Additional Server Configuration
Configuring HTTP-Only Flag for HTTP Cookies Set by Oracle Identity Federation
weblogic中有关http-only-cookie的说明
6.7.1 Configuring HTTP-Only Flag for HTTP Cookies Set by Oracle Identity Federation
A non-standard extension to RFC2965 extends the set-cookie header further by specifying an HttpOnly flag. When you set this flag, the client (browser) should not make the cookie contents available to scripting environments. For example, the JavaScript document.cookie method should not return the cookie contents. This significantly protects against "cross-site scripting" and similar attacks.
By default Oracle Identity Federation does not set the HttpOnly flag.
The Oracle Identity Federation server can be configured to set the HttpOnly flag when setting in the user's browser:
the cookie used by Oracle Identity Federation to reference the user session
the Oracle Access Manager cookie
To configure Oracle Identity Federation to set the HttpOnly header, enter the WLST script environment for Oracle Identity Federation and set the following properties:
Set the cookiehttponlyenabled boolean property from the serverconfig group to true if the HttpOnly flag should be set when sending the Oracle Identity Federation cookie to the browser, otherwise set it to false:
setConfigProperty('serverconfig',
'cookiehttponlyenabled', 'true', 'boolean')
Set the oamcookiehttponlyenabled boolean property from the spengines group to true if the HttpOnly flag should be set when sending the Oracle Access Manager cookie to the browser, otherwise set it to false:
setConfigProperty('spengines',
'oamcookiehttponlyenabled', 'true', 'boolean')
链接:http://download.oracle.com/docs/cd/E15523_01/oim.1111/e13400/addlcfg.htm#CEGDBJAG
-------------------------------------------------------------------------------------------
BEA WebLogic Server? 9.2
BEA WebLogic Server 是现成的企业 J2EE 应用服务器,它支持在可靠、安全、高可用和可伸缩的环境中部署关键任务应用程序。 WebLogic Server 是基于面向服务的架构 (SOA) 构建应用程序的理想平台。
该地址除了介绍weblogic相关内容,还讲解了很多web开发和servlet,jsp相关的规范内容,值得学习
链接:http://edocs.weblogicfans.net/wls/docs92/index.html
-------------------------------------------------------------------------------------------
开发 WebLogic Server 的 Web 应用程序、Servlet 和 JSP的学习文档
链接:http://edocs.weblogicfans.net/wls/docs92/webapp/index.html
-------------------------------------------------------------------------------------------
使用会话和会话持久性 相关知识
链接:http://edocs.weblogicfans.net/wls/docs92/webapp/sessions.html#wp150431
-------------------------------------------------------------------------------------------
为什么在TOMCAT又是好的呢?因为TOMCAT和WEBLOGIC对这个getServletContext().getRealPath的实现不同,tomcat可以返回正确的路径,weblogic只会返回一个null。
需要在weblogic.xml里添加
<container-descriptor>
<show-archived-real-path-enabled>true</show-archived-real-path-enabled>
</container-descriptor>
链接:http://hi.baidu.com/luohuazju/blog/item/0d0298233395bf4693580745.html
-------------------------------------------------------------------------------------------
有关weblogic服务器的session丢失或不一致的问题
需要给weblogic.xml里添加
<session-descriptor>
<cookie-http-only>false</cookie-http-only>
</session-descriptor>
但由于weblogic的版本的不同,weblogic.xml的对该参数的支持也不太一样
已知的如下:
这是10.3.3的有关weblgic_xml的定义
http://download.oracle.com/docs/cd/E14571_01/web.1111/e13712/weblogic_xml.htm#i1071981
这是10.3.1和10.3.2的有关weblgic_xml的定义
http://download.oracle.com/docs/cd/E15523_01/web.1111/e13712/weblogic_xml.htm#i1071981
可以看出weblogic在10.3.3中支持在weblogic.xml里配置
<session-descriptor>
<cookie-http-only>false</cookie-http-only>
</session-descriptor>
经过进一步查看10.3.4和10.3.5中都支持该参数的配置
而9.2版本也支持该参数的配置
如下路径http://download.oracle.com/docs/cd/E13222_01/wls/docs92/webapp/weblogic_xml.html#wp1071982
所以好像这个参数出现的版本不太固定
相关路径:
http://www.iteye.com/topic/1114228
http://download.oracle.com/docs/cd/E13222_01/wls/docs92/webapp/weblogic_xml.html
http://cn.forums.oracle.com/forums/thread.jspa?threadID=1518073
http://cn.forums.oracle.com/forums/thread.jspa?threadID=953056
-------------------------------------------------------------------------------------------
weblogic10.3 项目出错解决方法
http://hannoi2009.blog.163.com/blog/static/12282842820099211132366/
-------------------------------------------------------------------------------------------
weblogic中jsp编译后生成java文件
1.在WEB-INF中建立一个weblogic.xml文件
2.文件内容如下:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE weblogic-web-app
PUBLIC "-//BEA Systems, Inc.//DTD Web Application 8.1//EN"
"http://www.bea.com/servers/wls810/dtd/weblogic810-web-jar.dtd" >
<weblogic-web-app>
<jsp-descriptor>
<jsp-param>
<param-name>keepgenerated</param-name>
<param-value>true</param-value>
</jsp-param>
</jsp-descriptor>
</weblogic-web-app>
链接:http://52347.iteye.com/blog/406403
-------------------------------------------------------------------------------------------
WebLogic10.3 + Liferay6.05 + Oracle10g 布署笔记
http://www.chinasb.org/archives/2011/09/3795.shtml
-------------------------------------------------------------------------------------------
weblogic 10g 或11g删除domain的方法
1、删除Oracle\Middleware\user_projects\domains\下面的要删除的domain文件夹。例:soa_domain
2、删除Oracle\Middleware\user_projects\applications\下面的要删除的domain文件夹。例:soa_domain
举例说明:
如要删除soa_domain,那么要删除Oracle\Middleware\user_projects\domains\soa_domain文件夹和Oracle\Middleware\user_projects\applications\soa_domain文件夹。
链接:http://bxl766.blog.163.com/blog/static/6109950520110215644532/
------------------------------------------------------------------------------------------
在weblogic10.3.4版本的server中自己的应用下的ojdbc相关jar包不生效,即使删除,应用依然能用,
证明该版本的weblogic是先加载自己server/lib下自带的ojdbc6.jar,把该jar删除,就会使用应用自己的jdbc的jar包了。
其实这样做不太好,万一哪天需要用到weblogic自己的数据库连接池的话,就有问题了,因为把它自己的驱动删除了。
但是暂时也没有找到好的为某个应用指定相关jdbc的jar包的方法,有网上说可以在启动时指定CLASSPATH,就会把
指定的CLASSPATH放到最前面,也没有实验,看看weblogic相关的启动脚本再说吧。