BEA WebLogic Interview Questions and Answers 18

How do I restrict access to servlets and JSPs?
The Java Servlet API Specification v2.2 allows you to declaratively restrict access to specific Servlets and JSPs using the Web Application Deployment descriptor. Section 13.3.2 of the specification has an example deployment descriptor that uses declarative security. For more information, see Programming WebLogic HTTP Servlets.

How do I protect WebLogic Server from security attacks from bogus clients using the WL-Proxy-Client-Cert header?
The WL-Proxy-Client-Cert header can be spoofed (used) by any client which has direct access to WebLogic Server. WebLogic Server takes the certificate information from that header, trusting that is came from a secure source (the plug-in) and use that information to authenticate the user. In previous releases of WebLogic Server, the default behavior was to always trust that header. Now you need to explicitly define trust of the WL-Proxy-Client-Cert header. A new parameter clientCertProxy allows WebLogic Server to on the implicit trust of the certificate header. If you need an additional level of security, use a connection filter to limit all connections into WebLogic Server (therefore allowing WebLogic Server to only accept connections from the machine on which the plug-in is running).
The clientCertProxy parameter has been added to the HTTPClusterServlet and Web applications.
For the HTTPClusterServlet, add the parameter to the web.xml file as follows:

<param-name>clientCertProxy
<param-value>true


For Web applications, add the parameter to the web.xml file as follows:

ServletRequestImpl context-param

<param-name>weblogic.http.clientCertProxy
<param-value>true


You can also use this parameter in a cluster as follows:
ClientCertProxyHeader="true"/>

Which XML parser comes with WebLogic Server 6.1?
We bundle a parser, based on Apache's Xerces 1.3.1 parser, in WebLogic Server 6.1. In addition, we include a WebLogic proprietary high-performance non-validating parser that you can use for small to medium sized XML documents. The WebLogic XML Registry allows you to configure the parser you want to use for specific document types.

Can I use the getAttribute() and setAttribute() methods of Version 2.2 of the Java Servlet API to parse XML documents?
Yes. Use the setAttribute() method for SAX mode parsing and the getAttribute() method for DOM mode parsing. Using these methods in a Servlet, however, is a WebLogic-specific feature. This means that the Servlet may not be fully portable to other Servlet engines, so use the feature with caution.

How can I avoid ResourceExceptions when sending more requests for database connections from the pool than are currently available?
The fundamental problem is too few resources (database connections in the connection pool) for the work load. The correct response is to increase the maximum number of connections in the connection pool. Optimally designed applications only require the server to have one pool connection per execute thread.
The proper application response to a resource exception is not to retry the request in a tight loop, which would tie up execute threads on the server.
You should design your application to gracefully fail if no connections are available. Try to ensure that you get the connection as late as possible in your application code and return them to the pool as early as possible so that you do not see as many NoResource exceptions. It is better to have the connection as a method level variable and close the connection in a finally block as in the following example:

try{
...
} catch(Exception handleEx) {
...
} finally {
try{ conn.close();
}catch (Exception ignore){} // always return the connection to pool
}

How do I use Unicode codesets with the WebLogic jDriver for Oracle driver?
To use Unicode codesets:
1. Install the appropriate codeset when you install Oracle. If you did not do this in the original installation, you will need to re-run the Oracle installer and install the proper codeset.
2. Define the NLS_LANG variable in the environment where the JDBC driver is running. Do this by assigning the proper codeset to NLS_LANG in the shell from where you start the WebLogic Server.
The Developers Guide has more information about internationalization support.

How do I bind string values in a PreparedStatement?
Suppose you are trying to tget the PreparedStatement class to bind Strings in a statement. The setString() method doesn't seem to work. Here is how you have set up the PreparedStatement:

String pstmt = "select n_name from n_table where n_name LIKE
'?%'";
PreparedStatement ps = conn.prepareStatement(pstmt);
ps.setString(1, "SMIT");
ResultSet rs = ps.executeQuery();

The preceding code does not work because the complete value needs to be specified in a String (without using embedded quotes) and then bound to an unquoted question-mark (?). Here is the corrected code:

String matchvalue = "smit%";
String pstmt = "select n_name from n_table where n_name LIKE ?";
PreparedStatement ps = conn.prepareStatement(pstmt);

ps.setString(1, matchvalue);
ResultSet rs = ps.executeQuery();

How do I look up an "ORA" SQLException?
If your WebLogic jDriver for Oracle application produces an SQLException such as:

java.sql.SQLException: ORA-12536: TNS: operation would block

You can look up an Oracle error by using the oerr command. For example, the description of error ORA-12536 can be found with the command:

> oerr ora 12536

What is error "ORA-6502?"
The default length of a string bound to an OUTPUT parameter of a CallableStatement is 128 characters. If the value you assign to the bound parameter exceeds that length, you will get this error.
You can adjust the length of the value of the bound parameter by passing an explicit length with the scale argument to the CallableStatement.registerOutputParameter() method.

How can I control on which WebLogic Server(s) my application will run?
A system administrator can specify on which WebLogic Server(s) applications will run by specifying targets when configuring connection factories. Each connection factory can be deployed on multiple WebLogic servers.
Note: If you use the default connection factory, you have no control over the WebLogic server on which the connection factory may be deployed. If you would like to target a particular WebLogic server, create a new connection factory and specify the appropriate JMS server target(s).

How do I use a startup class to initialize and later reference JMS objects?
You can use a shutdown class that does something like the following: JMSobject WLSobject = null; try { WLSobject = JMSStartUp.getJMSobject(); WLSobject.JMSCleanup(); } catch(Exception e) {} Servlets can provide a nice solution to provide both initialization and cleanup.