问题
I tried adding
<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
inside the <security-configuration>
tag in config.xml of weblogic server 12.1.3 After I add this line my weblogic server goes to shutdown whenever i start up my server.
is there something wrong? I have attached my config.xml contents below
<domain-version>12.1.3.0.0</domain-version>
<security-configuration>
<name>mdm_domain</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType">
<sec:name>DefaultAuthenticator</sec:name>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:name>DefaultIdentityAsserter</sec:name>
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType">
<sec:name>XACMLRoleMapper</sec:name>
</sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType">
<sec:name>XACMLAuthorizer</sec:name>
</sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType">
<sec:name>DefaultAdjudicator</sec:name>
</sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType">
<sec:name>DefaultCredentialMapper</sec:name>
</sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType">
<sec:name>WebLogicCertPathProvider</sec:name>
</sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES}lWxYlHpEqfbODbLmeerJr6H86R6+lvszW466UpoYzuyh6X617HokRf/oKl3cZJM+JTXliBWwXFhAiC9G3JrbxYNBkXMUGqFSOicuMVJVD0tTCuTr6sfY7UPK9M40Vi4n</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{AES}loTlWUtqsyw7sq4ujEhLVDaHCv/s7k22k0KSacFO/Ww=</node-manager-password-encrypted>
<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
</security-configuration>
回答1:
My answer comes probably too late to help you, but it may help other people.
I met the same issue, and adding the 'enforce-valid-basic-auth-credentials' tag seems not to be enough.
Then, I added this flag via WLST :
connect('weblogicUser','weblogicPassword','t3://localhost:7001')
edit()
startEdit()
cd('SecurityConfiguration/Your_Domain')
set('EnforceValidBasicAuthCredentials','false')
save()
activate()
(Do not forget to edit with your weblogicUser, weblogicPassword, weblogic url and your domain in the 'cd' command...)
And after restarting my server, I looked in the config.xml file, and another tag has been added. Now, my config.xml file looks like that :
.........
<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
<use-kss-for-demo>true</use-kss-for-demo>
</security-configuration>
............
But this use-kss-for-demo
tag may depend on your weblogic configuration. So I strongly advise you to use the WSLT way to update this flag.
回答2:
If you get schema validation error, add tags as in below order.
<security-configuration>
......
<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-
credentials>
<use-kss-for-demo>true</use-kss-for-demo>
</security-configuration>
回答3:
Inside the weblogic below path - /app/weblogic/Oracle/Middleware/Oracle_Home/oracle_common/common/bin
script cane be written like below-
disableBasicAuth.py
connect('weblogic','password','t3://localhost:7001')
edit()
startEdit()
cd('SecurityConfiguration/<domain name>')
set('EnforceValidBasicAuthCredentials','false')
save()
activate()
After save. Run the Script like - ./wlst.sh disableBasicAuth.py
Above steps will solve basic auth interception by weblogic.
来源:https://stackoverflow.com/questions/35200866/error-adding-enforce-valid-basic-auth-credentials-to-config-xml