WebLogic JNDI-Tree Security by Nicolas Fonnegra


Several Weblogic components like EJBs, Datasources and Queues are accessed using JNDI-lookups. In default Weblogic configurations, the JNDI-Tree can be accessed without any kind of authentication. This is far from ideal, because any process, inside or outside the Weblogic container is capable of invoking these components. Only Datasources have an extra layer of security and can only be used remotely by activating the property “weblogic.jdbc.remoteEnabled”.

In this blog entry I will not only show how to secure the JNDI-Tree but also what this means to the development of components such as Session EJBs, Message Driven Beans and external frameworks.

1. Securing the JNDI-Tree lookups

In Weblogic it is possible to secure single JNDI addresses, a group of addresses and the whole JNDI-Tree. There are two ways to do this: the administration console and with WLST

1.1 Administration Console

  • In Environment->Servers-> admin_server-> View JNDI Tree

WebLogic Partner Community

For regular information become a member in the WebLogic Partner Community please visit: http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn Forum Wiki

Technorati Tags: PaaS,Cloud,Middleware Update,WebLogic,WebLogic Community,Oracle,OPN,Jürgen Kress


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.