How to decrypt WebLogic Datasource Password

You need to copy the datasource password present in the -jdbc.xml present under \config\jdbc to the password variable in the WLST Script.   Change the path variable to point to your domain from weblogic.security.internal import * from weblogic.security.internal.encryption import * password = "{AES}0+5YrFk+fD9BFIykr3H+wPsNmPRP/GIOUId7SPqBgNg=" path = "D:/Oracle/Middleware/user_projects/domains/pega7_domain/security" encryptionService = SerializedSystemIni.getEncryptionService(path) cService

Continue reading »

JBoss EAP Quiz

Continue reading »

How to do auto backup of weblogic config.xml

You need to go to the following location Home >your_domain > Configuration > General > click Advanced   The configuration is backed up at the time of server boot.  

Continue reading »

How to configure SSL Between Weblogic and Apache

    1) Set WLS Environment C:\Oracle\Middleware\wlserver_10.3\server\bin>setWLSEnv.cmd 2) Go to the lib directory and covert WLS Root Certificate to .pem format C:\Oracle\Middleware\wlserver_10.3\server\lib>java utils.der2pem CertGenCA.der C:\Oracle\Middleware\wlserver_10.3\server\lib>dir CertGen* Volume in drive C is Windows8_OS Volume Serial Number is 8C04-A406 Directory of C:\Oracle\Middleware\wlserver_10.3\server\lib 01/03/2015 09:29 PM 540 CertGenCA.der 01/19/2015 07:47 PM 786 CertGenCA.pem

Continue reading »

Recommended Best Practices for Securing WebLogic Server.

Disable SSL V2, Weak Ciphers, and Null Encryptions You can use the following jvm options to disable Weak Ciphers. -Dweblogic.security.SSL.allowUnencryptedNullCipher=false -Dweblogic.security.disableNullCipher=true Steps to disable SSL V2 follows later. Use Secure Cookies to Prevent Session Stealing Please refer to this article : link Configure WebLogic Server to use a Specific Cipher

Continue reading »

Using RolesAllowed and SecurityRole annotations to secure Webservices on Weblogic

1. Write a JWS that uses the RolesAllowed and SecurityRole annotation package examples.webservices.security_jws; import weblogic.jws.WLHttpTransport; import weblogic.jws.Policies; import weblogic.jws.Policy; import javax.jws.WebService; import javax.jws.WebMethod; import javax.jws.soap.SOAPBinding; import weblogic.jws.security.RolesAllowed; import weblogic.jws.security.SecurityRole; @WebService(name="SecureHelloWorldPortType", serviceName="SecureHelloWorldService", targetNamespace="http://www.bea.com") @SOAPBinding(style=SOAPBinding.Style.DOCUMENT, use=SOAPBinding.Use.LITERAL, parameterStyle=SOAPBinding.ParameterStyle.WRAPPED) @WLHttpTransport(contextPath="SecureHelloWorldService", serviceUri="SecureHelloWorldService", portName="SecureHelloWorldServicePort") @RolesAllowed ( { @SecurityRole (role="testrole") } ) public class SecureHelloWorldImpl { @WebMethod()

Continue reading »

How to load webservices security policy from classpath

1) Add the following JAVA OPTION to the classpath -Dweblogic.wsee.policy.LoadFromClassPathEnabled=true 2) Write a simple policy. Encrypt.xml   <?xml version="1.0"?> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wssp="http://www.bea.com/wls90/security/policy" > <wssp:Confidentiality> <wssp:KeyWrappingAlgorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <wssp:Target> <wssp:EncryptionAlgorithm URI="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part"> wsp:Body() </wssp:MessageParts> </wssp:Target> <wssp:KeyInfo/> </wssp:Confidentiality> </wsp:Policy> 3) Write a JWS that uses this Policy SecureHelloWorldImpl.java   package examples.webservices.security_jws; import

Continue reading »

Testing secure webservice on Weblogic using SOAP UI

Create ┬áthe certificates for the client using keytool and store it at a location. You can refer our articles on SSL to get more details on how to create keystores. Once the client keystore is created you need to do the following configuration on SOAP UI.        

Continue reading »

javax.xml.stream.XMLStreamException while validating xml

javax.xml.stream.XMLStreamException: ParseError at [row,col]:[2,134] Message: Tried all: ‘1’ addresses, but could not connect over HTTP to server: ‘java.sun.com’, port: ’80’ at com.sun.xml.stream.XMLReaderImpl.next(XMLReaderImpl.java:545) at weblogic.servlet.internal.TldCacheHelper$TldIOHelper.parseXML(TldCacheHelper.java:132) at weblogic.descriptor.DescriptorCache.parseXML(DescriptorCache.java:380) at weblogic.servlet.internal.TldCacheHelper.parseTagLibraries(TldCacheHelper.java:65) at weblogic.servlet.internal.War.getTagInfo(War.java:889) at weblogic.servlet.internal.WebAppServletContext$ServletContextWebAppHelper.getTldInfo(WebAppServletContext.java:3708) You might encounter the following exception when the server on which Weblogic is hosted is not able to

Continue reading »

Simple Checklist for WebLogic to JBoss Migration

Compare the supported J2EE specs ( EJB, JMS, Webservices) of the Weblogic Version you are going to migrate from to the JBoss Server version. You will get the details from their official website. Find out the architecture of the Weblogic Application Server ( How many servers? Clusters? Machines?) either from

Continue reading »