I have a restful web service which is protected using HTTP Basic
authentication with LDAP
provider.
After deploying the application to WebLogic, it prompts for authentication twice upon invocation.
First by Spring Security Then by WebLogic Server.
Further investigation on the subject reveals that client requests that use HTTP BASIC authentication must pass WebLogic Server authentication, even if access control is not enabled on the target resource.
As an option (provided in the answer), WebLogic's authentication can be disabled through the following configuration in config.xml:
<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
But it will affect all the other applications deployed in the same domain. And I want this for a specific app only.
Appreciate any suggestions.