Are you installing an Oracle SOA Suite 11g or 12c cluster? Clearly you're well acquainted with the EDG (aka Enterprise Deployment Guide). One of the steps involves configuring high availability for the Oracle JMS Adapter.
This requires adding an entry similar to the following:
java.naming.factory.initial=weblogic.jndi.WLInitialContextFactory;java.naming.provider.url=t3://soahost1.raastech.com:8001,soahost2.raastech.com:8001;java.naming.security.principal=weblogic;java.naming.security.credentials=welcome1
This is found on page 12-33 of the Oracle Fusion Middleware Enterprise Deployment Guide for Oracle SOA Suite 12c (12.2.1) E57888-04 document:
This is how it looks like on the Oracle WebLogic Server 12c Administration Console:
As you can see in the screenshot, the password for the "weblogic" user is unfortunately in cleartext.
Securing FactoryProperties Credentials with Oracle Wallet
1. Create a wallet.
java -jar $ORACLE_HOME/wlserver/server/lib/wljmsra.rar create $JAVA_HOME/jre/lib/security
2. This creates an Oracle Wallet with the file name cwallet.sso under the $JAVA_HOME/jre/lib/security directory.
3. Create an alias for your property. This is a name-value pair property and will have a name of "weblogicPwdAlias" and a value of "welcome1".
java -jar $ORACLE_HOME/wlserver/server/lib/wljmsra.rar add weblogicPwdAlias welcome1
4. List the aliases in the Oracle Wallet to confirm all is good.
java -jar $ORACLE_HOME/wlserver/server/lib/wljmsra.rar dump$JAVA_HOME/jre/lib/security
5. On the WebLogic Server Administration Console, click on Deployments.
6. Navigate to Deployments > JmsAdapter > Configuration > Outbound Connection Pools.
7. Expand oracle.tip.adapter.jms.IJmsConnectionFactory.
8. Click on eis/wls/Queue.
9. Add the following FactoryProperties property. Make note of java.naming.security.credentials (which is now the alias) and weblogic.jms.walletDir (which is the path to cwallet.sso).
java.naming.factory.initial=weblogic.jndi.WLInitialContextFactory;java.naming.provider.url=t3://soahost1.raastech.com:8001,soahost2.raastech.com:8001;java.naming.security.principal=weblogic;java.naming.security.credentials=->weblogicPwdAlias;weblogic.jms.walletDir=/u01/app/oracle/middleware/products/jdk1.8.0_102/jre/lib/security
10. Click on Save.
11. On the Save Deployment Plan page, enter the Path (e.g., /u01/app/oracle/middleware/products/fmw1221/user_projects/applications/soa_domain/dp/JmsAdapterPlan.xml).
12. Click on OK.
13. Click on Save.
15. Activate Changes.
Applicable Versions:
- Oracle WebLogic Server 12c (12.1.x)
References:
- Oracle Fusion Middleware: Administering the JMS Resource Adapter for Oracle WebLogic Server 12c (12.1.2) E28959-02
- Oracle Fusion Middleware Enterprise Deployment Guide for Oracle SOA Suite 12c (12.2.1) E57888-04


2 comments:
Protecting sensitive configuration details is a critical part of enterprise middleware administration, and this article demonstrates that effectively. Implementing secure credential storage aligns well with concepts explored in Information Security Projects, where confidentiality, authentication, and secure configuration management are essential components of modern software infrastructure.
Using Oracle Wallet to safeguard authentication credentials significantly reduces exposure to credential theft and configuration-based attacks. Similar security implementation techniques are frequently studied in Cyber Security Projects for Final Year Students, helping learners understand practical methods for securing enterprise applications and critical IT systems.
Post a Comment