How to prevent CSRF attack

Sometimes when one application tries to call another application running on another server you get an error window with the message potential CSRF attack. At the same time you will see the following error message in the log files. <BEA-000000> <A request has been denied as a potential CSRF attack.>

Continue reading »

How to decrypt WebLogic Datasource Password

You need to copy the datasource password present in the -jdbc.xml present under \config\jdbc to the password variable in the WLST Script.   Change the path variable to point to your domain from weblogic.security.internal import * from weblogic.security.internal.encryption import * password = "{AES}0+5YrFk+fD9BFIykr3H+wPsNmPRP/GIOUId7SPqBgNg=" path = "D:/Oracle/Middleware/user_projects/domains/pega7_domain/security" encryptionService = SerializedSystemIni.getEncryptionService(path) cService

Continue reading »

Two way SSL Webservice on Weblogic Server

This article provides sample Webservice and Webservice Client for two way SSL. It also demonstrates the use of WLSSSLAdapter class to send certificates to the server. 1. Create a JWS with the following policy  : Wssp1.2-2007-Https-ClientCertReq.xml   package examples.webservices.security_jws; import weblogic.jws.WLHttpTransport; import weblogic.jws.Policies; import weblogic.jws.Policy; import javax.jws.WebService; import javax.jws.WebMethod; import javax.jws.soap.SOAPBinding; @WebService(name="SecureHelloWorldPortType",

Continue reading »

Recommended Best Practices for Securing WebLogic Server.

Disable SSL V2, Weak Ciphers, and Null Encryptions You can use the following jvm options to disable Weak Ciphers. -Dweblogic.security.SSL.allowUnencryptedNullCipher=false -Dweblogic.security.disableNullCipher=true Steps to disable SSL V2 follows later. Use Secure Cookies to Prevent Session Stealing Please refer to this article : link Configure WebLogic Server to use a Specific Cipher

Continue reading »

Database authentication on JBoss EAP 5.0

Step 1 Create tables in the database and insert user, group and role information   CREATE TABLE USERS ( U_NAME VARCHAR(200) NOT NULL, U_PASSWORD VARCHAR(50) NOT NULL, U_DESCRIPTION VARCHAR(1000)) ; CREATE TABLE GROUPS ( G_NAME VARCHAR(200) NOT NULL, G_DESCRIPTION VARCHAR(1000) NULL) ; CREATE TABLE ROLES ( U_NAME VARCHAR(200) NOT NULL,

Continue reading »