My Oracle Support Banner

How To Force Authentication On JNDI Lookups (Doc ID 1592583.1)

Last updated on DECEMBER 11, 2017

Applies to:

Oracle WebLogic Server - Version 10.3 and later
Information in this document applies to any platform.

Goal

Anyone having an access to the relevant host and port can write a client to perform an "anonymous" lookup as below. For example:

Properties connectionProps = new Properties();
connectionProps.put("java.naming.factory.initial", "weblogic.jndi.WLInitialContextFactory");
connectionProps.put("java.naming.provider.url", "t3://host:port");

InitialContext = new InitialContext(connectionProps);
String objName = "weblogic.management.mbeanservers.runtime";

Object remoteProbe = ctx.lookup(objName); // SECURITY ISSUE if the object access control policy is Group: everyone

How can one force authentication on this JNDI lookup?

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.