Oracle Reports desname Bug fixed with Fusion Middleware 11g

This time I come back with an old stuff, which I publish nearly 4 years ago (ups, I'm getting old): The famous Oracle Reports desname Bug, my White Paper concerning this can be found under following Link A Security Hole in Oracle Application Server (Reports) and how to ... (Website of my previous employer). Due to this bug (which was never fixed from Oracle in the Oracle Application Server 10g) it was/is possible to override any file to which the oracle user got access (details see in my mentioned White Paper).

And now start claping Oracle introduce in the Oracle Reports 11g (Part of the Oracle Fusion Middleware 11g) a new Configuration Element <folderAccess> with which we can limit the read and write access for the Reports Server :-) Cool ...

The <folderAccess> Element can be defined in the $DOMAIN_NAME/servers/WLS_REPORTS/stage/reports/reports/configuration/rwserver.conf Configuration File for In-Process Servers or in the $ORACLE_INSTANCE/config/ReportsServerComponent/<reports_name>/rwserver.conf Configuration File for Standalone Reports Servers:

<folderAccess>
   <read>/u01/applications/demoapp/reports</read>
   <write>/u01/applications/reports_output</write>
</folderAccess>

With the Sub-Element <read> we can define to which directories the Reports Server got read access (multiple directories can be added separated with a semicolon) and the most important Sub-Element <write> defines to which directories the Reports Server got write access (multiple directories can be added separated with a semicolon). So an Oracle Reports Call with the option destype=file and desname=<target_output_dir> can only write output files to the defined write-Directory: no chance to damage other files outside this directory :-)

So, that's really a good reason to move to Oracle Reports 11g

Read More

Security Hole in Fusion Middleware 11g WebLogic Admin Server

After a little bit playing with the new Fusion Middleware 11g I found a small security hole in the WebLogic Admin Server.

In order to start the WebLogic Admin Server Oracle provides you a shellscript $MW_HOME/user_projects/domains/$DOMAIN_NAME/startWebLogic.sh

The first way you can use this script is in an interactive way, just execute the script and it will prompt you for the WebLogic Admin-User and his Password. But this methode is not usefull for e.g. RunLevel Scripts :-)
So the second way is, you can buildup a wrapperscript in which you define two Variables (WLS_USER and WLS_PW for the WebLogic Admin-User and his Password) and execute out of this wrapperscript the startWebLogic.sh script to start the WebLogic Admin Server without prompting of the User and Password.

But be aware, if you use the second option, the WebLogic Admin-User and his Password will be displayed in cleartext in the ps-List :-(

In the last line of the ps-List you will see username=weblogic and password=oracle11g

To get out of this problem, just create under your directory $MW_HOME/user_projects/domains/$DOMAIN_NAME/servers/AdminServer/security a file named boot.properties with the content

username=your_admin_user

password=your_admin_user_password

and with this boot.properties file you will not be prompted for the WebLogic Admin-User and his Password and moreover it will not be displayed at the ps-List :-)

Read More

Oracle Fusion Middleware 11.1.1 Forms & Reports Next Errors Part II

And here I go with the update on my previous post "Oracle Fusion Middleware 11.1.1 Forms & Reports Next Errors

The first response from Oracle Metalink was:

• Confirm it is physically a Linux OS and not any form of virtualisation (which is not supported)

Here my 2 Cents for this response:
In the meantime, I found the solution for this problem :-)
If you are running the Installer for the Oracle Fusion Middleware, you will be asked for either creating or extending a WebLogic Domain. Normally you choose to create a new Domain, which got the default name "ClassicDomain". If you choose this default name, you will receive the error "An internal operation has failed: The oracle instance is not empty. Select a different location or remove the instance at this location." if you change the Names for the Oracle AS Instance, the Instance Location aso.

So define your own WebLogic Domain Name and then you can also choose your own names for the Oracle AS Instance aso.

Read More

Oracle Fusion Middleware 11.1.1 Forms & Reports Next Errors

After I solved yesterday the first error during the linking process of the Oracle Fusion Middleware 11g Forms & Reports the next error comes up :-) Now at the configuration steps, the first configurations like creating Managed Servers for Forms & Reports, Deploying of the Enterprise Manager aso. was successfull, but at the configuration step "Creating ASInstance" a failure comes up :-(

The Installation Logfiles just say:

An internal operation has failed: The oracle instance is not empty. Select a different location or remove the instance at this location.
. . .
Caused by: oracle.as.config.exception.LocationAlreadyUsedException: The oracle instance is not empty. Select a different location or remove the instance at this location.

???? That's a fresh new Installation, how the Instance can not be empty?????

So, now I'm trying with Oracle Metalink to solve this problem, let's hope ....
This blog entry will be continued, depending on the performance of Metalink :-)

Read More

Oracle Fusion Middleware 11.1.1 Forms & Reports Linking Error

As I am playing now with the new Release of the Oracle Fusion Middleware 11g Forms & Reports I run in a linking error during the installation.

My environment is as follows:

• Oracle Enterprise Linux 5 x86-64
• All required packages according to the installation guide in 32bit and 64bit installed
• ulimts correct set (4096) and not as wrongly stated in the documentation with 2048 :-)

I start the installation within a linux32 bash as the Fusion Middleware 11g Forms & Reports is only available for 32bit and 64bit Operating Systems are certified according to the documentation.

After some minutes clicking through some screen and waiting for copy the linking process start and throws an error:

• Error in invoking target 'client_sharedlib' of makefile '/u00/app/oracle/product/wls-10.3.1/asfr11g/rdbms/lib/ins_rdbms.mk'.

Nice :-)

Here my solution, log on as root user and execute following commands:

mv /usr/bin/gcc /usr/bin/gcc.save
mv /usr/bin/g++ /usr/bin/g++.save

Create with vi a new file with the name gcc under the directory /usr/bin with following content:

/usr/bin/gcc.save -m32 $*


Make the new create file gcc executable:

chmod 755 /usr/bin/gcc

Create a sym-link:

ln -s /usr/bin/gcc /usr/bin/g++

After this restart the whole installation process and be happy :-)

Read More

Reverse Engineering with DBMS_METADATA

Today I'm coming with PL/SQL stuff, nothing with Oracle Application Server :-)

At the moment I'm developing for a customer a small reverse engineering routine to capture an Oracle Database (CreateDB.sql, Tablespaces, Users, Grants aso). For this I'm using the package dbms_metadata. If you are using this package to capture e.g. all objects grants to all users, you may receive errors like this "SQL Error: ORA-31608: specified object of type OBJECT_GRANT not found". This comes up, if the user don't hold any object grants.
To avoid this simply run a query like this, which will generate you a list of DBMS_METADATA.GET_GRANTED_DDL statements for every user which holds objects grants:

select 'select DBMS_METADATA.GET_GRANTED_DDL(''OBJECT_GRANT'', '||a.username||') from dual;'
from dba_users a, (select distinct(grantee) from dba_tab_privs) b
where a.username = b.grantee;

You can adapt this construct easily on SYSTEM_GRANT and ROLE_GRANT.

Read More

Oracle Fusion Middleware 11g available

Since yesterday (Thursday, 02.07.2009) the new Oracle Fusion Middleware 11g is available on Oracle Technet:
http://www.oracle.com/technology/software/products/middleware/htdocs/111110_fmw.html

The following components are available:

• SOA Suite
• WebCenter Suite
• Identity Management
• Access Manager
• Portal, Forms, Reports and Discoverer
• Repository Creation Utility

The whole stack is available for Windows and Linux platforms, the remaining Operating Systems will follow.

With the Fusion Middleware 11g a complete new concept of the architecture is established, all based on the Oracle WebLogic Server.

Read More

JDBC URL with Oracle SID or ServiceName

Today I face a small problem with a definition of a JDBC URL which is referencing an Oracle Database.

I just define:

jdbc:oracle:thin:scott/tiger@localhost:1521/PROD.OCZH.CH

where PROD.OCZH.CH is the ServiceName of my Database, but it fails :-(

After a some investigations, the solution is simple, if you want to use the ServiceName of your Database in the JDBC URL you have to place // in front of the servername:

jdbc:oracle:thin:scott/tiger@//localhost:1521/PROD.OCZH.CH

Read More

Cool Video about APEX

I discover today a cool video from Oracle concerning Oracle APEX



Enjoy it :-)

Read More

Oracle 10.2.0.4.0 on OS X Intel (Part 2)

Today I got some time to test the new Oracle 10.2.0.4.0 on my MacBook Pro. Really cool stuff.

Installation is quite simple, just follow the Installation Guide. Only thing what is missing, is that you have to set the Environment Variable DYLD_LIBRARY_PATH=$ORACLE_HOME/lib in order to use all necessary utilities (e.g. lsnrctl, sqlplus aso.)

You should also set all mentioned settings according to the Installation Guide, like Kernel Settings and specially ulimits, I forget the ulimits and immediately as I wanted to create a Database I receive TNS-12547 lost contact :-( , just set as the oracle user "ulimit -Hn 65536 and ulimit -Sn 65536" and start the creation of the Database and everything will run :-)

Here you will see, that it's really Oracle 10.2.0.4.0 on OS X :-) (see last line)

Read More

Oracle Database 10g Release 2 (10.2.0.4.0) for Mac OS X (Intel) available

My first post about a long time is about the availability of Oracle Database 10g Release 2 (10.2.04.0) for Mac OS X on Intel Platform :-) Cool, now I can use my Mac ProBook with almost every Oracle Tools.

The Download can be found under Oracle TechNet.

Read More

Oracle WebLogic Server 10.3 available

Since yesterday the new Release of Oracle (BEA) WebLogic Server 10g Release 3 (10.3) is available. Now the BEA Products also get the same naming conventions like the Oracle Application Server Products, let's see how much confusion this will cause :-)

Under the OTN Webpage your can find some general informations and under OTN download page you can find the latest Release. Here you'll find two types of Installation binaries, the Fullinstaller and a Net Installer.

Some major new features/enhancements are:

• Optional Service Startup
• Web 2.0 Support
• ADF/Toplink support (with 11g)
• JDeveloper Support (with 11g)
  

Moreover a new Version of the Oracle Workshop for WebLogic 10.3 is released, also available with a Fullinstaller and a Net Installer. Workshop for WebLogic 10.3 is now IDE based on Eclipse 3.3 and WTP 2.0

Read More

BEA Welcome and Oracle's Middleware Strategy Briefing

I follow right now the "Bea Welcome and Oracle's Middleware Strategy Briefing" and I was really impressed about the plans and direction where they want to go.

With the combination of both product stacks from Oracle Fusion Middleware and BEA Oracle will build up a lot of new and improved components.

Most changes will appear in the Service-Orient Architecture (SOA), e.g. the Oracle Enterprise Service Bus and BEA AquaLogic Service Bus will be unified to the new Oracle Service Bus.

Also a major focus are Enterprise 2.0 Portals, which are already started since last year with Oracle WebCenter Suite. The BEA WL-Portal development will be contiuned and integrated in the WebCenter Suite.

Oracle Identity Management will nearly stay the same, only extended with the BEA AL-Enterprise Security.

The classical DBA who works with Oracle GridControl will also get some new and refreshed Packs for the Middleware Stack.

As I assumed before the BEA Product Liquid VM will be integrated in the Oracle Product Stack. The only thing what I was not expecting is the move from Oracle Container for J2EE (OC4J) to the J2EE Server from BEA, but we will see how much "quirks" of the OC4J will be integrated :-)

If you couldn't follow the Webcast today, check out http://www.oracle.com/products/middleware/bea.html for details and if you interested in testing the BEA Stack, under http://www.oracle.com/technology/software/products/ias/bea_main.html you can already download the BEA Products.

One suggestion for the Product Managers of the Fusion Family, maybe you should think about to combine Liquid VM with Coherence, could be really cool just to run Coherence on a Liquid VM ...

Stars are shining bright :-) let's see what they realize and in which timeline ...

Read More

Oracle Beehive Release 1.2.1.0.0 available

Since a short time Oracle Beehive is available, which is the successor of the Oracle Collaboration Suite.

The download can not be done via Oracle TechNet, you have to access Oracle Beehive through Oracle E-Delivery.

In the next days, I will start to build up an environment with Oracle Beehive and post my first results and impressions, so stay tune ...

Read More

Oracle Assessment for Oracle Application Server

In the last days I discovered in the partner area of Oracle, that you can join some assessment for free, so I just try some of these assessments for Oracle Application Server.

Now I got certificates for:

• Oracle 10g Application Server Specialist Sales Champion Awareness Assessment
• Oracle 10g Application Server Specialist Sales Champion Proficiency Assesssment
• Oracle 10g for Resellers Sales Champion Awareness Assessment

Cool, now I can not only install, configure, tune and troubleshot Oracle Application Server, now I know how to sell them :-)

Read More

How to bind a OC4J Application to a Virtual Host

During a review of a customer Oracle Application Server 10.1.3.3.0 environment the question came up, if it is possible to bind a specfic OC4J Application to a defined Virtual Host?

Since Oracle AS 10.1.3.x the OC4JMount is by default configured dynamically, you'll not find any entries in the Oracle HTTP Server configuration file mod_oc4j.conf. The solution is nevertheless simple to bind a OC4J Application to a Virtual Host.

Let's say, we have a Virtual Host definition in our httpd.conf for a Virtual Host listening on Port 8000 with the servername hrapp.mycompany.com. Over this virtual host our OC4J Application hrapp should be reachable, so we have to switch the Oc4jRoutingMode to static and turn the Oc4jMountCopy to off. After we can create the Oc4jMount Options to our hrapp.

Listen 8000
NameVirtualHost *:8000
Oc4jRoutingMode Static
<VirtualHost *:8000 >
ServerName hrapp.mycompany.com
Oc4jMountCopy off
Oc4jMount /hrapp OC4J_HRAPP
Oc4jMount /hrapp/* OC4J_HRAPP
</VirtualHost >

Thats all :-)

Read More

Oracle Forms Load Balancing

Load Balancing for Oracle Forms Applications is more and more required and used, but in many cases you don't have the budget for a Hardware Load Balancer.

The first choice is mostly Oracle WebCache to use as a Load Balancer, but as I see in many projects this solution is sometimes really slow. Another alternative is to use Oracle HTTP Server 1.3.31 out of the Oracle Application Server Companion CD 10.1.2.0.2 and configure a Load Balancing for your Oracle Forms Application. But be aware, that you can't use the Oracle HTTP Server (OHS) 2.0.52 out of the Companion CD, because the mod_oc4j of the OHS 2.0.52 is not compatible with the OC4J from the Oracle AS 10.1.2.0.2.
A complete description how to configure the Load Balancing with the OHS 1.3.31 you can find in the Oracle TechNet.

To check the status of your OHS Load Balancer you can use the oc4j-service URL http://ohsserver:port/oc4j-service?cmd=p
From the first feelings this OHS Load Balancer seems to be faster, then the usage of Oracle WebCache as a Load Balancer.

Read More

New Version of Oracle Software Configuration Manager

Since a few days, the new version of the Software Configuration Manager is rolled out, which can be reached under the URL http://csm.oracle.com

The Software Configuration Manager is the new version of Oracle Metalink

Since the new version is rolled out, now you can access directly from http://csm.oracle.com the Knowlegde Base, your Support Requests, Patches & Updates a.s.o.

What is really cool, is the bubble look'n feel of the Support Requests :-)

Read More

Applying Oracle Application Server Patch 3 on Linux x86_64

Since a short time the Oracle Application Server 10g Release 2 Patch 3 (10.1.2.3.0) is available.

If you try to apply the Patch on a Linux x86_64 system, you will run in linking errors. To avoid this errors, execute as root user following steps:

1. cd /usr/bin
2. mv /usr/bin/gcc /usr/bin/gcc.save
3. mv /usr/bin/g++ /usr/bin/g++.save
4. # create a new file under /usr/bin named: gcc with following content:
   /usr/bin/gcc.save -m32 $*
5. # Dont forget to make it executable:
   chmod 755 gcc
6. # Create a sym link for g++
   ln -s gcc g++

After this steps login as the oracle installation user, switch to linux32 bash and start the runInstaller

Now the Patch should be run without linking errors.

Don't forget to move back after the patch installation to your original gcc and g++

Read More

Identify your JDBC Connection in v$session

A major problem for DBA's is the fact that in the v$session view it's really hard to identify which session comes from which J2EE Application.
A select over the v$session view just shows the connected users and from which machine the connect is established, but we can't see from which J2EE Application the sessions are coming :-(

With Oracle AS 10.1.3.x we have the possibility to add a property in the data-source.xml, that is displayed in the column "PROGRAM" of the v$session view.

Following changes have to be done at the data-source.xml configuration file:

1. Check if the factory class oracle.jdbc.driver.OracleDriver is used
2. Add the line inside the connection-factory
3. After the changes, restart your OC4J Instance


<data-sources xsi="http://www.w3.org/2001/XMLSchema-instance" nonamespaceschemalocation="http://xmlns.oracle.com/oracleas/schema/data-sources-10_1.xsd" version="10">

<managed-data-source name="conn_pool_hr_app">

<managed-data-source name="conn_pool_hr_app_reporting">

<connection-pool name="conn_pool_hr_app" limit="3"
connections="3">

<connection-factory class="oracle.jdbc.driver.OracleDriver" user="scott" password="tiger" url="jdbc:oracle:thin:@//localhost:1521/PROD"> <property name="v$session.program" value="conn_pool_hr_app">
</property>
</connection-factory>
</connection-pool>

<connection-pool name="conn_pool_hr_app_reporting" limit="3" connections="3">
<connection-factory class="oracle.jdbc.driver.OracleDriver" user="scott" password="tiger" url="jdbc:oracle:thin:@//localhost:1521/PROD">
<property name="v$session.program" value="conn_pool_hr_app_reporting"></property>
</connection-factory>
</connection-pool>
</data-sources>


If we now select over our v$session view, we can see which session comes from which J2EE Application :-)

Read More