This article describes how to disable UDDI and UDDI Explorer functionality in WebLogic Server. You may not be using this feature and be looking to disable non-required applications.
See the following documentation before determining if this is for you:
Fusion Middleware Programming Advanced Features of JAX-WS Web Services for Oracle WebLogic Server 10.3.6
https://docs.oracle.com/middleware/11119/wls/WSADV/uddi.htm
Getting Started With Installation for Oracle WebLogic Server
https://docs.oracle.com/cd/E28280_01/web.1111/e13751/getst.htm#GETST109
Once you have determined that your deployed applications are not using this feature, this document provides the steps to disable the /uddi and /uddiexplorer applications.
SOLUTION
Note: If the supplied UDDI applications presents a security issue as the reason for looking to disable it, the recommended action is to apply the latest Patch Set Update from Note 1470197.1 to fix known issues with all WebLogic Server supplied applications. If there is a further issue, please report findings to Oracle.
Update January 2019 - See CVE-2019-2395 in the January 2019 Advisory. Beginning with WLS PSU 10.3.6.0.190115, the UDDI related internal app is disabled. No further action is required. You may optionally delete the files, as was previously documented below. After you apply a newer PSU, the files will be placed on the system again due to patching mechanisms, but will be disabled. The UDDI app is seldom used and is no longer recommended due to associated security issues. The UDDI related internal app may be re-enabled with a system property -Dweblogic.wsee.skip.uddi=false when starting WebLogic Server. (When skip is set to false, then deployment will occur at startup, i.e., it will not be skipped).
Once you have determined that your deployed applications are not using this feature, below is what you need to do to disable UDDI and UDDI Explorer:
- From WL_HOME/server/lib, delete uddi.*, specifically:
uddi.properties
uddi.war
uddiexplorer.war
You can also move the files somewhere else if you want to keep the copies (recommended). However, be sure that you move them entirely out of the server/lib area.
- In your domain, delete the uddi and uddiexplorer cache files, specifically:
DOMAIN_HOME/servers/AdminServer/tmp/.internal/uddi.war
DOMAIN_HOME/servers/AdminServer/tmp/.internal/uddiexplorer.war
and the expanded folders for the same:
DOMAIN_HOME/servers/AdminServer/tmp/_WL_internal/uddi folder
DOMAIN_HOME/servers/AdminServer/tmp/_WL_internal/uddiexplorer folder
Again, you can move the files elsewhere, but be sure to move them entirely out of the domain.
- After you have removed all of these files, start (or restart) your domain. You should see warning messages like these in your startup log (and/or sysout):
<Warning> <Deployer> <BEA-149617> <Non-critical internal application uddi was not deployed. Error: [Deployer:149158]No application files exist at '<WL_HOME>\server\lib\uddi.war'.>
<Warning> <Deployer> <BEA-149617> <Non-critical internal application uddiexplorer was not deployed. Error: [Deployer:149158]No application files exist at '<WL_HOME>\server\lib\uddiexplorer.war'.>
After the server restarts, pulling up UDDI Explorer fails with a 404 error, confirming that the UDDI Explorer has been disabled.