cdivilly

Search

//

home

Latest Post

Weblogic & Basic Auth

Posted by cdivilly ⋅ December 16, 2011

Weblogic will by default attempt to authenticate any HTTP Basic credentials, even if the URI being accessed does not fall within a statically declared web.xml security constraint. Doesn’t seem like a reasonable default to me, but anyways there is a means to change this behaviour, the enforce-valid-basic-auth-credentials setting:

To set the enforce-valid-basic-auth-credentials flag, perform the following steps:

Add the <enforce-valid-basic-auth-credentials> element to config.xml within the <security-configuration> element.

...
<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
</security-configuration>
...

Start or restart all of the servers in the domain.

It’s a shame there isn’t an equivalent setting in the weblogic.xml deployment descriptor.

Continue Reading Comments Off java, notetoself, Uncategorized

Twitter

Matthew Garret on why computer to TV interfacing is so awful: http://t.co/ytAQYPdI 1 week ago
Kudos to the folks @ Nokia who created http://t.co/zGF1yncD, it's compelling #nokia #webgl http://t.co/EKd18igt 3 weeks ago
why we're on the internet, and why we're not in space: http://t.co/75LLRm8M 1 month ago
@thatjeffsmith re-mastered your blog for you, no need to thank me #geocities http://t.co/8phtbsY7 1 month ago
lunch conversation reminded me of an amusing bug report I once received, a certain surname causing probs: http://t.co/JVgzWVAC #fail #java 1 month ago

Follow @cdivilly

cdivilly

Blog at WordPress.com. Theme: The Morning After by WooThemes.

cdivilly

Search

Latest Post

Weblogic & Basic Auth

Recent Posts

Pages

Twitter

Follow “cdivilly”