Posted by John Paul van Helvoort on February 10, 2009
While implementing a custom login page you might run into these errors when accessing the default available 0c4jmount j2ee.
http://sso.example.com:7777/j2ee/examples/
This URL which mounts default to the directory :
$ORACLE_HOME/j2ee/home/default-web-app/examples/
This only works when you have the home component enabled and started. By default the container is disabled and stopped.
So when requesting this url you will get a 500 internal error returned.
> error_log.1234224000
[Thu Feb 5 15:50:29 2009] [error] [client x.x.x.x] [ecid: 1233845429:x.x.x.x:16857:0:17,0] MOD_OC4J_0119: Failed to get an oc4j process for destination: home
[Thu Feb 5 15:50:29 2009] [error] [client x.x.x.x] [ecid: 1233845429:x.x.x.x:16857:0:17,0] MOD_OC4J_0013: Failed to call destination: home's service() to service the request.
When the home oc4j container is enabled and started, you will recieve the desired page !
> access_log.1234224000
x.x.x.x - - [10/Feb/2009:09:59:57 +0100] "GET /j2ee/examples/login.jsp HTTP/1.1" 200 146
Now you can use this default page either by adjusting the policy.properties file or to update the ORASSO schema table WWSSO_LS_CONFIGURATION_INFO$.
Posted in Application Server | Leave a Comment »
Posted by John Paul van Helvoort on February 3, 2009
When you are monitoring a Oracle 9i database with Oracle Enterprise Manager.
You might run into the problem that old snapshot statistics do not have a retension periode and therefor make a tablespace grow bigger then expected.
To somewhat control the growth of this snapshot data. Here is a easy script that will clearout old ( older then 1 month ) snapshot data in you monitored 9i database.
This script assumes that statspack is installed under schema owner perfstat.
declare
-- Determine snapshots to be deleted.
cursor c_snap is
select snap_id
from perfstat.STATS$SNAPSHOT
where trunc(snap_time) < add_months(sysdate, -1);
l_teller integer default 0;
begin
for r_snap in c_snap loop
delete from perfstat.STATS$SNAPSHOT
where snap_id = r_snap.snap_id;
l_teller := l_teller + 1;
-- commit after every 10 records
if mod(l_teller, 10) = '0' then
commit;
end if;
end loop;
-- commit last snapshot delete
commit;
end;
/
Here you can see the amount of records that will be deleted when running this cleanup script.
select count(snap_id)
from perfstat.STATS$SNAPSHOT
where trunc(snap_time) < add_months(sysdate, -1);
I used this script by scheduling this job to be executed every week.
Posted in Database, Scripting | Leave a Comment »
Posted by John Paul van Helvoort on February 2, 2009
As an extension on my posting on how to secure default admin pages on a SSO server. Here is a list of rules you could implement to make your Oracle Portal ( 10.1.4 )some what protected for the outside.
################################################
# Protect the Portal default / admin pages
# For Public (internet)users
################################################
<LocationMatch /(?i)portal/page/portal/TOPLEVELSITE.*$>
Order deny,allow
Deny from all
Allow from 10.32
</LocationMatch>
<LocationMatch /(?i)portalHelp2.*$>
Order deny,allow
Deny from all
Allow from 10.32
</LocationMatch>
<LocationMatch /(?i)portal/pls/portal/PORTAL.wwexp_explore.explore.*$>
Order deny,allow
Deny from all
Allow from 10.32
</LocationMatch>
<LocationMatch /(?i)portal/pls/portal/PORTAL.wwexp_explore.builder.*$>
Order allow,deny
deny from all
Allow from 10.32
</LocationMatch>
<LocationMatch /(?i)portal/pls/portal/PORTAL.wwpob_app_globalset.edit_settings.*$>
Order deny,allow
Deny from all
Allow from 10.32
</LocationMatch>
These settings are again implemented in the Apache Reverse Proxy configuration file httpd.conf which used a proxypass command to process the incoming requests. The “Allow from” indicates our internal IP range to be able to still administer the Portal server.
Posted in Application Server | Leave a Comment »
Posted by John Paul van Helvoort on February 1, 2009
Sometime ago i was challanged by “securing” an Oracle Single-Sign On which is indirectly connected to the internet by an Apache Reverse proxy(using mod_proxy ). Here are some rules i implemented to protect the SSO server :
################################################
# Protect the SSO admin pages
# For Public (internet)users
################################################
<LocationMatch /(?i)oiddas.*$>
Order deny,allow
Deny from all
Allow from 10.32
</LocationMatch>
<LocationMatch /(?i)pls/orasso/ORASSO.home$>
Order deny,allow
Deny from all
Allow from 10.32
</LocationMatch>
<LocationMatch /(?i)pls/orasso/ORASSO.wwsso_app_admin.administer_fapp.*$>
Order deny,allow
Deny from all
Allow from 10.32
</LocationMatch>
<LocationMatch /(?i)pls/orasso/ORASSO.wwsso_app_admin.edit_ls_configuration.*$>
Order deny,allow
Deny from all
Allow from 10.32
</LocationMatch>
<LocationMatch /(?i)pls/orasso/ORASSO.wwsso_app_admin.papp_administer.*$>
Order deny,allow
Deny from all
Allow from 10.32
</LocationMatch>
<LocationMatch /(?i)pls/orasso/ORASSO.wwsso_app_admin.papp_list.*$>
Order deny,allow
Deny from all
Allow from 10.32
</LocationMatch>
<LocationMatch /(?i)pls/orasso/ORASSO.wwsso_app_admin.show_ls_menu.*$>
Order deny,allow
Deny from all
Allow from 10.32
</LocationMatch>
These settings where implemented in the Apache Reverse Proxy configuration file httpd.conf which used a proxypass command to process the incoming requests.
The “Allow from” indicates our internal IP range to be able to still administer the SSO server.
Posted in Application Server | Leave a Comment »
