• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

WebLogic 12.1.2.1: auth-method DIGEST not supported?

 
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I need to apply security constraints to our new web application. I tried setting the auth-method to DIGEST in web.xml, but Chrome still showed that Basic was used (Authorization:Basic xxxxx). I checked the log files, but that showed the following:

####<23-jun-2014 13:49:33 uur CEST> <Warning> <HTTP> <PC0075> <AdminServer> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <63a28fec-54a7-4362-bf8d-a275eeada121-000006c8> <1403524173403> <BEA-101317> <The Web application: ServletContext@20973321[app:test module:test path:null spec-version:3.0] has specified "DIGEST" as the auth-method in web.xml, which is not implemented. Will default to BASIC.>


Is is true that WebLogic 12.1.2.1 (the latest one) does not even support one of the four required authentication methods? If so, how can it have been JEE certified? (I guess it helps that Oracle owns Java now...)

FYI, the login config from web.xml:
This does work with an auth-method of FORM (with the proper login and error pages), but that's just as secure as Basic (as in, not secure at all).
reply
    Bookmark Topic Watch Topic
  • New Topic