Intercept basic authentication popup

201 views
Skip to first unread message

Vinicius Carvalho

unread,
Jun 14, 2011, 7:40:37 AM6/14/11
to Google Web Toolkit
Hi there!

Is it possible to intercept the basic auth login that pops up on a
browser? My problem is that I have a basic auth set on server side for
all my services (RPC and REST).

When I try to invoke a service and the user is not authenticated,
before I get the chance (the async callback gets called), the window
pops up.

What I would like (I know i could do this using either form, or spring
security for instance) is to intercept the return from the server that
asks for the authorization credentials, and then provide my
credentials on the requestbuilder by setting username/password.

Is this possible?

koma

unread,
Jun 15, 2011, 6:34:28 AM6/15/11
to google-we...@googlegroups.com
same prob.

Firefox supports something like mozBackgroundRequest
Not sure how to set this property for a JSONP call though. Even then, only works for FF, chromium has a ticket open, found nothing about IE.


I'd like to save my credentials locally (Gadget preferences) but the Basic auth dialog makes this impossible.



Juan Pablo Gardella

unread,
Jun 15, 2011, 8:32:06 PM6/15/11
to google-we...@googlegroups.com
If you use gwt-rpc, make a default asyncallback like this:

public abstract class DefaultAsyncCallback<T> implements
com.google.gwt.user.client.rpc.AsyncCallback<T> {

private static final char flag = '0';

@Override
public void onFailure(Throwable e) {
if (isUnAuthenticatedUser(e)) showLogin();
}

}

And use everywhere. 

2011/6/15 koma <ko...@koma.be>



--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/oy6rOq9CjN0J.

To post to this group, send email to google-we...@googlegroups.com.
To unsubscribe from this group, send email to google-web-tool...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.

koma

unread,
Jun 29, 2011, 4:52:25 AM6/29/11
to google-we...@googlegroups.com
Not sure how this helps ?
Should I make a RPC call to the JSON service before each JSONP call ?

objectuser

unread,
Jun 29, 2011, 1:52:51 PM6/29/11
to google-we...@googlegroups.com
I'm not an expert in this by any means (and certainly don't know your requirements), but it seems like basic auth is fundamentally incompatible with a GWT app (or at least the portion you describe).

I think a more compatible model would be to rely on something like cookies, have a particular service that does not require authentication, and then check the response to that to see if the user is authenticated.  Then you can put access control on all your other services to ensure authenticated access.

khiem nguyen

unread,
Jun 30, 2011, 7:51:55 AM6/30/11
to google-we...@googlegroups.com
i dont think u can do this at js in dom. browser handles this automatically when it sees the http-auth-required header before your js-code gets it. u'll need an anternative approach for this

 

On Wed, Jun 29, 2011 at 7:52 PM, objectuser <kevin....@gmail.com> wrote:
I'm not an expert in this by any means (and certainly don't know your requirements), but it seems like basic auth is fundamentally incompatible with a GWT app (or at least the portion you describe).

I think a more compatible model would be to rely on something like cookies, have a particular service that does not require authentication, and then check the response to that to see if the user is authenticated.  Then you can put access control on all your other services to ensure authenticated access.

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
Reply all
Reply to author
Forward
0 new messages