How do I bypass Basic Authentication for a JSP page?

Serge Knystautas

You can write a JSP to enforce basic authentication by parsing out the "Authentication" request header, base64 decoding the username:password pair, and authenticating against whatever (a database, a file, etc...). If it does not authenticate, return a HttpServletResponse.SC_UNAUTHORIZED and set the response header "WWW-authenticate" with the value "basic realm="XXX"" where XXX is the realm you'd like to specify.

If you are not doing this in your JSP, there's something misconfigured in your web server or servlet engine.

0 Comments  (click to add your comment)
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



About | Sitemap | Contact