Troubleshooting SSL issues

Signature verification failed because RSA key public exponent [3] is too small RSA Keys with Public Exponent results in faulty signature verification on WLS. Having so low exponent is considered as security vulnerability; hence keys with low exponents are not supported by WLS. However if we need to bypass this

Continue reading »

Configuring OpenDS with Weblogic Server

Download Install and Configure OpenDS. I used the following LDIF as BASE while installing OpenDS. dn: dc=oracle,dc=com dc: oracle objectClass: domain objectClass: top dn: ou=TEST, dc=oracle,dc=com ou: TEST objectClass: organizationalUnit objectClass: top dn: cn=faisal,ou=TEST, dc=oracle,dc=com uid: faisal userPassword:: e1NTSEF9dnhBYUZKRzBONmwzWTdRMHBQRmdiczZrRHd5VUNwWCtCQTdlaHc9PQ == objectClass: person objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: top givenName: Faisal

Continue reading »

SSL Vulnerabilites

SSL Server allows Anonymous Authentication Vulnerability This basically means that the client will be able to connect to the Server without using any authentication algorithm. Some SSL Ciphers allow anonymous authentication. Choosing the right cipher suites as explained in an earlier post, and disabling null cipher from the admin console

Continue reading »

JMS Resources using JMX

import java.io.IOException; import java.net.MalformedURLException; import java.util.ArrayList; import java.util.HashMap; import java.util.Hashtable; import java.util.Iterator; import javax.management.MBeanServerConnection; import javax.management.MalformedObjectNameException; import javax.management.ObjectName; import javax.management.remote.JMXConnector; import javax.management.remote.JMXConnectorFactory; import javax.management.remote.JMXServiceURL; import javax.naming.Context; import javax.naming.InitialContext; import weblogic.j2ee.descriptor.wl.JMSBean; import weblogic.j2ee.descriptor.wl.JMSConnectionFactoryBean; import weblogic.j2ee.descriptor.wl.QueueBean; import weblogic.jms.extensions.JMSModuleHelper; import weblogic.management.configuration.JMSSystemResourceMBean; public class JMSResource { private static MBeanServerConnection connection; private static JMXConnector connector;

Continue reading »

Using Canned Policy with Weblogic Server.

SimpleWS.java package demo; import weblogic.jws.WLHttpTransport; import weblogic.jws.Policies; import weblogic.jws.Policy; import javax.jws.WebService; import javax.jws.WebMethod; import javax.jws.soap.SOAPBinding; @WebService(name=”SimpleWSPortType”, serviceName=”SimpleWSService”, targetNamespace=”http://www.oracle.com”) @SOAPBinding(style=SOAPBinding.Style.DOCUMENT, use=SOAPBinding.Use.LITERAL, parameterStyle=SOAPBinding.ParameterStyle.WRAPPED) @WLHttpTransport(contextPath=”SimpleWSService”, serviceUri=”SimpleWSService”, portName=”SimpleWSServicePort”) @Policy(uri=”policy:Sign.xml”) public class SimpleWS { @WebMethod() public String sayHello(String s) { return “Hello ” + s; } } Client.java package demo; import demo.*; import java.security.cert.X509Certificate; import

Continue reading »

Configure JCE Provider with Weblogic Server

Download any JCE Provider. These JCE providers provide additional cryptographic algorithms to secure the communication. Bouncy castle is one such freely available JCE provider. To configure it place the provider jar file in the java-home/jre/lib/ext/ folder and add the following line in java.security file in the jre\lib\security folder. security.provider.n=org.bouncycastle.jce.provider.BouncyCastleProvider Where

Continue reading »

Import and Export users from Embedded LDAP using WLST

Export connect(‘weblogic’,’weblogic’, ‘t3://localhost:8003′) domainRuntime() cd(‘/DomainServices/DomainRuntimeService/DomainConfiguration/DomainA/SecurityConfiguration/DomainA/DefaultRealm/myrealm/AuthenticationProviders/DefaultAuthenticator’) cmo.exportData(‘DefaultAtn’,’c:/export.ldif’, Properties()) Import connect(‘weblogic’,’weblogic’, ‘t3://localhost:8003′) domainRuntime() cd(‘/DomainServices/DomainRuntimeService/DomainConfiguration/DomainB/SecurityConfiguration/DomainB/DefaultRealm/myrealm/AuthenticationProviders/DefaultAuthenticator’) cmo.importData(‘DefaultAtn’,’c:/export.ldif’, Properties())

Continue reading »

Troubleshooting Kerberos Issues with Weblogic Server

Found NTLM token when expecting SPNEGO The browser is not set up correctly to send a spnego token, go back to the client configuration, and double check the browser configuration. IE needs to be configured with Integrated Windows Authentication should be turned on and the site listed in the Intranet

Continue reading »

Securing Webservices using BASIC Authentication on Weblogic Server.

To secure the Webservice to use Basic Authentication, we just need to use the @RolesAllowed annotation. No change needs to be done in the deployment descriptor. Here is a sample JWS. package demo; import javax.jws.*; import weblogic.jws.security.RolesAllowed; import weblogic.jws.security.SecurityRole; @RolesAllowed ( { @SecurityRole (role=”Adminstrators”,mapToPrincipals{“weblogic”}), } ) @WebService public class TestBasic

Continue reading »