SSL Context with Weblogic

Similar Messages

• Problems using 4096 bit SSL certificate with WebLogic Apache 2.2 plug-in

  Hi,
  'm using WebLogic 9.2 MP3 and Apache HTTP Server (version 2.2) Plug-In. For security reasons, I have SSL installed on both Apache and WebLogic. So Apache must communicate with WebLogic via https.
  I get the following error when attempting to access WebLogic via Apache:
  Internet Explorer cannot display the webpage
  These are the last lines in wlproxy log:
  Fri Feb 26 14:08:59 2010 <71212672221392> INFO: SSL is configured
  Fri Feb 26 14:08:59 2010 <71212672221392> SSL Main Context not set. Calling InitSSL
  Fri Feb 26 14:08:59 2010 <71212672221331> INFO: Initializing SSL library
  I've found that the problem is caused by using a 4096 bit intermediate cert. When I include this 4096 bit cert in the file referenced by plugin parameter "TrustedCAFile", it is unable to load it. I've tested 4096 bit certs from a few different certificate authorities, and consistently see this problem, so I know the problem is not related to the specific certificate. If I use a 2048 bit intermediate certificate, everything works perfectly fine.
  Do you know if there are limitations to the certificate length that the plug-in can use?

  Yes 4096 bit Certificates are not supported by the plugin.
  You can use up to 2048 bit.
  There is a Bug which clearly mentions it.
  I dont remember the Bug Number, but an Oracle Support person will be able to tell you.
  Hope this helps.
  Faisal Khan
  Edited by: Faisal Khan on Feb 27, 2010 2:08 PM

• Why not perform the ${attribute} syntax in the jsp context with weblogic?

  In the action an attribute has been put in request object, example request.setAttribute("userName","Xue Chen").
  in the forward jsp , use the syntax ${userName}, can not get the attribute "Xue Chen" from request, but the "${userName}" be printed in the page.
  The same code with Tomcat, it work well.
  It maybe the syntax ${userName} in jsp is not standard for all application server, only work in Tomcat, or it need special confiugre in weblogic, this syntax can work.
  Does anyone do me a favors?

  Hi,
  go to the context of your view,
  to the attribute of your date,
  and set the attribute input help mode to disabled
  grtz,
  Koen

• SSL proxying with WebLogic

  I am attempting to cluster two instances of WebLogic 5.1 using a third
            instance of WebLogic 5.1 as the proxy. Each instance resides on its own
            box. "The box" is NT today, Solaris in production.
            Can I have an SSL connection between the WebLogic Proxy and the Webloguc
            Cluster? Seems like I can, but I cannot verify this in the docs nor find an
            example of how to configure it.
            Can anyone show me how to do it?
            Bob Kiep
            Diamond Technology Partners
            

  Thanks for verifying the feature set. We are using Checkpoint as the
            firewall, so we can use their secure connection add-on to ensure the web-app
            server connection is secure - it takes encryption load off of the app sever
            and web server CPU's anyway....
            Bob
            "Robert Patrick" <[email protected]> wrote in message
            news:[email protected]..
            > Bob,
            >
            > This is not currently supported. If you need this today, you can use a
            third
            > party tool like SafePassage by C2.net or a hardware-based solution. This
            is
            > something that will be supported in future versions of the server.
            >
            > Hope this helps,
            > Robert
            >
            > Bob Kiep wrote:
            >
            > > I am attempting to cluster two instances of WebLogic 5.1 using a third
            > > instance of WebLogic 5.1 as the proxy. Each instance resides on its own
            > > box. "The box" is NT today, Solaris in production.
            > >
            > > Can I have an SSL connection between the WebLogic Proxy and the Webloguc
            > > Cluster? Seems like I can, but I cannot verify this in the docs nor
            find an
            > > example of how to configure it.
            > >
            > > Can anyone show me how to do it?
            > >
            > > Bob Kiep
            > > Diamond Technology Partners
            >
            

• How write rmi-iiop over ssl with weblogic server 6.1 - No server found

  //New
  Hello,
  I have written an appication like this:
  - An EJB server running on Weblogic server 6.1
  (named: BankServerHome)
  -A java client calling the BankServer.
  Platform: windows 2000 - jdk1.3
  Now I want to secure the communication with SSL protocol.
  I have done this:
  -generate a key peer with weblogic service named certificate.
  -send the CSR to a CA and place the answer into the weblogic
  server certificate directory.
  -update path for ServerCertificateChainFileName,
  ServerCertificateFileName, ServerKeyFileName into config.xml.
  -launch weblogicServer
       -> server certificate is recognized
       -> listening port 7001 and 7002.
  (-stop weblogicServer!)
  At now, all is all right, errors come hereafter:
  Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
  "To use RMI over IIOP over SSL with a Java client, do the following:
  2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
  connections. Be sure to specify the port on which WebLogic Server listens for
  SSL connections. For an example of a class that extends the
  java.rmi.server.RMISocketFactory class, see Listing 4-22.
  3. Run the ejbc compiler with the -d option.
  4. Add your extension of the java.rmi.server.RMISocketFactory class to the
  CLASSPATH of the Java client.
  5. Use the following command options when starting the Java client:
  -xbootclasspath/a:%CLASSPATH%
  -Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
  -Dssl.certs=directory location of digital certificate for Java client
  -Dssl.key=directory location of private key for Java client"
  At step 3. I found into documentation that -d is linked to a directory name.
  When I run ejbc with this option -d I have the message:
  "ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
  % So what option can I use to run ejbc for secure usage?
  At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
  this pointed class is not instanciated.
  Then I can not create a socket with my client.
  The folowing exception is raised:
  javax.naming.CommunicationException [Root exception is java.net.ConnectException:
  No server found at T3S://localhost:7002]
  So, my questions are:
  % Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
  the server?
  My java client part, managing connection is:
  -------------------BEGIN OF CONNECTION MANAGER-------------------
  Properties env = new Properties ();
  // Shouldn't have to do this, but for now you must
  if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
  env.put ("java.naming.provider.url", "t3s://localhost:7002");
  InitialContext context = new InitialContext (env);
  BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
  BankServer = bssh.create();
  -------------------END OF CONNECTION MANAGER-------------------
  I have also try
  env.put ("java.naming.provider.url", "corbaloc:iiop://localhost:7002");
  but it throws the following error
  javax.naming.InvalidNameException: url does not conatin !!!
  % What is the code for the java client allowing connection with the ejb?
  % And better, can I have a sample example for rmi-iiop over ssl?
  (...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
  speak ssl!)
  Any help will be appreciate from you...
  Best Regards.
  Oliver

  "oliver" <[email protected]> writes:
  The SSL support is poorly doc'd right now. We have fixed this and
  updated the way you do things in SP2. Please either wait for SP2 or
  contact support.
  andy
  I have written an appication like this:
  - An EJB server running on Weblogic server 6.1
  (named: BankServerHome)
  -A java client calling the BankServer.
  Platform: windows 2000 - jdk1.3
  Now I want to secure the communication with SSL protocol.
  I have done this:
  -generate a key peer with weblogic service named certificate.
  -send the CSR to a CA and place the answer into the weblogic
  server certificate directory.
  -update path for ServerCertificateChainFileName,
  ServerCertificateFileName, ServerKeyFileName into config.xml.
  -launch weblogicServer
       -> server certificate is recognized
       -> listening port 7001 and 7002.
  (-stop weblogicServer!)
  At now, all is all right, errors come hereafter:
  Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
  "To use RMI over IIOP over SSL with a Java client, do the following:
  2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
  connections. Be sure to specify the port on which WebLogic Server listens for
  SSL connections. For an example of a class that extends the
  java.rmi.server.RMISocketFactory class, see Listing 4-22.
  3. Run the ejbc compiler with the -d option.
  4. Add your extension of the java.rmi.server.RMISocketFactory class to the
  CLASSPATH of the Java client.
  5. Use the following command options when starting the Java client:
  -xbootclasspath/a:%CLASSPATH%
  -Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
  -Dssl.certs=directory location of digital certificate for Java client
  -Dssl.key=directory location of private key for Java client"
  At step 3. I found into documentation that -d is linked to a directory name.
  When I run ejbc with this option -d I have the message:
  "ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
  % So what option can I use to run ejbc for secure usage?
  At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
  this pointed class is not instanciated.
  Then I can not create a socket with my client.
  The folowing exception is raised:
  javax.naming.CommunicationException [Root exception is java.net.ConnectException:
  No server found at T3S://localhost:7002]
  So, my questions are:
  % Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
  the server?
  My java client part, managing connection is:
  -------------------BEGIN OF CONNECTION MANAGER-------------------
  Properties env = new Properties ();
  // Shouldn't have to do this, but for now you must
  if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
  env.put ("java.naming.provider.url", "t3s://localhost:7002");
  InitialContext context = new InitialContext (env);
  BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
  BankServer = bssh.create();
  -------------------END OF CONNECTION MANAGER-------------------
  I have also try
  env.put ("java.naming.provider.url", "corbaloc:iiop://localhost:7002");
  but it throws the following error
  javax.naming.InvalidNameException: url does not conatin !!!
  % What is the code for the java client allowing connection with the ejb?
  % And better, can I have a sample example for rmi-iiop over ssl?
  (...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
  speak ssl!)
  Any help will be appreciate from you...
  Best Regards.
  Oliver

• How write rmi-iiop over ssl with weblogic server 6.1?

  Hello,
  I have written an appication like this:
  - An EJB server running on Weblogic server 6.1
  (named: BankServerHome)
  -A java client calling the BankServer.
  Platform: windows 2000 - jdk1.4
  Now I want to secure the communication with SSL protocol.
  I have done this:
  -generate a key peer with weblogic service named certificate.
  -send the CSR to a CA and place the answer into the weblogic
  server certificate directory.
  -update path for ServerCertificateChainFileName,
  ServerCertificateFileName, ServerKeyFileName into config.xml.
  -launch weblogicServer
       -> server certificate is recognized
       -> listening port 7001 and 7002.
  (-stop weblogicServer!)
  At now, all is all right, errors come hereafter:
  Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
  "To use RMI over IIOP over SSL with a Java client, do the following:
  2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
  connections. Be sure to specify the port on which WebLogic Server listens for
  SSL connections. For an example of a class that extends the
  java.rmi.server.RMISocketFactory class, see Listing 4-22.
  3. Run the ejbc compiler with the -d option.
  4. Add your extension of the java.rmi.server.RMISocketFactory class to the
  CLASSPATH of the Java client.
  5. Use the following command options when starting the Java client:
  -xbootclasspath/a:%CLASSPATH%
  -Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
  -Dssl.certs=directory location of digital certificate for Java client
  -Dssl.key=directory location of private key for Java client"
  At step 3. I found into documentation that -d is linked to a directory name.
  When I run ejbc with this option -d I have the message:
  "ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
  % So what option can I use to run ejbc for secure usage?
  At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
  this pointed class is not instanciated.
  Then I can not create a socket with my client.
  The folowing exception is raised:
  javax.naming.CommunicationException [Root exception is java.net.ConnectException:
  No server found at T3S://localhost:7002]
  So, my questions are:
  % Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
  the server?
  My java client part, managing connection is:
  -------------------BEGIN OF CONNECTION MANAGER-------------------
  Properties env = new Properties ();
  // Shouldn't have to do this, but for now you must
  if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
  env.put ("java.naming.provider.url", "t3s://localhost:7002");
  } else {
  env.put ("java.naming.provider.url", "rmi://localhost:7002");
  InitialContext context = new InitialContext (env);
  BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
  BankServer = bssh.create();
  -------------------END OF CONNECTION MANAGER-------------------
  % What is the code for the java client allowing connection with the ejb?
  % And better, can I have a sample example for rmi-iiop over ssl?
  (...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
  speak ssl!)
  Any help will be appreciate from you...
  Best Regards.
  Oliver

  "oliver" <[email protected]> writes:
  First off 1.4 isn't supported as yet. That is probably part of the problem.
  You also must use a corba URL from the client in order for this to work for instance:
  If you are using WLInitialContextFactory:
  corbaloc:iiop:localhost:7001/NameService
  If you are using CNCtxFactory:
  iiop://localhost:7001
  Using rmi: is the wrong thing to do - that will use jrmp or t3.
  However, I suggest that you raise a call with support since there is
  some other trickiness with getting SSL working. We hope to have this
  much improved in SP2.
  andy
  Hello,
  I have written an appication like this:
  - An EJB server running on Weblogic server 6.1
  (named: BankServerHome)
  -A java client calling the BankServer.
  Platform: windows 2000 - jdk1.4
  Now I want to secure the communication with SSL protocol.
  I have done this:
  -generate a key peer with weblogic service named certificate.
  -send the CSR to a CA and place the answer into the weblogic
  server certificate directory.
  -update path for ServerCertificateChainFileName,
  ServerCertificateFileName, ServerKeyFileName into config.xml.
  -launch weblogicServer
       -> server certificate is recognized
       -> listening port 7001 and 7002.
  (-stop weblogicServer!)
  At now, all is all right, errors come hereafter:
  Then I follow the guideline "Programming weblogic Security" (version of 30/07/2001).
  "To use RMI over IIOP over SSL with a Java client, do the following:
  2. Extend the java.rmi.server.RMISocketFactory class to handle SSL socket
  connections. Be sure to specify the port on which WebLogic Server listens for
  SSL connections. For an example of a class that extends the
  java.rmi.server.RMISocketFactory class, see Listing 4-22.
  3. Run the ejbc compiler with the -d option.
  4. Add your extension of the java.rmi.server.RMISocketFactory class to the
  CLASSPATH of the Java client.
  5. Use the following command options when starting the Java client:
  -xbootclasspath/a:%CLASSPATH%
  -Dorg.omg.CORBA.ORBSocketFactoryClass=implementation of java.rmi.server.RMISocketFactory
  -Dssl.certs=directory location of digital certificate for Java client
  -Dssl.key=directory location of private key for Java client"
  At step 3. I found into documentation that -d is linked to a directory name.
  When I run ejbc with this option -d I have the message:
  "ERROR: You must specify an output directory or jar with the -d option to weblogic.ejbc."
  % So what option can I use to run ejbc for secure usage?
  At step 5. Whatever I write for -Dorg.omg.CORBA.ORBSocketFactoryClass,
  this pointed class is not instanciated.
  Then I can not create a socket with my client.
  The folowing exception is raised:
  javax.naming.CommunicationException [Root exception is java.net.ConnectException:
  No server found at T3S://localhost:7002]
  So, my questions are:
  % Why -Dorg.omg.CORBA.ORBSocketFactoryClass must be known by the client and not
  the server?
  My java client part, managing connection is:
  -------------------BEGIN OF CONNECTION MANAGER-------------------
  Properties env = new Properties ();
  // Shouldn't have to do this, but for now you must
  if ( factory.equals ("weblogic.jndi.WLInitialContextFactory") ) {
  env.put ("java.naming.provider.url", "t3s://localhost:7002");
  } else {
  env.put ("java.naming.provider.url", "rmi://localhost:7002");
  InitialContext context = new InitialContext (env);
  BankSessionServerHome bssh = (BankServerHome) context.lookup("BankServerHome");
  BankServer = bssh.create();
  -------------------END OF CONNECTION MANAGER-------------------
  % What is the code for the java client allowing connection with the ejb?
  % And better, can I have a sample example for rmi-iiop over ssl?
  (...wlserver6.1\samples\examples\iiop\ejb\stateless\rmiclient\client.java do not
  speak ssl!)
  Any help will be appreciate from you...
  Best Regards.
  Oliver

• WLS :: Will Vista web client work with Weblogic Server 8.1.6 over SSL?

  Hello,
  I have installed 51-2 bit SSL cert on weblogic 7 and found that the secure site doesn't work on Vista web client.
  Weblogic gives error in handshaking and says algorithm is not supported.
  Vista web client uses some algorithms which were not supported by weblogic 7.
  So would like to know if would Vista web client work with Weblogic Server 8.1.6 over SSL?
  Any information in this regard would be helpful.
  Thanks in Advance.

  can you use the following debug flags in the weblogic server as java_options and paste the complete ssl handshake exception here.
  -Dweblogic.StdoutDebugEnabled=true
  -Dssl.debug=true
  thanks,
  sandeep

• SSL - Default SSL context init failed: null - need help with code

  Hi!
  Once Again I have problems with SSL.
  I read something about SSL here:
  http://www.javaalmanac.com/egs/javax.net.ssl/Server.html
  Now I tried to test this stuff, that resulted in this program (I simply tried to put the SSL stuff from the above code in a small skeleton):
  import java.io.*;
  import java.net.*;
  import java.security.*;
  import javax.net.ssl.*;
  import javax.net.*;
  public class MyServer
       public static void main(String arguments[])
       try
            int port = 443;
            ServerSocketFactory ssocketFactory = SSLServerSocketFactory.getDefault();
            ServerSocket ssocket = ssocketFactory.createServerSocket(port);
            // Listen for connections
            Socket socket = ssocket.accept();
            System.out.println("Connected successfully");
            // Create streams to securely send and receive data to the client
            InputStream in = socket.getInputStream();
            OutputStream out = socket.getOutputStream();
            // Read from in and write to out...
            // Close the socket
            in.close();
            out.close();
       catch(IOException e)
            System.out.println("GetMessage() = "+e.getMessage());
            e.printStackTrace();
  }     Now I compiled this stuff with : 'javac MyServer.java' - there were no errors. After this I run the program
  with the following command (also taken from java almanac):
  'java -Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=123456 MyServer'
  But if I run it, it reports:
  "GetMessage() = Default SSL context init failed: null
  java.net.SocketException: Default SSL context init failed: null
  at javax.net.ssl.DefaultSSLServerSocketFactory.createServerSocket(Dasho
  6275)
  at MyServer.main(MyServer.java:15)"
  createServerSocket() seems to be the wrong line, but what is wrong with it.
  Is there any mistake in my code ?
  Btw. I created my keystore etc. according to the instructions at
  http://forum.java.sun.com/thread.jsp?forum=2&thread=528092&tstart=0&trange=15
  Any help appreciated
  Greets
  dancing_coder

  I got this error last week.
  The problem was that the keystore I was pointing to, was in other location, so it could not initialize the default context.
  I had defined ...
  String CLIENT_CERTIFPATH = getParam("client.certificate.path", "/users/pridas/myKeystoreFile");
  // getParam extracts the location of the keystore from a text file which contains some configuration parameters. The default value will be /users/pridas/myKeystoreFile
  In my case, I will try to develop a secure SOAP conexion using certificates.
  Before to try the conexion, I defined ...
  System.setProperty("javax.net.ssl.trustStore", CLIENT_CERTIFPATH);
  System.setProperty("javax.net.ssl.keyStore", CLIENT_CERTIFPATH);
  ... and the problem when I got this error ... the keystore file was not in the correct location.
  That was how I resolved this error.
  I hope everybody will be oriented about this kind of errors.
  Salu2.

• Problem in running j2ee programs with SSL: SSL context init failed : cannot

  Hi,
  I am just trying to run some servlet program that creates some SSL socket to communicate with a server. I have configured my java.security file but when i run my rpogram i get this error
  SSL context init failed : cannot recover key.i am using SunJSSE provider
  Plz help me and i am confused as in how to enable jsse in my sun java system app server platform edition.
  Waiting for ur replies!
  Thanks,
  Akshatha

  I got this error last week.
  The problem was that the keystore I was pointing to, was in other location, so it could not initialize the default context.
  I had defined ...
  String CLIENT_CERTIFPATH = getParam("client.certificate.path", "/users/pridas/myKeystoreFile");
  // getParam extracts the location of the keystore from a text file which contains some configuration parameters. The default value will be /users/pridas/myKeystoreFile
  In my case, I will try to develop a secure SOAP conexion using certificates.
  Before to try the conexion, I defined ...
  System.setProperty("javax.net.ssl.trustStore", CLIENT_CERTIFPATH);
  System.setProperty("javax.net.ssl.keyStore", CLIENT_CERTIFPATH);
  ... and the problem when I got this error ... the keystore file was not in the correct location.
  That was how I resolved this error.
  I hope everybody will be oriented about this kind of errors.
  Salu2.

• Anyone able to run SOAP over SSL with Weblogic 5.1 and without purchasing third party tools???  If so, how???

  Anyone able to run SOAP over SSL with Weblogic 5.1??? If so, how??? And
  without purchasing third party tools??? Thanks.
  -Freddie

  Anyone able to run SOAP over SSL with Weblogic 5.1??? If so, how??? And
  without purchasing third party tools??? Thanks.
  -Freddie

• Alteon Systems ISD-SSL 310 and Weblogic 5.10

  Does anyone know of any problems using an external SSL device such as
  the iSD-SSL 310? I know BEA has stated problems with SSL add-on cards
  but what about external SSL devices such as this one? With this type
  of device the SSL traffic is between the browser and the iSD-SSL
  device. Traffic between the device and the weblogic server is
  standard http only.

  Maybe this is a trusted CA failure?
  Double check that the CA's specified in
  D:\weblogic\myserver\fw1-ap28-cert.pem really match
  the CA used to issue the cert chain that the WLS server is configured with.
  Tony
  "the_snookums" <[email protected]> wrote in message
  news:[email protected]..
  I am trying to setup up an iis server to handle some traffic from our
  weblogic server
  Currently, I have a win2000 advanced server running weblogic with ssl
  functioning.
  I also have an NT4.0 server with IIS running. I need to install the
  weblogic plugin witch I thought I had done correctly.
  I copied over my iisproxy.ini, created my virtual directory to the
  weblogic server gave correct permissions and everything else the
  documentation suggests.
  When I attempt to access the weblogic page from the iis server i get
  an error message No backend server available for connection: timed out
  after 10 seconds.
  My iisproxy.ini looks something like this
  WebLogicHost=111.11.1.111
  WebLogicPort=443
  SecureProxy=ON
  WLProxySSL=ON
  Debug=ALL
  DebugConfigInfo=ON
  TrustedCAFile=D:\weblogic\myserver\fw1-ap28-cert.pem
  In the wlproxy.log I get several error messages including
  INFO: sysSend 52
  INFO: SSL certificate chain validation failed: 3015
  trusted certs = 1
  dumping cert chain
  commonName is 111.11.1.111
  ERROR: SSLWrite failed
  SEND failed (ret=-1) at 558 of file ../nsapi/URL.cpp
  Marking 111.11.1.111:443 as bad
  Exception occurred for backend host 111.11.1.111/443' while sending
  request : 'WRITE_ERROR [os error=0,  line 559 of ../nsapi/URL.cpp]:
  'Wed Jul 09 14:39:33 2003 got exception in sendRequest phase:
  WRITE_ERROR [os error=0,  line 559 of ../nsapi/URL.cpp]: at line 710
  Wed Jul 09 14:39:33 2003 INFO: Closing SSL context
  Any tips suggestion or help would be apprecaited. I was suposed to
  have this working last week.

• SSL VPN with client, anyconnect.

  I've set up a simple test on SSL VPN with client on a 3800.
  It didnt work. I assume i have to turn on the IP http server so that the client can hit it.
  but when I turned it on, the client goes to SDM, nothing with ssl vpn happened. it tells me the pay is not available.
  The underlying routing is fine.
  Could you tell me where it is configured wrong?
  Config is copied below.
  thanks,
  Han
  =======
  Current configuration : 3340 bytes
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Router
  boot-start-marker
  boot-end-marker
  enable password cisco
  aaa new-model
  aaa authentication login default local
  aaa session-id common
  no network-clock-participate slot 1
  crypto pki trustpoint TP-self-signed-3551041125
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-3551041125
  revocation-check none
  rsakeypair TP-self-signed-3551041125
  crypto pki certificate chain TP-self-signed-3551041125
  certificate self-signed 01
  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33353531 30343131 3235301E 170D3131 31313135 31383238
  30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35353130
  34313132 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100CFCF CFFAD76A 50DA82C9 8D4E3F90 64AD24EB 5409C5E2 43BC64F3 07F6C0E0
  29FF2D71 0DA0D897 2F814BD2 7F817503 429D4BC6 6AD6EEA4 DFA74BAD 0EAF84D5
  6ED55EC0 6C637178 BEEBCD1D 184BB90C CA84E974 48003885 87B53F2E 36A04661
  23DA2CBB DD8EEE1D 2F25AF9A E21DC288 BF76A17C C1F4BA07 95F09377 A12BE01A
  53750203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
  551D1104 1B301982 17526F75 7465722E 776E7362 6E6F632E 696E7465 726E616C
  301F0603 551D2304 18301680 14BE9E8F ED788928 560D7CA1 EED89B0D DE34D772
  5D301D06 03551D0E 04160414 BE9E8FED 78892856 0D7CA1EE D89B0DDE 34D7725D
  300D0609 2A864886 F70D0101 04050003 818100BC 4A2A3C47 7BF809AF 78EE0FD9
  73692913 F280765E BAFAECAB ED32C38D 3030810B C62C7F45 13C8A6EE AE96A891
  CDD4C78B 803299AD EB098B27 383CEF6F 0E2B811F 3ECFADBA 07CD0AC6 BBB8C5FE
  B2FC0FD8 562B7100 BB28036E 4575D1F5 B17687C6 8EACBD66 A9E52FEE A030E69A
  CAAE9F1B 618FA59D 02C25BC8 77D6CAC2 C7E56F
  quit
  dot11 syslog
  ip cef
  multilink bundle-name authenticated
  voice-card 0
  no dspfarm
  username cisco1 privilege 15 secret 5 $1$L2RA$Zqs6FLce5Ns5fny5aRL49/
  archive
  log config
  hidekeys
  interface GigabitEthernet0/0
  ip address dhcp
  duplex auto
  speed auto
  media-type rj45
  end
  interface Loopback1
  ip address 1.1.1.1 255.255.255.0
  interface GigabitEthernet0/0
  ip address dhcp
  duplex auto
  speed auto
  media-type rj45
  ip local pool svc-poll 1.1.1.50 1.1.1.100
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 192.168.1.254
  ip http server
  no ip http secure-server
  control-plane
  line con 0
  logging synchronous
  line aux 0
  line vty 0 4
  scheduler allocate 20000 1000
  webvpn gateway SSLVPN
  ip interface GigabitEthernet0/0 port 443
  ssl trustpoint local
  inservice
  webvpn install svc flash:/webvpn/svc.pkg
  webvpn context SSLVPN
  ssl authenticate verify all
  policy group default
     functions svc-required
     svc default-domain "test.org"
     svc keep-client-installed
     svc split dns "primary"
  default-group-policy default
  gateway SSLVPN
  inservice
  end

  Using the SDM follow the below config example
  http://www.cisco.com/en/US/products/ps6496/products_configuration_example09186a008071c58b.shtml
  The text "cisco 3800 ssl vpn configuration" in my favorite search engine, identified the above.
  HTH>

• Has anyone used JAAS with WebLogic?

  Has anyone used JAAS with Weblogic? I was looking at their example, and I have a bunch of questions about it. Here goes:
  Basically the problem is this: the plug-in LoginModule model of JAAS used in WebLogic (with EJB Servers) seems to allow clients to falsely authenticate.
  Let me give you a little background on what brought me to this. You can find the WebLogic JAAS example (to which I refer below) in the pdf: http://e-docs.bea.com/wls/docs61/pdf/security.pdf . (I believe you want pages 64-74) WebLogic, I believe goes about this all wrong. They allow the client to use their own LoginModules, as well as CallBackHandlers. This is dangerous, as it allows them to get a reference (in the module) to the LoginContext's Subject and authenticate themselves (i.e. associate a Principal with the subject). As we know from JAAS, the way AccessController checks permissions is by looking at the Principal in the Subject and seeing if that Principal is granted the permission in the "policy" file (or by checking with the Policy class). What it does NOT do, is see if that Subject
  has the right to hold that Principal. Rather, it assumes the Subject is authenticated.
  So a user who is allowed to use their own Module (as WebLogic's example shows) could do something like:
  //THEIR LOGIN MODULE (SOME CODE CUT-OUT FOR BREVITY)
  public class BasicModule implements LoginModule
  private NameCallback strName;
  private PasswordCallback strPass;
  private CallbackHandler myCB;
  private Subject subj;
           //INITIALIZE THIS MODULE
             public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
                    try
                         //SET SUBJECT
                           subj = subject;  //NOTE: THIS GIVES YOU REFERENCE
  TO LOGIN CONTEXT'S SUBJECT
                                                   // AND ALLOWS YOU TO PASS
  IT BACK TO THE LOGIN CONTEXT
                         //SET CALLBACKHANDLERS
                           strName = new NameCallback("Your Name: ");
                           strPass = new PasswordCallback("Password:", false);
                           Callback[] cb = { strName, strPass };
                         //HANDLE THE CALLBACKS
                           callbackHandler.handle(cb);
                    } catch (Exception e) { System.out.println(e); }
       //LOG THE USER IN
         public boolean login() throws LoginException
            //TEST TO SEE IF SUBJECT HOLDS ANYTHING YET
            System.out.println( "PRIOR TO AUTHENTICATION, SUBJECT HOLDS: " +
  subj.getPrincipals().size() + " Principals");
            //SUBJECT AUTHENTICATED - BECAUSE SUBJECT NOW HOLDS THE PRINCIPAL
             MyPrincipal m = new MyPrincipal("Admin");
             subj.getPrincipals().add(m);
             return true;
           public boolean commit() throws LoginException
                 return true;
      }(Sorry for all that code)
  I tested the above code, and it fully associates the Subject (and its principal) with the LoginContext. So my question is, where in the process (and code) can we put the LoginContext and Modules so that a client cannot
  do this? With the above example, there is no Security. (a call to: myLoginContext.getSubject().doAs(...) will work)
  I think the key here is to understand JAAS's plug-in security model to mean:
  (Below are my words)
  The point of JAAS is to allow an application to use different ways of authenticating without changing the application's code, but NOT to allow the user to authenticate however they want.
  In WebLogic's example, they unfortunately seem to have used the latter understanding, i.e. "allow the user to authenticate however they want."
  That, as I think I've shown, is not security. So how do we solve this? We need to put JAAS on the server side (with no direct JAAS client-side), and that includes the LoginModules as well as LoginContext. So for an EJB Server this means that the same internal permission
  checking code can be used regardless of whether a client connects through
  RMI/RMI-IIOP/JEREMIE (etc). It does NOT mean that the client gets to choose
  how they authenticate (except by choosing YOUR set ways).
  Before we even deal with a serialized subject, we need to see how JAAS can
  even be used on the back-end of an RMI (RMI-IIOP/JEREMIE) application.
  I think what needs to be done, is the client needs to have the stubs for our
  LoginModule, LoginContext, CallBackHandler, CallBacks. Then they can put
  their info into those, and everything is handled server-side. So they may
  not even need to send a Subject across anyways (but they may want to as
  well).
  Please let me know if anyone sees this problem too, or if I am just completely
  off track with this one. I think figuring out how to do JAAS as though
  everything were local, and then putting RMI (or whatever) on top is the
  first thing to tackle.

  Send this to:
  newsgroups.bea.com / security-group.

• Error while deploying application with WebLogic server

  Hi,
  I use Jdeveloper 11g and created and ADF application which i want to deploy with WebLogic Server.But i have an error which is :
  "There was a failure when processing annotations for application C:\...\xxx.war. Please make sure that the annotations are valid. The error is oracle.adf.library.webapp.ResourceServlet "
  Plz help me.
  Thx

  I am receiving same message for simple servlet. Running JDev11g build 5166 and embedded WLS 10.3. Servlet used to deploy to embedded WLS and ran fine. Recently running newly created servlets produces error message as in this thread.
  Investigation turned up the fact that the class file for the servlet was not deployed to the context-root (o.j2ee\drs) on the server. Copying the class file from the mywork project folder to the context-root folder (o.j2ee\drs) permitted the servlet to run.
  Don't know if this is the cause of what you are experiencing but it may assist in your investigation! I have not figured out why the class file for servlets does not deploy to server despite the fact that the log file shows war and ear files were deployed. As it turns out, the war file does not have the class file in it so something is wrong before the war file is created.
  Cheers!

• JnlpDownloadServlet with Weblogic 6.1 - Null Pointer Exception

  Hi,
  I am using Web Start with Weblogic 6.1 and I keep getting the exception
  java.lang.NullPointerException
  at java.io.File.<init>(File.java:181)
  at com.sun.javaws.servlet.DownloadRequest.<init>(DownloadRequest.java:62)
  at com.sun.javaws.servlet.JnlpDownloadServlet.handleRequest(JnlpDownloadServlet.java:94)
  at com.sun.javaws.servlet.JnlpDownloadServlet.doGet(JnlpDownloadServlet.java:86)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:263)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:200)
  at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:2390)
  at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:1959)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
  Web start itself does not even startup !
  If I don't use the JnlpDownloadServlet I can get a simple example to work.
  The jnlp file I am using is
  <?xml version="1.0" encoding="utf-8"?>
  <!-- JNLP File for SwingSet2 Demo Application -->
  <jnlp
  spec="1.0+"
  codebase="$$codebase" href="$$name">
  <information>
  <title>Test Application</title>
  <vendor>BD</vendor>
  <description>Demo Application</description>
  <offline-allowed/>
  </information>
  <!-- security>
  <all-permissions/>
  </security-->
  <resources>
  <j2se version="1.3"/>
  <jar href="testWebStart.jar" main="true" download="eager" />
  </resources>
  <application-desc main-class="testMClient" />
  </jnlp>
  The web.xml file is;
  <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
  <web-app>
  <welcome-file-list>
  <welcome-file>
  index.html
  </welcome-file>
  </welcome-file-list>
  <!-- Used to do mime mapping but it is not needed
  since we are now using the JNLP sdervlet ! -->
  <servlet>
  <servlet-name>JnlpDownloadServlet</servlet-name>
  <servlet-class>com.sun.javaws.servlet.JnlpDownloadServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>JnlpDownloadServlet</servlet-name>
  <url-pattern>*.jar</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>JnlpDownloadServlet</servlet-name>
  <url-pattern>*.jnlp</url-pattern>
  </servlet-mapping>
  </web-app>
  Any help would be greatly appreciated,
  Thanks,
  Brian

  I have exactly the same problem running JBoss 3-Tomcat-4.0.1. After some investigation it seems that the problem is because of dependency on creating File objects using getRealPath()
  The problem manifests itself on several places but for instance:
  DownloadRequest Constructor:
  if(_context != null && !_path.endsWith("/")) {
  String s1 = context.getRealPath(path);
  File file = new File(s1);
  if(file != null && file.exists() && file.isDirectory())
  _path += "/";
  s1 is null so a nullpointer is thrown. Instead do something like:
  if (_context != null && !_path.endsWith("/")) {
  String s1 = context.getRealPath(path);
  if (s1 != null) {
  File file = new File(s1);
  if (file.exists() && file.isDirectory())
  _path += "/";
  But it is harder to fix on other places such as
  ResourceCatalog.scanDirectory(String path)
  File file = new File(_servletContext.getRealPath(s));
  This will faile since getRealPath returns null resulting in a nullpointer exception which will make it impossible to download versioned jars.
  The documentation for ServletContext says that getRealPath will return null if the application is packaged in a war file but this is strange since it worked fine for me for running JBoss-2.4.0_Tomcat-3.2.3. Maybe this is new behaviour for the 2.3 servlet spec ( i assume WL 6.1 is also 2.3 compliant)?