Win a copy of Java Concurrency Live Lessons this week in the Threads forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Poking Values into the HTTP Header  RSS feed

 
Chris Gastin
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a servlet that I want to poke values into the HTTP Header for basic authentication, and redirect the request to a JSP or HTML Page. Can someone help
For example a user requests.

securedir directory is secured by Basic Authentication, so the user can not get to page.html without a user name and password.
I want my serlvet to take this request, and
poke the Base64 encode Username and password into the HTTPHeader, so that it will be a passthrough/single signon feature.
Has anyone every tried this, and do you have any suggestions.
Thanks
Chris
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
(I believe) Basic Authentication also accepts the form username:password@www.domain.com
Your Servlet could accept the request then redirect to the above URL
Another possibility is to write a Cookie from your domain to the other domain, but this is blocked by many security features like Firewalls. Then again, setting a Cookie is not the same as performing Basic Authentication.
My guess is that beyond the first solution, you'll find this is a security feature that is not supported in HTTP due to the possible problems it could cause.
Dave
[ February 08, 2003: Message edited by: David O'Meara ]
 
Chris Gastin
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yea I know that you can use
username:password@www.domain.com
I don't the username and password to be revealed by the URL.
[ February 09, 2003: Message edited by: Chris Gastin ]
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!