Dedicated User for Weblogic - apache won't run - apache

I have a java application running on Weblogic on a Linux box. The application/weblogic are run as root. I see this as a security risk. I want to create a dedicated user to run the application.
To do this I have:
Created a new dedicated DNRS/Weblogic user called 'wluser'.
Granted access to my application to only the dedicated user wluser.
The application is hosted on Apache. To run the application, I first start apache, then weblogic.
When I tried to run apache, it complained 'Permission denied: make_sock: could not bind to port 446'.
It seems apache needs to be started as root. But if I changed the owner of apache to root, I'll be able to run the application as root. Exactly what I don't want..
Anyone any ideas?

I'm fairly sure that an application has to be given permission to use a port below 1024.
Check out this question on ServerFault: Regular User socket permissions

Related

Issues while accessing Jenkins using IP address vs DNS Name (with AD integration)

Noob Question:
I have a Jenkins instance setup on an internal team domain (with our own DNS/AD configured). This domain is inside the intranet.
We have security enforced on Jenkins using the Active Directory plugin. Therefore, all users login with their AD credentials for an actions like triggering a job, etc. Viewing is open to all.
We access the Jenkins instance using the DNS name (http://jenkins.team.company.com:8080). However, when accessing certain jobs, the address changes to http://10.XX.XX.XX:8080/../..). At this point, the users' logged in sessions are also terminated.
I am at a loss about what is causing the sessions to get lost.
(in the spirit of full disclosure - this Jenkins instance does not have an nginx or apache running in front of it. Until recently, this was my own local Jenkins instance but now the ask is to get everyone to start using this. I am wondering whether setting up nginx or Apache will resolve the problem. You can tell that I have none or very little background with running Web Applications)

Not able to access my web application outside the server (apache)

I have setup a mapping application on a Windows 2012 server, with apache web server. The application is accessible using this URL within that server. But not able access outside the server.
I have given the IP in apache .conf file for the "listen" parameter. Hope that is fine.
The IP is pinging is pinging from the local machine.
The hosting support confirmed there is no firewall blocking the access.
What else should I do to correct this?
The IP address, is it static?, and are your cgi settings configured properly and the permissions on your directories within the website?
Are you receiving any forbidden access or other related errors?
Your Apache httpd.conf, your php.ini, and your user.conf files should all be checked along with configuring the correct permissions on files and directories.
*Note: Edit config files with sudo, restart apache after making changes.

CAS authentication in localhost with an application running locally

I have my CAS setup locally. I have a grails application that is running locally as well. My CAS authentication is working. My CAS is running at this location
http://localhost:8081/cas/login?service=http%3A%2F%2Flocalhost%3A8081%2Fj_spring_cas_security_check
My grails application is running at http://localhost:8080/CASTest/test/
So when I go to my grails application i get redirected to CAS for login, however after login I getting I keep getting evaluationException on hostUrl in my CAS. I think the error is because of localhost in the service field in CAS, if i change this to test1.localhost it works, it redirects me to test1.localhost after authentication. Any ideas how i can redirect it back to my application that is running locally?
Try configuring the hosts file of your operating system to accept the chosen domain for your application as an alias to localhost, and then use that in your CAS configuration in development environment.
Check out the Wikipedia entry for the hosts file for the appropriate location in your system (if you are using Linux that would be /etc/hosts), and then add a line like:
127.0.0.1 test1.localhost
After that, you can use it in your CAS configuration for the development environment -- the serviceUrl configuration should point to something like http://test1.localhost/CASTest/j_spring_cas_security_check.
Hope it helps!

Glassfish access control

I have web service deployed in my system under Glassfish server. When I try to access it from another system using my IP and port number it shows an access control origin error.
I tried to solve this by putting a accesscrossdomain.xml file in my Glassfish docroot folder, but the error still continues.
What can be done to solve this issue?
You are likely running into the default configuration, which disables remote administration by default for security reasons. This means no SSL while logging into the administration console, no admin password, etc.
GlassFish Server has excellent documentation. For this particular issue, this section of the Security Guide should help. Basically, you'll want to run "asadmin enable-secure-admin". To learn more about secure admin, read this section of the Security Guide.

What access does Apache 2.0 need in Windows Server 2003 in order to start as a service?

Until this morning, I have had Apache 2.0 running as a service using a local account which was configured with appropriate permissions. Sometime yesterday, someone must have changed something, and now Apache 2.0 won't start as a service under this account.
I made the account an Administrator temporarily, and Apache 2.0 starts fine.
I tried following the access listed in the official documentation, but it seems to require more access. Does anyone know what access Apache 2.0 needs to start as a service?
I'm running Apache 2.0.63 with SVN 1.4.6 and mod_auth_sspi for windows domain authentication.
I also checked the syntax of the configuration file from command-line using the -t parameter, but I received the message Syntax OK.
Here's the error I get when starting as a service from command-line:
X:\>net start apache2
The Apache2 service is starting.
The Apache2 service could not be started.
A service specific error occurred: 1.
More help is available by typing NET HELPMSG 3547.
Verify that your service still has the "Log on as a Service" user right. If your machine is a part of a domain, it's possible the account permissions or user rights have been reset by a group policy.
Can you do a "Run As" using the Apache account, and run Apache from the command line? This will tell you if there are other permission problems.
Set the "LogLevel" directive to "debug" in the apache configuration file.
Execute Apache from the command-line and use the "-X" argument so that Apache does not fork processes.
Apache should output a bit more information to help debug your problem.