[jboss-user] [Tomcat, HTTPD, Servlets & JSP] - Basic auth with ACEGI

lucboudreau do-not-reply at jboss.com
Thu Nov 29 09:54:14 EST 2007


I have an application (Pentaho) which uses ACEGI as a security framework. I need it to expose a BASIC secured URL. I configured it properly and when I request the URL, the response includes a WWW-Authenticate header. My browser sends back a valid and verified Authentication header, but somewhere in the process, it gets stripped off the request object. Debugging ACEGI shows that the header never got to the application.

How is it possible that a header gets removed ? Does JBoss 4.2.1-GA have a mechanism that intercepts the authentication headers ? 

(BTW. I'm pretty sure that application web.xml is not configured to use BASIC auth. Can anyone help me to confirm that ?)



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4108910#4108910

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4108910

More information about the jboss-user mailing list