WebLogic Server Command Reference

weblogic.Admin Command-Line Reference (Deprecated)

Note: The weblogic.Admin utility is deprecated as of WebLogic Server® 9.0. Both weblogic.Admin utility and wlconfig tool are now restricted as follows:

No access to MBeans that have been added in WebLogic Server 9.0. These tools use the compatibility MBean server to access MBeans, and this MBean server does not contain MBeans that are new in WebLogic Server 9.0.
No longer able to create or modify Local Configuration MBeans, but can be used to view them and invoke their operations.

Note: The weblogic.Admin utility is no longer able to configure security MBeans, but can still be used to view and invoke methods on the security MBeans. You can still use the wlconfig tool to configure (create, delete, or modify), view, and invoke methods on security MBeans. For information about wlconfig, see " Configuring a WebLogic Server Domain Using the wlconfig Ant Task" in Developing Applications with WebLogic Server.

Note:

BEA Systems recommends that you use the WebLogic Scripting Tool (WLST) for equivalent functionality. For more information, see WebLogic Scripting Tool.

The weblogic.Admin utility is a command-line interface that you can use to administer, configure, and monitor WebLogic Server.

Like the Administration Console, for most commands this utility assumes the role of client that invokes administrative operations on the Administration Server, which is the central management point for all servers in a domain. (All Managed Servers retrieve configuration data from the Administration Server, and the Administration Server can access runtime data from all Managed Servers.) While the Administration Console interacts only with the Administration Server, the weblogic.Admin utility can access the Administration Server as well as all active server instances directly. If the Administration Server is down, you can still use the weblogic.Admin utility to retrieve runtime information from Managed Servers and invoke some administrative commands. However, you can save configuration changes to the domain’s config.xml file only when you access the Administration Server.

To automate administrative tasks, you can invoke the weblogic.Admin utility from shell scripts. If you plan to invoke this utility multiple times from a shell script, consider using the BATCHUPDATE command, which is described in Running Commands in Batch Mode.

The following sections describe using the weblogic.Admin utility:

For more information, see:

" Automating WebLogic Server Administration Tasks" in WebLogic Scripting Tool. Describes using WLST commands to automate typical domain and server configuration tasks.
" Using Ant Tasks to Configure a WebLogic Server Domain" in Developing Applications with WebLogic Server.
“ Overview of Deployment Tools” in Deploying WebLogic Server Applications. Describes deployment tools to help you configure and deploy applications.

Required Environment for the weblogic.Admin Utility

To set up your environment for the weblogic.Admin utility:

Install and configure the WebLogic Server software, as described in the WebLogic Server Installation Guide
Add WebLogic Server classes to the CLASSPATH environment variable and WL_HOME\server\bin to the PATH environment variable.

You can use a WL_HOME\server\bin\setWLSEnv script to set both variables. See Modifying the Classpath.

If you want the weblogic.Admin utility to use a listen port that is reserved for administration traffic, you must configure a domain-wide administration port as described in "Configure the domain-wide administration port" in the Administration Console Online Help.

The domain-wide administration port is secured by SSL. For information about using secured ports with the weblogic.Admin utility, see SSL Arguments.

Note: If a server instance is deadlocked, it can respond to weblogic.Admin commands only if you have enabled the domain-wide administration port. If you have not already enabled the domain-wide administration port, your only option is to shut down the server instance by killing the Java process that is running the server. You will lose all session data. For information on enabling the domain-wide administration port, see "Configure the domain-wide administration port" in the Administration Console Online Help.

Syntax for Invoking the weblogic.Admin Utility

java [ SSL Arguments ]
     weblogic.Admin 
     [ Connection Arguments ] 
     [ User Credentials Arguments ]
     COMMAND-NAME command-arguments

The command names and arguments are not case sensitive.

The following sections provide detailed syntax information:

Note:

Both the weblogic.Deployer tool and the BEA WebLogic Scripting Tool (WLST) also use the SSL arguments, Connection arguments, and User Credentials arguments.

SSL Arguments

java [ -Dweblogic.security.TrustKeyStore=DemoTrust ]
     [ -Dweblogic.security.JavaStandardTrustKeyStorePassPhrase=password ]
     [ -Dweblogic.security.CustomTrustKeyStoreFileName=filename 
       -Dweblogic.security.TrustKeyStoreType=CustomTrust
       [-Dweblogic.security.CustomTrustKeyStorePassPhrase=password ]
     ]
     [ -Dweblogic.security.SSL.hostnameVerifier=classname ]
     [ -Dweblogic.security.SSL.ignoreHostnameVerification=true ]
     weblogic.Admin 
     [ User Credentials Arguments ] 
     COMMAND-NAME command-arguments

If you have enabled the domain-wide administration port, or if you want to secure your administrative request by using some other listen port that is secured by SSL, you must include SSL arguments when you invoke weblogic.Admin. Table 2-1 describes all SSL arguments for the weblogic.Admin utility.

Table 2-1 SSL Arguments
Argument	Definition
`-Dweblogic.security. TrustKeyStore= DemoTrust`	Causes `weblogic.Admin` to trust the CA certificates in the demonstration trust keystore (`WL_HOME\server\lib\DemoTrust.jks`). This argument is required if the server instance to which you want to connect is using the demonstration identity and certificates. By default, `weblogic.Admin` trusts only the CA certificates in the Java Standard Trust keystore (`JAVA_HOME\jre\lib\security`).
`-Dweblogic.security. JavaStandardTrustKeysto rePassPhrase=password`	Specifies the password that was used to secure the Java Standard Trust keystore. If the Java Standard Trust keystore is protected by a password, and if you want to trust its CA certificates, you must use this argument. By default, the Java Standard Trust keystore is not protected by a password.
`-Dweblogic.security. CustomTrustKeyStoreFileNa me=filename` `-Dweblogic.security.Trust KeyStoreType=CustomTrust`	Causes `weblogic.Admin` to trust the CA certificates in a custom keystore that is located at `filename`. You must use both arguments to trust custom keystores.
`-Dweblogic.security.Custo mTrustKeyStorePassPhrase=password`	Specifies the password that was used to secure the custom keystore. You must use this argument only if the custom keystore is protected by a password.
`-Dweblogic.security.SSL. hostnameVerifier=classname`	Specifies the name of a custom Host Name Verifier class. The class must implement the `weblogic.security.SSL.HostnameVerifier` interface.
`-Dweblogic.security.SSL. ignoreHostnameVerificat ion=true`	Disables host name verification.

Using SSL to Secure Administration Requests: Main Steps

To secure administration requests with SSL:

Ensure that two-way SSL is disabled on the server instance to which you want to connect.

By default, when you enable SSL, a server instance supports one-way SSL. Because two-way SSL provides additional security, you might have enabled two-way SSL. However, weblogic.Admin does not support two-way SSL.

Ensure that the trusted CA certificates are stored in a keystore that the weblogic.Admin utility can access through the file system.
When you invoke the weblogic.Admin utility, include arguments that specify the following:

A secure protocol and port.

See Protocol Support.

(Optional) The trusted CA certificates and certificate authorities.

See Specifying Trust for weblogic.Admin.

(Optional) A host name verifier.

See Specifying Host Name Verification for weblogic.Admin.

Specifying Trust for weblogic.Admin

When the weblogic.Admin utility connects to a server’s SSL port, it must specify a set of certificates that describe the certificate authorities (CAs) that the utility trusts.

To specify trust for weblogic.Admin:

To trust only the CA certificates in the Java Standard Trust keystore, you do not need to specify command-line arguments, unless the keystore is protected by a password.

If the Java Standard Trust keystore is protected by a password, use the following command-line argument:

-Dweblogic.security.JavaStandardTrustKeyStorePassPhrase=password

To trust both the CA certificates in the Java Standard Trust keystore and in the demonstration trust keystore, include the following argument:

-Dweblogic.security.TrustKeyStore=DemoTrust

This argument is required if the server instance to which you want to connect is using the demonstration identity and certificates.

If the Java Standard Trust keystore is protected by a password, include the following command-line argument:

-Dweblogic.security.JavaStandardTrustKeyStorePassPhrase=password

To trust only the CA certificates in a keystore that you create, specify the following command-line arguments:

-Dweblogic.security.CustomTrustKeyStoreFileName=filename

where filename specifies the fully qualified path to the trust keystore.

-Dweblogic.security.TrustKeyStoreType=CustomTrust

This optional command-line argument specifies the type of the keystore. Generally, this value for type is jks.

If the custom keystore is protected by a password, include
-Dweblogic.security.CustomTrustKeyStorePassPhrase=password

Specifying Host Name Verification for weblogic.Admin

A host name verifier ensures the host name URL to which the client connects matches the host name in the digital certificate that the server sends back as part of the SSL connection. A host name verifier is useful when an SSL client, or a SSL server acting as a client, connects to an application server on a remote host. It helps to prevent man-in-the-middle attacks. See " Using Host Name Verification" in Managing WebLogic Security.

To specify host name verification for weblogic.Admin:

To use the host name verifier that the WebLogic Security Service provides, you do not need to specify host name verification arguments.

Note: If you specify an IP address or the localhost string in the weblogic.Admin -url or -adminurl argument, the host name verifier that the WebLogic Security Service provides will allow the connection if the common name (CN) field of the digital certificate matches the DNS name of the local host.

To use a custom host name verifier, specify:
-Dweblogic.security.SSL.hostnameVerifier=classname

where classname specifies the implementation of the weblogic.security.SSL.HostnameVerifier interface.

To disable host name verification, specify:
-Dweblogic.security.SSL.ignoreHostnameVerification=true

Connection Arguments

java [ SSL Arguments ]
     weblogic.Admin 
     [ {– url URL} | {– adminurl URL} ]
     [ User Credentials Arguments ]
     COMMAND-NAME command-arguments

When you invoke most weblogic.Admin commands, you specify the arguments in Table 2-2 to connect to a WebLogic Server instance. Some commands have special requirements for the connection arguments. Any special requirements are described in the command documentation.

Table 2-2 Connection Arguments
Argument	Definition
`-url` `[protocol://]listen-address:listen-port`	The listen address and listen port of the server instance that runs the command. In most cases, you should specify the Administration Server’s address and port, which is the central management point for all servers in a domain. Some commands, such as START and CREATE, must run on the Administration Server. The documentation for each command indicates whether this is so. If you specify a Managed Server’s listen address and port, the command can access data only for that server instance; you cannot run a command on one Managed Server to view or change data for another server instance. When you use MBean-related commands, you must specify the Administration Server’s listen address and port to access Administration MBeans. To access Local Configuration MBeans or Runtime MBeans, you can specify the server instance on which the MBeans reside. (However, the `-adminurl` argument can also retrieve Local Configuration MBeans or Runtime MBeans from any server.) For more information on where MBeans reside, see "Understanding WebLogic Server MBeans" in Developing Custom Management Utilities with JMX. To use a listen port that is not secured by SSL, the format is `-url` `[protocol://]listen-address:port` To use a port that is secured by SSL, the format is `-url` `secure-protocol://listen-address:port` If you have set up a domain-wide administration port, you must specify the administration port number: `-url` `secure-protocol://listen-address:domain-wide-admin-port` For information about valid values for `protocol` and `secure-protocol`, see Protocol Support. For more information about the listen address and listen ports, see -Dweblogic.ListenAddress=host and -Dweblogic.ListenPort= portnumber. For more information about the domain-wide administration port, see " Configure the domain-wide administration port" in the Administration Console Online Help. The default value for this argument is `t3://localhost:7001`.
`-adminurl` `[protocol://]Admin-Server-listen-address:listen-port`	Enables the Administration Server to retrieve Local Configuration MBeans or Runtime MBeans for any server instance in the domain. For information about types of MBeans, see " Understanding WebLogic Server MBeans" in Developing Custom Management Utilities with JMX. For all commands other than the MBean commands, `-adminurl` `admin-address` and `-url` `admin-address` are synonymous. The `-adminurl` value must specify the listen address and listen port of the Administration Server. To use a port that is not secured by SSL, the format is `-adminurl` `[protocol]Admin-Server-listen-address:port`. To use a port that is secured by SSL, the format is `-adminurl` `secure-protocol://Admin-Server-listen-address:port` If you have set up a domain-wide administration port, you must specify the administration port number: `-adminurl` `secure-protocol://Admin-Server-listen-address:domain-wide-admin-port` For information about valid values for `protocol` and `secure-protocol`, see Protocol Support. There is no default value for this argument.

User Credentials Arguments

java [ SSL Arguments ]
     weblogic.Admin 
     [ Connection Arguments ] 
     [ { -username username [-password password] } |
       [ -userconfigfile config-file [-userkeyfile admin-key] ] 
     ]
     COMMAND-NAME command-arguments

When you invoke most weblogic.Admin commands, you specify the arguments in Table 2-3 to provide the user credentials of a WebLogic Server user who has permission to invoke the command.

Table 2-3 User Credentials Arguments
Argument	Definition
`-username` `username`	The name of the user who is issuing the command. This user must have appropriate permission to view or modify the target of the command. For information about permissions for system administration tasks, see " Users, Groups, And Security Roles" in Securing WebLogic Resources.
`-password` `password`	The password that is associated with the username. If you do not specify the `-password` argument, `weblogic.Admin` prompts you for a password. If `WL_HOME\server\bin` is specified in the `PATH` environment variable, `weblogic.Admin` uses a set of WebLogic Server libraries that prevent the password from being echoed to standard out. For information on setting environment variables, see Required Environment for the weblogic.Admin Utility.
`-userconfigfile` `config-file`	Specifies the name and location of a user-configuration file, which contains an encrypted username and password. The encrypted username must have permission to invoke the command you specify. If you do not specify `-userconfigfile` `config-file`, and if you do not specify `-username` `username`, `weblogic.Admin` searches for a user-configuration file at the default path name. (See STOREUSERCONFIG.)
`-userkeyfile` `admin-key`	Specifies the name and location of the key file that is associated with the user-configuration file you specify. When you create a user-configuration file, the `STOREUSERCONFIG` command uses a key file to encrypt the username and password. Only the key file that encrypts a user-configuration file can decrypt the username and password. If you do not specify `-userkeyfile` `admin-key`, `weblogic.Admin` searches for a key file at the default path name. (See STOREUSERCONFIG.)

Note:

The exit code for all commands is 1 if the Administration client cannot connect to the server or if the WebLogic Server instance rejects the username and password.

Specifying User Credentials

The simplest way to specify user credentials is to create a user configuration file and key file in the default location. Thereafter, you do not need to include user credentials in weblogic.Admin invocations. A user-configuration file contains encrypted user credentials that can be decrypted only by a single key file. See STOREUSERCONFIG.

For example, the following command creates a user configuration file and key file in the default location:

java weblogic.Admin -username weblogic -password weblogic STOREUSERCONFIG

After you enter this STOREUSERCONFIG command, you can invoke weblogic.Admin without specifying credentials on the command line or in scripts. For example:

java weblogic.Admin GET -pretty -type -Domain

If you create a user configuration file or key file in a location other than the default, you can include the -userconfigfile config-file and -userkeyfile admin-key arguments on the command line or in scripts.

If you do not create a user configuration file and key file, you must use the -username and -password arguments when invoking the weblogic.Admin utility directly on the command line or in scripts. With these arguments, the username and password are not encrypted. If you store the values in a script, the user credentials can be used by anyone who has read access to the script.

The following list summarizes the order of precedence for the weblogic.Admin user-credentials arguments:

If you specify -username username -password password, the utility passes the unencrypted values to the server instance you specify in the -url argument.
These arguments take precedence over the { -userconfigfile config-file -userkeyfile admin-key } arguments.
If you specify -username username, the utility prompts for a password. Then it passes the unencrypted values to the server instance you specify in the -url argument.
This argument also takes precedence over the { -userconfigfile config-file -userkeyfile admin-key } arguments.
If you specify { -userconfigfile config-file -userkeyfile admin-key } and do not specify { -username username [-password password]}, the utility passes the values that are encrypted in config-file to the server instance you specify in the -url argument.
If you specify neither { -username username [-password password] } nor { -userconfigfile config-file -userkeyfile admin-key }, the utility searches for a user-configuration file and key file at the default path names. The default path names vary depending on the JVM and the operating system. See Configuring the Default Path Name.

Examples of Providing User Credentials

The following command specifies the username weblogic and password weblogic directly on the command line:
java weblogic.Admin -username weblogic -password weblogic COMMAND

The following command uses a user-configuration file and key file that are located at the default pathname:
java weblogic.Admin COMMAND

See Configuring the Default Path Name.

The following command uses a user-configuration file named c:\wlUser1-WebLogicConfig.properties and a key file named e:\secure\myKey:
java -userconfigfile c:\wlUser1-WebLogicConfig.properties -userkeyfile e:\secure\myKeyCOMMAND

Protocol Support

The -url and -adminurl arguments of the weblogic.Admin utility support the t3, t3s, http, https, and iiop protocols.

If you want to use http or https to connect to a server instance, you must enable HTTP Tunneling for that instance. For more information, see " Configure HTTP Protocol" in the Administration Console Online Help.

If you want to use iiop to connect to a server instance, you must enable the iiop protocol for that instance. For more information, see " Enable and Configure IIOP" in the Administration Console Online Help.

If you use the -url argument to specify a non-secured port, the weblogic.Admin utility uses t3 by default. For example, java weblogic.Admin -url localhost:7001 resolves to java weblogic.Admin -url t3://localhost:7001.

If you use either the -url or -adminurl argument to specify a port that is secured by SSL, you must specify either t3s or https. See Using SSL to Secure Administration Requests: Main Steps.

Example Environment

In many of the examples throughout the sections that follow, it is assumed that a certain environment has been set up:

The WebLogic Server administration domain is named MedRec.
The Administration Server is named MedRecServer and listens on port 7011.
The Administration Server uses the name of its host machine, AdminHost, as its listen address. For more information about the listen address and listen ports, see -Dweblogic.ListenAddress=host and -Dweblogic.ListenPort= portnumber.
The weblogic username has system-administrator privileges and uses weblogic for a password.
The user credentials have not been encrypted in a user configuration file.
A Managed Server named MedRecManagedServer uses the name of its host machine, ManagedHost, as its listen address and 8001 as its listen port.

Exit Codes Returned by weblogic.Admin

All weblogic.Admin commands return an exit code of 0 if the command succeeds and an exit code of 1 if the command fails.

To view the exit code from a Windows command prompt, enter echo %ERRORLEVEL% after you run a weblogic.Admin command. To view the exit code in a bash shell, enter echo $?.

For example:

D:\>java weblogic.Admin -username weblogic -password weblogic GET -pretty 
-mbean "MedRec:Name=MyServer,Type=Server" -property ListenPort

---------------------------
MBeanName: "MedRec:Name=MyServer,Type=Server"
        ListenPort: 7010

D:\>echo %ERRORLEVEL%
0

weblogic.Admin calls System.exit(1) if an exception is raised while processing a command, causing Ant and other Java client JVMs to exit. You can override this default behavior by specifying -noExit for Ant tasks (wlconfig) and -continueOnError for weblogic.Admin batch operations (BATCHUPDATE).

Command for Storing User Credentials

For any weblogic.Admin command that connects to a WebLogic Server instance, you must provide user credentials. You can use the STOREUSERCONFIG command to encrypt the user credentials instead of passing credentials directly on the command line or storing unencrypted credentials in scripts. See Specifying User Credentials.

STOREUSERCONFIG

Creates a user-configuration file and an associated key file. The user-configuration file contains an encrypted username and password. The key file contains a secret key that is used to encrypt and decrypt the username and password.

Only the key file that originally encrypted the username and password can decrypt the values. If you lose the key file, you must create a new user-configuration and key file pair.

Caution:

You must ensure that only authorized users can access the key file. Any user who accesses a valid user-configuration and key file pair gains the privileges of the encrypted username. To secure access to the key file, you can store the key file in a directory that provides read and write access only to authorized users, such as WebLogic Server administrators. Alternatively, you can write the key file to a removable medium, such as a floppy or CD, and lock the medium in a drawer when it is not being used.

Unlike other weblogic.Admin commands, the STOREUSERCONFIG command does not connect to a WebLogic Server instance. The data encryption and file creation are accomplished by the JVM in which the STOREUSERCONFIG command runs. Because it does not connect to a WebLogic Server instance, the command cannot verify that the username and password are valid WebLogic Server credentials.

Syntax

java weblogic.Admin 
  -username username [-password password]
  [ -userconfigfile config-file ] [ -userkeyfile keyfile ]
  STOREUSERCONFIG

Table 2-4 STOREUSERCONFIG Arguments
Argument	Definition
`-userconfigfile` `config-file`	Specifies a file pathname at which the `STOREUSERCONFIG` command creates a user-configuration file. The pathname can be absolute or relative to the directory from which you enter the command. If a file already exists at the specified pathname, the command overwrites the file with a new file that contains the newly encrypted username and password. If you do not specify this option, `STOREUSERCONFIG` does the following: To determine the directory in which to create the user-configuration file, it uses the JVM’s user-home directory. The default value varies depending on the SDK and type of operating system. See Configuring the Default Path Name. To determine the file name, it prepends your operating-system username to the string `-WebLogicConfig.properties`. For example, `username-WebLogicConfig.properties`. You can use Java options to specify a different username. See Configuring the Default Path Name.
`-userkeyfile` `keyfile`	Specifies a file pathname at which the `STOREUSERCONFIG` command creates a key file. The pathname can be absolute or relative to the directory from which you enter the command. If a file already exists at the specified pathname, `STOREUSERCONFIG` uses the existing key file to encrypt the new user-configuration file. If you do not specify this option, `STOREUSERCONFIG` does the following: To determine the directory in which to create the key file, it uses the JVM’s user-home directory. The default value varies depending on the SDK and type of operating system. See Configuring the Default Path Name. To determine the file name, it prepends your operating-system username to the string `-WebLogicConfig.properties`. For example, `username-WebLogicConfig.properties`. You can use Java options to specify a different username. See Configuring the Default Path Name.
`-username` `username` `[-password` `password` `]`	Specifies the username and password to encrypt. The `STOREUSERCONFIG` command does not verify that the username and password are valid WebLogic Server user credentials. If you omit the `-password` `password` argument, `STOREUSERCONFIG` prompts you to enter a password.

Configuring the Default Path Name

If you do not specify the location in which to create and use a user-configuration file and key file, the weblogic.Admin and weblogic.Deployer utilities supply the following default values:

user-home-directory\username-WebLogicConfig.properties
user-home-directory\username-WebLogicKey.properties

Where user-home-directory is the home directory of the operating-system user account as determined by the JVM, and username is your operating-system username.

The value of the home directory varies depending on the SDK and type of operating system. For example, on UNIX, the home directory is usually "~username." On Windows, the home directory is usually "C:\Documents and Settings\username".

You can use the following Java options to specify values for user-home-directory and username:

-Duser.home=pathname specifies the value of user-home-directory
-Duser.name=username specifies the value of username.

For example, the following command configures the user-home directory to be c:\myHome and the user name to be wlAdmin. The command will search for the following user-configuration file and user key file:
c:\myHome\wlAdmin-WebLogicConfig.properties c:\myHome\wlAdmin-WebLogicKey.properties

java -Duser.home=c:\myHome -Duser.name=wlAdmin weblogic.AdminCOMMAND

Creating User-Configuration and Key Files

To create user-configuration and key files:

Use the -username username and -password password arguments to specify the username and password to be encrypted.
Specify the name and location of the user-configuration and key files by doing one of the following:

Use the -userconfigfile config-file and -userkeyfile key-file arguments:
java weblogic.Admin -username username -password password -userconfigfile config-file -userkeyfile key-fileSTOREUSERCONFIG
Use the default behavior to create files named
user-home-directory\username-WebLogicConfig.properties and
user-home-directory\username-WebLogicKey.properties: java weblogic.Admin -usernameusername -password passwordSTOREUSERCONFIG
Use the -Duser.home=directory and -Duser.name=username Java options to create files named
directory\username-WebLogicConfig.properties and
directory\username-WebLogicKey.properties: java -Duser.home=directory -Duser.name=usernameweblogic.Admin -usernameusername -password passwordSTOREUSERCONFIG

You can change the name and location of a user-configuration file or a key file after you create them, as long as you use the two files as a pair.

Using a Single Key File for Multiple User-Configuration Files

To use one key file to encrypt multiple user-configuration files:

Create an initial user-configuration file and key file pair.

For example, enter the following command:

java weblogic.Admin -username username -password password-userconfigfile c:\AdminConfig -userkeyfile e:\myKeyFile STOREUSERCONFIG

When you create an additional user-configuration file, specify the existing key file.

For example, enter the following command:

java weblogic.Admin -username username -password password-userconfigfile c:\anotherConfigFile -userkeyfile e:\myKeyFile STOREUSERCONFIG

Examples

In the following example, a user who is logged in to a UNIX operating system as joe encrypts the username wlAdmin and password wlPass:

java weblogic.Admin -username wlAdmin -password wlPass STOREUSERCONFIG

The command determines whether a key file named ~joe/joe-WebLogicKey.properties exists. If such a file does not exist, it prompts the user to select y to confirm creating a key file. If the command succeeds, it creates two files:
~joe\joe-WebLogicConfig.properties ~joe\joe-WebLogicKey.properties

The file joe-WebLogicConfig.properties contains an encrypted version of the strings wlAdmin and wlPass. Any command that uses the ~joe\joe-WebLogicConfig.properties file must specify the ~joe\joe-WebLogicKey.properties key file.

In the following example, the user joe is a System Administrator who wants to create a user-configuration file for an operating-system account named pat. For the sake of convenience, joe wants to create the user-configuration file in pat’s home directory, which will simplify the syntax of the weblogic.Admin commands that pat invokes. For added security, only one key file exists at joe’s organization, and it is located on a removable hard drive.

To create a user configuration file in pat’s home directory that is encrypted and decrypted by a key file name e:\myKeyFile:

java -Duser.name=pat -Duser.home="C:\Documents and Settings\pat" weblogic.Admin -username wlOperatorPat -password wlOperator1 -userkeyfile e:\myKeyFile STOREUSERCONFIG

A user who logs in to pat’s account can use the following syntax to invoke weblogic.Admin commands:
java weblogic.Admin -userkeyfile e:\myKeyFile COMMAND

For information on using user-configuration and key files, see Specifying User Credentials.

Commands for Managing the Server Life Cycle

Table 2-5 is an overview of commands that manage the life cycle of a server instance. Subsequent sections describe command syntax and arguments, and provide an example for each command. For more information about the life cycle of a server instance, see " Understanding Server Life Cycle" in Managing Server Startup and Shutdown and " Managing Servers and Server Life Cycle" in WebLogic Scripting Tool.

Table 2-5 Overview of Commands for Managing the Server Life Cycle
Command	Description
`CANCEL_SHUTDOWN`	Cancels the `SHUTDOWN` command for the WebLogic Server that is specified in the URL. See CANCEL_SHUTDOWN.
`FORCESHUTDOWN`	Terminates a server instance without waiting for active sessions to complete. See FORCESHUTDOWN.
`LOCK`	Locks a WebLogic Server against non-privileged logins. Any subsequent login attempt initiates a security exception which may contain an optional string message. See LOCK.
`RESUME`	Makes a server available to receive requests from external clients. See RESUME.
`SHUTDOWN`	Gracefully shuts down a WebLogic Server. See SHUTDOWN.
`START`	Uses a configured Node Manager to start a Managed Server in the `RUNNING` state. See START.
`STARTINSTANDBY`	Uses a configured Node Manager to start a Managed Server and place it in the `STANDBY` state. See STARTINSTANDBY.
`UNLOCK`	Unlocks the specified WebLogic Server after a LOCK operation. See UNLOCK.

CANCEL_SHUTDOWN

The CANCEL_SHUTDOWN command cancels the SHUTDOWN command for a specified WebLogic Server.

When you use the SHUTDOWN command, you can specify a delay (in seconds). An administrator may cancel the shutdown command during the delay period. Be aware that the SHUTDOWN command disables logins, and they remain disabled even after cancelling the shutdown. Use the UNLOCK command to re-enable logins.

See SHUTDOWN and UNLOCK.

This command is deprecated because the ability to specify a delay in the SHUTDOWN command is also deprecated. Instead of specifying a delay in the SHUTDOWN command, you can now set attributes to control how a server shuts down. For more information, see " Controlling Graceful Shutdowns" in Managing Server Startup and Shutdown.

Syntax

java [ SSL Arguments ] weblogic.Admin 
     [ Connection Arguments ] 
     [ User Credentials Arguments ]
     CANCEL_SHUTDOWN

Example

The following example cancels the shutdown of a WebLogic Server instance that runs on a machine named ManagedHost and listens on port 8001:

java weblogic.Admin -url ManagedHost:8001 -username weblogic 
   -password weblogic CANCEL_SHUTDOWN

For more information about the environment in which this example runs, see Example Environment.

FORCESHUTDOWN

Terminates a server instance without waiting for active sessions to complete. For more information, see “ Force Shutdown" in Managing Server Startup and Shutdown.

If a server instance is in a deadlocked state, it can respond to weblogic.Admin commands only if you have enabled the domain-wide administration port. (A deadlocked server is one in which all threads are struck trying to acquire locks held by other threads.) If you have not already enabled the domain-wide administration port, your only option for shutting down the server instance is to kill the Java process that is running the server. You will lose all session data. For information on enabling the domain-wide administration port, see " Configure the domain-wide administration port" in the Administration Console Online Help.

Syntax

java [ SSL Arguments ] 
   [-Dweblogic.system.BootIdentityFile=filename 
     [-Dweblogic.RootDirectory=path]
   ]
   weblogic.Admin 
   [ Connection Arguments ] 
   [ User Credentials Arguments ]
   FORCESHUTDOWN [targetServer]

Table 2-6 FORCESHUTDOWN Arguments
Argument	Definition
`-Dweblogic.system.BootIdentityFile=filename` `[-Dweblogic.RootDirectory=path]`	Cause the command to retrieve encrypted user credentials from a boot identity file. See " Boot Identity Files" in Managing Server Startup and Shutdown. Use these arguments if you invoke this command from a script, you have not created a user configuration file, and you do not want to store user credentials in your script. If you do you not use the `-username` argument or a user configuration file to specify credentials (see User Credentials Arguments), the command retrieves user credentials from a boot properteis file as follows: If you invoke the command from a server’s root directory, and if the server’s root directory contains a valid `boot.properties` file, it retrieves credentials from this file by default. For information about a server’s root directory, see “ A Server’s Root Directory.” If you invoke the command from a server’s root directory, but the server’s boot identity file is not in the server’s root directory or is not named `boot.properties`, the command can use a boot identity file if you include the following argument: `-Dweblogic.system.BootIdentityFile=filename` where `filename` is the fully qualified pathname of a valid boot identity file. If you do not invoke the command from a server’s root directory, the command can use a boot identity file if you include both of the following arguments in the command: `-Dweblogic.system.BootIdentityFile=filename` `-Dweblogic.RootDirectory=path` where `filename` is the fully qualified pathname of a valid boot identity file and `path` is the relative or fully-qualified name of the server’s root directory. If you have not created a boot identity file for a server, or if you do not want to use it, you must use the `-username` and `-password` arguments to provide user credentials. If you specify both `-Dweblogic.system.BootIdentityFile=filename` and `-username` and `-password`, the command uses the credentials specified in the `-username` and `-password` arguments.
`targetServer`	The name of the server to shut down. If you do not specify a value, the command shuts down the server that you specified in the `-url` argument.

Example

The following command instructs the Administration Server to shut down a Managed Server:

java weblogic.Admin -url AdminHost:7011 -username weblogic 
   -password weblogic FORCESHUTDOWN MedRecManagedServer

After you issue the command, MedRecManagedServer prints messages to its log file and to its standard out. The messages indicate that the server state is changing and that the shutdown sequence is starting.

If the command succeeds, the final message that the target server prints is as follows:

<Oct 12, 2002 11:28:59 AM EDT> <Alert> <WebLogicServer> <000219> <The
shutdown sequence has been initiated.>

In addition, if the command succeeds, the weblogic.Admin utility returns the following:

Server "MedRecManagedServer" was force shutdown successfully ...

For more information about the environment in which this example runs, see Example Environment.

In the following example, the Administration Server is not available, so the command instructs the Managed Server to shut itself down:

java weblogic.Admin -url ManagedHost:8001 -username weblogic 
-password weblogic FORCESHUTDOWN

The following example provides user credentials by referring to a boot identity file. The example specifies the server’s root directory and boot identity file name so that it can be invoked from any directory:

java -Dweblogic.system.BootIdentityFile=c:\mydomain\boot.properties
 -Dweblogic.RootDirectory=c:\mydomain
 weblogic.Admin -url AdminHost:7001 FORCESHUTDOWN

LOCK

Locks a WebLogic Server instance against non-privileged logins. Any subsequent login attempt initiates a security exception which may contain an optional string message.

Note:

This command is privileged. It requires the password for the WebLogic Server administrative user.

Instead of using the LOCK command, start a server in the STANDBY state. In this state, a server instance responds only to administrative requests over the domain-wide administration port. See " Understanding Server Life Cycle" in Managing Server Startup and Shutdown.

Syntax

java [ SSL Arguments ]
     weblogic.Admin 
     [ -url [protocol://]listen-address:listen-port ] 
     [ User Credentials Arguments ]
   LOCK ["stringMessage"]

Table 2-7 LOCK Arguments
Argument	Definition
`-url` `[protocol://]listen-address:listen-port`	Specify the listen address and listen port of the server instance that you want to lock. If you specify a secure listen port, you must also specify a secure protocol. If you do not specify a value, the command assumes `t3://localhost:7001`. For more information, see the `-url` entry in Table 2-2 and Protocol Support.
`"stringMessage"`	Message, in double quotes, to be supplied in the security exception that is thrown if a non-privileged user attempts to log in while the WebLogic Server instance is locked.

Example

In the following example, a Managed Server named MedRecManagedServer is locked.

java weblogic.Admin -url ManagedHost:8001 -username weblogic
   -password weblogic 
   LOCK "Sorry, WebLogic Server is temporarily out of service."

Any application that subsequently tries to log into the locked server with a non-privileged username and password receives the specified message: Sorry, WebLogic Server is temporarily out of service.

RESUME

Moves a server instance from the STANDBY or ADMIN state to the RUNNING state.

For more information about server states, see " Understanding Server Life Cycle" in Managing Server Startup and Shutdown.

Syntax

java [ SSL Arguments ]
     weblogic.Admin 
     [-url URL]
     [ User Credentials Arguments ]
   RESUME [targetServer]

Table 2-8 RESUME Arguments
Argument	Definition
`-url` `secure-protocol://listen-address:listen-port`	Because servers can be in the `STANDBY` state only if the domain-wide administration port is enabled, to resume a server you must specify the Administration Server and domain-wide administration port as follows: `t3s://Admin-Server-listen-address:domain-wide-admin-port` or `https://Admin-Server-listen-address:domain-wide-admin-port` For more information, see the `-url` entry in Table 2-2 and Protocol Support.
`targetServer`	The name of the server to resume. If you do not specify a value, the command resumes the server that you specified in the `-url` argument.

Example

The following example connects to the Administration Server and instructs it to resume a Managed Server:

java weblogic.Admin -url t3s://AdminHost:9002 -username weblogic 
-password weblogic RESUME MedRecManagedServer

For more information about the environment in which this example runs, see Example Environment.

SHUTDOWN

Gracefully shuts down the specified WebLogic Server instance.

A graceful shutdown gives WebLogic Server subsystems time to complete certain application processing currently in progress. By default, a server instance waits for pending HTTP sessions to finish as a part of the graceful shutdown. You can override this behavior using the -ignoreExistingSessions argument. See " Controlling Graceful Shutdowns" in Managing Server Startup and Shutdown.

In release 6.x, this command included an option to specify a number of seconds to wait before starting the shutdown process. This option is now deprecated. To support this deprecated option, this command assumes that a numerical value in the field immediately after the SHUTDOWN command indicates seconds. Thus, you cannot use this command to gracefully shut down a server whose name is made up entirely of numbers. Instead, you must use the Administration Console. For information, see " Shut Down a Server Instance" in the Administration Console Online Help.

Instead of specifying a delay in the SHUTDOWN command, you can now use a -timeout option, or set attributes in the Administration Console to control how a server shuts down. For more information, see " Controlling Graceful Shutdowns" in Managing Server Startup and Shutdown.

Syntax

java [ SSL Arguments ]
     [-Dweblogic.system.BootIdentityFile=filename 
       [-Dweblogic.RootDirectory=path]
     ]
     weblogic.Admin 
     [ Connection Arguments ] 
     [ User Credentials Arguments ]
   SHUTDOWN [-ignoreExistingSessions] [-timeout seconds] 
   [targetServer]

(Deprecated)java [ SSL Arguments ]
     [-Dweblogic.system.BootIdentityFile=filename 
       [-Dweblogic.RootDirectory=path]
     ]
     weblogic.Admin 
     [ Connection Arguments ] 
     [ User Credentials Arguments ]
   SHUTDOWN [seconds [“stringMessage”]] [targetServer]

Table 2-9 SHUTDOWN Arguments
Argument	Definition
`-Dweblogic.system.BootIdentityFile=filename` `[-Dweblogic.RootDirectory=path]`	Cause the command to retrieve encrypted user credentials from a boot identity file. See " Boot Identity Files" in Managing Server Startup and Shutdown. Use these arguments if you invoke this command from a script, you have not created a user configuration file, and you do not want to store user credentials in your script. If you do you not use the `-username` argument or a user configuration file to specify credentials (see User Credentials Arguments), the command retrieves user credentials from a boot properteis file as follows: If you invoke the command from a server’s root directory, and if the server’s root directory contains a valid `boot.properties` file, it retrieves credentials from this file by default. For information about a server’s root directory, see “ A Server’s Root Directory.” If you invoke the command from a server’s root directory, but the server’s boot identity file is not in the server’s root directory or is not named `boot.properties`, the command can use a boot identity file if you include the following argument: `-Dweblogic.system.BootIdentityFile=filename` where `filename` is the fully qualified pathname of a valid boot identity file. If you do not invoke the command from a server’s root directory, the command can use a boot identity file if you include both of the following arguments in the command: `-Dweblogic.system.BootIdentityFile=filename` `-Dweblogic.RootDirectory=path` where `filename` is the fully qualified pathname of a valid boot identity file and `path` is the relative or fully-qualified name of the server’s root directory. If you have not created a boot identity file for a server, or if you do not want to use it, you must use the `-username` and `-password` arguments to provide user credentials. If you specify both `-Dweblogic.system.BootIdentityFile=filename` and `-username` and `-password`, the command uses the credentials specified in the `-username` and `-password` arguments.
`-ignoreExistingSessions`	Causes a graceful shutdown operation to drop all HTTP sessions immediately. If you do not specify this option, the command refers to the Ignore Sessions During Shutdown setting for the server in the domain’s `config.xml` file. For more information, see " Controlling Graceful Shutdowns" in Managing Server Startup and Shutdown. By default, a graceful shutdown operation waits for HTTP sessions to complete or timeout.
`-timeout` `seconds`	The number of seconds subsystems have to complete in-flight work and suspend themselves. If you specify a timeout value and the subsystems do not complete work and suspend themselves within that period, WebLogic Server will perform a forced shutdown on the server instance.
`targetServer`	The name of the server to shut down. If you do not specify a value, the command shuts down the server that you specified in the `-url` argument.
`seconds`	Number of seconds allowed to elapse between the invoking of this command and the shutdown of the server.
`“stringMessage”`	Message, in double quotes, to be supplied in the message that is sent if a user tries to log in while the WebLogic Server is being shut down.

Example

The following example instructs the Administration Server to shut down a Managed Server:

java weblogic.Admin -url AdminHost:7011 -username weblogic 
-password weblogic SHUTDOWN MedRecManagedServer

If the command succeeds, the final message that the target server prints is as follows:

<Oct 12, 2002 11:28:59 AM EDT> <Alert> <WebLogicServer> <000219> <The
shutdown sequence has been initiated.>

In addition, if the command succeeds, the weblogic.Admin utility returns the following:

Server "MedRecManagedServer" was shutdown successfully ...

For more information about the environment in which this example runs, see Example Environment.

In the following example, the Administration Server is not available. The same user connects to a Managed Server and instructs it to shut itself down:

java weblogic.Admin -url ManagedHost:8001 -username weblogic 
-password weblogic SHUTDOWN

java -Dweblogic.system.BootIdentityFile=c:\mydomain\boot.properties
 -Dweblogic.RootDirectory=c:\mydomain weblogic.Admin
 -url AdminHost:7001 SHUTDOWN

START

Starts a Managed Server using Node Manager.

This command requires the following environment:

The domain’s Administration Server must be running.
The Node Manager must be running on the Managed Server’s host machine.
The Managed Server must be configured to communicate with a Node Manager. For more information, see “ Configure Machines" and “ Assign Server Instances to Machines” in the Administration Console Online Help.

The Startup Mode field in the Administration Console determines whether a Managed Server starts in the RUNNING, STANDBY, or ADMIN state. See “ Specify a Startup Mode” in the Administration Console Online Help and " Understanding Server Life Cycle" in Managing Server Startup and Shutdown.

Syntax

java [ SSL Arguments ] weblogic.Admin 
   [-url URL]
   [ User Credentials Arguments ]
   START targetServer

Table 2-10 START Arguments
Argument	Definition
`-url` [`protocol://`]`listen-address:listen-port`	Must specify the listen address and listen port of the domain’s Administration Server. If you specify a secure listen port, you must also specify a secure protocol. If you do not specify a value, the command assumes `t3://localhost:7001`. For more information, see the `-url` entry in Table 2-2 and Protocol Support.
`targetServer`	The name of the Managed Server to start.

Example

The following example instructs the Administration Server and Node Manager to start a Managed Server:

java weblogic.Admin -url AdminHost:7011 -username weblogic 
-password weblogic START MedRecManagedServer

When you issue the command, the following occurs:

The Administration Server determines which machine MedRecManagedServer is configured to run on. It instructs the Node Manager that is running on that machine to start MedRecManagedServer in the state that the Startup Mode field specifies.
The Node Manager indicates its progress by writing messages to its standard out. You can view these messages from the Administration Console on the ServerNameControlRemote Start Output page.
If the command succeeds, the weblogic.Admin utility returns to the following message:

Server "MedRecManagedServer" was started ...
Please refer to server log files for completion status ...

For more information about the environment in which this example runs, see Example Environment.

STARTINSTANDBY

Starts a Managed Server using Node Manager.

Prior to WebLogic Server 9.0, this command started a Managed Server using the Node Manager and placed it in a STANDBY state. In this state, a server is not accessible to requests from external clients.

In WebLogic Server 9.0, the Startup Mode field in the Administration Console determines the state in which a Managed Server starts, regardless of which command you use to start the server instance. See “ Specify a Startup Mode” and “ Start Managed Servers in the STANDBY Mode” in the Administration Console Online Help.

This command requires the following environment:

The domain’s Administration Server must be running.
The Node Manager must be running on the Managed Server’s host machine.
The Managed Server must be configured to communicate with a Node Manager. For more information, see “ Configure Machines” and “ Assign Server Instances to Machines” in the Administration Console Online Help.
The domain must be configured to use a domain-wide administration port as described in "Configure the domain-wide administration port" in the Administration Console Online Help.

For more information about server states, see " Understanding Server Life Cycle" in Managing Server Startup and Shutdown.

Syntax

java [ SSL Arguments ] weblogic.Admin 
   [-url URL]
   [ User Credentials Arguments ]
   STARTINSTANDBY targetServer

Table 2-11 STARTINSTANDBY Arguments
Argument	Definition
`-url` `secure-protocol://listen-address:listen-port`	You must specify the Administration Server and domain-wide administration port as follows: `t3s://Admin-Server-listen-address:domain-wide-admin-port` or `https://Admin-Server-listen-address:domain-wide-admin-port` For more information, see the `-url` entry in Table 2-2 and Protocol Support.
`targetServer`	The name of the WebLogic Server to start in the `STANDBY` state.

Example

The following example instructs the Administration Server and Node Manager to start a Managed Server:

java weblogic.Admin -url t3s://AdminHost:9002 -username weblogic 
-password weblogic STARTINSTANDBY MedRecManagedServer

When you issue the command, the following occurs:

The Administration Server determines which machine MedRecManagedServer is configured to run on. It instructs the Node Manager that is running on that machine to start MedRecManagedServer in the state that the Start Mode field specifies.
The Node Manager indicates its progress by writing messages to its standard out. You can view these messages from the Administration Console on the ServerNameControlRemote Start Output page.
If the command succeeds, the weblogic.Admin utility returns to the following message:

Server "MedRecManagedServer" was started ...
Please refer to server log files for completion status ...

When you use the Node Manager to start a Managed Server, the Node Manager writes standard out and standard error messages to its log file. You can view these messages from the Administration Console on the MachinesMonitoringNode Manager Log page.

For more information about the environment in which this example runs, see Example Environment.

UNLOCK

Unlocks the specified WebLogic Server after a LOCK operation.

This command is deprecated because the LOCK command is deprecated. Instead of LOCK and UNLOCK, use STARTINSTANDY and RESUME. For more information, see RESUME.

Syntax

java [ SSL Arguments ] weblogic.Admin 
     [-url URL]
     [ User Credentials Arguments ]
   UNLOCK

Example

In the following example, an administrator named adminuser with a password of gumby1234 requests the unlocking of the WebLogic Server listening on port 7001 on machine localhost:

java weblogic.Admin -url localhost:7001 -username adminuser 
   -password gumby1234 UNLOCK

Commands for Retrieving Information about WebLogic Server and Server Instances

Table 2-12 is an overview of commands that return information about WebLogic Server installations and instances of WebLogic Server. Subsequent sections describe command syntax and arguments, and provide an example for each command.

Table 2-12 Overview of Commands for Retrieving Information about WebLogic Server
Command	Description
`CONNECT`	Makes the specified number of connections to a WebLogic Server instance and returns two nu