I have a JAX-RS web service that validates users from WebLogic's embedded LDAP.
It currently communicates with the client using HTTP Basic Authentication. Because browsers intercept this HTTP 401 response and provide their own dialog, I would like to convert it to use digest authentication instead (so that the browser doesn't get involved).
I have changed the security realm's DefaultAuthenticator (to enable Password Digest) and DefaultIdentityAsserter (to set active token types to "wsse:PasswordDigest"), but it didn't make any difference.
I then changed the web service's deployment descriptor (i.e. web.xml) to have a login-config section:
This also had no effect that I could tell.
Does anyone have any suggestions about what else I have to do? Or how I can debug what WebLogic is doing when it receives the HTTP request?
Does that mean that the documentation (http://docs.oracle.com/middleware/1212/wls/SCOVR/concepts.htm#SCOVR136) is wrong, or am I misunderstanding what it's talking about?
WebLogic Server users must be authenticated whenever they request access to a protected WebLogic resource. For this reason, each user is required to provide a credential (for example, a password) to WebLogic Server. The following types of authentication are supported by the WebLogic Authentication provider that is included in the WebLogic Server distribution:
Earlier versions of Weblogic Server did not have support for Digest. From this document it appears that they have added support in the latest release.
Can you try to create a new authentication provider and see if they have added some kind digest identity asserter?
You can go to Server - > Debug -> expand weblogic -> expand servlet -> enable DebugHTTP
This will give u some idea, u can also enable webservices debug.