Setting config.xml for WebLogic in Oracle’s jDeveloper

This post is a two-fer.  For those of you that are drinking the Oracle KoolAid, you’ve no doubt been using Oracle’s JDeveloper lately, especially since WebCenter Spaces and Services require it to do anything substantive with them.  In the 10.x line, Oracle incorporated WebLogic (bloatware, IMO, but that’s another post entirely) as the default Application Server for debugging your apps.

The first tip here is that by default WebLogic Server looks at the Authentication Header, and even if you’re your code and app is set to allow anonymous access, if there’s any HTTP Authentication header, WebLogic fails to handle the requests and throws up a browser login dialog:

This has caused me headaches with PublisherEditor, which uses the ALUI Publisher Web Service to run.  The Publisher web service by default uses authentication headers, so the Publisher authentication headers get sent to my portlet code.  Fortunately, the fix for this is pretty straight-forward and documented: add the following to your config.xml file:

<enforce-valid-basic-auth-credentials>
false
</enforce-valid-basic-auth-credentials>

The second tip: what if you’re using jDeveloper, which bundles this monstrosity called WebLogic?  Where’s that stupid web.config file?  The answer:  when you’re starting your app, look for the “Wrote Web Application Module” line:

In my case, the line was putting the application’s .war file in C:\Documents and Settings\Administrator\Application Data\JDeveloper\system11.1.1.2.36.55.36\o.j2ee\drs\PublisherEditor\PublisherEditorWebApp.war.

The config.xml file you’re looking for is up a couple folders, in that “system” folder (which has the version number), under DefaultDomain/config/: C:\Documents and Settings\Administrator\Application Data\JDeveloper\system11.1.1.2.36.55.36\DefaultDomain\config\config.xml.

Of course.

Stop debugging first (because, naturally, jDeveloper overwrites any changes you make to this file when you stop debugging – I mean, why WOULDN’T it!?).  Then add the enforce-valid-basic-auth-credentials line right before </security-configuration>:

… and you should be good to go next time you run your app. Happy coding!

Tags: , ,

Leave a Reply