WLEC to WebLogic Tuxedo Connector Migration Guide

How to Modify WLEC Applications for WebLogic Tuxedo Connector

The following sections provide information on the steps required to convert your WLEC applications for use with WebLogic Tuxedo Connector:

How to Modify Your Tuxedo Environment

Tuxedo users need to make the following environment changes:

Create a Tuxedo dmconfig File

A new dmconfig file must be created to provide connectivity between your Tuxedo and WebLogic Server applications. For more information on how to create Tuxedo domains, see Planning and Configuring CORBA Domains.

Modify the Tuxedo tuxconfig File

You will need to modify the tuxconfig file so your application will use the Tuxedo /T Domain gateway. Add Tuxedo the domain servers to the *SERVERS section of you UBB file.

Example:

     DMADM SRVGRP=SYS_GRP SRVID=7
     GWADM SRVGRP=SYS_GRP SRVID=8
     GWTDOMAIN SRVGRP=SYS_GRP SRVID=9

Weblogic Tuxedo Connector does not use ISL. If you no longer have other applications that require ISL, you can remove the ISL from the *SERVERS section.

Example: Comment out the ISL section.

#     ISL
#          SRVGRP  = SYS_GRP
#          SRVID   = 5
#           CLOPT   = "-A -- -n //lchp15:2468 -d /dev/tcp"

How to Modify your WebLogic Server Environment

This section provides information on how to modify your WebLogic Server Environment.

How to Configure WebLogic Tuxedo Connector

Note: For more information on how to configure WebLogic Tuxedo Connector, see Configuring WebLogic Tuxedo Connector for Your Applications.

This section provides basic information on how to create a WTC Service for a migrated WLEC application using the WebLogic Server console. A WTC Service represents configuration information that WebLogic Server uses to create a connection to a Tuxedo application. Typical WTC Service configurations for migrated WLEC applications consist of a local Tuxedo access point, a remote Tuxedo access point, and an imported service.

Use the following steps to create a configuration to administer your application:

Create a WTC Service

Create a Local Tuxedo Access Point

Create a Remote Tuxedo Access Point

Create an Imported Service

Create a WTC Service

Use the following steps to create and configure a WTC service using the WebLogic Server Administration Console:

In the Administration Console, expand Interoperability and select WTC Servers in the navigation tree.

On the WTC Servers page, click New.

On the Create a New WTC Server page, enter the name of your WTC Service in the Name field. Example: mySimpapp

Click OK.

Your new WTC Service appears in the WTC Servers list.

Create a Local Tuxedo Access Point

Note: When configuring the Network Address for a local access point, the port number used should be different from any port numbers assigned to other processes. Example: Setting the Network Address to //mymachine:7001 is not valid if the WebLogic Server listening port is assigned to //mymachine:7001.

Use the following steps to configure a local Tuxedo access point:

In the Administration Console, expand Interoperability and select WTC Servers.

On the WTC Servers page, click the name of a WTC Service, such as mySimpapp, to access the settings page.

Click the Local APs tab.

Enter the following values for the following fields on the WTC Local Access Points page:

In Access Point, enter a name that uniquely identifies this local Tuxedo access point within a WTC Service configuration. This allows you to create Local Tuxedo Access Point configurations that have the same Access Point ID.

In Access Point Id, enter the connection name used when establishing a session connection to remote Tuxedo access points. The Access Point Id must match the corresponding DOMAINID in the *DM_REMOTE_DOMAINS section of your Tuxedo DMCONFIG file.

In Network Address, enter the network address and port for this local Tuxedo access point. For example: //123.123.123.123:5678.

Click OK.

If you are connecting to a Tuxedo 6.5 domain, do the following:

Click the Connections tab.

Set the Interoperate field to Yes.

Click Save.

Create a Remote Tuxedo Access Point

Use the following steps to configure a remote Tuxedo access point:

In the Administration Console, expand Interoperability and select WTC Servers.

On the WTC Servers page, click the name of a WTC Service, such as mySimpapp.

Click the Remote APs tab.

Enter the following values for the following fields on the WTC Remote Access Points page:

In Access Point, enter a name that uniquely identifies this remote Tuxedo access point within a WTC Service configuration. This allows you to create Remote Tuxedo Access Point configurations that have the same Access Point ID.
In Access Point Id, enter the connection name used to identify a remote Tuxedo access point when establishing a connection to a local Tuxedo access point. The Access Point Id of a remote Tuxedo access point must match the corresponding DOMAINID in the *DM_LOCAL_DOMAINS section of your Tuxedo DMCONFIG file.
In Local Access Point, enter the name of the local access point for this remote domain.
In Network Address, enter the network address and port for this remote domain. For example: //123.123.123.123:1234

Click OK.

Create an Imported Service

Use the following steps to configure an imported service:

In the Administration Console, expand Interoperability and select WTC Servers.

On the WTC Servers page, click the name of a WTC Service, such as mySimpapp.

Click the Imported tab.

Enter the following values for the following fields on the WTC Imported Services page:

In Resource Name, enter a name to identify this imported service configuration. This name allows you create unique Imported Services configurations that have the same Remote Name within a WTC Service.
Set Local Access Point to the name of the Local Tuxedo Access Point that uses the service.
In Remote Access Point List, enter a list of Remote Access Point names that offer this imported service.
In Remote Name, enter "//domain_id" where domain_id is DOMAINID specified in the Tuxedo UBBCONFIG file. The maximum length of this unique identifier for CORBA domains is 15 characters and includes the //.
Example: //simpappff

Click OK.

How to Update the ejb-jar.xml File

WebLogic Tuxedo Connector uses the Domain gateway to connect WebLogic and Tuxedo applications. IIOP connection pool are not used and the descriptors can be removed from the ejb-jar.xml file. The following is an example of code removed from the wlec/ejb/simpapp example:

Listing 2-1 IIOP Connection Pool Descriptors for the wlec/ejb/simpapp Example

.
.
.
<env-entry>
	  <env-entry-name>IIOPPoolName</env-entry-name>
	  <env-entry-type>java.lang.String</env-entry-type>
	  <env-entry-value>simplepool</env-entry-value>
	</env-entry>
.
.
.

How to Modify WLEC Applications

The following sections provide information on how to modify WLEC applications to interoperate with WebLogic Server and Tuxedo CORBA objects using WebLogic Tuxedo Connector.

How to Modify WLEC EJBs to Reference CORBA Objects Used by WebLogic Tuxedo Connector

Use the following steps to modify your EJB to use WebLogic Tuxedo Connector to invoke on CORBA objects deployed in Tuxedo:

Initialize the WTC ORB

WLEC uses the weblogic.jndi.WLInitialContextFactory to return a context used by the Tobj_Bootstrap object.

Properties p = new Properties();
p.put(Context.INITIAL_CONTEXT_FACTORY,
     "weblogic.jndi.WLInitialContextFactory");
InitialContext ic = new InitialContext(p);
rootCtx = (Context)ic.lookup("java:comp/env");

Replace the WLEC context reference and instantiate the WTC ORB in your Bean. Example:

// Initialize the ORB.
String args[] = null;
Properties Prop;
Prop = new Properties();
Prop.put("org.omg.CORBA.ORBClass",
"weblogic.wtc.corba.ORB");

orb = (ORB)new InitialContext().lookup("java:comp/ORB");

Use the ORB to get the FactoryFinder Object

Each WLEC connection pool has a Tobj_Bootstrap FactoryFinder object used to access the Tuxedo domain. Example:

Tobj_Bootstrap myBootstrap = Tobj_BootstrapFactory.getClientContext("myPool");
org.omg.CORBA.Object myFFObject = 
    myBootstrap.resolve_initial_references("FactoryFinder");

Remove references to the Tobj_Bootstrap Factory Finder object. Use the following method to obtain the FactoryFinder object using the ORB:

// String to Object.
org.omg.CORBA.Object fact_finder_oref = 		orb.string_to_object("corbaloc:tgiop:simpapp/FactoryFinder");

// Narrow the factory finder.
FactoryFinder fact_finder_ref =
FactoryFinderHelper.narrow(fact_finder_oref);

// Use the factory finder to find the simple factory.
org.omg.CORBA.Object simple_fact_oref =
fact_finder_ref.find_one_factory_by_id(SimpleFactoryHelper.id());

Transaction Issues

Note: For more information how to implement JTA transactions, see Programming WebLogic JTA.

The following section provides information about how to modify WLEC applications that use transactions.

WLEC applications using JTA transactions require no changes.
WLEC applications using CosTransactions need to convert to JTA. If the WLEC client is running within a transaction and needs to invoke a new CosTransaction, the new transaction is implemented in a new transaction context. To implement the same behavior in JTA, do the following:

Suspend the original transaction
Start a new transaction
Resume the original transaction after the new transaction has been completed.

How to Manage Security Issues Migrating from WLEC to WTC

The following table provides some mapping guidelines for security issues between WLEC and WTC as well as their relationship to Tuxedo.

Table 2-1 Security Mapping Guidelines Migrating from WLEC to WTC

WLEC Security Items	Map to in WTC/WLS	Tuxedo
user name	Access the WTC Servers page and click the Local APs tab. Use the user name in the Access Point ID field.	`DOMAINID` in the `DM_REMOTE_DOMAINS` section of the `DMCONFIG` file
user password	Password pair in the password (rather than one password, you must define one for the local access point and one for the remote access point to form mutual authentication.) You can use `"weblogic.wtc.gwt.genpasswd"` utility to generate the encrypted password pair and then cut and paste to the Console WTC Password page.	Use dmadmin to add the passsword pair to each defined TDomain session.
role	Not supported. WTC depends on impersonating user and uses the impersonated user role defined in Tuxedo.
application password	The password in the WTC Resources page. Use `"weblogic.wtc.gwt.genpasswd"` utility to generate the encrypted application password.	No special configuration needs.
min encryption level	1. Access the WTC Servers page and click the name of a WTC Service. 2. Click Remote APs tab. 3. Click the Security tab and select the Min Encryption Level required.	`MINENCRYPTBITS` in the the `DM_TDOMAIN` section of the `DMCONFIG` file.
max encryption level	1. Access the WTC Servers page and click the name of a WTC Service. 2. Click Remote APs tab. 3. Click the Security tab and select the Max Encryption Level required.	`MAXENCRYPTBITS` in the the `DM_TDOMAIN` section of the `DMCONFIG` file.
certificate auth	Not supported.
security context propagation	1. Access the WTC Servers page and click the name of a WTC Service. 2. Click Remote APs tab. 3. Click the Security tab and select Global for the Credential Policy field to propagate user credential to Tuxedo.	`ACL="GLOBAL"` in the `DM_REMOTE_DOMAINS` section of the `DMCONFIG` file.

The following considerations may assist you in understanding how your current WLEC security can map to WTC and Tuxedo security.

The WLEC user name in the certificate can be used as your Access Point ID in the WTC Local APs page.
You must configure Access Point ID in the WTC Remote APs page using the remote Tuxedo domain gateway's DOMAINID. (This DOMAINID should be one of the entries in the DM_LOCAL_DOMAINS section in the DMCONFIG file.)
You must configure the user in both Tuxedo and WTC if you want security context propagation.
If you do not want security context propagation, do not configure credential-policy. By default, credential-policy is set to "LOCAL" which means no propagation. Also, do not configure ACL_POLICY in Tuxedo. By default ACL_POLICY is set to "LOCAL" which means do not accept any remote security context received. In this case, if the Tuxedo security level is higher than USER_AUTH, then the DOMAINID for WTC which is configured in the DM_REMOTE_DOMAINS section of the DMCONFIG file is used.
From the Security tab of the WTC Local APs page, select Domain Password for the Security field. You need to configure 'SECURITY="DM_PW"' in one of the entries in DM_LOCAL_DOMAINS section of the DMCONFIG file for Tuxedo. In this case, password must be configured for for both WTC and the TDomain Gateway and application password is not required.
If you do not want to set Security to Domain Password, you can set it to Application Password. In this case, you do not have to configure password pair in the WTC Passwords page, but you need to configure App Password and App Password IV fields in the WTC Resources page.