i have application needs 2 security http tags deployed in weblogic 10.3.6 server, spring framework 3.1.2 & spring-security-3.1.2 version: 1, form-based-login: direct logging in users using login page. 2. basic authentication: rest webservice calls.
i have added form_based_login successfully.-this works fine
appreciate direction basic auth rest webservices. basic authentication : weblogic pops-up additional pop-up have enter credentials of weblogic console.
to fix have found 2 approaches: 1. updating server config.xml file below tag:
<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials> reference: spring security http basic authentication
- adding adapter , applicationcontext-acegi-security.xml , weblogicauthenticationfilter
i 2nd approach not involve changes server configuration. great if 1 point me in right direction or example achieve this.
reference: http://docs.tpu.ru/docs/oracle/en/fmw/11.1.1.6.0/web.1111/e14453/security.htm
update : adding current spring-security configuration:
<http create-session="stateless" entry-point-ref="basicauthentrypoint" pattern="/api/**" use-expressions="true"> <intercept-url pattern="/api/listbyorderid" access="hasanyrole('role_user','role_admin')" /> <intercept-url pattern="/api/listbycustomerid" access="hasanyrole('role_user','role_admin')" /> <custom-filter ref="basicauthenticationfilter" after="basic_auth_filter" /> </http> <http auto-config="false" use-expressions="true" access-denied-page="/security/denied" entry-point-ref="authenticationentrypoint"> <intercept-url pattern="/security/login" access="permitall" /> <intercept-url pattern="/layouts/*" access="permitall"/> <intercept-url pattern="/tiles/*" access="permitall"/> <intercept-url pattern="/jquery/*" access="permitall"/> <intercept-url pattern="/css/*" access="permitall"/> <intercept-url pattern="/admin/css/*" access="permitall"/> <intercept-url pattern="/admin/images/*" access="permitall"/> <intercept-url pattern="/admin/ico/*" access="permitall"/> <intercept-url pattern="/admin/jquery/*" access="permitall"/> <logout invalidate-session="true" logout-url="/j_spring_security_logout" success-handler-ref="logoutsuccesshandler" delete-cookies="jsessionid"/> <!-- custom filter deny unwanted users though registered --> <custom-filter ref="blacklistfilter" before="filter_security_interceptor" /> <!-- custom filter username, password , domain. real customization done in customauthenticationmanager --> <custom-filter ref="authenticationfilter" position="form_login_filter" /> </http> thanks in advance.
spring security supports out of box. can take @ helloworld-jc java based configuration or helloworld-xml xml based configuration. given on servlet 2.5 weblogic 10.3.6 want use xml sample.
Comments
Post a Comment