Re: AW: Suppress or replace WWW-Authorization header

Wed, 28 Oct 2015 09:52:25 -0700 

On 28.10.2015 16:55, chris derham wrote:

No, container BASIC authentication should be enabled, the container should
handle the authentication, but the browser should not show his ugly default
login dialog when I request resources from the REST-service with wrong
credentials.
When the REST-client (web-application in the browser) receives a failed
login with a WWW-Authenticate header, the default dialog of the browser will
be shown... that’s what I want to suppress.

When I remove the (a) <login-config> or (b) <auth-method>  sending requests
with credentials will not work anymore (a: 403 forbidden; b: deployment
fails). But that's not a solution because the rest-service should be still
protected and I need to authenticate via "Authentication: Basic ....."
header send credentials, but I don't want to show the ugly browser-dialog to
the users.

Using a AngularJS Client with REST-services based on tomcat should be a
common use-case, it could not be that I'm the first one who wants a custom
login-screen. :-/

-torsten


Torsten,

Add an interceptor to AngularJS to detect the 401 and do whatever you
want, e.g. redirect to a login page. Then when you have the
credentials, submit to login rest api, get a token, and then make all
other calls passing this token.

There are loads of examples on how to do this on the internet. This
isn't tomcat specific.

function globalInterceptorResponse($injector, $q) {
     return {
         'response': function (response) {
             return response;
         },
         'responseError': function (rejection) {
             switch (rejection.status) {
...
                 case 401:
                     console.warn("Hit 401 - redirecting to login");
                     window.location = '/login';
                     break;
...
                 default:
                     console.warn(rejection);
             }
             return $q.reject(rejection);
         }
     };
}
globalInterceptorResponse.$inject = ['$injector', '$q'];

then in request config,

$httpProvider.interceptors.push(globalInterceptorResponse);


Chris
What is maybe not totally clear for the OP above, is that the above is done at the level of the client (browser). Not at the tomcat level.
(Which is maybe also why Torsten did not find anything when he previously searched the web : he was searching with the wrong keywords). 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to