1 September 2015

Basic Authentication in Weblogic 10.3.x with Restful Webservices

Hi All,

Today I was trying to test on of the restful webservice with RESTClient plugg-in of Mozilla firefox. as shown below:



















As you can see that in the above screenshot I am trying to send the authentication parameter as well with request in request header.

But once I click on the send button, the webservice was not getting invoked and I was getting the following error :

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
<HTML>
<HEAD>
<TITLE>Error 401--Unauthorized</TITLE>
</HEAD>
<BODY bgcolor="white">
<FONT FACE=Helvetica><BR CLEAR=all>
<TABLE border=0 cellspacing=5><TR><TD><BR CLEAR=all>
<FONT FACE="Helvetica" COLOR="black" SIZE="3"><H2>Error 401--Unauthorized</H2>
</FONT></TD></TR>
</TABLE>
<TABLE border=0 width=100% cellpadding=10><TR><TD VALIGN=top WIDTH=100% BGCOLOR=white><FONT FACE="Courier New"><FONT FACE="Helvetica" SIZE="3"><H3>From RFC 2068 <i>Hypertext Transfer Protocol -- HTTP/1.1</i>:</H3>
</FONT><FONT FACE="Helvetica" SIZE="3"><H4>10.4.2 401 Unauthorized</H4>
</FONT><P><FONT FACE="Courier New">The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained in section 11.</FONT></P>
</FONT></TD></TR>
</TABLE>

</BODY>
</HTML>
 
 

But when I removed "Authorization" parameter then it started invoking.

I was wondered because the same piece of code was working on some other server but it is not working on weblogic. why ?

After some debug I got to know that the way restful webservice is authenticated on some other server is different from the way it get authenticated on weblogic server.

Actually in weblogic any request to application with "Authorization" header  is intercepted by WebLogic itself and is not passed to the application. WebLogic tries to make authentication itself.


So to resolve this issue you have to just add one line you config.xml file of your weblogic server which is present in <WL_DOMAIN_HOME>/config as follows:

<security-configuration>
    <name>hgbu_domain</name>
    <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
  </security-configuration>


After putting this just restart the weblogic server and then check with RESTClient. Now it should invoke the webservice properly.

Happy Coding:)

1 on: "Basic Authentication in Weblogic 10.3.x with Restful Webservices"
  1. Your solution would have worked in previous versions of WebLogic but in case of WebLogic 12c, my Server shuts down after restarting.
    Anyway, thanks for your answer.

    ReplyDelete