WebSphere | Vinay's Notes

Enable SSL Debug Trace in WebSphere

Posted on February 4, 2018April 19, 2018 by Vinay Chauhan

As a developer, we may have to enable SSL Debug Trace in WebSphere. Hence, following are the brief steps that could be used for reference:-

1. In the WebSphere Application Server (WAS) Admin Console, navigate to Servers > Server Types > WebSphere application servers, then select the server name.

2. Under Server Infrastructure, expand Java and Process Management > Process definition > Java Virtual Machine.

3. Add the following to the end of the Generic JVM Arguments box:

-Djavax.net.debug=ssl,handshake,data,trustmanager

4. Save to the master config, and restart the server for it to take hold.

5. This will add debug trace of the SSL handshake to the //profiles//logs//SystemOut.log

Happy Debugging 🙂

Virtual Host Entry in WebSphere

Posted on January 28, 2018April 19, 2018 by Vinay Chauhan

Virtual host name entry could be found in plugin-cfg.xml of a server profile in WebSphere. It is mostly used to configure the port details which forms the complete URL for an application like http://serverName.application.com:55295/loan/casmgmt.htm

Location of an Application Server Profile:-
/WebSphere/7/AppServerBase1/profiles/AppServerBase1/installedApps/Server_Application_Cell/ear/Loan_Application.ear

Location of a file:-
/WebSphere/7/AppServerBase1/profiles/AppServerBase1/config/cells/plugin-cfg.xml

   <VirtualHostGroup Name="Loan_Application">
      <VirtualHost Name="*:55295"/>
   </VirtualHostGroup>

ORA-28040: No matching authentication protocol error

Posted on June 8, 2017June 9, 2017 by Vinay Chauhan

We have got following error in Application logs and we were made to cross-check our JVM settings.

 
ERROR [2016-06-06 03:32:55,521]|[server.startup : 1]|[null]|getConnection
java.sql.SQLException: ORA-28040: No matching authentication protocol
DSRA0010E: SQL State = 99999, Error Code = 28,040
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:445)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:389)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:382)
at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:441)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:450)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:192)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOSESSKEY(T4CTTIoauthenticate.java:404)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:385)
at oracle.jdbc.driver.PhysicalConnection.&amp;lt;init&amp;gt;(PhysicalConnection.java:546)
at oracle.jdbc.driver.T4CConnection.&amp;lt;init&amp;gt;(T4CConnection.java:236)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:521)
at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:280)
at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:207)
at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:139)

It was determined that removing JVM parameter -Doracle.jdbc.thinLogonCapability=o3 will fix the ORA-28040: No matching authentication protocol error. I remembered that we added this JVM parameter for certain applications during the WebSphere 7 upgrade. The problem was that certain applications running on WebSphere 7 with JDK 1.6 and ojdbc6.jar was not able to login to the Database. This was because of an Oracle driver “issue” when dealing with external 3rd party JCE libraries such as BouncyCastle.

Achieve Network Encryption in WebSphere for Oracle

Posted on January 15, 2016January 15, 2016 by Vinay Chauhan

To enable the Network Encryption in WebSphere, we need to do configuration in custom properties of Data-Sources.

WebSphere Pooled Oracle Data-Source
In WebSphere console under JDBC providers > Oracle JDBC Driver > Data sources >
(1) Click on Custom Properties
(2) Add a following new property
Name: connectionProperties
Value: oracle.net.encryption_client=REQUESTED;oracle.net.encryption_types_client=RC4_128

Code Snippet:-

...
Properties prop = new Properties();
prop.put("oracle.net.encryption_client", "REQUIRED");
prop.put("oracle.net.encryption_types_client", "( RC4_128 )");
//prop.put("oracle.net.crypto_checksum_client", "REQUESTED");
//prop.put("oracle.net.crypto_checksum_types_client", "( MD5 )");

OracleDataSource ods = new OracleDataSource();
ods.setProperties(prop);
ods.setURL("jdbc:oracle:thin:@localhost:1521:main");
Connection conn = ods.getConnection();
...

Reference:-
https://docs.oracle.com/cd/B19306_01/java.102/b14355/clntsec.htm#EHAFHEIG