0

Is there any way to use FORM and BASIC authentication together in my webapplication? I have a RESTful interface in it and I'd like to allow scripts to use it with the simple BASIC auth method but I'd like to have the FORM based auth for web clients as well. I'd like the webapp respond with 302 Moved Temporarily redirecting to the login page for unauthorized requests, but if it finds that the client is sending the BASIC authentication's HTTP headers with username and password, then accept them just like in BASIC authentication.

I see that this is not possible with a single web.xml configuration but wondered if anyone else has some solution for this.

Improve this question

2 Answers 2

Reset to default
1

Can you use a filter?

Inspect the request for your headers. If present do the login process and add session data etc. to the request. If it fails then either ignore it or redirect.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Great idea, I'll investigate that!
0

If I configured container auth then my code was never invoked without authentication. So the answer is no. Jenkinks CI and similar software use FORM based authentication for a restricted set of web resources and make use of Spring Security where things are more flexible.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.