-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matthew,
On 6/30/2010 12:07 AM, Matthew Mauriello wrote: > I have two directories in 'webapps' other than ROOT. ROOT redirects users > to webappA. WebappA does not use tomcat's basic authentication but if you > log into the application there are links inside it that sends the user to > the SOLR webapp via http://user:passw...@website.com/SOLR. Ok. > SOLR uses basic authentication. The problem is once the browser logs into > SOLR the error message pops up when navigating back to WebappA. Where is webappA deployed? /webappA? Generally, when the server requests BASIC authentication, the client will then provide credentials to the server for the original URL plus any URLs that are "under" it. I wonder if you used "http://user:passw...@website.com/SOLR/" (note the trailing slash) if you might avoid this behavior. I think the browser sees http://user:passw...@website.com/SOLR, removes the SOLR from the end (because it thinks that's the name of the resource), and then anything starting with http://website.com/ will then get the HTTP AUTH headers. > I understand this isn't the greatest setup but other than the constant pop > up message after logging into SOLR it meets the needs of the very few > users on the website. It's odd that your web browser complains about this... it implies that the browser pre-fetches the URL /without/ the authentication header, just to see if the server replies with a request-for-authentication header. That's actually kind of a nice security feature. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwrUfoACgkQ9CaO5/Lv0PAETACeONnx4nYQFXLwud13KCb9Nu0Z GkkAnj28Iz5yxZaZzJGOi7sZThMcZY62 =50Ze -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org