I am trying to configure basic authentication for a servlet deployed on Weblogic 12c. Here is my web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>TestServlets</web-resource-name>
<url-pattern>/ReasonServlet</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>TestServiceRole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
<security-role>
<role-name>TestServiceRole</role-name>
</security-role>
<servlet>
<servlet-name>ReasonServlet</servlet-name>
<servlet-class>com.test.go.track.servlets.ReasonServlet</servlet-class>
</servlet>
<servlet>
<servlet-mapping>
<servlet-name>ReasonServlet</servlet-name>
<url-pattern>/ReasonServlet</url-pattern>
</servlet-mapping>
Here is my weblogic.xml:
<security-role-assignment>
<role-name>TestServiceRole</role-name>
<principal-name>TestUsers</principal-name>
</security-role-assignment>
I also did the following:
- Created a user - test, created a group - TestUsers
- Added the user test to TestUsers
- created a role - TestServiceRole, added TestUsers group as role condition.
- Restarted weblogic after making these changes and application deployment.
Now when I try to access my servlet via browser, I dont get any pop-up to enter http userid/password. I am able to access the servlet as if there is no security configured.
However, when I test my servlet via SoapUI/java client, and explicitly set some wrong http credentials (base64 encoded userid:wrongpassword) in HTTP header (Authorization: Basic ), then weblogic rejects the request with a 401-authorization required error.
When there is no http authorization header in the request, the access is granted.
Is there some other configuration I am missing in weblogic? I want the basic authentication check to happen always whether there is http auth header is there or not.
Please help!! Struggling with this issue for the last 2 days..
Thanks!
It turned out to be a deployment issue from my side.. The configuration in my original post was just fine. thanks to those that responded to my question!!