Tuesday, January 31, 2012

Nexus behind a proxy 403 repo1.maven.org problem

I was having a bit of a problem with my nexus installation downloading from mavens repo1.

Some jars would just not download so I tried a wget and got a 403 error.
Did some searching and found that repo1 does not allow wget so I added a user agent to the wget (-U) and it worked. So I tried adding it to Nexus and viola.



NOTE: I am behind a corporate proxy.

Thursday, January 26, 2012

Where to find the adf images, styles etc

If you are writing your own custom components and want to resuse some of the adf images for continuities sake you can find the images in the adf-richclient-impl-11.jar.

This should be in [your weblogic location]\oracle_common\modules\oracle.adf.view_11.1.1

Tuesday, January 24, 2012

ADF: weblogic cluster endless loop 401 Unauthorised _afrLoop infinite loop AGAIN

Finally fixed the third incarnation of this problem - when we deployed onto our dev cluster and our application deployed fine but when the login page was accessed the app went into an infinite loop. NOTE: Deploying onto the Admin server worked perfectly.

In the access logs you see 302 http codes with _afrLoop parameters (302 - redirect).

Really could not figure this one out. I added failover and clustering removed them. Reconfigured the security. Created a test app with one page used weblogics default security provider but still NOTHING. I even setup a cluster on my machine and everything worked (Note: I did not setup our dev cluster)

So in desperation I check the system-jazn-data.xml file deployed on weblogic an lo and behold none of my application security configurations where setup in the file. I stopped everything and added what I had on my local cluster to the system-jazn-data.xml and everything just works. I need to find out what in our dev configuration is causing the system-jazn-data.xml file not to be updated and will post here when found.

Hope this save someone some time becuase it wasted a LOT of my time.

Final Word: Always a good idea to read the documentation:
 http://docs.oracle.com/cd/E12839_01/core.1111/e10043/addlsecfea.htm#CFHFAIGE

Under the heading 7.3.1 Deploying to a Test Environment

Other Considerations

When deploying an application to multiple managed servers, be sure to include the administration server so that data is migrated as expected.

This fixed it for me.

Monday, January 16, 2012

Javascript: Redirect to external system and automatically authenticate SSL

Note: using basic authentication on external system.
This leaves you open to XSS attacks SO TAKE NOTE, it is not for production code without modification.

This little bit of javascript although insecure (but you can work with this) can give you single sign on like behaviour (if the site you are calling is using Basic Auth) using the XMLHttpRequest object.
For the ADF stuff deployed on weblogic using the same realm this is not really a problem.

function createRequest() {
  if (typeof XMLHttpRequest != 'undefined') {
    return new XMLHttpRequest();
  }
  try {
    return new ActiveXObject("Msxml2.XMLHTTP");
  }
  catch (e) {
    try {
      return new ActiveXObject("Microsoft.XMLHTTP");
    }
    catch (e) {
    }
  }
  return false;
}

function performRedirect() {
  xmlhttp = createRequest();
  xmlhttp.open("GET", "https://server/url_to_call", false, "username", "password");
  xmlhttp.onreadystatechange = function () {
    if (xmlhttp.readyState == 4) {
      document.location.href = 'https://server/url_to_call';
    }
  }
  xmlhttp.send(null);
}

My notes to self during this process (stupidly trying to do this sever side but hey well):

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertP
athBuilderException: unable to find valid certification path to requested target







    SSLContext ctx = SSLContext.getInstance("TLS");
    ctx.init(new KeyManager[0], new TrustManager[] { new DefaultTrustManager() }, new SecureRandom());
    SSLContext.setDefault(ctx);

401: This indicates that you have not logged in

  • Create a new inner class for a custom authenticator and set the default before invoking the URL
import java.net.Authenticator;
import java.net.PasswordAuthentication;

private static class CustomAuthenticator extends Authenticator {
  protected PasswordAuthentication getPasswordAuthentication() {
    return new PasswordAuthentication("w3676021", "richard01".toCharArray());
  }
}


Authenticator.setDefault(new CustomAuthenticator());  

OR:
  •  Just add a username password request property
String val = (new StringBuffer(username).append(":").append(password)).toString();
byte[] base = val.getBytes();
String authorizationString = "Basic " + new String(new Base64().encode(base));
uc.setRequestProperty("Authorization", authorizationString);



java.io.IOException: HTTPS hostname wrong:  should be
HostnameVerifier hv = new HostnameVerifier() {
   public boolean verify(String urlHostName, SSLSession session) {
     System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
     return true;
  }
 };
HttpsURLConnection.setDefaultHostnameVerifier(hv);
OR on the console 
Env --> Servers --> SSL Hostname Verification: none
OR on startup -Dweblogic.security.SSL.ignoreHostnameVerification=true

The certificate chain received from server - ip contained a V3 CA certificate which was missing the basic constraints extension


  • Add the following properties to startup

-Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.SSL.enforceConstraints=off  -Dweblogic.webservice.client.ssl.strictcertchecking=false


Certificate chain received from was not trusted causing SSL handshake failure

  • Only way I found for this was to correctly add you cert to the correct file see:
http://vbandaru.wordpress.com/2010/11/15/ssl-handshake-failure-in-weblogic-server/


Tuesday, January 3, 2012

Running ADF in weblogic cluster

I am trying to run my ADF app in a cluster and my login page redirects back on itself endlessly.
Note this has been resolved - we restarted the entire weblogic server and the problem dissapeared. (I think something went wrong in the deployment) the one other change I made was to change the inner xml of session-descriptor in weblogic.xml FROM: <sharing-enabled>true</sharing-enabled> TO:
<persistent-store-type>REPLICATED_IF_CLUSTERED</persistent-store-type> this should not make a difference but I though I would mention it.

Here are my notes to self as I moved through the process.

Application
  adf-config.xml
  <adf-controller-config xmlns="http://xmlns.oracle.com/adf/controller/config">
    <adf-scope-ha-support>true</adf-scope-ha-support>
  </adf-controller-config>
 
  Web.xml
  <context-param>
    <param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
    <param-value>false</param-value>
  </context-param>

Weblogic Setup (I am testing locally on windows for now)
  • C:\Dev\Middleware\wlserver_10.3\server\bin\startNodeManager.cmd - start node manager before you can start managed servers
  • Add to Domain -- Enviroment -- servers -- your managed servers -- configuration tab -- server start tab -- arguments text area : -Xms1536m -Xmx1536m -Duser.timezone=+02:00 -XX:MaxPermSize=512m
  • Make sure you have all the properties and classpaths set (you can copy and paste them from startup)