Thanks for the reply. So can I safely assume that there's no way to tell the browser to send the Authorization request header without sending a 401 Authorization header first. Darn! I guess I'll have to maintain a session between the browser - Controller jsp/servlet - Secure resources. The session is maintained between the browser and the Controller jsp/servlet. And I guess I'll have the Controller jsp/servlet format the Authorization header with other request headers when making any requests on behalf of a browser.
Thanks. RS Phillip Morelock <[EMAIL PROTECTED]> on 04/23/2002 05:27:24 PM Please respond to "Tomcat Users List" <[EMAIL PROTECTED]> To: Tomcat Users List <[EMAIL PROTECTED]> cc: Subject: answer: HTTP authentication headers behavior expectations this is HTTP AFAIK the only way a browser can send BASIC authentication credentials is: 1) you send them a 401 and the browser prompts the user 2) you format all your links as http://user:[EMAIL PROTECTED]/ but i am not even sure if all browsers will "correctly" use this, at least in the fashion you're intending. Many browsers will automatically retransmit credentials to a realm that has been previously encountered in the (browsing) session, but this is not guranteed behavior and is certainly not required by any kind of specification around HTTP-BASIC authentication, AFAIK. phillip On 4/23/02 3:17 PM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > > Is there a way using a servlet/jsp to tell the browser to send the > Authorization request header without sending a prior "401 Authorization > required" reponse header. > Well it goes like this: > We have a Basic Authentication setup on some of our resources. We would > like the user to bypass the authorization dialog box. The user could post > the userid/pwd to a jsp/servlet which then redirects to the requested > resource (protected) with the credentials. This way the user can access > protected resources without encountering the authorization dialog box. But > after the user had made the first request and tries to access another > resource, the authorization dialog box pops up because the browser hasn't > authorized. It's the jsp/servlet that has. So is there some way to tell the > browser to send a Authorization header without sending a 401 reponse code > back? > > Thanks in advance. > RS > > > > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
