ssl - 如何使用在线 WLST 脚本启用 SSL?
问题描述
我尝试使用在线 WLST 脚本启用 WebLogic 域范围的管理员端口。
import os
# Deployment Information
domainname = os.environ.get('DOMAIN_NAME', 'base_domain')
admin_name = os.environ.get('ADMIN_NAME', 'AdminServer')
domainhome = os.environ.get('DOMAIN_HOME', '/u01/oracle/user_projects/domains/' + domainname)
ssl_port = os.environ.get('SSL_PORT', '7999')
admin_port = os.environ.get('SSL_ADMIN_PORT', '8888')
print('admin_name : [%s]' % admin_name);
# Read Domain in Offline Mode
# ===========================
connect(username,password,server_url)
edit()
print ""
print "================== SSL configuration ==================="
startEdit()
# Configure SSL
#===================
cd('/Servers/' + admin_name)
set('KeyStores', 'CustomIdentityAndJavaStandardTrust')
set('CustomIdentityKeyStoreFileName', '/u01/oracle/certificates/keystore')
set('CustomIdentityKeyStorePassPhraseEncrypted', encrypt('weblogic1'))
set('CustomIdentityKeyStoreType', 'jks')
cd('SSL/' + admin_name)
set('Enabled', 'True')
set('ListenPort', int(ssl_port))
set('ServerPrivateKeyAlias', key_alias)
set('ServerPrivateKeyPassPhraseEncrypted', encrypt('weblogic1'))
set('TwoWaySSLEnabled', 'true')
print("Set CustomIdentityAndJavaStandardTrust @ [%s]" % "/u01/oracle/certificates/keystore")
print("Key alias: [%s]" % key_alias)
print("Enabled SSL listen port @ [%s]" % ssl_port)
print("Enabled two-way SSL authentication")
# Enable administration port
# ===========================
cd ('/')
set('AdministrationPortEnabled', 'true')
set('AdministrationPort', int(admin_port))
print("Enabled administration port @ [%s]" % admin_port)
# Save, activate and exit
# ==========================
print ""
save()
activate()
exit()
但是,脚本会引发以下错误
<Jun 13, 2018 7:26:41,805 AM GMT> <Warning> <RMI> <BEA-080005> <An exception was
generated by the RMI server: Remote call rejected due to wrong channel usage
java.lang.SecurityException: User 'principals=[weblogic, Administrators]' has a
dministration role. All tasks by adminstrators must go through an Administration
Port. Channel:Default[t3][1]:t3(t3):127.0.0.1:7001:null:-1, endpoint:weblogic.r
jvm.RJVMImpl@50ad6c43 - JVMID: '2801878478613847958C:172.17.0.2R:-50326164812424
17496S:172.17.0.2:kkv:admin' connect time: 'Wed Jun 13 07:26:37 GMT 2018', serve
rRef:594523856.
java.lang.SecurityException: User 'principals=[weblogic, Administrators]' has ad
ministration role. All tasks by adminstrators must go through an Administration
Port. Channel:Default[t3][1]:t3(t3):127.0.0.1:7001:null:-1, endpoint:weblogic.rj
vm.RJVMImpl@50ad6c43 - JVMID: '2801878478613847958C:172.17.0.2R:-503261648124241
7496S:172.17.0.2:kkv:admin' connect time: 'Wed Jun 13 07:26:37 GMT 2018', server
Ref:594523856
at weblogic.rmi.internal.BasicServerRef.ensureAdministratorUsesAdminChan
nel(BasicServerRef.java:433)
at weblogic.rmi.internal.BasicServerRef.checkPriviledges(BasicServerRef.
java:1089)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:378
)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:108
1)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1405)
Truncated. see log file for complete stacktrace
>
<Jun 13, 2018 7:26:41,817 AM GMT> <Warning> <RMI> <BEA-080005> <An exception was
generated by the RMI server: Remote call rejected due to wrong channel usage
java.lang.SecurityException: User 'principals=[weblogic, Administrators]' has a
dministration role. All tasks by adminstrators must go through an Administration
Port. Channel:Default[t3][1]:t3(t3):127.0.0.1:7001:null:-1, endpoint:weblogic.r
jvm.RJVMImpl@50ad6c43 - JVMID: '2801878478613847958C:172.17.0.2R:-50326164812424
17496S:172.17.0.2:kkv:admin' connect time: 'Wed Jun 13 07:26:37 GMT 2018', serve
rRef:594523856.
java.lang.SecurityException: User 'principals=[weblogic, Administrators]' has ad
ministration role. All tasks by adminstrators must go through an Administration
Port. Channel:Default[t3][1]:t3(t3):127.0.0.1:7001:null:-1, endpoint:weblogic.rj
vm.RJVMImpl@50ad6c43 - JVMID: '2801878478613847958C:172.17.0.2R:-503261648124241
7496S:172.17.0.2:kkv:admin' connect time: 'Wed Jun 13 07:26:37 GMT 2018', server
Ref:594523856
at weblogic.rmi.internal.BasicServerRef.ensureAdministratorUsesAdminChan
nel(BasicServerRef.java:433)
at weblogic.rmi.internal.BasicServerRef.checkPriviledges(BasicServerRef.
java:1089)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:378
)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:108
1)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1405)
Truncated. see log file for complete stacktrace
>
<Jun 13, 2018 7:26:41,850 AM GMT> <Warning> <RMI> <BEA-080005> <An exception was
generated by the RMI server: Remote call rejected due to wrong channel usage
java.lang.SecurityException: User 'principals=[weblogic, Administrators]' has a
dministration role. All tasks by adminstrators must go through an Administration
Port. Channel:Default[t3][1]:t3(t3):127.0.0.1:7001:null:-1, endpoint:weblogic.r
jvm.RJVMImpl@50ad6c43 - JVMID: '2801878478613847958C:172.17.0.2R:-50326164812424
17496S:172.17.0.2:kkv:admin' connect time: 'Wed Jun 13 07:26:37 GMT 2018', serve
rRef:594523856.
java.lang.SecurityException: User 'principals=[weblogic, Administrators]' has ad
ministration role. All tasks by adminstrators must go through an Administration
Port. Channel:Default[t3][1]:t3(t3):127.0.0.1:7001:null:-1, endpoint:weblogic.rj
vm.RJVMImpl@50ad6c43 - JVMID: '2801878478613847958C:172.17.0.2R:-503261648124241
7496S:172.17.0.2:kkv:admin' connect time: 'Wed Jun 13 07:26:37 GMT 2018', server
Ref:594523856
at weblogic.rmi.internal.BasicServerRef.ensureAdministratorUsesAdminChan
nel(BasicServerRef.java:433)
at weblogic.rmi.internal.BasicServerRef.checkPriviledges(BasicServerRef.
java:1089)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:378
)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:108
1)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1405)
Truncated. see log file for complete stacktrace
>
<Jun 13, 2018 7:26:41,852 AM GMT> <Warning> <RMI> <BEA-080005> <An exception was
generated by the RMI server: Remote call rejected due to wrong channel usage
java.lang.SecurityException: User 'principals=[weblogic, Administrators]' has a
dministration role. All tasks by adminstrators must go through an Administration
Port. Channel:Default[t3][1]:t3(t3):127.0.0.1:7001:null:-1, endpoint:weblogic.r
jvm.RJVMImpl@50ad6c43 - JVMID: '2801878478613847958C:172.17.0.2R:-50326164812424
17496S:172.17.0.2:kkv:admin' connect time: 'Wed Jun 13 07:26:37 GMT 2018', serve
rRef:594523856.
java.lang.SecurityException: User 'principals=[weblogic, Administrators]' has ad
ministration role. All tasks by adminstrators must go through an Administration
Port. Channel:Default[t3][1]:t3(t3):127.0.0.1:7001:null:-1, endpoint:weblogic.rj
vm.RJVMImpl@50ad6c43 - JVMID: '2801878478613847958C:172.17.0.2R:-503261648124241
7496S:172.17.0.2:kkv:admin' connect time: 'Wed Jun 13 07:26:37 GMT 2018', server
Ref:594523856
at weblogic.rmi.internal.BasicServerRef.ensureAdministratorUsesAdminChan
nel(BasicServerRef.java:433)
at weblogic.rmi.internal.BasicServerRef.checkPriviledges(BasicServerRef.
java:1089)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:378
)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:108
1)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1405)
Truncated. see log file for complete stacktrace
>
<Jun 13, 2018 7:26:41,863 AM GMT> <Warning> <RMI> <BEA-080005> <An exception was
generated by the RMI server: Remote call rejected due to wrong channel usage
java.lang.SecurityException: User 'principals=[weblogic, Administrators]' has a
dministration role. All tasks by adminstrators must go through an Administration
Port. Channel:Default[t3][1]:t3(t3):127.0.0.1:7001:null:-1, endpoint:weblogic.r
jvm.RJVMImpl@50ad6c43 - JVMID: '2801878478613847958C:172.17.0.2R:-50326164812424
17496S:172.17.0.2:kkv:admin' connect time: 'Wed Jun 13 07:26:37 GMT 2018', serve
rRef:594523856.
java.lang.SecurityException: User 'principals=[weblogic, Administrators]' has ad
ministration role. All tasks by adminstrators must go through an Administration
Port. Channel:Default[t3][1]:t3(t3):127.0.0.1:7001:null:-1, endpoint:weblogic.rj
vm.RJVMImpl@50ad6c43 - JVMID: '2801878478613847958C:172.17.0.2R:-503261648124241
7496S:172.17.0.2:kkv:admin' connect time: 'Wed Jun 13 07:26:37 GMT 2018', server
Ref:594523856
at weblogic.rmi.internal.BasicServerRef.ensureAdministratorUsesAdminChan
nel(BasicServerRef.java:433)
at weblogic.rmi.internal.BasicServerRef.checkPriviledges(BasicServerRef.
java:1089)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:378
)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:108
1)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1405)
Truncated. see log file for complete stacktrace
>
<Jun 13, 2018 7:26:41,868 AM GMT> <Warning> <RMI> <BEA-080005> <An exception was
generated by the RMI server: Remote call rejected due to wrong channel usage
java.lang.SecurityException: User 'principals=[weblogic, Administrators]' has a
dministration role. All tasks by adminstrators must go through an Administration
Port. Channel:Default[t3][1]:t3(t3):127.0.0.1:7001:null:-1, endpoint:weblogic.r
jvm.RJVMImpl@50ad6c43 - JVMID: '2801878478613847958C:172.17.0.2R:-50326164812424
17496S:172.17.0.2:kkv:admin' connect time: 'Wed Jun 13 07:26:37 GMT 2018', serve
rRef:594523856.
java.lang.SecurityException: User 'principals=[weblogic, Administrators]' has ad
ministration role. All tasks by adminstrators must go through an Administration
Port. Channel:Default[t3][1]:t3(t3):127.0.0.1:7001:null:-1, endpoint:weblogic.rj
vm.RJVMImpl@50ad6c43 - JVMID: '2801878478613847958C:172.17.0.2R:-503261648124241
7496S:172.17.0.2:kkv:admin' connect time: 'Wed Jun 13 07:26:37 GMT 2018', server
Ref:594523856
at weblogic.rmi.internal.BasicServerRef.ensureAdministratorUsesAdminChan
nel(BasicServerRef.java:433)
at weblogic.rmi.internal.BasicServerRef.checkPriviledges(BasicServerRef.
java:1089)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:378
)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:108
1)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1405)
Truncated. see log file for complete stacktrace
>
"
You will have to re-connect to the server due to some changes" "
you have made."
Disconnected from weblogic server: admin
<Jun 13, 2018 7:26:41,878 AM GMT> <Warning> <RMI> <BEA-080005> <An exception was
generated by the RMI server: Remote call rejected due to wrong channel usage
java.lang.SecurityException: User 'principals=[weblogic, Administrators]' has a
dministration role. All tasks by adminstrators must go through an Administration
Port. Channel:Default[t3][1]:t3(t3):127.0.0.1:7001:null:-1, endpoint:weblogic.r
jvm.RJVMImpl@50ad6c43 - JVMID: '2801878478613847958C:172.17.0.2R:-50326164812424
17496S:172.17.0.2:kkv:admin' connect time: 'Wed Jun 13 07:26:37 GMT 2018', serve
rRef:326931496.
java.lang.SecurityException: User 'principals=[weblogic, Administrators]' has ad
ministration role. All tasks by adminstrators must go through an Administration
Port. Channel:Default[t3][1]:t3(t3):127.0.0.1:7001:null:-1, endpoint:weblogic.rj
vm.RJVMImpl@50ad6c43 - JVMID: '2801878478613847958C:172.17.0.2R:-503261648124241
7496S:172.17.0.2:kkv:admin' connect time: 'Wed Jun 13 07:26:37 GMT 2018', server
Ref:326931496
at weblogic.rmi.internal.BasicServerRef.ensureAdministratorUsesAdminChan
nel(BasicServerRef.java:433)
at weblogic.rmi.internal.BasicServerRef.checkPriviledges(BasicServerRef.
java:1089)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:378
)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:108
1)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1405)
Truncated. see log file for complete stacktrace
>
<Jun 13, 2018 7:26:41,881 AM GMT> <Warning> <RMI> <BEA-080005> <An exception was
generated by the RMI server: Remote call rejected due to wrong channel usage
java.lang.SecurityException: User 'principals=[weblogic, Administrators]' has a
dministration role. All tasks by adminstrators must go through an Administration
Port. Channel:Default[t3][1]:t3(t3):127.0.0.1:7001:null:-1, endpoint:weblogic.r
jvm.RJVMImpl@50ad6c43 - JVMID: '2801878478613847958C:172.17.0.2R:-50326164812424
17496S:172.17.0.2:kkv:admin' connect time: 'Wed Jun 13 07:26:37 GMT 2018', serve
rRef:594523856.
java.lang.SecurityException: User 'principals=[weblogic, Administrators]' has ad
ministration role. All tasks by adminstrators must go through an Administration
Port. Channel:Default[t3][1]:t3(t3):127.0.0.1:7001:null:-1, endpoint:weblogic.rj
vm.RJVMImpl@50ad6c43 - JVMID: '2801878478613847958C:172.17.0.2R:-503261648124241
7496S:172.17.0.2:kkv:admin' connect time: 'Wed Jun 13 07:26:37 GMT 2018', server
Ref:594523856
at weblogic.rmi.internal.BasicServerRef.ensureAdministratorUsesAdminChan
nel(BasicServerRef.java:433)
at weblogic.rmi.internal.BasicServerRef.checkPriviledges(BasicServerRef.
java:1089)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:378
)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:108
1)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1405)
Truncated. see log file for complete stacktrace
>
Exiting WebLogic Scripting Tool.
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
admin_name : [admin]
Connecting to t3s://localhost:8881 with userid weblogic ...
<Jun 13, 2018 7:26:50 AM GMT> <Info> <Security> <BEA-090905> <Disabling the Cryp
toJ JCE Provider self-integrity check for better startup performance. To enable
this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.
>
<Jun 13, 2018 7:26:50 AM GMT> <Info> <Security> <BEA-090906> <Changing the defau
lt Random Number Generator in RSA CryptoJ from ECDRBG128 to HMACDRBG. To disable
this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>
<Jun 13, 2018 7:26:50 AM GMT> <Info> <Security> <BEA-090909> <Using the configur
ed custom SSL Hostname Verifier implementation: weblogic.security.utils.SSLWLSHo
stnameVerifier$NullHostnameVerifier.>
Successfully connected to Admin Server "admin" that belongs to domain "kkv".
Location changed to edit tree.
This is a writable tree with DomainMBean as the root.
To make changes you will need to start an edit session via startEdit().
For more help, use help('edit').
不管错误如何,该端口似乎已启用。但是我怎样才能避免这个错误,即在当前编辑会话中启用管理端口后仍然允许当前的 WLST 编辑会话使用非安全通道,并激活更改并干净地退出而不出现错误消息?
解决方案
推荐阅读
- reactjs - 在 React Native 的 App.js 文件中设置应用容器
- javascript - 永远做 While 循环 Javascript
- unity3d - Unity MLAPI NetworkObject Sync 客户端上的比例错误
- geometry - 将圆形碰撞函数转换为 3d 圆柱函数
- sql-server - SQL Server 奇怪的 ROUND() 行为
- javascript - 为什么在事件流请求停留在未决状态之后发送所有请求?
- python - 如何在 PySimpleGUI 中创建可滚动的列
- r - 在访问和动态更新非列表对象时,如何将多个函数应用于每个列表项?
- c++ - 窗口最小化时 HCBT_MOVESIZE 异常
- python - 如何使用 itertools.product 做依赖嵌套循环?