Web.xml using form and basic authentication at the same time

Question

Web.xml using form and basic authentication at the same time

I have automatic FORM authentication in web.xml (java-webcontainer).

I did not find a way to send the username / password to get-request from my client's restful-uri when using FORM-Authentication. Therefore, I should use BASIC authentication only for soothing uri.

So I have this question:

How do I configure both forms-based authentication and basic authentication? Basic authentication should only be enabled for restful-uri mode.

+8

rest restful-authentication servlets web.xml

nimo23 Jul 30 '12 at 12:37

source share

2 answers

I also had a similar problem, and I realized that if you use Wildfly, then you can configure several mechanisms using web.xml: -

  <auth-method>BASIC?silent=true,FORM</auth-method>

First, this silent basic authentication is used, which is basic authentication, which only takes effect when there is an authorization header. If there is no such header, form authentication will be used instead.

It may be too late for an answer, but I just updated this if someone finds this useful: P

+10

nothingInTheName Aug 11 '15 at 18:59

source share

Olaf · Accepted Answer · 2012-08-08T13:38:16+0000

There were no answers here for a while, so I quickly updated the servlet. Servlet specifications really allow you to use only one <login-config> element for each web application, so there is no way to get an entry point with BASIC authentication for the REST API and another with FORM-based authentication for the user interface. The only option is to create them as two independently deployed applications. To avoid code duplication, it might be a good idea to just let the UI application talk to the REST API just like third-party clients assume.

Web.xml using form and basic authentication at the same time

More articles: