This discussion is archived
0 Replies Latest reply: Jul 10, 2013 3:03 AM by 800839 RSS

Weblogic server removing username & password in SOAP HEADER JAXWS

800839 Newbie
Currently Being Moderated

 

Hi,

 

I have the LDAP authentication and authorization configured in weblogic 10.4 (container managed)with user and group details
in a securiy realm.
Similarly in my web.xml I have configured the

<security-constraint>
<auth-contraint>

for the respective user and group.

 

In weblogic.xml I have configured, the respective container security as well.

Like

<security-role-assignment/>

 

Now I am removing the container security with the user defined custom security.

Hence I have removed all the container security config from the weblogic as well as in the code.

My application is a webservice app, when I get a SOAP request with username & password in the header

some how weblogic server is removing the header which contains the username & password (reading the soap request

through SOAPHandler). Why this behavior is happening? If I dont  remove the container security it is working fine.
Needless to say my application is deployed in weblogic 10.4

 

Please clarify.

 

Thanks.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points