DescriptionAuthoritative guide to Oracle WebLogic Server-from Oracle insiders
If you're an experienced Java developer who wants to expand your skills, Professional Oracle WebLogic Server is the perfect guide for you. This book is written by a top-notch author team that that includes one of the lead architects from Oracle’s Fusion Middleware Development Architects team.
Follow their best practices, workarounds, and sound techniques and confidently develop even the most mission-critical applications with WebLogic Server.
This book fully covers WebLogic Server 11g, including the new features of both JEE 5 and WebLogic Server, as well as JEE 5 annotations, Spring, JPA, JAX-WS, JMS Store-And-Forward, SAML support, and the WLST administrative scripting tool.
This book is the authoritative guide to
- Choosing a Web application architecture
- Best practices for development and production environments
- Designing an Java EE application
- Building Enterprise JavaBeans in WebLogic Server
- Building an EJB application
- Packaging and deploying WebLogic web applications
- Developing and deploying web services
- Using WebLogic JMS
- Using WebLogic security
- Administering and deploying applications in WebLogic Server
- Optimizing WebLogic Server performance
Chapter 1: Building Web Applications in WebLogic.
Java Servlets and JSP Key Concepts.
Web Application Best Practices.
Chapter 2: Choosing a Web Application Architecture.
Architecture Key Concepts.
Presentation-Tier Architecture Selection.
Candidate Presentation-Tier Architectures.
Chapter 3: Designing an Example Java EE Application.
Web Application Architecture.
Chapter 4: Building an Example Web Application.
Overview of Application Components.
Constructing the Application Skeleton.
Constructing the User Site Components.
Construction of Administration Site Components.
Chapter 5: Packaging and Deploying WebLogic Web Applications.
Chapter 6: Building Enterprise JavaBeans in WebLogic Server.
EJB Technology Overview.
EJB Component Types.
The Java Persistence API.
WebLogic Server EJB Container.
General WebLogic Server EJB Features.
Session Bean Features.
Message-Driven Bean Features.
OpenJPA and Kodo Features.
Deployment Descriptors or Annotations?
Chapter 7: Building an Example EJB Application.
Business Layer Requirements.
Business Layer Architecture Options.
The bigrez.com Implementation.
Using TopLink instead of Kodo.
Chapter 8: Packaging and Deploying WebLogic Applications.
Creating an EJB Archive File.
Packaging JPA Persistence Units.
Chapter 9: Developing and Deploying Web Services.
Summarizing Web Services Standards.
CreatingWeb Services with WebLogic Server.
Moving Past the Basics.
UsingWeb Services Security.
Adding Web Services to bigrez.com.
Chapter 10: Using WebLogic JMS.
JMS Key Concepts.
The WebLogic JMS Provider.
WebLogic JMS Application Design.
WebLogic JMS Application Programming.
External JMS Providers.
Chapter 11: Using WebLogic Security.
WebLogic Security Overview.
WebLogic Security Framework.
Using External Security Stores.
Setting Up SSL/TLS.
Writing Security-Aware Java Clients.
Managing Application Security.
Chapter 12: Administering and Deploying Applications in WebLogic Server.
WebLogic Architecture Key Concepts.
WebLogic Administration Key Concepts.
Configuring aWebLogic Server Domain.
Monitoring WebLogic Server Applications.
ManagingWebLogic Server Applications.
Chapter 13: Optimizing WebLogic Server Performance.
Overview of System Performance.
Performance Best Practices.
Troubleshooting Performance Problems.
Chapter 14: Development Environment Best Practices.
InstallingWebLogic Server Software.
Development Project Structure.
Streamlining the Development Cycle.
Establishing a Build Process.
Integrated Development Environments.
Creating a Unit Testing Infrastructure.
Chapter 15: Production Environment Best Practices.
Global and Local Traffic Management.
Production Security Strategies.
|Errata from 1st Printing in PDF Format|
Errata from 1st printing is available in PDF format on the downloads page.
|490-491||Error in Text|
On pages 490-491, we discuss three features that rely on the SSL transport to work:
While the discussion is accurate for WLS 10.3 and 10.3.1, there was a bug (Bug 8254839) that made the product not support these three features when SSL was terminated at the WebLogic Server web server plug-in or a hardware load balancer. WebLogic Server 10.3.2 includes the fix for this bug.
By design, these three features should work because the plug-in adds a WL-Proxy-SSL HTTP header to the request when the web server receives a request over SSL. When a WebLogic Server instance receives a request with WL-Proxy-SSL set to true, it checks to see if its WebLogic Plug-In Enabled attribute is set. If so, it treats the request as coming over SSL even though the request was transmitted over clear text between the plug-in and the WebLogic Server instance. Set this attribute in the Advanced section of the clusters General Configuration tab if using a cluster and in the Advanced section of the servers General Configuration tab if not using a cluster.
Some hardware load balancers also have the ability to add the WL-Proxy-SSL header for requests being sent to WebLogic Server. You should note that enabling the WebLogic Plug-In Enabled attribute makes it possible for rogue clients to set the WL-Proxy-SSL header and gain access to these secure features designed to work over SSL without requiring the clients to actually use SSL. As such, you probably want to make sure that any servers that set the WebLogic Plug-In Enabled attribute are not directly accessible and only allow access through a web server using the WebLogic Server plug-in or a hardware load balancer.
If using a hardware load balancer directly against WebLogic Server instances or clusters, you should configure the load balancer to strip off any WL-Proxy-SSL header it finds on incoming request to block rogue clients from sending this header through the load balancer to the server. You may also want to configure the load balancer to strip off any WebLogic Server-specific headers from the responses so as not to expose internal information the server returns for the plug-ins benefit to clients. When using the WebLogic Server web server plug-ins, this step is not needed since the plug-in will do that for you.
One additional point to mention is that, by default, WebLogic Server does not allow applications to access the plug-ins HTTP headers. Since these headers are meant solely to help the plug-in and the server work together, applications usually do not need to concern themselves with these headers. If you find yourself needing access to these headers from within your application, you need to set the Java system property weblogic.http.isWLProxyHeadersAccessible to true on the command line used to start WebLogic Server.