Weblogic : disable user-lockout on specific managed servers

weblogic

1 of the powerful features of weblogic is the user-lockout mechanism in the security realms.
In our case this is very useful, but there is 1 but…

On some of our managed servers, all (HTTP) users are expected to use the same username/password,
so if user-lockout is enabled, and 1 of the users would send a wrong password a couple of times, user-lockout will kick in, and ALL the users that use this username will be locked out.
(even those that did send the correct username/password combination)

The ideal scenario for me would be to be able to disable the userlockout feature on those specific managed servers, and to keep it enabled on others.

Is there a way to achieve this, via a startup argument or WLST command?

Any hints would be appreciated

Thx Jo

Best Answer

You can configure it in the console, under the default realm -> configuration -> user lockout. Here's the documentation (I'm assuming wls 12c): http://docs.oracle.com/cd/E24329_01/web.1211/e24422/domain.htm#SECMG414

Related Solutions

WebLogic cluster, determine node from JSESSIONID cookie

Not directly in Weblogic, AFAIK.

If you have an Apache web server (or a similar proxy) fronting the Weblogic cluster, it does log the individual server HASH and map it to the Managed server, and is able to send it to the same weblogic managed server as the previous request.

As described by an old BEA page, you can enable debug logging:

Debug ALL
DebugConfigInfo ON
WLLogFile /tmp/wlproxy.log

Sample log content:

Mon May 10 13:14:40 2004 getpreferredServersFromCookie: -2032354160!-457294087
Mon May 10 13:14:40 2004 GET Primary JVMID1: -2032354160
Mon May 10 13:14:40 2004 GET Secondary JVMID2: -457294087
Mon May 10 13:14:40 2004 [Found Primary]: 172.18.137.50:38625:65535
Mon May 10 13:14:40 2004 list[0].jvmid: -2032354160
Mon May 10 13:14:40 2004 secondary str: -457294087
Mon May 10 13:14:40 2004 list[1].jvmid: -457294087
Mon May 10 13:14:40 2004 secondary str: -457294087
Mon May 10 13:14:40 2004 [Found Secondary]: 172.18.137.54:38625:65535
Mon May 10 13:14:40 2004 Found 2 servers

This info is also available on MOS; search for document 780007.1.

Weblogic: Setting character encoding with WLST

Turns out the code above is not right:

The defaultCharCodeset is a field of the IIOP MBean, not the Server MBean (and also not the the domain MBean). The IIOP MBean on the other hand is a child of ther Server MBean.

I found it like this: find('defaultCharCodeset'), which gave me nice output as to where this field shows up in WLST config tree:

/Servers/AdminServer/IIOP/AdminServer          DefaultCharCodeset                                 US-ASCII
/Servers/app_1/IIOP/app_1                      DefaultCharCodeset                                 US-ASCII
...
(app_1 is a managed server we defined)

So the right way to do this seems to be:

cd('/Servers/app_1/IIOP/app_1)
cmo.setDefaultCharCodeset('UTF-8')
...

Best Answer

Related Solutions

WebLogic cluster, determine node from JSESSIONID cookie

Weblogic: Setting character encoding with WLST

Related Topic