I try to display Fusion Middleware Consol (WebLogic 12c) in my browse according to pattern:
The port is 7001, the name of domain is domains but I can't find hostname in config.xml file. If hostname should be the hostname of the computer it doesn't work for me. Where I find the hostname?
Snippet from my config.xml:
If I run admin console in this addres: it works. But if I try run Fusion Middleware Consol in this URL: or doesn't work.
By default, weblogic listens on every available address. But if you change the listening address setting, you would find it between the <listen-address></listen-address> tags
I am trying to restrict access to a Tomcat 7 Server by using this valve: org.apache.catalina.valves.RemoteHostValve.
It's working fine for other hosts, but I can not access the server locally by using the localhost (http://localhost:8080).
Here is the Valve:
<Valve className="org.apache.catalina.valves.RemoteHostValve" allow="host2.xy.i|host2.xy.i|localhost"/>
Any ideas?
for this function Hostname Lookups are needet.
Did you check that you have set ?
<Connector enableLookups="true" />
If its not working with the Hostname, you could reach the same result with:
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
But check if you have localhost V6 IP, this example matches only ipv4
We have a simple requirement where:
PS: https:/ === https://
When user hits https:/company_landing.company.com , they should be redirected to keycloak login page (at https:/ourcompany-keycloak.company.com). User enters his/her keycloak login credentials. Upon successful login to keycloak , they will be presented to the company_landing page.
The trouble is :
When User types - https:/company_landing.company.com
Keycloak tries to bring up the landing page but gives 500 Internal server error and says "Incorrect redirect uri" and in the browser I see this:
If you observe the redirect uri above, I think the problem is that instead of https the redirect uri starts with http and http:/company-landing.company.com doesn't exist.
keycloak settings: -
Realm --> settings --> login : Require SSL = all Requests (tried with "external" also)
Applications-->realm1-->settings-->Redirect URI = https://company_landing.company.com/*
AWS load balancer:
Port config: 443(https) forwarding to 8443
I am confused as to why it is stripping the SSL? The above works fine when testing on local environment(probably because its http://localhost) but this always gives an invalid redirect url when trying to access any link that is ssl encrypted.
You have to add the following property in the proxy configuration json file, (by default proxy.json) as an application attribute (same level as "adapter-config"):
"proxy-address-forwarding" : true,
This configuration attribute is not documented, however present in the sources of the proxy configuration: https://github.com/keycloak/keycloak/blob/master/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java
You don't need a certificate to be installed or use changes in adapter config.
This needs to be done in your standalone.xml, standalone-ha or domain.xml (as the case may be) as documented in the Keycloak document reverse proxy section https://www.keycloak.org/docs/latest/server_installation/index.html#_setting-up-a-load-balancer-or-proxy
Assuming that your reverse proxy doesn’t use port 8443 for SSL you also need to configure what port HTTPS traffic is redirected to.
<subsystem xmlns="urn:jboss:domain:undertow:4.0">
<http-listener name="default" socket-binding="http"
proxy-address-forwarding="true" redirect-socket="proxy-https"/>
Add the redirect-socket attribute to the http-listener element. The value should be proxy-https which points to a socket binding you also need to define.
Then add a new socket-binding element to the socket-binding-group element:
<socket-binding-group name="standard-sockets" default-interface="public"
<socket-binding name="proxy-https" port="443"/>
MFP 7.0.0 with IF201506081356
on WebSphere Liberty on Linux
My idea was to modify server.xml
<httpEndpoint id="defaultHttpEndpoint"
host="*" > <=== change this to a specific ipaddress
And change this JNDI entry
<jndiEntry jndiName="ibm.worklight.admin.jmx.host" value="localhost"/>
to specify the same ipaddress.
After making those changes server does not initialise correctly, it attempts to access JMX on the localhost, even though nowhere in my serverl.xml is the word "localhost"
[6/11/15 13:19:24:232 CEST] 00000040 com.worklight.common.util.jmx.LibertyRuntimeMBeanHandler I Establishing REST connection to service:
jmx:rest://localhost:9443/IBMJMXConnectorREST SSL handler=null
That attempt just repeats ad nauseum ...
Is there some cached value somewhere? Something else I need to set?
During the startup of the runtimes "localhost" is always used for the JMX connection. It is a defect, an APAR will be created.
I'm new in XMPP, recently I have installed and configure openfire admin control by defining IP (localhost), port (5222) and new database named: openfire in MySql.
But my usernames and their passwords are in another database, is there any steps to configure in openfire so that it can check the user authentication in my own created database instead of checking it's(openfire) own created usertable ofuser.
I'am Adding TAGS here,
<?xml version="1.0" encoding="UTF-8"?>
This file stores bootstrap properties needed by Openfire.
Property names must be in the format: "prop.name.is.blah=value"
That will be stored as:
Most properties are stored in the Openfire database. A
property viewer and editor is included in the admin console.
<!-- root element, all properties must be under this element -->
<!-- Disable either port by setting the value to -1 -->
<!-- Network settings. By default, Openfire will bind to all network interfaces.
Alternatively, you can specify a specific network interfaces that the server
will listen on. For example, This setting is generally only useful
on multi-homed servers. -->
<username encrypted="true">87d776abae54f5b4c95c78b78420a6967a9429e9e6d7a5c0</username>
<password encrypted="true">7a1603cafdfe1383ea0e284360172ca8c94b37314dbd5390</password>
<testSQL>select 1</testSQL>
<passwordSQL>SELECT upwd FROM users WHERE uname=? and usertype=2 and delflag=0</passwordSQL>
<loadUserSQL>SELECT CONCAT(ufname,ulname) AS name,uemail as email FROM users WHERE uname=? AND usertype=2 AND delflag=0</loadUserSQL>
<userCountSQL>SELECT COUNT(*) FROM users WHERE usertype=2 AND delflag=0 AND inactive=0</userCountSQL>
<allUsersSQL>SELECT uname FROM users WHERE usertype=2 AND delflag=0 AND inactive=0</allUsersSQL>
<searchSQL>SELECT uname FROM users WHERE usertype=2 AND delflag=0 AND inactive=0</searchSQL>
Here is a official openfire documentation for exact your case:
First, editing openfire.xml wont make any expected change with your openfire. even after you restart it.
You should edit that configuration from SERVER -> System Properties . OR you can directly modify database in ofproperty values.
but be carefull.. none of my JDBC authentication seems work if use my own user table. even if i set it to PLAIN password. and their MD5 looks different than standart md5 hashing method
On port 80 I have normal apache web server.
On port 8080 I have tomcat with client and server side stuff.
My goal is:
www.mydomain.com renders a static and SEO friendly index.html while javascript stuff is loading.
In the header of this index.html I load www.mydomain.com:8080/myapp/stuff.js
stuff.js is compiled with gwt and calls a RootLayoutPanel.get().add(nice_panel) which will remove static content and show dynamic widgets. It also calls servlets (server side code).
Problem: for security reasons, browsers wont let me load www.mydomain.com:8080/myapp/stuff.js because it is on a different port.
Wrong attempt: I tried to create a symlink from "normal" apache web server directory to the tomcat webapp containing stuff.js. I am now able to load stuff.js because its url is: www.mydomain.com/mysymlink_to_tomcat/stuff.js. But stuff.js is not able anymore to call servlets on server side again because of browsers security rules ("XMLHttpRequest cannot load ... origin ...is not allowed by Access-Control-Allow-Origin").
I would like to avoid the "crazy" solution of redirect from index.html to tomcat with header('location: http://mydomain.com:8080/another_index_on_tomcat.html'). This solution works but it has many drawbacks (SEO...)
What would be the best approach ?
You have basically two solutions:
make it work with the 2 origins: use the xsiframe linker in GWT to allow the page on :80 to load the script from :8080 (for readers: it's not about loading, it's about what the script does).
Add the following to your `gwt.xml:
<add-linker name='xsiframe' />
That unfortunately won't solve your issue with GWT-RPC (o whatever you use to talk to the server). For that, there's CORS.
use a single origin: use Apache's mod_proxy (or mod_jk) to proxy your Tomcat through your Apache. Nobody will ever use :8080, everything will go through :80. See Using Tomcat with Apache HTTPD and a proxy at https://developers.google.com/web-toolkit/doc/latest/DevGuideServerCommunication#DevGuideRPCDeployment
And of course there's also the solution of ditching the HTTPD and serving everything with Tomcat (recent Java and Tomcat versions have fixed their slowness issues).
I'm not sure if this would avoid the security error, but you could try an iframe. On apache, you have the index and an iframe to the tomcat, where the JS loads inside the iframe. Dunno if that will help with the SEO problem.
The best solution would be to redirect the port 80 calls to 8080 on apache when the client call is asking for a tomcat application.
Install mod_jk on apache and configure it to mount a context on the path you want
example: (edit /mods_enabled/jk.conf)
# Configure access to jk-status and jk-manager
# If you want to make this available in a virtual host,
# either move this block into the virtual host
# or copy it logically there by including "JkMountCopy On"
# in the virtual host.
# Add an appropriate authentication method here!
<Location /jk-status>
# Inside Location we can omit the URL in JkMount
JkMount jk-status
Order deny,allow
Deny from all
Allow from
<Location /jk-manager>
# Inside Location we can omit the URL in JkMount
JkMount jk-manager
Order deny,allow
Deny from all
Allow from
JkMount /*/myAppDir/* ajp13
Then add a virtual host in your site settings (edit /apache2/sites-enabled/)
<VirtualHost *:80>
. Here is the rest of the
. of the config of
. the host
# Tomcat jk connector settings
JkMount /*.jsp ajp13_worker
JkMount /myAppDir/* ajp13_worker
JkMount /myAppDir* ajp13_worker
JKMount /manager* ajp13_worker
JkMount /manager/* ajp13_worker
And you should also edit the server.xml file and inside the tag write and comment the previous Host name="localhost"
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Host name="localhost" appBase="webapps" unpackWARs="true"
autoDeploy="true" >
<Context path="/" docBase="/var/lib/tomcat7/webapps/myAppDir/"
debug="0" reloadable="true" />
<!-- please notes on logs down below -->
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="/var/lib/tomcat7/logs" prefix="tomcat_access_"
suffix=".log" pattern="common" resolveHosts="false" />
The only thing left to do is edit the workers.properties file and add
Then you should be set to work, and when a url containing the myAppDir appears, the apache server will redirect the calls to tomcat the answer will come back from apache.