Weblogic performance issues with JDK SecureRandom security setting

Problem: We have installed Weblogic 11g/12c on Linux server with Java 1.7 or 1.8. We have noticed start and stop services are taking long time when we have "database source" setup.

Cause: Thread dump shows that the contention is locked on generating random generation entropy. This is due to Delay caused by single thread reading entropy. 


Solution: 

1. Feed the /dev/random device with additional I/O operations or using a random number generator tool (like rngd).


2. Instruct WebLogic server to use a non-blocking entropy device.


2.1 Long term solution


a) WebLogic Server Scope


i.   Edit the Weblogic startup script ($DOMAIN_HOME/bin/startWebLogic.sh)

ii.  Add the following to the JAVA_OPTIONS variable: -Djava.security.egd=file:/dev/./urandom

iii. Save the file.

iv. Set the domain environment. ($DOMAIN_HOME/bin/setDomainEnv.sh)

v.  Start WebLogic instances.


b) JDK Scope


i.   Edit the Java Security Properties file ($JAVA_HOME/jre/lib/security/java.security)

ii.  The securerandom.source property specifies the source of seed data for secure random. If that property points to /dev/random, set it as one of the options listed below.

securerandom.source=file:/dev/./urandom


securerandom.source=file:/dev/urandom


iii.  Save changes and start the WebLogic Server instances.


2.2 Temporary solution (usually applied for testing purposes)


i. Override the JAVA_OPTIONS environment variable before starting WebLogic Server via shell scripts.

$ export JAVA_OPTIONS="${JAVA_OPTIONS} -Djava.security.egd=file:/dev/./urandom"


ii. Start WebLogic instances.




References

Performance Issues Noticed At SecureRandom generation (Doc ID 1965376.1)

How to Diagnose a Linux Entropy Issue on WebLogic Server Instances (Doc ID 1574979.1)

https://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html  


About Me

I have 20 years of thorough experience in the Information Technology industry, specializing in Oracle Database, Fusion Middleware, OBIEE, Oracle E-Business Applications, Hyperion, UPK, Oracle Cloud & Virtualization Administration using Oracle Development / Administration / Management / Training tools on different platforms across industry, including C&IP (Manufacturing, Supply Chain Planning), HCM, Financials, and TMT, with knowledge in Project Management, Application Strategy, Software Development Lifecycle (SDLC), and Application Testing (Unit, System, Integration, UAT, and Performance). I worked on number of projects, implementing custom and ERP/CRM Oracle applications and used AIM/ Macro-scope methodology Project Documentation and version control. I used IT Service Management (ITSM) guidelines and ITIL framework on projects to manage Oracle Infrastructure.


Feedback, Comments, Questions?

Please provide your valuable feedback/comments and let me know if any questions? Feel free to contact me for any ORACLE technology assistance.

Contact: +91-9930920689 | Amit.Garg@redcircle.in | Linkedin