Monthly Archives: April 2009

Bypass default Authentication and Authorization handlers for Weblogic

This has come up a few times now – it seems like every time we set up a new server. Starting in Weblogic 9.0, if the headers were there, Weblogic tried to authenticate using its own authentication handler, which of course, knows nothing about our users (in our application, anyway). This issue was logged in our JIRA and whenever I need the info, I look it up there, but since it comes up often, this might be a better place for it.

The gist of it is, edit the config.xml file located in WEBLOGIC_HOME\user_projects\domains\dbo2domain\config. Look for the following lines in the security-configuration node:

<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>xxxxxxxxxxxxxxxxxxxx</node-manager-password-encrypted>

You just need to add the following line directly after them:

<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>

Then restart the server and you should be all set.