To test the deployment, navigate in your browser to: The browser should prompt for user and password. To undeploy again, you can use the following command: java weblogic.Deployer -adminurl > -username > -password > -name $PG_HOME/pgviz/pgviz-webapp->.war -undeploy Java weblogic.Deployer -adminurl > -username > -password > -deploy -upload $PG_HOME/pgviz/pgviz-webapp->.war To deploy the repackaged WAR file to WebLogic Server, use the following command, replacing the > markers with values matching your installation: Jar -cvf $PG_HOME/pgviz/pgviz-webapp->.war * Mv $PG_HOME/pgviz/pgviz-webapp->.war ~/pgviz-webapp->.war.bkp You can specify any user or group of the default security realm with the tag.īecause you decompressed the WAR file to edit the web.xml and weblogic.xml files, repackage it before deploying the application. In the /tmp/pgviz/WEB-INF/weblogic.xml descriptor file, map the app security configuration to the security role to users and groups. However, BASIC Auth is not considered secure for most use cases, so check with your company's system administrator about the appropriate authentication method for your organization, and configure WebLogic Server to use that method if it is different.Ĭonfigure the security constraints by adding the following lines to the element in the web.xml configuration file (the same as in the preceding step). These instructions use the BASIC Auth authentication method, which is simple to set up. WebLogic Server provides different methods to authenticate the users of a web application. Configure web application authentication.Ĭonfigure the authentication method for the GraphViz users.Be sure to specify https instead of http as the protocol. Use the correct FQDN or IP address, along with the correct port. Modify the value to match your secure PGX deployment endpoint. Locate the pgx.base_url context parameter. For example: nano /tmp/pgviz/WEB-INF/web.xml Now you can edit the web.xml descriptor using any file editor of your choice. To extract: unzip $PG_HOME/pgviz/pgviz-webapp-*.war -d /tmp/pgviz/ One way of achieving this is to extract the WAR file and directly modify the file contents. The WAR file is located at: $PG_HOME/pgviz/pgviz-webapp->.war To do this, modify the WEB-INF/web.xml file inside of the GraphViz WAR file. Now that WLS is configured to use outbound TLS, you must configure GraphViz to point to the secure PGX deployment. Configure the GraphViz deployment descriptor.Ssl.setClientCertPrivateKeyPassPhrase(">") When you are in the scripting tool, run the following script, replacing the markers > with values matching your environment:Ĭonnect(adminUsername, adminPassword, url) To access WebLogic Server script tool, execute the following commands: source $MW_HOME/user_projects/domains/base_domain/wlserver/server/bin/setWLSEnv.sh This configuration is easiest to do using a WLST script. Configure WebLogic Server to use two-way TLS for outbound connections.In the WebLogic admin console, select Environment (left panel) > Servers (left panel) > myserver(admin) (main panel) > Protocols (top tab bar) > Check the box Enable Tunneling > Click Save. In order to be able to deploy the GraphViz WAR file over HTTP, you must enable tunneling first. Note that this parameter is case sensitive. For a Java KeyStore, the correct type is JKS. For both keystores, select the correct Custom Identity Keystore Type.Note that depending on your PGX setup, those these two keystores might be the same file. For the trust keystore, enter the path that has the chain of trusted certificates, including the PGX server certificate.For the identity keystore, enter the path to keystore file that has the signed certificate that is trusted by the secured PGX server.On the SSL menu, select the keystore type: Custom identity and Custom Trust.Go to the admin console (by default on then select Environment (left panel) > Servers (left panel) > myserver(admin) (main panel) > SSL (top tab bar). However, the recommended way is to use WebLogic's administrative interface to set the store location and password. There are many ways to specify a truststore in WLS. Register the PGX client certificate with WebLogic Server.Īssuming that the authorized client certificate is already added to a truststore, you need to specify WebLogic Server to use your truststore.Access to authorized client certificate and truststore (in a password protected JKS format) to authenticate with PGXĬd $MW_HOME/user_projects/domains/base_domain.An HTTPS endpoint of securely deployed PGX server (using mutual TLS).The following instructions are for Oracle WebLogic Server 12.2.1.3. You must deploy GraphViz in Oracle WebLogic Server in order to create a secure connection with the in-memory analytics server over mTLS.Īll communications between the user, GraphViz, and in-memory analytics server will be encrypted.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |