<2015-05-17 20:59:29 CEST> <Warning> <Security> <BEA-090504> <Certificate chain received from graph.facebook.com - 31.13.93.3 failed hostname verification check. Certificate contained *.facebook.com but check expected graph.facebook.com> javax.net.ssl.SSLKeyException: Hostname verification failed: HostnameVerifier=weblogic.security.utils.SSLWLSHostnameVerifier, hostname=graph.facebook.com. at weblogic.security.SSL.jsseadapter.JaSSLEngine.doPostHandshake(JaSSLEngine.java:677) at weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:748) at weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:132) at weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:603) at weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.java:507) at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:96) at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:75) at weblogic.socket.JSSESocket.startHandshake(JSSESocket.java:219) at weblogic.net.http.HttpsClient.New(HttpsClient.java:563) at weblogic.net.http.HttpsClient.New(HttpsClient.java:534) at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:248) at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:636) at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37) at java.net.URL.openStream(URL.java:1037) at pl.windroos.shiro.FacebookRealm.readURL(FacebookRealm.java:84) at pl.windroos.shiro.FacebookRealm.doGetAuthenticationInfo(FacebookRealm.java:58) at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568) at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(ModularRealmAuthenticator.java:219) at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:269) at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270) at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256) at pl.windroos.shiro.FacebookLoginServlet.doGet(FacebookLoginServlet.java:53) at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) at javax.servlet.http.HttpServlet.service(HttpServlet.java:844) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:280) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:254) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:136) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:346) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79) at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:588) at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:273) at com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:546) at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWrapper.java:93) at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWrapper.java:93) at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWrapper.java:93) at oracle.adfinternal.view.faces.config.rich.RecordRequestAttributesDuringDispatch.dispatch(RecordRequestAttributesDuringDispatch.java:44) at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWrapper.java:93) at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWrapper.java:93) at org.apache.myfaces.trinidadinternal.context.FacesContextFactoryImpl$OverrideDispatch.dispatch(FacesContextFactoryImpl.java:167) at com.sun.faces.application.view.JspViewHandlingStrategy.executePageToBuildView(JspViewHandlingStrategy.java:364) at com.sun.faces.application.view.JspViewHandlingStrategy.buildView(JspViewHandlingStrategy.java:154) at org.apache.myfaces.trinidad.view.ViewDeclarationLanguageWrapper.buildView(ViewDeclarationLanguageWrapper.java:94) at org.apache.myfaces.trinidad.view.ViewDeclarationLanguageWrapper.buildView(ViewDeclarationLanguageWrapper.java:94) at org.apache.myfaces.trinidadinternal.application.ViewDeclarationLanguageFactoryImpl$ChangeApplyingVDLWrapper.buildView(ViewDeclarationLanguageFactoryImpl.java:322) at oracle.adfinternal.view.faces.lifecycle.ResponseRenderManager._processViewDefinitionLanguage(ResponseRenderManager.java:105) at oracle.adfinternal.view.faces.lifecycle.ResponseRenderManager.runRenderView(ResponseRenderManager.java:41) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._renderResponse(LifecycleImpl.java:1095) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:389) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:255) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:594) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:280) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:254) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:136) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:346) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:192) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79) at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:105) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:502) at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:502) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:327) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:229) at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79) at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79) at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:137) at java.security.AccessController.doPrivileged(Native Method) at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315) at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460) at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:120) at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:217) at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:81) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79) at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:220) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3436) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3402) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120) at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57) at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2285) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2201) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1572) at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:255) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311) at weblogic.work.ExecuteThread.run(ExecuteThread.java:263)
Best solution is using the Wildcarded Host Name Verifier.
- In the left pane of the Console, expand Environment and select Servers.
- Click the name of the server for which you want to disable host name verification.
- Select Configuration > SSL , and click Advanced at the bottom of the page.
- Set the Hostname Verification field to Custom Hostname Verifier.
- Set the Custom Hostname Verifier to
- In the left pane of the Console, expand Environment and select Servers.
- Click the name of the server for which you want to disable host name verification.
- Select Configuration > SSL , and click Advanced at the bottom of the page.
- Set the Hostname Verification field to None.
-Dweblogic.security.SSL.ignoreHostnameVerification=true