I created a very simple Weblogic 10.3.5 web application with BASIC Authentication that for some reason doesn't prompt for the username and password. I believe the web.xml and weblogic.xml are created properly. The entire application is below.
It consists of two files:
index.html -- that anyone should be able to load
remoteuser.jsp -- that only people in 'group' should be able to load
I added an <auth-constraint> for all JSPs (*.jsp), such that only users in 'group' should be able to load them. However, when I load the url "/remoteuser.jsp", it displays "The remote user is null", and doesn't prompt for a username and password. The causes the JSP to also print out null instead of the remote user's name.
The <auth-method> is, of course, set to BASIC.
I currently don't even have any groups defined in Weblogic's Security Realm, because I want to watch it fail first.
According to this Weblogic documentation (http://docs.oracle.com/cd/E15051_01/wls/docs103/security/thin_client.html#wp1037337), I believe that I'm doing everything correctly.
Do I have to modify the Weblogic Security Realm's Authentication Provider? Or some other setting?
I know that I'm doing something silly, but can't see it. Please help!
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
Only users in "group" should be able to load this page.
The remote user is <%= request.getRemoteUser() %>
Everyone should be able to see this.