WebLogic Server

Optional Configuration Steps for Your WebLogic Server

When you apply the third maintenance release for SAS 9.2, SAS automatically configures your WebLogic Server. However, depending on your site, you might need to complete these additional steps:
Note: If you deployed your Web applications across multiple servers, then complete these steps on the server where SAS Shared Services are deployed. Typically, this server is named SASServer1.
  1. (Optional) Set the JMS Security System Property.
  2. (Optional) Configure JMS Security.
  3. (Optional) Restore Customizations for Web Authentication.

Set the JMS Security System Property

When you apply the third maintenance release for SAS 9.2, JMS security is turned off by default. To turn on JMS security, you must set the -Dsas.jms.authentication.decorator system property to true in the start-up script of the application server or in the WebLogic Server Administration Console (if you start your servers from this console). Complete the steps that are appropriate for your site. If you turn on JMS security, then you must also complete the steps in Configure JMS Security.
  • To turn on JMS security by using the start-up script for your application server, change the value of the -Dsas.jms.authentication.decorator system property to true.
    If SAS automatically configured your Web application servers when you applied the third maintenance release for SAS 9.2, then use the command line options in setDomainEnv.cmd (for Windows environments) and setDomainEnv.sh (for UNIX environments). The start-up script is located in the bin directory of the WebLogic domain.
  • To turn on JMS security by using the WebLogic Server Administration Console:
    1. In the Domain Structure panel, select Environmentthen selectServers. A list of the available servers appears.
    2. From the Summary of Servers page, select a server. A page that lists the current settings for that server opens.
    3. Click the Server Start tab.
    4. In the Change Center panel, click Lock and Edit. Now, you can edit the server settings.
    5. In the Arguments field, change the value of the -Dsas.jms.authentication.decorator system property to true. Click Save.
    6. In the Change Center panel, click Activate Changes.
    7. Restart the server for the changes to take effect.
    8. Repeat these steps for each server on the Summary of Servers page.

Configure JMS Security

This step is required if you turned on JMS security. For more information, see Set the JMS Security System Property.
If JMS security is enabled, you must complete these additional steps:
  1. Edit the web.xml files for BIDashboard and SharedServices to replace <res-auth>Container</res-auth> with <res-auth>Application</res-auth>.
    The web.xml files are available from the following locations:
    • sas.bidashboard4.2.ear\sas.eventsgenerationframework.war\WEB-INF\web.xml
    • sas.shared9.2.ear\sas.shared.services.war\WEB-INF\web.xml
    • sas.shared9.2.ear\sas.workflow.war\WEB-INF\web.xml
  2. Create a WebLogic user named sasjms.
    1. Open the WebLogic Server Administration Console.
    2. In the Domain Structure panel, select Security Realms.
    3. On the Summary of Security Realms page, select myrealm.
    4. On the Settings for myrealm page, click the Users and Groups tab.
    5. On the Users and Groups tab, click New.
    6. On the Create a New User page, specify the following values:
      • In the Name field, enter sasjms.
      • In the Description field, enter SAS Secure JMS User.
      • In the Password and Confirm Password fields, enter the password that you selected for this user.
      Click OK.
  3. To secure JMS resources, you should create a root level policy. Complete these steps to restrict all JMS access to the sasjms user.
    1. Open the WebLogic Administration Console.
    2. In the Domain Structure panel, select Security Realms.
    3. On the Summary of Security Realms page, select myrealm.
    4. On the Settings for myrealm page, click the Roles and Policies tab.
    5. Click the Realm Policies tab, and then expand the Root Level Policies row in the table.
    6. In the JMS row, select View Policy Conditions.
    7. On the Edit Root Level Policies page, click Add Conditions. The Edit Root Level Policies wizard opens.
    8. In the Choose a Predicate panel, select User from the Predicate List drop-down list, and then click Next.
    9. In the Edit Arguments panel, enter sasjms as the role argument name. Click Add, and then click Finish. A summary of the root level policies opens.
    10. In the Policy Conditions area, select the Group: everyone check box. Click Remove, and then click Save.

Restore Customizations for Web Authentication

After you apply a maintenance release, here are the high-level tasks that you must complete to restore any customizations for Web authentication.
  1. Modify Logon Manager.
  2. Include SAS JAR files in the System Classpath.
  3. Set the CLASSPATH for the Remote Services JVM and restart.
  4. Start the WebLogic server.
  5. Log on to verify the Web authentication configuration.
For more information about each task, see the corresponding topics in Configuring Oracle WebLogic Server for Web Authentication with SAS 9.2 Web Applications. This document is available from http://support.sas.com/resources/thirdpartysupport/v92m3/appservers/ConfiguringWLSWebAuth.pdf.
Copyright © SAS Institute Inc. All rights reserved.