Search This Blog

Monday, October 05, 2009

Deployment Management Links are not working On Weblogic 10. 3.1.0

When trying to access the Deployment Management Links Export and Import are not working with the Weblogic 10.3.1.0 version. This fails with the following error
Either Your Session timed out or you are trying to access a page without logging in.
How ever this works fine on WebLogic 10.3.0.0 version.

There is some change in the functionality due to cross-site scripting vulnerability reasons. Please refer to the Note 866405.1 Applet/Javascript does not have access to JSESSIONID (httponly) cookie for more details on this.

For the Deployment Management Links to work you need to edit the file

C:\oim_server\xellerate\OIMApplications\WLXellerateFull.ear\xlWebApp.war\WEB-INF\weblogic.xml

and add the following entries

<session-descriptor>

<cookie-http-only>false</cookie-http-only>

</session-descriptor>

After the changes the weblogic.xml should look like this ,

<?xml version='1.0' encoding='UTF-8'?> 
<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/weblogic-web-app" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-web-app http://www.bea.com/ns/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd"> 
<security-role-assignment> 
<role-name>User</role-name> 
<principal-name>User</principal-name> 
</security-role-assignment> 
<jsp-descriptor> 
<encoding>UTF-8</encoding> 
</jsp-descriptor> 
<container-descriptor> 
<filter-dispatched-requests-enabled>false</filter-dispatched-requests-enabled> 
</container-descriptor> 
<session-descriptor> 
<cookie-http-only>false</cookie-http-only> 
</session-descriptor> 
</weblogic-web-app> 

Restart the weblogic server after the above changes.

3 comments:

Mohammad Jibril said...

Worked for me..

Thx Ravi

Anonymous said...

doesn't seem to work for me?
How do you restart the web logic server? Services.msc and restart the service?

- Glenn

Kunal Jain said...

Hi,

I am getting the same issue on oel 5, OIM 11.1.1.3 and Weblogic 10.3.3.0

The most concerning part is, this issue is there only in one environment. Other environments do not have this issue. It was working fine until a period. But suddenly it went into a denial mode.

Please help me.