Thursday, October 29, 2015

WLS deployment via Jersey REST client

 

Outline

 

Introduction

For programmatic deployment to Oracle Weblogic Server a very easy approach is to use the Oracle Weblogic Server Management REST API.

 

curl -v \
--user username:password \
-H X-Requested-By:MyClient \
-H Accept:application/json \
-H Content-Type:application/json \
-d "{
name: 'BasicApp',
deploymentPath:
'/deployments/BasicApp/app/BasicApp.ear',
targets: [
'myserver' ]
}
" \
-X POST http://localhost:7001/management/wls/latest/deployments/application

The benefits here are related to:


  • Granular WLS targeting
  • Integration into a CI process via Maven/ANT…

The challenges are related to dealing with SSL connections (importing CA certificates to the REST client). In this initial article we’ll trust all the certificates. Another article will follow that will describe how to import CA certificates to the REST client.


Jersey REST Client


You need to provide the following parameters to your client:


  • WLS username
  • WLS password
  • WLS REST endpoint
  • Deployment path
  • String Model which is a JSON({ name: '${deploymentName}', targets: ['${wls-targets}'] }) containing the:
  • Deployment name
  • Targets

The client code:


 


1 import java.io.File;
2 import java.security.SecureRandom;
3
4 import javax.net.ssl.HostnameVerifier;
5 import javax.net.ssl.HttpsURLConnection;
6 import javax.net.ssl.SSLContext;
7 import javax.net.ssl.SSLSession;
8 import javax.ws.rs.core.MediaType;
9
10 import com.sun.jersey.api.client.Client;
11 import com.sun.jersey.api.client.ClientResponse;
12 import com.sun.jersey.api.client.WebResource;
13 import com.sun.jersey.api.client.config.ClientConfig;
14 import com.sun.jersey.api.client.config.DefaultClientConfig;
15 import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
16 import com.sun.jersey.client.urlconnection.HTTPSProperties;
17 import com.sun.jersey.multipart.FormDataMultiPart;
18 import com.sun.jersey.multipart.file.FileDataBodyPart;
19
20 public class JerseyClientPost {
21
22 public static void main(String[] args) {
23 String proxyHost = "";
24 String proxyPort = "";
25 String username = args[0];
26 String password = args[1];
27 String restURL = args[2];
28 String deploymentPath = args[3];
29 String stringModel = args[4];
30
31 try {
32
33 String model = stringModel;
34
35 Client client = Client.create(configureClient());
36
37 WebResource webResource = client.resource(restURL);
38
39 client.addFilter(new HTTPBasicAuthFilter(username, password));
40 webResource.header("x-requested-by", "WLSMavenDeployClient");
41 webResource.header("accept", "application/json");
42 webResource.header("content-type", "multipart/form-data");
43
44 FileDataBodyPart deployment = new FileDataBodyPart("deployment",
45 new File(deploymentPath),
46 MediaType.APPLICATION_OCTET_STREAM_TYPE);
47
48 FormDataMultiPart multiPart = new FormDataMultiPart();
49 multiPart.bodyPart(deployment);
50 multiPart.field("model", model, MediaType.APPLICATION_JSON_TYPE);
51
52 ClientResponse response = webResource.type(
53 MediaType.MULTIPART_FORM_DATA_TYPE).post(
54 ClientResponse.class, multiPart);
55
56 System.out.println("");
57 System.out.println("response2 : " + response.toString());
58 String output = response.getEntity(String.class);
59 System.out.println(output);
60 System.out.println("");
61
62 if (response.getStatus() != 201) {
63 throw new RuntimeException("Failed : HTTP error code : "
64 + response.getStatus());
65 }
66
67 } catch (Exception e) {
68
69 e.printStackTrace();
70
71 }
72
73 }
74
75 public static ClientConfig configureClient() {
76 System.setProperty("jsse.enableSNIExtension", "false");
77 try {
78 trustAllHttpsCertificates();
79 } catch (Exception e1) {
80 // TODO Auto-generated catch block
81 e1.printStackTrace();
82 }
83
84 SSLContext ctx = null;
85 javax.net.ssl.TrustManager[] trustAllCerts =
86
87 new javax.net.ssl.TrustManager[1];
88
89 javax.net.ssl.TrustManager tm = new miTM();
90
91 trustAllCerts[0] = tm;
92
93 javax.net.ssl.SSLContext sc;
94 try {
95 sc = javax.net.ssl.SSLContext.getInstance("SSL");
96 sc.init(null, trustAllCerts, null);
97 javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
98
99 sc.getSocketFactory());
100 } catch (Exception e2) {
101 // TODO Auto-generated catch block
102 e2.printStackTrace();
103 }
104
105 try {
106 ctx = SSLContext.getInstance("SSL");
107 ctx.init(null, trustAllCerts, new SecureRandom());
108 } catch (java.security.GeneralSecurityException ex) {
109 }
110 HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
111 try {
112 trustAllHttpsCertificates();
113 } catch (Exception e1) {
114 // TODO Auto-generated catch block
115 e1.printStackTrace();
116 }
117 ClientConfig config = new DefaultClientConfig();
118 try {
119 config.getProperties().put(
120 HTTPSProperties.PROPERTY_HTTPS_PROPERTIES,
121 new HTTPSProperties(new HostnameVerifier() {
122
123 @Override
124 public boolean verify(String hostname,
125 SSLSession session) {
126 // TODO Auto-generated method stub
127 return true;
128 }
129 }, ctx));
130
131 } catch (Exception e) {
132 }
133 return config;
134 }
135
136 private static void trustAllHttpsCertificates() throws Exception {
137
138 // Create a trust manager that does not validate certificate chains:
139 System.out
140 .println("\n[WARNING] SSL INSECURE: Trusting all https certificates\n");
141
142 javax.net.ssl.TrustManager[] trustAllCerts =
143
144 new javax.net.ssl.TrustManager[1];
145
146 javax.net.ssl.TrustManager tm = new miTM();
147
148 trustAllCerts[0] = tm;
149
150 javax.net.ssl.SSLContext sc =
151
152 javax.net.ssl.SSLContext.getInstance("SSL");
153
154 sc.init(null, trustAllCerts, null);
155
156 javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
157
158 sc.getSocketFactory());
159
160 }
161
162 public static class miTM implements javax.net.ssl.TrustManager,
163 javax.net.ssl.X509TrustManager {
164 public java.security.cert.X509Certificate[] getAcceptedIssuers() {
165 return null;
166 }
167
168 public boolean isServerTrusted(
169 java.security.cert.X509Certificate[] certs) {
170 return true;
171 }
172
173 public boolean isClientTrusted(
174 java.security.cert.X509Certificate[] certs) {
175 return true;
176 }
177
178 public void checkServerTrusted(
179 java.security.cert.X509Certificate[] certs, String authType)
180 throws java.security.cert.CertificateException {
181 return;
182 }
183
184 public void checkClientTrusted(
185 java.security.cert.X509Certificate[] certs, String authType)
186 throws java.security.cert.CertificateException {
187 return;
188 }
189 }
190
191

Trusting all the certificates


For simplicity, whenever your WLS server is listening only on https(SSL), we are trusting all the certificates.

THIS IS NOT A RECOMMENDED SECURE APPROACH !

 


1 public static ClientConfig configureClient() {
2 System.setProperty("jsse.enableSNIExtension", "false");
3 try {
4 trustAllHttpsCertificates();
5 } catch (Exception e1) {
6 // TODO Auto-generated catch block
7 e1.printStackTrace();
8 }
9
10 SSLContext ctx = null;
11 javax.net.ssl.TrustManager[] trustAllCerts =
12
13 new javax.net.ssl.TrustManager[1];
14
15 javax.net.ssl.TrustManager tm = new miTM();
16
17 trustAllCerts[0] = tm;
18
19 javax.net.ssl.SSLContext sc;
20 try {
21 sc = javax.net.ssl.SSLContext.getInstance("SSL");
22 sc.init(null, trustAllCerts, null);
23 javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
24
25 sc.getSocketFactory());
26 } catch (Exception e2) {
27 // TODO Auto-generated catch block
28 e2.printStackTrace();
29 }
30
31 try {
32 ctx = SSLContext.getInstance("SSL");
33 ctx.init(null, trustAllCerts, new SecureRandom());
34 } catch (java.security.GeneralSecurityException ex) {
35 }
36 HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
37 try {
38 trustAllHttpsCertificates();
39 } catch (Exception e1) {
40 // TODO Auto-generated catch block
41 e1.printStackTrace();
42 }
43 ClientConfig config = new DefaultClientConfig();
44 try {
45 config.getProperties().put(
46 HTTPSProperties.PROPERTY_HTTPS_PROPERTIES,
47 new HTTPSProperties(new HostnameVerifier() {
48
49 @Override
50 public boolean verify(String hostname,
51 SSLSession session) {
52 // TODO Auto-generated method stub
53 return true;
54 }
55 }, ctx));
56
57 } catch (Exception e) {
58 }
59 return config;
60 }
61
62 private static void trustAllHttpsCertificates() throws Exception {
63
64 // Create a trust manager that does not validate certificate chains:
65 System.out
66 .println("\n[WARNING] SSL INSECURE: Trusting all https certificates\n");
67
68 javax.net.ssl.TrustManager[] trustAllCerts =
69
70 new javax.net.ssl.TrustManager[1];
71
72 javax.net.ssl.TrustManager tm = new miTM();
73
74 trustAllCerts[0] = tm;
75
76 javax.net.ssl.SSLContext sc =
77
78 javax.net.ssl.SSLContext.getInstance("SSL");
79
80 sc.init(null, trustAllCerts, null);
81
82 javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
83
84 sc.getSocketFactory());
85
86 }
87
88 public static class miTM implements javax.net.ssl.TrustManager,
89 javax.net.ssl.X509TrustManager {
90 public java.security.cert.X509Certificate[] getAcceptedIssuers() {
91 return null;
92 }
93
94 public boolean isServerTrusted(
95 java.security.cert.X509Certificate[] certs) {
96 return true;
97 }
98
99 public boolean isClientTrusted(
100 java.security.cert.X509Certificate[] certs) {
101 return true;
102 }
103
104 public void checkServerTrusted(
105 java.security.cert.X509Certificate[] certs, String authType)
106 throws java.security.cert.CertificateException {
107 return;
108 }
109
110 public void checkClientTrusted(
111 java.security.cert.X509Certificate[] certs, String authType)
112 throws java.security.cert.CertificateException {
113 return;
114 }
115 }
116
117

Maven integration


For Continuous Integration we can use the above client to deploy our project directly from Maven. We can do that by using the org.codehaus.mojo plugin.

 


……
<wls-targets>MyCluster</wls-targets>
<wls-user>weblogic</wls-user>
<wls-password>MyPassword</wls-password>
<restEndpoint>https://<WLS-AdminServerIP>:7002/management/wls/latest/deployments/application </restEndpoint>
<deployment>target/MyApp.war</deployment>
<deploymentName>MyApp.war</deploymentName>
……
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>1.2</version>
<configuration>
<mainClass>com.oracle.cloud.demo.oe.rest.JerseyClientPost</mainClass>
<arguments>
<argument>${wls-user}</argument>
<argument>${wls-password}</argument>
<argument>${restEndpoint}</argument>
<argument>target/MyApp.war</argument>
<argument>{ name: '${deploymentName}', targets: ['${wls-targets}'] }</argument>
</arguments>
</configuration>
<executions>
<execution>
<id>WLS-REST-DEPLOY</id>
<phase>WLS-REST-DEPLOY</phase>
<goals>
<goal>java</goal>
</goals>
</execution>
</executions>
</plugin>
……


Your maven invocation will look something like this: clean package exec:java