tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tokajac <>
Subject Re: Basic authentication without a secure connection
Date Sun, 03 May 2009 18:06:29 GMT

Thank you  for the link, André-John!

User should access the application directly (not proxying).
as I see header is created for programatic access and not via browser.

Is it possible to do this when I use browser for accessing? How?



I opened this topic on

Andre-John Mas-4 wrote:
> On 3-May-2009, at 08:11, Tokajac wrote:
>>> Now why would you want to do that ?
>> I want to connect applications: one is running on Tomcat (Java/ 
>> Struts) with
>> another (php).
>> I have an application running on Tomcat that has a link to other  
>> application
>> which is on another server. Application on another server is  
>> protected with:
>> I want to pass credentials after link is clicked, so I don't need to  
>> fill
>> the username and password informations. I see that I might need to  
>> add row:
>> "Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
>> in the request header.
>> Is this possible to do? How?
> Is your Tomcat proxying a connection, or do you an application that  
> needs
> information from another application, but is not exposed to the user?
> If it is the latter, then you could look at using Apache HttpClient:
> and then adding the header in the request.
> If the user is going to be accessing the application directly, then  
> there
> is a reason the security is in place and you should not over-ride it,  
> unless
> you are sure the people who protected the resource are fine with it.  
> If the
> resource is requires authentication, then I would be surprised they  
> would be
> okay with it, but I am not going to make any assumptions.
> André-John
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View this message in context:
Sent from the Tomcat - User mailing list archive at

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message