If you would like to do the authentification in Java application running on Oracle WebLogic, you will probably wonder why the Authentification-Header does not reach the Filter.

By default, weblogic intercepts the request and forwards only validated Authentification-Headers.

If you would like to bypass this check and implement the full logic in your application, then you have to modify the following file

user_projects/domains/YOURDOMAIN/config/config.xml

Insert the following snippet in the <security-configuration> section:

<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials> 


Source: Coderanch