Faisal Archive

When we try to start the managed server from nodemanager, we get the following error.

<BEA-090064> <The DeployableAuthorizer “myrealm_weblogic.security.providers.xacml.authorization.XACMLAuthorizationProviderImpl” returned an error: weblogic.security.spi.ResourceCreationException: [Security:090310]Failed to create resource.>

This errror comes because the managed server ldap server (slave) is not in sync with the Admin Server ldap server ( master).

To overcome this issue we can use two very important configurations.

Refresh Replica at Startup and Master First.

Master First ensures managed server always connect to the ldap server of the admin server.

Refresh Replica at startup ensures that whenever managed server is restarted, it takes the latest ldap data from the admin server.

Sometimes when one application tries to call another application running on another server you get an error window with the message potential CSRF attack. At the same time you will see the following error message in the log files.

<BEA-000000> <A request has been denied as a potential CSRF attack.>

This issues arises due to the fact that WLS is not able to set the jsession id in the request made to the other server.

To address this issue we need to add the following in weblogic.xml

<session-descriptor>
<cookie-http-only>false</cookie-http-only>
</session-descriptor>

If the issue still persists, we need to add the following in the web.xml

<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>

Create Connector

Create Keystores

keytool -genkey -alias mykey -keyalg RSA -keysize 1024 -dname “CN=myserver.beasys.com, OU=Customer Support, O=BEA Systems Inc, L=Denver, ST=Colorado, C=US” -keypass password -keystore identity.jks -storepass password

keytool -selfcert -v -alias mykey -keypass password -keystore identity.jks -storepass password -storetype jks

keytool -export -v -alias mykey -file rootCA.der -keystore identity.jks -storepass password

keytool -import -v -trustcacerts -alias mykey -file rootCA.der -keystore trust.jks -storepass password

Configure Keystore using CLI

[standalone@localhost:9999 /] /subsystem=web/connector=https/ssl=configuration:a
dd(certificate-key-file=C:/LABS/identity.jks,password=password,key-alias=mykey)
{“outcome” => “success”}

1. Compile your code and package it in a jar file. In this example I have written a simple program that has a function that just takes a string as input and prints hello infront of the string.

package wonders;


public class MyTestClass
{

static {
System.out.println("MyTestClass class Loaded From sf1.jar");
}

public String sayHello(String name)
{
System.out.println("sf1.jar sayHello() called"); ;
return name;
}


}

2. Deploy the jar file on the server as a library.

3. Refer the shared library in the weblogic-application.xml present under EAR\META-INF folder.

<?xml version="1.0" encoding="ISO-8859-1"?>


<weblogic-application xmlns="http://xmlns.oracle.com/weblogic/weblogic-application” 
xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance 
xsi:schemaLocation=”http://xmlns.oracle.com/weblogic/weblogic-application 
http://xmlns.oracle.com/weblogic/weblogic-application/1.0/weblogic-application.xsd">

   <application-param>
      <param-name>webapp.encoding.default</param-name>
      <param-value>UTF-8</param-value>
   </application-param>
   <library-ref> 
   <library-name>sf1</library-name> 
   </library-ref>

</weblogic-application>

4. Access the library from your application. In my example I am calling the function from a jsp.

 <html> 
 
 <body> Hi this is hello from sl1.jar<BR> 
 
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1" import="wonders.*" %>
 
 
 <% wonders.MyTestClass mtc=new wonders.MyTestClass(); 
 System.out.println("Hello to "+ mtc.sayHello("Wonders")); %> 
 

 </body> 
 
 </html>