sharing authorization headers

Jane Trois Wed, 20 Sep 2000 07:14:43 -0700
----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files.  Don't make us guess your problem!!!
----------------------------------------------------------------

I have a servlet running with JServ 1.0 on Apache
1.3.12, running on Linux (Redhat 6.0)

I've added some user authentication to the servlet so
that certain HTML forms, which are for admins, are
generated by the servlet and are password protected.
So for example, if a user wanted to see one of these
forms, the servlet first checks if there is an
Authorization header and then based on that either
forces the browser to prompt for a username/password
(dialog box) or goes ahead and displays the form.  I
have my own mechanism for authenticating users in the
servlet.

There some links to images within these HTML forms
which are served through Apache (not the servlet), and
 are protected using Apache security...  but using the
same usernames and passwords as for the HTML forms.  

The idea is to have it appear like (at least to the
end user) both the servlet and Apache are using the
same usernames and passwords with a single login.  The
problem is, it looks like the Authorization header
does not get passed in with the Apache GET requests.
So after the user logs in through my servlet, s/he
will have to log in again for the first file GET on
Apache, which everyone around me seems to agree is
really ugly user-interface-wise!

Is there anyway to avoid this?  Can I somehow share
Authorization headers between Apache and my servlet,
or at least let Apache be able to see all
Authorization headers from my servlet (even visa versa
would be helpful)?  Ideas for workarounds would be
helpful.

Thanks!

Jane


__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/


--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Search Archives: 
<http://www.mail-archive.com/java-apache-users%40list.working-dogs.com/>
Problems?:           [EMAIL PROTECTED]
sharing authorization headers

Reply via email to
