HTTP Strict Transport Security support in Weblogic 10.3.3+
Hi Gurus,
1) Does Weblogic 10.3.3+ support HTTP Strict Transport Security (HSTS)?
2) Has anyone experienced with implementation of the HTTP Strict Transport Security (HSTS) header in Weblogic 10.3.3?
Thanks in advance.
James
Hi John,
Here are your answers :)
1) WebLogic 10.3 supports SCA. The Tech Preview, as its name tells, was a preview of the final release which is now out. The full package installer will provide the latest version of WebLogic 10.3.
2) Since the Tech Preview is incomplete compared to the version you can find on OTN, no need to download it.
However, I experienced some problems using SCA on a sample domain.
I had to unzip another complementary JAR to make it work. This JAR was supplied with the TP. I may send you a copy through email if you wish since the JAR is nowhere to be found.
But please note that BEA has chosen to use a Fabric3 implementation. Oracle has its own. Thus I don't think this SCA implementation will last long in WebLogic ... (http://fabric3.codehaus.org/)
I bet that in a very next future, with the 11G version, SCA will full work and won't have anything to do with Fabric3.
Hope this helps.
Regards.
Edited by: Maxence Button on Nov 9, 2008 2:52 PM
Similar Messages
-
HTTP Strict Transport Security (HSTS) support in Weblogic?
Hi Gurus,
1) Does Weblogic 10.3.3+ support HTTP Strict Transport Security (HSTS)?
2) Has anyone experienced with implementation of the HTTP Strict Transport Security (HSTS) header in Weblogic 10.3.3?
Thanks in advance.
JamesHi Friends, Thanks for reply, none of them solves my issue. Also I have one simple question, Gmail works fine in IE and Chrome but not in Firefox, this purely means my security application (antivirus etc) are not playing any role in the error displayed.
This looks like some issue in Firefox only.... -
HSTS is problematic in that it incorrectly assumes that all users trust the default list of CAs and makes the adding of exceptions impossible even by advanced users.
For example, torproject.org is inaccessible on Firefox unless I am willing to trust DigiCert to never sign a fake certificate either by negligence or by court order of any country in witch they operate, thereby making every https: site ( not just torproject.org ) vulnerable to a MITM attack.
A user disabling CAs in the browser is not unreasonable given the ever growing list of CAs built into Firefox ( each one a potential point of failure ), the number of CAs that have been recently compromised and the very low standards required to obtain a certificate.
While I understand the desire to protect the average user who doesn't understand how certificates work and will click past warnings without reading them, this protection should not come at the expense of more security conscious users.
I would recommend an about:config setting that would allow the creation of exceptions by users who explicitly choose to do so.
So far the only kludge I have been able to come up with is to modify c:\program files\mozilla firefox\xul.dll with a hex editor and replace the sites on the list ( this is far from an ideal solution ).dumdidadida: Thanks for your reply, but it doesn't address the problem. HSTS is designed to FORCE the use of https, this is a good thing in most cases. However, HSTS is problematic in that it incorrectly assumes that all users trust the default list of CAs and makes the adding of exceptions impossible even by advanced users.
torprojec.org is just an example, this effects every HSTS site. You can reproduce this problem yourself in version 17 or later if you temporary disable "DigiCert High Assurance EV Root CA" in your certificate store and then visit torproject.org. You will notice the ability to add exceptions has been removed and that the cert_override.txt file found in the user's profile is also ignored. -
How to edit HSTS (HTTP Strict Transport Security) settings?
I want the connections to some particular sites to be always using https, so I need to edit Firefox's HSTS settings, but I don't know where the HSTS setting file is. Can anyone tell me how to accomplish this task?
I use both Ubuntu 14.04.1 and Windows 8. So solutions for Linux and Windows are both welcome and needed.
(I know there is an add-on called "Force TLS," but I hope to do it without an add-on.)hello, please use the addon you already know about in order to edit these settings: https://addons.mozilla.org/firefox/addon/force-tls/
the hsts settings would be stored within the permissions.sqlite database in your profile but manually editing it could do more harm than good... -
Secure JSESSIONID for Weblogic running HTTP behind load balancers
We run multiple Weblogic application servers behind a load balancer. We use an SSL accelerator to avoid encrypt/decrypt functions on the CPUs hosting Weblogic. Our Weblogic servers are running version 10.3.
Here is my conundrum:
1) For security purposes, we want the cookie JSESSIONDID to be secure.
2) Weblogic doesn't seem to want to allow me to set this secure flag as there is no HTTPS on Weblogic.
3) Network performance dictates that we don't want to run weblogic using https.
Any suggestions to get JSESSIONID set as secure and http-only on a Weblogic server that is not running https?
Thanks.We run multiple Weblogic application servers behind a load balancer. We use an SSL accelerator to avoid encrypt/decrypt functions on the CPUs hosting Weblogic. Our Weblogic servers are running version 10.3.
Here is my conundrum:
1) For security purposes, we want the cookie JSESSIONDID to be secure.
2) Weblogic doesn't seem to want to allow me to set this secure flag as there is no HTTPS on Weblogic.
3) Network performance dictates that we don't want to run weblogic using https.
Any suggestions to get JSESSIONID set as secure and http-only on a Weblogic server that is not running https?
Thanks. -
How to use security roles in Weblogic server?
Hello Gurus,
I am new to Weblogic server and I am trying to investigate how to make
use of security roles in weblogic server (5.1.0). Can anyone point me
to some documentation. Specifically, I am looking for instance level,
and method level security and how to use it.
Thanks for taking your time to read this e-mail.
Thank You all in advance,
Hari.You should read the security information in the Servlet 2.2 specification
that WL 5.1 implements:
http://java.sun.com/products/servlet/download.html
Chapter 11 deals with declarative and programmatic security, and includes a
section on roles:
11.4 Roles
A role is an abstract logical grouping of users that is defined by the
Application Developer or
Assembler. When the application is deployed, these roles are mapped by a
Deployer to security
identities, such as principals or groups, in the runtime environment.
A servlet container enforces declarative or programmatic security for the
principal associated with
an incoming request based on the security attributes of that calling
principal. For example,
1. When a deployer has mapped a security role to a user group in the
operational environment. The
user group to which the calling principal belongs is retrieved from its
security attributes. If the
principal's user group matches the user group in the operational environment
that the security
role has been mapped to, the principal is in the security role.
2. When a deployer has mapped a security role to a principal name in a
security policy domain, the
principal name of the calling principal is retrieved from its security
attributes. If the principal is
the same as the principal to which the security role was mapped, the calling
principal is in the
security role.
Cameron Purdy
http://www.tangosol.com
"Hari" <[email protected]> wrote in message
news:[email protected]..
Hello Gurus,
I am new to Weblogic server and I am trying to investigate how to make
use of security roles in weblogic server (5.1.0). Can anyone point me
to some documentation. Specifically, I am looking for instance level,
and method level security and how to use it.
Thanks for taking your time to read this e-mail.
Thank You all in advance,
Hari. -
Consuming an External Web Service using HTTPS and WS Security
Hello everyone,
I'm having a problem setting the security information in a SOAP header using a generated ABAP Client Proxy to consume an external web service that requires a User ID and Password in the Header section of the SOAP message. I need to use HTTPS. I'm on a WAS 7.01 SP08 system so from my readings, SAP is supposed to be able to add the username and password into the header section of the message. I can't seem to get SAP to add this information added to the header.
Here are the steps that I have taken to set the security values.
1) Created the client proxy from the WSDL in SE80. Basic Authentication on the Configuration tab was turned on automatically.
Note, Transport Security is set to None. I cannot change it.
2) Created an outbound set user name profile in transaction WSPROFILE with the appropriate username and password.
3) Added the profile to the default port in transaction LPCONFIG as an outbound under the WS Security section of the screen.
When I called the external Web Service, I got back the following error message:
com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5509E: A security token whose type is [http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken] is required.
So, after reading through this Forum, I saw that I needed to use the SOAMANAGER. I set up a Proxy in the SOAMANAGER and manually created the Logical Port. This was the only way I could figure out how to set the Authentication Settings in the Logical Port to "User ID / Password". I then entered the User ID and Password.
However, I am still getting the same error message. I feel I am close but missing some small configuration to tell SAP to use WS Security with a Username token.
I'm not sure what I'm doing wrong, so any help would be appreciated.
Thanks,
StephenI had this error again so I thought I would post my solution:
The issue is SAP needs to know the certificates being used by the web site being called. These certificates are automatically installed in your browser but need to be manually installed in SAP. This is what I did:
How to find/install new certificates
Make sure you run Internet Explorer as an Administrator so you can export the certificates
Go to the web site that SAP is trying to call in Internet Explorer
Double click on the lock in the address bar
View certificates
Find the certificates that are being used
Tools --> Internet Options --> Content --> Certificates
Click on the “Trusted Root Certification Authorities” tab
Find the certificate identified in step iii
Export as a CER certificate
Click on the “Intermediate Certification Authorities” tab
Find the certificate identified in step iii
Export as a CER certificate
Go to STRUST in SAP
Import the Certificates in the “Anonymous” or “Standard” SSL client
Save
RESTART the ICM via t-code SMICM <-- Critical!!!
Test -
Dose JCA support only Weblogic server 6.0 without SP1 ?
I got a error message when starting weblogic server with SP1 in which
configured the connector architecture beta implentation.
Dose JCA support only Weblogic server 6.0 without SP1 ?
How do i configure JCA on WLS6.0 with SP1 if it supports that?
Taesun.
Error message(exception) is following as :
<2001-03-14 PM 02:11:41> <Emergency> <Server> <Unable to initialize the se
rver: 'Fatal initialization exception
Throwable: java.lang.VerifyError: Cannot inherit from final class
java.lang.VerifyError: Cannot inherit from final class
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:486)
at
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:11
1)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at
weblogic.rmi.internal.ServerRequest.makeCBVOutputStream(ServerRequest
.java:50)
at
weblogic.rmi.internal.ServerRequest.getMsgOutput(ServerRequest.java:9
5)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteR
ef.java:245)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteR
ef.java:225)
at
weblogic.jndi.internal.ServerNamingNode_WLStub.createSubcontext(Serve
rNamingNode_WLStub.java:248)
at
weblogic.jndi.internal.WLContextImpl.createSubcontext(WLContextImpl.j
ava:81)
at
weblogic.transaction.internal.JNDIAdvertiser.initialize(JNDIAdvertise
r.java:76)
at
weblogic.transaction.internal.TransactionService.initialize(Transacti
onService.java:38)
at
weblogic.t3.srvr.ServerServiceList.initialize(ServerServiceList.java:
46)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:405)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
'>
The WebLogic Server did not start up properly.
Exception raised: java.lang.VerifyError: Cannot inherit from final class
java.lang.VerifyError: Cannot inherit from final class
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:486)
at
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:11
1)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at
weblogic.rmi.internal.ServerRequest.makeCBVOutputStream(ServerRequest
.java:50)
at
weblogic.rmi.internal.ServerRequest.getMsgOutput(ServerRequest.java:9
5)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteR
ef.java:245)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteR
ef.java:225)
at
weblogic.jndi.internal.ServerNamingNode_WLStub.createSubcontext(Serve
rNamingNode_WLStub.java:248)
at
weblogic.jndi.internal.WLContextImpl.createSubcontext(WLContextImpl.j
ava:81)
at
weblogic.transaction.internal.JNDIAdvertiser.initialize(JNDIAdvertise
r.java:76)
at
weblogic.transaction.internal.TransactionService.initialize(Transacti
onService.java:38)
at
weblogic.t3.srvr.ServerServiceList.initialize(ServerServiceList.java:
46)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:405)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
Reason: Fatal initialization exception
I got a error message when starting weblogic server with SP1 in which
configured the connector architecture beta implentation.
Dose JCA support only Weblogic server 6.0 without SP1 ?
How do i configure JCA on WLS6.0 with SP1 if it supports that?
Taesun.
Error message(exception) is following as :
<2001-03-14 PM 02:11:41> <Emergency> <Server> <Unable to initialize the se
rver: 'Fatal initialization exception
Throwable: java.lang.VerifyError: Cannot inherit from final class
java.lang.VerifyError: Cannot inherit from final class
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:486)
at
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:11
1)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at
weblogic.rmi.internal.ServerRequest.makeCBVOutputStream(ServerRequest
.java:50)
at
weblogic.rmi.internal.ServerRequest.getMsgOutput(ServerRequest.java:9
5)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteR
ef.java:245)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteR
ef.java:225)
at
weblogic.jndi.internal.ServerNamingNode_WLStub.createSubcontext(Serve
rNamingNode_WLStub.java:248)
at
weblogic.jndi.internal.WLContextImpl.createSubcontext(WLContextImpl.j
ava:81)
at
weblogic.transaction.internal.JNDIAdvertiser.initialize(JNDIAdvertise
r.java:76)
at
weblogic.transaction.internal.TransactionService.initialize(Transacti
onService.java:38)
at
weblogic.t3.srvr.ServerServiceList.initialize(ServerServiceList.java:
46)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:405)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
'>
The WebLogic Server did not start up properly.
Exception raised: java.lang.VerifyError: Cannot inherit from final class
java.lang.VerifyError: Cannot inherit from final class
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:486)
at
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:11
1)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at
weblogic.rmi.internal.ServerRequest.makeCBVOutputStream(ServerRequest
.java:50)
at
weblogic.rmi.internal.ServerRequest.getMsgOutput(ServerRequest.java:9
5)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteR
ef.java:245)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteR
ef.java:225)
at
weblogic.jndi.internal.ServerNamingNode_WLStub.createSubcontext(Serve
rNamingNode_WLStub.java:248)
at
weblogic.jndi.internal.WLContextImpl.createSubcontext(WLContextImpl.j
ava:81)
at
weblogic.transaction.internal.JNDIAdvertiser.initialize(JNDIAdvertise
r.java:76)
at
weblogic.transaction.internal.TransactionService.initialize(Transacti
onService.java:38)
at
weblogic.t3.srvr.ServerServiceList.initialize(ServerServiceList.java:
46)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:405)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
Reason: Fatal initialization exception
-
Versions supported by Weblogic 8.1
Hi,
I am very new to java and weblogic. I am about to install weblogic 8.1 Service Pack 5. I wants to know which are best version of jdk, servlet/jsp, ejb and tomcat supported by weblogic 8.1.
Please help me ..............
Thanks & Regards
-SandeepHi Sandeep,
WLS 8.1 supports the JSP 1.2 specification from Sun Microsystems. JSP 1.2 includes support for defining custom JSP tag extensions. (See Programming JSP Extensions)
WLS 8.1 also supports the Servlet 2.3 specification from Sun Microsystems.
WLS 8.1 supports the Enterprise Java Beans 1.1 and 2.0 specifications.
Please refer to the following links for additional information
http://e-docs.bea.com/wls/docs81/jsp/intro.html
http://e-docs.bea.com/wls/docs81/upgrade/upgrade51to81.html
Cheers
-raj -
Oracle support for Weblogic 7 under LINUX
Hi,
Does anyone know what happened to oracle support in weblogic 7.0 for linux platform,
as it seems that the drivers are not included? Are there any discussions on that
topic anywhere?
thanks.
ZlatkoIt DOES appear that there is support for WebLogic jDriver for Oracle on Linux:
see http://e-docs.bea.com/wls/certifications/certifications/redhat_linux.html#39532
The strange thing here is that, apparently, the Oracle drivers located @ lib/linux/i686/oci817_8/libweblogicoci38.so
and lib/linux/i686/oci817_8/libweblogicoxa38.so are "Type 2" ODBC drivers which
require an Oracle client to be installed on the WebLogic machine, but Oracle doesn't
support installation of the client on RedHat 7.2, which is required (according
BEA's doc) for installation of WebLogic 7.0. Can someone reconcile this apparent
conflict?
Laurent Goldsztejn <[email protected]> wrote:
Hi,
There is currently no support for WebLogic jDriver for Oracle on Linux
with WLS 7.0. Please check the following page for update on this topic.
http://www.weblogic.com/platforms/index.html#jdbc
Zlatko Mesaros wrote:
Hi,
Does anyone know what happened to oracle support in weblogic 7.0 forlinux platform,
as it seems that the drivers are not included? Are there any discussionson that
topic anywhere?
thanks.
Zlatko
Thank you,
Laurent Goldsztejn
Developer Relations Engineer
BEA Support -
HTTP 501 Not Implemented or HTTP 505 Version Not Supported
when trying to post on the ABAP Forum, i am getting the following:
The website is unable to display the webpage
HTTP 501/HTTP 505
What you can try:
Go back to the previous page.
More information
This error (HTTP 501 Not Implemented or HTTP 505 Version Not Supported) means that the website you are visiting doesn't currently have the ability to display the webpage, or support the HTTP version used to request the page.
For more information about HTTP errors, see Help.
i have tried from firefox, chrome and IE and unable to post.. i may look stupid and this may work here! lol!
but i have been trying for several hours to post a question on the ABAP forum... :o(You have been "bagged" by SAP Security's cross site scripting filter. No way around it (for obvious reasons). Somewhere in your post there is something that is interpreted as an xxs attack. Unfortunately, happens a lot when trying to post code or code terms. Some people have managed to work around this using some of the same tricks used by people wanting to post forbidden words and phrases like
myemal at sap dot com
j a v a s c r i p t
and the like. Try some experimenting and you might succeed. -
Is role base security supported by WLS 5.1?
To what extent is role based security supported by servlets under WLS 5.1?
Declarative role based security does not seem to be supported?
Are any of the following methods supported?
HttpServletRequest.isUserInRole()
HttpServletRequest.getUserPrincipal()
If so, where are the roles declared? Where is the role/principal mapping
done? Does getUserPrinicipal() return the principal using the WLS security
realm?
Thank you.
Marko.
Cool. Bonus mystery feature. I will call support.
Thanks Winston.
Marko.
Winston Koh <[email protected]> wrote in message
news:[email protected]...
> no, i am not referring to ACL. to my knowledge, the servlet security
> features docs do not make it into the WLS 5.1. I understand its a bit hard
> to use the features properly without proper documentation. contact support
> for more info
>
> thanx
>
> Winston
> Marko Milicevic <[email protected]> wrote in message
> news:[email protected]...
> > The only servlet authorization mechanism I can see documented is ACL's.
> Is
> > this what you are referring to Winston? If so, I believe ACL are
> different
> > than declarative role based security. An ACL grants access to a servlet
> for
> > a set of principals (users and/or groups). But a role is not a
> prinicipal.
> > A role name is mapped to a set of principals.
> >
> > If you are referring to roles, can you give a URL to the documentation
> which
> > discusses this?
> >
> > Thanks Winston.
> >
> > Marko.
> > .
> >
> > Winston Koh <[email protected]> wrote in message
> > news:[email protected]...
> > > both declarative and programmtic based security roles are supported by
> WLS
> > > 5.1.
> > >
> > > if you don't specify any specific security realm in the
> > weblogic.properties
> > > file, a default WebLogic Security realm is assumed. you could specify
> the
> > > group and its associated users and passwords there in the properties
> file.
> > > in the web.xml file associated with each web app, you could speciify
the
> > > security constraints for each servlet
> > >
> > > I would imagine when accessing a secured servlet within a web app, a
> > client
> > > would supply her credentials thru some sort of authentication, and
based
> > on
> > > the credentials, we find out the role name from the
weblogic.properties
> > file
> > > which in turn mapped to the web.xml which specify the security role
that
> > > could access the particular servlet. if the role matches, access to
the
> > > servlet is granted
> > >
> > > refer to WL Docs for more specific details
> > >
> > > thanx
> > >
> > > Winston
> > > Marko Milicevic <[email protected]> wrote in message
> > > news:[email protected]...
> > > > To what extent is role based security supported by servlets under
WLS
> > 5.1?
> > > >
> > > > Declarative role based security does not seem to be supported?
> > > >
> > > > Are any of the following methods supported?
> > > >
> > > > HttpServletRequest.isUserInRole()
> > > > HttpServletRequest.getUserPrincipal()
> > > >
> > > > If so, where are the roles declared? Where is the role/principal
> > mapping
> > > > done? Does getUserPrinicipal() return the principal using the WLS
> > > security
> > > > realm?
> > > >
> > > > Thank you.
> > > >
> > > > Marko.
> > > > .
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
-
Data types supported in weblogic web service
I have used byte[] (base64) array to pass binary data using weblogic in a web service, since byte[] is a java datatype that is supported, is there a definite guideline available that byte [][] ( multi-dimensional array} is not supported in weblogic 8.1? (I have tried and failed with byte [][])
ThanksHi gchirrav ,
Multi-Dimentional array support not listed in supported Data Types in weblogic 8.1.
Go through the following link, you will find supported data types.
http://e-docs.bea.com/wls/docs81/webserv/implement.html#1054236
----Anilkumar kari -
Conf. a Win2K Security Realm on WebLogic
Hi! I'm having some problems configuring a security realm in WebLogic
server 6.0sp1.
I'd like that WebLogic use the Windows2000 security realm as the
default security (it can be used as the secondary security realm
if it's the only way).
We've been trying to make it work for the last two (business) days
with no hope of being successfull at all.
We are using the BEA documentation 'Managing Security' as reference,
and we have some doubts about what's in there.
First doubt: The documentation says that we need to create new
security realm of the type Windows NT. OK, we did it. But we are
not sure about how to fill the filed Primary Domain. The documentation
says to put the host and port of the computer where User and Groups
are defined for the NT domain. I'm using the same computer for
both (NT domain and Web Logic), so I put the host name (babalu).
Wich port should I put?
Second doubt: The documentation says to create a systerm user on
the NT domain using NT administrative tools, names it 'system'
and set some stuff for it. But windows 2000 already has a user
with that name (SYSTE, but capitalized) and the property that I
should set on it doesn't exist! By the way, on the system user
user that windows2000 has I wasn't able to set any property.
Last doubt (maybe should be the first one) : Does WebLogic 6.0sp1
support Security Realms from Windows 2000? Or I need to download
another plugin or somethign like that?
Thanks for Reading and (hope) Answering my qusetions!
Roberto Giordano BarraHi! Thanks for the answer. I'll try to run WebLogic as a service.
In fact, I tried it before but I wasn't able to. I started the
service by hand, but I wasn't able to access the server. So, I
click on the 'remove web logic as service'(something like that)
in the WebLogic program group. Ok, it was removed. But when I tried
to put it back I didn't find no funny button to help me! Could
you help me with that?
Another thing. If I use NT Realm as a Caching Realm I'll be
able to see the NT user and users groups with the Web Logic management
GUI ?
Thanks once again,
Roberto Giordano Barra
"arthur" <[email protected]> wrote:
>
Hi,
By saying win2k I am assuming you mean creating an NT
realm.
Do not bother specifying a port, just put the server name.
You have to ensure that you are running the weblogic server
as
a NT service if you want to use the NTrealm.
Make sure under Caching Realm you specify the NTrealm.
That should be it.
Hope this helps.
Regards,
-Arthur
"Roberto Giordano Barra" <[email protected]> wrote:
Hi! I'm having some problems configuring a security
realm in WebLogic
server 6.0sp1.
I'd like that WebLogic use the Windows2000 securityrealm
as the
default security (it can be used as the secondary security
realm
if it's the only way).
We've been trying to make it work for the last two (business)
days
with no hope of being successfull at all.
We are using the BEA documentation 'Managing Security'
as reference,
and we have some doubts about what's in there.
First doubt: The documentation says that we need to create
new
security realm of the type Windows NT. OK, we did it.
But we are
not sure about how to fill the filed Primary Domain.The
documentation
says to put the host and port of the computer where User
and Groups
are defined for the NT domain. I'm using the same computer
for
both (NT domain and Web Logic), so I put the host name
(babalu).
Wich port should I put?
Second doubt: The documentation says to create a systerm
user on
the NT domain using NT administrative tools, names it
'system'
and set some stuff for it. But windows 2000 already has
a user
with that name (SYSTE, but capitalized) and the property
that I
should set on it doesn't exist! By the way, on the system
user
user that windows2000 has I wasn't able to set any property.
Last doubt (maybe should be the first one) : Does WebLogic
6.0sp1
support Security Realms from Windows 2000? Or I needto
download
another plugin or somethign like that?
Thanks for Reading and (hope) Answering my qusetions!
Roberto Giordano Barra -
_setProperty weblogic.wsee.transport.read.timeout in weblogic 8.1
I need to set the timeout in the client deployed in weblogic 8.1 when making a call to a webservice.
I have tried the following code:
((ManagePrepaidCardRegistrationPort_Stub) managePrepaidCardRegistrationPort)._setProperty("weblogic.wsee.transport.read.timeout","10");
and get the following error:
java.lang.UnsupportedOperationException: unknow property:weblogic.wsee.transport.read.timeout
at weblogic.webservice.core.rpc.StubImpl._setProperty(StubImpl.java:146)
How do I do set the timeout property in the client deployed on weblogic 8.1 sp4 when making a call to a webservice?
I would appreciate any pointers?
Cheers
CharlieHi,
WLS 10.3 documentation
=======================
http://download.oracle.com/docs/cd/E13222_01/wls/docs103/webserv_ref/anttasks.html
<taskdef name="clientgen"
classname="weblogic.wsee.tools.anttasks.ClientGenTask" />
once you generate client stubs you can use below options
The below options are for timeout only for JAX-RPC Webservice clients generated from clientgen:
import javax.xml.rpc.Stub;
((Stub)port)._setProperty(weblogic.wsee.transport.connection.timeout,2);
((Stub)port)._setProperty(weblogic.wsee.transport.read.timeoutt,2);
how are you running your client what are jar files are there in the classpath when running the client
http://docs.oracle.com/cd/E13222_01/wls/docs103/webserv/client.html#standalone_invoke
Regards,
Sunil P
Maybe you are looking for
-
CrystalReportViewer and JPEReportSourceFactory errors
I am receiving the following errors when trying to compile my JSP page. CrystalReportViewer not found in class_report and JPEReportSourceFactory not found in class_report. I have copied all the required .jar files over to the web-inf\lib directory th
-
Difference between regular expressions and spry character masking?
Hi, This is my first time writing my own regular expressions. Often times though, they seem to work in various testing widgets, but then they do not perform as expected in Spry. I have no idea how to even begin to debug this. For example, this stri
-
i have a problem a forgot my password of my iPhone, so now is locked and dosen`t want to conect to iTunes and dosen`t work anything what can i do??
-
Will training in CS3 support me in using CS5?
Different divisions of my company are using different versions of CS software. I have an older version (CS3) and want to do some tutorials to learn it. My HQ uses the newer version. Will the knowledge form the old version be transferable to the ne
-
3-year warranty for UK Higher education for free
I found links associated with the free 3-year warranty for UK Higher education. _http://apple.procureweb.ac.uk/index.htm_ _http://store.apple.com/Catalog/ukinst/Images/salespolicies_individual.html the second link is the *Terms and Conditions for Hig