|
| Home | Accessibility | Courses | Diary | The Mouth | Forum | Resources | Site Map | About Us | Contact |
Self authenticating servlet
Posted by John_Moylan (jfp), 20 February 2003
I can access a password protected site directly with my browser withthe url:
http://myusername:mypassword@www.mysite.org
This bypasses the authentication login box so it is possible to do!
When I try this with reponse.sendRedirect() it throws the login box up
each time. Can this be achieved with a servlet?
I've tried setHeader() but to no avail.
I managed to authenticate with HttpURLConnection, but I need to be
sent to the page without using the login box using the servlet
response.
Anyone managed it?
jfp
Posted by admin (Graham Ellis), 21 February 2003
I find myself wondering if you've found a deliberate design feature of sendRedirect, as you're trying to automate password entry which some system designers regard as a potential security problem - rather like the Unix / Linux passwd command which reads the password from the keyboard and won't allow redirection. You could achieve what you're looking to do by programming at a lower level (you are http not https, so it should be possible but a lot of work), but I woul dbe inclined not to encourage you down that route unless you have a single very specific requirement. Is there any way to bypass the need for a password within the URL at the other end? Does the server have any virtual hosts running on it (or any directories) that don't need the passworded login, for example? A script in one of those areas, perhaps checked with a password within the GET or POST data so that you offer alternative security, might be an alternative.
This page is a thread posted to the opentalk forum
at www.opentalk.org.uk and
archived here for reference. To jump to the archive index please
follow this link.
PH: 01144 1225 708225 • FAX: 01144 1225 344596 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho