Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Can you bypass login screen?

 
Kelly Dolan
Ranch Hand
Posts: 109
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there any way a client browser can bypass a login screen to a protected servlet (e.g., requiring BASIC or FORM authentication) by passing in its login credentials with the request?

Specifically, I'm using JBoss and I have the following scenario. I'm open to suggestions in the case I'm doing something really strange.

I have a requirement to allow a user to authenticate with my web application via a certificate or user id/password. Since a WAR file can only be configured one way, I'm considering standing up a dummy servlet configured for certificate authentication which will then redirect (in some way) the request to the application which is configured for user id/password authentication. The dummy servlet will be able to, given the certificate, look up the user id/password for the user so it has the information the application needs to authenticate. However, I have not found a way to pass this information to the application in such a way that if provided, the login screen is not displayed. The application needs to be protected because users that do not have a certificate will go directly to the application URL and will need to be prompted for a user id/password.

Thanks to any and all help!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic