Issue while connecting to Database from JAVA program. Cannot create PoolableConnectionFactory (IO Error: Connection reset) This is sometimes an intermittent issue but it can be easily reproduced by reducing the randomness on the Server watch -n 1 cat /proc/sys/kernel/random/entropy_avail cat
Continue readingTag: Security
How to prevent CSRF attack
Sometimes when one application tries to call another application running on another server you get an error window with the message potential CSRF attack. At the same time you will see the following error message in the log files. <BEA-000000>
Continue readingRecommended Best Practices for Securing WebLogic Server.
Disable SSL V2, Weak Ciphers, and Null Encryptions You can use the following jvm options to disable Weak Ciphers. -Dweblogic.security.SSL.allowUnencryptedNullCipher=false -Dweblogic.security.disableNullCipher=true Steps to disable SSL V2 follows later. Use Secure Cookies to Prevent Session Stealing Please refer to this article
Continue readingSimple Sample Custom Identity Asserter for Weblogic Server 12c
To implement a custom identity asserter for Weblogic Server we need to write a provide that implements AuthenticationProviderV2 and IdentityAsserterV2. We need to write and Mbean definition file and a callback handler. SimpleSampleIdentityAsserterProviderImpl package examples.security.providers.identityassertion.simple; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.AppConfigurationEntry;
Continue readingWeblogic SSL configuration with Custom Identity and Custom Trust
These days the enterprise applications have grown more complex and boast a great deal of sensitive and critical data online. Cyber security has become more than important these days to secure the data. Secure Sockets Layer plays a pivotal role
Continue readingSecuring WebServices using Username / Password mechanism
Security is an important aspect of your application design. When the web services are deployed and accessed, you might like to restrict its accesses to particular set of users/ groups or any users of a particular role. Hence we specify
Continue readingImport/ Export users and groups from Security Realm
Exporting users and groups from WebLogic Security Realm. Login into the WebLogic Administration console ,navigate to Security Realm -> MyRealm Navigate to Migration tab ->Export Specify the location where the data needs to be exported. Verify whether the users and groups are
Continue readingcom.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad byte
com.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad byte The above exception is encountered during server startup. This happens when SerializedSystemIni.dat present under domainyour_domainsecurity folder is modified. To troubleshoot this issue, we need to do the following. Check if the Domain
Continue reading