Issue : There are findings related to security at PORT 22 after Vulnerability Assessment and Penetration Testing (VAPT). The below are the vulnerabilities : 1. SSH Weak Algorithms Supported. 2. SSH Server CBC Mode Ciphers Enabled. 3. SSH Weak MAC
Continue readingCategory: Security
this category contains posts related to Security
How to decrypt WebLogic Datasource Password
You need to copy the datasource password present in the -jdbc.xml present under configjdbc to the password variable in the WLST Script. Change the path variable to point to your domain from weblogic.security.internal import * from weblogic.security.internal.encryption import *
Continue readingWeblogic SAML Attribute Mapper Example
It is useful to send custom attributes or tokens in the attribute having identity information of the authenticated user.This identity information can be further used by the detination site to access services on behalf of the user. To implement
Continue readingHow to check for SSL POODLE / SSLv3 bug on WebLogic? How to fix
Details of the SSL POODLE bug can be found here We can address it in the following way. 1) Disable SSL 3.0 support in the client. 2) Disable SSL 3.0 support in the server. We can start WebLogic server with
Continue readingTwo way SSL Webservice on Weblogic Server
This article provides sample Webservice and Webservice Client for two way SSL. It also demonstrates the use of WLSSSLAdapter class to send certificates to the server. 1. Create a JWS with the following policy : Wssp1.2-2007-Https-ClientCertReq.xml package examples.webservices.security_jws; import weblogic.jws.WLHttpTransport; import
Continue readingTesting secure webservice on Weblogic using SOAP UI
Create the certificates for the client using keytool and store it at a location. You can refer our articles on SSL to get more details on how to create keystores. Once the client keystore is created you need to do
Continue readingDatabase authentication on JBoss EAP 5.0
Step 1 Create tables in the database and insert user, group and role information CREATE TABLE USERS ( U_NAME VARCHAR(200) NOT NULL, U_PASSWORD VARCHAR(50) NOT NULL, U_DESCRIPTION VARCHAR(1000)) ; CREATE TABLE GROUPS ( G_NAME VARCHAR(200) NOT NULL, G_DESCRIPTION VARCHAR(1000)
Continue readingSimple Sample Custom Database Authenticator for Oracle Weblogic Server 11g
To create a custom database authenticator for oracle weblogic server, you will have to implement the AuthenticationProviderV2, create an MBean definition file and create a class that implements LoginModule. I am providing the sample code below and also the steps
Continue readingMutual Authentication with Weblogic Server
Mutual authentication is a process in which the Server sends its certificate to the client ( thin client / fat client) and the client validates the certificates, then the server requests for a certificate from the client and validates it.
Continue readingConfiguring SSL on Weblogic Server using WLST Script
Create a certs folder in your C Drive and copy the setWLSEnv.cmd from your WL_HOMEbin to this location. Run the script from the command line to set the environment. C:certs>setWLSEnv.cmd Generate Key Pair C:certs>keytool -genkey -alias mykey -keyalg RSA -keysize
Continue reading