Weblogic & Basic Auth

Posted by cdivilly ⋅ December 16, 2011

Filed Under basic auth, Servlet, weblogic

Weblogic will by default attempt to authenticate any HTTP Basic credentials, even if the URI being accessed does not fall within a statically declared web.xml security constraint. Doesn’t seem like a reasonable default to me, but anyways there is a means to change this behaviour, the enforce-valid-basic-auth-credentials setting:

To set the enforce-valid-basic-auth-credentials flag, perform the following steps:

Add the <enforce-valid-basic-auth-credentials> element to config.xml within the <security-configuration> element.

...
<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
</security-configuration>
...

Start or restart all of the servers in the domain.

It’s a shame there isn’t an equivalent setting in the weblogic.xml deployment descriptor.

Discussion

Comments are closed.

Twitter

My bet for the JSON hyper-linking proposal that will prevail: http://t.co/AmlcU9Wl #json #rest 2 weeks ago
Matthew Garret on why computer to TV interfacing is so awful: http://t.co/ytAQYPdI 1 month ago
Kudos to the folks @ Nokia who created http://t.co/zGF1yncD, it's compelling #nokia #webgl http://t.co/EKd18igt 1 month ago
why we're on the internet, and why we're not in space: http://t.co/75LLRm8M 2 months ago
@thatjeffsmith re-mastered your blog for you, no need to thank me #geocities http://t.co/8phtbsY7 2 months ago

Follow @cdivilly

cdivilly

Blog at WordPress.com. Theme: The Morning After by WooThemes.

cdivilly

Search

Weblogic & Basic Auth

Share this:

Discussion

Comments are closed.

Twitter

Follow “cdivilly”