Error: Cannot load page due to truncated or corrupt class

One of the reason for it could be some hiccup while applying patch.

I would recommend comparing ORACLE_HOME\bpel\system\services\lib\orabpel.ear file sizes in your ORACLE_HOME. In fact, you might want to go trough tedious process of making sure that all files mentioned in post.sh [or .bat] are updated correctly.

1. Compare $ORACLE_HOME/bpel/system/services/lib/orabpel.ear with $ORACLE_HOME/j2ee/$CONTAINER/applications/orabpel.ear
2. Delete any EAR file if present in $ORACLE_HOME/j2ee/$CONTAINER/application-deployments/ folder
3. Check if size of $ORACLE_HOME/bpel/system/j2ee/orabpel.ear equals $PATCH_HOME/files/bpel/system/j2ee/orabpel.ear. If not then move $ORACLE_HOME/bpel/system/j2ee/orabpel.ear to backup directory and copy $PATCH_HOME/files/bpel/system/j2ee/orabpel.ear. You might need to run additional steps as per post.sh (or.bat) file.
4. Check if size of $ORACLE_HOME/bpel/system/services/lib/orabpel.ear equals $ORACLE_HOME/j2ee/$CONTAINER/applications/orabpel.ear. if not then move $ORACLE_HOME/j2ee/$CONTAINER/applications/orabpel.ear to backup folder and copy the one from $ORACLE_HOME/bpel/system/services/lib/orabpel.ear
5. Repeat same process for hw_services.ear and other files in post.sh (or.bat) file.

Unable to login to BPEL or ESB Console after unsuccessful login

After providing invalid credentials at BPEL Console, BPEL Admin Console, or ESB Control, if valid credentials are entered, then every attempt to log in will result in the "Authentication Failed" error message.

Reason is that the OC4J instance uses the parameter  ‘-Doc4j.formauth.redirect=true’, and OC4J does not redirect correctly.  This invalid redirection prevents BPEL and ESB from being redirected to the correct page after a successful login attempt if there was a failed login attempt.

Workaround is you take login_error.jsp off from URL http://<host>:<port>/BPELConsole/login_error.jsp, So your URL would look like http://<host>:<port>/BPELConsole/. This will automatically log you in. Since the problem was with redirection and not with your credentials

Fix is to apply patch 7202167 from metalink. 

How To Control The Size Of The BPEL domain.log File

1.  Logon to your server and navigate to directory BPEL_HOME/domains/<domain name>/config.

2.  Make a backup copy of the log4j-config.xml file.

3.  Open the log4j-config.xml file for edit.

4.  Change the appender class from com.collaxa.cube.util.CXRollingFileAppender to org.apache.log4j.RollingFileAppender.

5.  Add the property MaxFileSize:

<param value="10MB" name="MaxFileSize" />

Here, a maximum file size of 10MB is specified, but you can make it whatever value suits your environment.  The top of the log4j-config.xml file now looks like:

<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
<appender class="com.collaxa.cube.util.CXRollingFileAppender" name="A1">
<param value="true" name="ImmediateFlush" />
<param value="false" name="Append" />
<param value="C:/oracle/ora10g/soasuite/bpel/domains/default/logs/domain.log" name="File" />
<param value="10" name="MaxBackupIndex" />
<param value="10MB" name="MaxFileSize"/>
<layout class="org.apache.log4j.PatternLayout">

6.  Save the file, and restart the BPEL container.

Please note that these changes will be carried forward to any new domain that you create.  If you have already created domains in addition to default, you will need to change the log4j-config.xml file for each of these domains to limit the size of those log files.

AQ/Apps Adapter Endpoint properties

Some of the endpoint properties pertaining to concurrency and timeout which might help in configuring AQ (or Apps) adapter for de-queuing messages from AQ Queue.

This setting ensures that there at least will be MILLI_SECONDS delay between two consecutive messages being posted to the BPEL/ESB process.

<property name="minimumDelayBetweenMessages">MILLI_SECONDS</property>

The value for this property determines how many seconds the API waits for messages before it returns and the next polling cycle begins.

<property name="DequeueTimeOut">SECONDS</property>

The value of this property determines the number of polling threads that are active at any point in time when the activation is initiated.

#### FOR ESB/BPEL 10.1.3.4.x

<property name="adapter.aq.dequeue.threads">NO_OF_THREADS</property>

#### FOR BPEL 10.1.3.3.x

<property name=activationInstances">NO_OF_THREADS<property>

#### FOR ESB 10.1.3.3.x

<endpointProperties>
   <property name="numberOfAqMessageListeners" value="NO_OF_THREADS"/>
</endpointProperties>

Restrict User Access To A Specific BPEL Domain With JAZN Security Provider

BPEL PM allows you to have a fine grained user access at domain level. That means that if you want to restrict a user to a domain (or set of domains) then you should be able to perform this task by following these simple steps.

I am assuming that we have a domain called “development” and we want to have users (e.g. “devuser”) with only “devrole” privilege  to have access to this domain.

To achieve this we need to perform two task, first create user, role at application server and then update security realm using enterprise manager console.

To simplify this, i have scripted first half of the task. It basically creates role “devrole”, assigned domain permissions to “devrole”, create user “devuser” and grant role “devrole” to this user.

set OH=C:\oracle\ora10g\soasuite
set JH=%OH%/jdk
set ADMIN_USER=oc4jadmin
set ADMIN_PWD=oc4jadmin
set ROLE_NAME=devrole
set USER_NAME=devuser
set USER_PWD=welcome1
set DOMAIN_NAME=development

%JH%/bin/java -Xbootclasspath/a:%OH%/bpel/lib/orabpel-boot.jar -jar %OH%/j2ee/home/jazn.jar -user %ADMIN_USER% -password %ADMIN_PWD% -addrole jazn.com %ROLE_NAME%
%JH%/bin/java -Xbootclasspath/a:%OH%/bpel/lib/orabpel-boot.jar -jar %OH%/j2ee/home/jazn.jar -user %ADMIN_USER% -password %ADMIN_PWD% -grantperm jazn.com -role %ROLE_NAME% com.collaxa.security.DomainPermission %DOMAIN_NAME% all
%JH%/bin/java -Xbootclasspath/a:%OH%/bpel/lib/orabpel-boot.jar -jar %OH%/j2ee/home/jazn.jar -user %ADMIN_USER% -password %ADMIN_PWD% -listperms jazn.com -role %ROLE_NAME%
%JH%/bin/java -Xbootclasspath/a:%OH%/bpel/lib/orabpel-boot.jar -jar %OH%/j2ee/home/jazn.jar -user %ADMIN_USER% -password %ADMIN_PWD% -adduser jazn.com %USER_NAME% %USER_PWD%
%JH%/bin/java -Xbootclasspath/a:%OH%/bpel/lib/orabpel-boot.jar -jar %OH%/j2ee/home/jazn.jar -user %ADMIN_USER% -password %ADMIN_PWD% -grantrole %ROLE_NAME% jazn.com %USER_NAME%

Second half task is little bit manual, i would try to script it but for the time being lets do it from EM console.

• Logon to the application server control console, and from the cluster topology, expand the BPEL container. Scroll down and click on orabpel.

• Navigate to Administration -> Security Provider -> Realms

• Click on the number under Roles. Click on Create and add the name you’ve given your new role (e.g. devrole) and check “Grant RMI Login Permission”. Click Apply.

• Go back to the Security Provider page, and click on the number under Users.
• Click create and enter the name of your user and the password In our example, the user name would be “devuser” and the password “welcome1”.
• Assign this user the new role “devrole” and Click OK.

• Now, open the system-jazn-data.xml file in directory ORACLE_HOME/j2ee/oc4j_soa/config for edit.
• In a section titled <jazn-realm> and under that a section labeled <users>. Scroll down and verify that the user you’ve just created on the application server console is listed there.
• In a section labeled <roles>. Verify that the role you’ve just created is listed there and that your user is listed as a member of this group. (Group and role are synonymous in BPEL.)
• Scroll down further to the section labeled . Look for the permissions granted to your new role; you will see something like

• We will need to add the domain permission here. So, add the following text replacing domain name with our domain name “development”.

<permission>
    <class>com.collaxa.security.DomainPermission</class>
    <name>DOMAIN_NAME</name>
    <actions>all</actions>
</permission>

• So it would look like

• Restart the server
• Try to login as “devuser”. You will see that the console comes up in the domain specified for this user. In the drop down list at the top, the user will be able to see any other domains but will be unable to access them.