My Oracle Support Banner

HTTP Request Attribute Value Equals a String Constant is Not Working in WebLogic 12.2.1.3.0 (Doc ID 2674848.1)

Last updated on MAY 28, 2020

Applies to:

Oracle WebLogic Server - Version 12.2.1.3.0 to 14.1.1.0.0 [Release 12c]
Information in this document applies to any platform.

Symptoms

 HTTP request attribute value equals a string constant is not working in WebLogic 12.2.1.3.0. Following exception observed in logs when DebugSecurityAtz is enabled 

Test Case

1. Deploy a sample application to a managed server using

Custom Roles and Policies: Use only roles and policies that are defined in the Administration Console.

2. Navigate to Deployment > App > Security > URL Patterns > Policies.

3. Create a URL pattern policy "/".

4. Click on "/".

5. Add Conditions and select "HTTP request attribute value equals a string constant".

6. Put Header.MyHeader in HTTP request attribute name: and test123 in String value.

7. Access the application as curl -u user:password -H "MyHeader: test123" http://host:port/ShoppingCart/.

where

user is any user in WebLogic's embedded ldap and password is the password of that user.

/ShoppingCart = context root of the application

8. It fails with Error 403--Forbidden and WebLogic server logs show the above mentioned error when DebugSecurityAtz is enabled.

Changes

 Deploy a Web Application using Custom Roles and Policies.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.