JAAS : on Callback ( Interesting based on HTTP headers )
https://stackoverflow.com/questions/10990611
-
13-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian문제
I am using NameCallback and PasswordCallback for username and password.For username and password, popup comes on browser and when i enter username ans password, JAAS authenticates my request.
On the wireshark, I have seen that 401 Unauthorized message (WWW-Authenticate header)comes and when i enter username/password HTTP request with credentials generate ( with Authorization header) and goes to server.
My requirement : I don't want pop up to come.My application on other server having username / password, so once it received 401 then based on some logic it will generate HTTP request with Authorization header / credentials and sent it back.
FLow : User -> Other Server -> My Tomcat5.5
Here on Other Server, nobody is available to enter username/password manually.Application is deployed and it will only generate HTTP request with credential and sent it back to tomcat.
Can we have any other callback which behave like this.Need your help.Please provide me feedback as well related to approach.
Edit Question :
Here is the actual case :
UserA made a call ( SIP Protocol ) to XYZ server.Application deployed on XYZ server create a HTTP REST request and sent it to Tomcat Server where One application is deployed in order to get some user account detail.Once the HTTP request comes to the tomcat, I ll have to authenticate it.I am using JAASRealm implementation of tomcat.
Now for authentication, what tomcat is doing, it pop up the username/password window at XYZ server.At XYZ server, as application had created HTTP request, so no one is here to enter username/ password manually ( as this does not goes to User A device).
I am looking a way where this pop up does not comes, and application deployed in XYZ server should do something like :
if(response equal 401) then create HTTP request with credential.
So i was looking for a soulution where pop up does not comes.Is it clear now,Please suggest.
올바른 솔루션이 없습니다
다른 팁
Your application should use a java.net.Authenticator to supply the credentials to HttpURLConnection, rather than dealing directly with 401 and WWW-Authenticate headers.
