tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthew Mauriello" <mm578...@albany.edu>
Subject Re: Question about BASIC Authentication
Date Thu, 01 Jul 2010 01:54:32 GMT
Christopher,

First off, I really appreciate your responses.

Unfortunately I do not have a link that I can send out.

I generally use Mozilla Firefox, Microsoft recently implemented a patch
that prevents http://user:password@website.com/SOLR/ from working.

So on this consistent implementation method, how do websites grant access
to public sites and secure certain sections? Or is this a problem because
I have two separate applications deployed and I am trying to navigate
between both?

Thanks again,

~Matt



> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Matthew,
>
> On 6/30/2010 8:20 PM, Matthew Mauriello wrote:
>> The behavior seems rather strange to me in fact, I've seen other
>> websites
>> run on what looks to be BASIC Authentication without popping these
>> browser
>> messages when leaving secured sections.
>
> Most websites use HTTP AUTH consistently, at least for a particular URL
> prefix.
>
>> See the http://user:password@website.com/SOLR is only used once and it
>> might actually be http://user:password@website.com/SOLR/ I have to look
>> into this.
>>
>> I feel like the authentication cookie is being created for the user and
>> then being forwarded to every page the user visits after that.
>>
>> I am hoping to find some way of preventing this behavior.
>
> Well, for starters, what web browser are you using? Can you give me a
> sample URL that I can use to play with a test version of your webapp?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkwr76cACgkQ9CaO5/Lv0PACLQCgjmn6kpeN1L3uQPuxpUEbHT8C
> W/UAn1iaKySqcMfZNuttx7MjHYr6EqX4
> =Yxdn
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message