Torsten, On 10/28/15 8:19 AM, Torsten Rieger wrote: > I have a legacy java-SOAP-client that only supports BASIC authentication > (send the Authorization: Basic... header) and a AngularJS application that > consumes a REST-service (also sending the Authorization: Basic header). > > The server supports two kinds of deployment: Standalone with an embedded > Jetty-server and as war-file for app-servers (most of them are > tomcat-server). I try to suppress the browser BASIC-login-dialog for the > REST-service-calls from AngularJS. > On Jetty I modify the 401-responses and replace the "WWW-Authenticate" > header by anything else than "BASIC" and that works, now I try to find a > solution for the deployment on tomcat servers. > > Rewrite (unset header in responses) with an apache proxy in front of the > tomcat is unfortunately not a solution I can implement. > > So I'm looking for a solution to remove or modify the headers in 401 > responses on application server level.
So you just want to disable HTTP BASIC authentication? Why not just remove the <auth-method> from web.xml and disable authentication entirely? Are you saying that when you connect using a REST client, the client shows a login dialog in a web browser? That sounds ... weird. The REST client should see the WWW-Authenticate header and either (a) fail or (b) re-try with credentials you have provided to it. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org