tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andre-John Mas <aj...@sympatico.ca>
Subject Re: Basic authentication without a secure connection
Date Sun, 03 May 2009 14:29:25 GMT

On 3-May-2009, at 08:11, Tokajac wrote:

>
>> Now why would you want to do that ?
> I want to connect applications: one is running on Tomcat (Java/ 
> Struts) with
> another (php).
>
> I have an application running on Tomcat that has a link to other  
> application
> which is on another server. Application on another server is  
> protected with:
> http://en.wikipedia.org/wiki/Basic_access_authentication
> http://en.wikipedia.org/wiki/Basic_access_authentication
>
> I want to pass credentials after link is clicked, so I don't need to  
> fill
> the username and password informations. I see that I might need to  
> add row:
> "Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
> in the request header.
>
>
> Is this possible to do? How?

Is your Tomcat proxying a connection, or do you an application that  
needs
information from another application, but is not exposed to the user?

If it is the latter, then you could look at using Apache HttpClient:

http://hc.apache.org/httpclient-3.x/

and then adding the header in the request.

If the user is going to be accessing the application directly, then  
there
is a reason the security is in place and you should not over-ride it,  
unless
you are sure the people who protected the resource are fine with it.  
If the
resource is requires authentication, then I would be surprised they  
would be
okay with it, but I am not going to make any assumptions.

André-John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message