tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tokajac <imre_to...@hotmail.com>
Subject Re: Basic authentication without a secure connection
Date Sun, 03 May 2009 18:06:29 GMT

Thank you  for the link, André-John!


User should access the application directly (not proxying).
On
http://hc.apache.org/httpclient-3.x/tutorial.html
as I see header is created for programatic access and not via browser.

Is it possible to do this when I use browser for accessing? How?


Regards

P.S.

I opened this topic on
http://www.coderanch.com/t/442467/Security/Basic-authentication-without-secure-connection
also








Andre-John Mas-4 wrote:
> 
> 
> On 3-May-2009, at 08:11, Tokajac wrote:
> 
>>
>>> Now why would you want to do that ?
>> I want to connect applications: one is running on Tomcat (Java/ 
>> Struts) with
>> another (php).
>>
>> I have an application running on Tomcat that has a link to other  
>> application
>> which is on another server. Application on another server is  
>> protected with:
>> http://en.wikipedia.org/wiki/Basic_access_authentication
>> http://en.wikipedia.org/wiki/Basic_access_authentication
>>
>> I want to pass credentials after link is clicked, so I don't need to  
>> fill
>> the username and password informations. I see that I might need to  
>> add row:
>> "Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
>> in the request header.
>>
>>
>> Is this possible to do? How?
> 
> Is your Tomcat proxying a connection, or do you an application that  
> needs
> information from another application, but is not exposed to the user?
> 
> If it is the latter, then you could look at using Apache HttpClient:
> 
> http://hc.apache.org/httpclient-3.x/
> 
> and then adding the header in the request.
> 
> If the user is going to be accessing the application directly, then  
> there
> is a reason the security is in place and you should not over-ride it,  
> unless
> you are sure the people who protected the resource are fine with it.  
> If the
> resource is requires authentication, then I would be surprised they  
> would be
> okay with it, but I am not going to make any assumptions.
> 
> André-John
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Basic-authentication-without-a-secure-connection-tp23347310p23358168.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message