Tuesday, May 12, 2009

How to fix Basic Authentication issue on WebLogic 9.2/10.0/10.3 when using Acegi/Spring Security

HTTP Basic Authentication on WebLogic starting from version 9.2 (previous versions were not tested) works not correctly. The problem is that if there is some request to your application with "Authorization" header the request will be intercepted by WebLogic itself and will not be passed to your application. WebLogic will try to make authentication itself.

Such problem can occur in your application if you are using HTTP Basic Authentication with Acegi/Spring Security.

The only solution I have found to resolve the issue is to add


into the config.xml file (before closing tag



This configuration will resolve the issue.


Knurd said...

Works for WebLogic 11 too although the XML element was not present in my config.xml

Александр Трофимов said...

Thanks! Work in WebLogic 12. Unauthorized exception will be fixed!

Trey Harrison said...

I'm having the same issue with a Jersey web service. Any idea if I could include something in my web.xml to fix this?

Kiefer Head said...

You are the man! I can't tell you how many hours we put into trying to find a fix for this.

Website Error Fix said...

This really helpful post, I am searching for this type blog. Thanks a lot , for share with us. I have a website about website error fix. You are welcome from my site.

Unknown said...

There is a problem with setting enforce-valid-basic-auth-credential as false. When I add any other application to the server, this flag is agin set to true on its own. I am Searchig for alternative to bypass weblogic authentiction

gerardo marin rubi said...

al modificar el archivo config.xml ya no me permite iniciar el servidor desde jdeveloper, seguire buscando.