HTTP Request Attribute Value Equals a String Constant is Not Working in WebLogic 12.2.1.3.0
(Doc ID 2674848.1)
Last updated on SEPTEMBER 18, 2023
Applies to:
Oracle WebLogic Server - Version 12.2.1.3.0 to 14.1.1.0.0 [Release 12c]Information in this document applies to any platform.
Symptoms
HTTP request attribute value equals a string constant is not working in WebLogic 12.2.1.3.0. Following exception observed in logs when DebugSecurityAtz is enabled
Test Case
1. Deploy a sample application to a managed server using
Custom Roles and Policies: Use only roles and policies that are defined in the Administration Console.
2. Navigate to Deployment > App > Security > URL Patterns > Policies.
3. Create a URL pattern policy "/".
4. Click on "/".
5. Add Conditions and select "HTTP request attribute value equals a string constant".
6. Put Header.MyHeader in HTTP request attribute name: and test123 in String value.
7. Access the application as curl -u user:password -H "MyHeader: test123" http://host:port/ShoppingCart/.
where
user is any user in WebLogic's embedded ldap and password is the password of that user.
/ShoppingCart = context root of the application
8. It fails with Error 403--Forbidden and WebLogic server logs show the above mentioned error when DebugSecurityAtz is enabled.
Changes
Deploy a Web Application using Custom Roles and Policies.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |