constantlearner
constantlearner

Reputation: 5247

Disabling basic authentication?

How can i disable basic authentication in websphere 6.1? I have written example servelet In my war application i have defined something like this:

 <user-data-constraint>
          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>
    </security-constraint>
    <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>Example login/realm-name>
    </login-config>



    <servlet-mapping>
        <servlet-name>ExampleServelet</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>

Now from UI any one with the http://server/example/* can authenticate and there wont be any logout for basic authentication.

How can i disable this avoid this situation?Due to some reason i cant use form based authentication?

Upvotes: 0

Views: 1917

Answers (2)

Gurnard
Gurnard

Reputation: 1775

Or if you want to be more specific with your authentication you can change your URL pattern:

 <url-pattern>/justServletNeedingAuthentication</url-pattern>

Upvotes: 1

ag112
ag112

Reputation: 5697

@constantlearner: your question is vague. Do you want to disable authentication for whole application or just for a particular url-pattern.

for a particular url-pattern: just don't specify that in web-resource-collection tag. for whole application, u can go to WAS console-> secure administration--> uncheck "enable application security" checkbox and restart app.

Upvotes: 2

Related Questions