For our web app (running on Websphere 8.5) we are using programmatic login using Basic HTTP authentication as suggested in (https://stackoverflow.com/a/2207147/2683081) i.e. Servlet 3.0 HttpServletRequest#login().
After I login using our application login page, I keep getting the 2nd log-on screen with a message
The server __ at Default Realm required username and password
Is there a way to avoid getting that standard Windows Security pop-up.
I tried to set response headers with Authorization but no luck.
Update:- Application is on Mojjaro JSF 2.1.28 on Websphere8.5 with LDAP Security
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" >
<display-name>TEST</display-name>
<welcome-file-list>
<welcome-file>index.jsf</welcome-file>
</welcome-file-list>
<!-- Spring -->
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener
</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- end Spring-->
<context-param>
<param-name>javax.faces.INTERPRET_EMPTY_STRING_SUBMITTED_VALUES_AS_NULL</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.expressionFactory</param-name>
<param-value>org.jboss.el.ExpressionFactoryImpl</param-value>
</context-param>
<listener>
<listener-class>com.sun.faces.config.ConfigureListener</listener-class>
</listener>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
<context-param>
<param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
<param-value>false</param-value>
</context-param>
<!-- Faces Servlet -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<context-param>
<param-name>primefaces.THEME</param-name>
<param-value>casablanca</param-value>
</context-param>
<security-constraint>
<display-name>constraint-0</display-name>
<web-resource-collection>
<web-resource-name>constraint-0</web-resource-name>
<description/>
<url-pattern>/test/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>admin</role-name>
<role-name>guest</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>guest</role-name>
</security-role>
<!-- Mime Mapping -->
<mime-mapping>
<extension>png</extension>
<mime-type>image/png</mime-type>
</mime-mapping>
</web-app>
login.xhtml
<h:form id="login">
<div class="inputlabel">
<h:outputLabel for="username" value="Login:"/>
</div>
<div>
<h:inputText value="#{loginBean.username}" id="username" size="25" />
</div>
<div class="inputlabel">
<h:outputLabel for="password" value="Password:"/>
</div>
<div>
<h:inputText value="#{loginBean.password}" id="password" size="25" />
</div>
<div>
<h:commandButton action="#{loginBean.login}" value="Login" />
</div>
</h:form>
LoginBean.java
public String login() throws IOException {
FacesContext context = FacesContext.getCurrentInstance();
ExternalContext externalContext = context.getExternalContext();
HttpServletRequest request = (HttpServletRequest) externalContext.getRequest();
try {
request.login(username, password);
return "/testing/index.jsf?faces-redirect=true";
} catch (ServletException e) {
context.addMessage(null, new FacesMessage("Invalid login!!!"));
}
}
