Today, while I was searching for some information regarding SOA and security in web services, I found this article written by one of my colleagues.
Here is the link to the article:
http://ipsec.pl/web-application-security/2013/web-services-security-testing.html
02/03/2014
16/02/2014
How to create new domain in Weblogic using gui or console mode
How to create a new domain in Weblogic?
There are couple options when you want to create/ extend a domain in Weblogic:
- Configuration Wizard in either GUI/ or console ( text-mode mode)
- WLST
- Create the files manually
- Copy the domain from another project :)
1a.Using the GUI mode:
in the shell go to the WLS binaries directory:
${WLS_HOME}/common/bin
and run the following script:
./config.sh
or
${WLS_BIN}/common/bin/config.sh
If the system can not support GUI mode, Configuration Wizard will start text-based mode.
1b. Using the console ( text-based ) mode:
in the shell go to the WLS binaries directory:
${WLS_HOME}/common/bin
and run the following script:
./config.sh -mode=console
or
${WLS_BIN}/common/bin/config.sh -mode=console
2. Using WLST mode
11/02/2014
What are MBeans JavaBeans and JMX
What are MBeans JavaBeans and JMX
What are MBeans?
MBeans Objects are type of JavaBean, created (mostly) with the Dependency Injection
What is inside the MBean?
MBeans represent current state/ resource of a running parts of the application, and expose the management interface containing:
- getters / setters – in order to set or get specific values on the particular items
- ability to perform more advanced operations
- provide self description mechanism
MBeans structure:
So basically MBeans can hold information like statistics, current configuration, or simply act as a key-value store.
MBeans are registeresd to the MBean Server and are used in the JMX (Java Management Extensions technology).
JMX:
JMX (Java Management Extensions) – allows co connect to the currently running JVM to monitor/ manager running applications through MBeans.JMX can communicate with the MBeans through a connector (RMI, IIOP, JMS…)that talk with the MBean Server via API. MBean Server is a bridge between the connector and MBeans.
The JMX specification defines following types of MBeans:
- Standard MBeans
- Dynamic MBeans
- Open MBeans
- Model MBeans
- MXBeans
Resources:
http://docs.jboss.org/jbossas/jboss4guide/r4/html/jbosscache.chapt.html https://blogs.oracle.com/jmxetc/entry/what_is_jmxHow to disable remote shutdown in Tomcat (secure)
How to disable remote shutdown in Tomcat
Examples:
- change the port number from default to different one (not recommended)
- change the shutdown command (partially recommended)
- change port number to -1 (recommended)
By default Tomcat listens on port 8005 for SHUTDOWN command. When such message is received, all applications within this context are shutdown. By default it is bound to loopback interface, though not accessible from external network. For security reasons I’d strongly advise to disable this functionality if it is not needed, just in case some user might shutdown the service on purpose or by accident.
We can find this definition in the server.xml file
$CATALINA_HOME/conf/server.xml<Server port="8005" shutdown="SHUTDOWN">
You might have ‘address’ variable in this line. This indicates possible usage of multiple NIC (http://en.wikipedia.org/wiki/Network_interface_controller
We can prevent shutting down on specific port by changing these values.
EXAMPLE 1:
Change the settings in the server.xml file from:
<Server port="8005" shutdown="SHUTDOWN">
To:
<Server port="8008" shutdown="SECRETCOMMAND">
From now on, only SECRETCOMMAND command will shutdown the instance. All other commands (including SHUTDOWN) will fail.
Result:
[me@me ~]$ telnet 192.168.1.3 8005
Trying 192.168.1.3...
Connected to 192.168.1.3.
Escape character is '^]'.
SHUTDOWN
Connection closed by foreign host.
|
Response (by default- catalina.out file) :
WARNING: StandardServer.await: Invalid command 'SHUTDOWN' received
|
EXAMPLE 2:
Change the settings in the server.xml file from:
<Server port="8005" shutdown="SHUTDOWN">To
<Server port="8001" shutdown="SHUTDOWN">From now on only SHUTDOWN command issued on port 8001 (if not used by other application) will shutdown the instance. Port 8005 will not be used by this instance.
Result:
[me@me ~]$ telnet 192.168.1.3 8005
Trying 192.168.1.3...
telnet: connect to address 192.168.1.3: Connection refused
|
EXAMPLE 3 (recommended):
Change the settings in the server.xml file from:
<Server port="8005" shutdown="SHUTDOWN">To
<Server port="-1" shutdown="SHUTDOWN">This will disable SHUTDOWN service/ command for good :)
Result:
[me@me ~]$ telnet 192.168.1.3 8005
Trying 192.168.1.3...
telnet: connect to address 192.168.1.3: Connection refused
|
AJP (Liferay/ Tomcat) no response fix
https://github.com/wheelq/AJP.Stats
Description of the issue
When using Liferay on Tomcat + Apache/nginx you might experience a small Denial Of Service from time to time. In the most cases the issue is in Tomcat's configuration, well to be more precise - in lack of the configuration ;)
When defining an AJP connector on port 8009:
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" address="10.0.1.2" URIEncoding="UTF-8">
People often miss one important setting -connectiontimeout andkeepAlivetimeout.
Solution
connectiontimeout - is the number of milliseconds Connector will wait, after accepting a connection, for the request URI to be presented. If no value is defined, then the value becomes: -1 (i.e. infinite).
KeepAliveTimeout - is the number of milliseconds Connector will wait for another AJP request before closing the connection. The default value is to use the value that has been set for the connectiontimeout attribute.
Lack of this configuration might cause the DOS (Denial Of Service) of the application itself. Once you have fixed this problem be defining the settings mentioned above you might want to monitor number of connections to your application/Liferay and see if there is a high number of connections maintained or not.
AJP.Stats
That is why I have created small, not really intelligent, very slow, but working script to make your life easier :)
ENJOY! :)
https://github.com/wheelq/AJP.Stats
Subscribe to:
Posts (Atom)