Stop Weblogic from validating basic authentication automatically

If you have custom code written in your web service/application that uses basic authentication. And you don't want the weblogic to authenticate the user. Instead you want to write the authentication in your application code.

Weblogic by default automatically authenticates the user if it finds an authentication in the HTTP header against the realm and gives a “404 – unauthorized” back. This will happen even if you don't have any security configured in your web.xml.

To stop this from happening.
Add  <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>  in the <security-configuration> tag  inside config.xml of your Weblogic domain. 
 
for e.g.

<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd">
  <name>base_domain</name>
  <domain-version>12.1.3.0.0</domain-version>
  <security-configuration>
    <name>base_domain</name>
    <realm>
      <sec:authentication-provider xsi:type="wls:default-authenticatorType">
        <sec:name>DefaultAuthenticator</sec:name>
      </sec:authentication-provider>
      <sec:authentication-provider xsi:type="wls:default-identity-asserterType">
        <sec:name>DefaultIdentityAsserter</sec:name>
        <sec:active-type>AuthenticatedUser</sec:active-type>
      </sec:authentication-provider>
      <sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType">
        <sec:name>XACMLRoleMapper</sec:name>
      </sec:role-mapper>
      <sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType">
        <sec:name>XACMLAuthorizer</sec:name>
      </sec:authorizer>
      <sec:adjudicator xsi:type="wls:default-adjudicatorType">
        <sec:name>DefaultAdjudicator</sec:name>
      </sec:adjudicator>
      <sec:credential-mapper xsi:type="wls:default-credential-mapperType">
        <sec:name>DefaultCredentialMapper</sec:name>
      </sec:credential-mapper>
      <sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType">
        <sec:name>WebLogicCertPathProvider</sec:name>
      </sec:cert-path-provider>
      <sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
      <sec:name>myrealm</sec:name>
      <sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
        <sec:name>SystemPasswordValidator</sec:name>
        <pas:min-password-length>8</pas:min-password-length>
        <pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
      </sec:password-validator>
    </realm>
    <default-realm>myrealm</default-realm>
    <credential-encrypted>{AES}yU9xHRMY0WFsY6F4Yf6DQ09xjtmR7VPGpdrwT+c7kaXxSB8Wky+64z8kZ+fBudis+VsHIMoFCjo7zqaF2aVfCY6RHeorI90oo8siu+wn31duct2QI1CmhRKuCCZylPei</credential-encrypted>
    <node-manager-username>weblogic</node-manager-username>
    <node-manager-password-encrypted>{AES}6iWAp7ftiYlStgO/SyX9iHQ0frHRYdcHkzagtc9hoE8=</node-manager-password-encrypted>
    <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
  </security-configuration>

How to Deploy ADF10g applications on Weblogic 12C.

You might ask me why, we had a scenario where it’s easier to manage fewer variety of application servers.  legacy 10g applications will be replaced by new applications in a couple of years. Until then reduce infrastructure’s load.

Weblogic Server Setup.

You might ask me why, we had a scenario where it’s easier to manage fewer types of application servers.  And it was too expensive to re write legacy 10g applications and decided to let some new systems take over the old applications. Until then reduce infrastructure team’s load and their ability to train. 

1. Create a basic Weblogic domain. And add clusters and servers as required
   
   
2. Once the servers are set up and running.
   
   If you need JDeveloper to be able to deploy directly to the server
   Go to the admin console and select servers and go to Protocols - > HTTP and check “Enable Tunneling”.
   This is only needed if you want to deploy from jdeveloper 10.1.3 directly
   
   
3. Create necessary data sources for the application.

JDeveloper 10.1.3.4 setup

You need Weblogic 9.x‘s weblogic.jar to configure JDeveloper 10g to be able to deploy directly to Weblogic 12c.  I was able to find it in DOC ID 1401953.1.

1. Copy the Weblogic.jar (Weblogic 9.x) from Weblogic server/lib directory to /jdev/lib/ext directory in JDeveloper 10g.
   
   You can create a Weblogic 9.2 connection and point the server to 12c to be able to deploy as illustrated in the images below
   
   
   
   
   
   
   
   

ADF 10g Application Setup.

Couple of problems I faced was some JSF and Oracle libraries were loaded through Weblogic.jar. When I added the 10g libraries in the CLASSPATH, some of the classes were loaded earlier as a part of Weblogic.jar and causing problems. Adding a PRE-CLASSPATH was not helping as Weblogic need the latest version of some jars files to start up. So the only option I found was to load the required libraries as a part of WEB-INF lib for 12c. In case of Weblogic 10.x you could load the required libraries as a part of CLASSPATH.

1. Add required Weblogic descriptors.
   Add weblogic.xml in WEB-INF.
2. Add the required jars in the application classpath
   I added the below jars in the classpath
   
   

   adf-connections.jar	bc4jctejb.jar	concurrent.jar	ojdbc6dms.jar	ordhttp.jar	translator.jar
   adfbinding.jar	bc4jdomorcl.jar	dc-adapters.jar	ojdl.jar	ordim.jar	wsclient.jar
   adfcm.jar	bc4jimdomains.jar	dms.jar	ojmisc.jar	osdt_cert.jar	wsdl.jar
   adfm.jar	bc4jmt.jar	http_client.jar	ojpse.jar	osdt_core.jar	wssecurity.jar
   adfmweb.jar	bc4jmtejb.jar	jazncore.jar	oracle-el.jar	osdt_saml.jar	xml.jar
   adfs-jazn.jar	bc4jsyscat.jar	jdev-cm.jar	oraclepki.jar	osdt_wss.jar	xmlef.jar
   adfs.jar	cache.jar	jsp-el-api.jar	orajaxr.jar	osdt_xmlsec.jar	xmlparserv2.jar
   adfshare.jar	collections.jar	mdds.jar	orasaaj.jar	runtime12.jar	xsdlib.jar
   antlr.jar	commons-cli-1.0.jar	mdsrt.jar	orawsdl.jar	share.jar	xsqlserializers.jar
   bc4jct.jar	commons-el.jar	ojdbc6.jar	orawsrm.jar	toplink.jar	xsu12.jar
   	adfmtl.jar	adfui.jar	bc4jdomgnrc.jar

3. Make sure you have the below tag in the Weblogic.xml
   <container-descriptor>
   <prefer-web-inf-classes>false</prefer-web-inf-classes>
   <prefer-application-packages>
   <package-name>javax.faces.*</package-name>
   <package-name>com.sun.faces.*</package-name>
   <package-name>com.bea.faces.*</package-name>
   <package-name>oracle.*</package-name>
   </prefer-application-packages>
   <prefer-application-resources>
   <resource-name>javax.faces.*</resource-name>
   <resource-name>com.sun.faces.*</resource-name>
   <resource-name>com.bea.faces.*</resource-name>
   <resource-name>META-INF/services/javax.servlet.ServletContainerInitializer</resource-name>
   </prefer-application-resources>
   </container-descriptor>
   

Debugging Weblogic 12c applications using JDeveloper 10g.

I use remote Debugger. Since the Weblogic was running on my local machine. I did not find any lag and it was smooth.
Below are the steps to add remote debugging

1. Change startWebLogic.cmd to add the below line
   set JAVA_OPTIONS=-Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,address=4000,server=y,suspend=n
   
   
2. Restart your Weblogic for this to take effect.
3. Now in JDeveloper. Right click on the project you want to debug. And click on Run/Debug and Edit as in the image below.
   
4. Check Remote Debugging and Profile
   
   
5. Click on the Remote
   
   Change Protocol to “Attach with JPDA”
   Give the host and leave defaults for the other.
   
6. When you want to debug. You can right click on the class you want to debug and hit “Start remote Debugger”.