How to take Thread dump, Heap dump, GC logs for any running weblogic instnace

#!/bin/bash

# These variables must be modified, with the enviornment for the Weblogic app servers
JAVA_HOME=/u01/app/oracle/product/fmw/java/jrockit-jdk1.6.0_33-R28.2.4-4.1.0
OUTPUT_DIR=/tmp/DiagnosticData/
GC_LOG=`ps  -ef | grep $JAVA_HOME/bin/java | grep -v grep  | grep oracle | sed -n -e 's/^.*-Xloggc://p' | awk '{print $1}'`

# Function countArgs
# This is just a function that returns an int of the number of items I passed it
function countArgs {
        echo $#
}

FOUND=false
 while [ $FOUND != "true" ] ; do
     echo "EXISTING JVM(s)"
     EXSJVMS=`ps -ef | grep java | grep -v grep | grep -v NodeManager | grep -v AdminServer | grep -v "gcagent.tmmain.TMMain" | sed -n -e 's/^.*-Dweblogic.Name=//p' | awk '{print $1}'`
     echo "  "$EXSJVMS
     printf " Please enter the JVMs to generate javacores separated by a space: "
     read JVMS
     JVMS=${JVMS:-"FoundSome"}
     if [ "$JVMS" != "FoundSome" ] ; then
FOUND=true
     fi
 done
 JVM_COUNT=`countArgs $JVMS`
 echo


#split JVM names into an array
IFS=' ' read -a JVM_NAMES <<< "${JVMS}"

#create directories based on JVM name
for (( i=0; i < ${JVM_COUNT}; i++));
do
    mkdir -p $OUTPUT_DIR${JVM_NAMES[$i]}
done


#Collect data for each JVM selected

for (( loop=0; loop < ${JVM_COUNT}; loop++));
do

    OUT_DIR=$OUTPUT_DIR${JVM_NAMES[$loop]}

    #These two variables affect the amount of time that this script runs.
    JAVACORE_COUNT=3
    SLEEP_TIME=30

    #Get pid of JVM processes that were inputed
    JVM_PID=`ps -ef | grep "\-Dweblogic\.Name=${JVM_NAMES[$loop]}" | awk '{print $2}'`

    echo Get Heap Dump.
    $JAVA_HOME/bin/jrcmd $JVM_PID heap_diagnostics > $OUT_DIR/heapDiag_$JVM_PID.log

    for ITER in `seq $JAVACORE_COUNT` ;  do
       echo Get Java Stack...Sleep $SLEEP_TIME seconds
       $JAVA_HOME/bin/jrcmd $JVM_PID print_threads > $OUT_DIR/threadDump_$JVM_PID_$ITER.log
       if [ $ITER -ne $JAVACORE_COUNT ]; then
         sleep $SLEEP_TIME
       fi
    done

    # Perform the next three commands concurrently.
    echo  Get vmstat, top for JVM, and top for os...Sleep 35 seconds.
    top -H -b -p $JVM_PID -d 5  -n 7 > $OUT_DIR/top_jvmthreads.out &
    top -n 4 -b -d 10 > $OUT_DIR/top_proc.out &
    vmstat 1 35  > $OUT_DIR/vmstat.out

done


echo Get netstat
netstat -an > $OUTPUT_DIR/netstat.out


#Need to enable GC logging first before we can move this file.
#echo Get gc log data
#cp $GC_LOG $OUT_DIR/gc_log.out

What is a 2 way SSL and one way SSL

In short below is the difference:

One Way SSL - Only the client authenticates the server 

- This means that the public cert of the server needs to configured in the trust store of the client for this to happen.

Two Way SSL - The client authenticates the server & the server also authenticates the client. 

- This means that the public cert of the server needs to configured in the trust store of the client for this to happen.

- Also the public cert of the client needs to be configured on the server's trust store

Two-way SSL authentication

In two-way SSL authentication, the SSL client application verifies the identity of the SSL server application, and then the SSL server application verifies the identity of the SSL-client application.
Two-way SSL authentication is also referred to as client authentication because the application acting as an SSL client presents its certificate to the SSL server after the SSL server authenticates itself to the SSL client.
Figure 1 illustrates the certificate configuration for two-way SSL authentication between two applications in the Tivoli Identity Manager Express environment:

Figure 1. Two-way SSL authentication

For example, if the Tivoli Identity Manager Express Server initiates a connection to a Tivoli Identity Manager adapter and the adapter is set to use two-way SSL client authentication, the adapter presents its certificate to the Tivoli Identity Manager Express Server for verification, and then requests that the Tivoli Identity Manager Express Server send its certificate to the adapter for verification. In this case, you must install the Tivoli Identity Manager Express Server certificate and private key in its keystore, and you must install the corresponding CA certificate in the keystore of the Tivoli Identity Manager adapter. On theTivoli Identity Manager adapter, you must install the adapter certificate and private key in its keystore, and you must install the corresponding CA certificate in the keystore of the Tivoli Identity Manager Express Server. If the same certificate authority issues both signed certificates, you can install the same CA certificate in the keystores of both applications. Two-way SSL authentication with signed certificates that are issued by one or more certificate authorities ensure maximum security of sensitive data.
If you are using self-signed certificates, you must create and install the self-signed certificate and private key on the SSL-client and SSL-server applications, then extract the certificate from the keystore of each application and add it to the keystore of the other application. Figure 2 illustrates the certificate configuration for two-way SSL authentication using self-signed certificates.

Figure 2. Self-signed two-way SSL authentication

How to secure the JNDI in weblogic Servers

We need to go to the server and access the link for the jndi. The jndi tree will show up in a new window.

Check the default roles and policies
By default, everyone has access to the JNDI

Remove the role

And then add the admin role. This will enable only the Admin user to have access to the JNDI

If we try to access the JNDI now without the Admin credentails, we get the following exceptions

javax.naming.NoPermissionException: User <anonymous> does not have permission on
StringJndiName to perform modify operation. [Root exception is javax.naming.NoP
ermissionException: User <anonymous> does not have permission on StringJndiName
to perform modify operation.]at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef
.java:348)