Can WLST be used to set a security policy on the root of the JNDI tree?
Alternatively, can this be done during installation?
We are trying to remove the everyone policy currently on the root of the JNDI by default as it is a security requirement. We want to replace it with a role/group of our choosing. I have tried exporting the realm settings, which appear to include the setting of the jndi, but including this on the install seems to have no affect.
Pretty new to weblogic, so if any other info would help, please add a comment and i'll share what i can!!
Remove the existing policy that covers type=<jndi> then add a replacement
cd("/SecurityConfiguration/MyDomain/Realms/My-Realm/Authorizers/XACMLAuthorizer")
cmo.removePolicy("type=<jndi>")
cmo.createPolicy("type=<jndi>", "Rol(Admin)")
For reference, the below removes the default lookup action on the jms part of the tree, replacing it with the allow everyone option. Wasn't asked in the question, but might be useful for any else struggling with WLST and security policies!
cmo.removePolicy("type=<jndi>, application=, path={jms}, action=lookup")
cmo.createPolicy("type=<jndi>, application=, path={jms}, action=lookup", "?weblogic.entitlement.rules.UncheckedPolicy()")
Related
If I use 'kafka-console-producer' - it automatically picks up JASS file and runs normally (can produce to a remote topic).
If I use 'kafka-avro-console-producer' with exact same configuration but with added schema property - it complains about JASS configuration:
'Could not find a 'KafkaClient' entry in the JAAS configuration. System property 'java.security.auth.login.config' is not set'
How to make it working?
Please look into these blogs, you will know that how can you update your security and how can you add property to procedure.
Authentication using SASL
secure-kafka-java-producer-with-kerberos
How can I configure alerts in Eclipse oepe? It's not easy to migrate all the alert rules and slas across environments.Is there any way to have all the alerts/SLAs migrated in case of change in environment like DEV to TEST without making any changes through sbconsole?
Whenever I exported the jar file(sbconfig.jar) from console and imported it in eclipse, all the alerts are not there in any service. The becomes blank.
Pls help.
Do you also export the Global Operation Settings from the OSBConfiguration? Because that info is not stored in a specific project.
OSB Configurator definitely allows this, so it it is possible to put these settings into sbconfig.jar. In fact you can use this to add those settings to a pre-existing sbconfig.jar.
Note, however, that you might need to import it using /sbconsole/ or WLST rather than from inside OEPE. OEPE has a bad habit of ignoring things it doesn't want to set.
Seems like archiva 2.2 is completely ignoring Security properties
I am following this document:
I have set up the security.properties file under
D:\Apache\Archiva-2.2.0\conf
When I am setting a new password for a user in Archiva UI I am still getting:
You must provide a password containing at least 1 numeric character(s).
security.properties content:
# Security Policies
#security.policy.password.encoder=
security.policy.password.previous.count=9999
security.policy.password.expiration.days=99999
security.policy.password.expiration.enabled=false
security.policy.allowed.login.attempt=3
# Password Rules
security.policy.password.rule.alphanumeric.enabled=false
security.policy.password.rule.alphacount.enabled=false
security.policy.password.rule.alphacount.minimum=0
security.policy.password.rule.characterlength.enabled=true
security.policy.password.rule.characterlength.minimum=3
security.policy.password.rule.characterlength.maximum=0
security.policy.password.rule.musthave.enabled=false
security.policy.password.rule.numericalcount.enabled=false
security.policy.password.rule.numericalcount.minimum=0
security.policy.password.rule.reuse.enabled=false
security.policy.password.rule.nowhitespace.enabled=true
Stop her running and make a backup of your conf/archiva.xml file.
example:
service archiva stop
cp archiva.xml archiva.xml.orig
Edit the config values you want to modify within the main XML configuration file: conf/archiva.xml
Changing the numeric character count:
<numericalcount>
<minimum>0</minimum>
<enabled>false</enabled>
</numericalcount>
Changing the password expiration limit:
<expiration>
<enabled>false</enabled>
<days>999999</days>
</expiration>
These values should already be in your config file (they were in mine). Perhaps they were copied there after my unsuccessful attempts to configure them through the web UI.
Additionally, prevent any user caching behaviour while you're making changes:
<useUsersCache>false</useUsersCache>
Start her up again:
service archiva start
I found a workaround...
stop Archiva
Open the Archiva DB using squirrel sql
Go to SA/JDOUSER table
Column LAST_PASSWORD_CHANGE
Right click to make editable
Modify the value to 10 years from now...
Restart Archiva
Get your 10 years of quiet....
In the code for our project there is this line:
(Properties) new InitialContext().lookup("properties")
One of the other developers said I had to add the entry through the admin for my instance of Glassfish. Having to use the admin to do this seemed suspect to me. Isn't there a way to add a JNDI entry at startup in web.xml, or something similar?
I think the idea here is that it must be done via the admin application so that the values aren't embedded in the application.
I just went through this tutorial:
http://java.sun.com/docs/books/tutorial/security/tour2/index.html
And was curios about the basic concept of JAAS... If every applcation needs to be run with the '-Djava.security.manager -Djava.security.policy=...' flags, what is enforcing security? Is it up to the end user to know when any Java application is being run, and modify the executable/script/whatever to include those flags? Or, how does a developer enforce that an application is run with the security manager enabled?
The whole concept doesnt seem very functional to me - as it is by default not enabled... Am I missing something?
This code should work:
// Set policy
System.setProperty("java.security.policy", "PATH_TO_POLICY_FILE");
// Enable security manager
System.setSecurityManager(new SecurityManager());