Igor Kromin |   Consultant. Coder. Blogger. Tinkerer. Gamer.

Recently we have disabled all of the non-SSL ports across all of the WebLogic servers on the project I'm working on. This on its own has been a great move in terms of improving security but at the same time presented a number of unexpected challenges. One of these challenges was build-time deployments i.e. when a developer deploys code from their own machine to a development server. Automated and CI deployments were not affected.

Even after updating all endpoints to use the SSL port (7002) and the T3S protocol, Maven kept on failing with errors like this...
 Maven Error
[ERROR] Failed to execute goal com.oracle.weblogic:weblogic-maven-plugin:12.2.1-0-0:deploy (wls-deploy) on project MyService: weblogic.Deployer$DeployerException: weblogic.deploy.api.tools.deployer.DeployerException: Unable to connect to 't3s://myserver:7002': [RJVM:000576]No available router to destination.. Ensure the url represents a compatible running admin server and that the credentials are correct. If using http protocol, tunneling must be enabled on the admin server.
[ERROR] at weblogic.Deployer.run(Deployer.java:76)

Scrolling through the Maven output there was another exception that pointed to the actual problem...
 Maven Error
<Warning> <Security> <BEA-090504> <Certificate chain received from myserver - failed hostname verification check. Certificate contained myserver.mydomain.com but check expected myserver>

Of course! Host name verification! Should have seen this coming really. So I needed a way to disable this check. Unfortunately the WebLogic Maven Plug-in does not provide this option. Actually, that's not quite true - it does, but only for the wsimport goal, not any of the other goals - so not useful in this case.

I remembered that there was a way to tell WebLogic itself to disable hostname verification however. There was documentation on how to do that here.
Does not verify the hostname in the URL to the hostname in the certificate.

I thought maybe this would work with the WebLogic Maven Plugin too since it should have shared a good amount of the same code as WebLogic. So I needed to set the weblogic.security.SSL.ignoreHostnameVerification Java system property to true.

Maven didn't provide for a way to do this out of the box, but there was the properties-maven-plugin that would do exactly that. Configuring that plugin is very simple and exactly as its examples show, I just had to substitute the system property and value I wanted to set...
 Maven POM

That's all there was! Once this plugin was added to the Maven POM, all the local build deployments started to work again. Because the phase for this plugin is set to initialize it runs before the WebLogic plugin (which runs during the install phase) and so the system property is set before a deployment is attempted.


A quick disclaimer...

Although I put in a great effort into researching all the topics I cover, mistakes can happen. Use of any information from my blog posts should be at own risk and I do not hold any liability towards any information misuse or damages caused by following any of my posts.

All content and opinions expressed on this Blog are my own and do not represent the opinions of my employer (Oracle). Use of any information contained in this blog post/article is subject to this disclaimer.
Hi! You can search my blog here ⤵
NOTE: (2022) This Blog is no longer maintained and I will not be answering any emails or comments.

I am now focusing on Atari Gamer.