Training, Open Source computer languages
PerlPHPPythonMySQLApache / TomcatTclRubyJavaC and C++LinuxCSS 
Search for:
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
 
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
Self authenticating servlet

Posted by John_Moylan (jfp), 20 February 2003
I can access a password protected site directly with my browser with
the url:
http://myusername:mypassword@www.mysite.org
This bypasses the authentication login box so it is possible to do!

When I try this with reponse.sendRedirect() it throws the login box up
each time. Can this be achieved with a servlet?
I've tried setHeader() but to no avail.

I managed to authenticate with HttpURLConnection, but I need to be
sent to the page without using the login box using the servlet
response.

Anyone managed it?

jfp

Posted by admin (Graham Ellis), 21 February 2003
I find myself wondering if you've found a deliberate design feature of sendRedirect, as you're trying to automate password entry which some system designers regard as a potential security problem - rather like the Unix / Linux passwd command which reads the password from the keyboard and won't allow redirection. You could achieve what you're looking to do by programming at a lower level (you are http not https, so it should be possible but a lot of work), but I woul dbe inclined not to encourage you down that route unless you have a single very specific requirement.  

Is there any way to bypass the need for a password within the URL at the other end?  Does the server have any virtual hosts running on it (or any directories) that don't need the passworded login, for example?  A script in one of those areas, perhaps checked with a password within the GET or POST data so that you offer alternative security, might be an alternative.



This page is a thread posted to the opentalk forum at www.opentalk.org.uk and archived here for reference. To jump to the archive index please follow this link.

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2024: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 793803 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho