The default values for Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS depend on whether the current thread is already associated with a user defined in the WebLogic security realm. If they are, then the values default to the current user. If not, these properties default to guest user.
You can set these properties in a jndi.properties file which has been placed where the application classloader can find it. Once the properties have been set, you can simply instanciate InitialContext by using the no-arg constructor.
where does the "guest" user come from? what do i have to do in order to disable this user? its like having all the security and still being able to access the server without passing any credentials!
Joined: Sep 29, 2002
The guest user may not be enabled by default - this depends on the version of WebLogic Server which you are running. In any case, you should never default to guest user if your user is defined in the WebLogic security realm.
To disable the guest user, do the following.
Go to the Change Center of the Administration Console, click Lock & Edit. Select your domain and select Compatibility Security > General. Now select the Guest Disable checkbox. You will need to reboot your server for this change to take effect.