Chris,
On 10/28/15 11:55 AM, chris derham wrote:
>> No, container BASIC authentication should be enabled, the container should
>> handle the authentication, but the browser should not show his ugly default
>> login dialog when I request resources from the REST-service with wrong
>> credentials.
>> When the REST-client (web-application in the browser) receives a failed
>> login with a WWW-Authenticate header, the default dialog of the browser will
>> be shown... that’s what I want to suppress.
>>
>> When I remove the (a) <login-config> or (b) <auth-method> sending requests
>> with credentials will not work anymore (a: 403 forbidden; b: deployment
>> fails). But that's not a solution because the rest-service should be still
>> protected and I need to authenticate via "Authentication: Basic ....."
>> header send credentials, but I don't want to show the ugly browser-dialog to
>> the users.
>>
>> Using a AngularJS Client with REST-services based on tomcat should be a
>> common use-case, it could not be that I'm the first one who wants a custom
>> login-screen. :-/
>>
>> -torsten
>
> Torsten,
>
> Add an interceptor to AngularJS to detect the 401 and do whatever you
> want, e.g. redirect to a login page. Then when you have the
> credentials, submit to login rest api, get a token, and then make all
> other calls passing this token.
>
> There are loads of examples on how to do this on the internet. This
> isn't tomcat specific.
>
> function globalInterceptorResponse($injector, $q) {
> return {
> 'response': function (response) {
> return response;
> },
> 'responseError': function (rejection) {
> switch (rejection.status) {
> ...
> case 401:
> console.warn("Hit 401 - redirecting to login");
> window.location = '/login';
> break;
> ...
> default:
> console.warn(rejection);
> }
> return $q.reject(rejection);
> }
> };
> }
> globalInterceptorResponse.$inject = ['$injector', '$q'];
>
> then in request config,
>
> $httpProvider.interceptors.push(globalInterceptorResponse);
This won't work because the application doesn't get a chance to do
anything until Tomcat completes its authentication/authorization work.
If the application were handling the authentication/authorization, then
the original Filter would have worked.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
