptors for applications, is deprecated as of Oracle WebLogic Server 12.2.1.4.0, and will be removed in a future release.

Removed Functionality and Components

Several components deprecated in previous versions of WebLogic Server are removed from Oracle WebLogic Server 12c (12.2.1).

Certificate Chains

The support for file-based certificate chains has been removed from Oracle WebLogic Server as of version 12.2.1.

Compatibility Security

As of release 12.2.1, WebLogic Server has removed support for Compatibility security in both the server and client. In prior releases, Compatibility security is used for running security configurations developed with WebLogic Server 6.x. For information about interoperability with a version of WebLogic Server that uses Compatibility security, see Protocol Compatibility in Understanding Oracle WebLogic Server. The following components that provided Compatibility security in previous releases are removed as of Oracle WebLogic Server 12.2.1:

  • CompatibilityRealm

  • CachingRealm

  • LDAPRealm

  • NTRealm

  • FileRealm

  • Custom security realm

  • RDBMS security realm

  • Realm Adapter provider

  • Realm Adapter Auditing provider

  • Realm Adapter Authentication provider

  • Realm Adapter Authorization provider

  • Realm Adapter Adjudication provider

The following classes that provided support for Compatibility security were removed:

  • weblogic.management.configuration.Acl

  • weblogic.management.configuration.BasicRealmMBean

  • weblogic.management.configuration.CachingRealmMBean

  • weblogic.management.configuration.CustomRealmMBean

  • weblogic.management.configuration.FileRealmMBean

  • weblogic.management.configuration.Group

  • weblogic.management.configuration.LDAPRealmMBean

  • weblogic.management.configuration.ListResults

  • weblogic.management.configuration.NTRealmMBean

  • weblogic.management.configuration.PasswordPolicyMBean

  • weblogic.management.configuration.Principal

  • weblogic.management.configuration.RDBMSRealmMBean

  • weblogic.management.configuration.RealmException

  • weblogic.management.configuration.RealmIterator

  • weblogic.management.configuration.RealmMBean

  • weblogic.management.configuration.RealmManager

  • weblogic.management.configuration.RemoteEnumeration

  • weblogic.management.configuration.SecurityMBean

  • weblogic.management.configuration.UnixRealmMBean

  • weblogic.management.configuration.User

  • weblogic.management.mbeans.custom.LDAPRealm

  • weblogic.management.mbeans.custom.NTRealm

  • weblogic.management.mbeans.custom.Realm

  • weblogic.management.mbeans.custom.Security

  • weblogic.management.mbeans.custom.UnixRealm

  • weblogic.management.internal.BatchedEnumeration

  • weblogic.management.internal.RemoteEnumerationImpl

  • weblogic.management.internal.RemoteRealmException

  • weblogic.management.internal.RemoteRealmManager

  • weblogic.management.internal.RemoteRealmManagerImpl

  • weblogic.security.acl.AbstractListableRealm

  • weblogic.security.acl.AbstractManageableRealm

  • weblogic.security.acl.AclEntryImpl

  • weblogic.security.acl.AclImpl

  • weblogic.security.acl.AdminPermissions

  • weblogic.security.acl.CachingRealm

  • weblogic.security.acl.CertAuthentication

  • weblogic.security.acl.CertAuthenticator

  • weblogic.security.acl.ClosableEnumeration

  • weblogic.security.acl.CredentialChanger

  • weblogic.security.acl.DebuggableRealm

  • weblogic.security.acl.DefaultGroupImpl

  • weblogic.security.acl.DefaultUserImpl

  • weblogic.security.acl.DynamicUserAcl

  • weblogic.security.acl.Everyone

  • weblogic.security.acl.ExplicitlyControlled

  • weblogic.security.acl.FlatGroup

  • weblogic.security.acl.GroupImpl

  • weblogic.security.acl.InvalidLogin

  • weblogic.security.acl.ListableRealm

  • weblogic.security.acl.LoginFailureRecord

  • weblogic.security.acl.ManageableRealm

  • weblogic.security.acl.OwnerImpl

  • weblogic.security.acl.PasswordGuessing

  • weblogic.security.acl.PasswordGuessingWrapper

  • weblogic.security.acl.PermissionImpl

  • weblogic.security.acl.PrivilegedAction

  • weblogic.security.acl.PrivilegedExceptionAction

  • weblogic.security.acl.Realm

  • weblogic.security.acl.RealmProxy

  • weblogic.security.acl.RefreshableRealm

  • weblogic.security.acl.SSLUserInfo

  • weblogic.security.acl.Security

  • weblogic.security.acl.SecurityMessage

  • weblogic.security.acl.SecurityMulticastRecord

  • weblogic.security.acl.TTLCache

  • weblogic.security.acl.UnlockUserRecord

  • weblogic.security.acl.internal.AuthenticationDelegate

  • weblogic.security.acl.internal.ClusterRealm

  • weblogic.security.acl.internal.DefaultRealmImpl

  • weblogic.security.audit.Audit

  • weblogic.security.audit.AuditProvider

  • weblogic.security.internal.RealmTest

  • weblogic.security.ldaprealm.LDAPRealm

  • weblogic.security.ldaprealmv1.LDAPDelegate

  • weblogic.security.ldaprealmv1.LDAPException

  • weblogic.security.ldaprealmv1.LDAPGroup

  • weblogic.security.ldaprealmv1.LDAPRealm

  • weblogic.security.ldaprealmv1.LDAPUser

  • weblogic.security.ldaprealmv2.LDAPDelegate

  • weblogic.security.ldaprealmv2.LDAPEntity

  • weblogic.security.ldaprealmv2.LDAPGroup

  • weblogic.security.ldaprealmv2.LDAPRealm

  • weblogic.security.ldaprealmv2.LDAPRealmException

  • weblogic.security.ldaprealmv2.LDAPUser

  • weblogic.security.ntrealm.NTDelegate

  • weblogic.security.ntrealm.NTRealm

  • weblogic.security.unixrealm.SubprocessException

  • weblogic.security.unixrealm.UnixDelegate

  • weblogic.security.unixrealm.UnixGroup

  • weblogic.security.unixrealm.UnixRealm

  • weblogic.security.unixrealm.UnixUser

  • weblogic.security.providers.realmadapter.AdjudicationProviderImpl

  • weblogic.security.providers.realmadapter.AuditProviderImpl

  • weblogic.security.providers.realmadapter.AuthenticationProviderImpl

  • weblogic.security.providers.realmadapter.AuthorizationProviderImpl

  • weblogic.security.providers.realmadapter.IdentityAsserterImpl

  • weblogic.security.providers.realmadapter.LoginModuleImpl

  • weblogic.security.providers.realmadapter.RealmAdapterAdjudicatorImpl

  • weblogic.security.providers.realmadapter.RealmAdapterAuditorImpl

  • weblogic.security.providers.realmadapter.RealmAdapterAuthenticatorImpl

  • weblogic.security.providers.realmadapter.RealmAdapterAuthorizerImpl

  • RealmAdapterAdjudicatorMBean

  • RealmAdapterAuditorMBean

  • RealmAdapterAuthenticatorMBean

  • RealmAdapterAuthorizerMBean

6.x Realms

The 6.x realm configuration and associated APIs have been removed from WebLogic Server as of version 12.2.1. The following deprecated configuration MBeans and associated elements have been removed from the DomainMBean configuration element:

Configuration MBean Associated DomainMBean Configuration Element

SecurityMBean

<security>

FileRealmMBean

<file-realm>

CachingRealmMBean

<caching-realm>

PasswordPolicyMBean

<password-policies>

BasicRealmMBean

<basic-realm>

CustomRealmMBean

<custom-realm>

LDAPRealmMBean

<ldap-realm>

NTRealmMBean

<nt-realm>

RDBMSRealmMBean

<rdbms-realm>

RealmMBean

<realm>

UnixRealmMBean

<unix-realm>

Certificate Request Generator Servlet

The Certificate Request Generator servlet has been removed from Oracle WebLogic Server as of version 12.2.1, including the weblogic.servlet.security.CertificateServlet class.

weblogic.Admin

The weblogic.Admin utility, a command-line interface for administering, configuring, and monitoring WebLogic Server, has been removed from Oracle WebLogic Server as of version 12.2.1. Oracle recommends the WebLogic Scripting Tool (WLST) for all command-line operations previously available from the weblogic.Admin utility. See Understanding the WebLogic Scripting Tool.

Note:

The weblogic.Admin utility used the compatibility MBean server to access MBeans. As noted in Compatibility MBean Server and Type-Safe MBean Interfaces, the compatibility MBean server is also removed. However, you can use WLST to browse and access the full set of MBeans for configuring, monitoring, and managing WebLogic Server resources, including security realms.

JAXR

The JAVA API for XML Registries (JAXR) has been removed from Oracle WebLogic Server as of version 12.2.1.

Jersey 1.18 (JAX-RS 1.1. RI) Server APIs

The Jersey 1.18 (JAX-RS 1.1 RI) server APIs have been removed from Oracle WebLogic Server as of version 12.2.1. You should use the corresponding standard JAX-RS 2.0 or Jersey 2.x APIs instead. See Introduction to RESTful Web Services in Developing and Securing RESTful Web Services for Oracle WebLogic Server.

WebLogic Keystore Provider

The WebLogic Keystore provider, which was deprecated in previous releases, has been removed from WebLogic Server as of version 12.2.1.

weblogic.security.provider.PrincipalValidatorImpl

The weblogic.security.provider.PrincipalValidatorImpl class, which was deprecated in the previous release, is removed from WebLogic Server as of version 12.2.1.

weblogic.xml.stream.util.XMLPullReaderBase

The weblogic.xml.stream.util.XMLPullReaderBase class, which was deprecated in a previous release, has been removed from Oracle WebLogic Server as of version 12.2.1.

Connect-Time Failover

Oracle Connect-Time Failover was deprecated in an earlier release. This functionality and the supporting documentation has been removed from Oracle WebLogic Server as of version 12.2.1.

Compatibility MBean Server and Type-Safe MBean Interfaces

As of Oracle WebLogic Server 12.2.1, the compatibility MBean server and all type-safe interfaces to WebLogic Server MBeans are removed.

Startup Option for Lighter-Weight Runtime

The startup option for running a lighter-weight runtime instance of WebLogic Server in a domain has been removed from Oracle WebLogic Server as of version 12.2.1. This startup option, shown below, resulted in a WebLogic Server instance that omitted the startup of the Enterprise JavaBean, Java EE Connector Architecture, and Java Message Service services:

-DserverType="wlx"

The following sections of the WebLogic Server documentation that explain how to use this startup option have been removed:

  • Limiting Run-Time Footprint When Starting WebLogic Server in Administering Server Startup and Shutdown for Oracle WebLogic Server

  • Using the weblogic.Server Command Line to Limit the WebLogic Server Run-Time Footprint in Command Reference for Oracle WebLogic Server

Oracle WebLogic Server Proxy Plug-In for Oracle iPlanet Web Server

From 12.2.1.4.0 onward, the Oracle WebLogic Server proxy plug-in is not supported for Oracle iPlanet Web Server.