If you have custom code written in your web service/application that uses basic authentication. And you don't want the weblogic to authenticate the user. Instead you want to write the authentication in your application code.
Weblogic by default automatically authenticates the user if it finds an authentication in the HTTP header against the realm and gives a “404 – unauthorized” back. This will happen even if you don't have any security configured in your web.xml.
To stop this from happening.
Add <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials> in the <security-configuration> tag inside config.xml of your Weblogic domain.
for e.g.
<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd"> <name>base_domain</name> <domain-version>12.1.3.0.0</domain-version> <security-configuration> <name>base_domain</name> <realm> <sec:authentication-provider xsi:type="wls:default-authenticatorType"> <sec:name>DefaultAuthenticator</sec:name> </sec:authentication-provider> <sec:authentication-provider xsi:type="wls:default-identity-asserterType"> <sec:name>DefaultIdentityAsserter</sec:name> <sec:active-type>AuthenticatedUser</sec:active-type> </sec:authentication-provider> <sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"> <sec:name>XACMLRoleMapper</sec:name> </sec:role-mapper> <sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"> <sec:name>XACMLAuthorizer</sec:name> </sec:authorizer> <sec:adjudicator xsi:type="wls:default-adjudicatorType"> <sec:name>DefaultAdjudicator</sec:name> </sec:adjudicator> <sec:credential-mapper xsi:type="wls:default-credential-mapperType"> <sec:name>DefaultCredentialMapper</sec:name> </sec:credential-mapper> <sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"> <sec:name>WebLogicCertPathProvider</sec:name> </sec:cert-path-provider> <sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder> <sec:name>myrealm</sec:name> <sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType"> <sec:name>SystemPasswordValidator</sec:name> <pas:min-password-length>8</pas:min-password-length> <pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters> </sec:password-validator> </realm> <default-realm>myrealm</default-realm> <credential-encrypted>{AES}yU9xHRMY0WFsY6F4Yf6DQ09xjtmR7VPGpdrwT+c7kaXxSB8Wky+64z8kZ+fBudis+VsHIMoFCjo7zqaF2aVfCY6RHeorI90oo8siu+wn31duct2QI1CmhRKuCCZylPei</credential-encrypted> <node-manager-username>weblogic</node-manager-username> <node-manager-password-encrypted>{AES}6iWAp7ftiYlStgO/SyX9iHQ0frHRYdcHkzagtc9hoE8=</node-manager-password-encrypted> <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials> </security-configuration>
No comments:
Post a Comment