I have deployed a webservice with a custom AuthenticationHandler:
When I deploy it on resin or WebSphere, everythings works fine, but when I deploy it on WebLogic, I always get a (401)Authorization Required.
WebLogic somehow "bypasses" my custom authentication implementation, when I provide credentials.
If I don't provide any credentials, I actually hit my custom authentication handler, but if i do provide credentials, it seems that WebLogic intercepts the call and tries to authenticate the provided user, which fails (as it should), and my implementation is never called.
So basically my question is: how do I stop WebLogic from trying to "take over" authentication ??
(I know this is a somewhat aging thread but in case this is of use to anyone else...)
If your custom authentication is using HTTP basic authentication, this is most likely your problem:
The default behavior of Weblogic is to intercept HTTP basic authentication headers and handle them itself, even if no security is configured for the application. To switch this behavior off, add this line