Art of BI: BITeamwork Printing Over SSL for WebLogic Server – Solution
Christian Screen | | November 22, 2015
Recently one of our BITeamwork customers experienced a strange issue when printing the OBIEE dashboard page and views with commentary. Ultimately it was discovered that they had a fairly complex SSL configuration established as part of their high availability OBIEE architecture. Although not uncommon, using SSL in a production environment is recommended, especially when accessing the system outside of the firewall.
The issue encountered was one based on SSL images not being displayed as part of the print output to PDF or image (png). In Internet Explorer surprisingly the only noticeable issue was that the SSL images did not display on the output PDF. The export of the dashboard page or view to PNG created a file but the file rendered as a blank image. In Chrome and Firefox browsers an actual error was being thrown preventing any output file from being created at all.
Upon some debugging the technical issue from code shows,
java.lang.ClassCastException: weblogic.net.http.SOAPHttpsURLConnection cannot be cast to javax.net.ssl.HttpsURLConnection
This error is generated by the WebLogic server because Weblogic attempts to create its own process for how it handles SSL communication standards for SSL requests from within its application server which differs slightly from the Java standard. From what research and the WebLogic documentation provides this is neither a positive or negative, more secure or less secure than the existing global Java standard. However, it is a non-standard protocol which is similar to other proprietary settings of how Weblogic handles handshakes and hostname verification which are defaults that are usually touched/modified in someway for enterprise SOA and advanced technical integrations, even in a production environment. If the Weblogic server itself is behind a firewall then modifying these components/attributes are absolutely of no security concern. Even if one where exposing the OBIEE or SOA system outside the firewall, most likely the SSL certificates will be at the load balancer or web tier, so a real enterprise architecture would not be concerned by modifying these settings either.
The solution in the case of the BITeamwork Printing over SSL for WebLogic Server issue, it is resolved by adding a java (JVM) option switch to the startup of the WebLogic Server. As you may already be aware, during any Oracle application deployment and startup that uses WebLogic as the application server, there are several options, specific to an application, or ancillary to the process (ex: increase JVM heap size, etc.) that are added as JVM options via configuration files. One such file for OBIEE being started in the WebLogic Server is the setDomainEnv.cmd|sh file. As such, the following JVM option switch will need to be added to the JVM options list and it will resolve the issue mentioned above quite nicely,
Where to place the new Java Option switch parameter for -DUseSunHttpHandler?
This can either be placed at the java startup command for the OBIEE weblogic managed server, or it can be placed in the startup arguments via the web-based WebLogic Admin Console. Below are the steps for adding this JVM startup option via the respective WLS locations. The two approaches for doing so will be to pdate this through the graphical web WLS Admin Console interface (i.e.: http://localhost:7001/console) if your startup script uses the Node Manager, otherwise, you will need to update the startup scripts startManagedWebLogic.cmd|sh and/or setDomainEnv.cmd|sh.
BIServer Node Manager Startup Option
Use these steps if your OBIEE managed servers are being started by using the Node Manager, after the Admin Server starts. If not, or if using the OBIEE simple installation, you will need to use the second configuration option of adding the flag to the JVM options in your startManagedServers.cmd|sh scripts.
- Open the WLS Admin Console, http://localhost:7001/console
- Expand Environment > Servers
- Click on the bi_server1 node (repeat for all scaled out Bi_servers managed servers)
- Click the Configuration main tab and the Server Start sub-tab
- Locate the Arguments text box and place the syntax, -DUseSunHttpHandler=true, in this field
- Click the Save button
- Repeat for each of the bi_Servern managed servers in your architecture configuration
WebLogic Server JVM Option
Use these steps if your OBIE managed servers are started via command-line, or via the windows operating system services controls or if you are using the default Start OBIEE Services option when installed on a Windows OS.
- Open the folder on your OBIEE Server/ WebLogic Server environment for, C:OracleFMWuser_projectsdomainsbifoundation_domainbin, or similar
- Locate the startManagedWebLogic.cmd|sh
- Update this file, startWebLogic.cmd|sh, if using a OBIEE Simple installation only
- Backup both of the files found
- Edit the startManagedWebLogic.cmd|sh file (if using an enterprise installation) or the startWebLogic.cmd|sh file if using a OBIEE simple installation
- Locate the section of the file that is setting the JAVA_OPTIONS variable
- Below the above location enter the following syntax.
- Save the file.
- Locate the setDomainEnv.cmd|sh file and back up this file
- Edit the setDomainEnv.cmd|sh file
- Locate the section of the file that sets the EXTRA_JAVA_PROPERTIES variables
- Enter the following syntax before the set JAVA_PROPERTIES variable line,
- Save the file.
- Stop the full OBIEE services components and Restart the full OBIEE system (i.e.: weblogic + obiee) so that the servers pick up the JVM startup option changes. Technically only the restart of the OPMN and BI Managed Servers is necessary for an enterprise install environment but if your startup and shutdown for OBIEE process is scripted, use those script to fully restart the architecture.
- Verify the new java option is available by checking the stdout log output for the BI Managed Servers at the top of the server to see the JVM option was set properly
EPM applications help measure the business performance. This post will help you choose the best EPM solutions for your organization’s needs and objectives.
With serious financial penalties, SOX audits can be intimidating — but they don’t have to be. Find out how you can use Datavail’s software to automatically prove SOX compliance.