• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Security hole in WebLogic using usernameToken?

 
Ranch Hand
Posts: 116
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Let me explain what is happening. I am using Weblogic 8.1 with sp 5 running on Windows XP.

I have setup a usernametoken for all webservices. From all I can gleam from the documentation I think I have the server and webservices configured properly by including a security element in the web-services.xml file. I know the webservices is working. The only thing I am adding is the security part.




When I run the WebLogic generated test client built from our webservice, I am able to invoke the webservice with no problem. I do not see a portion in the SOAP Header where we're passing the username or password. This behavior should be caught at the server and access is denied.

Can someone please shine some light of this topic?

Thank you in advance for any comments or suggestions.

Russ
 
Russell Ray
Ranch Hand
Posts: 116
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
For the good of the group, the answer is: check the element within the web-service.xml file. The attribute "ignoreAuthHeader" MUST be defined and set to "false". Otherwise there is a false appearance of a security hole.

Best of luck to all.........

Russ
 
I will open the floodgates of his own worst nightmare! All in a tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic