This discussion is archived
0 Replies Latest reply: Dec 10, 2012 8:27 AM by 979018 RSS

Weblogic server BASIC Authentication not prompting for username

979018 Newbie
Currently Being Moderated
I created a very simple Weblogic 10.3.5 web application with BASIC Authentication that for some reason doesn't prompt for the username and password. I believe the web.xml and weblogic.xml are created properly. The entire application is below.

It consists of two files:

index.html -- that anyone should be able to load
remoteuser.jsp -- that only people in 'group' should be able to load

I added an <auth-constraint> for all JSPs (*.jsp), such that only users in 'group' should be able to load them. However, when I load the url "/remoteuser.jsp", it displays "The remote user is null", and doesn't prompt for a username and password. The causes the JSP to also print out null instead of the remote user's name.

The <auth-method> is, of course, set to BASIC.

I currently don't even have any groups defined in Weblogic's Security Realm, because I want to watch it fail first.

According to this Weblogic documentation (http://docs.oracle.com/cd/E15051_01/wls/docs103/security/thin_client.html#wp1037337), I believe that I'm doing everything correctly.

Do I have to modify the Weblogic Security Realm's Authentication Provider? Or some other setting?

I know that I'm doing something silly, but can't see it. Please help!

-----
SOURCE FILES

web.xml

<web-app>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>

<security-constraint>
<web-resource-collection>
<web-resource-name>JSPs</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>group</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>

<security-role>
<role-name>group</role-name>
</security-role>
</web-app>

-----
weblogic.xml

<weblogic-web-app>

<security-role-assignment>
<role-name>group</role-name>
<principal-name>group</principal-name>
</security-role-assignment>

</weblogic-web-app>
-----
remoteuser.jsp

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Remote User</title>
</head>
<body>
<p>
Only users in "group" should be able to load this page.
</p>
<p>
The remote user is <%= request.getRemoteUser() %>
</p>
</body>
</html>
-----
index.html

<html>
<head><title>WebLogic Test</title></head>

<body>
Everyone should be able to see this.
</body>
</html>

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points