0 Replies Latest reply: Feb 4, 2013 11:36 AM by 955747 RSS

    WL-10.3.5 Error Creating Wildcard Hostname Verifier for Facebook OAuth


      I am writing an application that uses OAuth for 3rd party login. However, Weblogic 10.3.5 does not by default accept the way Facebook uses a wildcard in their SSL Certificate.
      Caused By: javax.net.ssl.SSLKeyException: [Security:090504]Certificate chain received from graph.facebook.com - failed hostname verification check.
      Certificate contained *.facebook.com but check expected graph.facebook.com
      So I am attempting to use a Custom Hostname Verifier that implements the weblogic.security.SSL.HostnameVerifier interface, to use instead of the standard BEA Hostname Verifier. I have packaged into a jar, my CustomHostnameVerifier class that implements the weblogic.security.SSL.HostnameVerifier interface. Here's where I might be running into trouble. To make this class available on the weblogic classpath, I have tried placing the jar in various weblogic lib directories on my development machine. (%WL_HOME%\wlserver_10.3\server\lib) And then in the weblogic console's advanced settings for SSL on the DefaultServer, I select that I want to use a Custom Hostname verifier, and provide the full class name of my class: my.package.prefix.CustomHostnameVerifier.

      Now when I reboot and try connecting with Facebook, a ClassNotFoundException is thrown:
      Caused By: weblogic.utils.NestedRuntimeException: [Security:090563]Cannot create instance of Hostname Verifier my.package.prefix.CustomHostnameVerifier...
      Caused By: java.lang.ClassNotFoundException: my.package.prefix.CustomHostnameVerifier
      I have checked that the class is in fact accessible from the jar, and have also used the start-up argument:
      , instead of and in addition to the SSL tab settings in the console. I've found no luck so far using suggestions from documentation and the web. I was just hoping someone might know what I'm doing wrong here, or be able to point me in the right direction for properly making classes available to weblogic.