I am using Basic authentication for a web site. I have an
applet embedded in one of my web pages. The problem is that when I access the page with the applet, I am presented with the authentication dialog box again.
The first time I access the site, the client sends the following unauthenticated header to the server,
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; windows 98)
Host: 10.10.10.200
Connection: Keep-Alive
The server then requires authentication and sends a request for 'Basic Authentication'
This leads to a dialog box with a user and password field.
(The box contains a field which reads 'Realm: myWeb Server')
If the correct user and password are supplied, then the server recieves to additional lines for further requests in the header.
Accept: */*
Authorization: Basic Zdsdf......
Access is then granted to all pages with the Mozilla user agent.
When I goto the page containing the
java applet, the client sends
Accept-Language: en-us
...
User-Agent: Java1.3.0
Accept: text/html, ....
with no authentication field.
This causes the server to request authentication for this new user agent.
An authentication dialog is then presented in the client, but now, instead of having a 'Realm' field, it has a field which reads 'Resource: myWeb Server'
For completeness, the tag for the java applet in the web page follows.
(OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" width="640" height="480" id="filemanager"
codebase="./j2re1_3_0-win.exe#Version=1,3,0,0")
(PARAM NAME="codebase" VALUE="/filemanager")
(PARAM NAME="code" VALUE="FileManager.class")
(PARAM NAME="type" VALUE="application/x-java-applet;version=1.2.2")
(param name="MAYSCRIPT" value="true")
(param name="name" value="filemanager")
(param name="scriptable" value="true")
(COMMENT)
(EMBED type="application/x-java-applet;version=1.2.2" width="640" height="480" MAYSCRIPT=true name=filemanager scriptable=true
code="FileManager.class" codebase="/filemanager")
(NOEMBED)(/COMMENT)
No JDK 1.3 for APPLET!!!
(/NOEMBED)
(/EMBED)
(/OBJECT)
As I am relatively new to web programming, so I may be missing something obvious. I was wondering if
1) There is a way to prevent this second authentication request?
2) If not, is there a way to direct the failed second login to a web page? Right now, if I enter the incorrect user/password pair at the second authentication dialog, it just hangs.
Thanks,
Jeff