Weblogic will by default attempt to authenticate any HTTP Basic credentials, even if the URI being accessed does not fall within a statically declared web.xml security constraint. Doesn’t seem like a reasonable default to me, but anyways there is a means to change this behaviour, the enforce-valid-basic-auth-credentials setting: To set the enforce-valid-basic-auth-credentials flag, perform the following steps:
<enforce-valid-basic-auth-credentials> element to config.xml within the <security-configuration> element.
|
|
It’s a shame there isn’t an equivalent setting in the weblogic.xml deployment descriptor.