| |||||||||||
Self authenticating servlet Posted by John_Moylan (jfp), 20 February 2003 I can access a password protected site directly with my browser withthe url: http://myusername:mypassword@www.mysite.org This bypasses the authentication login box so it is possible to do! When I try this with reponse.sendRedirect() it throws the login box up each time. Can this be achieved with a servlet? I've tried setHeader() but to no avail. I managed to authenticate with HttpURLConnection, but I need to be sent to the page without using the login box using the servlet response. Anyone managed it? jfp Posted by admin (Graham Ellis), 21 February 2003 I find myself wondering if you've found a deliberate design feature of sendRedirect, as you're trying to automate password entry which some system designers regard as a potential security problem - rather like the Unix / Linux passwd command which reads the password from the keyboard and won't allow redirection. You could achieve what you're looking to do by programming at a lower level (you are http not https, so it should be possible but a lot of work), but I woul dbe inclined not to encourage you down that route unless you have a single very specific requirement. Is there any way to bypass the need for a password within the URL at the other end? Does the server have any virtual hosts running on it (or any directories) that don't need the passworded login, for example? A script in one of those areas, perhaps checked with a password within the GET or POST data so that you offer alternative security, might be an alternative. This page is a thread posted to the opentalk forum
at www.opentalk.org.uk and
archived here for reference. To jump to the archive index please
follow this link.
|
| ||||||||||
PH: 01144 1225 708225 • FAX: 01144 1225 793803 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho |