tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier (tomcat) ...@ice-sa.com>
Subject Re: AW: Suppress or replace WWW-Authorization header
Date Wed, 28 Oct 2015 16:50:57 GMT
On 28.10.2015 16:55, chris derham wrote:
>> No, container BASIC authentication should be enabled, the container should
>> handle the authentication, but the browser should not show his ugly default
>> login dialog when I request resources from the REST-service with wrong
>> credentials.
>> When the REST-client (web-application in the browser) receives a failed
>> login with a WWW-Authenticate header, the default dialog of the browser will
>> be shown... that’s what I want to suppress.
>>
>> When I remove the (a) <login-config> or (b) <auth-method>  sending requests
>> with credentials will not work anymore (a: 403 forbidden; b: deployment
>> fails). But that's not a solution because the rest-service should be still
>> protected and I need to authenticate via "Authentication: Basic ....."
>> header send credentials, but I don't want to show the ugly browser-dialog to
>> the users.
>>
>> Using a AngularJS Client with REST-services based on tomcat should be a
>> common use-case, it could not be that I'm the first one who wants a custom
>> login-screen. :-/
>>
>> -torsten
>
> Torsten,
>
> Add an interceptor to AngularJS to detect the 401 and do whatever you
> want, e.g. redirect to a login page. Then when you have the
> credentials, submit to login rest api, get a token, and then make all
> other calls passing this token.
>
> There are loads of examples on how to do this on the internet. This
> isn't tomcat specific.
>
> function globalInterceptorResponse($injector, $q) {
>      return {
>          'response': function (response) {
>              return response;
>          },
>          'responseError': function (rejection) {
>              switch (rejection.status) {
> ...
>                  case 401:
>                      console.warn("Hit 401 - redirecting to login");
>                      window.location = '/login';
>                      break;
> ...
>                  default:
>                      console.warn(rejection);
>              }
>              return $q.reject(rejection);
>          }
>      };
> }
> globalInterceptorResponse.$inject = ['$injector', '$q'];
>
> then in request config,
>
> $httpProvider.interceptors.push(globalInterceptorResponse);
>
>
> Chris
>

What is maybe not totally clear for the OP above, is that the above is done at the level 
of the client (browser).  Not at the tomcat level.

(Which is maybe also why Torsten did not find anything when he previously searched the web

: he was searching with the wrong keywords).



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message