> No, container BASIC authentication should be enabled, the container should
> handle the authentication, but the browser should not show his ugly default
> login dialog when I request resources from the REST-service with wrong
> credentials.
> When the REST-client (web-application in the browser) receives a failed
> login with a WWW-Authenticate header, the default dialog of the browser will
> be shown... that’s what I want to suppress.
>
> When I remove the (a) <login-config> or (b) <auth-method> sending requests
> with credentials will not work anymore (a: 403 forbidden; b: deployment
> fails). But that's not a solution because the rest-service should be still
> protected and I need to authenticate via "Authentication: Basic ....."
> header send credentials, but I don't want to show the ugly browser-dialog to
> the users.
>
> Using a AngularJS Client with REST-services based on tomcat should be a
> common use-case, it could not be that I'm the first one who wants a custom
> login-screen. :-/
>
> -torsten
Torsten,
Add an interceptor to AngularJS to detect the 401 and do whatever you
want, e.g. redirect to a login page. Then when you have the
credentials, submit to login rest api, get a token, and then make all
other calls passing this token.
There are loads of examples on how to do this on the internet. This
isn't tomcat specific.
function globalInterceptorResponse($injector, $q) {
return {
'response': function (response) {
return response;
},
'responseError': function (rejection) {
switch (rejection.status) {
...
case 401:
console.warn("Hit 401 - redirecting to login");
window.location = '/login';
break;
...
default:
console.warn(rejection);
}
return $q.reject(rejection);
}
};
}
globalInterceptorResponse.$inject = ['$injector', '$q'];
then in request config,
$httpProvider.interceptors.push(globalInterceptorResponse);
Chris
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
