Вы находитесь на странице: 1из 132

Administration Guide

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Copyright
Copyright 2006 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix, i5/OS, POWER, POWER5, OpenPower and PowerPC are trademarks or registered trademarks of IBM Corporation. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. MaxDB is a trademark of MySQL AB, Sweden. SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

Administration Guide

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Icons in Body Text


Icon Meaning Caution Example Note Recommendation Syntax

Additional icons are used in SAP Library documentation to help you identify different types of information at a glance. For more information, see Help on Help General Information Classes and Information Classes for Business Information Warehouse on the first page of any version of SAP Library.

Typographic Conventions
Type Style Example text Description Words or characters quoted from the screen. These include field names, screen titles, pushbuttons labels, menu names, menu paths, and menu options. Cross-references to other documentation. Example text EXAMPLE TEXT Emphasized words or phrases in body text, graphic titles, and table titles. Technical names of system objects. These include report names, program names, transaction codes, table names, and key concepts of a programming language when they are surrounded by body text, for example, SELECT and INCLUDE. Output on the screen. This includes file and directory names and their paths, messages, names of variables and parameters, source text, and names of installation, upgrade and database tools. Exact user entry. These are words or characters that you enter in the system exactly as they appear in the documentation. Variable user entry. Angle brackets indicate that you replace these words and characters with appropriate entries to make entries in the system. Keys on the keyboard, for example, F2 or ENTER.

Example text

Example text <Example text>

EXAMPLE TEXT

Administration Guide

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Administration Guide ....................................................................................................................... 7 Tools ............................................................................................................................................ 7 SAP Management Console ...................................................................................................... 8 Starting the SAP Management Console............................................................................... 9 Main Administration Tasks with the SAP MC ..................................................................... 11 Layout and Context Menus of the SAP Management Console .......................................... 11 Config Tool ............................................................................................................................. 16 Getting Started with the Config Tool................................................................................... 17 Remote Administration Using Telnet...................................................................................... 19 SAP NetWeaver Administrator ............................................................................................... 22 Basic Administration Tasks........................................................................................................ 23 Registering Instances............................................................................................................. 23 Starting and Stopping the Application Server ........................................................................ 25 Viewing and Configuring the Communication Ports............................................................... 27 Monitoring the Application Server .......................................................................................... 29 Log Viewing ............................................................................................................................ 29 Launching Deployed Applications from the SAP MMC.......................................................... 35 Enabling Debugging ............................................................................................................... 36 Configuring JVM Parameters ................................................................................................. 39 Configuring Instances............................................................................................................. 41 Adding and Removing Server Processes .............................................................................. 42 Connecting to a Database...................................................................................................... 43 Modifying Manager or Service Properties .............................................................................. 45 Adding Filters.......................................................................................................................... 46 Operations Management ........................................................................................................... 47 Starting and Stopping Java EE Instances.............................................................................. 47 Starting and Stopping Java EE Services ............................................................................... 48 Starting and Stopping Java EE Applications.......................................................................... 48 User Management Engine and Identity Management............................................................ 49 Authorization in the Java Environment ............................................................................... 49 Architecture of Security Roles......................................................................................... 50 Permissions, Actions, and UME Roles ........................................................................... 51 Configuring Identity Management....................................................................................... 52 Database Only as Data Source ...................................................................................... 53 Editing UME Properties................................................................................................... 53 Configuring the Security Policy for User ID and Passwords........................................... 54

Administration Guide

SAP NetWeaver Application Server, JavaTM EE 5 Edition Configuring Simple Search ............................................................................................. 56 Configuring Search Options for the UME........................................................................ 57 Managing Principals ........................................................................................................... 58 Managing Users, Groups, and Roles.............................................................................. 59 Assigning Principals to Roles or Groups......................................................................... 63 Locking or Unlocking Users ............................................................................................ 65 Troubleshooting the UME ................................................................................................... 66 Activating the Emergency User....................................................................................... 66 Logging and Tracing ....................................................................................................... 67 What is Logged?.......................................................................................................... 69 Directory Server Access Log ....................................................................................... 71 Directory Server Connection Pool Log ........................................................................ 73 Checking the Consistency of Entries in the UME Database........................................... 74 Repairing Inconsistencies of Entries in the UME Database ........................................... 75 Downloading the UME Configuration.............................................................................. 77 Configuration Management........................................................................................................ 78 Virtual Host Configuration ...................................................................................................... 78 Creating a New Virtual Host ............................................................................................... 79 Configuring the General Properties .................................................................................... 80 Defining HTTP Aliases on a Virtual Host............................................................................ 80 Activating and Deactivating Application Aliases ................................................................. 81 Managing Login Modules ....................................................................................................... 81 Managing Authentication Policy for AS Java Components.................................................... 82 Managing JMS Server Configuration ..................................................................................... 85 JMS Details Description...................................................................................................... 85 Viewing System Properties .................................................................................................... 87 Viewing Web Modules' Configuration..................................................................................... 88 Application Resources Management ..................................................................................... 89 Managing JDBC Drivers ..................................................................................................... 91 Managing JDBC DataSources............................................................................................ 91 Managing JDBC DataSource Aliases................................................................................. 95 Viewing Managed Connection Factories' Configuration..................................................... 96 Managing JCA Connection Factories ................................................................................. 97 Viewing Outbound Resource Adapters' Configuration ....................................................... 99 Managing Resource Adapters ............................................................................................ 99 Creating JMS Connection Factory References ................................................................ 101 Creating JMS Destination References ............................................................................. 103

Administration Guide

SAP NetWeaver Application Server, JavaTM EE 5 Edition Problem Management.............................................................................................................. 104 Java Class Loader Viewer.................................................................................................... 105 JNDI Browser ....................................................................................................................... 105 Log Viewer............................................................................................................................ 107 Predefined Views.............................................................................................................. 108 Predefined Views in the General View.......................................................................... 109 General Predefined Standalone Log Viewer View .................................................... 111 Predefined Views in the Development View ................................................................. 113 Filtering and Viewing Logs and Traces ............................................................................ 114 Applying Filters by Log Location ................................................................................... 116 Applying Filters by Log File and Log Type.................................................................... 116 Creating, Exporting and Importing Custom Views............................................................ 117 Searching Log and Trace Records................................................................................... 118 List of Columns for Logs and Traces................................................................................ 119 Customizing Columns for Logs and Traces...................................................................... 120 Downloading Log and Trace Records .............................................................................. 121 Specific Predefined Views ................................................................................................ 122 Specific Predefined Views in the HTTP View ............................................................... 123 Specific Predefined Views in Logging View .................................................................. 124 Specific Predefined Security View ................................................................................ 125 Specific Predefined Views in Server View .................................................................... 125 Configuring Logs and Traces ............................................................................................... 127 Filtering Categories and Locations ................................................................................... 129 Log (Destination) .............................................................................................................. 130 Terminology ............................................................................................................................. 131

Administration Guide

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Administration Guide
This guide describes the main tools for administering and configuring the SAP NetWeaver Application Server, Java EE 5 Edition and the main configuration and administration tasks. The guide has the following structure: Tools [Page 7] Basic Administration Tasks [Page 23] Operations Management [Page 47] Configuration Management [Page 78] Problem Management [Page 104] Terminology [Page 131]

Tools
Purpose
This section contains descriptions of the main administration tools provided with the SAP NetWeaver Application Server, Java EE 5 Edition and directions on how to use these tools to configure and administer the SAP NetWeaver Application Server, Java EE 5 Edition. The main tools provided are: SAP Management Console [Page 8] The SAP Management Console (SAP MC) can be used to centrally monitor and perform basic administration tasks, such as starting or stopping the application server, monitoring log files, and so on. The SAP MC is available as a standalone, as a Web-based, and as an Eclipse-based version that is integrated in the Developer Studio. Config Tool [Page 16] The Config Tool can be used for offline configuration of the application server, such as adding additional server processes to a Java instance, viewing and reconfiguring system properties, and so on.

For more information about the main configuration and administration steps that you can perform using the SAP Management Console and the Config Tool, see Basic Administration Tasks [Page 23]. Remote Administration Using Telnet [Page 19] When you need to administer the application server remotely or when you need to perform more advanced administration or runtime configuration steps, you can use Telnet to connect to the server and execute the available server shell commands. Web-based SAP NetWeaver Administrator

Administration Guide

SAP NetWeaver Application Server, JavaTM EE 5 Edition The SAP NetWeaver Administrator is a Web-based tool that offers a way of administering, troubleshooting, and diagnosing an SAP NetWeaver system. For more information about how to install and start the tool, see SAP NetWeaver Administrator [Page 22]. For more information about the different tasks that you can perform using the SAP NetWeaver Administrator, see the following sections: Operations Management [Page 47] This section contains more information about how to start and stop application server instances, services, applications, and about the identity management in the SAP NetWeaver Application Server, Java EE 5 Edition. Configuration Management [Page 78] This sections provides additional configuration capabilities, such as configuring virtual hosts, login modules, authentication policy, application resources management, and so on. Problem Management [Page 104] This section provides features for advanced problem management of the system. These features include log configuration and viewing functions, a viewer for the class loaders, and a JNDI browser.

SAP Management Console


Purpose
The SAP Management Console provides a common framework for centralized system management. It allows you to monitor and perform basic administration tasks on the SAP system centrally, thus simplifying system administration.

Implementation Considerations
The SAP Management Console in the SAP NetWeaver Application Server, Java(TM) EE 5 Edition is available in three modes: Standalone SAP Microsoft Management Console SAP has developed the SAP Systems Manager snap-in which allows you to monitor, start or stop the SAP system centrally from the MMC.

We recommend that you use the SAP Microsoft Management Console to manage your SAP NetWeaver Application Server, Java(TM) EE 5 Edition system. Web-based SAP Management Console The Web-based SAP MC is a Java applet that can be run from any Web browser supporting Java. Thus, it is possible to administer remote systems without the need of having a local installation. Eclipse-based SAP Management Console in the Developer Studio

Administration Guide

SAP NetWeaver Application Server, JavaTM EE 5 Edition The SAP MC perspective in the Developer Studio enables application developers to administer and monitor their local and remote systems from their development environment without the need to use additional administration tools.

Features
Using the SAP MC you can: Monitor and control (start, stop, or restart) the SAP system and its instances with a single tool. Display SAP log and trace files, start profiles, instance parameters, the system environment, SAP environment, ICM queue statistics, and so on. Display and control Java processes. Monitor system alerts. Display the list of all access points to an SAP system. Display information about the AS Java threads, sessions, caches, aliases, EJB sessions, remote objects. Display Java Virtual Machine garbage collection and heap memory information of the application server. Save the current console configuration in a file to reuse it later or to forward it to other users. (only for SAP MMC) Start third-party tools (such as Telnet), if available, to manage an application server. (only for SAP MMC)

See also: For more information how to use the SAP Management Console, see: Starting the SAP Management Console [Page 9] Main Administration Tasks [Page 11] Layout and Context Menus of the SAP Management Console [Page 11]

Starting the SAP Management Console


Use
By default, the standalone SAP Microsoft Management Console is automatically launched after completing the installation procedure.

Procedure
Starting the Microsoft Management Console
The most common way is to start the MMC from the Windows Start menu:

Administration Guide

SAP NetWeaver Application Server, JavaTM EE 5 Edition Choose Start Programs SAP NetWeaver Start SAP Management Console The MMC opens. When you expand the SAP Systems node, all instances running on the current host are displayed. If you want to change the configuration so that the instances on other hosts of your system are also displayed, follow the instructions given in Registering Instances [Page 23].

Starting the Eclipse-Based Management Console in the Developer Studio


...

To open the SAP Management Console perspective in the Developer Studio, choose Window Open Perspective Other SAP Management Console. The instances installed on the host you have connected to are displayed in the SAP Systems tree structure.

Starting the Web-Based SAP Management Console


1. Make sure that you have fulfilled the following requirements: You have JRE 5.0 installed. Your browser supports Java. Your browsers Java plug-in is installed and activated.

2. In your Web browser, execute the following URL: http://<host>:<port> where: host is the host where the SAP NetWeaver Application Server, Java(TM) EE 5 Edition is installed. port is the SAP MC port. It consists of 5<instance_number>13. For example, if the instance number of the Java instance is 60, the SAP MC port is 56013.

This will start the SAP MC Java applet. If your browser displays a security warning message, choose the option that indicates that you trust the applet. 3. Choose Start. The SAP Management Console screen appears. By default, the Java instances installed on the host you have connected to are already added in the SAP Management Console.

Result
Next steps: To register an instance in the SAP Management Console, see Registering Instances [Page 23]. To start, stop, or restart the instances, see Starting and Stopping the Application Server [Page 25]. For more information about the main administration tasks that you can perform, see Administration [Page 23].

Administration Guide

10

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Main Administration Tasks with the SAP MC


The following are the main administration tasks that can be performed with the SAP Management Console: Registering Instances [Page 23] Starting and Stopping the Application Server [Page 25] Viewing and Configuring the Communication Ports [Page 27] Monitoring the Application Server [Page 29] Log Viewing [Page 29] Launching Deployed Applications from the SAP MMC [Page 35] Enabling Debugging [Page 36]

For more information about the other configuration and administration procedures in the SAP NetWeaver Application Server, Java(TM) EE 5 Edition, see Basic Administration Tasks [Page 23].

Layout and Context Menus of the SAP Management Console


Layout
The standalone SAP MMC and the Web-based SAP MC present information on two panes of a window. The pane on the left is the scope pane, which displays available information in a tree structure that can be expanded and collapsed. The pane on the right is the result pane, which shows detailed information about any item selected in the scope pane:

Administration Guide

11

SAP NetWeaver Application Server, JavaTM EE 5 Edition

The Eclipse-based SAP MC in the Developer Studio presents information on three panes of a window The pane on the left is the scope pane, which displays available information in a tree structure that can be expanded and collapsed. The SAP Management Console (Result) pane on the bottom-right is the result pane, which shows detailed information about any item selected in the scope pane. If you choose to display log, trace or other types of files of the application server, these files will be displayed in the top-right pane:

Administration Guide

12

SAP NetWeaver Application Server, JavaTM EE 5 Edition

The system icons and the nodes for instances, processes, and alerts are displayed in different colors, depending on their state. The colors mean the following: Gray: Unknown state, only outdated values, system is offline Green: Running Yellow: Starting or critical Red: Error

To access detailed information about your SAP system, you have to fully expand the Java or central services instance and then select an item. Once an item has been selected, the corresponding information is displayed in the result pane. The following table summarizes the available options: Tree Node SAP system ( ) Description Node for an SAP system. The colors indicate states that are derived from the SAP instance subnodes and are automatically refreshed. Node for the database of the SAP system.

for example, JP1 Database ( )

Administration Guide

13

SAP NetWeaver Application Server, JavaTM EE 5 Edition

SAP instance ( or )

Node for the SAP instance. The color indicates the state that is automatically refreshed and inherited from the Process List subnode. Displays the processes started by the start service and their status. The color is automatically refreshed and reflects the worst state of all started processes. Displays the system log, even if the SAP system is not functioning properly or is offline. You have to refresh the information manually. Displays the status of the ICM queues. You have to refresh the information manually. Displays the communication ports used by the system. See Viewing and Configuring the Communication Ports [Page 27]. Displays information about the application server processes. The application server has to be started, but does not have to be functioning properly as the shared memory of the application server is accessed. You have to refresh the information manually. Displays monitoring information about the performance and contents of the caches in the Java instance. The red state of the caches icons does not indicate problems in the system but only notifies that the red cache has not yet brought performance value to the system. Therefore, it is very likely that right after application server startup there are many caches with red state. This indicated that these caches are not yet used and does not indicate a problem.

Process List

Syslog

Queue Statistic Access Points

J2EE Process Table

J2EE Caches

J2EE Threads J2EE Web Sessions J2EE EJB Sessions J2EE Remote Objects

Displays details and statistics for the threads managed by the application server. Displays details and statistics for the application server HTTP sessions. Displays details and statistics for the application server EJB sessions. Displays statistics for the remote objects to which external users are connected at the time of monitoring. Displays a list of the aliases of the currently started applications. See Launching Deployed Applications from the SAP MC [Page 35]. Displays statistics and details for the last few garbage collection events.

J2EE Aliases

J2EE GC History

Administration Guide

14

SAP NetWeaver Application Server, JavaTM EE 5 Edition

J2EE Heap Memory ICM Log Files

Displays details about the current size of the application server heap memory. Provides Web access to the ICM administration. Displays the log, trace, and system files.

With the context menu option View, you can display the information you require in different ways. For lists that normally have many rows, there is an additional filter function in the table header ( ). If you enter data in the filter fields, only matching table rows are displayed. You can use wildcards * and ? in the filter setting. You can update the information displayed at any time by choosing Refresh ( menu. ) from the context

Context Menus of the SAP MMC


The context menus differ depending on the item that is selected in the scope pane. To access the context menu of an item, select that item and click the right mouse button. Some of the main context menu options are: Start Starts the instance(s) related to the selected items. Stop Stops the instance(s) related to the selected items. Shutdown Sends a shutdown request to the instance(s) related to the selected item. The instances will reject new requests and stop when all open requests are finished. Restart Restarts the selected instance. All Tasks View Developer Traces Displays a list of the developer trace files, provided the user has sufficient authorization. J2EE Telnet Opens a Telnet session to the application server. See Remote Administration Using Telnet [Page 19]. Properties Displays technical data about the selected item and allows you to change the start/stop permissions for the selected instance. Enable/Disable/Restart Process Enables/disables/restarts an application server process. Dump Stack Trace Dumps the Java stack trace for the selected server process. See Log Viewing [Page 29]. All Tasks Enable/Disable Debugging Enables/disables Java VM debugging for the server processes. See Enabling Debugging [Page 36]. Developer Trace Displays the developer trace file of the selected process. All Tasks Decrease/Increase trace level Decreases/increases the launcher trace level of the selected process.

Administration Guide

15

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Config Tool
Use
The Config Tool enables offline configuration of the SAP NetWeaver Application Server Java. It allows you to modify the properties of all services, managers, and applications. In addition, it enables you to manage log configurations offline, add filters, edit the JVM parameters. All modifications made using the Config Tool can be exported to an XML file for later use.

When you work offline, you do not need to have the application server running as the Config Tool connects directly to database and applies the changes.

Features
When the Config Tool is running, it displays the system configuration and the secure store. The cluster data contains the configuration template that is chosen during installation time. This template consists of: Log configurations, applications, managers, services These nodes contain template default and custom data that is valid for all instances within the system. All instances available in the cluster Each instance contains a list of managers, services, log configurations, and applications. These nodes have: Template property data this data corresponds to template default data. Custom property data consists of template values and custom values, as the template values correspond to template custom values. In case there are no template custom values, the template values correspond to the template default values.

The priority of the property values, in decreasing order, is: instance value, template custom value, template default value. This means that for a given property, the template default value is not valid if there is a template custom value, which is not valid if there is an instance value.

If you set a custom value to a property in a manager in a given instance, this value is valid only for this instance. If you set a template custom value to a property in a manager in a given instance, this value is visible as a template value in the custom property data of the same manager in any instance. This value is valid to those instances that do not have a custom value set for this property. This template is configured to apply the most suitable settings for a given configuration. Nevertheless, if you want to edit a property value, you can set a custom value to this property and it will have priority over the default value.

Administration Guide

16

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Activities
Start the Config Tool from <SAP_install_dir>/<system_name>/<instance_name>/j2ee/configtool by double clicking the configtool script file. Connect to a remote database [Page 43] View and configure JVM parameters [Page 39] View and edit instance settings [Page 41] Add server processes to an instance [Page 42] Add filters [Page 46] Change manager or service properties [Page 45]

Getting Started with the Config Tool


Config Tool Icons Icon Menu Path File Reload Data from DB Description Enables you to reload the current configuration from the database Applies the changes you have made Exports the system configuration to an XML file Switches between the Offline Configuration Editor and the Config Tool. Represents the application server cluster Tools Edit Secure Store Represents Secure Store management Represents an instance of the application server. Tools UME LDAP Editor Represents UME LDAP data configuration Represents a group of managers Represents a single manager Represents a group of services Represents a single service

File Apply changes File Export Unsaved Changes to XML Tools Configuration Editor

Administration Guide

17

SAP NetWeaver Application Server, JavaTM EE 5 Edition

File Exit File Backup Custom Data File Restore from Backup File Safe Mode File Change System Template

Exits the Config Tool Exports custom configuration to an archive file Imports custom archive configuration Enables/disables safe mode in the application server Provides a list of installation templates. You can select a given template and edit its configuration. Displays additional configuration. Displays an additional view for the current tasks.

View Expert Mode View Tasks View

Property Features Feature Type Range Description Specifies the type of the value (for example, String, Long, and so on.) Specifies if the value is in a defined range (for example, [1-65534]). The asterisk (*) means the there is not any range defined. Settings containing a link to other settings (value link) are used, in case a setting is dependent on another setting that is stored somewhere else. During runtime, a value link is transparently resolved and substituted. These parameters are transparently substituted during runtime. Simple arithmetic expressions containing system parameters from the system profile (provided within the configuration manager). During runtime, the parameters are transparently substituted and the arithmetic expression is evaluated. This option cannot be changed. It specifies that you cannot add custom values for the selected property. This option cannot be changed. It specifies that the value for the selected property is hidden and not visible. This option cannot be changed.

Link

Parameterized Computed

Final

Secured

Online modifyable

Administration Guide

18

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Remote Administration Using Telnet


Use
By using a Telnet client via the Telnet protocol, you can connect to the SAP NetWeaver Application Server remotely and administer it using a predefined set of shell commands.

Procedure
Connecting Using Telnet
1. Check the Telnet port on which you can connect to the application server (see Viewing and Configuring the Communication Ports [Page 27]). 2. Run a Telnet client and connect to the target system by specifying the host and the Telnet port. Once a connection is established, the Telnet administration console of the application server is opened.

Alternatively, you can open a Telnet client from the SAP MMC:
...

i. ii. iii.

Select the SAP system on which you want to start Telnet. Browse to the J2EE Process Table node. In the right-hand pane, select the ICM and choose J2EE Telnet from the context menu.

The Telnet administration console of the application server is opened. 3. Enter valid login info (user name and password) to authenticate yourself.

Administration Guide

19

SAP NetWeaver Application Server, JavaTM EE 5 Edition If the input information is incorrect, the link is disconnected and the console disappears. You must then complete the above steps again to open a new Telnet console. If your connection is successful, the console remains open, you are logged on to one of the server processes in the instance, and you can start your administration.

4. Use the LSC command to display all server processes with their ID, name, host, port, state, and so on. The first component displayed is the one you are currently administering. 5. To switch from one server process to another use the JUMP shell command and specify the server processs ID as a parameter. For example, executing JUMP 8931750 enables remote administration of a server process with ID 8931750.

If you have only one server process configured in your instance, you are already connected to it and the JUMP command will display a message that you are already administering the current server process.

Using the Application Server Shell Commands


The application server has a predefined set of shell commands grouped according to the functions they provide. To use the shell commands from a group, you first have to activate that group by adding it to the shell environment. By default, only the ADMIN, SYSTEM, DEPLOY, and TELNET groups are activated due to their vital importance.
...

1. To view the names of all available groups of shell commands (both activated and not activated), execute the MAN -g command.

Administration Guide

20

SAP NetWeaver Application Server, JavaTM EE 5 Edition 2. To add a group of shell commands to the shell environment, enter ADD [groupName] in the command line. The groupName parameter is the name of the group of shell commands to be added. 3. To view all activated groups and their shell commands, execute the MAN command. 4. To view the help message for a shell command, execute MAN and the command name in the command line. For example MAN ADD displays the help message of the ADD command. The conventions used in the help messages are as follows: The brackets encompassing the shell command parameters have a special meaning explained below. There is no need to type them when executing a command on the command line, unless it is indicated explicitly in the corresponding command description. The <> type of brackets means that the parameter is required. If this parameter is not specified when executing the shell command, the command displays the help message. The [] type of brackets means that the parameter is optional.

Example: LISTPROPS [clusterID] <serviceName> where [clusterID] is optional, and <serviceName> is required. The commands are displayed in capital letters for example, LISTPROPS; however, you do not have to type them in capital letters in the command line. The shell language is case-insensitive. When a shell command has an abbreviated alternative, it is given in () (brackets) after the command name. For example Example: CHECK_POINT(CP) If the parameters of a shell command contain key words, when executing the shell command, you must specify the key words exactly as they are given in the command syntax. That is, you must not replace the key words with other values. Key words are identified by the - (hyphen), with which they begin. Example: VERSION [-more]

Closing a Telnet Session


Execute the EXIT command in the command line.

Administration Guide

21

SAP NetWeaver Application Server, JavaTM EE 5 Edition

SAP NetWeaver Administrator


Use
SAP NetWeaver Administrator (NWA) is the new Web-based tool for administration and monitoring of the SAP NetWeaver Application Server, Java EE 5 Edition.

Features
The NWA unifies the most important administration and monitoring tools. The most important advantages of the NWA are: You no longer need to switch between different tools for administration, troubleshooting, and problem analysis of your system. There is an administration tool available to you for starting and stopping instances, checking configuration settings, viewing logs, and so on. The interface follows the current guidelines for interface design, is easy-to-use, taskoriented, and complete. The interface allows seamless navigation to other SAP NetWeaver administration tools (User Management Engine). The NWA represents the crossover from various expert tools to an integrated, simple, and clear solution. The NWA also completes the integration of the data sources for monitoring.

Activities
To use the NWA, you have to install it first. Go to <SAP_install_dir>/<system_name>/<instance_name>/j2ee/NWAdmin folder and execute the install.bat file.

The installation process may take some time. To start the NWA, enter the following data in a Web browser: http://<host>:<port>/nwa, where: <host> is the host where the SAP NetWeaver Application Server, Java EE 5 Edition is installed. <port> is the HTTP port of the ICM. It consists of 5<instance_number>00. For example, if the instance number of the Java instance is 60, the HTTP port is 56000.

See also: Operations Management [Page 47] Configuration Management [Page 78] Problem Management [Page 104]

Administration Guide

22

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Basic Administration Tasks


The main configuration and administration tasks that you can perform on the SAP NetWeaver Application Server, Java(TM) EE 5 Edition are: Registering Instances [Page 23] Starting and Stopping the Application Server [Page 25] Viewing and Configuring the Communication Ports [Page 27] Monitoring the Application Server [Page 29] Log Viewing [Page 29] Launching Deployed Applications from the SAP MC [Page 35] Enabling Debugging [Page 36] Configuring JVM Parameters [Page 39] Configuring Instances [Page 41] Adding and Removing Server Processes [Page 42] Connecting to a Database [Page 43] Modifying Manager or Service Properties [Page 45] Adding Filters [Page 46]

For more information about the administration tools that you use to perform these configuration and administration tasks, see Tools [Page 7].

Registering Instances
Use
Use this procedure to extend the list of systems and instances displayed in the SAP MC so that you can monitor and administer all systems and instances from a single console.

Prerequisites
The SAP Management Console is started [Page 9].

Procedure
Standalone SAP Microsoft Management Console
1. In the MMC window, select Console Root and choose File Add/Remove Snap-In. 2. In the Add/Remove Snap-In dialog box, choose Add and then select the SAP Systems Manager snap-in.

Administration Guide

23

SAP NetWeaver Application Server, JavaTM EE 5 Edition 3. Confirm your selection with Add. 4. In the General Settings dialog box, select the options you require: Screen Area Options Auto refresh Options Option Select Use fix SAP instance list. Enter the periods in which you want system information to be updated automatically. Select Expert user mode if you want to access more detailed system information later when you start working with the SAP snap-in. Select Always show local SAP instances if you want to display the instances installed. Select Enable Single Sign-On, if you want to use Single Sign-On to log on to SAP instances that support SNC. Single Sign-On is only supported if the snap-in is configured to use a LDAP directory. 5. Choose Next to close the General Settings dialog box. 6. In the Security dialog box, choose a security level for communication between the snap-in and remote SAP instances. 7. Choose Next to close the Security dialog box. 8. In the Fixed Server List dialog box, create a list of the instances you want to monitor from the SAP snap-in: a. In the System field, enter the system ID (SID) of the SAP system that the instance belongs to. b. In the Instance field, enter the name of the host on which the instance is running, and the instance number, for example, testmachine 60 c. Choose Add to include the instance in the Fixed Instances List.

An entry in the instance list looks like this: N30 testmachine 60 d. When you have entered all the instances you want to monitor, choose Finish. 9. You can save the configuration in a file when you exit the MMC. Whenever you need the newly created configuration, you can start it simply by double-clicking on the saved file.

Web-Based SAP Management Console


...

1. Choose File New. 2. In the New System dialog box that appears, enter the required data.

If you have already registered systems in the SAP MC, they are stored in the history. To open the Systems History dialog box, choose the browsing button next to the SAP System ID field. Select the system that you want to add and choose OK. 3. Choose Finish.

Administration Guide

24

SAP NetWeaver Application Server, JavaTM EE 5 Edition

SAP Management Console in the Developer Studio


...

1. Select SAP Systems and from the context menu, choose New Instance. 2. In the dialog box that appears, enter the instance number and host. If you want to register all instances installed on the specified host, select the Always show all SAP instances indicator.

Result
The instances are displayed in a tree view in the left-hand pane. For more information about the main administration tasks that you can perform, see Administration [Page 23].

Starting and Stopping the Application Server


Use
To start and stop the SAP NetWeaver Application Server system, you can use either of the following: SAP MC Windows Start menu dedicated options

Procedure
1. Start the SAP Management Console [Page 9]. The following screen appears:

Administration Guide

25

SAP NetWeaver Application Server, JavaTM EE 5 Edition The instances installed on the local host will be automatically displayed in the SAP MC. If you need to monitor and administer remote systems, proceed with step 2, otherwise you can skip it. 2. Register your system or instance [Page 23]. 3. Open the tree structure in the left-hand pane and browse to the system or instance node that you want to start. 4. Select the system or instance and choose Start or Stop from the context menu. (The system may prompt for the OS user and password to complete the operation.)

Result
The SAP MC will start the database instance, the central services instance, and the Java instance. If you want to start or stop individual instances, proceed as follows: To start or stop the central services or the Java instance, select the relevant node and choose All Tasks Start/Stop from the context menu. To start or stop the database instance, select the database instance and use the Online and Offline options in the Web view that is displayed in the right-hand screen in the MMC.

Alternatively, you can start and stop the SAP NetWeaver Application Server, Java(TM) EE 5 Edition using the Windows Start menu by choosing Programs SAP NetWeaver Application Server <system name> Start Application Server or Stop Application Server. This will start/stop all processes.

Administration Guide

26

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Viewing and Configuring the Communication Ports


Use
The installed SAP NetWeaver Application Server, Java(TM) EE 5 Edition system has a preconfigured set of communication ports that are used both for internal and external communication. If some of these ports are already in use by other processes running on your machine, you may need to change the ports of the SAP NetWeaver Application Server, Java(TM) EE 5 Edition.

Procedure
Viewing the Communication Ports
In the SAP MMC, browse the tree structure in the left-hand pane to locate the Access Points node. The result in the right-hand pane differs according to the type of the chosen instance. For each port, you can view the process that uses that port, the communication protocol, the host to which it is bound, and whether the port is currently open.

When you run the examples from the tutorials, you need to specify the ICM HTTP port in the URL of the applications. You can view this port in the Access Points section of the Java instance:

Administration Guide

27

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Changing the Communication Ports


We recommend that you do not change any of the default communication ports unless there are other processes on your machine that use the same communication ports. To change the Java instance ports, proceed as follows: 1. Open the Java instance profile located in the directory <Drive>:\SAP\<instance name>\SYS\profile with a text editor. The Java instance profile is named as follows: <SID>_<instance name>_<host> (for example, N30_JC60_sofD60154927A). 2. You can edit the values of the following ports: HTTP port the HTTP port open on the ICM. To edit it, change the following section in the profile: # http port configuration icm/server_port_0 = PROT=HTTP, PORT=5$(SAPSYSTEM)00, TIMEOUT=600 For example, changing the above configuration to icm/server_port_0 = PROT=HTTP, PORT=60000, TIMEOUT=600 changes the HTTP port to 60000. P4 port the port open on the ICM for establishing connections via the P4 protocol. To edit it, change the following section in the profile: # p4 port configuration icm/server_port_1 = PROT=P4, PORT=5$(SAPSYSTEM)04 For example, changing the above configuration to icm/server_port_1 = PROT=P4, PORT=60004 changes the P4 port to 60004. IIOP port the port open on the ICM for establishing connections via the IIOP protocol. To edit it, change the following section in the profile: # IIOP port configuration icm/server_port_2 = PROT=IIOP, PORT=5$(SAPSYSTEM)07 For example, changing the above configuration to icm/server_port_2 = PROT=IIOP, PORT=60007 changes the IIOP port to 60007. Telnet port the port open on the ICM for establishing connections via the Telnet protocol. To edit it, change the following section in the profile: # TELNET port configuration icm/server_port_3 = PROT=TELNET, PORT=5$(SAPSYSTEM)08 For example, changing the above configuration to icm/server_port_3 = PROT=TELNET, PORT=60008 changes the Telnet port to 60008. 3. Save your changes and restart the Java instance.

Administration Guide

28

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Monitoring the Application Server


Use
With the monitoring options provided by the SAP MMC, several main monitoring scenarios are available.

Prerequisites
The SAP Management Console is started. [Page 9]

Procedure
Request/Response Monitoring
You can use this scenario to monitor the requests executed by your applications and to check the status of the application threads that are processing these particular requests. 1. Locate your application by selecting the SAP Systems <SID> <instance host and number> J2EE Aliases node from the tree structure in the left-hand pane. The result pane on the right-hand side displays the started applications, their aliases, and other details. Launch the application, if necessary. (see Launching Deployed Applications from the SAP MC [Page 35]) 2. To monitor the Web, EJB, and remote-object requests to your application via HTTP and RMI, select the node J2EE Web Sessions, J2EE EJB Sessions, or J2EE Remote Objects respectively. The right-hand pane displays details about the incoming requests. 3. To monitor the threads that process these requests, select the J2EE Threads node and locate the threads that serve the incoming requests. (If necessary, use the column filter options.) Details about the threads such as the task executed by the thread, start time, the user triggering the request, status, and so on are displayed in the right-hand pane.

System Monitoring
Use this scenario to monitor system performance and operation.
...

1. To monitor the status of the Java processes, use the J2EE Process Table node. 2. To view the overall cache and thread system information, use the nodes J2EE Caches and J2EE Threads. 3. To view the overall VM performance, use the nodes J2EE GC History and J2EE Heap Memory.

Log Viewing
Use
The trace and log messages contain important information about the system operation. It is helpful to check and analyze them if you experience errors or undesired behavior. Using the SAP MMC log viewing functions you can:

Administration Guide

29

SAP NetWeaver Application Server, JavaTM EE 5 Edition

View all system log and trace files View developer trace files Create stack traces for the processes And so on.

Types of Log and Trace Files


Process startup and control framework logs Contain information about the startup process. You can check these files in case of errors or undesired behavior during the startup process. By default, the data from the last three restarts is kept. The developer trace files of the Java instance are located in the directory <drive>:\sap\<SID>\<instance name>\work, where <SID> is the system ID (for example, JP1) and <instance name> is the instance name of the Java instance (for example, JC00). The developer trace files of the central services instance are located in the directories <drive>:\sap\<SID>\<instance name>\work and <drive>:\sap\<SID>\<instance name>\log, where <SID> is the system ID (for example, JP1) and <instance name> is the instance name of the central services instance (for example, SCS01).

Java server logs The log and trace files generated by the Java server process(es) and the applications running on top of AS Java are stored in the <drive>:\sap\<SID>\<instance name>\j2ee\cluster\server<n>\log directory.

Procedure
Viewing Developer Trace Files
To view the developer trace file of a process, select the relevant process and choose Developer Trace from the context menu. If the information in the developer trace is insufficient or too detailed, you can use the context menu options All Tasks Decrease/Increase Trace Level to adjust the launcher trace level to the desired level.

Administration Guide

30

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Dumping the Java Stack Trace


To dump the server processes Java stack trace, select the relevant server process and choose Dump Stack Trace from the context menu. To view the dump stack trace, choose Show Developer Trace (see above). The resulting Java server stack trace is stored in the dev_server<n> file in the <drive>:\sap\<SID>\<instance name>\work directory.

Administration Guide

31

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Log Viewing from the Standalone SAP MMC


...

1. To view all log and trace files of an instance, in the left-hand pane select the instance and from the context menu choose All Tasks View Developer traces:

Administration Guide

32

SAP NetWeaver Application Server, JavaTM EE 5 Edition

2. In the Trace file selection dialog box that appears, select the file whose contents you want to view and double-click it:

Administration Guide

33

SAP NetWeaver Application Server, JavaTM EE 5 Edition

A dialog box appears. This dialog box is an integrated log viewer where you can browse the log messages and view their detailed description:

Administration Guide

34

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Log Viewing from the Web-Based and Eclipse-Based SAP MCs


...

1. To view all log and trace files of an instance, browse the tree structure of that instance to locate the Log Files node. 2. Select the file that you want to view and from the context menu, choose Show Log File:

For more information about the available context menu options, see Layout and Context Menus of the SAP Management Console [Page 11].

Launching Deployed Applications from the SAP MMC


Use
Using the MMC you can view the defined aliases for started applications and launch these applications in a Web browser.

Procedure
...

Administration Guide

35

SAP NetWeaver Application Server, JavaTM EE 5 Edition 1. In the SAP MMC, browse the tree structure in the left-hand pane to locate the J2EE Aliases node. The result pane on the right-hand side displays the deployed applications, their aliases, and further details. 2. To launch the application from the MMC, either double-click the alias or select it and from the context menu choose Launch Application. The application is launched in a new Web browser.

Enabling Debugging
Use
Using the SAP MMC, you can enable debugging mode of the Virtual Machine on the fly without the need to restart. This functions opens a debug port on the application server where you can connect your Developer Studio debugger and debug your applications. By default, the debugging mode is deactivated.

Procedure
...

1. In the SAP MMC, browse the tree structure in the left-hand pane to locate the J2EE Process Table node. 2. Select the server process, on which you want to open a debug port and choose All Tasks Enable Debugging

Administration Guide

36

SAP NetWeaver Application Server, JavaTM EE 5 Edition

3. In the Access Points node, check if the debug port is opened. (When the port is not open the icon in front of it is red .)

Administration Guide

37

SAP NetWeaver Application Server, JavaTM EE 5 Edition

4. In the J2EE Process Table node, check if the Debug state of the server process indicated that debugging is switched on:

Administration Guide

38

SAP NetWeaver Application Server, JavaTM EE 5 Edition

5. To disable debugging (that is, to close the debug port on the server process), browse to the J2EE Process Table node, select the server node and choose All Tasks Disable Debugging

Configuring JVM Parameters


Use
This procedure enables you to view and edit the Java Virtual Machine (JVM) parameters using the Config Tool. The JVM is used for running the SAP NetWeaver Application Server, Java(TM) EE 5 Edition and all deployed applications. You can change the values in the template configuration or in the configuration of a specific instance. If you want your settings to be valid for all instances, then select the template and choose the VM Parameters or VM Environment tab.

Note that the template configuration is valid for those instances that do not have custom configuration. If you want to set JVM parameters for a particular instance, you have to select the instance and choose the VM Environment or VM Parameters tab.

Administration Guide

39

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Prerequisites
The Config Tool is connected to a database [Page 43].

Procedure
Configuring JVM Environment Properties
...

1. Choose View Expert Mode. 2. Select VM Environment. 3. Select a property from the table list on the right. 4. In Default property data, you can see the default value of the property. 5. In Custom value, you can enter a new value for the property.

Avoid editing properties whose values are not static, such as DebugPort, ClassPath. 6. Choose Set. 7. Choose Apply Changes.

Configuring JVM Parameters


...

1. Choose View Expert Mode. 2. Select VM Parameters. 3. In VM Type, you can make configuration changes that are specific to the selected JVM. These changes apply only if the current platform and vendor matches the selected ones. GLOBAL changes apply to all vendors and platforms.

We recommend that you use SAP JVM on all supported platforms. 4. Select one of the following tabs and view the template properties contained therein: a. Memory JVM memory settings.
...

i.

JVM heap size If you want to increase the JVM heap, we recommend that you change only the maxHeapSize directly by typing the needed memory value (in megabytes) in the Custom value field.

ii.

JVM perm size If you want to adjust the JVM perm size, choose the appropriate JVM vendor. Not all JVM vendors support perm size configuration.

If you enter an illegal value (for example, the value is not a number), the application server will not start. If you enter a too low memory value, the application server will experience problems and may restart. b. System All system properties usually specified with -Dxx=yy (for example, DmyKey=myValue). If you want to add a custom property, choose New. The Config Tool automatically adds D to all new-entered parameters.

Administration Guide

40

SAP NetWeaver Application Server, JavaTM EE 5 Edition c. Additional Any additional parameters, supported by the VM (for example, verbose:gc). To add JVM parameters, choose New. The actual parameters used by a running JVM can be seen in the development trace file of the corresponding server process.

key="-agentlib:myagent" value="port=12345,dir=C:/Mydir" will result in parameter "-agentlib:myagent=port=12345,dir=C:/Mydir". By default, all properties are enabled. 5. If you want to disable a property, select it and choose Disable. The property is added to Custom parameters. Since you cannot delete default template properties, using the Disable option you can deactivate a given property. 6. Choose Disable.

You cannot change the default template parameters, you can only view them. 7. If you want to change the value of a specific property, select it and in Custom value, enter the new value. 8. Choose Set. 9. Choose Apply Changes.

Configuring Instances
Use
This procedure enables you to manage Java instances. You can add and remove server processes, disable instances, or view and edit the JVM settings. If you change the properties of an instance, the changes will apply only to the selected instance.

Procedure
From the tree structure on the left side, select the instance you want to configure. If You Want To Add or remove a server process View or edit the JVM settings for a specific instance Then
...

See Adding and Removing Server Processes [Page 42] See Configuring JVM Parameters [Page 39]

For the changes to take effect, you have to restart the instance.

Administration Guide

41

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Disable and enable an instance

1. Select VM Environment. 2. Select the Execute property. The value is set to true by default and its function is to start the specified instance automatically when running the application server cluster. 3. In Custom value, enter false. 4. Choose File Apply changes. 5. To run an instance if it has been stopped, set the value of the Execute property to true, and restart the application server cluster to update the status.

View or edit the debug properties for an instance. When you set an instance in debug mode, first make sure that you have stopped all messagedriven beans running on that instance. In case your applications contain message-driven beans whose destination type is Topic, you also have to start the message-driven beans on another server process.

In VM Environment Custom value, enter the new value of the following settings and Apply changes: then choose 1. Debuggable specifies that the selected instance is debuggable (that is, the debug mode feature for this instance is enabled). 2. Enabled debug mode specifies whether the instance is in debug mode and the debug port is open. 3. Restricted load balance specifies whether the instance is part of the load balancing system. 4. Debug port specifies the JVM debug port. The default value depends on the instance number and server process index number. For example, if the instance number is 00, then the debug port is 50026 for server0.

View instance profile constants

Select the Instance Profile tab and see information such as system name, instance name, instance number, operation system name, and so on.

Adding and Removing Server Processes


Use
This procedure enables you to specify the number of server processes in an instance.

Administration Guide

42

SAP NetWeaver Application Server, JavaTM EE 5 Edition If you set the number in the template configuration, this means that all instances will have this number of server processes. If you specify the number for a particular instance, this means that only this instance will have this number of server processes.

Procedure
...

1. Choose the Servers tab. 2. In the Custom number of server nodes field, enter the number of server processes you want to have. This procedure enables you to add and remove server processes. You have to specify the number of server processes you want to have. 3. Choose Check Values to verify that your machine is capable of handling the number of server processes you entered. Correct the value if necessary. This option is available at instance level only. If the template configuration allows you to enter a formula instead of a exact value, then the Check Values option calculates the formula and displays the value.

If the number of current server processes is displayed like this: 1 max round(((${CPU_COUNT}/1.3) min ((${AMOUNT_MEMORY}-512)/1536))) and this is equal to one server process, then if you enter 1 max round(((${CPU_COUNT}/1.3) min ((${AMOUNT_MEMORY}-512)/1536))) + 1 and choose the Check Values button, the tool will calculate the formula and will display that this is equal to two server processes. 4. Choose Set. 5. Choose Apply changes.

Result
The number of server processes has changed. If you have changed it for a particular instance, you have to restart this instance to run the system with the new number of server processes. If you have set new number or server processes in the template configuration, you have to restart the whole system.

Connecting to a Database
Use
This procedure enables you to connect to a remote database and display an installed SAP NetWeaver Application Server Java configuration.

Procedure
...

1. Start the Config Tool by double clicking the configtool script file in <SAP_install_dir>/<system_name>/<instance_name>/j2ee/configtool. The tool starts and a dialog box appears. 2. If you want to connect to the default database, then choose Yes. To connect to a different database, choose No.

Administration Guide

43

SAP NetWeaver Application Server, JavaTM EE 5 Edition The Connect dialog box appears. There are two ways of connecting to a remote database: via secure store and via direct login. If you had selected the Do not ask me again option and now you want to connect to a different database, you have to go to the configtool folder, delete the visual.properties file and run the Config Tool again. 3. To connect via secure store, enter the following information:

To have access to the secure store of the remote system, the secure store folder has to be shared or copied to the local file system. a. Secure Store File contains the path to the secure store properties file. This file contains secure data for connecting to the database. It is encrypted for security reasons. b. Secure Store Key File contains the path to the secure store key file. The key file contains the password for the encrypted store file. c. System Name displays the name of the system to which this data applies. d. Secure Store Lib contains the path to the IAIK package. It enables the encrypting of the properties file. e. RDBMS Connections contains a property key of which the value contains the DB connection settings.

4. To connect via direct login, enter the following data: a. RDBMS URL specifies the URL for the database connection in the correct format for the corresponding driver. For example, jdbc:nwmss:sqlserver://2xeonsmteam2:1433;databasename=N25, where: i. Jdbc is a mandatory element.

Administration Guide

44

SAP NetWeaver Application Server, JavaTM EE 5 Edition ii. iii. iv. v. nwmss:sqlserver is the type of the database. 2xeon-smteam2 is the host name. 1433 is the port. databasename=N25 is the name of the database schema.

b. Driver name specifies the class name of the JDBC driver to be used for database connections. For example, com.sap.nwmss.jdbc.sqlserver.SQLServerDriver c. RDBMS user specifies the user name for this database connection. For example, SAPN25DB. d. RDBMS password specifies the password for the user of this database connection. These properties are available in the secure store of the corresponding system. 5. Enter the following data: a. For a secure store connection: RDBMS Driver Location contains the path to the RDBMS driver. For example, .\jdbc\base.jar;.\jdbc\spy.jar;.\jdbc\sqlserver.jar;.\jdbc\\util.jar For a direct connection, you have to add the IAIK JAR files to the JDBC driver files. The IAIK files are located in <SAP_install_dir>/<system_name>/SYS/global/security/lib/tools. b. RDBMS Initial Connections specifies the number of database connections to be created initially in the connection pool. c. RDBMS Maximum Connections specifies the maximum number of database connections to be kept in the connection pool. 6. Choose Load.

Result
You are connected to the database.

Next time you run the Config Tool and if you still want to connect to a different database than the default one, you have to enter the connection settings again.

Modifying Manager or Service Properties


Use
This procedure enables you to change a particular service or manager properties, which are displayed with their keys and values on the right when you select a service or manager. The properties of the managers and services in the template configuration are divided into two sections: Default property data Displays default template configuration settings for a manager or service. These settings cannot be changed. Custom property data

Administration Guide

45

SAP NetWeaver Application Server, JavaTM EE 5 Edition When you want to add custom values to the default vales of the properties, they are displayed in the Custom property data. These settings are valid for all instances. But if you set a property value in the template configuration and then set another value for the same property in the same manager or service, in a given instance, then this value will be valid. The instance configuration has priority over the template configuration. The properties of the managers and services in the instance configuration are divided into two sections: Template property data Displays the template value of a specific property. If there is a template custom value, then it is displayed. Otherwise, the template default value is displayed. Custom property data All custom settings for a specific instance are added and displayed in this area. The properties may be defined with additional parameters, such as computed, parameterized, type, range, link. For more information, see Getting Started with the Config Tool [Page 17].

Procedure
If You Want To Set a template custom property value that is valid for all instances Then
...

1. Open the template configuration and select a service, manager or application. 2. Select the property from the table that is displayed. 3. In Custom value, enter a new value. 4. Choose Set. 5. Choose Apply changes.
...

Set a custom property value for a specific instance

1. Open an instance and select a service, manager or application. 2. Select the property from the table that is displayed. 3. In Custom value, enter a new value. 4. Choose Set. 5. Choose Apply changes.

Restore a template value

Select a property from the list and choose Restore to Template. In that way the custom value is restored to its default value.

Adding Filters
Use
This procedure enables you to add filters. A filter is an action that enables you to start, stop, or disable services, libraries and applications. In addition, you can edit and delete already created filters.

Administration Guide

46

SAP NetWeaver Application Server, JavaTM EE 5 Edition If you set action filters in the template configuration, this means that the filters will apply to all instances. If you set filters for a particular instance, this means that only this instance will have such filters applied.

Procedure
...

1. Choose View Expert Mode. 2. Select Filters. A table of default actions for particular components is displayed. 3. In Custom rules, select what action should be performed: start, stop, or disable. 4. Select the type of component: service, library, application, or all components. 5. In Vendor Mask, enter the vendor of the component. 6. In Component Name Mask, enter the name of the component or part of the name.

You can use the asterisk sign (*) to replce part of the name or the question mark (?) to replace a single letter. 7. Choose Add. The action is added to the Custom rules table. 8. In the table with custom actions, select the added entry and choose Set. 9. Choose Apply changes.

Operations Management
The operations management section of the SAP NetWeaver Administrator includes the following administration options: Viewing system information You can see general information about instances in the current system such as database, Java central services, and application server instances. To access this information, choose Problem Management Infrastructure Management System Info. Starting and stopping Java EE instances [Page 47] Starting and stopping Java EE services [Page 48] Starting and stopping Java EE applications [Page 48] User Management Engine and Identity Management [Page 49] As an administrator, you control who has access to applications by creating users and providing these users with a means of authenticating themselves to an application.

Starting and Stopping Java EE Instances


...

1. In the SAP NetWeaver Administrator, choose Operations Management Infrastructure Management Start & Stop. The Start & Stop screen appears.

Administration Guide

47

SAP NetWeaver Application Server, JavaTM EE 5 Edition 2. On the left side, choose Java EE Instances. All available instances are displayed in a table format with the corresponding instance number, system host name, and status of the processes within the instance. 3. Select an instance. All processes for this instance are listed. You can: Start, stop, restart, or refresh the instance. Start, stop, restart, or refresh Java EE processes. Enable or disable debug mode for server processes. Refresh OS processes.

Starting and Stopping Java EE Services


...

1. In the SAP NetWeaver Administrator, choose Operations Management Infrastructure Management Start & Stop. The Start & Stop screen appears. 2. On the left side, choose Java EE Services. All services available are displayed in a table format with the corresponding service name, service component name, status, and indicator whether the service is a core service, which means that the service provides core functions within the SAP NetWeaver Application Server, Java EE 5 Edition.

The core services cannot be stopped or restarted. 3. Select a service. The instance to which this service belongs is displayed with the instance name, host and status information. You can now: Start, stop, restart, or refresh a service. Start, stop, restart, or refresh the instance of the service.

Starting and Stopping Java EE Applications


...

1. In the SAP NetWeaver Administrator, choose Operations Management Infrastructure Management Start & Stop. The Start & Stop screen appears. 2. On the left side, choose Java EE Applications. All available applications are displayed in a table format with the corresponding application component name and vendor. 3. Select an application. The Application details area appears.

Administration Guide

48

SAP NetWeaver Application Server, JavaTM EE 5 Edition 4. You can perform the following activities: If You Want To Start or stop the application on all instances View all references that the application has to other components Then From the Application details, choose the Start or Stop button and select On All Instances. Choose the References tab. If the selected application has references to a library, a service or another application, the name of the referenced components will be listed along with the component type (service, library, application). Choose the Modules tab. The modules that compose the selected application are listed there with their name and type. Choose the Resources tab. This tab presents the resources used by this application. Choose the Details tab. This tab provides general information about the application. It also provides an option for managing the application failover.

View application modules

View application resources

View application details

User Management Engine and Identity Management


Purpose
The user management engine (UME) provides centralized identity management for all Java applications and can be configured to work with user management data from multiple data sources. It can be administrated using the administration tools of the AS Java. This section provides a description of the most relevant capabilities of the UME. For more information about the UME and identity management, see the documentation on the Help Portal help.sap.com SAP Library SAP NetWeaver Library SAP NetWeaver by Key Capability Security Identity Management User Management Engine.

Integration
The UME runs as a service in the AS Java and is set up as the default user store.

Authorization in the Java Environment


Authorization in the Java environment of the SAP NetWeaver Application Server (AS) Java is dependent on user management engine (UME) roles. UME roles are managed with identity management in the AS Java. The administrator builds UME roles out of actions. These actions can be (J2EE) security roles or UME actions.

Administration Guide

49

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Security Roles
The application developer deploys security roles together with the JEE application in accordance with the JEE specification. The deployment descriptors for the role are included in the WAR file for Web modules or the JAR file for EJB modules. For more information, see Architecture of Security Roles [Page 50]. The administrator builds UME roles with security roles which appear as actions in the identity management user interface. The security roles appear as one of the following types: J2EE This action links roles of the same module together at the application level. J2EE-MODULE

The administrator should use actions of type J2EE, when constructing UME roles.

UME Actions
UME actions are collections of permissions used for Web Dynpro applications. UME actions are deployed with your applications and defined in the file actions.xml. For more information, see Permissions, Actions, and UME Roles [Page 51].

Architecture of Security Roles


Application security roles that are based on the JEE standard and which you can use to protect resources such as URLs or EJB methods. Security roles have the following characteristics: It is a logical grouping of permissions that is defined by the developer. It is defined in the deployment descriptor (XML files) of a particular application. The container to which the application is deployed, creates appropriate permission collections on deployment. The role relates only to the application for which it was defined.

Purpose
The security roles are suitable for purely static, functional access control. This concept is based on the assignment of authorizations by activity (such as the activity financial accountant), but not by instances (such as by cost centers). This means that all users to which the role Financial Accountant is assigned can post for all cost centers. With the security roles, the developer can of an application can additionally decide whether he or she uses these rules purely declaratively or with programmatic role references: Declarative security means that the container forces access control without the developer having to program it. Programmatic security means that the developer uses a method to check whether a caller of an EJB or a Web resource has a specific role. The developer can control the display of individual control elements, according to the association of roles to the current user. In this way, for example, users to which the role queried in the reference is assigned can receive a more extensive display on the same Web page than users to which this role is not assigned. There is a mapping between the security role checked in the program (such as USER) and the actual UME role that can be assigned to users by the administrator (such

Administration Guide

50

SAP NetWeaver Application Server, JavaTM EE 5 Edition as HR_CLERK), that is, a different role may be assigned to the one that is actually checked in the program.

Work Flow for Security Roles


The developers program their applications and specify the security role associated in each case in the XML file. The administrator of the system then assigns these roles to UME roles.

Permissions, Actions, and UME Roles


Definition
Authorizations are enforced in User Management Engine (UME) using permissions, actions, and roles. Internally in their Java code, applications define Java permissions and use them for access control. An action is a collection of permissions. Every application defines its own set of actions and specifies the permissions assigned to the actions either in an XML file or (more seldom) dynamically in the code. The actions are listed in the user management administration console, where you can group them together into roles. UME Roles group together actions from one or more applications. You assign roles to users in the user management administration console. By assigning roles to users, you define the users authorizations.

Structure
The following figure illustrates the relationship between permissions, actions, and roles.

Assigned in the UM administration console

Assigned During development At installation (XML file)

User

UME UME Role Role 1 1

Action Action 1 1

Permission Permission 1 1

UME UME Role Role 2 2

Action Action 2 2

Permission Permission 2 2

UME UME Role Role 3 3 Group

Action Action 3 3

Permission Permission 3 3

The advantage of having both actions and permissions is:

Administration Guide

51

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Application developers can define finely grained permissions, but can hide the complexity by defining only a few actions. As the actions are normally defined in an XML file, they can be changed according to your requirements when you install the service. Administrators can assign actions to roles in the administration console. Permissions are not visible in the administration console.

Example
The user management administration console is an application running on User Management Engine. The application defines permissions in the code for activities such as changing a users profile or modifying roles. In the XML file an action Manage_Roles is defined, that groups together all permissions that a user requires to administrate roles. This action includes permissions for viewing, modifying, and deleting roles. For example, you could create a role called Role Administrator and assign the action Manage_Roles to it. Then you could assign any administrator that requires permissions to administrate roles to the Role Administrator role.

Interfaces
The corresponding UME interfaces are included in the packages: com.sap.security.api com.sap.security.api.acl com.sap.security.api.logon com.sap.security.api.ticket

Configuring Identity Management


The following sections describe how to configure the user management engine (UME).

Integration
UME configuration is integrated in the SAP NetWeaver Administrator of the Application Server (AS) Java.
...

1. Enter the following in your Web browser: <http/https>://<AS_Java_hostname>:<AS_Java_HTTP_port>/nwa 2. Choose System Management Administration Identity Management. 3. Choose User Management Configuration.

Configuration
Database Only as Data Source [Page 53] describes the consequences of the AS Java database as the datasource. Editing UME Properties [Page 53] provides instructions on changing UME properties and data source configuration files.

Administration Guide

52

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Configuring the Security Policy for User ID and Passwords [Page 54] explains how to configure the UME security policy, which controls aspects such as password length. Configuring Simple Search [Page 56] and Configuring Search Options for the UME [Page 57] provide information about how you can customize the search functions of the UME.

Database Only as Data Source


Description: All user, user account, role, and group data is stored in the database of the SAP NetWeaver Application Server (AS) Java. Use case: You can use this scenario if UME is only used by dedicated Java applications that do not need to connect to ABAP systems or third-party systems. An example is an AS Java that is used as a developer workplace for small desktop development. Configuration file: dataSourceConfiguration_database_only.xml

Editing UME Properties


Use
Use the Config Tool [Page 16] and edit user management engine (UME) properties offline. Editing the properties offline prevents user management data from becoming inconsistent in a running system because of changes made to UME properties.

Only make changes in the section custom_global for the service com.sap.security.core.ume.service. You can use user management configuration to edit properties in most cases. Only use the Config Tool if you cannot use an online tool.

Do not edit undocumented properties without consulting SAP Support.

Prerequisites
This procedure requires you to stop the SAP NetWeaver Application Server (AS) Java, so you should plan for the required downtime.

Procedure
...

1. Start the Config Tool. To start the Config Tool, execute <SAPJ2EEEngine_installation>\j2ee\configtool\configtool.bat. 2. Choose with the quick info text Switch to configuration editor mode.

3. In the Display Configuration tab, choose to cluster_config system custom_global cfg services com.sap.security.core.ume.service Propertysheet properties. 4. Choose with the quick info text Switch between view and edit mode.

A warning appears to make sure the server and dispatcher nodes are shut down. 5. Choose Yes.

Administration Guide

53

SAP NetWeaver Application Server, JavaTM EE 5 Edition

6. Choose

with the quick info text Edit the details of the selected node.

7. Double-click a property. The Change PropertyEntry dialog box appears. 8. Enter data as required. For example enter a custom value and choose Apply custom. 9. Choose OK. 10. Restart the AS Java.

Configuring the Security Policy for User ID and Passwords


Use
You can define what a valid password and logon ID can look like. You can also set the conditions under which the system locks a user out, or when the user has to choose a new password.

If you connect to other systems, you should be sure the security policies you define here, are in harmony with the other system. For example, if you define one password length here, but the users are restricted to shorter password lengths in the back-end system, it can lead to logon problems. If you use the user management of an ABAP system as the data source, these settings do not always apply.

Procedure
T...

1. Start UME configuration. 2. Choose the Security Policy tab. 3. Choose Modify Configuration. 4. Enter data as required. Security Policy Settings Setting Minimum Length of Logon ID Maximum Length of Logon ID Minimum Number of Lower-Case Letters in Logon ID Minimum Number of Digits in Logon ID Description Enter the minimum length a logon ID can be. Enter the maximum length a logon ID can be. Enter the minimum number of lower case characters a logon ID must have. To disallow lower-case letters, enter a value less than 0. Enter the minimum number of digits a logon ID must have. To disallow digits, enter a value less than 0. Enter the minimum number of special characters a logon ID must have. To disallow special characters, enter a value less than 0. Enter the minimum length a password can be.

Minimum Number of Special Characters in Logon ID Minimum Length of Password

Administration Guide

54

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Maximum Length of Password Minimum Number of Mixed Case Letters in Password

Enter the maximum length a password can be. Enter the minimum number of upper case letters and lower case letters a password must have. For example if you enter 3, passwords must contain at least 3 upper-case and 3 lower-case letters.

Minimum Number of Alphanumeric Characters in Password

Enter the minimum number of letters and numbers a password must have. For example if you enter 3, passwords must contain at least 3 letters and at least 3 numbers.

Minimum Number of Special Characters in Password Size of Password History

Enter the minimum number of special characters a password must have. Prevents users from using a password they previously used. Enter the number of most recently used passwords you want the system to exclude. The UME stores the hash value of the previous passwords. The system does not enter passwords set by the administrator in the password history. Although you can configure this setting freely, a useful value might be 5. Use a value that is appropriate for your application. Enter 0 if your data source already has a password history checking mechanism; unless you maintain users in the AS Java database for whom you want to maintain a password history.

Allow Logon ID as Part of Password Allow Old Password as Part of New Password

Select to allow users to include their logon ID in their password. When selected, users can include their old password in their new password. The UME checks the old password against the new password, when users change it. We recommend you select this option. You need this setting for self-management of passwords. When deselected, only an administrator (a user with change rights for users) can change a users password. A user, whose password has expired, cannot change it. An administrator must reset it. Deselect this option when you have an LDAP server with read-write access as the data source and you want business users to change their passwords through the LDAP and not through the SAP NetWeaver Portal.

Allow Users to Change Their Own Passwords

Administration Guide

55

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Maximum Number of Failed Logon Attempts

Enter how many times in a row a user can provide the wrong password during logon, before the system locks the user account. The user cannot log on until the account is unlocked. Enter 0 to allow users an unlimited number of failed logon attempts.

Auto Unlock Time (Minutes)

Enter the number of minutes after which the system automatically unlocks a user account, after the user was locked due to failed log on attempts. Enter 0 to deactivate this option. The user remains locked until unlocked by an administrator.

Password Validity Period (Days)

Once the user sets or receives a password it is valid for the set number of days. After this period, the user must set a new password during his or her next log on attempt. Select this option to ensure users have compliant passwords after you change the security policy. The system checks passwords against the security policy during password logon and requires users to change their password if it no longer meets the current policy.

Enforce Password Security Policy at Logon

5. Choose Save All Changes.

Configuring Simple Search


Use
The simple search function in Identity Management enables you to quickly search for users, groups, or roles. It only provides a single field for searching. Configuring simple search enables you to define what attributes are searched.

Prerequisites
This procedure requires you to restart the SAP NetWeaver Application Server (AS) Java, so you should plan for the required down time while the AS Java restarts.

Procedure
...

1. Configure the required User Management Engine (UME) properties. For more information about editing UME properties, see Editing UME Properties [Page 53]. Edit the following properties as needed: ume.principal.simple_search.attributes.account Simple search of the account name is not supported in the current user interface. Default value is j_user.

Administration Guide

56

SAP NetWeaver Application Server, JavaTM EE 5 Edition

ume.principal.simple_search.attributes.action Default value is uniquename.

ume.principal.simple_search.attributes.group Default value is uniquename.

ume.principal.simple_search.attributes.role Default value is uniquename.

ume.principal.simple_search.attributes.user Default value is uniquename, firstname, lastname.

Separate attributes with a comma (,). 2. Restart the AS Java. See also: Managing Users, Groups, and Roles [Page 59]

Example
Omar Mikovics wants to search by e-mail address in addition to the default attributes. Omar makes the following change: ume.principal.simple_search.attributes.user=uniquename,firstname,la stname,email After restarting the AS Java, Omar can enter an e-mail address in the simple search and the UME returns a list of users that match.

Configuring Search Options for the UME


Use
Use this procedure to configure the maximum possible search results the user management engine (UME) returns and to configure the table sizes available for displaying the search results in identity management. The search thresholds apply differently to the two different types of searches in identity management. These are described in the table below. How Search Thresholds Affect Different Searches Number of Search Results Less than Warning Threshold for Large Search Results Greater than or equal to Warning Threshold for Large Search Results and less than Maximum Number of Search Results Greater than or equal to Maximum Number of Search Search in Search View Displays result without comment. Displays a warning that you have a large number of search results. You can choose to display the results anyway or search again. Displays an error message stating that you have too many Search in Details View Displays result without comment. Displays an error message stating that you have too many search results. You must narrow your search criteria. Displays an error message stating that you have too many

Administration Guide

57

SAP NetWeaver Application Server, JavaTM EE 5 Edition Results search results. You must narrow your search criteria. search results. You must narrow your search criteria.

Prerequisites
This procedure requires you to restart the SAP NetWeaver Application Server (AS) Java, so you should plan for the required down time while the AS Java restarts.

Procedure
...

1. Start user management configuration. 2. Choose the User Admin UI tab. 3. Choose Modify configuration. 4. Under Search Results and Display Tables, enter data as required. Settings for UME Search Options Setting Maximum Number of Search Results Description Used in the user search function of identity management. It defines the default maximum number of search results returned. This value must be greater than Warning Threshold for Large Search Results. Used in the user search function of Identity Management. If the search result exceeds this number, you receive a notification. You can choose to display all the search results or to refine the search query. Sets the number of table rows displayed in the search view table when you choose a large table display. Sets the number of table rows displayed in the search view table when you choose a medium table display. Sets the number of table rows displayed in the search view table when you choose a small table display.

Warning Threshold for Large Search Results

Number of Rows in Large Table Display

Number of Rows in Medium Table Display

Number of Rows in Small Table Display

5. Choose Save all changes. 6. Restart the AS Java. See also: Configuring Simple Search [Page 56] Managing Users, Groups, and Roles [Page 59]

Managing Principals
As an administrator, you control who has access to applications by creating users and providing these users with a means of authenticating themselves to an application. To simplify user

Administration Guide

58

SAP NetWeaver Application Server, JavaTM EE 5 Edition administration, users can be collected in groups according to criteria such as the users function in a company or the department they work in. Roles define the users authorizations. Roles can be assigned to either users or groups.

Integration
The SAP NetWeaver Application Server (AS) Java includes the identity management application for administration of users, groups, and roles.

Administration
This section lists administrative tasks for the management of users, groups, and roles: Managing Users, Groups, and Roles [Page 59] Assigning Principals to Roles or Groups [Page 63] Locking or Unlocking Users [Page 65]

Managing Users, Groups, and Roles


Use
This function enables you to create, modify, and delete users, groups, and roles with the user management engine (UME). This enables you to define these objects so you can then group them according to your access management strategy.

Prerequisites
To manage users, groups, or roles, you must be assigned a role that includes the relevant actions or combination of actions. For example, to assign roles to users, your role assignments must include UME actions that enable you to change both principals, roles and users, such as UME.Manage_Roles and UME.Manage_Users. The figure below summarizes the UME actions available by default in the SAP NetWeaver Application Server (AS).

Administration Guide

59

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Super Administrators All


Users

Administrators Company-Specific
Manage_Users Manage_User_Passwords

Business Users Profile-Specific


Manage_My_Profile Read_My_Profile Manage_My_Password

Manage_All_Companies Manage_All_User_Passwords

Groups Manage_All Read_All UME Roles

Manage_Groups

Manage_Roles

Specific Functions

Import and Export


Batch_Admin

Self-Registration
Selfregister_User

Portal- Manage_All Specific AclSuperUser

Manage_Role_Assignments

UME Actions According to Principal and Role Along the top of the figure is a list of role archetypes. For example, if you are an overall administrator, under Administrators All is a list of actions appropriate to that role. The rows represent the different permission areas or principals for which the actions are relevant. For example, the top row of blocks lists actions relevant to working with users, from full access to read-access to only your own profile. The last two rows refer to specific functions, such as permission to access the import and export functions, or profile-specific actions. Some actions are subsets of other actions. For example, UME.Manage_My_Profile includes UME.Manage_My_Password. Standard UME roles include such actions. The UME role Administrator includes UME.Manage_All, which enables you to display and change everything. By default, administrator roles are only assigned to administrators.

Features
Integration With ABAP User Management If your system is configured to use ABAP user management, PFCG roles from the ABAP system are displayed as groups in Identity Management. You cannot change or delete these groups using the AS Java tools. The only possible action is to assign UME roles to them. You can create new groups, which are then stored in the database of the AS Java and are not created as PFCG roles in the ABAP system. Principal Locking Identity Management locks principals you are currently editing. Other users, who attempt to edit the user, group, or role you are editing, receive a warning that the principal is being edited by another user. The lock prevents multiple users from editing the same principal and accidentally overwriting each others work.

Administration Guide

60

SAP NetWeaver Application Server, JavaTM EE 5 Edition

This lock only applies to Identity Management (either stand-alone or integrated into the NetWeaver Administrator or SAP NetWeaver Portal). If you use another application or access the principal with back-end tools, such as management tools for a directory service, the lock does not apply. The lock is session based. If you open another browser window within the same session, for example, in Internet Explorer by typing CTRL + N, the lock does not apply. Both windows can simultaneously edit the same principal. If you open another browser window in a new session, for example, by choosing the browser application from the Windows Start menu, even if you log on to the Identity Management application as the same user, you cannot simultaneously edit the same principal.

Activities
Under identity management, you can perform the following activities: Activity Search for a user, group, action, or role (simple search) How to Perform the Activity
...

1. In the search area, choose the type of object you are looking for: user, group, action, or role. 2. Optionally enter a string to search for. The search function searches for this string in the user ID (users only) and name. Use the asterisk (*) as a wildcard. If you do not enter any text, the search function returns a list of all users, groups, actions, or roles, depending on the principal you chose. 3. Choose Go. A list of search results appears in the search view.

When searching for portal roles, you can only search for the URL path below the portal content directory (PCD). You cannot search for the full path. You can narrow the search by selecting the data source you want to search, if there is more than one data source. A federated portal network adds some complexity. For roles only, you can search remote data sources, meaning remote portal systems in your network. If you search All Data Sources this includes the remote portals. For all other principals (users, groups, and actions)

Administration Guide

61

SAP NetWeaver Application Server, JavaTM EE 5 Edition the search only includes the data sources relevant to your local portal.
...

Search for a user (advanced search)

1. In the search area, choose User as the type of object you are looking for. 2. Choose Advanced Search. 3. Enter your search criteria in the required fields in the various tabs. 4. Choose Search. A list of search results appears in the Search view.

View detailed information on a user, group, action, or role Create new user, group, or role

In the search results list, select the user, group, action, or role. The detailed information appears in the Details view below. 1. In the search area, choose the type of object you wish to create. 2. Choose Create. 3. Enter data as required in the Details view.

Copy an existing user

In the search results list, select the user you want to copy.
...

1. Choose Copy to New. 2. Enter a logon ID and define a password. 3. Choose Save.
...

Change existing user, group, action, or role

1. In the search results list, select the user, group, action, or role you want to change. 2. Choose Modify. 3. Change the data as required. 4. Choose Save.

Delete a user, group, or role We recommend that you do not delete users, rather lock the user and set the expiration date of the account. Only delete a user after a period of time in accordance with your local auditing regulations.
...

1. In the search results list, select the user, group, or role that you want to delete. 2. Choose Delete. If you delete a user, you are prompted to write a reason for deleting the user. This text is sent to the user in a notification email, if you enabled e-mail notification.

Administration Guide

62

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Changing the logon alias of a user

To perform this activity, you must enable the use of a logon alias.
...

1. In the search In the search results list, select a user. 2. Choose Modify. 3. Choose the Additional Information tab. 4. Change the data as required. 5. Choose Save. Lock or unlock a user Assign a user to a group or a role See Locking or Unlocking Users [Page 65] See Assigning Objects to Roles or Groups [Page 63].

Assigning Principals to Roles or Groups


Use
You can assign principals (users, roles, and groups) to roles and groups as follows: Roles
...

Users Groups Actions Actions include UME actions as well as security roles.

Groups Users Groups Roles

Roles Roles reflect a users function. By assigning a role to a user, you provide the user with the authorizations or functions that he or she needs to fulfill specific tasks. You can also indirectly assign a role to a user by assigning the group to which the user belongs to the role. You can display the following types of roles: Portal roles These roles define how content is grouped together and how it is displayed in the SAP NetWeaver Portal. By assigning a user or group to a portal role, you define which content that user or group sees in the portal. During assignment, the system checks the Role Assigner permission to see if you have the proper rights to assign the role. User management engine (UME) roles

Administration Guide

63

SAP NetWeaver Application Server, JavaTM EE 5 Edition These roles define a set of authorizations. By assigning a user or group to a UME role, you grant the set of authorizations that the role defines to the assigned user or group.

Do not assign roles that are in the SAP namespace, for example, roles that begin with com.sap.portals. Instead, assign users to delta links of roles that are in the SAP namespace. This prevents your changes from being overwritten when you upgrade your portal. By default, roles that contain the SAP namespace com.sap.portals are not displayed in the role assignment function. Groups A group is a collection of users and serves to create sets of users who have something in common, for example, users who work in the same department or users who have similar tasks in a company. Groups make it easier to manage users, for example, you can assign a role to a group instead of assigning the role to each user individually. It is also possible to create a hierarchy of groups, where groups are assigned to other groups. This can serve to represent the hierarchy in a company, for example. If you are using AS for ABAP as a data source, ABAP roles appear as groups.

Restrictions
Restrictions to group assignments (if any) depend on the data source where the principals reside. For more information, see the following: Database Only as Data Source [Page 53]

Prerequisites
To assign principals, you must be assigned a role that includes the relevant actions. For example, to assign users to a role, you must have the right to manage both users and roles. For more information, see Managing Users, Groups, and Roles [Page 59].

Procedure
...

1. Search for a role or group. 2. In the search results list, select the role or group. 3. Choose Modify. 4. Choose Assigned Users, Assigned Groups, Assigned Actions, or Assigned Roles as required. 5. Under Available Users, Available Groups, Assigned Actions, or Available Roles, search for the principal you want to assign to the role or group.

You can narrow the search by selecting the data source you want to search, if there is more than one data source. A federated portal network adds some complexity. For roles only, you can search remote data sources, meaning remote portal systems in your network. If you search All Data Sources this includes the remote portals. For all other principals (users, groups, and actions) the search only includes the data sources relevant to your local portal.

Administration Guide

64

SAP NetWeaver Application Server, JavaTM EE 5 Edition

You can view the details of assigned and available principals. To view the details, click the principal Name or Logon ID, and choose Show Details. The details appear in a new window..

6. Select the principal from the search results list and choose Add. The principal appears in the list of assigned principals. If you make a mistake or want to remove a principal, select the principal and choose Remove. 7. Choose Save.

Locking or Unlocking Users


Use
Locked users are deactivated and cannot access applications. There are two ways of locking users: Automatically The system can lock a user automatically if the user tries to log on too many times with the wrong password. Optionally the system can unlock the user automatically after a configurable amount of time elapses. ume.logon.security_policy.lock_after_invalid_attempts sets how many failed logon attempts after which the user is locked. ume.logon.security_policy.auto_unlock_time sets the amount of time after which the user is unlocked.

Explicitly An administrator can lock a user using the procedure described below. The administrator must subsequently unlock the account for the user to regain access to the system.

The following procedure describes how an administrator explicitly locks or unlocks a user. Users are informed that their user has been locked when they enter their correct user ID and password during logon. For security reasons, if they enter the wrong password during logon, they are only informed that either the user does not exist or the password is wrong.

Procedure
...

1. In the search results list, select the user you want to lock or unlock. Use the advanced search to find locked users. Set Password Locked to find users, whose accounts have been locked automatically (due to failed logon attempts).

If you use a directory server as the data source, searching for locked passwords finds no users. You cannot search a directory server for users with locked passwords. Set User Account Locked to find users, whose accounts have been locked explicitly by the administrator.

2. Choose Lock or Unlock as required.

Administration Guide

65

SAP NetWeaver Application Server, JavaTM EE 5 Edition You are prompted to write a reason for locking/unlocking the user. This text is sent to the user if you have enabled notification e-mails. It is also stored in the users account history. 3. Enter a text and choose Lock or Unlock.

Troubleshooting the UME


This sections describes the troubleshooting options available for identity management and the user management engine (UME). Activating the Emergency User [Page 66] Logging and Tracing [Page 67] Checking the Consistency of Entries in the UME Database [Page 74] Repairing Inconsistencies of Entries in the UME Database [Page 75] Downloading the UME Configuration [Page 77]

Activating the Emergency User


Use
In emergency situations you can activate the emergency user SAP* to enable you to log on to applications, in particular the configuration tools, and change the configuration. Such situations include the following: You configured user management incorrectly and can no longer log on to any applications All administrator users are locked

The SAP* user has full administrator authorizations. For security reasons, the SAP* user does not have a default password, so you must specify a password when you activate the user.

Once you have activated the SAP* user, no other user can log in to the system.

Prerequisites
The SAP NetWeaver Application Server (AS) Java is running as a Java-only installation.

If you are working with a combined AS ABAP and AS Java installation, log on to the ABAP system as an administrator or the emergency user SAP*. Then create a new administrator for the AS Java or unlock the administrator using the transaction SU01.

Procedure
...

1. Activate the SAP* user: a. Start the config tool for editing user management engine (UME) properties as described in Editing UME Properties [Page 53].

Administration Guide

66

SAP NetWeaver Application Server, JavaTM EE 5 Edition b. Set the following properties: Property ume.superadmin.activated ume.superadmin.password Value true <password> Comment This activates the SAP* user. Enter any password of your choice. This defines the password for the SAP* user.

c. Restart the AS Java. The SAP* user is now activated. While it is activated, all other users are deactivated. You can only log on with the SAP* user. 2. Fix your configuration as required, logging on with the user ID SAP* and the password you specified. 3. When you have fixed your configuration, deactivate the SAP* user again. a. Start the config tool for editing UME properties. b. Set the property ume.superadmin.activated to false. c. Restart the AS Java.

Logging and Tracing


Logging and Trace Files
The following files are available for logging important security events and helping administrators with troubleshooting: Security Logging Location in Log Viewer: ./log/system/security.<n>.log Location in file system: <drive>:\usr\sap\<SID>\<instance_number>\j2ee\cluster\serverX\log\s ystem\security.<n>.log This file contains the log entries of a number of security related services, including the following: Authentication User Management Virus Scanner Interface Web Services
Destination service

Security Audit Location in Log Viewer: ./log/system/security_audit.log

Administration Guide

67

SAP NetWeaver Application Server, JavaTM EE 5 Edition Location in file system: <drive>:\usr\sap\<SID>\<instance_number>\j2ee\cluster\serverX\log\s ystem\security_audit.log This file contains a log of important security events, such as successful and failed user logons, and creation or modification of users, groups and roles. For a complete list of events that are logged and the format in which they are logged, see What is Logged? [Page 69]. Trace Files Location in Log Viewer: ./log/defaultTrace.<n>.trc Location in file system: <drive>:\usr\sap\<SID>\<instance_number>\j2ee\cluster\serverX\log\d efaultTrace.<n>.trc This file contains all the trace information for the whole server and includes trace information for user management engine (UME) libraries and the UME Provider (com.sap.security.core.ume.service). The information in this file is on a fine-granular level and includes exceptions, warnings, and debugging information. It is mainly required by SAP support. Directory Server Logging When you use an LDAP directory server as a data source for the UME, you can configure log files to monitor and troubleshoot the connections. For more information, see the following: Directory Server Access Log [Page 71] Directory Server Connection Pool Log [Page 73]

Viewing Log and Trace Files in the Log Viewer


Use the SAP NetWeaver Administrator (NWA) to view log and trace files. For more information, see Log Viewer [Page 107]. For more information about viewing the specific predefined security view, see Specific Predefined Security View [Page 125].
...

Configuring the Log Viewer


Use the NWA to configure log and trace files. For more information, see Configuring Logs and Traces [Page 127].
...

Configuring Security Logging


Use UME properties to configure what is logged. The following options exist: Log the object ID of an event. Disable the logging of the actor of an event, only anonymous is recorded. Disable the logging of the client host address. Log the client hostname.

For more information about editing UME properties, see Editing UME Properties [Page 53].

Administration Guide

68

SAP NetWeaver Application Server, JavaTM EE 5 Edition

What is Logged?
Entries in the log file Each entry in the log file has the following format: [TimeStamp] | [Severity] | [Actor] | [Event] | [ObjectType] = [ObjectID] | [ObjectName] | [Details]

Feb 12, 2003 6:20:48 PM USER = | TestUser02

| Info | <systemuser> | LOGIN.OK |

The parts of the log file entries are described in more detail below: Timestamp Severity Includes time zone (UTC) Path = Low Info = Medium Warning = High Error = Very High Actor Event ObjectType ObjectID The logged in user or <systemuser> if no user was logged in (optional). Consists of a category (such as USER, LOGIN, ACL) and an action (such as CREATE, DELETE). The type of object involved in the event, for example, USER, USERACCOUNT, ROLE, GROUP, PRINCIPIAL or NONE Unique ID of the object. Only the object IDs of users, groups, UME roles, and user accounts can be displayed. For all other objects, only a hash value is available. Human readable description of the object (optional). Only the object names of users, groups, UME or portal roles, and user accounts can be displayed. Object names of other objects are not available. Additional information as a comma-separated list of key=value pairs.

ObjectName

Details

Events that are logged The following table lists at which events an entry is made in the log file and provides details on what information is logged. Event Principal modification User creation Medium Low User account creation Group creation Role creation High High High The new user The new user The new user account The new group The new role Company ID All user attributes Assigned user ID Assigned users and groups Assigned users and groups Assigned actions Severity Object ID Details

Administration Guide

69

SAP NetWeaver Application Server, JavaTM EE 5 Edition

User modification

Medium Low

The modified user The modified user The modified user account

If user was assigned to a company: Company ID All changed user attributes Password was changed (Forced to change / Success / Failed: Reason) User was locked (reason). User was unlocked Certificate was modified

User account modification

High

Possible reasons for a locked user are: [1]: User was locked due to too many incorrect logon attempts. [2]: User was locked by an administrator.

Group modification High The modified group

If group members were modified: Added or removed users and groups If role members were modified: Added or removed users and groups If actions were modified: Added or removed actions

Role modification

High

The modified role

User deletion User account deletion Group deletion Role deletion User mapping User mapping creation

Medium High High High

The deleted user The deleted user account The deleted group The deleted role

(no details) Assigned user ID (no details) (no details)

Medium

The mapped user

System alias Remote user ID Type of system (SAP_R3, SAP_BW, or SAP_CRM)

User mapping modification User mapping deletion User mapping usage

Medium

The mapped user

System alias Remote user ID

Medium

The mapped user

System alias Remote user ID

Medium

The mapped user

System alias

Administration Guide

70

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Remote user ID Login/Logoff Successful user logon Medium The used user account User ID Logon method/ Authentication scheme IP address Failed user logon High The used user account User ID Logon method/ Authentication scheme IP address Reason why logon failed (wrong password, user locked, ) User logoff Medium The used user account (no details)

Permission (checking) ACL creation ACL modification High High The object for which the ACL was created The object whose ACL was modified Owner Added or removed owners Added or removed ACEs (access control entries): (Principle, Permission) Changed object ID ACL deletion High The object to which the ACL was assigned The object the user wanted to access (if available) The object the user accessed (if available) (no details)

Access violation or access denied Access granted

Very high

Permission the user would have needed to access the object Permission that was needed to access the object

Low

Directory Server Access Log


Definition
The directory server access log records the duration and type of requests made to the directory server configured as data source for the user management engine (UME).

Use
You can configure the UME to log access to your LDAP directory server. This enables you to monitor how long different types of searches take to optimize or troubleshoot directory server access.

Administration Guide

71

SAP NetWeaver Application Server, JavaTM EE 5 Edition To enable the directory server access log file, set the indicator Record LDAP Access.

This log does not have a maximum file size. Disable the log when you no longer need it. To view the log file, use any text editor.

Structure
When enabled, the UME creates the directory server access log file, sap.access.audit, in the following location: <drive>:\usr\sap\<SID>\<instance>\j2ee\cluster\server<n> When you start the SAP NetWeaver Application Server (AS) Java, the system checks for the existence of a previous log. If a log exists, the system appends a time stamp to the file name and creates a new log file. Description of Log File Entries Field Time stamp Request type Request parameter Description Time and date the log entry was made. search or read, including the time in seconds since Jan 1, 1970. For a search request, the parameter includes the base path where the search starts in the directory server structure and any search filter applied. For a read request, the parameter include the attributes to be read. Request duration The duration of the request in milliseconds.

Integration
You can also monitor the LDAP connection pool. For more information, see Directory Server Connection Pool Log [Page 73].

Example
Below is an example of the log output for a search request: Mon Dec O9 10:07:32 CET 2005-12-05 performSimpleSearch: ldap access at 1133773652735 with search base: searchfilter(&(objectclass=user)(samaccountname=administrator)) Mon Dec 05 10:07:32 CET 2005 performSimpleSearch returning from ldap after:6 ms

Administration Guide

72

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Directory Server Connection Pool Log


Definition
The user management engine (UME) can use a directory server as a data source. The UME accesses the directory server through a number of connections in a connection pool. The directory server connection pool log takes a snapshot of the connections in the connection pool, reporting their state: idle or in use. You can configure how often the system records the state of the connections. The UME creates a separate log for each connection pool. There is a connection pool for each object class configured.

Use
You can use the directory server connection pool log to monitor how the directory server connections in the pool are being used. This enables you to troubleshoot connection problems and optimize performance. To enable the directory server connection pool log, configure the setting Monitoring Interval.

This log does not have a maximum file size. Disable the log when you no longer need it. To view the log files, use any text editor.

Structure
When enabled, the UME creates the directory server connection pool log file, sapum_cpmon_<hostname>_<port>_<object_ID>.log, in the following location: <drive:>\usr\sap\<SID>\<instance>\j2ee\cluster\server<n> The file name uses the following syntax: sap.um_cpmon_<hostname>_<port>_<objectID>.log Hostname and port refer to the directory server. Object ID refers to the object class; the default values are GRUP, UACC, and USER. When you start the SAP NetWeaver Application Server (AS) Java, the system overwrites the log files. Directory Server Collection Pool Log Fields Field Time stamp Open connections Used connections Idle connections Waiting threads Description Time and date the log entry was made. Number of connections in the connection pool. Number of connections in the connection pool that are currently in use. Number of connections in the connection pool that are idle. Number of threads waiting for a connection.

Integration
You can also monitor access to the directory server. For more information, see Directory Server Access Log [Page 71]. Administration Guide 73

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Example
Below is an example of the log output: Jndi connection pool status for pool Time / open connections / used connections / idle connections / waiting threads 02.12.2005 10:39:16.100: 1 0 1 0 02.12.2005 10:39.18.102: 1 0 1 0

Checking the Consistency of Entries in the UME Database


Use
To eliminate inconsistency that can arise in the database of the User Management Engine (UME), use the UME Consistency Checker.

Some causes of inconsistencies include: Changing an external data source, such as a directory server, with external tools. This includes deleting a user, creating a user with the same unique ID as a user in the SAP NetWeaver Application Server (AS) Java database, or changing the unique ID of a user. Failure of an AS Java node.

If you regularly manage an external data source with external tools, consider running a consistency check on a regular basis.

Prerequisites
The consistency check can generate a heavy load for your AS Java and any connected data source. Plan to run the consistency check when there is little user traffic. If necessary, remove a server node from load-balancing and run the consistency check on that server. You must have a user assigned to a role with one of the following UME actions: UME.Read_All enables you to run a consistency check, but you cannot repair any inconsistencies. UME.Manage_All grants you full access to the Consistency Checker.

Procedure
...

1. Start the Consistency Checker tool. For users of the SAP NetWeaver Administrator, choose System Administration Admininstration Identity Management Consistency Checker. For all others, start the standalone user administration console and choose Consistency Checker.

2. Choose Choose Working Directory.

Administration Guide

74

SAP NetWeaver Application Server, JavaTM EE 5 Edition Enter the path the Consistency Checker should use on the AS Java to write the consistency check and repair logs. The Consistency Checker uses the default directory: /tmp/SAP_UME_DB_CHECK_RESULTS/.

Make sure the directory you choose does not contain files you want to save. The Consistency Checker deletes all files and subdirectories in the target directory. 3. Save the working directory. 4. Choose Start Check.

Choose Interrupt Check to stop the consistency check. 5. Choose Refresh until the message Check process finished: <result> appears. The Consistency Checker reports the result of the check process as well. The result is either inconsistencies found or not.

Result
To view the results of the consistency check, choose View Check-Log. In the Log of Check Process view, you can see which principals (objects) the Consistency Checker checked and any errors that resulted. The Consistency Checker writes this log to the working directory under the filename check.log. Whenever you start a check process, the Consistency Checker overwrites this log. The log entries identify each principal that the Consistency Checker checks with an INFO entry. The following entry indicates either INFO PASSED or ERROR with an error description. If the Consistency Checker found an error, it follows the ERROR description entry with an ERROR FAILED entry. Each entry includes a time stamp. With this information you can decide if you want to repair the UME data [Page 75].

Repairing Inconsistencies of Entries in the UME Database


Use
Use this procedure to remove inconsistencies in the database used by the User Management Engine (UME).

Prerequisites
You have found inconsistencies in the database entries for the UME using Consistency Checker. See Checking the Consistency of Entries in the UME Database [Page 74]. You have access to a user, which has been assigned a UME role with the UME action UME.Manage_All.

Procedure
...

1. Back up the database of the SAP NetWeaver Application Server (AS) Java.

Administration Guide

75

SAP NetWeaver Application Server, JavaTM EE 5 Edition

The Consistency Checker makes changes directly in the database. To undo the changes, you must prepare a backup. 2. Choose Start Interactive Repair. The Consistency Checker displays the Interactive Repair Process view. In this view, the Consistency Checker offers one or more the following repair options for each error found: Delete a principal This option deletes all database entries with this principal. Delete an attribute of a principal in a specific name space This option deletes all database entries with this attribute in the given namespace for a specific principal. Delete a value of an attribute of a principal. This option deletes the database entry with this value for the specific attribute and principal. The Consistency Checker also provides a description for each error. 3. Select the required repair options. 4. Determine if you want to send delete notification. The delete notification alerts applications which implement registered listeners to changes in the database.

This enables SAP NetWeaver Portal Knowledge Management to its update access control lists (ACL). To send delete notification, set the indicator Send Delete Notifications to Components Outside UME. 5. Set the indictor Ensure that the database has been backed up. It will not be possible to undo afterwards. This step is a reminder for you to backup the database of the AS Java. 6. Choose Start the Repair Process.

Choose Interrupt Repair to stop the repair process. 7. Choose Refresh until the message Repair process finished: <result> appears.

Result
The Consistency Checker finishes with one of the following results: Repair process finished: no inconsistencies remain. The Consistency Checker has removed all inconsistencies from the database. Repair process finished: inconsistencies remain. You did not choose all the repair options suggested by the Consistency Checker.

Administration Guide

76

SAP NetWeaver Application Server, JavaTM EE 5 Edition

The Consistency Checker sometimes suggests more than one repair option for a single error. If you choose only one repair option, the Consistency Checker reports that inconsistencies remain. To be sure that no more inconsistencies remain, run the consistency check again. To view the results of the repair process, choose View Repair-Log. In the Log of Repair Process view, you can see which repairs the Consistency Checker made. The Consistency Checker writes this log to the working directory under the filename repair.log. Whenever you start a repair process, the Consistency Checker overwrites this log.

Example
To understand how the Consistency Checker repairs inconsistencies, it is helpful to understand how the UME stores data in the database of the AS Java. Among other data, the UME stores the following in the database: Principal ID Attribute namespace Attribute Value

A database table might look like the following: UME Data in the Database Principal ID principal1 principal1 principal1 Namespace com.sap com.sap com.sap Attribute attribute1 attribute1 attribute2 Value x y z

Depending on the repair option you choose, the Consistency Checker deletes different rows from the table. If you choose to delete principal1, the Consistency Checker deletes all the rows in the table. If you choose to delete attribute1 in namespace com.sap, the Consistency Checker deletes the first two rows. If you choose to delete value x, the Consistency Check deletes only the first row.

Downloading the UME Configuration


Use
If you encounter a problem you cannot solve on your own and you suspect the user management engine (UME), you can download the UME configuration as a zip file to attach to your customer message.

Administration Guide

77

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Procedure
...

1. Start UME configuration. 2. Choose the Data Sources tab. 3. Click Download Configuration Zip File. 4. Save the file to your file system.

Result
You can now attach the zip file to your customer message to SAP Support.

Configuration Management
The configuration management includes the following options for configuring your system: Virtual Host Configuration [Page 78] This function enables you to create new virtual hosts and configure existing ones for your system. Managing Login Modules [Page 81] Managing Authentication Policy for AS Java [Page 82] JMS Server Configuration [Page 85] This function enables you to view and manage JMS provider server configurations. Java System Properties [Page 87] Information is organized in a tree view containing all the important configuration data for the selected systems, such as the VM settings and services configuration. This is an informative view only. To change a systems configuration, use the local configuration tool. Viewing System Properties [Page 87] Viewing Application Modules Configuration [Page 88] This is a solution that contains details of the deployed applications as well as several types of modules (such as Web and EJB modules) where configuration settings can be viewed and altered. Application Resources Management [Page 89] This allows applications to make use of external resources. Application resources can be configured as well as created and deleted by the administrator.

Virtual Host Configuration


Use
Using the SAP NetWeaver Administrator, you can create new virtual hosts and configure existing ones for all registered systems.

Administration Guide

78

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Features
The options for creating a new virtual host are described in Creating a New Virtual Host [Page 79]. For each virtual host you can configure the following properties: General properties [Page 80] HTTP aliases [Page 80] Application aliases [Page 81]

Activities
You can display the overview page for existing virtual hosts if you choose System Management Configuration Virtual Hosts. The Virtual Hosts frame on the right contains a table listing all virtual hosts on all registered systems. If you select a virtual host from the list, the configuration settings for it are displayed in the Details frame.

Creating a New Virtual Host


Procedure
With Default Settings
...

1. Choose Create from the Virtual Hosts frame. The Create Dialog screen appears. 2. Specify the name of the virtual host in the New Virtual Host Name. 3. Choose the system this virtual host is created on from the System Name dropdown list. 4. Choose OK.

Default settings means the new virtual host is created using the default settings of the default virtual host for the corresponding system.

Cloning an Already Existing Virtual Host


...

1. Select the virtual host you want to clone from the table in the Virtual Hosts frame. 2. To create a new virtual host with the same settings as the selected one, choose Copy. The Create Dialog screen appears. 3. Specify the name of the new virtual host in the New Virtual Host Name. 4. Choose OK. The new virtual host is created in the same system where the original virtual host resides.

Administration Guide

79

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Configuring the General Properties


Use
You can use this procedure to configure the following functions of a virtual host: Configure the document root of the host as well as the start page that is displayed to the client if the document root of this host is requested. Enable/disable logging of requests and responses to/from this host. Enable/disable the use of persistent HTTP connections. Manage the virtual hosts cache. Allow/disallow the virtual host to list the content of the requested directory.

Procedure
...

1. Select your host from the list in the Virtual Hosts frame. 2. Configure the following functions in the General tab in the Details frame: Function Configure the root directory Procedure Specify the absolute path to the document root directory of your virtual host in the Root Directory. Specify the path (relative to the document root of the virtual host) to the HTML file that you want to use as a start page in the Start Page. Select/deselect Log Responses. Select/deselect Use Cache.

Configure the start page

Enable/disable logging Enable/disable caching

If your host uses caching, you can clear its cache content by choosing Clear Cache in the Virtual Hosts frame. Enable/disable the use of persistent HTTP connections Allow/disallow listing of directories content Select/deselect Keep Alive. Select/deselect Directory List.

3. To save your settings, choose Save in the Virtual Hosts frame.

Defining HTTP Aliases on a Virtual Host


Use
You can use this procedure to set various HTTP aliases to directories with static Web pages on the local file system.

Administration Guide

80

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Procedure
...

1. Choose the virtual host for which you want to define an alias from the list in the Virtual Hosts frame. 2. Choose the Aliases tab in the Details frame. 3. Choose Add Alias. This adds an empty row in the table. 4. Enter the alias name in the Name field, and the path to the directory in the local file system where the corresponding resource resides in the Path field. 5. To save your settings, choose Save in the Virtual Hosts frame.

To remove an existing alias, select the alias name from the list of aliases and choose Remove Alias.

Activating and Deactivating Application Aliases


Use
You can use this procedure to specify whether or not a Web applications alias is available on a particular virtual host. You do this by selecting or deselecting the corresponding application alias from the list.

Prerequisites
You must first have the Java EE Web applications deployed so that their aliases are added to the list of available application aliases. Then you can decide which one to disable.

Procedure
...

1. Choose the virtual host for which you want to define an alias from the list in the Virtual Hosts frame. 2. Choose the Application Aliases tab from the Details frame. 3. To activate/deactivate an application alias, select/deselect the Active field for it. 4. To save your settings, choose Save in the Virtual Hosts frame.

Managing Login Modules


...

Use
The authentication configuration functions of the SAP NetWeaver Administrator (NWA) enable you to manage the login modules registered on the AS Java system.

Procedure
1. Using the NWA, go to Configuration Management Security Management Authentication.

Administration Guide

81

SAP NetWeaver Application Server, JavaTM EE 5 Edition 2. Choose the Login Modules tab to manage the login modules registered for the AS Java. a. Select a login module from the list to display its detailed information. b. Choose Edit to manage login modules as shown in the table below. Action Add a new login module Procedure
...

1. Choose the Add button for the Login Modules list. 2. In the fields that are provided, enter: a. Display Name for the new login module. b. Class Name of the new login module. c. Optional Description of the new login module. d. Choose Ok to add the new login module to the list of login modules.
...

Manage login module options

1. Select a login module from the Login Modules list. a. To add a new login module option, choose Add under Options for Selected Login Module. i. ii. Enter the name for the new login module option. Enter a value for the new login module option.

To enable debugging for a login module, you can configure the option debug with a value true. b. To remove a login module option, select the login module option and choose Remove under Options for Selected Login Module.
...

Remove a login module

1. Select the login module in the Login Modules list. 2. Choose Remove to remove the login module from the list.

3. Choose Save to confirm your changes, or Revert to cancel all changes to the last saved configuration.

Managing Authentication Policy for AS Java Components


Use
Use this section to manage the authentication stacks for the policy configurations of AS Java components. The authentication management functions of the SAP NetWeaver Administrator (NWA) enable you to manage component policy configurations, as well as the login modules registered in the authentication stacks of policy configurations. When you change the configuration options for the login modules in the authentication stacks of a policy configuration, the configured login module options apply only to the component policy configuration where the login module is used. To Administration Guide 82

SAP NetWeaver Application Server, JavaTM EE 5 Edition globally configure options for all usage instances of a login module in policy configurations, see Managing Login Modules [Page 81].

Procedure
...

1. Using the NWA, go to Configuration Management Security Management Authentication. 2. Choose the Components tab to access the policy configurations for the AS Java components.
...

a. To display the configured authentication stack for a policy configuration, select the policy configuration from the list of Component Policy Configurations. You can use the navigation buttons for the Component Policy Configurations list to navigate to a policy configuration. Alternatively, you can use the search functions to search for a policy configuration or to filter the displayed policy configuration by policy configuration type. In addition, the advanced search functions also enable you to find policy configuration that use a specific template or login module. b. Choose Edit to switch to editing mode and proceed to the sections below for information about managing the component policy configurations and their authentication stacks.

Manage Component Policy Configurations


Action Add a custom policy configuration Procedure
...

1. Choose Add from the Component Policy Configurations list. 2. Specify a name for the policy configuration. 3. Choose Ok.

The newly-created policy configuration is of type Custom.


...

Remove a policy configuration

1. Select the components policy configuration from the Component Policy Configurations list. 2. Choose Remove.

Manage Authentication Stacks for Component Policy Configurations


Action Add login module to an authentication stack Procedure
...

1. Select the components policy configuration from the Component Policy Configurations list. 2. Choose Add for the Authentication Stack table. 3. Choose a registered login module from the list to add it to the Authentication Stack. 4. Choose Ok to confirm your choice.

Administration Guide

83

SAP NetWeaver Application Server, JavaTM EE 5 Edition

The login module appears in the Authentication Stack list.


...

Apply an authentication template for a policy configuration

1. Select the components policy configuration from the Component Policy Configurations list. 2. Use the dropdown list in Details for Selected Component to choose a Referenced Authentication Template.
...

Manage a login module configuration in an authentication stack

1. Select the components policy configuration from the Component Policy Configurations list. 2. Select the login module from the Authentication Stack list. a. Choose the processing flag for the login module to open the dropdown list menu and choose a different flag. b. Use the MoveUp and MoveDown buttons for the Authentication Stack list to modify the processing position of the login module in the authentication stack. c. Configure the login module options in the Options for Selected Login Module list.

If you configure options for login modules in an authentication stack, you override the globally configured options for this login module. Therefore, you also have to configure all relevant options for this login module instance in the authentication stack.
...

Remove a login module from the authentication stack

1. Select the components policy configuration from the Component Policy Configurations list. 2. Select the login module from the Authentication Stacks list. 3. Choose the Remove button for the Authentication Stack table.

...

Choose Save to save your changes, or Revert to cancel them to the last saved configuration.

Administration Guide

84

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Managing JMS Server Configuration


Use
In the JMS Server Configuration: Overview screen of the SAP NetWeaver Administrator you can view and manage the JMS Provider configuration on the AS Java.

Procedure
If you want to Create a new topic or queue Then From the JMS Resource List choose Create JMS Topic. In the dialog box that appears, specify the name of the new topic or queue. Select a Virtual Provider and choose Save. Edit the settings of a topic Select the topic or queue to be edited from the JMS Resource List. In Details, edit the properties you want to change. When ready, choose Save. Create a new connection factory From the JMS Resource List choose Create JMS Connection Factory. In the dialog box that appears, specify the name of the new topic or queue. Select the Type of the connection factory. Select a Virtual Provider and choose Save. Removing a resource Select the resource to be removed from the JMS Resource List and choose Remove.

For more information about the details displayed for a resource, see JMS Details Description [Page 85]

JMS Details Description


This is the list of properties that sets up the topics, queues or connection factories. Some of the properties you can view in the SAP NetWeaver Administrator are purely informative, that is, you cannot edit them. Details and Durable Subscription Descriptions Configuration Property Name Agent Keep Alive Time Default Value 300 Used In topic, queue Description The time in seconds to keep the message delivery agent alive after the last consumer or producer is closed. The average message size in KB.

Average Message Size

topic, queue

Administration Guide

85

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Connection ID Client ID Connection Type

topic, queue connection factory connection factory

The connection ID. The client ID of the connection factory. Displays the type of the connection factory. Possible values are: ConnectionFactory TopicConnectionFactory QueueConnectionFactory XATopicConnectionFactory XAQueueConnectionFactory XAConnectionFactory

Set Limit To Delivery Attempts Count

true

queue

This property is relevant only for queue destinations. Limits the number of delivery attempts and points out if the undeliverable messages have to be moved to a dead message queue. See also Maximum Delivery Attempts. The ID of the destination. Indicates whether the destination is temporary. Switches the optional message property JMSXDeliveryCount on or off. Shows the number of time the message has been delivered to a customer. Defines the load balance behavior of the queue in case the destination has more than one consumer. The possible values are: Exclusive - the registering of a second consumer will fail. Round-robin - messages will be distributed among all registered consumers in a round-robin fashion.

Destination Id Is Temporary Enable JMS Delivery Count false true

topic, queue topic, queue topic, queue

Load Balance Behavior

queue

Maximum Delivery Attempts

queue

Defines the maximum number of delivery attempts. This property is active only if Set Limit To Delivery Attempts Count is set to true. The amount of data to be loaded with a DB roundtrip in KB.

Memory Queue Size

4096

topic, queue

Administration Guide

86

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Memory Queue Maximum Rows To Select NoLocal

topic, queue

The maximum number of messages to select from the database into the memory queue. The selector expression to filter messages for the durable subscriber. The subscription name. The ID of the durable subscriber. The total size of the work list buffer in bytes. The maximum number of messages to select from the database into the work list.

durable subscriber durable subscriber durable subscriber topic, queue topic, queue

Subscription Name Subscription ID Work List Buffer Size Work List Maximum Rows To Select

Viewing System Properties


Use
The SAP NetWeaver Administrator enables you to view online the current system configuration of the SAP NetWeaver Application Server, Java EE 5 Edition. This includes default property data and custom property data. Using the SAP NetWeaver Administrator, you can view properties that are valid for all server processes within an instance. You can also see the Java Virtual Machine (JVM) parameters for a particular instance. If you want to change these settings, you have to use the Config Tool [Page 16].

Procedure
To view the system properties, choose Configuration Management Infrastructure Management Java System Properties. If You Want To View default and custom property data for the application server managers or services Then 1. Choose Kernel / Services. 2. Select a manager or service. On the Extended Details tab page you see all properties listed with the corresponding value. If there is a custom default value, it is displayed as the custom value has priority over the default one. Otherwise, the default value is displayed. 3. To see more information about the property, choose Show Details.

Administration Guide

87

SAP NetWeaver Application Server, JavaTM EE 5 Edition


...

View the VM parameters of an instance


...

To see JVM memory settings, choose Memory VM Parameters. To see system properties, choose System VM Parameters. To see JVM environment properties, choose VM Environment. To see more JVM parameters, choose Additional VM Parameters.

View the properties of an application

1. Choose Applications. 2. Select an application. If the application has any properties, the Show Details button is enabled. Choose it to see all information available.

Viewing Web Modules' Configuration


Use
You use this procedure to view Web modules configuration. The SAP NetWeaver Administrator enables you to view configuration details for Web modules valid for all modules (set in the Global XML Descriptor) and configuration details valid for particular Web modules (set in the applications Web descriptors).

Prerequisites
You are in the Configuration Management Infrastructure Management Application Modules function.

Procedure
...

1. Select a Web module from the Modules List. The Web Module Details screen area opens.

When you display module details, not all tabs are visible on the Web Module Details screen area. To navigate between tabs in the screen, you use the arrow buttons. If you want to View Module Components Then
...

1. Choose the Components tab. 2. To view component details, select a component from the list. The Full Details screen area opens.

Administration Guide

88

SAP NetWeaver Application Server, JavaTM EE 5 Edition


...

Filter Default Components

1. Choose the Components tab. 2. Choose the Hide Default Components button. Default components defined in the Global XML Descriptor are not displayed. 3. To display default components again, choose the Show Default Components button.
...

View Component Mappings

Choose the Component Mapping tab. The available mapping details are: mapping name and type, component name and type, and the mapping definition location.
...

View Environment and Resource References

Choose the Environment tab. The Environment tab provides information about the name and type of references that are set for the module.
...

View JSP Groups Configurations

Choose the JSP Property Groups tab. It lists the configurations that are set for JSPs using a given pattern.
...

View Defined Welcome Pages View MIME Mappings

Choose the Welcome Pages tab.


...

Choose the MIME Mappings tab. It provides information about the mapping types, extensions, and definition location.
...

View Defined Error Pages

Choose the Error Pages tab. It lists the location, type, value, and definition location information about the modules specified error pages.
...

View Response Code Mappings

Choose the Response Status tab. It displays response code mappings with reason phrases and definition locations.
...

View Locale Encoding Mappings

Choose the Locale Encoding tab. It provides information about locales, their encodings and definition locations.

Application Resources Management


Use
You use the Application Resources function to create, edit, and delete application resources such as JDBC resources, resource adapters, connection factories, and so on.

Features
On the Application Resources Overview screen you can view all resources, or choose a specific resource type from the Show dropdown list box. Initially, all resources are listed in the Resources List area. Application resources can have the following states: Fully Available the resource is started and available on all cluster nodes.

Administration Guide

89

SAP NetWeaver Application Server, JavaTM EE 5 Edition Partly Available the resource is started and available on some cluster nodes only. Not Available the resource is unavailable on all cluster nodes. When you select a resource from the Resources List, its details are displayed in the Resource Details area. When you list a resources details, the SAP NetWeaver Administrator constructs a roadmap of one element only, the currently viewed resource. Each resource that the currently viewed resource depends on is listed on the Antecedent <resource type> tab. Each resource that depends on the currently viewed one is available on the Dependent <resource type> tab. You can view details for antecedent and dependent resources by selecting the resource in the relevant tab and choosing the <resource type> Details button, for example, if you are viewing DataSource aliases dependent on a DataSource, the button reads DataSource Alias Details . When you view the details of a resource that is antecedent to or dependent on the currently viewed one, its details are displayed in the Resource Details area and the SAP NetWeaver Administrator adds a new element to the roadmap. Thus, each resource that you view from the Antecedent and Dependent tabs is added to the roadmap and you can browse between dependent resources by choosing the corresponding element in the roadmap.

You list the details for the SAPDEMO_DS DataSource and the SAP NetWeaver Administrator constructs a roadmap of one element:

You choose the Dependent Data Source Aliases tab, select the alias testalias, and choose the Data Source Alias Details button. The Resource Details area is updated and displays the details for testalias. The SAP NetWeaver Administrator adds one more element to the roadmap. You can browse the resources by choosing the relevant element from the roadmap.

Activities
Managing JDBC Drivers [Page 91] Managing JDBC DataSources [Page 91] Managing JDBC DataSource Aliases [Page 95] Viewing Managed Connection Factories Configuration [Page 96] Managing JCA Connection Factories [Page 97] Viewing Outbound Resource Adapters Configuration [Page 99] Managing Resource Adapters [Page 99] Creating JMS Connection Factory References [Page 101] Creating JMS Destination References [Page 103]

Administration Guide

90

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Managing JDBC Drivers


Use
To create DataSources, you must first deploy a JDBC driver to be used. You can deploy both JDBC 1.x and JDBC 2.0-compliant drivers. You can also remove (undeploy) driver entries.

When you first log on to the system there is already a defined driver. This is the system driver. You cannot remove this driver.

Prerequisites
You are in the Configuration Management Infrastructure Management Application Resources function.

Procedure
Deploying a New JDBC Driver
...

1. Choose Create New Resource Deploy New JDBC Driver. 2. Enter an arbitrary name for the driver. 3. Choose Add New Driver File. 4. Browse to the driver files on the system. 5. Choose OK. 6. Choose Save.

Removing a JDBC Driver


...

1. Choose All JDBC Drivers from the Show dropdown list box. 2. Select the driver you want to remove. 3. Choose Delete Selected Resource.

Managing JDBC DataSources


Use
You use this procedure to manage JDBC DataSources. The SAP NetWeaver Administrator enables you to: Create JDBC DataSources Delete JDBC DataSources Manage connection pooling Manage transaction isolation levels for connections

Administration Guide

91

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Define the type of connections using the SQL Engine

When you perform and operation involving the default datasource, you must restart the cluster node for the changes to take effect.

Prerequisites
You are in the Configuration Management Infrastructure Management Application Resources function.

Procedure
If You Want To Create a Custom JDBC Data Source Then
...

1. Choose Create New Resource New JDBC Custom DataSource. The New JDBC Custom DataSource Creation area opens. 2. Specify the name of the application that is associated to the JDBC DataSource in the Application Name field. The system uses this name for the configuration that holds the JDBC DataSource. 3. Specify a unique name for the JDBC DataSource in the DataSource Name field. It is used when you look up the JDBC DataSource in the naming. 4. Select a driver from the Driver Name dropdown list box. 5. Select the SQL type support from the SQL Engine dropdown list box. 6. Select the transaction isolation level from the Isolation Level dropdown list box. 7. Select the JDBC type support from the JDBC Version dropdown list box. Depending on the JDBC version you choose, you have to enter the following additional information: If you choose JDBC 1.x support, you have to enter a driver class name, database URL, user name, and password. If you choose JDBC 2.0 support, you have to enter the data source type, ConnectionPool DataSource or XA DataSource. You must also enter the class name for the corresponding implementation provided by the driver and the vendor-specific initialization properties (serverName,

Administration Guide

92

SAP NetWeaver Application Server, JavaTM EE 5 Edition portNumber, and so on). You may also specify the class name for the ObjectFactory which provides instances of ConnectionPoolDataSource or XADataSource objects if there is one implemented by the driver vendor. 8. Choose Save. The newly created DataSource appears in the list of JDBC Custom DataSources.
...

Delete a JDBC Custom Data Source

1. Select a JDBC Custom DataSource from the Resources List. 2. Choose Delete Selected Resource.
... ...

Define SQL type support

1. Select a JDBC Custom DataSource from the Resources List. 2. Choose the Settings tab in the Resource Details. 3. To specify an SQL type support, select one of the available options from the SQL Engine dropdown list box: Open SQL the system returns a Database Interface (DBI) CommonConnection. By choosing this option, you choose to use all functions provided by SAPs Open SQL for Java that is, database vendor independence, SQL semantics, portability and syntax checks, SQL tracing mechanisms, statement caches, and table buffering. Native SQL the system returns a DBI DirectConnection. It provides only some of the functions of Open SQL for Java SQL tracing, and statement caching. Vendor SQL the system returns a standard JDBC connection without using DBI at all.

4. To save the selected option, choose Save.

Administration Guide

93

SAP NetWeaver Application Server, JavaTM EE 5 Edition


...

Define Transaction Isolation Level

1. Select a JDBC DataSource from the Resources List. 2. Choose the Settings tab in the Resource Details. 3. Select one of the available options from the Isolation Level dropdown list box: None this level indicates that the database does not support transactions Default the isolation level of the database in use The default isolation level for an Open SQL data source is Read Uncommited. Read Uncommited this level enables transactions to read data that is being modified by other transactions before they either commit or roll back Read Committed this level enables transactions to read data only after the modifying transaction has committed Repeatable Read this level guarantees that the data the transaction reads is not being modified by another transaction and will not change unless the reading transaction modifies it and commits. Serializable this level guarantees maximum data integrity, since only one transaction run as a single serial operation can both read and modify the data at a time. Other transactions can access the data only after the serializable transaction has committed or rolled back.

4. To save the selected option, choose Save.

Administration Guide

94

SAP NetWeaver Application Server, JavaTM EE 5 Edition


... ...

Manage Connection Pooling

1. Select a JDBC Data Source from the Resources List. 2. Choose the Connection Pooling tab in the Resource Details. 3. Specify the following parameters: Initial Connections number of connections that are obtained initially when the DataSource is created. Maximum Connections number of maximum connections from a single DataSource that are kept in the pool. Maximum Time to Wait for Connection when the maximum number of supported connections is reached and there are no free connections in the pool, the client waits the specified interval to obtain a connection. If the system does not return a connection to the pool during the interval, you get an exception thrown. Expiration enables the parameters for connection life control, that is, Connection Lifetime and Cleanup Thread. By default, this option is disabled. Connection Lifetime A period in seconds after which the connection expires if it is not in use. Cleanup Thread An interval in seconds between two consecutive threads run by the system to clean up unused connections.

4. To save the parameters, choose Save.

Managing JDBC DataSource Aliases


Use
You use this procedure to add or remove aliases for JDBC DataSources. Aliases are alternative names that are used by application components when they look up a JDBC DataSource. All aliases that are defined for a JDBC DataSource are available in the Dependent DataSource Aliases tab of a JDBC DataSource Resource Details area in the SAP NetWeaver Administrator. They become functional that is, the system binds them in the naming when the JDBC DataSource for which they are created is started.

Administration Guide

95

SAP NetWeaver Application Server, JavaTM EE 5 Edition

When you perform and operation involving the default datasource, you must restart the cluster node for the changes to take effect.

Prerequisites
You are in the Configuration Management Infrastructure Management Application Resources function.

Procedure
Creating Aliases
...

1. Choose Create New Resource New JDBC DataSource Alias. 2. Enter an arbitrary name for the alias. 3. Choose a DataSource for the alias to be directed to from the DataSource Name dropdown list box. 4. Choose Save.

Removing Aliases
...

1. Select All JDBC DataSource Aliases from the Show dropdown list box. 2. Select the alias to be removed. 3. Choose Delete Selected Resource.

Redirecting Aliases
...

1. Select All JDBC DataSource Aliases from the Show dropdown list box. 2. Select an alias from the list. 3. Choose Settings in the Resources Details area. 4. Choose the DataSource you want to redirect the alias to from the DataSource Name dropdown list box. 5. To save your changes, choose the Save button in the Resources Details area.

Viewing Managed Connection Factories' Configuration


Use
You use this procedure to view the configuration of Managed Connection Factories (MCF) described in currently deployed outbound resource adapters.

Prerequisites
You are in the Configuration Management Infrastructure Management Application Resources function.

Procedure
...

1. Choose Show All JCA Managed Connection Factories.

Administration Guide

96

SAP NetWeaver Application Server, JavaTM EE 5 Edition 2. Select a Managed Connection Factory from the list. 3. To view the MCFs corresponding connection factory definition, choose the Dependent JCA Connection Factories tab.

Managing JCA Connection Factories


Use
You use this procedure to view connection definitions and manage their connection pooling and configuration properties. JCA Connection Factories are defined by an outbound resource adapter. To view the defining adapter, choose the Antecedent JCA Resources tab.

Changing property values may significantly alter the function of the resource adapter, which may also affect other applications that use it. Therefore, you must be careful when modifying the CF properties.

Prerequisites
You are in the Configuration Management Infrastructure Management Application Resources function.

Procedure
Cloning Connection Factories
Choose Show...

1. Choose Show All JCA Resources. 2. Select the JCA Resource with the JCA Connection Factory you wish to clone from the Resources List. 3. Choose the Dependent JCA Connection Factories tab. 4. Select the JCA Connection Factory to be cloned. 5. Choose Copy & Add New JCA Connection Factory. The New JCA Connection Factory Creation area opens. 6. Enter an arbitrary name for the CF in the JNDI Name field. 7. If you want to add aliases for the CF, choose Add New Alias and enter an arbitrary name for the alias in the Alias Name field. 8. To modify configuration properties, choose the Configuration Properties tab. a. Select a property and modify the values in the Name, Type, Value, and Description fields as necessary. 9. To set connection pooling parameters, choose the Connection Pooling tab. a. Specify the following values: Maximum Connections Maximum connections that are kept in the pool.

Administration Guide

97

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Maximum Time to Wait for Connection When the maximum number of supported connections is reached and there are no free connections in the pool, the client waits for the specified interval to obtain a connection. If the system does not return a connection to the pool during the interval, an exception is thrown.

10. To save the cloned Connection Factory, choose Save. To view the newly created Connection Factory, choose Show All JCA Connection Factories.

Configuring JCA Connection Factories


1. To modify a Connection Factory configuration at runtime, choose Show All JCA Connection Factories. 2. Select a Connection Factory from the Resources List. If You Want To Delete a Connection Factory Manage Connection Pooling Then
...

Choose Delete Selected Resource.


...

1. Choose the Connection Pooling tab in the Resource Details area. 2. Specify the following parameters: Maximum Connections Maximum connections that are kept in the pool. Maximum Time to Wait for Connection When the maximum number of supported connections is reached and there are no free connections in the pool, the client waits for the specified interval to obtain a connection. If the system does not return a connection to the pool during the interval, an exception is thrown. Expiration Enables the parameters for connection life control that is, Connection Lifetime and Cleanup Thread. By default, this option is disabled.

...

Add an Alias

1. Choose the Name Space tab. 2. To add an alias, choose Add New Alias. A blank new line appears at the top of the list of aliases. 3. Enter an arbitrary name for the alias and choose Save button in the Resource Details area.
...

Remove an Alias

1. Choose the Name Space tab. 2. To remove an alias, choose an alias and choose Remove Selected Alias.
Enter an arbitrary name for the alias and choose Save.

Administration Guide

98

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Viewing Outbound Resource Adapters' Configuration


Use
You use this procedure to view the configuration of outbound resource adapters deployed on the AS Java. With the Application Resources function, you can view the transaction support, authentication mechanism, reauthentication support, and connection definitions of outbound resource adapters.

Prerequisites
You are in the Configuration Management Ifrastructure Management Application Resources function.

Procedure
...

1. Choose Show All JCA Resources. 2. Choose Settings in the Resource Details area. The Settings tab displays the following details for the outbound adapter: Transaction Support Reauthentication Support Authentication Mechanisms

3. To view connection definitions, choose Dependent JCA Connection Factories.

On the Dependent JCA Connection Factories tab, you can also clone connection factories. For more information, see Managing JCA Connection Factories [Page 97].

Managing Resource Adapters


Use
A resource adapter is initially configured at deployment time with the parameters set in its deployment descriptors the standard ra.xml and the additional connector-j2ee-engine.xml. Most of the settings cannot be edited at runtime.

Prerequisites
You are in the Configuration Management Infrastructure Management Application Resources function.

Procedure
1. Choose Show All Resource Adapters. 2. Select a resource adapter from the Resources List.

Administration Guide

99

SAP NetWeaver Application Server, JavaTM EE 5 Edition

If You Want To Add properties

Then
...

1. Choose the Properties tab. 2. Choose Add New Property. 3. Specify the following values: Name Type Value Description

4. To save your changes, choose Save in the Resource Details area.


...

Remove properties

1. Choose the Properties tab. 2. Select a property. 3. Choose Remove Property. 4. To save your changes, choose Save in the Resource Details area.
...

Add loader references

1. Choose the Loader References tab. 2. Choose Add New Reference. 3. Specify the relevant value in the Name field. 4. To save your changes, choose Save in the Resource Details area.
...

Remove loader references

1. Choose the Loader References tab. 2. Select a reference. 3. Choose Remove Reference. 4. To save your changes, choose Save in the Resource Details area.
...

Add message listeners

1. Choose the Message Listeners tab. 2. Choose Add New Message Listener. 3. Specify the following values: Name Type Activation Spec Class

4. To save your changes, choose Save in the Resource Details area.

Administration Guide

100

SAP NetWeaver Application Server, JavaTM EE 5 Edition


...

Remove message listeners

1. Choose the Message Listeners tab. 2. Select a message listener. 3. Choose Remove Message Listener. 4. To save your changes, choose Save in the Resource Details area.

Creating JMS Connection Factory References


Use
You use this procedure to create JMS Connection Factory References.

Prerequisites
You are in the Configuration Management Infrastructure Management Application Resources function.

Procedure
...

1. Choose Create New Resource New JMS Connection Factory Reference. The New JMS Connection Factory Reference Creation screen area opens. 2. Choose Settings. 3. Complete the following fields: Application Name Specify a name to which the Connection Factory is assigned. This name is used for the configuration that holds the object. Factory Name Enter a name for your Connection Factory. The system uses it to bind the factory in the naming system. You can look up the Connection Factory using this name. Client ID Enter a unique client identifier. It is also assigned to the connection that is created with this Connection Factory. The Client ID is not a required field. If you leave it empty, it defaults to the client ID of the connection factory from the JMS provider. Description You can enter descriptive text about the Connection Factory. However, this is not required. 4. Choose a factory type from the SAP Factory Type dropdown list box. To use the AS Java JMS Provider, choose Local. When you use the AS Java JMS Provider, you have to specify the factory type according to the JMS specification from the JMS Factory Type dropdown list box.

Administration Guide

101

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Optionally, you can also specify the virtual JMS provider to use in the Virtual Provider Name field.

To use a JNDI-based provider, choose JNDI Context: Enter a Link Factory Name in the corresponding field. The link factory name is the JNDI name for a JNDI-bound JMS factory from the JMS Provider. This holds for both the AS Java JMS Provider and external JMS Providers. Specify the following additional properties: i. ii. iii. Choose Add New Property from the Properties screen area. Enter initial-context-factory in the Name field. This is a mandatory property. Enter the implementation of javax.naming.spi.InitialContextFactory that your client uses to obtain the initial naming context in the Value field. Choose Add New Property from the Properties screen area. Enter provider-url in the Name field. This is a mandatory property. Enter the provider URL in <host>[:<port>] format in the Value field. Choose Add New Property from the Properties screen area. Enter security-principal in the Name field. This is an optional property. In the Value field, enter the name of the entity (user) that is authenticated when the connection to the JMS provider is established. The Security Principal and the Security Credentials are included in the naming context when the connection factory is looked up from the naming. Choose Add New Property from the Properties screen area. Enter security-credentials in the Name field. This is an optional property. In the Value field, enter the credentials (typically a password) that authenticate the security principal to the JMS provider.

iv. v. vi. vii. viii. ix.

x. xi. xii.

If you choose Object, you have to specify the following values: Object Factory Name Enter the Java fully qualified name of the class implementing the javax.naming.spi.ObjectFactory interface. Class Name Enter the Java fully qualified name of the class that implements javax.jms.QueueConnectionFactory or javax.jms.TopicConnectionFactory interface.

To use the SONIQ MQ JMS Provider, choose SJO. Enter the appropriate SJO file name in the corresponding field.

5. Complete the following fields: Library Name

Administration Guide

102

SAP NetWeaver Application Server, JavaTM EE 5 Edition Enter a library that is used to obtain a connection factory instance. This is a library deployed on the server and containing the archive files of the JMS provider, that is, the implementation of the JMS Provider. User Name Enter a user name for authentication to the JMS provider. The JMS system assigns it by default to the connections created by this Connection Factory unless you specify a different user name for a connection. Password Enter a password corresponding to the user name. 6. To create additional properties, choose the Properties tab. 7. Choose Add New Property. 8. Enter a name and value for the property. 9. To create an alias, choose the Aliases tab. 10. Choose Add New Alias. 11. Enter a name for the alias. 12. To save the JMS Connection Factory Reference, choose the Save button.

Creating JMS Destination References


Use
You use this procedure to create JMS Destination References.

Prerequisites
You are in the Configuration Management Infrastructure Management Application Resources function.

Procedure
...

1. Choose Create New Resource New JMS Destination Reference. The New JMS Destination Reference Creation screen area opens. 2. Choose Settings. 3. Complete the following fields: Application Name Specify a name to which the destination is assigned. This name is used for the configuration that holds the object. Destination Name Enter an arbitrary name for the destination. 4. Choose a destination type from the SAP Destination Type dropdown list box. To use the AS Java JMS Provider, choose Local. When you use the AS Java JMS Provider, you have to specify the destination type according to the JMS specification from the JMS Type dropdown list box.

Administration Guide

103

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Optionally, you can also specify the virtual JMS provider to use in the Virtual Provider Name field.

To use an external provider, choose External. a. Enter a Linked Connection Factory Name in the corresponding field. This is the JNDI name for a JNDI-bound JMS factory from the JMS Provider. b. User Name Enter a user name for authentication to the JMS provider. c. Password Enter a password corresponding to the user name.

To use the SONIQ MQ JMS Provider, choose SJO. Enter the appropriate SJO file name in the corresponding field.

5. To create additional properties, choose the Properties tab. a. Choose Add New Property. b. Enter a name and value for the property. 6. To save the JMS Destination Reference, choose the Save button.

Problem Management
The problem management section of the SAP NetWeaver Administrator includes the following administration options: Java Class Loader Viewer [Page 105] Using this function you can monitor the references between the class loaders in the SAP NetWeaver Application Server, Java EE 5 Edition. JNDI Browser [Page 105] You can use this function to access the system naming tree of the application server. Log Viewer [Page 107] Using the Log Viewer you can gather information about system problems and monitor all log records logged by applications or servers. Careful monitoring of logs can help you to predict and identify the sources of system problems. Use predefined perspectives and right filters to speed up the process of gathering the desired information. Log configuration [Page 127] The Log Configuration provides functionality for viewing the log configuration, changing the severity of log controllers and resetting the current log configuration to the default one.

Administration Guide

104

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Java Class Loader Viewer


Use
Using the Java Class Loader Viewer in the SAP NetWeaver Administrator you can monitor the references between the class loaders in the SAP NetWeaver Application Server, Java EE 5 Edition.

Features
The Java Class Loader Viewer provides the following features: Displays all class loaders currently available in the system. Provides options to display class loaders of a specific type only (application, interface, library, service). Displays the relations between the class loaders in the system parent class loaders, child class loaders, and resources. Allows you to search by name for a class loaders parent, child, or resource.

Activities
To display all class loaders in the system, from the Show dropdown list box, choose All. To display the class loaders grouped according to their type (application, interface, library, service, or common) use the Show dropdown list box. The result in the Class Loaders list changes according to the selected option. To display a class loaders parents, children, or resources, select that class loader from the Class Loaders list. The parent, child and resource class loaders are displayed in the corresponding tabbed page that appears below the Class Loaders list. These class loaders are active and by selecting each of them, you can display its class loader references accordingly. To search for a class loader in the Parents, Children, or Resources list, use the filter field on the top of each list. Enter the name or part of the name of the required class loader and press ENTER.

JNDI Browser
Use
The JNDI Browser in the SAP NetWeaver Administrator can be used to access the system naming tree of the SAP NetWeaver Application Server, Java 5 Edition. You can browse the naming tree to check the JNDI (Java Naming and Directory Interface) names of the resources bound in the application servers naming system.

Administration Guide

105

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Integration
The naming system of the SAP NetWeaver Application Server, Java EE 5 Edition is developed in accordance with the JNDI 1.2 Specification to meet the Java EE 5 requirements. The system provides functions based on the JNDI 1.2 Specification, as well as some additional features related to its work in a cluster. The naming system provides the functionality for naming and directory access the way by which names are associated with objects, and objects are found based on their names. The system performs binding, rebinding, and unbinding operations. The Java EE 5 standard introduces certain simplifications in the development process that eliminate the need to perform JNDI lookups to access resources. With the new standard, dependencies are injected directly into the component using annotations. For more information, see the Java EE 5 specification.

Activities
...

In the SAP NetWeaver Administrator, choose Problem Management Infrastructure Management JNDI Browser. The JNDI registry appears in a tree structure. If You Want To Browse the naming tree to locate the needed resource Then Choose Show All Registry. Open the Root tree structure and select the resource that you need. The Object Details pane that appears below the JNDI Registry pane shows details about the selected resource (details are shown only if the selected resource is of type object).
...

Search for a resource

1. From the Find dropdown box, choose the required search option you can search resources by object name, class name, or context name. 2. In the adjacent field, enter the name or part of the name of the resource you want the system to find and press Go. All results that match the search criteria are displayed in a tree structure.

You do not need to use an asterisk (*) when you enter your search criteria. The system will display all results that contain the string you have entered. 3. Select the resource whose details you want to view. The Object Details pane that appears below the JNDI Registry pane shows details about the selected resource (details are shown only if the selected resource is of type object).

Administration Guide

106

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Log Viewer
Use
The Log Viewer allows you to view all list and text formatted logs and traces that are generated in the whole SAP NetWeaver system landscape. You can access the Log Viewer function by choosing Problem management Logs and Traces Log Viewer.

Integration
In the SAP NetWeaver Administrator you can configure the Log Viewer in the Log Configuration function. For more information, see Configuring Logs and Traces [Page 127].

Features
The Log Viewer function allows you to: View list and text formatted logs and traces on selected systems in a set of predefined views View list and text formatted logs and traces from an AS Java that is not running, by connecting to a Standalone Log Viewer server

The Standalone Log Viewer Server is relevant only for viewing log records from the older system versions (6.40 and 04s). For newer systems, you can use the newly created offline connecting tool: the SAP Host Control Agent. Create, export and import custom views [Page 117] for viewing logs and traces Filter and view logs and traces [Page 114] Search log and trace records [Page 118] Merge list formatted logs and traces View archives of logs and traces.

Activities
The displayed log records are text or list formatted according to the views and log files that you choose. To see all the predefined views, choose Show Perspective and then, from the Log Perspectives dialog box, select the relevant view type. After choosing a view, either a table or a list of the relevant logs and traces appears. In the Records to Display field, you can enter a number of log records to be displayed in the table. The default number is 10.

The maximum number of list-formatted log records you can enter is 50. The maximum number of text-formatted log records you can enter is 500. To navigate the table pages, use the right-hand radio buttons.

Administration Guide

107

SAP NetWeaver Application Server, JavaTM EE 5 Edition

To view the newest log records, choose To view the oldest log records, choose

Go to Newest records. Go to Oldest Records.

Each list formatted log or trace record is situated at a single row only. If the message is longer, in the column Message it ends with [see details]. For more information about viewing full record details, see Filtering and Viewing Logs and Traces [Page 114]. To see general information about the usage of each predefined view choose .

You can see the same information when choose view.

and then select About this

Predefined Views
Use
You can use the predefined views in the Log Viewer function: To view list and text formatted logs and traces To filter and view logs and traces As a template for creating a custom view. For more information, see Creating, Exporting and Importing Custom Views [Page 117].

Two types of typical predefined views are available: General View [Page 109] - provides monitoring of logs and traces for users (customers). Development View [Page 113] - provides detailed monitoring of logs and traces for support developers.

There are also specific predefined views in the Log Viewer function. For more information, see Specific Predefined Views [Page 122].

Features
A predefined view is defined by a combination of the following: Filters by log location of the logs and traces Filters by log and trace name and type Filters by content of the logs and traces For more information about filtering logs and traces by different criteria, as well as viewing the record information, see Filtering and Viewing Logs and Traces [Page 114]. Customization of the columns and fields to be displayed for the logs and traces For more information, see List of Columns for Logs and Traces [Page 119].

Administration Guide

108

SAP NetWeaver Application Server, JavaTM EE 5 Edition The priority for applying the filters is the following: when you apply a filter, all filters that are set below it are also applied, and the filters that are set above it, if any, are not applied.

If you set all filters in a view and apply the filter by data source, it will be applied and all other filters below it will be applied. If you set all filters in a view and apply only the filter by content, then only the filter by content will be applied. The conditions for applying the filter criteria are the following: when you set two or more filter criteria of the same type, the condition is logical OR. When you set filter criteria of a different type, the condition is logical AND.

If you set the following filters by content: Severity equals WARNING Severity equals ERROR

all logs and traces with severity WARNING or ERROR will be displayed. In addition, if you set the following filters by content Category contains /System/, the system will display logs and traces with category /System/ and severity levels WARNING and ERROR.

Activities
To access the predefined views, from the Show dropdown list box select the relevant typical or specific predefined view type.

Predefined Views in the General View


To view the logs and traces in all predefined general views, from the Show dropdown list box choose General View and then from the adjacent field select the relevant predefined view. Viewing Logs and Traces from General Predefined Views Predefined View SAP Logs (Java) Description Shows a table of merged log records from all list formatted log files, except for defaultTrace.trc, on all selected systems. No filters by log location and content are set. SAP Logs (Java) view does not show default trace files. Activities
...

1. Select SAP Logs (Java). The newest records are displayed at the top. 2. To display a table on a separate screen with the locations and names of the relevant log files, choose Show all Log Files included in this set of log records.

Administration Guide

109

SAP NetWeaver Application Server, JavaTM EE 5 Edition

3. Choose Show View Properties. Last 24 Hours (Java) Shows a table of merged log records from all list formatted log files, written in the last 24 hours on all selected systems. No filter by log location is set. The following filter by content is set: Date & Time-Relative equals last 24 hours. Alert (Java) Shows a table of merged log records from all list formatted log files, except for defaultTrace.trc with severity ERROR and FATAL, on all selected systems. No filter by log location is set. The following filter by content is set: Severity is greater than or equal to error. Default Trace (Java) Shows a table of merged log traces written in defaultTrace.trc file on all selected systems. No filters by log location and content are set. 1. Select Last 24 Hours (Java). The newest records are displayed at the top. 2. See above. 3. Choose Show View Properties. 1. Select Alert (Java). The newest records are displayed at the top. 2. See above. 3. Choose Show View Properties. 1. Select Default Trace (Java). The newest records are displayed at the top. 2. See above. 3. Choose Show View Properties. Text Formatted Traces (Java) Shows a list of log records written in log files on all selected systems. Text formatted log records are not merged in a table. No filters by log location and content are set. You can select a particular log file on the relevant system to view. 1. Select Text Formatted Traces (Java). 2. See above. 3. In the Display Log File dropdown box, all text formatted log files appear. 4. Choose Show View Properties. Expert Allows you to view the user defined set of log records both list and text formatted, on all selected systems. It also allows you to browse for particular logs and traces. No filters by log location and content are set. 1. Select Expert. 2. See above. 3. In the Display Log File dropdown box, all list and text formatted log files appear. In the From dropdown box, select the relevant location.

Administration Guide

110

SAP NetWeaver Application Server, JavaTM EE 5 Edition

4. Choose Show View Properties. Log Archives (Java) Allows you to view archives of log records, both list and text formatted on all selected systems. By default, logs are written to five files, each file with a maximum size of 10 MB. When the fifth file is completed, the set of five files is converted into a ZIP file. Then, the new logs start overwriting the old log files. The default directory where archives of logs are stored is: <Drive>:\usr\sap\<SID>\JC<Instance number>\j2ee\cluster\<Dispatcher or server>\log\archive. After you leave the Log Archives (Java) view, the log and trace files are not deleted from the temporary directory. Standalone Log Viewer For more information about the properties and functions of this predefined view, see General Predefined Standalone Log Viewer View [Page 111]. 1. Select Log Archives (Java). The log and trace files of each archive are extracted to a subdirectory of the operating systems temporary directory. 2. Choose Show View Properties.

The dropdown list box From appears only if more than one location options exist. You can apply various types of filtering log records and set different filter criteria for all predefined general views. For more information, see Filtering and Viewing Logs and Traces [Page 114].

Bear in mind that some of the steps in the procedures are optional. You can set as many filter criteria as you want.

See also: Searching Log and Trace Records [Page 118] Customizing Columns for Logs and Traces [Page 120]

General Predefined Standalone Log Viewer View


Use
Use the Standalone Log Viewer to view logs and traces from an AS Java system when it is not running. Two types of offline connections are available: Administration Guide 111

SAP NetWeaver Application Server, JavaTM EE 5 Edition

By Remote Method Invocation (RMI) this is a protocol supported by the Standalone Log Viewer server. You can use RMI to make a connection with a server to view log records on older systems (6.40 or 2004s). By SAPHostControl this is an agent protocol used for displaying logs and traces for newer systems. The Standalone Log Viewer view makes a connection with this agent and you can monitor the relevant log records.

Prerequisites
...

1. The Standalone Log Viewer server can be run only by the RMI. The server is running on the system you want to monitor. 2. You need to install the SAP Host Control Agent to be able to use the SAPHostControl method for monitoring log records.

Procedure
1. From the Show dropdown list box, select General View and then, from the adjacent dropdown box, choose Standalone Log Viewer. 2. Choose Show View Properties.

This option is chosen by default. 3. In the Remote Connection field, choose Connect to host. The following fields appear: Field Host Description Enter the host name of the system you want to monitor. By default, the name of the host is localhost. If you want to monitor a different system, enter the host name of that system. Enter the port number of the system you want to monitor. By default, the port numbers of the two system types are: Protocol For the older systems 6.40 or 2004s, it's 26000. For newer systems, it's 1128.

On Port

It is a dropdown box that contains two optional methods for offline connecting to a server to monitor log records: RMI (6.40 or 2004s) SAPHostControl

4. Choose Apply Connections. All logs and traces that are registered on the Standalone Log Viewer server or on the SAP Host Control Agent appear. 5. Set a filter criterion if you want to view some particular log files.

Administration Guide

112

SAP NetWeaver Application Server, JavaTM EE 5 Edition You can apply various types of filtering log records and set different filter criteria for the Standalone Log Viewer view . For more information, see Filtering and Viewing Logs and Traces [Page 114].

Bear in mind that some of the steps in the procedures are optional. You can set as many filter criteria as you want.

See also: Searching Log and Trace Records [Page 118] Customizing Columns for Logs and Traces [Page 120]

Predefined Views in the Development View


To view the logs and traces in all predefined development views, from the Show dropdown list box choose Development View and then, from the adjacent field select the relevant predefined view. Viewing Logs and Traces on Development Predefined Views Predefined Views Default Trace (Java) Description Shows a table of merged log traces written in defaultTrace.trc file on all selected systems. No filters by log location and content are set. Activities
...

1. Select Default Trace (Java). The newest records are displayed at the top. 2. See above. 3. Choose Show View Properties.

Filtering by Correlator ID (Java)

Shows a table of merged log records related to a particular correlator ID number on all selected systems. No filter by log location is set. The following filter by content is set: Correlator ID contains.

1. Select Filtering by Correlator ID (Java). The newest records, respectively the largest ID numbers are displayed at the top. 2. To display a table on a separate screen with the locations and names of the relevant log files, choose Show all Log Files included in this set of log records. 3. Choose Show View Properties.

work/dev*

Shows a list of text formatted log records from all

1. Select work/dev*.

Administration Guide

113

SAP NetWeaver Application Server, JavaTM EE 5 Edition development log files located in folder work. No filters by log location and content are set.

2. See above. 3. In the Display Log File dropdown box, all development log files from the folder work appear. In the From dropdown box, select the relevant location. 4. Choose Show View Properties.

work/std_server*.out

Shows a list of text formatted log records from log files about the STDOUT stream processes in the server. These log files are located in folder work. No filters by log location or content are set.

1. Select work/std_server*.out. 2. See above. 3. In the Display Log File dropdown box, all the STDOUT log files from the folder work appear. In the From dropdown box, select the relevant location. 4. Choose Show View Properties.

The dropdown list box From appears only if more than one location options exist. You can apply various types of filtering log records and set different filter criteria for all predefined development views. For more information, see Filtering and Viewing Logs and Traces [Page 114].

Bear in mind that some of the steps in the procedures are optional. You can set as many filter criteria as you want.

See also: Searching Log and Trace Records [Page 118] Customizing Columns for Logs and Traces [Page 120]

Filtering and Viewing Logs and Traces


Use
Use this procedure to find an exact log (trace) or several logs (traces) that meet specific criteria. Three types of filtering logs and traces are available: Filtering by log location

Administration Guide

114

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Filtering by log file and log type Filtering by content

Procedure
To open the filters choose Show View Properties. If You Want To Filter log records by log location Filter log records by log file and log type Filter log records by content Then See Applying Filters by Log Location [Page 116]. See Applying Filters by Log File and Log Type [Page 116].
...

1. In the Filter by Content frame, select <Select Filter>, and then from the dropdown box below select a filter by content. 2. Specify filter criteria. For more information about the content you can filter, see List of Columns for Logs and Traces [Page 119]. 3. Choose Apply Filters. All list formatted logs and traces on all selected systems that meet the filter criteria are merged and displayed in a table.

See record details and full record information

1. Select a list formatted log or trace record you want to view. 2. In the Log Record Details pane, choose Expand tray. A table of record details about the relevant log record appears. The table contains full record information from all the columns available for column customization. 3. To close the log record information table choose Collapse tray.

See also: Searching Log and Trace Records [Page 118]

Administration Guide

115

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Applying Filters by Log Location


Use
Use this procedure to filter default trace files by data source on a certain log location.

Procedure
...

1. To display all default trace files on a data source location, in the Filter by Log Location frame, select <Select Data Source>, and then from the dropdown box below select Get all logs from. 2. Choose .

A dialog box with data source locations appears. 3. Select a data source location.

You can make a filter inactive and keep it for future use by deselecting the Active indicator. You can delete a filter by selecting the Active indicator and choosing Delete this filter. 4. To exclude all default trace files on a data source location, in the Filter by Log Location frame, select <Select Data Source>, and then from the dropdown box below select Exclude all logs from. 5. Choose .

A dialog box with data source locations appears. 6. Select a data location. 7. Chose Apply Locations.

Applying Filters by Log File and Log Type


Use
Use this procedure to filter log records according to their type and the log files they are located.

Procedure
...

1. In the Log File Browser frame, select <Select Log> and then from the dropdown box below, select Log file named. 2. From the adjacent dropdown box, select as or other than. 3. In the adjacent field, you can enter a string or in the next field, you can choose A dialog box with log and trace file names appears. 4. Select a log or trace file you want to display. 5. In the Log File Browser frame, select <Select Log> and then from the dropdown box below, select Log type. 6. From the adjacent dropdown box, select equals or does not equal. .

Administration Guide

116

SAP NetWeaver Application Server, JavaTM EE 5 Edition 7. In the adjacent field, you can enter a string or in the next field, you can choose A dialog box with log and trace file types appears. 8. Select a log or trace file type you want to display. 9. To merge list formatted logs and traces, select the Merge Logs If Possible indicator. 10. Choose Apply Logs. .

Creating, Exporting and Importing Custom Views


Use
You can use any predefined view as a template for your custom view. If you want to create a custom view that displays a particular log or trace, or log or trace type, use the Expert predefined view as a template. If you want to display archives of a particular log or trace, use the Log Archives (Java) predefined view as a template. If you want to create a custom view that displays logs and traces from an AS Java that is not running by connecting to a Standalone Log Viewer server, use the Standalone Log Viewer predefined view as a template. You can also export the settings of a custom view (the filters that are set and the columns that are selected during column customization) to an XML file to a directory of your choice. You can then send the XML file to another user who can import it and save it as his or her own custom view.

Bear in mind that some of the steps in the procedure are optional. You can set as many filters by data source location and filters by content as you want in your custom view. In addition, for list formatted logs and traces you can customize the columns to be displayed in your custom view.

Procedure
Creating Custom Views
...

1. From the Show dropdown box, select General View and then, from the adjacent dropdown box, select a view you want to use as a template for your custom view.

From the Show dropdown box, you can select Custom View and then, from the adjacent dropdown box, you can select <Create New View >. 2. Choose Show View Properties. 3. Set the filter criteria. Optional filter criteria are: Filter by log location Filter by content Filter by log or trace name and type Filter by archive for a log or trace

For more information about the particular filter criteria you can set in each predefined view, see Filtering and Viewing Logs and Traces [Page 114].

Administration Guide

117

SAP NetWeaver Application Server, JavaTM EE 5 Edition 4. Customize the columns to be displayed in your custom view. For more information, see Customizing Columns for Logs and Traces [Page 120]. 5. Choose Save View As, enter a name for the custom view, and then choose OK.

Exporting Custom Views


...

1. From the Show dropdown box, select Custom View and then, from the adjacent dropdown box, select the view you want to export. 2. Choose and in the context menu, choose Export View.

3. In the Export/Import View dialog box, select Export View and save the file to a directory of your choice.

Importing Custom Views


...

1. From the Show dropdown box, you can select any of the predefined view types or Custom View and then, from the adjacent dropdown box, select any view. 2. Choose and in the context menu, choose Import View.

3. In the Export/Import View dialog box, browse to the XML file you want to import. All logs and traces on all selected systems that meet the filter criteria are displayed. 4. To save the view you have imported as your own custom view, choose Show View Properties and then choose Save View As.

Searching Log and Trace Records


Use
You can search for log and trace records that meet particular search criteria. In any predefined or a custom view, you can: Enter filter criteria first and then perform a search within the records that meet these filter criteria. Perform a search within all records displayed without entering additional filter criteria.

In the Log Archives (Java) view, you must enter filter criteria first, display the log and trace records that meet the filter criteria, and then perform a search within these records.

Procedure
1. Choose Show Search. 2. From the Search By dropdown box, select a column or field name in which you want to search, in the adjacent dropdown box select a search criteria, and then in the next field enter a search string.

Administration Guide

118

SAP NetWeaver Application Server, JavaTM EE 5 Edition

When selecting the search criteria, you can select contains (wildcards) or does not contain (wildcards) and use an asterisk (*) to represent zero or more characters in your search string.

For list formatted logs and traces, you can search in all columns that are available for column customization. For text formatted logs and traces, you can search in the message and data source location fields only. For more information about the content you can search, see List of Columns for Logs and Traces [Page 119]. 3. To go to the next more recent record than the currently selected record that meets the search criteria, choose Go to Next Record. 4. To go to the previous older record than the currently selected record that meets the search criteria, choose Go to Previous Record.

See also: Customizing Columns for Logs and Traces [Page 120]

List of Columns for Logs and Traces


List formatted logs and traces are displayed in a table. You can add, remove and change the position of the following columns in the table: Column Name Application Arguments Argument Objects Category Description The name of the application on whose behalf the log record is generated. String values for placeholders in the message. Additional arguments that are appended to the log record if the message type is Java. Name of the category of the problematic area, for example, database, network, security, to which the log record belongs. Identifier, which is relevant to one single logical task. Data source location where the log record is generated. Date on which the log record is generated. Distributed Statistics Record (DSR) component on whose behalf the log record is generated. DSR transaction on whose behalf the log record is generated.

Correlator ID Data Source Date Dsr Component Dsr Transaction

Administration Guide

119

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Dsr User Host Instance Location

DSR user on whose behalf the log record is generated. Host on which the log record is generated. Instance on which the log record is generated. Name of the source code area, for example, component, package, class, method to which the trace message belongs. Message text. Key for internationalization in the associated resource bundle. If there is a resource bundle, the corresponding message text can be selected with the help of this key. Node on which the log record is generated. The name of the session on whose behalf the log record is generated. Severity level of the log record: DEBUG, PATH, INFO, WARNING, ERROR, and FATAL. System on which the log record is generated. Name of the thread from which the log record is generated. Time when the log record is generated. The name of the transaction on whose behalf the log record is generated. The user name of the user of the application on whose behalf the log record is generated.

Message Message Code

Node Session Severity System Thread Time Transaction User

For more information about column customization, see Customizing Columns for Logs and Traces [Page 120].

Customizing Columns for Logs and Traces


Use
You can add, remove and change the position of the columns in the table showing list formatted logs and traces. If you customize the columns displayed for a predefined view, the changes are visible only during the current session. If you want the changes to be visible during subsequent sessions, save the predefined view by a different name. The predefined view becomes a custom view.

Procedure
...

1. Choose Show Column Customization.

Administration Guide

120

SAP NetWeaver Application Server, JavaTM EE 5 Edition You have the following options: If You Want To Add a column to the table Move a column to the left Then Select the column name and then select the indicator next to it. Select the column name and choose Move Up. The column name is moved before the previous selected column name. Move a column to the right Select the column name and choose Move Down. The column name is moved after the next selected column name. Apply the changes to all views within the current logon session 2. Choose Hide Column Customization. You have the following options: If You Want To Save the changes you have made in any predefined view Then 1. To save the predefined view as a custom view, choose Show View Properties and then choose Save View As. 2. Enter a name for the view and choose OK. The predefined view becomes a custom view. The changes are saved. Save the changes you have made in a custom view Choose Show View Properties and then choose Save View. The changes are saved. 3. Choose Hide View Properties. Choose Apply to All Views.

Downloading Log and Trace Records


Use
In any predefined or custom view, you can download all list and text formatted log and trace records that meet the filter criteria you specified to a comma separated value (CSV) formatted file. For example, you can view log and trace records in a human-readable format on a computer system on which a Log Viewer is not running. In addition, you can take advantage of the analysis tools provided by Microsoft Excel, such as the tools to chart the data, which can help you understand the data. The records are only extracted first. Then you can download them to a CSV formatted file and save it to the file system.

Administration Guide

121

SAP NetWeaver Application Server, JavaTM EE 5 Edition

For list formatted log and trace records, the file includes only the columns that you selected during column customization. For text formatted log and trace records, the file includes only the complete message text. The maximum size of the extraction file is 10MB. If this size is exceeded, you can download the records that have been extracted so far. Then you can continue with the extraction of the next portion of log and trace records.

Procedure
...

1. Choose Download Content. The Download dialog box appears. 2. To start extracting the log and trace records, choose Download. 3. To stop extracting the log and trace records, choose Stop.

You can still download the log and trace records that have been extracted so far. 4. To download log and trace records that have been extracted, choose here. 5. Save the file to the file system. 6. Open the file using Microsoft Excel. 7. Select column A. 8. From the Data menu, choose Text to Columns. 9. In the Convert Text to Columns Wizard Step 1 of 3 dialog box, select the Delimited indicator and choose Next. 10. In the Convert Text to Columns Wizard Step 2 of 3 dialog box, select the following indicators: Tab, Comma, and Treat consecutive delimiters as one, from the Text qualifier dropdown box, select double quotation marks (), and then choose Next. 11. In the Convert Text to Columns Wizard Step 3 of 3 dialog box, select the General indicator and choose Finish. The log and trace records are displayed in a human-readable format in Microsoft Excel.

Specific Predefined Views


Use
You can use this function to view specific and important logs (server logs, security logs and so on).

Integration
In general, the specific log messages represent extracted log types belonging to one of the typical predefined logging views (General View [Page 109] or Development View [Page 113]).

Administration Guide

122

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Features
Four types of specific predefined views are available: HTTP View [Page 123] Logging View [Page 124] Security View [Page 125] Server View [Page 125]

Activities
You can open these specific views from the Show dropdown list box.

If these views are missing in the Show dropdown box, choose Show Perspective. In the Log Perspectives dialog box select the relevant view type.

In some views, the From dropdown list box appears only if more than one location option exists.

Specific Predefined Views in the HTTP View


To view the logs and traces in the HTTP predefined views, from the Show dropdown list box choose HTTP View and then, from the adjacent field select the relevant predefined view. Viewing Logs and Traces on HTTP Specific Predefined View Predefined Views HTTP Access Description Shows a list of text formatted log records written in the http_access.log file. These logs are related to the process of accessing a permission to a relevant HTTP system page. No filters by log location or content are set. Activities
...

1. Select HTTP Access. The oldest records are displayed at the top. 2. To display a table on a separate screen with the locations and names of the relevant log files, choose Show all Log Files included in this set of log records. 3. In the Display Log File dropdown box, all http access log files appear. In the From dropdown box, select the relevant location. 4. Choose Show View Properties.

HTTP Response

Shows a list of text formatted

1. Select HTTP Response.

Administration Guide

123

SAP NetWeaver Application Server, JavaTM EE 5 Edition log records written in the responses.trc file. These traces are related to the process of accepting an answer from the HTTP system page that is called. No filters by log location or content are set.

The oldest records are displayed at the top. 2. See above. 3. In the Display Log File dropdown box, all http response log files appear. In the From dropdown box, select the relevant system item. 4. Choose Show View Properties.

Servlets JSP

Shows a table of merged log records located in the server.log and defaultTrace.trc log files on all selected systems. These log records give information about servlets in the Java Server Pages (JSP). No filter by log location is set. The following filter by content is set: Location contains .servlets_jsp.

1. Select Servlets JSP. The newest records are displayed at the top. 2. See above. 3. Choose Show View Properties.

Specific Predefined Views in Logging View


To view the logs and traces in the logging predefined views, from the Show dropdown list box choose Logging View and then, from the adjacent field select the relevant predefined view. Viewing Logs and Traces on Logging Specific Predefined View Predefined View Log Config Changes Description Shows a table of merged log records written in configChanges.log file on all selected systems. The severity of these logs is INFO. No filters by log location or content are set Activities
...

1. Select Log Config Changes. The newest records are displayed at the top. 2. To display a table on a separate screen with the locations and names of the relevant log files, choose Show all Log Files included in this set of log records. 3. Choose Show View Properties.

Logging Log

Shows a table of merged log

1. Select Logging Log.

Administration Guide

124

SAP NetWeaver Application Server, JavaTM EE 5 Edition records written in logging.log file on all selected systems. The severity of these logs is INFO. No filters by log location or content are set.

The newest records are displayed at the top. 2. See above. 3. Choose Show View Properties.

Specific Predefined Security View


Use
Use this procedure to view specific log records about the security status and security characteristics of the AS Java on all selected systems.

Procedure
...

1. From the Show dropdown list box choose Security View and then, from the adjacent field select Security (Java). A table of merged security log records appears. The newest records are displayed at the top. 2. To display a table on a separate screen with the locations and names of the relevant log files, choose Show all Log Files included in this set of log records. 3. Choose Show View Properties. No filters by log location or content are set.

The default filter by content is set as follows: Message contains security. For more information about how to filter and view the security log and trace messages, see: Filtering and Viewing Logs and Traces [Page 114].

Specific Predefined Views in Server View


To view the logs and traces on the server predefined views, from the Show dropdown list box choose Server View and then, from the adjacent field select the relevant predefined view. Viewing Logs and Traces on Server Specific Predefined View Predefined View Applications (Java) Description Shows a table of merged log records written in the application.log file on all selected systems. No filters by log location or content are set. Activities
...

1. Select Applications (Java). The newest records are displayed at the top. 2. To display a table on a separate screen with the locations and names of the relevant log files,

Administration Guide

125

SAP NetWeaver Application Server, JavaTM EE 5 Edition

choose Show all Log Files included in this set of log records. 3. Choose Show View Properties. Bootstrap (Java) Shows a list of text formatted log records from all log files whose name contains bootstrap. Bootstrap is used for starting the engine. No filters by log location or content are set. 1. Select Bootstrap (Java). A list of bootstrap log messages appears. 2. See above. 3. In the Display Log File dropdown box, all bootstrap log files appear. 4. Choose Show View Properties. Database (Java) Shows a table of merged log records written in the database.log file on all selected systems. These logs provide information about SQL maintenance of database in the AS Java. No filters by log location or content are set. JVM Shows a list of text formatted log records written in all log files whose name starts with jvm_ and are located in folder work. These log messages provide information about the processes in the Java Virtual Machine (JVM). No filters by log location or content are set. User Interface (Java) Shows a table of merged log records written in userinterface.log file on all selected systems. No filters by log location or content are set. 1. Select User Interface (Java). The newest records are displayed at the top. 2. See above. 3. Choose Show View Properties. work/std_* Shows a list of text formatted log records written in all log files whose name starts with std_ and are located in the work folder. 1. Select work/std_*. 2. See above. 3. In the Display Log File dropdown list box, all 1. Select JVM. 2. See above. 3. In the Display Log File dropdown box, all jvm log files appear. 4. Choose Show View Properties. 1. Select Database (Java). The newest records are displayed at the top. 2. See above. 3. Choose Show View Properties.

Administration Guide

126

SAP NetWeaver Application Server, JavaTM EE 5 Edition stdout log files appear. 4. Choose Show View Properties.

These log records show messages about STDOUT processes in the AS Java. No filters by log location or content are set. Security (Java) For more information, see Specific Predefined Security View [Page 125].

1. Select Security (Java). 2. For more information, see Specific Predefined Security View [Page 125].

Configuring Logs and Traces


Use
You can use the SAP NetWeaver Administrator to create categories and locations and to configure the following logging parameters: Severity levels An important part of any log and trace message is its severity. This denotes the level of importance or relevance of a certain message. Log and traces can be limited to certain severity levels, that is, only data of a defined severity is collected. Categories and locations are associated with a severity. This acts as a filter where only those messages that are of equal or higher severity may pass. The increasing order of the Severity levels is: ALL The lowest severity. Controller with such a severity will log all the messages regardless of their severity. Messages with such a severity will be logged only by controllers with the same severity. All other controllers will suppress those messages. DEBUG For debugging purpose, with extensive and low level information PATH For tracing the execution flow, for example, used in the context of entering and leaving a method, looping and branching operations INFO Informational text, mostly for echoing what has already been performed WARNING The application can recover from an anomaly and fulfill the required task, but needs attention from a developer/operator. ERROR The application can recover from an error, but it cannot fulfill the required task due to the error FATAL The application cannot recover from an error, and the severe situation causes fatal termination. NONE The highest severity. Log controllers with such a severity will suppress all the messages logged into them, except for the messages with the same severity. Messages with that severity will be logged by all the log controllers, regardless of their severity.

Administration Guide

127

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Destinations Logs represent the destinations where the log messages are written. The following functions are relevant to the destinations:

For more information about log destinations features and available functions, see Log (Destination) [Page 130] in the SAP Logging API Tutorial.

Prerequisites
Before changing the severity of any log controller or instance in a system, remember that: If you change the severity of a log controller, the severity of all instances in the system will be changed for this controller. In other words, the change to the severity will be at system level. If you change the severity of the selected log controller for only one instance, and this new severity is different on the various instances in the cluster, there will be no system severity anymore. There will be only specific instance severities.

The user can still set a uniform system severity in two ways: To set the uniform system severity in the tree To unify the instance severities in the Per Instance Configuration tab.

Procedure
...

1. Open the SAP NetWeaver Administrator. 2. Choose Problem Management Logs and Traces Log Configuration. 3. From the Show dropdown box, select either Logging Categories or Tracing Locations. For a more precise search in the Category or Location field, enter the name or part of the name of the relevant log controller, and then choose Go.

Another alternative is to use the Open Filter option for a more sophisticated search of a particular location or category. For more information, see Filtering Categories and Locations [Page 129]. 4. From the tree structure, browse to the area you want to configure and select a particular log controller. The following configuration options are available: Activity Define a Severity on the Entire System Steps 1. In the Logging Categories or Tracing Locations pane, from the Severity dropdown box, select the severity level you want to set to the selected log controller. 2. If you want to refer this change to the child log controllers of the selected controller choose Copy To Sub-Tree. 3. Choose Save Configuration. 4. In the Destinations pane on the System Configuration tab, you can see all the

Administration Guide

128

SAP NetWeaver Application Server, JavaTM EE 5 Edition destinations that are assigned to the selected log controller at system level, that is, for the whole cluster. The following additional options are available when defining severity levels: Reset Category or Reset Location resets the severity of the selected log controller to the default value. Copy to Sub-Tree use this option if you want the severity of the selected log controller to be copied to all of its children.

...

Configuring Log Controllers Per Instance

1. Choose the Per Instance Configuration tab. In the Instance ID column, the ID numbers of the relevant instances for the selected controller appear. In the Severity column you can display and change the severity of the selected log controller for each instance. If you change the severity of an instance to a value different than the values of the other instances, the system severity in the first table will become idle, that is, there will be no more system severity. 2. Select an instance. A details for each instance tray will appear below, displaying the destinations of the selected controller on the selected instance.

Reset the Entire Log Configuration to the Default One

Choose Default Configuration.

Bear in mind that, as a result, some controllers can be created or deleted.

Filtering Categories and Locations


Use
Use this procedure to search for a particular category or location you want to configure. You do not need to specify all the filter elements. It is sufficient to specify some of them. After applying the filter, only the log controllers that correspond to all the filter criteria will be displayed.

Administration Guide

129

SAP NetWeaver Application Server, JavaTM EE 5 Edition When the filter is applied, the tree below will be displayed with all of its nodes expanded. Therefore, you could use an empty filter only to expand the tree.

Moreover, the filter criteria and the above search by name can be used together. That means you can enter one string above and another string below, and only the log controllers whose names contain both the strings will be displayed.

Procedure
...

1. Choose Open Filter. 2. In the Category or Location field enter the name of the relevant category or location. 3. From the Severity field select the comparative method that meets your severity request. 4. From the adjacent field select the relevant severity. 5. If you know the exact name of the relevant log file, enter the name string in the File Name field. 6. Chose Apply Filter. 7. To filter again for another category or location, choose Clear Filter and then repeat the same procedure.

Result
After you find the particular category or location, perform the next configuration steps in Configuring Logs and Traces [Page 127].

Log (Destination)
Use
A log represents the destination where the messages are written. Like the log controller source object, a severity level can be defined for each log. Unlike the default for log controller (Severity.NONE), the default for a log is Severity.ALL. That is, there is no effect on the main severity level check with the log controller. To avoid confusion, all the possibilities to change the severity of a log have been removed. Therefore, currently user can consider logs as they have no severity at all. Currently, the following logs are predefined: ConsoleLog directs the messages to the System.err (java.lang.System). This log type is typically used in the debugging process for a quick overview of problems. FileLog directs the messages to a file or a set of rotating files. StreamLog directs the messages to an arbitrary OutputStream (java.io.OutputStream);

Activities
Commonly, log controllers inherit the logs from their parent controllers.

Administration Guide

130

SAP NetWeaver Application Server, JavaTM EE 5 Edition

However, in the log configuration there are some log controllers that do not inherit from their parents, but have logs assigned to them according to the default configuration instead. The purpose of those log controllers is not to write their messages to the defaultTrace.trc file (which is considered public), but to write to their own specific destinations. The main reason for this is security.

Terminology
central services instance Contains the message and enqueue servers that perform central functions in the SAP system.

database instance Separate unit consisting of the database.

enqueue server Server that administers the lock table in a distributed SAP system. The enqueue server runs on the central services instance. When an application requests a lock, the lock request is sent to the enqueue work process, which then looks in the lock table to determine whether this request conflicts with a lock that has already been set. If so, the request is denied, otherwise the lock is set.

instance Administrative unit that groups components of an SAP system that provide one or more services. All components belonging to an instance are provided with parameters using a common instance profile. An instance runs on a physical host. However, there can be multiple instances on a host. An instance is identified by means of the system ID (SID) and the instance number.

instance name Consists of a prefix (JC for the Java instance or SCS for the central services instance) and a two-digit instance number.

Internet Communication Manager (ICM) Dispatches client requests to the server processes.

Java instance Consists of the ICM and one or more server processes.

message server Server that manages the communication in the application server. Each system contains only one message server. The message server carries out the following tasks: it decides which server a user logs on to and handles communication between the server processes for example, transport of update requests and lock requests.

P4 Extended protocol for RMI communication.

Administration Guide

131

SAP NetWeaver Application Server, JavaTM EE 5 Edition profile/instance profile Profile that contains application-server-specific configuration parameters to complete the set values of the default profile.

SAP system Software system based on the SAP NetWeaver Application Server, Java(TM) EE 5 Edition. Such an SAP system consists of a database instance, a central services instance, and a Java instance.

server process Application server component that executes the application requests. Each server process is multi-threaded, and can therefore process a large number of requests simultaneously. The ICM dispatches the requests to the server processes.

Administration Guide

132