Thank you for the link, André-John!
User should access the application directly (not proxying). On http://hc.apache.org/httpclient-3.x/tutorial.html as I see header is created for programatic access and not via browser. Is it possible to do this when I use browser for accessing? How? Regards P.S. I opened this topic on http://www.coderanch.com/t/442467/Security/Basic-authentication-without-secure-connection also Andre-John Mas-4 wrote: > > > On 3-May-2009, at 08:11, Tokajac wrote: > >> >>> Now why would you want to do that ? >> I want to connect applications: one is running on Tomcat (Java/ >> Struts) with >> another (php). >> >> I have an application running on Tomcat that has a link to other >> application >> which is on another server. Application on another server is >> protected with: >> http://en.wikipedia.org/wiki/Basic_access_authentication >> http://en.wikipedia.org/wiki/Basic_access_authentication >> >> I want to pass credentials after link is clicked, so I don't need to >> fill >> the username and password informations. I see that I might need to >> add row: >> "Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" >> in the request header. >> >> >> Is this possible to do? How? > > Is your Tomcat proxying a connection, or do you an application that > needs > information from another application, but is not exposed to the user? > > If it is the latter, then you could look at using Apache HttpClient: > > http://hc.apache.org/httpclient-3.x/ > > and then adding the header in the request. > > If the user is going to be accessing the application directly, then > there > is a reason the security is in place and you should not over-ride it, > unless > you are sure the people who protected the resource are fine with it. > If the > resource is requires authentication, then I would be surprised they > would be > okay with it, but I am not going to make any assumptions. > > André-John > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://www.nabble.com/Basic-authentication-without-a-secure-connection-tp23347310p23358168.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
