Setting the Oracle WebLogic enforce-valid-basic-auth-credentials Flag to False
The enforce-valid-basic-auth-credentials is a domain-wide setting and this means that if a client application sends an authorisation header using basic-auth, WebLogic will intercept the call and the application user will be presented with a login prompt. If your application contains spring handlers and you do not want WL to stick it's nose into the auth, then you can set this setting to false as it is set to true by default. You can read on to learn a few tricks...
Note: For WebLogic Server versions 9.2 and later, client requests that use HTTP BASIC authentication must pass WebLogic Server authentication, even if access control is not enabled on the target resource, and this is why we want to turn it off.
============================================
Editing config.xml
To set the e enforce-valid-basic-auth-credentials flag, perform the following steps:
1. Add the <enforce-valid-basic-auth-credentials> element to config.xml within the <security-configuration> element.
<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
</security-configuration>
2. Start or restart all of the servers in the domain.
=============================================
Using WebLogic Scripting Tool (WLST)
Using WLST to Check the Value of enforce-valid-basic-auth-credentials
The Administration Console does not display or log the enforce-valid-basic-auth-credentials setting. However, you can use WLST to check the value in a running server. Remember that enforce-valid-basic-auth-credentials is a domain-wide setting.
The WLST session shown below demonstrates how to check the value of the enforce-valid-basic-auth-credentials flag in a sample running server.
Example:
wls:/offline> connect('weblogic','weblogic123','t3://localhost:7002')
Connecting to t3://localhost:7002 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'base_domain'.
Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.
wls:/base_domain/serverConfig> cd('SecurityConfiguration')
wls:/base_domain/serverConfig/SecurityConfiguration> ls()
dr-- base_domain
wls:/base_domain/serverConfig/SecurityConfiguration> cd ('base_domain')
wls:/base_domain/serverConfig/SecurityConfiguration/base_domain> ls()
dr-- DefaultRealm
dr-- Realms
-r-- AnonymousAdminLookupEnabled false
-r-- ClearTextCredentialAccessEnabled false
-r-- CompatibilityConnectionFiltersEnabled false
-r-- ConnectionFilter null
-r-- ConnectionFilterRules null
-r-- ConnectionLoggerEnabled false
-r-- ConsoleFullDelegationEnabled false
-r-- Credential ******
-r-- CredentialEncrypted ******
-r-- CrossDomainSecurityEnabled false
-r-- DowngradeUntrustedPrincipals false
-r-- EnforceStrictURLPattern true
-r-- EnforceValidBasicAuthCredentials true
-r-- ExcludedDomainNames null
-r-- Name base_domain
-r-- NodeManagerPassword ******
-r-- NodeManagerPasswordEncrypted ******
-r-- NodeManagerUsername 2btxdeGF98
-r-- Notes null
-r-- PrincipalEqualsCaseInsensitive false
-r-- PrincipalEqualsCompareDnAndGuid false
-r-- Type SecurityConfiguration
-r-- WebAppFilesCaseInsensitive false
-r-x findDefaultRealm WebLogicMBean :
-r-x findRealm WebLogicMBean : String(realmDisplayName)
-r-x findRealms WebLogicMBean[] :
-r-x freezeCurrentValue Void : String(attributeName)
-r-x generateCredential [B :
-r-x isSet Boolean : String(propertyName)
-r-x unSet Void : String(propertyName)
here are the command I used to edit the setting using
edit()
startEdit()
cd(‘SecurityConfiguration’)
cd('YOUR_DOMAIN')
set(‘EnforceValidBasicAuthCredentials’,'false’)
save()
activate()
Note: This will create an entry in your config.xml of the value false
Lets list the result in WLST
Now we have Disabled the Security Intercept!
WebLogic sometimes intercepts login requests, making it impossible for your app to authenticate correctly. You can now prevent WebLogic from intercepting login requests.
==========================
Here is a script to do this automatically
"""
This script starts an edit session, and modifies the EnforceValidBasicAuthCredentials setting which
equates to the <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials> in config.xml
"""
import sys
from java.lang import System
# Global Variables
usr = "weblogic"
password = "weblogic123"
domain = "base_domain"
url = "t3://localhost:7002"
def setAuth(authSetting):
connect(usr,password,url)
edit()
startEdit()
cd('SecurityConfiguration')
cd(domain)
set('EnforceValidBasicAuthCredentials',authSetting)
save()
activate()
#-----------------------------------------------------------------
# Auth setting
#-----------------------------------------------------------------
def Configure(authSetting):
if authSetting == "":
ScriptUsage()
else:
setAuth(authSetting)
#-----------------------------------------------------------------
# Usage
#-----------------------------------------------------------------
def ScriptUsage():
print "----------------------------------------------------------------------------------------------------------------"
print ""
print " ERROR: Invalid usage, correct usage is:"
print " java weblogic.WLST configureAuth.py {boolean}"
print ""
print " e.g.: java weblogic.WLST configureAuth.py false"
print ""
print "----------------------------------------------------------------------------------------------------------------"
print ""
#-----------------------------------------------------------------
# Main
#-----------------------------------------------------------------
if len(sys.argv) != 2:
ScriptUsage()
else:
Configure(sys.argv[1
分享到:
相关推荐
NULL 博文链接:https://vernonchen163.iteye.com/blog/1995514
NULL 博文链接:https://samjavaeye.iteye.com/blog/902229
weblogic weblogic weblogic weblogic
Weblogic安装,domain创建,数据连接池配置
weblogic监控 weblogic调优 weblogic版本区别 weblogic启动关闭脚本
如果安装成功,日志文件中将显示 "The installation was successful!" 的信息。 总结 本文介绍了如何使用 silent.xml 文件实现 WebLogic 的静默安装,并详细解释了 silent.xml 文件的结构和参数的意义。通过遵循...
weblogic10.3.6最新补丁 【2022-1-18日】发布的最新补丁 weblogic10.3.6最新补丁 【2022-1-18日】发布的最新补丁 weblogic10.3.6最新补丁 【2022-1-18日】发布的最新补丁 weblogic10.3.6最新补丁 【2022-1-18日】...
weblogic10.3.3之后升级到weblogic10.3.6详细操作文档,可以安装文档说明进行操作对weblogic低版本进行升级操作。
1.WEBLOGIC服务器管理概述 2.节点管理器 3.配置WEBLOGIC服务器与集群 4.用日志消息管理WEBLOGIC服务器 5.分发应用 6.配置WEBLOGIC服务器的WEB组件 7.代理对另一个HTTP服务器的请求 8.代理对WEBLOGIC集群的请求 9....
开发部署中间件weblogic下载,经实践试用,没有任何问题。 WebLogic是美国Oracle公司出品的一个application server,确切的说是一个基于JAVAEE架构的中间件,WebLogic是用于开发、集成、部署和管理大型分布式Web...
WebLogic修改IP导致出错解决方案 本文将详细讲解WebLogic修改IP导致出错解决方案,包括启动失败解决方案、修改IP导致出错原因分析、解决方法等。 一、启动失败解决方案 在WebLogic中,启动失败可能是由于多种原因...
学会在WebLogic平台下部署Servlet与Jsp 二、实验环境 Windows XP 三、实验内容: 1、Weblogic Server的安装和Weblogic管理控制台 1)Weblogic安装 从服务器上下载server813_win32.exe安装 2)创建自己的工作区 ...
•1、WebLogic服务的监控 •2、WebLogic性能优化 •3、UNIX操作命令介绍 WebLogic服务的监控 •WebLogic的控制台console对内存的监控 •Console-->server-->myserver-->右边窗口Mornitoring-->Performance WebLogic...
weblogic日常巡检的方法,包括weblogic8和weblogic10,,如果weblogic中间件出现问题,也可以通过这些地方入手排查。
有关weblogic的配置和介绍 有关weblogic的配置和介绍 有关weblogic的配置和介绍 有关weblogic的配置和介绍
weblogic部署
WebLogic Server有多个版本,包括WebLogic Server 8.1、WebLogic Server 9.x、WebLogic Server 10.0、WebLogic Server 10.3和WebLogic Server 11gR1。每个版本都有其特点和优势,了解这些版本的区别是非常重要的。 ...
Weblogic12c(12.1.3)安装和eclipse下配置weblogic并发布项目
Weblogic 套件和Weblogic 标准版 Weblogic 企业版 功能对比
* 卸载补丁命令:`./bsu.sh -remove -patchlist=EJUW -prod_dir=/home/weblogic/bea/wlserver_10.3/` * 卸载补丁命令:`./bsu.sh -remove -patchlist=ZLNA -prod_dir=/home/weblogic/bea/wlserver_10.3/` ### 3. ...