Torsten,

On 10/28/15 8:19 AM, Torsten Rieger wrote:
> I have a legacy java-SOAP-client that only supports BASIC authentication
> (send the Authorization: Basic... header) and a AngularJS application that
> consumes a REST-service (also sending the Authorization: Basic header).
> 
> The server supports two kinds of deployment: Standalone with an embedded
> Jetty-server and as war-file for app-servers (most of them are
> tomcat-server). I try to suppress the browser BASIC-login-dialog for the
> REST-service-calls from AngularJS.
> On Jetty I modify the 401-responses and replace the "WWW-Authenticate"
> header by anything else than "BASIC" and that works, now I try to find a
> solution for the deployment on tomcat servers.
> 
> Rewrite (unset header in responses) with an apache proxy in front of the
> tomcat is unfortunately not a solution I can implement.
> 
> So I'm looking for a solution to remove or modify the headers in 401
> responses on application server level.

So you just want to disable HTTP BASIC authentication? Why not just
remove the <auth-method> from web.xml and disable authentication entirely?

Are you saying that when you connect using a REST client, the client
shows a login dialog in a web browser? That sounds ... weird. The REST
client should see the WWW-Authenticate header and either (a) fail or (b)
re-try with credentials you have provided to it.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to