On 28.10.2015 15:39, Christopher Schultz wrote:
Torsten,

On 10/28/15 8:19 AM, Torsten Rieger wrote:
I have a legacy java-SOAP-client that only supports BASIC authentication
(send the Authorization: Basic... header) and a AngularJS application that
consumes a REST-service (also sending the Authorization: Basic header).

The server supports two kinds of deployment: Standalone with an embedded
Jetty-server and as war-file for app-servers (most of them are
tomcat-server). I try to suppress the browser BASIC-login-dialog for the
REST-service-calls from AngularJS.
On Jetty I modify the 401-responses and replace the "WWW-Authenticate"
header by anything else than "BASIC" and that works, now I try to find a
solution for the deployment on tomcat servers.

Rewrite (unset header in responses) with an apache proxy in front of the
tomcat is unfortunately not a solution I can implement.

So I'm looking for a solution to remove or modify the headers in 401
responses on application server level.

So you just want to disable HTTP BASIC authentication? Why not just
remove the <auth-method> from web.xml and disable authentication entirely?

Are you saying that when you connect using a REST client, the client
shows a login dialog in a web browser? That sounds ... weird. The REST
client should see the WWW-Authenticate header and either (a) fail or (b)
re-try with credentials you have provided to it.


Yes, but if the SOAP-client is an applet in the browser, chances are that in order to collect the user credentials that it needs, it uses the internal browser mechanism, which pops up the dialog to obtain these user credentials.
So not so weird necessarily.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to