How To Force Authentication On JNDI Lookups
(Doc ID 1592583.1)
Last updated on DECEMBER 11, 2017
Applies to:Oracle WebLogic Server - Version 10.3 and later
Information in this document applies to any platform.
Anyone having an access to the relevant host and port can write a client to perform an "anonymous" lookup as below. For example:
InitialContext = new InitialContext(connectionProps);
String objName = "weblogic.management.mbeanservers.runtime";
Object remoteProbe = ctx.lookup(objName); // SECURITY ISSUE if the object access control policy is Group: everyone
How can one force authentication on this JNDI lookup?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document