Skip to content

Running Oracle Repository Creation Utility (RCU) on Mac OS X

1. Grab RCU for Linux and extract. Go to rcuHome/bin folder.

2. Disable platform check in ./rcu script:

3. Create a Link from JDK to RCU:


4. Change JRE Path in ./rcu script:

Advertisements

What Makes Solaris Shine

Solaris has so many features and the more you use it, the more you find. Before moving to Telstra my (painful) experience with Solaris dated back almost 10 years ago with Solaris 7 and 8. Mostly because at that days it was among the limited options of a reliable platform for running mission critical Oracle RDBMS instances (I guess it is still).

But then starting again with Solaris 10 in Telstra I found the huge progress it had made. I always thank Oracle for saving Solaris and do hope that the continuation the good work although unfortunately we hear news that many brains behind this master-piece have left the Oracle.

IMHO here’s the list some of the most beloved features of Solaris 10. These are also the feature that don’t have a proper equivalent in other competitors.

  • Containers: real virtualization not buzzword
  • ZFS: nothing comes even close to this File system. What on earth they had in mind.
  • DTrace: keep tuning/monitoring live applications without major overhead
  • SMF: far better that init.d especially with contracts

Some may complain the Linux has OpenVZ/LXC or Mac OS X has ZFS and DTrace. but the question remains: are they all production ready? Even if they are, no doubt they got the idea from Solaris and tried to reimplement.

Oracle Entitlement Server PD Client

Enrollment Issue

I spent couple of hours working on a problem that prevents some of our WLSM instances to fire up correctly. The issue originated from a NullPoniterException in PDClient. PDClient is required for WLSM instances running in controlled (pull/push) mode. NPE was something like this:

<Mar 28, 2012 3:26:10 PM GMT+10:00> <Error> <HTTP> <BEA-101216> <Servlet: “PDClientServiceServlethttp” failed to preload on startup in Web application  : “pd-client.war”.javax.xml.ws.WebServiceException: java.lang.NullPointerExceptionat weblogic.wsee.jaxws.WLSInstanceResolver.getSingleton(WLSInstanceResolver.java:36)
at weblogic.wsee.jaxws.WLSInstanceResolver.start(WLSInstanceResolver.java:55)
Caused By: java.lang.NullPointerException
at oracle.security.jps.soap.pd.client.PDClient.<init>(PDClient.java:46)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
Truncated. see log file for complete stacktrace

In short, although not much vivid but if you also encounter this error it’s possibly due to immature enrolment of the SM instance.

For Server based SMs (e.g. Weblogic, WebSphere, and JBoss), OESSM also creates a config inside server’s smconfig folder besides the original one under $OES_CLIENT_HOME/oes_sm_instances.

For WLSM, the configuration is under WLS_DOMAIN/config/oeswlssmconfig folder. The JPS configuration in this folder is almost independent (see jps-config.xml ) but has a small link back to original config regarding enrolment wallet.  See:

<serviceInstance location=”/oracle/Middleware/oes_client/oes_sm_instances/<SM name>/config/enroll” provider=”credstoressp” name=”credstore.enroll”/>

If the enrolment of the SM has failed, then the cwallet.sso will be still there but in an incomplete mode which prevents the correct start up of the PDClient.

How to check if Wallet is correct?

OES server comes with ORAPKI a handy tool to inspect cwallet files. You can find it under $ORACLE_MIDDLEWARE_HOME/oracle_common/bin/

Here is how to display the contents of a binary wallet file:

/oracle/Middleware/oracle_common/bin/orapki  wallet display -wallet <cwallet.sso>

For a correctly enrolled file, the contents include two user certificate entries for Oracle Secret Store.

-bash-3.00$ /oracle/Middleware/oracle_common/bin/orapki  wallet display -wallet ../../<SM Name>/config/enroll/cwallet.sso
Oracle PKI Tool : Version 11.1.1.5.0
Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
Requested Certificates:
User Certificates:
Oracle Secret Store entries:
OES_SYMMETRIC_KEY_MAP@#3#@OES_IV_PARAMETER_alias
OES_SYMMETRIC_KEY_MAP@#3#@OES_SYMMETRIC_KEY_alias
Trusted Certificates:
Subject:        OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE
Corporation,C=US
Subject:        OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

While an immature one lacks these two:

-bash-3.00$ /oracle/Middleware/oracle_common/bin/orapki  wallet display -wallet ../../<SM name>/config/enroll/cwallet.ssoOracle PKI Tool : Version 11.1.1.5.0
Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
Requested Certificates:
User Certificates:
Trusted Certificates:
Subject:        OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject:        OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

How to (Re) Enroll an SM?

There are couple of scripts generated by OESSM tool to initialize key and perform enrolment (under bin folder of SM instance) but there is my approach:

# prepare WLST env
.  /oracle/Middleware/wlserver_10.3/server/bin/setWLSEnv.sh

# prepare OES env
.  /oracle/Middleware/oes_client/oes_sm_instances/<name>/bin/setOesEnv.shjava -cp /oracle/Middleware/oes_client/modules/oracle.oes.sm_11.1.1/oes-client.jar: \ /oracle/Middleware/wlserver_10.3/server/lib/weblogic.jar \
-Doracle.security.jps.config=<sm instance folder>/jps-config.xml \
-Doracle.security.oes.tools.KeyStorePassword=<passwd> oracle.security.oes.tools.SMConfigTool \
-initEnrollment –smConfigId <instance_name> -prpFileName smconfig.wls.prp \
-port <WLSM HTTP Port> -sslport <WLSM HTTPS Port> -serverLocation /oracle/Middleware/wlserver_10.3 \
-wlsPassword <weblogic password> -domainLocation /oracle/Middleware/user_projects/domains/<WLSM domain name>

PS1: InitEnrolment is the only step required for controlled-pull SMs, because they directly talk to Policy Store DB. For controlled-push SMs, need an extra step of DoEnrolment (see config.sh)

PS2: Try to use JDK 1.6.26+

Oracle Entitlement Server (OES) Lightweight RMI Client

Introduction

Thanks to posts from Subbu one finds it easy to create and configure an RMI client to OES by replacing jps-config of a normal Java SM in the same host. What I want to show here is how to invoke entitlement requests remotely by an RMI client which send requests to a non-controlled RMI SM server. This is almost identical to a XACML/Web Service client except that it’s using RMI which is faster, more convinced an  less error prone.

As I said, I will try keep my RMI SM in non-controlled mode. I found it less problematic this way. Using controlled security modules you may end up in some GUI issues which prevent proper distribution.

Security Module (SM)

PRP

So here is my PRP file for this NC (non-controlled) RMI SM:

Setup

You may put this in [OES-Client-Home]/oessm/SMConfigTool folder and run  [OES-Client-Home]/oessm/bin/config.sh to add SM to OES. Like this:

./config.sh -prpFileName ../SMConfigTool/smconfig.Telstra_RMI_NC_SM.prp

Now enter your database Policy Store username and password. Note that policy stores are in APM. If things all go well, you’ll have your SM folder under [OES-Client-Home]/oes_sm_instances.

Logging

Before we start the RMI server, it’s better to go and modify start-up script to add more logging stuff. Put a simple JUL config file in config folder and add it to Java argument in startRMIServer.sh. You’d better create a logs folder too.

handlers= java.util.logging.FileHandler
.level= FINER
java.util.logging.FileHandler.pattern = ./logs/log
java.util.logging.FileHandler.limit = 50000000
java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.SimpleFormatter

And this is line in startRMIServer.sh

${JAVA_HOME}/bin/java <strong>-Djava.util.logging.config.file=./config/logging.properties</strong> -Djava.security.policy=file:${OES_INSTANCE_HOME}/config/java.policy -Doracle.security.jps.config=${OES_INSTANCE_HOME}/config/jps-config.xml com.bea.security.ssmrmi.LauncherWrapper

Run

Now make logs folder and run it.

mkdir logs
nohup ./startRMIServer.sh &
tail -f nohup.out logs/log

OES

SM Setup

Add a new SM to OES:

Application Binding

Bind this new SM to your application:

Attributed Based Authorization Policy

And finally an authorization policy based on resource, role and a dynamic attribute (key):

All done in OES. No need to distribute changes in policies to modules. It all will be done periodically and automatically (see waitDistributionTime variable).

Client

Code

Here is Client source code. Put it in oes/rmi/client/RmiAuthorizationServiceImpl.java

Maven

I use Maven. Keep things simple. It has very minimal dependency to only 3 files. Here is pom.xml file:

Test

If the connection to RMI server is OK, then run the application and enjoy. Once serverAddress, port, application name and other settings in code is correct, will result something like:

actions = Granted=true. Responses={oracle.security.oes.authorization.decision_reason=grant_policy_found}

N-Queen Problem: CPython 2.6.5 vs PyPy 1.5.0

It is amazing how small and compress a Python code can be for solving 8-Queen problem. Using Python’s itertools to compute permutations and yield keyword for generators, all N-Queen problem comes to mere 8 lines of code:

def hit(p):
    for i in range(len(p) - 1):
        for j in range(i + 1, len(p)):
            if j - i == abs(p[i] - p[j]): return True
    return False

def n_queen(n):
    for p in itertools.permutations(range(n)):
        if not hit(p): yield p

One may add just a bit more code to print the board like this:

base_char = ord('A')

def print_board(s):
    end = len(s)
    board = ['   '.join([str(i) for i in range(1, end + 1)]) + '\n']
    for i, r in enumerate(s):
        board += "%s: %s * %s\n" % (chr(base_char+i), (' - ' * r), (' - ' * (end - r - 1)))
    return ''.join(board)

def solve(n):
    count = 0
    for s in n_queen(n):
        count += 1
        print "==== solution %d =====" % count
        print s
        print print_board(s)
    return count

I used this code snippet to compare Python 2.6.5 with PyPy 1.5.0 JIT. It is interesting that for this CPU intensive problem, Python does not use all 100% CPU in User space and only about 30% of CPU usage is spent in User space and the rest 70% for System and Nice while PyPy dedicated most of CPU cycles to User CPU and hence finished up much faster.

Here are my results in an old single core 1.7G Pentium M processor. I expect PyPy JIT to do even better in a modern SSE-2 multi-core processor.

# board count cpython2.6.5 pypy1.5
5 10 0.012 0.007
6 4 0.048 0.064
7 40 0.327 0.224
8 92 1.556 0.562
9 352 15.207 3.685
10 724 156.736 37.676
11 2680 1723.404 427.216

Bellow is the chart comparing the performance upon above benchmark:

Next I tried to speed up the code by making a minor change in hit() method. To prevent len(p) call I passed the length as argument and replaced abs() call with a check for both positive and negative results. These two simple changes as bellow made the code almost 3 times faster:

def hit(p, n):
    for i in range(n - 1):
        for j in range(i + 1, n):
            d = p[i] - p[j]
            if j - i == d or i - j == d: return True
    return False

def n_queen(n):
    for p in itertools.permutations(range(n)):
        if not hit(p, n): yield p

I was expecting the PyPy fail to speed up the execution times as it did for basic code but amazingly the second code’s speed up is even better in PyPy.

Update 31 May 2011 :
Just one update which seemed necessary, back to some comments to this post and also in YCombinator news forum, it is obvious that what I proposed above was not an optimal solution for N-Queen. In fact N-Queen is a classic backtracking problem and can be solved much efficiently using BT but what I tried to show was 1st the power of Python generators and itertools to solve this problem is a few lines (while preserving simplicity) and 2nd using this CPU intensive brute-force search to compare CPython and PyPy implementations.

So I decided to mention a backtracking implementation which solves the problem much much faster and easily covers boards of size up to 14.

def last_one_hits(answers, size):
    i = size - 1
    x, j = answers[i], 0
    for y in answers[:i]:
        d = x - y
        if x == y or i - j == d or j - i == d: return True
        j += 1
    return False

def n_queen_bt(n):
    found = [0] * n # initiate an answer of size n
    size = 1 # in start, we have 1 queen in cloumn/row (0,0)

    while size > 0:
        hits = last_one_hits(found, size) # new queen hits prevs

        if size == n and not hits: #full and does not hit
            yield found

        if size < n and not hits: #not full or hit, add a new
            found[size] = 0
            size += 1
        else:
            while size > 0: #move last or maybe the ones before
                found[size-1] += 1
                if found[size-1] == n: #end of this clmn,go back
                    size -= 1
                else:
                    break #did the movement job, let's continue

Python Permutation Generation Algorithms Comparison

In regard to ActiveState topic here:

WebSphere 6.1 JMS with Standalone Java and Spring Clients

There are many resources on configuring JMS based applications in IBM WebSphere but most of them do not cover stand-alone clients. Here is a very small sample J2SE standalone Java application which lookups webSphere JMS JNDI resources and interacts with them both directly classic Java and Spring 2.5 JMS API.

Steup Reources:

To setup JMS Queues and Connection Factories in IBM WebSphere 6.1 you
may visit here.

Download J2SE Client libs:

Also need to download IBM Client for JMS on J2SE with IBM WebSphere Application Server.

Main Application:

Now that you have JMS resources and unziped Client libraries, here is a sample code to:

package au.com.osaglobal;

import org.apache.log4j.Logger;
import org.springframework.context.support.ClassPathXmlApplicationContext;

import javax.jms.*;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import java.util.Hashtable;

/**
* Note: Compile and run this with IBM JDK in ~/IBM/WebSphere6.1/java */
public class App {

private static final Logger log = Logger.getLogger(App.class);

public static void publish() {
final Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.ibm.websphere.naming.WsnInitialContextFactory");
env.put(Context.PROVIDER_URL, "iiop://localhost:2810");

final Context jndiContext;
try {
jndiContext = new InitialContext(env);
} catch (NamingException e) {
log.error("Could not create JNDI API context: " + e.toString(), e); System.exit(1);
return;
}

try {
ConnectionFactory connectionFactory = (ConnectionFactory) jndiContext.lookup("jms/queueConnectionFactory");
Connection qConn = connectionFactory.createConnection(); Session qSession = qConn.createSession(false,
Session.AUTO_ACKNOWLEDGE);
Queue q = (Queue) jndiContext.lookup("jms/inQueue");

MessageProducer producer = qSession.createProducer(q); TextMessage message = qSession.createTextMessage(); message.setText("test message");
producer.send(message);

producer.close();
qSession.close();
qConn.close();
} catch (Exception e) {
log.error("Could not perfrom JMS operation: " + e.toString(), e); System.exit(2);
}
}

private static void spring_receiver() {
new ClassPathXmlApplicationContext(new
String[]{"applicationContext.xml"});
}

public static void main(String[] args) {
publish();
//spring_receiver();
}
}

Spring Application Context

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">

    <bean id="jndiTemplate" class="org.springframework.jndi.JndiTemplate">
        <property name="environment">
            <props>
                <prop key="java.naming.factory.initial">com.ibm.websphere.naming.WsnInitialContextFactory</prop>
                <prop key="java.naming.provider.url">iiop://localhost:2810</prop>
            </props>
        </property>
    </bean>

    <bean id="queueConnectionFactory" class="org.springframework.jndi.JndiObjectFactoryBean">
        <property name="jndiTemplate" ref="jndiTemplate"/>
        <property name="jndiName" value="jms/queueConnectionFactory"/>
    </bean>

    <bean id="inQueue" class="org.springframework.jndi.JndiObjectFactoryBean">
        <property name="jndiTemplate" ref="jndiTemplate"/>
        <property name="jndiName" value="jms/inQueue"/>
    </bean>

    <bean class="org.springframework.jms.listener.DefaultMessageListenerContainer">
        <property name="destination" ref="inQueue"/>
        <property name="connectionFactory" ref="queueConnectionFactory"/>
        <property name="messageListener" ref="inMessageListener"/>
    </bean>

    <bean id="inMessageListener" class="au.com.osaglobal.JmsReceiver"/>
</beans>

Jms Receiver Object

package au.com.osaglobal;

import org.apache.log4j.Logger;

import javax.jms.Message;
import javax.jms.MessageListener;

public class JmsReceiver implements MessageListener {

private static final Logger log = Logger.getLogger(JmsReceiver.class);

public void onMessage(Message message) {
log.info("Received message: " + message);
}
}

Log4J Properties

log4j.rootCategory=DEBUG, S

log4j.appender.S=org.apache.log4j.ConsoleAppender
log4j.appender.S.layout=org.apache.log4j.PatternLayout
log4j.appender.S.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %c{1} [%p] %m%n

Maven Project pom.xml And Dependencies

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>au.com.osaglobal</groupId>
    <artifactId>sample-spring-was-jms</artifactId>
    <version>1.0</version>
    <packaging>jar</packaging>

    <name>sample-spring-was-jms</name>
    <url>http://www.osaglobal.com.au/</url>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <version.spring>2.5.6</version.spring>
        <version.was>6.1</version.was>
    </properties>

    <dependencies>

        <dependency>
            <groupId>log4j</groupId>
            <artifactId>log4j</artifactId>
            <version>1.2.14</version>
        </dependency>

        <!-- javax.jms api -->
        <dependency>
            <groupId>org.apache.geronimo.specs</groupId>
            <artifactId>geronimo-jms_1.1_spec</artifactId>
            <version>1.1.1</version>
        </dependency>

        <!-- Springs 2.5.6 (core, beans, jms) -->
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-core</artifactId>
            <version>${version.spring}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-beans</artifactId>
            <version>${version.spring}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-jms</artifactId>
            <version>${version.spring}</version>
        </dependency>

        <!-- WebSphere 6.1 (rt, mq, mqjms, thinclient) -->
        <dependency>
            <groupId>com.ibm.websphere</groupId>
            <artifactId>runtime</artifactId>
            <version>${version.was</version>
            <scope>system</scope>
            <systemPath>/home/amin/IBM/WebSphere6.1/AppServer1/deploytool/ itp/plugins/com.ibm.websphere.v61_6.1.0/ws_runtime.jar</systemPath>
        </dependency>

        <dependency>
            <groupId>com.ibm.mq</groupId>
            <artifactId>mq</artifactId>
            <version>${version.was}</version>
            <scope>system</scope>
            <systemPath>/home/amin/IBM/WebSphere6.1/AppServer1/lib/WMQ/java/ lib/com.ibm.mq.jar</systemPath>
        </dependency>

        <dependency>
            <groupId>com.ibm.mq</groupId>
            <artifactId>mqjms</artifactId>
            <version>${version.was}</version>
            <scope>system</scope>
            <systemPath>/home/amin/IBM/WebSphere6.1/AppServer1/lib/WMQ/java/ lib/com.ibm.mqjms.jar</systemPath>
        </dependency>

        <dependency>
            <groupId>com.ibm.mq</groupId>
            <artifactId>dhbcore</artifactId>
            <version>${version.was}</version>
            <scope>system</scope>
            <systemPath>/home/amin/IBM/WebSphere6.1/AppServer1/lib/WMQ/java/ lib/dhbcore.jar</systemPath>
        </dependency>

        <dependency>
            <groupId>com.ibm.ws.webservices</groupId>
            <artifactId>thinclient</artifactId>
            <version>${version.was}</version>
            <scope>system</scope>
            <systemPath>/home/amin/IBM/WebSphere6.1/AppServer1/runtimes/ com.ibm.ws.webservices.thinclient_6.1.0.jar</systemPath>
        </dependency>

        <!-- IBM Client for JMS on J2SE with IBM WebSphere Application Server -->
        <!-- see: http://www-01.ibm.com/support/docview.wss?uid=swg24012804 -->
        <dependency>
            <groupId>com.ibm.sibc</groupId>
            <artifactId>sibc.jms</artifactId>
            <version>6.1</version>
            <scope>system</scope>
            <systemPath>/home/amin/IBM/sibc/sibc.jms.jar</systemPath>
        </dependency>

        <dependency>
            <groupId>com.ibm.sibc</groupId>
            <artifactId>sibc.jndi</artifactId>
            <version>6.1</version>
            <scope>system</scope>
            <systemPath>/home/amin/IBM/sibc/sibc.jndi.jar</systemPath>
        </dependency>

        <dependency>
            <groupId>com.ibm.sibc</groupId>
            <artifactId>sibc.orb</artifactId>
            <version>6.1</version>
            <scope>system</scope>
            <systemPath>/home/amin/IBM/sibc/sibc.orb.jar</systemPath>
        </dependency>

    </dependencies>
</project>

Note: You will need to fix systemPath to fit your installation. Now can submit and receive simply by (un)commenting related methods in main().