CN114143192A - Configuration method and device of Weblogic T3 filter - Google Patents

Abstract

The invention provides a configuration method and a configuration device of a Weblogic T3 filter, wherein the configuration method comprises the following steps: when any server in the Weblogic domain has the AdminServer process, acquiring Weblogic service information corresponding to the AdminServer process, determining each target IP address based on the Weblogic service information, and executing a preset rule generation script to generate a configuration rule corresponding to each target IP address; setting a filter name in a preset WLST script and adding each configuration rule to obtain the WLST configuration script; WLST configuration scripts are executed on the server where the AdminServer process is located to complete the configuration of the T3 filter in the Weblogic domain. By the method, the T3 filter configuration can be automatically completed, and the normalization and standardization of the T3 filter configuration operation are realized, so that the implementation efficiency is improved.

Description

Configuration method and device of Weblogic T3 filter

Technical Field

The invention relates to the technical field of information processing, in particular to a configuration method and device of a Weblogic T3 filter.

Background

Weblogic is an enterprise-level Java EE application server platform (middleware), fully supports the J2EE standard, and is one of the mainstream J2EE servers in the commercial market. T3, also known as rich sockets, is a BEA internal protocol that can be used to transfer information between Weblogic servers and other types of Java programs. Since Weblogic defaults to open the T3 protocol, the risk of the Weblogic deserialization vulnerability is frequently exposed, and an attacker remotely executes deserialization codes by using the T3 protocol to trigger the vulnerability and threaten data security. To prevent this risk, a T3 access filter needs to be configured on Weblogic, and only a specific IP or port is allowed to access the Weblogic domain through the T3 protocol, so that the risk of exploit can be alleviated.

The existing Weblogic T3 filter configuration method needs to manually comb out a server IP address list allowing access through a T3 protocol, then logs in a Weblogic console boundary configuration T3 filter, and adds configuration strategies one by one, so that the operation process is not standard enough, the steps are complex, the implementation efficiency is low, and when the workload is increased, timely completion within a limited time is difficult to guarantee.

Disclosure of Invention

In view of this, the invention provides a configuration method of a Weblogic T3 filter, by which the configuration of a T3 filter can be automatically completed, the normalization and standardization of the configuration operation of the T3 filter can be realized, and the implementation efficiency can be improved.

The invention also provides a configuration device of the Weblogic T3 filter, which is used for ensuring the realization and the application of the method in practice.

A configuration method of a Weblogic T3 filter comprises the following steps:

when any server in a Weblogic domain has an adminServer process, acquiring Weblogic service information corresponding to the adminServer process;

determining each target IP address based on the Weblogic service information, and executing a preset rule generation script to generate a configuration rule corresponding to each target IP address;

setting a filter name in a preset WLST script and adding each configuration rule to obtain a WLST configuration script;

and executing the WLST configuration script on a server where the adminServer process is located to complete the configuration of the T3 filter in the Weblogic domain.

Optionally, in the foregoing method, the acquiring Weblogic service information corresponding to the AdminServer process includes:

determining a Weblogic domain path corresponding to the AdminServer process;

acquiring a configuration file corresponding to the Weblogic domain according to the Weblogic domain path;

and acquiring Weblogic service information corresponding to the AdminServer process based on the configuration file.

The above method, optionally, further includes:

if each configuration rule exists in the connection filter rule items in the configuration file, the T3 filter configured by the Weblogic domain takes effect.

In the foregoing method, optionally, the destination IP address includes: producing an IP address, a managed IP address, a first IP address and a second IP address; the rule generating script comprises a first rule generating script and a second rule generating script; the configuration rules comprise a first configuration rule and a second configuration rule;

the determining, based on the Weblogic service information, each target IP address, and executing a preset rule generation script to generate a configuration rule corresponding to each target IP address includes:

acquiring the IP address of each server in the Weblogic service information, wherein the IP address of each server is the production IP address;

determining a managed IP address corresponding to each production IP address according to a preset mapping rule;

acquiring a preset first IP address and a preset second IP address according to the Weblogic service information;

executing the first rule generation script based on the first IP address, each production IP address and the managed IP address corresponding to the production IP address to generate a first configuration rule, wherein the first configuration rule specifies that the first IP address, each production IP address and a server where the managed IP address corresponding to the production IP address is located can access the Weblogic domain through a T3 protocol;

and executing the second rule generation script based on the second IP address to generate a second configuration rule, wherein the second configuration rule specifies that the server where the second IP address is located cannot access the Weblogic domain through a T3 protocol.

The above method, optionally, further includes:

clearing each configuration rule in the WLST configuration script to obtain a WLST rollback script;

and executing the WLST fallback script on a server where the adminServer process is located to cancel the configuration of the T3 filter in the Weblogic domain.

A configuration device of a Weblogic T3 filter comprises:

the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring Weblogic service information corresponding to an adminServer process when the adminServer process exists in any server in a Weblogic domain;

the determining unit is used for determining each target IP address based on the Weblogic service information and executing a preset rule generating script to generate a configuration rule corresponding to each target IP address;

the configuration unit is used for setting a filter name in a preset WLST script and adding each configuration rule to obtain the WLST configuration script;

and the execution unit is used for executing the WLST configuration script on a server where the adminServer process is located so as to complete the configuration of the T3 filter in the Weblogic domain.

The above apparatus, optionally, the obtaining unit includes:

the first determining subunit is used for determining a Weblogic domain path corresponding to the AdminServer process;

the first obtaining subunit is configured to obtain, according to the Weblogic domain path, a configuration file corresponding to the Weblogic domain;

and the second acquiring subunit is used for acquiring the Weblogic service information corresponding to the adminServer process based on the configuration file.

The above apparatus, optionally, further comprises:

a checking unit, configured to, if there is each configuration rule in the connection filter rule items in the configuration file, validate the T3 filter configured by the Weblogic domain.

In the foregoing apparatus, optionally, the destination IP address includes: producing an IP address, a managed IP address, a first IP address and a second IP address; the rule generating script comprises a first rule generating script and a second rule generating script; the configuration rules comprise a first configuration rule and a second configuration rule; the determination unit includes:

a third obtaining subunit, configured to obtain an IP address of each server in the Weblogic service information, where the IP address of each server is the production IP address;

the second determining subunit is used for determining the managed IP address corresponding to each production IP address according to a preset mapping rule;

the fourth acquiring subunit is configured to acquire a preset first IP address and a preset second IP address according to the Weblogic service information;

a first generating subunit, configured to execute the first rule generating script based on the first IP address, the each production IP address, and the managed IP address corresponding to the production IP address, and generate a first configuration rule, where the first configuration rule specifies that the server where the first IP address, the each production IP address, and the managed IP address corresponding to the production IP address are located can access the Weblogic domain through a T3 protocol;

and the second generating subunit is configured to execute the second rule generating script based on the second IP address to generate a second configuration rule, where the second configuration rule specifies that the server where the second IP address is located cannot access the Weblogic domain through a T3 protocol.

The above apparatus, optionally, further comprises:

a clearing unit, configured to clear each configuration rule in the WLST configuration script to obtain a WLST fallback script;

and the rollback unit is used for executing the WLST rollback script on a server where the adminServer process is located so as to cancel the configuration of the T3 filter in the Weblogic domain.

A storage medium comprising stored instructions, wherein the instructions, when executed, control a device on which the storage medium resides to perform the above-described Weblogic T3 filter configuration method.

An electronic device comprising a memory, and one or more instructions, wherein the one or more instructions are stored in the memory and configured to be executed by the one or more processors to perform the above-described method of configuring the Weblogic T3 filter.

Compared with the prior art, the invention has the following advantages:

based on the embodiment provided by the invention, in the configuration process of the Weblogic T3 filter, when any server in the Weblogic domain has the adminServer process, the Weblogic service information corresponding to the adminServer process is obtained, each target IP address is determined based on the Weblogic service information, and a preset rule generation script is executed to generate the configuration rule corresponding to each target IP address; setting a filter name in a preset WLST script and adding each configuration rule to obtain the WLST configuration script; WLST configuration scripts are executed on the server where the AdminServer process is located to complete the configuration of the T3 filter in the Weblogic domain.

By applying the configuration method of the Weblogic T3 filter, the complex operation configured by the Weblogic T3 filter can be packaged into a one-key universal script, and the normalization and standardization of the configuration operation of the T3 filter are realized. By executing the script, the configuration of the T3 filter is automatically completed, manual intervention is reduced, the configuration implementation efficiency of the T3 filter is improved, and the timeliness requirement of safety risk rectification can be better met.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.

FIG. 1 is a flowchart of a configuration method of a Weblogic T3 filter according to an embodiment of the present invention;

FIG. 2 is a flowchart of another method of configuring a Weblogic T3 filter according to an embodiment of the present invention;

FIG. 3 is a flowchart of another method of configuring a Weblogic T3 filter according to an embodiment of the present invention;

FIG. 4 is a flowchart of another method of configuring a Weblogic T3 filter according to an embodiment of the present invention;

FIG. 5 is a device structure diagram of a configuration device of a Weblogic T3 filter according to an embodiment of the present invention;

fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

In this application, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions, and the terms "comprises", "comprising", or any other variation thereof are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

The invention is operational with numerous general purpose or special purpose computing device environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multi-processor apparatus, distributed computing environments that include any of the above devices or equipment, and the like.

Some of the terms referred to in the present invention are as follows:

AdminServer: namely, an Administration Server, AS for short, is an example of a Server serving AS a management role in the Weblogic domain. The weblogic management system is a central control point of a domain, stores configuration information and logs of the domain, and runs a weblogic management console.

WLST: the Weblogic Scripting Tool (Weblogic Scripting Tool) is a command line script interface, and the Scripting environment is based on a Java script interpreter (Jython), which is used by a system administrator to monitor and manage Weblogic Server instances and domains.

The embodiment of the invention provides a configuration method of a Weblogic T3 filter, which can be applied to a plurality of system platforms, wherein an execution main body of the method can be a computer terminal or a processor of various mobile devices, and a flow chart of the method is shown in FIG. 1 and specifically comprises the following steps:

s101: when any server in the Weblogic domain has the adminServer process, acquiring Weblogic service information corresponding to the adminServer process.

In the embodiment provided by the invention, the T3 filter configuration is only executed on the server where the adminServer is located, and is not required to be executed on other non-adminServer machines, so that whether a Weblogic adminServer process exists on the server needs to be checked, if not, execution is quitted, and if yes, Weblogic service information corresponding to the Adminserver process is obtained. The Weblogic service information mainly includes IP addresses and the like of servers in the Weblogic domain.

S102: and determining each target IP address based on the Weblogic service information, and executing a preset rule generation script to generate a configuration rule corresponding to each target IP address.

In the embodiment provided by the invention, all servers in the local Domain (Weblogic Domain) are configured with an allow rule, namely the Weblogic Domain rule is allowed to be accessed through a T3 protocol, wherein the Weblogic Domain rule comprises a production IP address and a managed IP address. According to the Weblogic service information, IP addresses of servers which can access the Weblogic domain through a T3 protocol are obtained, the addresses are determined to be target IP addresses, and a preset rule script is used for generating configuration rules corresponding to each target IP address according to each target IP address.

S103: and setting a filter name in a preset WLST script and adding each configuration rule to obtain the WLST configuration script.

In the embodiment provided by the invention, a Weblogic WLST command is required to be connected to a Weblogic domain, a T3 filter name is set in a preset WLST script, and the configuration rule obtained in S102, that is, the configuration rule corresponding to each target IP address, is added to obtain the WLST configuration script.

The details are as follows:

s104: and executing the WLST configuration script on a server where the adminServer process is located to complete the configuration of the T3 filter in the Weblogic domain.

In the embodiment provided by the invention, the WLST configuration script is executed on the server where the adminServe is located, so that the server where each target IP address is located is connected to the Weblogic domain where the adminServe server is located, and the server corresponding to each target IP address can access the Weblogic domain through the T3 protocol, thereby completing the configuration of the T3 filter in the Weblogic domain.

Based on the embodiment provided by the invention, in the configuration process of the Weblogic T3 filter, when any server in the Weblogic domain has the adminServer process, the Weblogic service information corresponding to the adminServer process is obtained, each target IP address is determined based on the Weblogic service information, and a preset rule generation script is executed to generate the configuration rule corresponding to each target IP address; setting a filter name in a preset WLST script and adding each configuration rule to obtain the WLST configuration script; WLST configuration scripts are executed on the server where the AdminServer process is located to complete the configuration of the T3 filter in the Weblogic domain.

By applying the configuration method of the Weblogic T3 filter, the complex operation configured by the Weblogic T3 filter can be packaged into a one-key universal script, and the normalization and standardization of the configuration operation of the T3 filter are realized. By executing the script, the configuration of the T3 filter is automatically completed, manual intervention is reduced, the configuration implementation efficiency of the T3 filter is improved, and the timeliness requirement of safety risk rectification can be better met.

In the embodiment of the present invention, as shown in fig. 2, optionally, the acquiring Weblogic service information corresponding to the AdminServer process includes:

s201: and determining a Weblogic domain path corresponding to the AdminServer process.

S202: and acquiring a configuration file corresponding to the Weblogic domain according to the Weblogic domain path.

S203: and acquiring Weblogic service information corresponding to the AdminServer process based on the configuration file.

And acquiring the Weblogic domain path according to the AdminServer process, acquiring a configuration file corresponding to the Weblogic domain according to the Weblogic domain path, analyzing the configuration file, and obtaining Weblogic service information corresponding to the AdminServer process. The specific process involves the following partial codes:

v_pid＝$(ps-fu${USER}|grep-w"java"|grep"AdminServer"|grep-Evw"grep"|awk'{print$2}')

# obtaining Weblogic Domain Path

v_domain＝$(ps wwwe${v_pid}|tr"""\n"|awk-F＝'/^DOMAIN_HOME＝/{print$2}'|awk-F"/"'{print$(NF)}')

By applying the embodiment provided by the invention, the Weblogic domain path is automatically discovered through the AdminServer process of the Weblogic, the configuration file corresponding to the Weblogic domain is automatically acquired based on the acquired Weblogic domain path, and the Weblogic service information corresponding to the AdminServer process is acquired based on the configuration file. And the IP addresses of all servers in the Weblogic domain can be automatically acquired according to the Weblogic service information subsequently, and T3 filter configuration rules are generated.

In this embodiment of the present invention, as shown in fig. 3, optionally, the target IP address includes: producing an IP address, a managed IP address, a first IP address and a second IP address; the rule generating script comprises a first rule generating script and a second rule generating script; the configuration rules comprise a first configuration rule and a second configuration rule;

the determining, based on the Weblogic service information, each target IP address, and executing a preset rule generation script to generate a configuration rule corresponding to each target IP address includes:

s301: and acquiring the IP address of each server in the Weblogic service information, wherein the IP address of each server is the production IP address.

In the embodiment of the invention, the Weblogic service information can be obtained by parsing a Weblogic domain configuration file config.xml, and the Weblogic domain configuration file config.xml defines Machine (Machine) information in the domain, including IP address information of all machines. Xml, the production IP addresses of all host servers in the domain can be obtained by resolving the config.

S302: and determining the IP address with the pipe corresponding to each production IP address according to a preset mapping rule.

In the embodiment of the invention, according to an IP address planning strategy preset by a data center, a production IP address and a managed IP address are simultaneously configured on the same server, wherein the first three domains of the production IP address and the 4 domains of the managed IP address are different, but the last domain is the same. For example, the production IP address on a server is: 11.168.97.4, IP address with pipe is: 11.170.97.4.

therefore, the mapping relation between the IP address prefix and the IP address prefix with the pipe can be produced through the IP address of the server, and the corresponding IP address with the pipe can be further found through producing the IP address. Wherein, the production IP address is the IP address of the server where the Adminserver process is located.

S303: and acquiring a preset first IP address and a preset second IP address according to the Weblogic service information.

In the embodiment of the invention, the first IP address and the second IP address in which the T3 filter rule needs to be configured are obtained according to the Weblogic service information of the Weblogic domain. The first IP address may be a local IP (127.0.0.1), and the second IP address may be another address (0.0.0.0/0).

S304: and executing the first rule generation script based on the first IP address, each production IP address and the managed IP address corresponding to the production IP address to generate a first configuration rule, wherein the first configuration rule specifies that the first IP address, each production IP address and a server where the managed IP address corresponding to the production IP address is located can access the Weblogic domain through a T3 protocol.

In the embodiment of the invention, according to each production IP address, a first rule generation script is executed to generate a configuration rule which allows the production IP address to access the Weblogic domain through a T3 protocol; executing a first rule generation script according to each managed IP address, and generating a configuration rule which allows the managed IP address to access the Weblogic domain through a T3 protocol; and executing a first rule generation script according to the first IP address to generate a configuration rule which allows the first IP address to access the Weblogic domain through the T3 protocol.

S305: and executing the second rule generation script based on the second IP address to generate a second configuration rule, wherein the second configuration rule specifies that the server where the second IP address is located cannot access the Weblogic domain through a T3 protocol.

In the embodiment of the invention, according to the second IP address, a second rule generating script is executed, and a configuration rule which does not allow the second IP address to access the Weblogic domain through a T3 protocol is generated.

Wherein, the partial script codes involved in the above process are as follows:

acquiring each production IP address configured in config.xml:

local v_ip_list＝$(grep"\<listen-address\>"${v_config}|awk-F"<|>"'{print$3}'|sort|uniq)

local v_ip＝""

local v_flag＝0

forv_ip in${v_ip_list}

do

based on each production IP address, a configuration rule is generated that allows it to access the Weblogic domain via the T3 protocol:

if[[-z$(grep-w"${v_ip}"${V_IP_LIST}|grep"allow")]]

then

echo"${v_ip}**allow t3 t3s">>${V_IP_LIST}

fi

according to the existing production IP address, replacing the production IP address prefix with a managed IP address prefix to obtain a corresponding managed IP address:

local v_mng_ip＝$(echo"${v_ip}"|sed's/”'${v_prd_ip_prefix}”'/”'${v_mng_ip_prefix}”'/g')

based on the managed IP address, a configuration rule is generated which allows the managed IP address to access the Weblogic domain through the T3 protocol:

if[[-z$(grep-w"${v_mng_ip}"${V_IP_LIST}|grep"allow")]]

then

echo"${v_mng_ip}**allow t3 t3s">>${V_IP_LIST}

fi

Done

according to the first IP address, generating a configuration rule allowing the first IP address to access the Weblogic domain through the T3 protocol:

echo"127.0.0.1**allow t3 t3s">>${V_IP_LIST}

and generating a configuration rule which does not allow the second IP address to access the Weblogic domain through the T3 protocol according to the second IP address:

echo"0.0.0.0/0**denyt3 t3s">>${V_IP_LIST}

for example, system AAA has 1 domain, 3 hosts, a production IP address of 192.1.1.1-3 and a tape management IP address of 192.2.2.1-3. The configuration rules that need to be generated to configure the T3 filter on the AAA realm are as follows:

192.1.1.1**allowt3 t3s

192.1.1.2**allowt3 t3s

192.1.1.3**allowt3 t3s

192.2.2.1**allowt3 t3s

192.2.2.2**allowt3 t3s

192.2.2.3 all 3 t3s- -above this domain host

127.0.0.1**allowt3 t3s

0.0.0.0/0**denyt3 t3s

By applying the embodiment provided by the invention, each target IP address can be obtained through the Weblogic service information, and the method comprises the following steps: the first IP address allowing the Weblogic domain to be accessed through the T3 protocol, the second IP address not allowing the Weblogic domain to be accessed through the T3 protocol and all the production IP addresses need to be configured, the managed IP addresses corresponding to all the production IP addresses are obtained through preset mapping rules, and then the configuration rules corresponding to all the target IP addresses are automatically generated through rule generation scripts, so that the services where all the target IP addresses are located are connected to the Weblogic domain according to the configuration rules, the purpose that only specific IP addresses or ports are allowed to access the Weblogic domain through the T3 protocol is achieved, and therefore the risk that the deserialization vulnerability of the Weblogic is utilized is relieved.

In the embodiment provided by the present invention, optionally, after the WLST configuration script is executed on the server where the AdminServer process is located to complete the configuration of the T3 filter in the Weblogic domain, the method further includes:

if each configuration rule exists in the connection filter rule items in the configuration file, the T3 filter configured by the Weblogic domain takes effect.

Specifically, whether a configuration file (config. xml) file corresponding to the Weblogic domain is configured with the T3 filter is checked. The inspection content comprises two aspects: checking whether a T3 filter is configured in the connection-filter; whether a filtering rule is configured in the connection-filter-rule. Reference may be made in particular to the following check command:

by applying the embodiment provided by the invention, whether the configuration rule exists in the rule item of the configuration file connection filter is checked to ensure that the configuration of the Weblogic T3 filter is completed, and the T3 filter is validated. The server which allows the Weblogic domain to be accessed through the T3 protocol is guaranteed to be capable of accessing the Weblogic domain, and other servers are prevented from accessing, so that the safety of the Weblogic domain is guaranteed.

In the embodiment provided by the present invention, optionally, the method further includes:

clearing each configuration rule in the WLST configuration script to obtain a WLST rollback script;

and executing the WLST fallback script on a server where the adminServer process is located to cancel the configuration of the T3 filter in the Weblogic domain.

Specifically, each configuration rule in the WLST configuration script is set to be null, and the obtained WLST fallback script is a WLST fallback script, and a part of the script commands are as follows:

the WLST fallback script is executed on the server where the AdminServer process is located to cancel the configuration of the T3 filter in the Weblogic domain. The WLST fallback script may also be executed by checking whether a configuration file (config. xml) file connection-filter-rule configuration of the Weblogic domain is empty. And if the value is null, the rollback is effective.

The T3 filter is rolled back on the Weblogic domain with the T3 filter set, the main steps of the rolling back are basically the same as the configuration of the T3 filter, the difference is that the T3 filter configuration is validated through WLST in the former, and the T3 filter related configuration is cancelled through WLST in the rolling back operation. Therefore, before executing the rollback script, a context check is further included to obtain the Weblogic Server basic information, which is substantially the same as the context check performed in the configuration of the T3 filter to obtain the Weblogic Server basic information, and is not described herein again.

By applying the one-click rollback T3 filter configuration function provided by the embodiment of the invention, the T3 filter configuration can be quickly rolled back, and accidental service influence caused by the configuration of the T3 filter is prevented, so that the safety of the Weblogic domain is ensured.

As shown in fig. 4, the present invention provides a general and automatic configuration method and apparatus for setting a Weblogic T3 filter. The operation and maintenance personnel can perform the configuration of the Weblogic T3 filter through batch scheduling of the automatic operation and maintenance tool. The specific configuration process of the Weblogic T3 filter is as follows: the method comprises the steps of firstly, carrying out environment check to obtain basic information of a Weblogic Server, automatically obtaining each target IP address of a T3 filter to be configured based on a Weblogic domain configuration file in the basic information of the Weblogic Server, generating configuration rules corresponding to each target IP address according to preset rule configuration scripts, configuring preset WLST scripts based on each configuration rule to obtain WLST configuration scripts, executing the WLST configuration scripts on a Server where an adminServer process is located to connect the Server corresponding to each target IP address to a Weblogic domain, checking whether the configuration rules exist in corresponding connection filter rule items in the Weblogic domain configuration files or not to enable T3 filter configuration to take effect in the Weblogic domain, and realizing standardization and automation processing of T3 filter configuration. Meanwhile, in order to prevent unexpected service influence generated after the T3 filter is configured, one-click rollback T3 filter configuration operation is provided, fast rollback is supported, the specific process is similar to the configuration process of a Weblogic T3 filter, environment check is carried out, basic information of a Weblogic Server is obtained, configuration rules in a WLST script are cleared, the WLST rollback script is obtained, the WLST rollback script is connected with a Weblogic domain through the WLST rollback script to clear T3 filter configuration, finally whether the configuration rules exist in a corresponding connection filter rule item in a Weblogic domain configuration file is checked, and if the configuration rules do not exist, the rollback T3 filter configuration is valid.

The specific implementation procedures and derivatives thereof of the above embodiments are within the scope of the present invention.

Corresponding to the method described in fig. 1, an embodiment of the present invention further provides a configuration apparatus of a Weblogic T3 filter, which is used for implementing the method in fig. 1 specifically, the configuration apparatus of the Weblogic T3 filter provided in the embodiment of the present invention may be applied to a computer terminal or various mobile devices, and a schematic structural diagram of the configuration apparatus is shown in fig. 5, and specifically includes:

the acquiring unit 501 is configured to acquire Weblogic service information corresponding to an AdminServer process when the AdminServer process exists in any server in a Weblogic domain;

a determining unit 502, configured to determine each target IP address based on the Weblogic service information, and execute a preset rule generation script to generate a configuration rule corresponding to each target IP address;

a setting unit 503, configured to set a filter name in a preset WLST script and add each configuration rule to obtain a WLST configuration script;

an executing unit 504, configured to execute the WLST configuration script on a server where the AdminServer process is located, so as to complete configuration of a T3 filter in the Weblogic domain.

Based on the device provided by the embodiment of the invention, in the configuration process of the Weblogic T3 filter, when any server in the Weblogic domain has the adminServer process, the acquisition unit acquires Weblogic service information corresponding to the adminServer process, the determination unit determines each target IP address based on the Weblogic service information, and executes a preset rule generation script to generate a configuration rule corresponding to each target IP address; the setting unit sets a filter name in a preset WLST script and adds each configuration rule to obtain the WLST configuration script; the execution unit executes WLST configuration scripts on a server where an adminServer process is located to complete the configuration of the T3 filter in the Weblogic domain.

By applying the configuration device of the Weblogic T3 filter, the complex operation configured by the Weblogic T3 filter can be packaged into a one-key universal script, and the normalization and standardization of the configuration operation of the T3 filter are realized. By executing the script, the configuration of the T3 filter is automatically completed, manual intervention is reduced, the configuration implementation efficiency of the T3 filter is improved, and the timeliness requirement of safety risk rectification can be better met.

The above apparatus, optionally, the obtaining unit 501 includes:

the first determining subunit is used for determining a Weblogic domain path corresponding to the AdminServer process;

the first obtaining subunit is configured to obtain, according to the Weblogic domain path, a configuration file corresponding to the Weblogic domain;

and the second acquiring subunit is used for acquiring the Weblogic service information corresponding to the adminServer process based on the configuration file.

The above apparatus, optionally, further comprises:

a checking unit, configured to, if there is each configuration rule in the connection filter rule items in the configuration file, validate the T3 filter configured by the Weblogic domain.

In the foregoing apparatus, optionally, the destination IP address includes: producing an IP address, a managed IP address, a first IP address and a second IP address; the rule generating script comprises a first rule generating script and a second rule generating script; the configuration rules comprise a first configuration rule and a second configuration rule; the determining unit 502 includes:

a third obtaining subunit, configured to obtain an IP address of each server in the Weblogic service information, where the IP address of each server is the production IP address;

the second determining subunit is used for determining the managed IP address corresponding to each production IP address according to a preset mapping rule;

the fourth acquiring subunit is configured to acquire a preset first IP address and a preset second IP address according to the Weblogic service information;

a first generating subunit, configured to execute the first rule generating script based on the first IP address, the each production IP address, and the managed IP address corresponding to the production IP address, and generate a first configuration rule, where the first configuration rule specifies that the server where the first IP address, the each production IP address, and the managed IP address corresponding to the production IP address are located can access the Weblogic domain through a T3 protocol;

and the second generating subunit is configured to execute the second rule generating script based on the second IP address to generate a second configuration rule, where the second configuration rule specifies that the server where the second IP address is located cannot access the Weblogic domain through a T3 protocol.

The above apparatus, optionally, further comprises:

a clearing unit, configured to clear each configuration rule in the WLST configuration script to obtain a WLST fallback script;

and the rollback unit is used for executing the WLST rollback script on a server where the adminServer process is located so as to cancel the configuration of the T3 filter in the Weblogic domain.

The specific working processes of each unit and sub-unit in the configuration device of the Weblogic T3 filter disclosed in the above embodiment of the present invention may refer to corresponding contents in the configuration method of the Weblogic T3 filter disclosed in the above embodiment of the present invention, and are not described again here.

The embodiment of the invention also provides a storage medium, which comprises stored instructions, wherein when the instructions are executed, the device where the storage medium is located is controlled to execute the configuration method of the Weblogic T3 filter.

An electronic device is provided in an embodiment of the present invention, and the structural diagram of the electronic device is shown in fig. 6, which specifically includes a memory 601 and one or more instructions 602, where the one or more instructions 602 are stored in the memory 601 and configured to be executed by one or more processors 603 to perform the following operations on the one or more instructions 602:

when any server in a Weblogic domain has an adminServer process, acquiring Weblogic service information corresponding to the adminServer process;

determining each target IP address based on the Weblogic service information, and executing a preset rule generation script to generate a configuration rule corresponding to each target IP address;

setting a filter name in a preset WLST script and adding each configuration rule to obtain a WLST configuration script;

and executing the WLST configuration script on a server where the adminServer process is located to complete the configuration of the T3 filter in the Weblogic domain.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, the system or system embodiments are substantially similar to the method embodiments and therefore are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described system and system embodiments are only illustrative, wherein the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.

Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both.

To clearly illustrate this interchangeability of hardware and software, various illustrative components and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.

The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A configuration method of a Weblogic T3 filter is characterized by comprising the following steps:

when any server in a Weblogic domain has an adminServer process, acquiring Weblogic service information corresponding to the adminServer process;

determining each target IP address based on the Weblogic service information, and executing a preset rule generation script to generate a configuration rule corresponding to each target IP address;

setting a filter name in a preset WLST script and adding each configuration rule to obtain a WLST configuration script;

and executing the WLST configuration script on a server where the adminServer process is located to complete the configuration of the T3 filter in the Weblogic domain.

2. The method according to claim 1, wherein the acquiring Weblogic service information corresponding to the AdminServer process includes:

determining a Weblogic domain path corresponding to the AdminServer process;

acquiring a configuration file corresponding to the Weblogic domain according to the Weblogic domain path;

and acquiring Weblogic service information corresponding to the AdminServer process based on the configuration file.

3. The method of claim 2, further comprising:

if each configuration rule exists in the connection filter rule items in the configuration file, the T3 filter configured by the Weblogic domain takes effect.

4. The method of claim 1, wherein the destination IP address comprises: producing an IP address, a managed IP address, a first IP address and a second IP address; the rule generating script comprises a first rule generating script and a second rule generating script; the configuration rules comprise a first configuration rule and a second configuration rule;

the determining, based on the Weblogic service information, each target IP address, and executing a preset rule generation script to generate a configuration rule corresponding to each target IP address includes:

acquiring the IP address of each server in the Weblogic service information, wherein the IP address of each server is the production IP address;

determining a managed IP address corresponding to each production IP address according to a preset mapping rule;

acquiring a preset first IP address and a preset second IP address according to the Weblogic service information;

executing the first rule generation script based on the first IP address, each production IP address and the managed IP address corresponding to the production IP address to generate a first configuration rule, wherein the first configuration rule specifies that the first IP address, each production IP address and a server where the managed IP address corresponding to the production IP address is located can access the Weblogic domain through a T3 protocol;

and executing the second rule generation script based on the second IP address to generate a second configuration rule, wherein the second configuration rule specifies that the server where the second IP address is located cannot access the Weblogic domain through a T3 protocol.

5. The method of claim 1, further comprising:

clearing each configuration rule in the WLST configuration script to obtain a WLST rollback script;

and executing the WLST fallback script on a server where the adminServer process is located to cancel the configuration of the T3 filter in the Weblogic domain.

6. A configuration device of a Weblogic T3 filter, comprising:

the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring Weblogic service information corresponding to an adminServer process when the adminServer process exists in any server in a Weblogic domain;

the determining unit is used for determining each target IP address based on the Weblogic service information and executing a preset rule generating script to generate a configuration rule corresponding to each target IP address;

the configuration unit is used for setting a filter name in a preset WLST script and adding each configuration rule to obtain the WLST configuration script;

and the execution unit is used for executing the WLST configuration script on a server where the adminServer process is located so as to complete the configuration of the T3 filter in the Weblogic domain.

7. The apparatus of claim 6, wherein the obtaining unit comprises:

the first determining subunit is used for determining a Weblogic domain path corresponding to the AdminServer process;

the first obtaining subunit is configured to obtain, according to the Weblogic domain path, a configuration file corresponding to the Weblogic domain;

and the second acquiring subunit is used for acquiring the Weblogic service information corresponding to the adminServer process based on the configuration file.

8. The apparatus of claim 7, further comprising:

a checking unit, configured to, if there is each configuration rule in the connection filter rule items in the configuration file, validate the T3 filter configured by the Weblogic domain.

9. The apparatus of claim 6, wherein the destination IP address comprises: producing an IP address, a managed IP address, a first IP address and a second IP address; the rule generating script comprises a first rule generating script and a second rule generating script; the configuration rules comprise a first configuration rule and a second configuration rule; the determination unit includes:

a third obtaining subunit, configured to obtain an IP address of each server in the Weblogic service information, where the IP address of each server is the production IP address;

the second determining subunit is used for determining the managed IP address corresponding to each production IP address according to a preset mapping rule;

the fourth acquiring subunit is configured to acquire a preset first IP address and a preset second IP address according to the Weblogic service information;

a first generating subunit, configured to execute the first rule generating script based on the first IP address, the each production IP address, and the managed IP address corresponding to the production IP address, and generate a first configuration rule, where the first configuration rule specifies that the server where the first IP address, the each production IP address, and the managed IP address corresponding to the production IP address are located can access the Weblogic domain through a T3 protocol;

and the second generating subunit is configured to execute the second rule generating script based on the second IP address to generate a second configuration rule, where the second configuration rule specifies that the server where the second IP address is located cannot access the Weblogic domain through a T3 protocol.

10. The apparatus of claim 6, further comprising:

a clearing unit, configured to clear each configuration rule in the WLST configuration script to obtain a WLST fallback script;

and the rollback unit is used for executing the WLST rollback script on a server where the adminServer process is located so as to cancel the configuration of the T3 filter in the Weblogic domain.

Images