Recently we have disabled all of the non-SSL ports across all of the WebLogic servers on the project I'm working on. This on its own has been a great move in terms of improving security but at the same time presented a number of unexpected challenges. One of these challenges was build-time deployments i.e. when a developer deploys code from their own machine to a development server. Automated and CI deployments were not affected.

Even after updating all endpoints to use the SSL port (7002) and the T3S protocol, Maven kept on failing with errors like this...


Scrolling through the Maven output there was another exception that pointed to the actual problem...


Of course! Host name verification! Should have seen this coming really. So I needed a way to disable this check. Unfortunately the WebLogic Maven Plug-in does not provide this option. Actually, that's not quite true - it does, but only for the wsimport goal, not any of the other goals - so not useful in this case.

I remembered that there was a way to tell WebLogic itself to disable hostname verification however. There was documentation on how to do that here.


I thought maybe this would work with the WebLogic Maven Plugin too since it should have shared a good amount of the same code as WebLogic. So I needed to set the weblogic.security.SSL.ignoreHostnameVerification Java system property to true.



Maven didn't provide for a way to do this out of the box, but there was the properties-maven-plugin that would do exactly that. Configuring that plugin is very simple and exactly as its examples show, I just had to substitute the system property and value I wanted to set...


That's all there was! Once this plugin was added to the Maven POM, all the local build deployments started to work again. Because the phase for this plugin is set to initialize it runs before the WebLogic plugin (which runs during the install phase) and so the system property is set before a deployment is attempted.

-i