WebLogic is intercepting credentials passed to webservice
Joined: May 27, 2008
Hi all - hope someone can help me.
I have deployed a webservice with a custom AuthenticationHandler:
When I deploy it on resin or WebSphere, everythings works fine, but when I deploy it on WebLogic, I always get a (401)Authorization Required.
WebLogic somehow "bypasses" my custom authentication implementation, when I provide credentials.
If I don't provide any credentials, I actually hit my custom authentication handler, but if i do provide credentials, it seems that WebLogic intercepts the call and tries to authenticate the provided user, which fails (as it should), and my implementation is never called.
So basically my question is: how do I stop WebLogic from trying to "take over" authentication ??
All security is default, i.e. only DD (and there is no security conf in web.xml), no url-mappings or anything.
Only the default "myrealm" security realm.
Joined: Dec 14, 2011
(I know this is a somewhat aging thread but in case this is of use to anyone else...)
If your custom authentication is using HTTP basic authentication, this is most likely your problem:
The default behavior of Weblogic is to intercept HTTP basic authentication headers and handle them itself, even if no security is configured for the application. To switch this behavior off, add this line