Question

1
Replies
488
Views
ManjunathaM6763 Member since 2017 6 posts
ING Vysya Bank Ltd
Posted: 2 years ago
Last activity: 2 years 4 months ago
Closed

Container Managed Authentication - Basic Authorization

Hi Team,

We have implemented container managed authentication in our organization. We got a security test done for our application and found that authorization header has been set to Basic and username and password are base64 encoded. Its very easy to decode the username and password and which is an security threat for the application.

Can you help how to disable basic authorization and what are the secured types we can use.

Solutions Tried:

We can enable form based authentication in web.xml by modifying the below tag

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>PegaRULES</realm-name>
</login-config>

Regards

Manju

Security
Moderation Team has archived post
Share this page LinkedIn