WLS 8.1 cookies
I'm attempting to document our site's use of cookies and am therefore interested in any of the cookies that WLS generates for me. The JSESSIONID cookie is the only one that has been documented, but I am also noticing (in Mozilla) that an individual "cookies" cookie is written for each unique path that I visit on our site. Can someone @ BEA comment on this, and whether or not I can modify/disable this behavior?
Thanks in advance,
Chad Stansbury
Wow, I am absolutely astounded at BEA's rapid response to what appears to be an amazingly simple question. Thanks, BEA, for your award-winning support, I'll be sure to remember it when it comes time to evaluate new technology needs for our company.
Similar Messages
-
HttpSession Not working Help!!!!!!!!!!
Hi
I have in my login Servlet as
HttpSession session = request.getSession(true);
when i redirect to another servlet and getting the session object
as
HttpSession session = request.getSession(false);
but i am getting session as null; can anybudy tell me where i
am going wrong.
thanks
by
siva.
Hi Mike
It is not working do i need to configure and xml file. My brouser
is cooki enabled.
"Mike Reiche" <[email protected]> wrote:
>
>WL gets the httpsession based on a cookie in the request.
>But - if you hit WLS with no cookie, then a session is
>created and a cookie is written in the response - but
>there
>is still no cookie in the original request.
>
>if you redirect with response.sendRedirect(...) it should
>work as you want it to. If you do a 'dispatch' then it
>will not find the session.
>
>Mike
>
>
>"siva" <[email protected]> wrote:
>>
>>Hi
>> I have in my login Servlet as
>> HttpSession session = request.getSession(true);
>>
>>when i redirect to another servlet and getting the session
>>object
>>as
>> HttpSession session = request.getSession(false);
>>
>> but i am getting session as null; can anybudy tell
>me
>>where i
>>am going wrong.
>>thanks
>>by
>>siva.
>>
>
-
How to integrate a SSO based in cookie with ADF Security
At work they asked me to integrate a existing SSO based in cookie with the new ADF + Jdeveloper 11g + WLS. After google for days and read a lot of blogs and official documentation I've made a custom LoginModule. I made it very simple, it's just an "if" inside the login() function with the username, if the username is "john" I put to the Subject some Principals. My steps are:
1- Create a new app based on "Fusion application" template.
2- Make a new ADF Taskflow with only one view inside (the entry point of the taskflow). The jspx only contains a welcome message.
3- Run the ADF Security wizard, all the steps with the default option, I don't change anything.
4- Put some users and some roles in jazn-data.xml, and maping them to an application role. Then I grant permissions to the application role to view the previous task flow.
At this point everything is ok. I run the taskflow and a basic login popup prompts me to write my username and password. Now I try to remove everything useless for me, like idstore, credentials, anonymous, etc. I only want a LoginModule that get the HttpRequest and passes it to an already done class that returns a true/false depending if the cookie is correct or not but, as I said before, my LoginModule is so simple now and even didn't try to do something more complicated than an if. The steps I try are:
in jps-config.xml
5- Remove idstore.xml and credentials.
6- (loginmodule tab) Make a new login module, and put here my class. The class is in the ViewController project and JDeveloper find it navigating through the heriarchy, so I have visibility. I put REQUIRE flag, add all roles and debug mode.
7- In the security context unmark the idstore.loginmodule and mark myLoginModule. Also delete the anonymous security context.
All that I got until now is a 500 error (Internal server error - Authorization Exception). Sometimes (the close i've ever been to do something correct) the browser ask me for user/password but then only recognizes the users that already are in WLS (idstore from previous tests), but NOT the "john" user that is inside my custom LoginModule. Even more, if I run the WLS from JDeveloper 11g in debug mode, the runtime never stops at breakpoints inside my custom login module. It seems that my LoginModule isn't deployed or I made some error maping the roles.
So, my questions are:
- I'm in the good way? If I want an authentication based in cookie/httprequest I have to do a custom LoginModule? My goal is to do a re-usable code, and re-use the code that my co-workers have done. They have a class that with only the HttpRequest determines if a user is logged or not.
- If I'm in the good way... how can I put my custom LoginModule in the WLS? I tried to search something in the Administration Panel (localhost:7101/console) but I did'nt find nothing.
- In case I'd got the custom LoginModule working fine in WLS... how can I get a HttpRequest from a LoginModule and avoid the username/password dialog? I've to make a filter and pass it to the my LoginModule? If it's correct... how?
I don't post my code because is so simple, it's based on DBTableLoginModule but without all the database access code.
Thanks to all!
P.D.: If this message isn't in the correct forum, I'm sorry. Feel free to move it.
P.D.2: Sorry about my english, I'm spanish. I know i've to practise a lot :)Hi Frank,
Thanks a lot for your answer. Just one more easy question: what I need to do is a custom Authentication Module (which will read the cookie)? If only you can point me to the correct chapter of the WLS documentation I'll be very pleased.
In future releases of JDeveloper will be easier to do this kind of things related to security?
Riveck -
I want to disable the use of cookies in WLS 4.5, and set the following
weblogic.httpd.session.cookies.enable=false
In WLS 4.5 sp7, this correctly prevents the server from using cookies
for session-tracking, forcing the extraction of the session id from a
rewritten URL.
However, for WLS 4.5 sp11 cookies are still sent from the server
Is this a known issue ?
joI want to disable the use of cookies in WLS 4.5, and set the following
weblogic.httpd.session.cookies.enable=false
In WLS 4.5 sp7, this correctly prevents the server from using cookies
for session-tracking, forcing the extraction of the session id from a
rewritten URL.
However, for WLS 4.5 sp11 cookies are still sent from the server
Is this a known issue ?
jo -
WAR cookie example not working. Please help!
Hi,
The cookie example worked fine if I put everything unpackaged under the
public_html/cookie directory. However, when I jarred this directory as
cookie.war and registered it with WLS, I got this exception when trying
to access CookieCounter servlet.
javax.servlet.ServletException: Servlet class: servlets.CookieCounter
could not
be loaded - the requested class wasn't found in the classpath
Also, I was able to get to the hello.html page (my welcome-file) when I
put in this request
http://127.0.0.1:7001/cookie
That means the server was able to extract the cookie.war file and parse
web.xml correctly.
The structure of my cookie.war file is exactly the same as the cookie
directory's.
This is what my cookie.war file looks like
error.jsp
WEB-INF/classes/servlets/CookieCounter.class
WEB-INF/classes/CookieCounter.class
WEB-INF/CookieCounter.java
WEB-INF/web.xml
images/cookie.jpg
hello.html
This is the entry in weblogic.properties
weblogic.httpd.webApp.cookie=c:/weblogic/myserver/public_html/cookie.war
my web.xml is
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application
1.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<!--
<context-param>
<param-name>weblogic.servlet.reloadCheckSecs</param-name>
<param-value>0</param-value>
</context-param>
-->
<servlet>
<servlet-name>CookieCounter</servlet-name>
<servlet-class>servlets.CookieCounter</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>CookieCounter</servlet-name>
<url-pattern>monster</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>hello.html</welcome-file>
</welcome-file-list>
<error-page>
<error-code>404</error-code>
<location>/error.jsp</location>
</error-page>
</web-app>
The problem seems to be that weblogic was able to find
CookieCounter.class under the unpackaged cookie directory but not inside
cookie.war
Please help.
Thanks a lot.
By the way, if you have a war file that works, please send it to me at
[email protected]
I would greatly appreciate it.
Try resetting it:
Press and hold the On/Off Sleep/Wake button and the Home
button at the same time for at least ten seconds, until the Apple logo appears.
Next try restoring via itunes. -
J_security_check and cookies
Hi all. Im on a WLCS 3.5 with WLS 6.0 and am using Form based authentication against
the RDBMS realm of the commerce server. The login page has a j_username and a
j_password. If i want to add a check box for the user to approve to store a cookie
on his machine, I cant get this new parameter out when it is passed to the j_security_check.
After the user is authenticated, i dont have his password for storing it in a
cookie. It seems that after j_security-check authenticates, the request object
notes any parameters. How do i store cookies then ? If i do , does the password
needs to be encrypted in the cookie ? How do i know if the user has been already
authenticated . Is there a boolean isAuthenticated() method ? Sorry, if this question
belongs to interest.security. Since it belongs to WLCS_USER of the WLSC RDBMS
Realm, i posted here.
Any help is greatly appreciated. Thanks MallikBTW Servlet 2.3 specs says this:
~
J2EE.12.5.3.1 Login Form Notes
Form based login and URL based session tracking can be problematic to implement.
Form based login should be used only when sessions are being maintained by
cookies or by SSL session information.
~
This is very vague statement as it does not say form based login cannot use url rewriting. This is what the same specs say about sessions:
~
SRV.7.1.3 URL Rewriting
URL rewriting is the lowest common denominator of session tracking. When a
client will not accept a cookie, URL rewriting may be used by the server as the basis
for session tracking. URL rewriting involves adding data, a session id, to the URL
path that is interpreted by the container to associate the request with a session.
The session id must be encoded as a path parameter in the URL string. The
name of the parameter must be jsessionid. Here is an example of a URL
containing encoded path information:
http://www.myserver.com/catalog/index.html;jsessionid=1234
SRV.7.1.4 Session Integrity
Web containers must be able to support the HTTP session while servicing HTTP
requests from clients that do not support the use of cookies. To fulfil this
requirement, web containers commonly support the URL rewriting mechanism.
~ -
JBO-30019: An unavailable cookie state is detected while attempting to use
Dear All,
We are using WLS-10.3.2 and one of the application module is deployed in "psMS6" managed server which is in seperate machine and started remotely. This configuration is in Production environment. We are getting Stuck threads in psMS6 managed server. Please check below posted Stuck thread and also application log :
I could not post the thread dump due to size issues here. So I am posting Stuck thread occured in managed server :
WatchTime: Feb 2, 2012 12:16:57 PM IST
WatchDomainName: psdomain
WatchServerName: psMS6
WatchSeverityLevel: Warning
WatchName: MS6-Watch
WatchRuleType: Log
WatchRule: ((SERVER = 'psMS6') AND (MSGID = 'BEA-000337') AND (MESSAGE LIKE '%has been busy for "%'))
WatchData: DATE = Feb 2, 2012 12:16:57 PM IST SERVER = psMS6 MESSAGE = [STUCK] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' has been busy for "617" seconds working on the request "weblogic.servlet.internal.ServletRequestImpl@692b1b77[
POST /psln/faces/PS00638C?_adf.ctrl-state=1ca03cnhjy_4 HTTP/1.1
Accept: */*
Accept-Language: en-us
Referer: http://ps.sfl.in/psln/faces/PS00638C?_adf.ctrl-state=1ca03cnhjy_4&_afrLoop=26131407371000
adf-rich-message: true
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
adf-ads-page-id: 12
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Content-Length: 730
Cache-Control: no-cache
Cookie: Start Time=1328164308703; JSESSIONID=N3y5PqTLLgV2ycC1pGfhfGnhHMx9wJpvvbtLyM0p8llzHmNBKHTT!104234508
Connection: Keep-Alive
Proxy-Client-IP: 132.147.160.136
X-Forwarded-For: 132.147.160.136
X-WebLogic-KeepAliveSecs: 30
X-WebLogic-Force-JVMID: 104234508
]", which is more than the configured time (StuckThreadMaxTime) of "600" seconds. Stack trace:
Thread-80 "[STUCK] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'" <alive, in native, suspended, waiting, priority=1, DAEMON> {
-- Waiting for notification on: oracle.jbo.common.Lock@557fe6af[fat lock]
java.lang.Object.wait(Object.java:???)
oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:442)
oracle.jbo.http.HttpSessionCookieImpl.useApplicationModule(HttpSessionCookieImpl.java:229)
oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:431)
oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:426)
oracle.adf.model.bc4j.DCJboDataControl.initializeApplicationModule(DCJboDataControl.java:477)
oracle.adf.model.bc4j.DCJboDataControl.getApplicationModule(DCJboDataControl.java:856)
oracle.adf.model.binding.DCBindingContainer.findDataControl(DCBindingContainer.java:1532)
oracle.adf.model.binding.DCIteratorBinding.initDataControl(DCIteratorBinding.java:2427)
oracle.adf.model.binding.DCIteratorBinding.getDataControl(DCIteratorBinding.java:2360)
*oracle.adf.model.binding.DCBindingContainer.getDataControl(DCBindingContainer.java:4741)*
*^-- Holding lock: oracle.jbo.uicli.binding.JUIteratorBinding@56341917[thin lock]*
*oracle.adf.model.binding.DCBindingContainer.reportException(DCBindingContainer.java:449)*
*oracle.adf.model.binding.DCIteratorBinding.getDataControl(DCIteratorBinding.java:2360)* oracle.adf.model.binding.DCBindingContainer.getDataControl(DCBindingContainer.java:4741)
in.sis.ps.util.adf.ADFUtils.getApplicationModuleForDataControl(ADFUtils.java:85)
in.sis.ps.view.backing.lending.receipts.PS00638C.<init>(PS00638C.java:137)
sun.reflect.GeneratedConstructorAccessor303.newInstance(Unknown Source)
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
java.lang.reflect.Constructor.newInstance(Constructor.java:501)
java.lang.Class.newInstance0(Class.java:318)
java.lang.Class.newInstance(Class.java:305)
oracle.adfinternal.controller.beans.ManagedBeanFactory.newInstance(ManagedBeanFactory.java:112)
oracle.adfinternal.controller.beans.ManagedBeanFactory.instantiateBean(ManagedBeanFactory.java:855)
oracle.adfinternal.controller.application.ManagedBeanELResolver.getValue(ManagedBeanELResolver.java:48)
javax.el.CompositeELResolver.getValue(CompositeELResolver.java:137)
com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:67)
com.sun.el.parser.AstIdentifier.getValue(AstIdentifier.java:60)
com.sun.el.parser.AstValue.getTarget(AstValue.java:63)
com.sun.el.parser.AstValue.setValue(AstValue.java:133)
com.sun.el.ValueExpressionImpl.setValue(ValueExpressionImpl.java:253)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:587)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:587)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:587)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:587)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:587)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:587)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:587)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:587)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:587)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:587)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:587)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:587)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:587)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:587)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:587)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:587)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeBindings(LifecycleImpl.java:587)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._restoreView(LifecycleImpl.java:511)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:244)
oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:157)
javax.faces.webapp.FacesServlet.service(FacesServlet.java:246)
weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:224)
weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:108)
weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:198)
weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:55)
oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:134)
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:55)
oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:69)
org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:411)
oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:44)
org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:411)
org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:210)
org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:126)
org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:91)
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:55)
oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:94)
oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:299)
oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:405)
oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:82)
oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:69)
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:55)
oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:147)
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:55)
oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:111)
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:55)
weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:25)
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:55)
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3564)
weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:308)
weblogic.security.service.SecurityManager.runAs(SecurityManager.java:117)
weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2138)
weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2060)
weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1399)
weblogic.work.ExecuteThread.execute(ExecuteThread.java:198)
weblogic.work.ExecuteThread.run(ExecuteThread.java:165)
SUBSYSTEM = WebLogicServer USERID = <WLS Kernel> SEVERITY = Error THREAD = [ACTIVE] ExecuteThread: '13' for queue: 'weblogic.kernel.Default (self-tuning)' MSGID = BEA-000337 MACHINE = chnlxnet06 TXID = CONTEXTID = TIMESTAMP = 1328165217613
WatchAlarmType: AutomaticReset
WatchAlarmResetPeriod: 60000
SMTPNotificationName: MS6-Health-Notification
*Application log shows error message shown below :*
01-Feb-2012 13:40:02 | ERROR |
Exception occured in in.sis.ps.view.frameworkext.PSCustomErrorHandler.reportException
User Message : Global Exception
User Name : 005418
Company Code : C0001
Component Code : PS00003
Component Name : Module Home
Component Mode :
Environment : SFLIVE
WebContext : /psln
Machine ID : chnlxapc01.sf.ad
Machine Name : 132.147.160.130
**Exception : class oracle.jbo.common.ampool.ApplicationPoolException**
** Message : JBO-30019: An unavailable cookie state is detected while attempting to use a cookie from application S46CPyyVkYm2xsNyD3vvhLvpxwbJm57p72yYnGs5Y1WlgpLPV5H2!1627979915!1328081077585, session rn8f139bv_2_LendingCustomSysDataControl.* Cause : null*
* Line No : 4324*
* **Stack Trace : oracle.jbo.common.ampool.ApplicationPoolException: JBO-30019: An unavailable cookie state is detected while attempting to use a cookie from application S46CPyyVkYm2xsNyD3vvhLvpxwbJm57p72yYnGs5Y1WlgpLPV5H2!1627979915!1328081077585, session rn8f139bv_2_LendingCustomSysDataControl.* at oracle.jbo.common.ampool.ApplicationPoolImpl.validateSessionCookieAvailable(ApplicationPoolImpl.java:4324)*** *at oracle.jbo.common.ampool.ApplicationPoolImpl.findAvailableInstance(ApplicationPoolImpl.java:939)* at *oracle.jbo.common.ampool.ApplicationPoolImpl.doCheckout(ApplicationPoolImpl.java:2164)**
** at oracle.jbo.common.ampool.ApplicationPoolImpl.useApplicationModule(ApplicationPoolImpl.java:3088)**
** at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:460)**
** at oracle.jbo.http.HttpSessionCookieImpl.useApplicationModule(HttpSessionCookieImpl.java:234)* at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:431)* at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:426)
at oracle.adf.model.bc4j.DCJboDataControl.initializeApplicationModule(DCJboDataControl.java:513)
at oracle.adf.model.bc4j.DCJboDataControl.getApplicationModule(DCJboDataControl.java:856)
at oracle.adf.model.binding.DCBindingContainer.findDataControl(DCBindingContainer.java:1566)
at oracle.adf.model.binding.DCIteratorBinding.initDataControl(DCIteratorBinding.java:2434)
at oracle.adf.model.binding.DCIteratorBinding.getDataControl(DCIteratorBinding.java:2379)
at oracle.adf.model.binding.DCBindingContainer.getDataControl(DCBindingContainer.java:4753)
at in.sis.ps.util.adf.ADFUtils.getApplicationModuleForDataControl(ADFUtils.java:92)
at in.sis.ps.util.adf.DBUtils.getDBTransaction(DBUtils.java:568)
at in.sis.ps.view.frameworkext.PSPagePhaseListener.onPageLoad(PSPagePhaseListener.java:62)
at in.sis.ps.view.frameworkext.PSPagePhaseListener.beforePhase(PSPagePhaseListener.java:46)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchBeforeEvent(LifecycleImpl.java:93)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:187)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.access$400(ADFPhaseListener.java:21)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.startPageLifecycle(ADFPhaseListener.java:231)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$1.after(ADFPhaseListener.java:267)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:71)
at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:53)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:364)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:177)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:97)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:94)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:138)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:70)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:326)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3592)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Edited by: yrk16 on Feb 2, 2012 10:23 PM
Edited by: yrk16 on Feb 2, 2012 10:25 PM
Edited by: yrk16 on Feb 2, 2012 10:27 PMAny inputs please
-
Apache in front of WLS in a cluster
hi all,
I have some doubts about apache and wls in a cluster. We have 2 Apache server
(installed on 2 different hosts) in front
of a clustered WLS 6.1. Now my doubt is: who will take care of authentication,
Apache or WLS?
In other words as the 2 instances of Apache don't know about each other (they
are chosen with DNS-round robin), will the
authentication be done twice? or it's possible to handle authentication on the
application
server rather ? if so, where the Cookie that identifies the session will be kept?
Tanks a lot
Francesco
It all depends on what you mean by authentication and how you configure each
node.
If you mean authentication re:SSL, then apache.
If you have ACL's defined in Apache, then Apache will, but this is http
basic auth, no cookies.
If you have security defined in WLS or are using session's in WLS, then
cookies will be set and passed from WLS all the way back to the client and
then when a new request is made the cookie will be passed from the client to
apache and back to wls.
Cheers
mbg
"Francesco" <[email protected]> wrote in message
news:[email protected]..
>
> hi all,
> I have some doubts about apache and wls in a cluster. We have 2 Apache
server
>
> (installed on 2 different hosts) in front
> of a clustered WLS 6.1. Now my doubt is: who will take care of
authentication,
> Apache or WLS?
> In other words as the 2 instances of Apache don't know about each other
(they
> are chosen with DNS-round robin), will the
> authentication be done twice? or it's possible to handle authentication on
the
> application
> server rather ? if so, where the Cookie that identifies the session will
be kept?
>
> Tanks a lot
> Francesco
-
Load Balancing and WLS primary server offset
I've got a load balancer in front of my WLS cluster, and I'm trying to
set up load balancing based on WLS clustering. What I need to know to
do this is the offset within the cookie that's responsible for
determining which machine within the cluster to direct to.
Any idea how I can get this information?
thanks,
cfraser
Chris Fraser wrote:
> The proxy/plug-in solution sounds pretty cool, but I've got a high speed
> Alteon Load Balancer already set up. I would prefer to use that as the load
> balancer to the WL cluster rather than pay to bring another WLS online to do
> pretty much what the load balancer, that I already own, can do. I know that
> going this route means that we're probably not going to be able to do things
> like failover to the secondary when the primary dies, but we will be able to
> load balance and also have the ability to dynamically add/delete servers
> from the list of available servers as they are brought up/down.
In Memory session replication doesn't work without our plugins. I will have to
do little bit of investigation to figure out if other persistence mechanism's
would work without our plugins if you are interested in them. I have to remind
you though that other types of persistence mechanism's we support are slower
compared to in memory session replication.
> Are there any plans to work with an Alteon or a Foundry to have their Load
> Balancers act as the front end to a WLS cluster?
Currently none. We are taking steps to make the plugin's and cluster more
robust, we currently don't have any plans to work with other 3rd party vendors.
> For us it would be ideal, because we wouldn't have to support another piece of
> software, we would just
> have to support the hardware based Alteon, which can handle thousands of
> transactions per second.
> I understand that the primary and secondary server information is available
> in the sessionID, I'm just not quite sure how to extract it.
This information is saved in the cookie. But I wouldn't count that, as we
have plans to change this. I cannot give your more details.
> Is there a particular offset within the session ID where it can always be
> found?
I don't quite get what you mean here.
Hope this helps.
- Prasad
> thanks for the help,
> cfraser
> ----------
> C h r i s t o p h e r A . F r a s e r
> Director, Technology
> macroplay.com, Inc.
> [email protected]
>
> Viresh Garg wrote:
>
> > You should be using
> > -- NES +NSAPI Plugin
> > -- IIS + ISAPI Plugin
> > -- WEblogic server acting as proxy
> > -- Apache +Apache Plugin ( only in Denali)
> >
> > front-ending your Weblogic cluster
> >
> > These proxies/plug-ins are smart to do a lot of things like:
> >
> > -- Load balancing in weblogic cluster
> > -- Adding/deleting servers dynamically in cluster when the servers
> > join/leave Weblogic cluster
> > -- failover to secondary when primary dies.
> >
> > As far as the information about primary and secondary is concerned it is
> > available in session ID.
> >
> > --Viresh Garg
> >
> > Chris Fraser wrote:
> >
> > > I've got a load balancer in front of my WLS cluster, and I'm trying to
> > > set up load balancing based on WLS clustering. What I need to know to
> > > do this is the offset within the cookie that's responsible for
> > > determining which machine within the cluster to direct to.
> > >
> > > Any idea how I can get this information?
> > >
> > > thanks,
> > > cfraser
-
WLS Proxy in Cluster with Firewall
We are currently setting up a system that has a DMZ with Netscape inside
the DMZ proxying a WLS cluster that is behind the DMZ. When a cookie
based session is started a cookie is returned successfully, but it looks
like the physical address versuses a firewalled(NATed) address is placed
in the cookie. This in turn causes a failure on accessing the WLS
server. The firewall rejects future requests due to the use of the
physical instead of the NATed address.
If you understand the above and can help I would appreciate it.
Don Davis
D3, Inc.
Just wanted to let you know that everything is working with the latest patches for
4.5.1 and 5.1.
Thanks for the help
Don Davis
Prasad Peddada wrote:
> You might have to wait for the service pack. In the mean time I can give you a one
> of patch for testing.
>
> - Prasad
>
> Don Davis wrote:
>
> > Thanks for the help Prasad,
> >
> > I have migrated to 5.1 and set the DNSName property.
> >
> > I will let you know if all goes well.
> >
> > Don Davis
> >
> > Prasad Peddada wrote:
> >
> > > The problem has been fixed.
> > >
> > > Prasad Peddada wrote:
> > >
> > > > I assume you are using 451. WLS proxy with firewall was not behaving right.
> > > > Either you can wait for the next service pack or contact
> > > > [email protected] for a one of patch.
> > > >
> > > > Remember to set weblogic.system.DNSName in the properties file for each
> > > > server.
> > > >
> > > > - Prasad
> > > >
> > > > Don Davis wrote:
> > > >
> > > > > We are currently setting up a system that has a DMZ with Netscape inside
> > > > > the DMZ proxying a WLS cluster that is behind the DMZ. When a cookie
> > > > > based session is started a cookie is returned successfully, but it looks
> > > > > like the physical address versuses a firewalled(NATed) address is placed
> > > > > in the cookie. This in turn causes a failure on accessing the WLS
> > > > > server. The firewall rejects future requests due to the use of the
> > > > > physical instead of the NATed address.
> > > > >
> > > > > If you understand the above and can help I would appreciate it.
> > > > >
> > > > > Don Davis
> > > > > D3, Inc.
-
Task-flow ADF security on Standalone WLS
Hi,
Jdev 11g
I have into the main adfc-config.xml 3 links one to a jspx and 2 links to 2 different bounded task flows.
I applied ADF security depends on Roles to the three links, one on the jspx itself (on the pagedef) and 2 to the Task-flow.
All is working perfectly on the embedded WLS.
When deploying the application to a standalone WLS and applying the security migration as explained (system-jazn-data.xml verified and security is migrated) I have only the jspx working and for the 2 task-flows I have an Authorization check failed exception.
I always think that it is a migration problem but seems not because the jspx is working depends on the right Role.
Any idea what can cause this and why the ADF security is working only on jspx page and not on the task-flow after deploying to a standalone WLS?
Thanks
Jamil
<May 27, 2009 12:22:20 PM AST> <Error> <HTTP> <BEA-101017> <[weblogic.servlet.in
ternal.WebAppServletContext@197171f - appName: 'TasdeeqEAR', name: 'TasdeeqApp',
context-path: '/TasdeeqApp', spec-version: '2.5', request: weblogic.servlet.int
ernal.ServletRequestImpl@31dbd4[
GET /TasdeeqApp/faces/home?_adf.ctrl-state=1028508221_19 HTTP/1.1
Accept: */*
Accept-Language: en-US,ar-SA;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC
1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.21022; .NET
CLR 3.5.30729; .NET CLR 3.0.30618; Tablet PC 2.0; FDM)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Cookie: JSESSIONID=9Z7tKdGCD0BSvt2GnDfLrkhZJ62rhMPpGLmXtGctDT2YGTQcl2VJ!-1394634
041
]] Root cause of ServletException.
oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization
check failed: '/WEB-INF/registrar-task-flow.xml#registrar-task-flow' 'VIEW'.
at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleF
ailure(AuthorizationEnforcer.java:145)
at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPe
rmission(AuthorizationEnforcer.java:80)
at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkRe
ad(AuthorizationEnforcer.java:314)
at oracle.adf.controller.internal.metadata.MetadataService.getTaskFlowDe
finition(MetadataService.java:204)
at oracle.adfinternal.controller.activity.TaskFlowCallActivityLogic.find
TaskFlowDefinition(TaskFlowCallActivityLogic.java:931)
Truncated. see log file for complete stacktrace
>Hi Frank,
I copied the <jazn-policy> section from the jazn-data.xml to system-jazn-data.xml and it is working
So as expected something wrong with the migration...I will check what
Thanks
Jamil -
Cookie problem in IE when login in on Admin Console
Hello,
I have been able to login on the Admin Console of WLS 7.0 with Internet
Explorer 6.0, but since yesterday, my IE always gives me the following
message:
"The Weblogic Server administration console requires that browsers support
session cookies. Please update the browser configuration and try again."
Has anyone ever encountered this too? What setting did you change in IE for
this to work again? I think I tried changing everything in the Security and
the Privacy tab, but still no go.
RingoI've solved the problem changing the machine name, because my previous name contained underscores.
-
WLS Cluster Servlet not "sticky" - continuous round robin (WLS 6.1 SP2)
We have WLS serving as a proxy (with HttpClusterServlet) to a cluster of WLS servers
running a WebApp with in memory HttpSession replication.
However, subsequent calls from a browser continue to round robin through the cluster
instead of returning to the same server.
We have enable cookies in the browser.
We have configured replication in the web.xml file.
Is this an issue with SP2 perhaps?
thanks in advance,
-Mark
We've noticed this as well, see my recent post. It definetly seems to be different
from WL5.1.
Sometimes we also see the same HTTPRequest going to BOTH servers in our cluster.
We were testing with only one browser window and one user, and occasionally both
clusters process the same request.
We are using IIS with the proxy plugin and Round Robin. We installed the WL6.1
verison of the plug in aswell.
It would be great if you could configure WL6.1 to be sticky where one user sticks
to one server until failover.
"Mark" <[email protected]> wrote:
>
>We have WLS serving as a proxy (with HttpClusterServlet) to a cluster
>of WLS servers
>running a WebApp with in memory HttpSession replication.
>
>However, subsequent calls from a browser continue to round robin through
>the cluster
>instead of returning to the same server.
>
>We have enable cookies in the browser.
>
>We have configured replication in the web.xml file.
>
>Is this an issue with SP2 perhaps?
>
>thanks in advance,
>-Mark
-
SSL between NSAPI and WLS with custom certificate and RequireSSLHostMatch=true fails
I am trying to use SSL for communication between NSAPI and WebLogic
server (server authentication at the NSAPI).
Therefore, a custom server certificate is installed on WLS, containing this
server's hostname. The NSAPI is configured (RequireSSLHostMatch=true) to
check the hostname contained in the certificate against the WebLogicHost
parameter in the "obj.conf" file. The corresponding TrustedCAFile is installed
for NSAPI.
The SSL setup seems to work ok, but when matching the hostname, it seems like
NSAPI is trying to do a string-match against the numeric IP of the WebLogicHost,
not on the hostname as configured in the WebLogicHost parameter.
The relevant entry in the "obj.conf" file:
<Object name="weblogic" ppath="*">
Service fn=wl-proxy WebLogicHost=btsun2a.muc \
WebLogicPort=7162 \
Debug=ALL \
SecureProxy=ON \
TrustedCAFile=/home/qx13604/wls61/config/testdomain/TC_RootServer_PEM_Class0.pem
RequireSSLHostMatch=true
</Object>
I am using WLS6.1 with NSAPI (both Solaris). The content of "wlproxy.log" is as
follows.
Any ideas?
Content of "wlproxy.log":
Thu Oct 11 12:30:22 2001 INFO: SSL is configured
Thu Oct 11 12:30:22 2001 INFO: Initializing SSL library
Thu Oct 11 12:30:22 2001 Loaded 1 trusted CA's
Thu Oct 11 12:30:22 2001 INFO: Successfully initialized SSL
Thu Oct 11 12:30:22 2001 INFO: SSL configured successfully
Thu Oct 11 12:30:22 2001 ....relFile.../index.jsp...
Thu Oct 11 12:30:22 2001 URI=[index.jsp]
Thu Oct 11 12:30:22 2001 Initializing lastIndex=0 for a list of length=1
Thu Oct 11 12:30:22 2001 attempt #0 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #1 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #2 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #3 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #4 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #5 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 request [index.jsp] processed ..................I tried some other case and configured a certificate containing
the numeric IP as hostname. The authentication works fine then,
but it wouldn't be nice to hard-code the IP in the certificate
(btw. the WebLogicHost parameter is still given as DNS name, not
as IP address).
Has anyone got a solution for this?
"Wolfgang Jodl" <[email protected]> wrote:
>
I am trying to use SSL for communication between NSAPI and WebLogic
server (server authentication at the NSAPI).
Therefore, a custom server certificate is installed on WLS, containing
this
server's hostname. The NSAPI is configured (RequireSSLHostMatch=true)
to
check the hostname contained in the certificate against the WebLogicHost
parameter in the "obj.conf" file. The corresponding TrustedCAFile is
installed
for NSAPI.
The SSL setup seems to work ok, but when matching the hostname, it seems
like
NSAPI is trying to do a string-match against the numeric IP of the WebLogicHost,
not on the hostname as configured in the WebLogicHost parameter.
The relevant entry in the "obj.conf" file:
<Object name="weblogic" ppath="*">
Service fn=wl-proxy WebLogicHost=btsun2a.muc \
WebLogicPort=7162 \
Debug=ALL \
SecureProxy=ON \
TrustedCAFile=/home/qx13604/wls61/config/testdomain/TC_RootServer_PEM_Class0.pem
RequireSSLHostMatch=true
</Object>
I am using WLS6.1 with NSAPI (both Solaris). The content of "wlproxy.log"
is as
follows.
Any ideas? -
Identity Asserter / Token always decoded / WLS 7.0
Hello,
i am implementing a perimeter authentication. A user/password is passed as a cookie.
Cookies are identified with SP1 now as token and passed to the identity asserter.
The problem is only, that the tokens are always base64 decoded by the web-container
out of my control, even if the cookie itsself is not base64 encoded.
Thanks.
FrankHi Frank
I just made some tests with WLS 7.0 SP1, an identity asserter and
HTTP-Unit-test as client.
With encoding the cookie it works. Without encoding it doesn't work.
Your're right the WLS security framework always base64-decodes the cookie
value.
The WLS framework presumes that the cookie value is encoded.
This is also written in the comment of the sample in
SamplePerimeterAtnClient.java:
// base 64 encode it. The webapp container (that is, internal WLS code)
will
// base 64 decode the token. The decoded string will be passed to the..
You MUST send a base64-encoded cookie value to a WLS 7.0!. or wait for a
patch.
Alain
"Frank Arendt" <Frank,.[email protected]> wrote in message
news:3dbee0b3$[email protected]..
>
Hello,
i am implementing a perimeter authentication. A user/password is passed asa cookie.
Cookies are identified with SP1 now as token and passed to the identityasserter.
The problem is only, that the tokens are always base64 decoded by theweb-container
out of my control, even if the cookie itsself is not base64 encoded.
Thanks.
Frank
Maybe you are looking for
-
Which firewire interface for Final Cut Pro on MacPro?
I currently own a Presonus Firepod, and it seems to work pretty well, but may sell this when I upgrade from a MacMini to a MacPro. I use my Mac for Logic Pro currently. I anticipate running Final Cut Pro in the near future, so I'm wondering about the
-
HT1338 I've "lost" my programs folder! How do I get it back?
I've "lost" my programs folder! How do I get it back? It was there at the bottom of the screen on the left hand side of the "dock" when I last closed down. The next time I turn on the computer it has "disappeared". Where did it go?
-
Search Help for standard field
I need to enhance the existing collective search help provided for a certain standard field(ex.Field XXX). However while providing this additional search help, I need to show XXX data along with YYY( this is maintained in some other table but linked
-
Where do i find lion up to date code
I bought my imac and tried to download lion through the up to date program but lost the code on the screen. how can i find it?
-
Revision: 13351 Revision: 13351 Author: [email protected] Date: 2010-01-07 16:19:20 -0800 (Thu, 07 Jan 2010) Log Message: Adding a new TimeUtil class and corresponding unit tests. Modified Paths: osmf/trunk/framework/MediaFrameworkFlexTest/