Posted in work on July 19th, 2009 by seancblake – Be the first to comment
It’s funny how timing works out. I’m sure most of you have heard about the Twitter hacking incident with all of the data leaked over at TechCrunch. Well, about the same time last week we had our monthly training session and one of the highlighted products was Oracle Adaptive Access Manager (OAAM). How I bet they wish they had this product in place!
OAAM can be placed in front of your application that allows for multi factor authentication along with the ability to inject fraud protection policies based upon the risk associated with a user session. I’m sure you have seen similar authenticaiton factors on banking and mortgage business websites. The ones where they prompt you for extra security questions and or allow you to see images or phrases of your choice so that you know you can trust the site. While the Twitter attacker did utilize these secret questions to their advantage, OAAM doesn’t just stop here.
read more »
Posted in work on July 14th, 2009 by seancblake – Be the first to comment
I had never heard of the split development directory environment for WebLogic 10gR3 until a week or so ago. It’s a pretty nice development framework for WLS and as it turns out is actually a recommended development methodology. It consists of a particular layout to your project’s directory structure along with built in Ant tasks to provide faster development cycles. While the edocs pages give a good explanation of the setup and overall approach there were a few minor updates I found to the generated Ant script to be able to use all of the tasks provided.
The edocs recommended a layout that consisted of a build and source directory within your web project. The project example that I’ll explain below utilized this method. But, before I worked it out with this setup, my first test was to just do away with the source folder. By removing this directory, the Ant script seemed to work out based upon the edocs notes. But I wanted to get it working with the source folder in place and as it turned out it was pretty easy.
read more »
Posted in work on June 26th, 2009 by seancblake – 1 Comment
This is the start of one of those posts where the complete coding of this solution should have taken an hour. However, never atempting JNI before, not touching or looking at C since my junior year of college (and we all know how much we retain from that) and the overall setup in Eclipse (Ganymede) made it a whole lot longer to accomplish. I still don’t have all the answers or know exactly the why behind all the steps but here is what I got!
I started out with a goal of writing a simple Java call over to the Outside In – File Id for the purpose of verifying the content of a file. Being at Oracle I assumed that there would be a nice Java API already available…I was wrong. File Id only has a C interface available so JNI needed to enter the picture.
For the purpose of shotening this a bit I’m not going to go over the steps of setting up a Java project that utilizes JNI. There are plenty of examples of this already out there, I probably visited about twenty while trying to find answers to my errors. Google “JNI Tutorials” or “JNI Examples” or use this good one from Sun. In short, you have your Java code, you compile it to generate the class file, run the javah command to generates a C header file, and base your C code off of this header file.
read more »
Posted in work on June 12th, 2009 by seancblake – 2 Comments
Prior to the 10gR3 (ALI 6.5) release of WebCenter Interaction a nice little package called the User Interface Customization Installer (UICI) which could be used to set up a portal development environment. This installer bundled up among other things the UI source code, ant build scripts and jar’s/dll’s required for the build. However, the UICI has now been been deprecated so we all need to fend for ourselves. The only documented steps I could find over on the old edocs site assumed the UICI and were for previous versions. The only other data I was able to find was only available internally, which is why this post now exists!
The good news is that the 10gR3 source code still ships and we only need a few more steps to get the debugging going. Along with this source code you’ll need a development server with WCI 10gR3 installed, Tomcat, Eclipse and JDK 1.5. I’m using my localhost on Tomcat 5.5 with Eclipse 3.4 (Ganymede). What your missing is the ability to use all of the ant build scripts that ship with the source code, they depended on the UICI.
read more »
Posted in work on May 28th, 2009 by seancblake – 1 Comment
Working in the National Security space everyone becomes friendly with STIG’s (Security Technical Implementation Guides). Basically, it’s a large and very inclusvie configuration checklist which must be adhered to prior to a system moving into production. In our situation, we needed to restrict the WLS cipher’s that were acceptable during the browser/server handshake (only accepting HIGH ssl traffic). This seemed like a very basic request and although I didn’t know the answer of the top of my head I was sure a little Googling would come up with config file to change. Well….no dice!
So, after opening a ticket with support it turns out that it is a very easy solution, just not very easy to find. I haven’t investigated the solution in previous releases, but it should be pretty similar. For WebLogic 10gR3:
- Locate the configuration file for your domain: /<domainname>/config/config.xml
- Find the element for your <servername>
- Add a new <ciphersuite> element after the <ssl> <enabled> element
For our situation we only wanted to accept HIGH ciphers:
1
2
3
4
| <ciphersuite>SSL_RSA_WITH_R4_128_SHA</ciphersuite>
<ciphersuite>SSL_RSA_WITH_R4_128_MD5</ciphersuite>
<ciphersuite>TLS_RSA_WITH_R4_128_SHA</ciphersuite>
<ciphersuite>TLS_RSA_WITH_R4_128_MD5</ciphersuite> |
Save the file and restart your WebLogic server to initiate the change.
Twitter
Facebook
LinkedIn
Google Reader