Faisal Archive

Unable to start managed server from nodemanager

When we try to start the managed server from nodemanager, we get the following error.

<BEA-090064> <The DeployableAuthorizer “myrealm_weblogic.security.providers.xacml.authorization.XACMLAuthorizationProviderImpl” returned an error: weblogic.security.spi.ResourceCreationException: [Security:090310]Failed to create resource.>

This errror comes because the managed server ldap server (slave) is not in sync with the Admin Server ldap server ( master).

To overcome this issue we can use two very important configurations.

 

Refresh Replica at Startup and Master First.

 

master first

 

Master First ensures managed server always connect to the ldap server of the admin server.

Refresh Replica at startup ensures that whenever managed server is restarted, it takes the latest ldap data from the admin server.

 

 

How to prevent CSRF attack

Sometimes when one application tries to call another application running on another server you get an error window with the message potential CSRF attack. At the same time you will see the following error message in the log files.

<BEA-000000> <A request has been denied as a potential CSRF attack.>

This issues arises due to the fact that WLS is not able to set the jsession id in the request made to the other server.

To address this issue we need to add the following in weblogic.xml

<session-descriptor>
<cookie-http-only>false</cookie-http-only>
</session-descriptor>

 

If the issue still persists, we need to add the following in the web.xml

<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>

 

 

 

Using JConsole to view JMX MBeans of Weblogic Server

1. Set the environment using setWLSEnv.cmd

2. Start JMX Console using the below arguments and connect to the local/remote process.

jconsole -J-Djmx.remote.protocol.provider.pkgs=weblogic.management.remote -J-Dcom.sun.tools.jconsole.mbeans.keyPropertyList=Location,type,Type,j2eeType,name,Name -debug

connect

 

3. Go to the Mbeans tab and view the Mbeans

 

Mbeans