Alt om ingenting og litt i mellom En blogg av Knut-Olav

English posts

Logitech Media Server on skinny Debian Jessie

29. august 2016 · Comments Off

WAV/PCM files were not played by Logitech Media Server, with zero logging in /var/log/squeezeboxserver/server.log, on a tiny installation of Debian Jessie.

I tried to tune log levels and found some tools lacking, such as “flac” and “lame”, but none of them fixed my problem, and still no explanation in the log files.

But I found something in the logs that led me in the right direction:

[16-08-29 23:03:04.3358] Slim::Player::TranscodingHelper::enabledFormat (209) Checking to see if wav-flc-*-* is enabled
[16-08-29 23:03:04.3360] Slim::Player::TranscodingHelper::checkBin (250)    enabled
[16-08-29 23:03:04.3362] Slim::Player::TranscodingHelper::checkBin (252)   Found command: [flac] -cs --totally-silent --compression-level-0 $START$ $END$ -- $FILE$ | [sox] -q -t flac - -t flac -C 0 $RESAMPLE$ -
[16-08-29 23:03:04.3364] Slim::Player::TranscodingHelper::getConvertCommand2 (446) Matched: wav->flc via: [flac] -cs --totally-silent --compression-level-0 $START$ $END$ -- $FILE$ | [sox] -q -t flac - -t flac -C 0 $RESAMPLE$ -

I was missing the “sox” tool!
So, I installed “sox”, and now the media server is properly encoding WAV/PCM audio files to FLAC (or something).

Enter BIOS on Lenovo E31-70

3. februar 2016 · 2 Kommentarer

To enter BIOS on a Lenovo E31-70, press down and hold Fn+F2 (because some time someone in the IT industry decided that nobody uses the F-buttons, so lets hide them behind a Fn-button combination… Ok, enough with the rant for this time).

The first time I entered BIOS I was presented with some debug configuration options, a DEBUG-section and other advanced features, but every time I enter the BIOS now I just get the standard options… I have absolutely NO IDEA WHAT-SO-EVER how I can get to those advanced options back!

Another thing, booting from a USB stick doesn’t seem to work, even after I disabled UEFI Secure Boot. Might be the form factor of the USB stick, which has a contact that is a bit thinner than normal contacts, but it works on other computers I have. End-of-rant.

Java RMI connectivity debugging

19. februar 2015 · Comments Off

When RMI connection fails with Connection refused it might be hard to figure out which hostname and port it tried to connect with, especially in third party libraries.

To enable debug logging in RMI connectivity, which logs hostname and port number, set this system property:

Can also be set runtime with System.setProperty before RMI connections are made.

Log output are printed to console, such as:

Feb 19, 2015 1:03:28 PM sun.rmi.transport.proxy.RMIMasterSocketFactory createSocket
FINE: main: host: localhost, port: 1098
Feb 19, 2015 1:03:28 PM sun.rmi.transport.proxy.RMIMasterSocketFactory createSocket
FINE: main: host: localhost, port: 4444

FreeBSD top of network connections

2. oktober 2012 · Comments Off

To view the active connections in FreeBSD, which might be a very good debugging/overview tool for a router, one can use ipfstat -t.

This will output something like this:

Source IP             Destination IP         ST   PR   #pkts    #bytes       ttl,1052,80     4/4  tcp   37860   6446150 119:59:07,17500,17500 0/0  udp   11681   1740469      1:55,17500,17500      0/0  udp   11681   1740469      1:55

Finding which Windows process uses what IP socket

2. oktober 2012 · Comments Off

To find out which application uses what IP port on a Windows, both open listening sockets and open connections, you can use netstat with some options and then grep for the port number, or findstr as it’s called in Windows world.

netstat -ano | findstr “:xxxx”

This outputs something like this:

Aktive tilkoblinger

  Prot. Lokal adresse          Ekstern adresse          Tilstand           PID
  TCP                LISTENING       1232
  TCP                LISTENING       4
  TCP              LISTENING       3500
  TCP              LISTENING       4
  TCP           CLOSE_WAIT      3500
  TCP      ESTABLISHED     3500

In the right column you’ll find the PID of the process using the socket. Open task manager, make sure the PID column is visible (might need to add it to the view, then look around in the drop down menus).

Windows Task Manager shows process PID of Dropbox

Windows Task Manager shows process PID of Dropbox


KMail – Use GSSAPI for authentication to IMAP account

21. september 2012 · Comments Off

On a freshly installed Debian testing with KDE desktop, i set up KMail to read email from our corporate MS Exchange server using the IMAP protocol.

The curiosity in me wanted to check out GSSAPI for authentication, but the IMAP server replied with SASL(-4): no mechanism available: no worthy mechs found.

Of course, I need the krb5-user package and run the kinit command to retrieve a valid Kerberos session ticket. What wasn’t so obvious was the need for the package libsasl2-modules-gssapi-mit. Voila! Got me some emails :D

Redshift – a Linux tool for late nights

6. september 2012 · Comments Off

Redshift is a nice Linux tool for adjusting the color temperature of the screen according to time of the day.

At night this tool makes the screen a bit warmer, so your eyes wont “hurt” so much of the otherwise so bright display of your desktop background, browser or editor.

You provide the tool with your approximately geo coordinates and some value for upper and lower limit of color temperature, then it will automatically and continuously change color temperature all through day and night.

Example command for running this tool, if your’re in Norway:

$ redshift -l 60.0:10.0 -t 5700:3600 -g 0.8 -m vidmode -v

Cryptic error message from Courier IMAP server – Permission Denied

2. juli 2012 · Comments Off

I have debugged this error message for the last couple of days.

Jul  1 23:11:56 lance imapd: LOGIN,, ip=[::ffff:AAA.BBB.CCC.DDD], port=[48700], protocol=IMAP
Jul  1 23:11:56 lance imapd: Permission denied

The solution was pretty simple.

The /tmp folder had bad permissions. This server was only meant for hosting email services, so bad permissions on /tmp folder was actually not an issue earlier.

I guess the wrong permissions were caused by my custom XEN node setup using multiple partitions, including a partition just for /tmp.

Debugging was quite hard

Authentication was successful, as I got a different error message when authenticating with a known bad password.

I debugged it using strace. It wasn’t easy, as courier imap forks out child processes for each connection, which I had to strace as well.

# strace /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslookup -noidentlookup 143 /usr/lib/courier/courier/imaplogin /usr/bin/imapd Maildir

Connect to port 143 using telnet.
Log in using this command:


Then find the imap process PID. Look for a process running as user vmail:

$ ps axuw|grep imapd
vmail      362  0.0  1.0   4616  1344 ?        S    01:46   0:00 /usr/bin/imapd /var/spool/mail/vmail/

In this case, the PID is 362. Then attach strace to it using strace -p 362, as sudo.

From the telnet interface, I entered a couple of commands like these:

2 select "INBOX"
5 UID fetch 1:10 (UID RFC822.SIZE FLAGS BODY.PEEK[HEADER.FIELDS (From To Cc Bcc Subject Date Message-ID Priority X-Priority References Newsgroups In-Reply-To Content-Type)])

Then I found this somewhere down into the strace output:

open("/tmp/tmpfWsezjv", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
write(2, "ERR: Permiss"..., 43) = 43

Fixing the problem
chmod 1777 /tmp

As I wrote earier… a simple solution.

Bringing an old Dreambox DM-7000 back to life

18. september 2011 · Comments Off

A long time ago, in a … no, really, I can’t remember how long ago it was… but a long time ago I bought a Dreambox DM-7000-C, a 4 headed satellite dish and got a lot of channels. That was a fun time. But time changes fast and finally I got about zero channels. My last attempt to use the Dreambox with a legal Canal Digital (Conax) card failed, and so the Dreambox got stuffed away in a closet.

I came across it one day this summer and decided to give it another try. After all, it was VERY fast in changing channels. And I don’t have to wait two minutes on the Dreambox for the EPG to show either. I browsed the Internet for what firmware to use, and thought that since the box is very old, some final recommended image could be easily found… but no.

Dreambox on top of a Canal Digital box

The Dreambox might be a lot bigger than the box from Canal Digital, but it's a lot faster too!

The world of Dreambox is kind of cloudy, with lots of forums of users with completely different experiences of what works like a dream and what “just sucks”, and of course a lot of broken links. After a while I came up with a list of possible candidates: Peter Pan, Pli jade, OpenPLi, SifTeam, EDG Nemesis and Gemini Project. I was only looking for images compatible with my DM-7000.

Peter Pan Neverland was the “nordic image” of choice, but is now outdated, last version from 13.01.2007.

I saw a forum post of one recommending SifTeam and after some research on my own I found out that they provided the newest image for my box, version 1.9.4c from 04.06.2010. I decided to give it a try, but had to scratch it since it froze to often.

Gemini Project seemed to be more focused on stuffing addons into the firmware such as web servers, SSH server, print server, you name it, than actually provide me with useful information about softcams and stuff needed for watching TV. Actually, to be open to you, I don’t like Gemini Project at all, after they injected a virus into their firmwares that bricked DM-500 clones (in norwegian).

I couldn’t find any information about EDG Nemesis other than the version number and that they have released version 5.0 beta in 08.11.2010. Since no changelog was provided, I decided to drop trying it.

PLi Jade seemed at first to be very old, a version from 27.06.2009, but there is a version called OpenPLi which provides daily builds. I kind of like the idea, but I very much doubt that they work on it daily. I still haven’t figured out when the last change actually was made. This is the version I decided to settle on. It runs smoothly, no crashes, the EPG works and after installing CCcam softcam it reads my Canal Digital card too and I “got the picture”.

A good source for Dreambox images can be found at the website of Dreambox Tool.

Ok, there it is. This is as far as I came on “the project” today, and it remains to see if the card gets updated entitlements or not. I guess the next thing I need is to set up some “bouquets” for easy access to the favourites.

Rooted my HTC Desire and installed CyanogenMod

20. juli 2011 · Comments Off

Got tired of running the old Android 2.2 Froyo firmware on my HTC Desire, so I decided to root it and upgrade to a custom Android ROM.

Rooting Android

Rooted the phone using the unrevoked tool according to the steps of this article at This tool also runs on Linux. You might have to run it with sudo.

In addition to root the phone it also installs ClockworkMod Recovery which replaces the stock Android Recovery, to allow installing custom ROMs and provides some backup and restore functionality.

For me, no settings got lost in the rooting process, and I could use the phone just as normal afterwards. A rooted Android phone allows applications to run as the root user, so some applications might mess up your phone. This is required to install a custom Android system.

Remember backup

I used MyBackup to backup contacts, SMS and other settings. Used SMS Backup as a second backup for my SMS’s, which uploads the messages to my GMail account. To backup my apps I used MyBackup and Astro File Manager. Some backup applications requires a rooted phone, in that case you might backup what you can, then root the phone, and backup the rest before installing a new ROM.

Installing a custom ROM

The probably easiest way to install a custom ROM is to install the app ROM Manager from ClockworkMod. Personally I landed on CyanogenMod 7.0.3, running Android 2.3.3 Gingerbread.

The phone worked great after installing CyanogenMod, here with all the old apps back in

Factory reset is probably needed
Booting the phone after installing CyanogenMod failed, it got stuck while booting, only showing the CyanogenMod boot logo spinning forever. This might be caused by some bad settings from the stock Android that CyanogenMod didn’t like very much. Pulled the battery out and into place again, and started the phone holding back button to get to CyanogenMod Recovery boot loader, to factory reset, losing all settings and applications. The SD card is left untouched by this operatoin. Glad I backuped up the most important apps, settings, contacts and SMSes to begin with :)

Restore settings and applications

I tried to restore all the applications I previously had backed up, but applications that previously were installed on the SD card were restored to the internal storage, and failed when trying to move the app to SD card after restore. Had to uninstall those and install them once again from the Market. Application settings got lost in the process.

On most apps, it was just a matter to log in again to get back on track. I had to leave some apps after restore to keep the settings, especially apps that are not backed by online services, such as ColorNote. Uninstalling the app would erase the notes.

The good choice

So, did I like it? It’s OK. The onscreen keyboard is a little different, but now I got the æøå keys at least. Since I’m Norwegian, that makes sense I guess. There is no dictionary, but I haven’t searched Android Market for it yet, so perhaps I don’t miss it. I miss the second-click on the home button to get an overview of all the desktops, but it’s not a big deal.

Somehow all contacts in my Google Circles got lost the other night. I don’t know why, maybe because of some defect in a backup restore process or re-install of the Google+ app, or it might be a glitch at Google…

Since HTC has abandoned us Desire owners, even lay to us after promising us the 2.3 version, it was time to move on to something other. I guess I don’t need the Sense shit anymore. Now I can move Google apps to SD card, and even delete those I never used! CyanogenMod works great!

KDE – are you missing Katapult?

1. mars 2011 · Comments Off

A long time ago there was a utility called Katapult, a great application launcher for KDE. I liked the auto completion of application name or website address as I typed in the letter on my keyboard. Katapult is now deprecated, no longer installed with KDE.

But there is another great application launcher for KDE, called Krunner. The shortcut is ALT+F2, and the functionality is mostly the same. I don’t miss Katapult anymore.

Unstable video capture with DC10+ on Ubuntu 10.10

28. november 2010 · Comments Off

Some weeks ago I wrote about capturing video with an old Pinnacle DC10+ card on Ubuntu 10.10.

Since then I have had varying success capturing hours of video from both Hi8 and VHS sources. Often lavrec will exit in the middle of a recording with somewhat unknown error messages such as:

# dmesg:
DC10plus[0]: jpg_sync - timeout: codec isr=0x00

# lavrec:
Error syncing on a buffer: Timer expired

… and other nicies.

Often this happened between recordings on the tape, when stopping and starting a recording, where it often occur a lot of noise and jitter. It happened more often when recording from VHS tapes than from HI8 tapes.

I tried different values for the system configuration kernel.sched_time_avg with what looks like random improvements. The default is 1000 on a normal Ubuntu Desktop 10.10. I have tried both 100 and 250, and 250 is what I am currently using. Change it like this:

$ sudo sysctl kernel.sched_time_avg=250

I was previously using KDE while recording, but found out that several background processes like Akonadi Server was running and stealing resources. The window manager seemed slow. I guess I have an I/O issue somewhere, but I just don’t know where. Maybe the SCSI drive or maybe the graphics card which is an old ATI Radeon 8500.

I an now running Openbox with Konsole, as a command line (in an X server) is all I need to both record and watch the result with mplayer afterwards. I feel it goes a little bit smoother.

The most effect, as I figured out, was setting the quality option of lavrec a little lower. Recording with the quality set to 100 might result in unstable recording with lost frames if there is the slightest delay in the system, and eventually lavrec just exits with an error.

I tried setting the quality to 80, just to give it a try, and it was recording much more smoothly with less dropped frames. It looks like lavrec now handles jitter much better.

I am now trying out a quality of 90 which also seems good. A little lost frames now and then, but I guess that occurs mostly between recordings since I am able to record several minutes from a single scene without a single frame drop.

This is the command I use now:

$ aoss lavrec --mjpeg-buffers 512 --mjpeg-buffer-size 8192 -f q -d 1 -i p -q 90 -s -R l -U ""

So, my best tip to avoid lost frames and lavrec crashes is to lower the quality a little.

Video capture the old way on new Ubuntu 10.10

6. november 2010 · 3 Kommentarer

Like probably many people, I have a lot of old analog video recordings on HI-8 and VHS tape I just have forgotten to keep up to date with technology. I guess it’s time to start capturing video. Soon…

First, the camcorders charger is broken, and buying a new one is kind of difficult, but luckily, I got to borrow one from some friends.
Second, I managed to find the last working VHS player I got. A little dusty.
Third, since Mini-DV is kind of legacy as well, I decided to copy those on to my computer as well, if I ever manage to find the camcorder. Got the charger, remote and the casing, but no camcorder. Oh well…

Find the best composite or S-Video cables you can dig up, because this job you only want to do once. I got my overly priced Monster composite cables, ready to start. Soon…

Ok, so I’ve got an analog video capture card that I, in the old days, used with Windows 98 and pulled my hair out to get working on Windows 2000. The card is a Zoran based Pinnacle/Miro DC10+. That’s history. Sort of. I still got the video capture card.

What I also got is the latest Ubuntu Linux 10.10, also known as Ubuntu Maverick, which comes with the somewhat great ALSA audio support. I say somewhat because this version of Ubuntu lacks the legacy OSS compability driver in the Linux kernel. In other words it makes it harder to record or play audio from older kinds of programs, such as lavrec.

lavrec is the video and audio capture application from the MJPEG video tools package. It is the tool recommended for capturing video from the DC10+ card on Linux, but it lacks ALSA support. However, you can get a OSS wrapper program named aoss from the Ubuntu alsa-oss package which provides OSS is most cases for those old applications.

This is how I do video and audio recording, from the command line, enter something like this:

$ aoss lavrec -f a -i p -q 100 -s -R l -U dc10-out.avi

Make sure that the correct recording input line is selected for CAPTURE in alsamixer -V capture such as Line or Mic. I recommend you capture a 10 second test and check the sound.

How to build PHP extension tidy as shared object

26. oktober 2010 · Comments Off

If you already got a PHP installation setup, you may need another extension/module from the PHP source tree.

You can build and install that single module from the source while keeping the rest of the PHP installation intact, but the documentation of building shared PHP modules is poor.

In my case I needed the tidy extension, and here’s how to do it

 $ # extract the PHP source code and enter the directory
 $ ./configure --with-tidy=shared
 $ find . -name

Then copy the file to the modules directory of the PHP installation.

The important part here is the shared keyword, which is poorly documented. I had to inspect a RPM spec file to figure it out.

Debugging Google Maps in Android applications – uses-library

20. juli 2010 · Comments Off

If your application is failing with a ClassNotFoundException of the class, then the uses-library tag might be misplaced or missing from the application manifest XML.

When adding Google Maps to your Android application, make sure that the <uses -library>-tag is inside the <application>-tag of the manifest XML. This might be obvious, but I got this wrong and it took me a long time to figure out the real reason for the error.

<uses -library android:name="" />

Debugging MythTV 0.23 and ivtv

8. juli 2010 · Comments Off

If you have a Hauppauge PVR-500 card and recently upgraded Ubuntu to latest 10.04 Lucid, then you might have had problems viewing live TV.

The quick fix might be to just install the package “ivtv-utils” and to reconfigure the video input/sources with mythtv-setup.

I also had a problem with disconnects and warnings of wrong protocol version. I cleaned out the database and deployed a new database with the sql file from /usr/share/mythtv/sql. That might be because of some badly configured IP-addresse for the backend and master, but I could actually not see why it changing from my LAN IP-address to would have anything to do with it.

Anyway… Try installing ivtv-utils first. After installing that package the MPEG2 capture card selection becomes available. First I tried using the v4l option, but that didn’t work, not even any useful log messages to work with.

Debugging your Android application

9. januar 2010 · Comments Off

I am novice on Android application development, slowly starting to understand the architecture. I particularly like that communication between applications and data storage are resource centric. But anyway…

If you have been developing mobile applications for Android you have most likely seen some exceptions in the Eclipse debugger that you don’t understand, maybe not the tiniest bit. This mostly has to do with lack of experience with the API combined with the strict way that Android sets up views and restricts which threads that are allowed to draw and control the views, along with other concurrency issues.

Starting up your application in the emulated Android environment is not the fastest thing to do, so how can you debug your applications in a little more snappier way? – In short, I really don’t know.

What I want is a sane error message with a stack trace of my application code, but since I can’t get that, I have to debug my application in other ways.

Break points
By setting a breakpoint in your code on places where you think the bug might exist, you can step through your source code until the application fails.

The cons of this are that it is time consuming to do all the manual step by step operations, it’s a boring way of debugging and the exception message you get might not be understandable to you.

The Android API provides a Log class that can be used to log messages and exceptions. It took me some time to figure out how to read the log messages, but the Android Eclipse plugin provides a LogCat view.

To show the LogCat view in Eclipse, you go to “Window”, “Show View”, “Other …”, expand the “Android” category and then open the “LogCat” view.

Example output from the LogCat view.

01-09 16:56:52.069: ERROR/Listings(1064): Failed to get trip listings
01-09 16:56:52.069: ERROR/Listings(1064): java.lang.RuntimeException: Example of exception logging
01-09 16:56:52.069: ERROR/Listings(1064):     at no.ut.trip.Listings$

The example above shows an error message on the first line, the exception class and message on the second line, with the stack trace on the following lines. Might be helpful.

Don’t sort on tokenized strings in Solr

15. desember 2009 · Én kommentar

Apache Solr is a very powerful index and search engine. Unfortunately it does have some flaws, at least I think this issue is somehow not “by design”.

If you are going to use a field to sort on, make sure you use one of the native data types in Solr, and don’t enable any tokenizer on that data type. If you do, you might end up with HTTP 500 Internal Server Error and error log messages like this:

SEVERE: java.lang.RuntimeException: there are more terms than documents in field “title”, but it’s impossible to sort on tokenized fields

I found out that I had been using a data type with some filters and a tokenizer on a couple of fields, quite unnecessary since I don’t do any search on them. I have another field that I do search on. I only use these fields for display and sort.

Keep it simple. Use “string” for strings you don’t have to search on. If you have to do both search and sort on a field, make two fields. For example, name one of them like “title.sort”.

Cowboy coding

9. desember 2009 · Én kommentar

Cowboy coding seems interesting, and it might be just that I have been doing when developing Madcow, a PHP web framework.

However, it is not the same as Scrum. Many projects tend to fail using the Scrum methodology, possibly because of the lack of clearly defined roles, and then fall back to something looking like Cowboy Coding.

Unfortunately, it seems that the project I am currently working on at work is exactly that, Cowboy Coding, not Scrum…

Could not dupe: Bad file descriptor

8. september 2009 · 2 Kommentarer

Ok, so I have been debugging a Perl application that I wrote about six months ago. Basically it creates some meta data and copies files to other user accounts using SSH.

For file transfer it uses File::RsyncP and for remote control it uses Net::SSH::Perl. Some times I get the error message Could not dupe: Bad file descriptor. Not a very informative error message, but I had an idea that it might have something to do with the file transfer. After I restart the application, running as a FastCGI web application, everything works, for a short while, then it breaks again.

I found out that it stops working right after I end my SSH connection, after debugging and restarting the application. After some research I found out it had something to do with the loss of STDIN. My best guess is that SSH needs STDIN to be able to read the password entered by the user, but I use keys for authentication, so I won’t need STDIN at all for interacting with SSH.

I tried different tactics to keep STDIN open. Running it using nohup did not help. Then I tried starting up the web application using screen, and now it still runs several hours after logging out from the server.

I don’t like this workaround very much. So if anyone has a better solution to this problem, I would love to hear about it.

A possible solution might be to redirect STDIN to a temporary file. Anyone had success doing this with Net::SSH::Perl or File::RsyncP?

How to not tell about a security breach?

7. september 2009 · Én kommentar

WordPress is breached, again. I guess I run an unsecure version of WordPress, but I’m not sure. All I am told is that i don’t runt he latest version of WordPress and that I should upgrade, because upgrading is easy.

No, it’s not easy. I keep history of my webpage in Subversion, so every time I need to upgrade WordPress I need to add the new version into Subversion in the vendor branch, merge in the changes in a WordPress current branch and then merge the changes into trunk of my web page. Why I do this, you say? No software is perfect, WordPress is far from it, so I need to alter some core code from time to time. That’s why.

Ok, back to the topic. Matt Mullenweg does not tell me in his blog post (link above) anything about what versions of WordPress that are potential targets for this Internet worm that exploits this security breach, nor what part of the code that makes it possible, not even how to patch it up. The entire blog post is just explaining that security holes do happen and some theory about how to protect yourself from it. Nothing concrete. Not very useful.

Read your Opentracker statistics with WWW::Opentracker::Stats

1. april 2009 · Comments Off

WWW::Opentracker::Stats is a Perl library for retrieving and parsing statistics from the BitTorrent tracker opentracker. Opentracker provides web services for various statistics, such as the current number of peers, seeders and complete downloads for each torrent.

Opentracker is a robust and fast bittorrent tracker. It does not store anything on your disks while running, all is run in memory. From the webpage of opentracker:

One important design decision of opentracker was to not store any data persistently. This reduces wear&tear on hard disks and eliminates problems with corrupt databases.

To retrieve statistics you need to query opentracker regularly, parse the reply and store the statistics in your database so you later can follow the popularity of your torrents and detect patterns in popularity and user actions. This Perl package can be of great help for you if you are looking into torrent distribution for your content.

Howto bypass Weblogic security model

28. oktober 2008 · 2 Kommentarer

Oracle Weblogic (former BEA Weblogic) enforces a security model by default that is unhealthy for developers writing REST web services or other kinds of web applications using HTTP Authentication for security.

By default, when sending an HTTP Authentication header, Weblogic will check its own security realms for users matching the username and password. If there is no match, a 401 UNAUTHORIZED response is sent directly back to the client, without ever hitting your web application code. That takes care of the security, i guess…

This might sound like a good idea, except for those cases when your application is able to handle its own authentication. How can your application handle security when the request never hits your code?

Another problem, as i see it, is that Weblogic enforces this security model even for web application that are configured with no security at all. You can use your web application as much as you like, as long as you don’t send any HTTP Authentication headers. But when you decide to send an HTTP Authentication header like that, just for fun or when navigating from another website after being authenticated, Weblogic decides on your applications behalf that you are no longer worthy enough to use your application. That sucks…

The solution
The solution? Yes, you can bypass the security model of Weblogic, at least for those applications that does not rely on the web containers security. It took me many weeks of frustration before I found a solution to my problem, but I got there…

Shutdown your admin server and open the config/config.xml file for editing. Add the following XML code into the <security -configuration> node:


Start the admin server again. Then you need to restart all the application servers to make the change take effect. Restart them one by one to avoid downtime… you are of course running a cluster right? ;)