[resolved] ServletAuthentication weak() method in Weblogic 9.2.3 always return false value

Question

I am working on migrating Weblogic custom Authentication provider from version 8.1.5 to 9.2.3

In login servelet I have the following code

ServletAuthentication sa = new ServletAuthentication(LOGIN_USERNAME_LABEL, LOGIN_PASSWORD_LABEL);
int authenticated = sa.weak(request, response);

Above code always return

ServletAuthentication.FAILED_AUTHENTICATION

instead of

ServletAuthentication.AUTHENTICATED

I debug through the implementation modules, all values passing from form and values returned form database were all correct, but result of weak() is not correct.

Anyone resolved similar issue before? any help will be appreciated.

Answer 1

As commented. I post this as answer to my own question as it solved my problem.

The problem was solved. When I deployed Custom Authentication Provider and set the Control Flag to "SUFFICIENT" while control flag for Default Weblogic Authentication Provider was set to "REQUIRED" (by default). This give error and return failed value when validating user login. Custom Authentication Provider passed, but Default Weblogic Authentication Provider was not. Fixing it by set control flag for both to "SUFFICIENT"!