Chris, On 10/28/15 11:55 AM, chris derham wrote: >> No, container BASIC authentication should be enabled, the container should >> handle the authentication, but the browser should not show his ugly default >> login dialog when I request resources from the REST-service with wrong >> credentials. >> When the REST-client (web-application in the browser) receives a failed >> login with a WWW-Authenticate header, the default dialog of the browser will >> be shown... that’s what I want to suppress. >> >> When I remove the (a) <login-config> or (b) <auth-method> sending requests >> with credentials will not work anymore (a: 403 forbidden; b: deployment >> fails). But that's not a solution because the rest-service should be still >> protected and I need to authenticate via "Authentication: Basic ....." >> header send credentials, but I don't want to show the ugly browser-dialog to >> the users. >> >> Using a AngularJS Client with REST-services based on tomcat should be a >> common use-case, it could not be that I'm the first one who wants a custom >> login-screen. :-/ >> >> -torsten > > Torsten, > > Add an interceptor to AngularJS to detect the 401 and do whatever you > want, e.g. redirect to a login page. Then when you have the > credentials, submit to login rest api, get a token, and then make all > other calls passing this token. > > There are loads of examples on how to do this on the internet. This > isn't tomcat specific. > > function globalInterceptorResponse($injector, $q) { > return { > 'response': function (response) { > return response; > }, > 'responseError': function (rejection) { > switch (rejection.status) { > ... > case 401: > console.warn("Hit 401 - redirecting to login"); > window.location = '/login'; > break; > ... > default: > console.warn(rejection); > } > return $q.reject(rejection); > } > }; > } > globalInterceptorResponse.$inject = ['$injector', '$q']; > > then in request config, > > $httpProvider.interceptors.push(globalInterceptorResponse);
This won't work because the application doesn't get a chance to do anything until Tomcat completes its authentication/authorization work. If the application were handling the authentication/authorization, then the original Filter would have worked. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org