WebLogic Server 8.1 Upgrade Guide
|
 |
 |
|
 |
 |
Upgrading WebLogic Server 6.x to version 8.1, under the simplest circumstances, involves changing your WebLogic Server start command scripts and environment settings.
BEA Systems recommends copying your WebLogic Server 6.x domain directory to a new directory. If you do this, ensure that relative paths to external files remain accurate.
Upgrading may also require changes specific to the subsytem being upgraded.
The following sections contain information necessary to upgrade your system from WebLogic Server 6.x to WebLogic Server 8.1:
For instructions on how to upgrade the Pet Store application from WebLogic Server 6.1 to WebLogic Server 8.1, see Upgrading the Pet Store Application from WebLogic Server 6.1 Service Pack 4 to WebLogic Server 8.1.
For information on upgrading to WebLogic Platform 8.1, see the Upgrading section of the WebLogic Server FAQs.
BEA WebLogic recommends that you locate domain directories outside the WebLogic Server installation directory.
.In WebLogic Server 6.x, domain directories were created within the directory structure of the WebLogic Server installation. In subsequent versions, domain directories can be in any location that can access the WebLogic Server installation and the JDK.
If you change the location of your domain directory, remember to update any custom tools or scripts relative to the new directory structure. Similarly, if you use a scripted tool for creating domains, change its scripts. The Configuration Wizard is the recommended tool for creating domains, and it can be scripted.
When you upgrade from WebLogic Server 6.x to 8.1, you are upgrading a WebLogic Server domain. For a full description of WebLogic Server domains see Overview of WebLogic Server Domains in Configuring and Managing WebLogic Server.
The configuration of a domain is stored in the config.xml file of the domain directory on the Administration Server. config.xml stores the name of the domain and the configuration parameter settings for each server instance, cluster, resource, and service in the domain.
The domain directory also contains server start scripts that start the Administration Server and the Managed Servers in the domain.
The domain directory structure should have a root directory with the same name as the domain, such as mydomain or petstore. This directory should contain the following:
config.xml) for the domain. For more information about WebLogic Server domains, see WebLogic Server Domains in Configuring and Managing WebLogic Server.
To upgrade a domain with multiple server instances, upgrade as you would a single-server domain. In a nutshell, you upgrade a domain by installing WebLogic Server 8.1 alongside your 6.x installation, copying the contents of your 6.x domain into a new 8.1 domain directory, and changing the domain scripts and environment settings to point to the new 8.1 domain and server instances.
If the domain includes a cluster and you want to take advantage of new clustering features in WebLogic Server 8.1, refer to Setting Up WebLogic Clusters in Using WebLogic Server Clusters for WebLogic Server 8.1 cluster configuration guidelines.
As a prerequisite to performing the upgrade procedures in this section, install WebLogic Server 8.1 on all the machines that contain 6.x server instances whose domain you will upgrade. See Installing WebLogic Platform for installation instructions for WebLogic Server 8.1.
Shut down all server instances in the WebLogic Server 6.x domain you are upgrading.
Shutting down the servers ensures that any changes you have made to the domain or its applications have been persisted. See Starting and Stopping Servers: Quick Reference.
Create a new directory where your 8.1 domain will reside.
Consider that after you move the contents of your 7.0 domain directory to this new 8.1 domain directory, any references from within the 7.0 domain to resources outside the domain will need to change unless the new domain directory is in the same relative location to the external resources.
Copy the contents of your WebLogic Server 6.x domain directory to the new 8.1 domain directory, including the server start scripts and configuration settings (see Contents of a Domain Directory).
Note that once you have upgraded the domain to WebLogic Server 8.1, you may not be able to convert it back to WebLogic Server 6.x.
Note: At this point, application paths in this new domain which will become your 8.1 domain still point to the applications that were deployed in the 6.x domain. Do not try to start server instances in either domain until you have completed the domain conversion—if you simultaneously run server instances that deploy the same applications under different versions of WebLogic Server, problems are likely to occur.
In the new 8.1 domain directory, delete files with the .log suffix, and the \.wlnotdelete folder. These artifacts may contain 6.x-specific settings that can cause problems in the 8.1 domain.
Modify the server start scripts in the new 8.1 domain directory to point to WebLogic Server 8.1 server instances instead of 6.x server instances. Do this for all Administration Servers and Managed Servers in the upgraded domain.The names of default start scripts created with new WebLogic Server domains are startWebLogic.cmd (or .sh) (for Administration Servers) and startManagedWebLogic.cmd (or .sh) (for Managed Servers).
The server start scripts in both the 6.x and the 8.1 domains reference a server start script in the WL_HOME\server\bin directory, where WL_HOME is the WebLogic Server installation.
If your start script calls the startWLS.cmd script in your WebLogic Server 6.x WL_HOME\server\bin directory, change it to call instead the startWLS.cmd in your WebLogic Server 8.1 WL_HOME\server\bin directory.
Depending on your server start script, it is likely that you need to change the settings of several of its properties. See Modifying Start Scripts.
Upgrade your applications to WebLogic Server 8.1 by checking references to external resources, updating utilities and optionally your JVM, and upgrading EJBs and security and other factors.
In this step, you are making sure that when your application references an external file, it references the correct address of the external file. This may involve editing your application's deployment descriptor files and the domain configuration file, config.xml.
WebLogic Server configurations rely on a number of files that can be stored anywhere on the file system (for example, log files, file-based repositories, the Java compiler). Unless all such external files are referenced using relative paths and are located in or below the domain directory, do one of the following:
Start WebLogic Server 8.1 Administration and Managed servers, and configure and deploy your applications.
Note: WebLogic Server 8.1 automatically updates configuration information in the 6.x config.xml file to include WebLogic Server 8.1 information. In order for these changes to be retained between invocations of the server, the config.xml file must be writable. If you have made your config.xml read-only, access its file properties and change the attribute so that it is writable. For example, in Windows, right-click the file in Windows Explorer, select Properties, and make sure that the Read-Only attribute is unchecked.
For information about starting WebLogic Server 8.1, see Starting and Stopping Servers: Quick Reference.
For information about configuring and deploying your applications, see Deployment.
If you used WebLogic Server start scripts with a previous version of the product, modify them to work with WebLogic Server 8.1.
For a concrete example of a start script being modified, see Upgrading the Pet Store Application from WebLogic Server 6.1 Service Pack 4 to WebLogic Server 8.1.
In general, modify the start scripts as described here. Your domain's start scripts may differ significantly from the startWebLogic.cmd (or .sh) script on which the following instructions are based. These instructions are valid for both Administration Server start scripts and Managed Server start scripts—all server start scripts that reference the 7.0 servers must be made to reference the 8.1 servers.
These instructions assume that you have performed the first two steps in the previous section, Upgrading Your WebLogic Server 6.x Domain to Version 8.1 on page 3. That is, before performing the following steps you should have done the following:
@rem Check that script is being run from the appropriate directory
if not exist lib\weblogic.jar goto wrongplace
echo startWebLogic.cmd must be run from the config\mydomain directory. 1>&2
if exist "%JAVA_HOME%/bin/javac.exe" goto runWebLogic
echo Javac wasn't found in directory %JAVA_HOME%/bin.
echo Please edit the startWebLogic.cmd script so that the JAVA_HOME
echo variable points to the root directory of your JDK installation.
WebLogic Server 8.1 installs the JVM, JDK 1.4.1, with the server installation. The setenv.cmd and .sh scripts provided with the server all point to the JVM. The latest information regarding certified JVMs is available at the Certifications Page.
This section walks through an actual upgrade of Sun's Pet Store application from WebLogic Server 6.1 to 8.1. This walkthrough uses the version of Pet Store that is included with WebLogic Server 6.x Service Pack 4.
In the following procedures it is assumed that WebLogic Server 6.1 and WebLogic Server 8.1 are both installed.
Before the actual upgrade steps, some problems in the Pet Store application need to be fixed. Stricter JSP and XML parsing in WebLogic Server 8.1 requires that minor XML and JSP errors that were acceptable in WebLogic Server 6.x be fixed.
This section describes corrections that need to be made to Pet Store in order to deploy it on WebLogic Server 8.1.
Versions of Pet Store from WebLogic Server 6.1SP6 and later do not require these repairs.
The procedures are as follows:
Following this preliminary section on repairing Pet Store in preparation for upgrade, Upgrade the Pet Store Domain on page 14 provides instructions for upgrading the Pet Store domain.
If you are upgrading from a WebLogic Server Service Pack later than 6.1 Service Pack 4, you do not need to complete this step.
Post-6.0 versions of WebLogic Server require that resource references defined in WebLogic-specific deployment descriptors match resource references in Sun deployment descriptors.
The following steps fix resource references that are mismatched in the Pet Store deployment descriptor files customer_weblogic_ejb.xml and customer_ejb.xml.
WL_HOME\samples\petStore\src\components\customer\src. For example: <ejb-name>TheCustomer</ejb-name>
<ejb-ref-name>ejb/account/Account</ejb-ref-name>
<jndi-name>estore/account</jndi-name>
<ejb-ref-name>ejb/order/Order</ejb-ref-name>
<jndi-name>estore/order</jndi-name>
WL_HOME\samples\petStore\src\petstore\src\docroot\WEB-INF, where WL_HOME is the WebLogic Server 6.1 installation directory. For example:weblogic.xml defines a number of resource-description and ejb-reference-description elements for the Web application. Add the following ejb-reference-description to the file: <ejb-reference-description>
<ejb-ref-name>ejb/profilemgr/ProfileMgr</ejb-ref-name>
<jndi-name>estore/profilemgr</jndi-name>
</ejb-reference-description>
Because of stricter XML parsing, WebLogic Server 8.1 will not allow this encoding error to pass, even though it was acceptable to earlier versions of WebLogic Server.
Delete a wildcard setting from a Pet Store property file because it may cause a security error.
Minor errors that were parsable in earlier versions of WebLogic Server cause errors in WebLogic Server 8.1 because JDK 1.4 does not accept them. The errors corrected in this section are property settings for which the method and setter properties do not agree.
Correcting the errors requires making changes to these source files:
ListTag.java
CartListTag.java
MyListTag.java
ProductItemListTag.java
ProductListTag.java
SearchListTag.java
All of these files are located in the WL_HOME\samples\petStore\src\petstore\src\com\sun\j2ee\blueprints\petstore\taglib\list directory (where WL_HOME is the WebLogic Server installation directory)
Use these steps to make the replacement in ListTag.java:
WL_HOME\samples\petStore\src\petstore\src\com\sun\j2ee\blueprints\petstore\taglib\list. For example: WL_HOME\samples\petStore\src\petstore\src\com\sun\j2ee\blueprints\petstore\taglib\list>notepad ListTag.java.
public void setNumItems(String numItemsStr) {
public void setStartIndex(String startIndexStr) {
startIndex = Integer.parseInt(startIndexStr);
}
Make the replacements in the rest of the files as follows:
WL_HOME\samples\petStore\src\petstore\src\com\sun\j2ee\blueprints\petstore\taglib\list. For example: WL_HOME\samples\petStore\src\petstore\src\com\sun\j2ee\blueprints\petstore\taglib\list>notepad CartListTag.java.
public void setNumItems(String numItemsStr) {
super.setNumItems(numItemsStr);
}
public void setStartIndex(String startIndexStr) {
super.setNumItems(startIndexStr);
}
public void setNumItems(int numItems) {
super.setNumItems(numItems);
}
public void setStartIndex(int startIndex) {
super.setNumItems(startIndex);
}
MyListTag.java
ProductItemListTag.java
ProductListTag.java
SearchListTag.java
After making the corrections to Pet Store, rebuild the application.
In this upgrade procedure your WebLogic Server 8.1 configuration continues to point to the Cloudscape database used in WebLogic Server 6.1.
C:\petstorefrom61to81, in which to upgrade the WebLogic Server 6.1 Pet Store domain to a WebLogic Server 8.1 Pet Store domain. In WebLogic Server 8.1, it is advisable to locate domains outside the WebLogic Server installation directory.
WL_HOME directory to C:\petstorefrom61to81: petstore.ear and petstoreadmin.ear to point to C:\petstorefrom61to81. Replace: RootDirectory setting, replace the WebLogic Server 6.x WL_HOME path with the c:\petstorefrom61to81 path. That is, replace: where WL_HOME is the WebLogic Server 6.1 installation directory, becomes:
where WL_HOME is the WebLogic Server 8.1 installation directory.
if not exist lib\weblogic.jar goto wrongplace
if not exist WL_HOME\server\lib\weblogic.jar goto wrongplace
where WL_HOME is the WebLogic Server 8.1 installation directory.
set CLASSPATH=.;C:\bea\81feb26\weblogic81\server\lib\weblogic.jar;.WL_HOME61\samples\eval\cloudscape\lib\cloudscape.jar;.\config\petStore\serverclasses
set CLASSPATH=.;WL_HOME81\server\lib\weblogic.jar;.C:\petstorefrom61to81\samples\eval\cloudscape\lib\cloudscape.jar;C:\petstorefrom61to81\config\petstore\serverclasses
-Dbea.home setting from the 6.x BEA_HOME to the 8.1 BEA_HOME, where BEA_HOME is the directory that contains the WebLogic Server installation directory. For example, change
WebLogic Server 8.1 has a new security architecture. For details on the changes, see What Changed in WebLogic Security in Introduction to WebLogic Security.
WebLogic Server 8.1 detects whether you are upgrading from an earlier WebLogic Server version such as 6.x or whether you are a new customer starting with version 8.1. If you are upgrading from WebLogic Server 6.x, you can run WebLogic Server 8.1 in Compatibility security, which allows you to keep your 6.x configuration of users and groups.
However, because some key 6.x security functionality is being deprecated—and because WebLogic Server 8.1 offers improved and expanded security features—customers are encouraged to upgrade their security configuration. This section contains the following upgrade issues and procedures:
The scope of security realms changed in WebLogic Server 8.1. In WebLogic Server 6.x, security realms provided authentication and authorization services. You chose from the File realm or a set of alternative security realms including the Lightweight Data Access Protocol (LDAP), Windows NT, UNIX or RDBMS realms. In addition, you could write a Custom security realm. For more information about WebLogic Server 6.x security realms, see Security Realms in Programming WebLogic Security.
In WebLogic Server 8.1, each security realm consists of a set of configured security providers, users, groups, security roles, and security policies. Authentication and Authorization providers within a security realm offer authentication and authorization services. For more information about WebLogic Server 8.1 security realms, see Security Realms in Introduction to WebLogic Security.
You have the following choices when upgrading a WebLogic Server 6.x security realm to WebLogic Server 8.1:
CompatibilityRealm. For detailed information about booting WebLogic Server 8.1 in Compatibility security and using Compatibility security, see Using Compatibility Security in Managing WebLogic Security. Compatibility security also allows you to start exploring WebLogic Server 8.1 security features so you can later convert your 6.x security configuration to the new security mechanisms (such as security roles and security policies) that are available in WebLogic Server 8.1. For information about moving off Compatibility Security entirely, see Upgrading from Compatibility Security to WebLogic Server 8.1 Security.
CompatibilityRealm) allows you to use the new security mechanisms available in WebLogic Server 8.1 while accessing the users and groups stored in a WebLogic Server 6.x LDAP, Windows NT, UNIX or RDBMS security realm.Note: You will not be able to access ACLs stored in a WebLogic Server 6.x security realm if you configure the Realm Adapter Authentication provider as an Authentication provider in a WebLogic Server 8.1 security realm. You will have to protect your application resources with security roles and security policies.
The following sections provide step-by-step instructions for upgrading your WebLogic Server 6.x security realms to version 8.1.
Note: Before following the instructions in this section, be sure to upgrade your WebLogic Server 6.x domain to version 8.1, using the instructions in Upgrading Your WebLogic Server 6.x Domain to Version 8.1.
This section provides step-by-step instructions for upgrading your WebLogic Server 6.x LDAP V2 security realm to a WebLogic Server 8.1 security realm. This upgrade causes the users and groups defined in your LDAP server to be referenced from the myrealm security realm, which is the default (active) security realm in WebLogic Server 8.1.
Note: Security policies replace the access control lists (ACLs) and permissions that were used to protect WebLogic resources in WebLogic Server 6.x. Therefore, no ACLs will be referenced from the 8.1 security realm as a result of this upgrade. To learn about re-securing resources in WebLogic Server 8.1, see Verify the upgrade of ACLs by: and Securing WebLogic Resources.
To upgrade from a WebLogic Server 6.x LDAP V2 security realm to a WebLogic Server 8.1 security realm:
A list of currently defined users for the WebLogic Server 6.x LDAP V2 security realm appears at the bottom of the right pane. You will be referencing these users from the WebLogic Server 8.1 security realm.
A table of currently defined groups for the WebLogic Server 6.x LDAP V2 security realm appears in the right pane. You will be referencing these groups from the WebLogic Server 8.1 security realm.
The Realms node expands to show the security realms for the WebLogic Server 6.x domain, including the LDAP V2 security realm.
user.filter=(&(uid=%u)(objectclass=person))
user.dn=ou=people, ou=Test,dc=companysys,dc=com
server.port=1155
membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames))
server.principal=uid=tadmin, ou=People,dc=companysys,dc=com
group.filter=(&(cn=%g)(objectclass=groupofuniquenames))
group.dn=ou=Groups,ou=Test,dc=companysys,dc=com
server.host=testmachine
Note: If you are running WebLogic Server 6.x and 8.1 on the same machine, be sure to stop your WebLogic Server 6.x instance before following these instructions.
mydomain, by accepting most of the defaults.Note: Accept all the defaults in the Configuration Wizard to create the WebLogic Server 8.1 domain, with the exception of the username and password combination that is used to boot the server. This username and password combination must be in your LDAP server, and the user must be a member of the Administrators group.
Step-by-step instructions for using the Configuration Wizard are in Creating and Configuring Domains Using the Configuration Wizard in Configuring and Managing WebLogic Server.
myrealm The Authentication node expands to show the Authentication providers that have already been configured in the myrealm security realm. By default, this includes the WebLogic security providers called DefaultAuthenticator and DefaultIdentityAsserter.
For example, if you have an iPlanet (Netscape) LDAP Server, click the Configure a New iPlantAuthenticator... link.
Note: If none of the Configure a New... links correspond to the type of LDAP server you have, see Accessing Other LDAP Servers in Managing WebLogic Security.
The Control Flag determines how this LDAP Authentication provider will be used in conjunction with other Authentication providers. Initially, the Control Flag is best left as OPTIONAL. For more information, see Setting the JAAS Control Flag Attribute in Managing WebLogic Security.
Note: If you prefer, you can enter the values from the 6.x Caching realm you used with your WebLogic Server 6.x LDAP V2 security realm, instead of these defaults.
Warning: Do not yet restart the WebLogic Server 8.1 instance called myserver, even if the restart icon is flashing.
User Base DN—the value of user.dn
User From Name Filter—the value of user.filter (the default in the WebLogic Server 8.1 Administration Console may already be correct)
Note: Accept the defaults for other fields on the Users tab or fill in appropriate information.
Note: You are not required to set values for any fields on the Membership tab nor the Details tab. However, the WebLogic LDAP Authentication providers in WebLogic Server 8.1 have additional features available through these tabs, that you may want to take advantage of, such as dynamic groups. For more information about these features, see Configuring an LDAP Authentication Provider in Managing WebLogic Security.
Note: Because the config.xml.booted file is a copy of the config.xml that existed before you made any changes, saving it allows you to restore the old configuration in case you run into any problems.
myserver by selecting Programs myrealm.This section provides step-by-step instructions for upgrading your WebLogic Server 6.x Windows NT security realm to a WebLogic Server 8.1 security realm. This upgrade causes the users and groups defined in your Windows NT server to be referenced from the myrealm security realm, which is the default (active) security realm in WebLogic Server 8.1.
Note: Security policies replace the access control lists (ACLs) and permissions that were used to protect WebLogic resources in WebLogic Server 6.x. Therefore, no ACLs will be referenced from the 8.1 security realm as a result of this upgrade. To learn about re-securing resources in WebLogic Server 8.1, see Verify the upgrade of ACLs by: and Securing WebLogic Resources.
To upgrade from a WebLogic Server 6.x Windows NT security realm to a WebLogic Server 8.1 security realm:
A list of currently defined users for the WebLogic Server 6.x Windows NT security realm appears at the bottom of the right pane. You will be referencing these users from the WebLogic Server 8.1 security realm.
A table of currently defined groups for the WebLogic Server 6.x Windows NT security realm appears in the right pane. You will be referencing these groups from the WebLogic Server 8.1 security realm.
The Realms node expands to show the security realms for the WebLogic Server 6.x domain, including the Windows NT security realm.
Note: If you are running WebLogic Server 6.x and 8.1 on the same machine, be sure to stop your WebLogic Server 6.x instance before following these instructions.
mydomain, by accepting most of the defaults.Note: You can accept all the defaults in the Configuration Wizard to create the WebLogic Server 8.1 domain, with the exception of the username and password combination that is used to boot the server. This username and password combination must have the correct privileges to be able to restart the WebLogic Server 8.1 instance. (It need not be the Administrator account.)
Step-by-step instructions for using the Configuration Wizard are in Creating and Configuring Domains Using the Configuration Wizard in Configuring and Managing WebLogic Server.
Warning: If you do not use the Configuration Wizard to create your WebLogic Server 8.1 domain, you will not be able to create the Realm Adapter Authentication provider (in Step 2: Configure a Realm Adapter Authentication Provider) without first copying over your 6.x filerealm.properties file.
Note: For a detailed explanation of the Realm Adapter Authentication provider, see Configuring a Realm Adapter Authentication Provider in Managing WebLogic Security.
myrealm The Authentication node expands to show the Authentication providers that have already been configured in the myrealm security realm. By default, this includes the WebLogic security providers called DefaultAuthenticator and DefaultIdentityAsserter.
The Control Flag determines how this Realm Adapter Authentication provider will be used in conjunction with other Authentication providers. Initially, the Control Flag is best left as OPTIONAL. For more information, see Setting the JAAS Control Flag Attribute in Managing WebLogic Security.
The General tab updates to show a Types chooser, which allows you to select token types for an Authentication provider that includes an Identity Assertion provider.
Warning: Do not select any token types from the Types chooser. The WebLogic Authentication provider (called DefaultAuthenticator in the WebLogic Server 8.1 Administration Console) is already configured to handle a specified token type. The Realm Adapter Authenticator includes an Identity Assertion provider, which if configured to handle the same token type as the WebLogic Authentication provider, will render the server unbootable.
Note: Because the config.xml.booted file is a copy of the config.xml that existed before you made any changes, saving it allows you to restore the old configuration in case you run into any problems.
myserver by selecting Programs The Compatibility Security node appears in the left pane of the WebLogic Server 8.1 Administration Console.
Re-configuring your WebLogic Server 6.x Windows NT realm in Compatibility security is what provides the connection to the Realm Adapter Authentication provider and allows you to view your 6.x users and groups in the WebLogic Server 8.1 Administration Console.
Note: Because the config.xml.booted file is a copy of the config.xml that existed before you made any changes, saving it allows you to restore the old configuration in case you run into any problems.
myserver by selecting Programs This section provides step-by-step instructions for upgrading your WebLogic Server 6.x Unix security realm to a WebLogic Server 8.1 security realm. This upgrade causes the users and groups defined in your Unix server to be referenced from the myrealm security realm, which is the default (active) security realm in WebLogic Server 8.1.
Note: Security policies replace the access control lists (ACLs) and permissions that were used to protect WebLogic resources in WebLogic Server 6.x. Therefore, no ACLs will be referenced from the WebLogic Server 8.1 security realm as a result of this upgrade. To learn about re-securing resources in WebLogic Server 8.1, see Verify the upgrade of ACLs by: and Securing WebLogic Resources.
To upgrade from a WebLogic Server 6.x Unix security realm to a WebLogic Server 8.1 security realm:
A list of currently defined users for the WebLogic Server 6.x Unix security realm appears at the bottom of the right pane. You will be referencing these users from the WebLogic Server 8.1 security realm.
A table of currently defined groups for the WebLogic Server 6.x Unix security realm appears in the right pane. You will be referencing these groups from the WebLogic Server 8.1 security realm.
The Realms node expands to show the security realms for the WebLogic Server 6.x domain, including the Unix security realm.
Note: If you are running WebLogic Server 6.x and 8.1 on the same machine, be sure to stop your WebLogic Server 6.x instance before following these instructions.
mydomain, by accepting most of the defaults.Note: You can accept all the defaults in the Configuration Wizard to create the WebLogic Server 8.1 domain, but you must be logged into a Unix machine.
Step-by-step instructions for using the Configuration Wizard are in Creating and Configuring Domains Using the Configuration Wizard in Configuring and Managing WebLogic Server.
Warning: If you do not use the Configuration Wizard to create your WebLogic Server 8.1 domain, you will not be able to create the Realm Adapter Authentication provider (in Step 2: Configure a Realm Adapter Authentication Provider) without first copying over your 6.x filerealm.properties file.
Note: For a detailed explanation of the Realm Adapter Authentication provider, see Configuring a Realm Adapter Authentication Provider in Managing WebLogic Security.
myrealm The Authentication node expands to show the Authentication providers that have already been configured in the myrealm security realm. By default, this includes the WebLogic security providers called DefaultAuthenticator and DefaultIdentityAsserter.
The Control Flag determines how this Realm Adapter Authentication provider will be used in conjunction with other Authentication providers. Initially, the Control Flag is best left as OPTIONAL. For more information, see Setting the JAAS Control Flag Attribute in Managing WebLogic Security.
The General tab updates to show a Types chooser, which allows you to select token types for an Authentication provider that includes an Identity Assertion provider.
Warning: Do not select any token types from the Types chooser. The WebLogic Authentication provider (called DefaultAuthenticator in the WebLogic Server 8.1 Administration Console) is already configured to handle a specified token type. The Realm Adapter Authenticator includes an Identity Assertion provider, which if configured to handle the same token type, will render the server unbootable.
Note: Because the config.xml.booted file is a copy of the config.xml that existed before you made any changes, saving it allows you to restore the old configuration in case you run into any problems.
myserver by selecting Programs The Compatibility Security node appears in the left pane of the WebLogic Server 8.1 Administration Console.
Re-configuring your Unix realm in Compatibility security is what provides the connection to the Realm Adapter Authentication provider and allows you to view your 6.x users and groups in the WebLogic Server 8.1 Administration Console.
Note: Because the config.xml.booted file is a copy of the config.xml that existed before you made any changes, saving it allows you to restore the old configuration in case you run into any problems.
Notes: The instructions in this section illustrate how to upgrade the RDBMS example that was provided with WebLogic Server 6.x. The RDBMS example utilized a Cloudscape database. Customers who have modified this example or use other databases may need to make some modifications to these instructions for their environment.
The instructions in this section provide step-by-step instructions for upgrading your WebLogic Server 6.x RDBMS security realm to a WebLogic Server 8.1 security realm. This upgrade causes the users and groups defined in your Cloudscape database to be referenced from the myrealm security realm, which is the default (active) security realm in WebLogic Server 8.1.
Note: Security policies replace the access control lists (ACLs) and permissions that were used to protect WebLogic resources in WebLogic Server 6.x. Therefore, no ACLs will be referenced from the 8.1 security realm as a result of this upgrade. To learn about re-securing resources in WebLogic Server 8.1, see Securing WebLogic Resources.
To upgrade from a WebLogic Server 6.x RDBMS security realm to a WebLogic Server 8.1 security realm:
A list of currently defined users for the WebLogic Server 6.x RDBMS security realm appears at the bottom of the right pane. These are the users that will be referenced from the WebLogic Server 8.1 security realm.
A table of currently defined groups for the WebLogic Server 6.x RDBMS security realm appears in the right pane. These are the groups that will be referenced from the WebLogic Server 8.1 security realm.
The Realms node expands to show the security realms for the WebLogic Server 6.x domain, including the RDBMS security realms.
Note: The out-of-the-box RDBMS example used examples.security.rdbmsrealm.RDBMSRealm as the value for the Realm Class.
Note: The out-of-the-box RDBMS example used COM.cloudscape.core.JDBCDriver as the value for the Driver, and jdbc:cloudscape:demo;create=true;autocommit=false as the value for the URL.
getGroupMembers=SELECT GM_GROUP, GM_MEMBER from groupmembers WHERE GM_GROUP = ? deleteGroup2=DELETE FROM aclentries WHERE A_PRINCIPAL = ? deleteGroup1=DELETE FROM groupmembers WHERE GM_GROUP = ? addGroupMember=INSERT INTO groupmembers VALUES ( ? , ? ) getUser=SELECT U_NAME, U_PASSWORD FROM users WHERE U_NAME = ? getPermission=SELECT DISTINCT A_PERMISSION FROM aclentries WHERE A_PERMISSION = ? deleteUser3=DELETE FROM aclentries WHERE A_PRINCIPAL = ? getGroupNewStatement=true deleteUser2=DELETE FROM groupmembers WHERE GM_MEMBER = ? deleteUser1=DELETE FROM users WHERE U_NAME = ? getAcls=SELECT A_NAME, A_PRINCIPAL, A_PERMISSION FROM aclentries ORDER BY A_NAME, A_PRINCIPAL getUsers=SELECT U_NAME, U_PASSWORD FROM users getGroups=SELECT GM_GROUP, GM_MEMBER FROM groupmembers getPermissions=SELECT DISTINCT A_PERMISSION FROM aclentries getAclEntries=SELECT A_NAME, A_PRINCIPAL, A_PERMISSION FROM aclentries WHERE A_NAME = ? ORDER BY A_PRINCIPAL newUser=INSERT INTO users VALUES ( ? , ? ) removeGroupMember=DELETE FROM groupmembers WHERE GM_GROUP = ? AND GM_MEMBER = ?
The RDBMS realm sample included in WebLogic Server 6.x at WL_HOME\samples\examples\security\rdbmsrealm used a private Admin API (weblogic.management.Admin.getActiveDomain()) in the RDBMSDelegate(RDBMSRealm realm) method of the RDBMSDelegate.java file. This private Admin API has been replaced with a public Admin API in WebLogic Server 8.1. Therefore, customers must:
RDBMSDelegate.java file so that the RDBMS realm sample code uses the public Admin API rather than the private one. For more information, see MBean API Change. Note: If you are running WebLogic Server 6.x and 8.1 on the same machine, be sure to stop your WebLogic Server 6.x instance before following these instructions.
mydomain, by accepting all of the defaults.For step-by-step instructions for the Configuration Wizard, see Creating and Configuring Domains Using the Configuration Wizard in Configuring and Managing WebLogic Server.