401 Returned when authenticate via HttpClient on WebLogic

Question

I have REST based services deployed in WebLogic Application Server 12 which uses Spring Security for authentication using BASIC Auth. Previously I found out that WebLogic has a bug where it intercept a call if request has Authorization header in it.

I found a very helpful link which solves this issue by disabling <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials> this in config.xml of WebLogic. Now if I access my service via POSTMan it works great and Spring handles the security.

After this I write some automated test which uses Apache Common HttpClient library to call my service, but I am continuously getting 401 Unauthorised from WebLogic. My client code is as follows;

httpClient = new HttpClient();
        httpClient.getState().setCredentials(
            new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT),
            new UsernamePasswordCredentials(
                    getTestUsername(config.getUsername()), 
                    getTestPassword(config.getPassword()))
            );

I tried putting auth pref to Basic, adding Authorization header to my request even setting auth to Preemptoive to true everything it still the same.

One thing I am sure is that Weblogic is intercepting my call from Java Standalone client somehow! because in Response Headers i get 'realm: weblogic' which is incorrect as it should be 'realm: Spring Security Application', more strangely I am able to access the same URL from POSTMan with the same security credentials. Am I missing anything?

Answer 1

Yes, I confirm that Weblogic intercepts your call.

You have to enforce the <enforce-valid-basic-auth-credentials> tag to false in your weblogic config.xml file.

Please take a look at Error adding enforce-valid-basic-auth-credentials to config.xml and http://www.dba-oracle.com/t_weblogic_bypass_basic_authentication.htm