Weblogic will by default attempt to authenticate any HTTP Basic credentials, even if the URI being accessed does not fall within a statically declared
web.xml security constraint. Doesn’t seem like a reasonable default to me, but anyways there is a means to change this behaviour, the
To set the
enforce-valid-basic-auth-credentials flag, perform the following steps:
- Add the
... <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials> </security-configuration> ...
- Start or restart all of the servers in the domain.
It’s a shame there isn’t an equivalent setting in the
weblogic.xml deployment descriptor.