tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andre-John Mas <>
Subject Re: Basic authentication without a secure connection
Date Sun, 03 May 2009 14:29:25 GMT

On 3-May-2009, at 08:11, Tokajac wrote:

>> Now why would you want to do that ?
> I want to connect applications: one is running on Tomcat (Java/ 
> Struts) with
> another (php).
> I have an application running on Tomcat that has a link to other  
> application
> which is on another server. Application on another server is  
> protected with:
> I want to pass credentials after link is clicked, so I don't need to  
> fill
> the username and password informations. I see that I might need to  
> add row:
> "Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
> in the request header.
> Is this possible to do? How?

Is your Tomcat proxying a connection, or do you an application that  
information from another application, but is not exposed to the user?

If it is the latter, then you could look at using Apache HttpClient:

and then adding the header in the request.

If the user is going to be accessing the application directly, then  
is a reason the security is in place and you should not over-ride it,  
you are sure the people who protected the resource are fine with it.  
If the
resource is requires authentication, then I would be surprised they  
would be
okay with it, but I am not going to make any assumptions.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message