Igor Kromin |   Consultant. Coder. Blogger. Tinkerer. Gamer.

Recently we have disabled all of the non-SSL ports across all of the WebLogic servers on the project I'm working on. This on its own has been a great move in terms of improving security but at the same time presented a number of unexpected challenges. One of these challenges was build-time deployments i.e. when a developer deploys code from their own machine to a development server. Automated and CI deployments were not affected.

Even after updating all endpoints to use the SSL port (7002) and the T3S protocol, Maven kept on failing with errors like this...
 Maven Error
[ERROR] Failed to execute goal com.oracle.weblogic:weblogic-maven-plugin:12.2.1-0-0:deploy (wls-deploy) on project MyService: weblogic.Deployer$DeployerException: weblogic.deploy.api.tools.deployer.DeployerException: Unable to connect to 't3s://myserver:7002': [RJVM:000576]No available router to destination.. Ensure the url represents a compatible running admin server and that the credentials are correct. If using http protocol, tunneling must be enabled on the admin server.
[ERROR] at weblogic.Deployer.run(Deployer.java:76)
...


Scrolling through the Maven output there was another exception that pointed to the actual problem...
 Maven Error
<Warning> <Security> <BEA-090504> <Certificate chain received from myserver - 1.1.1.1 failed hostname verification check. Certificate contained myserver.mydomain.com but check expected myserver>


Of course! Host name verification! Should have seen this coming really. So I needed a way to disable this check. Unfortunately the WebLogic Maven Plug-in does not provide this option. Actually, that's not quite true - it does, but only for the wsimport goal, not any of the other goals - so not useful in this case.

I remembered that there was a way to tell WebLogic itself to disable hostname verification however. There was documentation on how to do that here.
weblogic.security.SSL.ignoreHostnameVerification
Does not verify the hostname in the URL to the hostname in the certificate.


I thought maybe this would work with the WebLogic Maven Plugin too since it should have shared a good amount of the same code as WebLogic. So I needed to set the weblogic.security.SSL.ignoreHostnameVerification Java system property to true.



Maven didn't provide for a way to do this out of the box, but there was the properties-maven-plugin that would do exactly that. Configuring that plugin is very simple and exactly as its examples show, I just had to substitute the system property and value I wanted to set...
 Maven POM
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>properties-maven-plugin</artifactId>
<version>1.0.0</version>
<executions>
<execution>
<phase>initialize</phase>
<goals>
<goal>set-system-properties</goal>
</goals>
<configuration>
<properties>
<property>
<name>weblogic.security.SSL.ignoreHostnameVerification</name>
<value>true</value>
</property>
</properties>
</configuration>
</execution>
</executions>
</plugin>


That's all there was! Once this plugin was added to the Maven POM, all the local build deployments started to work again. Because the phase for this plugin is set to initialize it runs before the WebLogic plugin (which runs during the install phase) and so the system property is set before a deployment is attempted.

-i

Skip down to comments...
Hope you found this post useful...

...so please read on! I love writing articles that provide beneficial information, tips and examples to my readers. All information on my blog is provided free of charge and I encourage you to share it as you wish. There is a small favour I ask in return however - engage in comments below, provide feedback, and if you see mistakes let me know.

If you want to show additional support and help me pay for web hosting and domain name registration, donations, no matter how small, are always welcome!

Use of any information contained in this blog post/article is subject to this disclaimer.
 
comments powered by Disqus
Other posts you may like...