Thursday, May 26, 2016

Hacking users in WebLogic

vi $DOMAIN_HOME/security/DefaultAuthenticatorInit.ldift
insert this:

dn: uid=PIPPO,ou=people,ou=@realm@, dc=@domain@
description: Test generated user
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: S107077
sn: S107077
userpassword: {ssha}blablabla
uid: PIPPO
objectclass: wlsUser
wlsMemberOf: cn=Administrators,ou=groups,ou=@realm@,dc=@domain@

PIPPO should become an Administrative user

ssha passwords (ssha being a variant of SHA1) can be generated with openssh or with Python/WLST

Wednesday, May 25, 2016

WebLogic network-access-point

If you need to invoke operations (EJB, WS...) on a specific IP different from the main listen address / port of WLS, you can create inside config.xml a network-access-point and give it a mnemonic name like "INT-Channel" :

and configure your component in your weblogic-ejb-jar.xml with a clause:


Tuesday, May 24, 2016

Apache http-client, customizing SSLSocketFactory

Here the general documentation on Apache HTTP client

    HttpContext context...
    SchemeRegistry registry = getSchemeRegistry(context);
    Scheme schm = registry.getScheme(target.getSchemeName());
    SchemeSocketFactory sf = schm.getSchemeSocketFactory();

This example shows

Specifically, it's interesting to look at their default implementation of which is the org.apache.http.conn.ssl.BrowserCompatHostnameVerifier ( extends org.apache.http.conn.ssl.AbstractVerifier implements org.apache.http.conn.ssl.X509HostnameVerifier extends )

The extra methods added by org.apache.http.conn.ssl.X509HostnameVerifier are:

  public abstract void verify(String host, SSLSocket ssl)
    throws IOException;
  public abstract void verify(String host, X509Certificate cert)
    throws SSLException;
  public abstract void verify(String host, String[] cns, String[] subjectAlts)
    throws SSLException;

while the basic contains only
verify(String hostname, SSLSession session)

Remember! is an ABSTRACT class.

For use within WebLogic, see, but the property HTTPClient.defaultHostnameVerifier doesn't seem to work with Apache HTTPClient.

Also another interface exists

No shared spaces configured

garbage-first heap   total 6291456K, used 1368757K [0x0000000640000000, 0x00000007c0000000, 0x00000007c0000000)
  region size 2048K, 97 young (198656K), 9 survivors (18432K)
compacting perm gen  total 1048576K, used 230859K [0x00000007c0000000, 0x0000000800000000, 0x0000000800000000)
   the space 1048576K,  22% used [0x00000007c0000000, 0x00000007ce172e10, 0x00000007ce173000, 0x0000000800000000)
No shared spaces configured.

this was seen in a
java/jdk170_91-64b/bin/java -XX:-UseBiasedLocking -XX:SurvivorRatio=10 -verbose:gc -XX:+PrintGCTimeStamps -Xms6144m -Xmx6144m -XX:NewSize=256m -XX:MaxNewSize=256m -XX:PermSize=1024m -XX:MaxPermSize=1024m  -XX:+UseG1GC -XX:InitiatingHeapOccupancyPercent=60 

I am not really sure what this "No shared spaces configured" would mean - I could not find any decent documentation on this message. And it doesn't seem to be really an error message, nor something related to G1GC...

Sunday, May 8, 2016

Singleton Timer in WebLogic

If you have a JEE EJB Timer in a Cluster, maybe you want only 1 instance to be active. In this case you should implement a Cluster Aware Singleton Component :

- create table WEBLOGIC_TIMERS

configure a Datasource and set it in "cluster-Scheduling":