this is HTTP AFAIK the only way a browser can send BASIC authentication credentials is: 1) you send them a 401 and the browser prompts the user 2) you format all your links as http://user:[EMAIL PROTECTED]/ but i am not even sure if all browsers will "correctly" use this, at least in the fashion you're intending.
Many browsers will automatically retransmit credentials to a realm that has been previously encountered in the (browsing) session, but this is not guranteed behavior and is certainly not required by any kind of specification around HTTP-BASIC authentication, AFAIK. phillip On 4/23/02 3:17 PM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > > Is there a way using a servlet/jsp to tell the browser to send the > Authorization request header without sending a prior "401 Authorization > required" reponse header. > Well it goes like this: > We have a Basic Authentication setup on some of our resources. We would > like the user to bypass the authorization dialog box. The user could post > the userid/pwd to a jsp/servlet which then redirects to the requested > resource (protected) with the credentials. This way the user can access > protected resources without encountering the authorization dialog box. But > after the user had made the first request and tries to access another > resource, the authorization dialog box pops up because the browser hasn't > authorized. It's the jsp/servlet that has. So is there some way to tell the > browser to send a Authorization header without sending a 401 reponse code > back? > > Thanks in advance. > RS > > > > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
