Disabling basic authentication?
How can i disable basic authentication in websphere 6.1? I have written example servelet In my war application i have defined something like this:
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-const开发者_StackOverflow社区raint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Example login/realm-name>
</login-config>
<servlet-mapping>
<servlet-name>ExampleServelet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
Now from UI any one with the http://server/example/* can authenticate and there wont be any logout for basic authentication.
How can i disable this avoid this situation?Due to some reason i cant use form based authentication?
@constantlearner: your question is vague. Do you want to disable authentication for whole application or just for a particular url-pattern.
for a particular url-pattern: just don't specify that in web-resource-collection tag. for whole application, u can go to WAS console-> secure administration--> uncheck "enable application security" checkbox and restart app.
Or if you want to be more specific with your authentication you can change your URL pattern:
<url-pattern>/justServletNeedingAuthentication</url-pattern>
精彩评论