How to prevent CSRF attack

Sometimes when one application tries to call another application running on another server you get an error window with the message potential CSRF attack. At the same time you will see the following error message in the log files. <BEA-000000> <A request has been denied as a potential CSRF attack.>

Continue reading »

Recommended Best Practices for Securing WebLogic Server.

Disable SSL V2, Weak Ciphers, and Null Encryptions You can use the following jvm options to disable Weak Ciphers. -Dweblogic.security.SSL.allowUnencryptedNullCipher=false -Dweblogic.security.disableNullCipher=true Steps to disable SSL V2 follows later. Use Secure Cookies to Prevent Session Stealing Please refer to this article : link Configure WebLogic Server to use a Specific Cipher

Continue reading »

Simple Sample Custom Identity Asserter for Weblogic Server 12c

To implement a custom identity asserter for Weblogic Server we need to write a provide that implements AuthenticationProviderV2 and IdentityAsserterV2. We need to write and Mbean definition file and a callback handler. SimpleSampleIdentityAsserterProviderImpl   package examples.security.providers.identityassertion.simple; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.AppConfigurationEntry; import weblogic.management.security.ProviderMBean; import weblogic.security.service.ContextHandler; import weblogic.security.spi.AuthenticationProviderV2; import weblogic.security.spi.IdentityAsserterV2; import weblogic.security.spi.IdentityAssertionException;

Continue reading »

com.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad byte

com.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad byte The above exception is encountered during server startup. This happens when SerializedSystemIni.dat present under domain\your_domain\security folder is modified. To troubleshoot this issue, we need to do the following. Check if the Domain is in Production Mode or Development Mode. If its in

Continue reading »