Monday, November 15, 2010

Avoiding browser popup for 401

If you are writing a web application that consumes RESTful web services which enforce HTTP basic authentication, you may face a problem where the browser may pop up a dialog box on the authentication failure (HTTP status: 401) before even your error handler code is called. This happens especially when the web application does not have any controller on the server side. For example, an application written using a client-side JavaScript framework such as Ext-JS.

The browser's HTTP user-agent obviously follows the HTTP protocol which says the following for 401.
The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource.

14.47 WWW-Authenticate

The WWW-Authenticate response-header field MUST be included in 401 (Unauthorized) response messages. The field value consists of at least one challenge that indicates the authentication scheme(s) and parameters applicable to the Request-URI.

where the contents of a challenge may itself contain a comma-separated list of authentication parameters. The authentication parameter realm is defined for all authentication schemes:


With some trial and error, we found that the pop up is triggered not due to the presence of 401 but due to the presence of the challenge.



So, as a web service developer, if you want to help service consumers disable the pop up and still send 401, you could use a trick. Replace Basic with your own scheme, e.g. xBasic as shown below.



To do this with Spring Security, you would want to override the commence method of the default
BasicAuthenticationEntryPoint.



Write your own entry point, e.g. MyBasicAuthenticationEntryPoint as shown below.



Then plugin your entry point into the basic authentication filter as follows:



Thanks to Venkat Mantirraju in helping figure this out.

75 comments:

  1. This comment has been removed by the author.

    ReplyDelete
    Replies
    1. Great Article IoT Projects for Students

      Deep Learning Projects for Final Year

      JavaScript Training in Chennai

      JavaScript Training in Chennai

      The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

      Delete
  2. Note that if using security:http-basic you do not need to define basicAuthenticationFilter but should define it as

    security:http-basic entry-point-ref="myBasicAuthenticationEntryPoint"

    Sorry about no tags but I can't get formatting to work, code blocks aren't allowed.

    ReplyDelete
    Replies
    1. Very helpful addition to this helpful post!

      Delete
    2. Really Very Nice Addition for this post. +1 from my side as well.
      Request for blog owner to update the configuration please?

      Delete
  3. Nice, but it doesnt seem to work for FF.

    ReplyDelete
  4. your blog is trust worthy https://onlineitguru.com/aws-online-training-placement.html

    ReplyDelete
  5. I am on the other side ,For CORS request I want to show the native browser pop up for basic auth, But I am not able to.

    I am setting all CORS and basic auth header correctly, even responding with 401, but browser is not showing the pop up

    ReplyDelete
  6. love this type posts keep this type of posts. lovely work keep this work up.


    Laptop on rent in noida
    lcd led repairing institute in laxmi nagar

    ReplyDelete
  7. Би тийм сайн өгүүллийг уншихаасаа хойш удаан хугацаа өнгөрч байна. Баярлалаа

    may ngam chan

    máy ngâm chân giải độc

    bồn massage chân

    máy ngâm chân

    ReplyDelete
  8. Angst verschwendet nur Zeit,( máy khuếch tán tinh dầu )sie ändert nichts,máy khuếch tán tinh dầu refeshener zusätzlich nimmt sie die( máy khuếch tán tinh dầu hà nội ) Freude und macht Sie immer( máy phun sương tinh dầu )beschäftigt, ohne etwas zu erreichen.

    ReplyDelete
  9. Nội Thất Trẻ Em Bảo An Kids là doanh nghiệp chuyên thiết kế và thi công các sản phẩm nội thất trẻ em bao gồm: Phòng ngủ trẻ em, Giường tầng, bàn học đẹp, kệ sách, bàn học bé trai, làm mới không gian phòng ngủ với giường tầng thông minh cho trẻ, tủ treo quần áo…

    ReplyDelete
  10. Remote Monitoring and Control system
    SCADA Base Remote Monitoring
    Greetings! Very helpful advice within this post! It is the little changes that produce the most important changes. Thanks a lot for sharing!`

    ReplyDelete
  11. Tökezlediğiniz ve ayağa kalkıp(  taxi Nội Bài ) devam edemediğiniz gibi görünen zamanlar vardır, lütfen bazen zorlukların üstesinden gelmenize yardımcı olacak, yaşamınızla( Đặt taxi nội bài chưa bao giờ dễ dàng đến thế ) ilgili iyi sözleri deneyin. Ve devam( Hé lộ dịch vụ taxi Nội Bài giá rẻ ) et. Aşağıdaki makale, yaşam hakkında 100'den fazla güzel kelime size tanıtır.

    ReplyDelete
  12. Es fácil ganarse una confianza que( tam san be tong sieu nhe ) es fácil de destruir, es ( Sàn panel Đức Lâm ) importante no engañar a los grandes( nhà thép dân dụng ) o pequeños,( xây nhà bằng bê tông siêu nhẹ ) pero el engaño ha sido el problema

    ReplyDelete
  13. This comment has been removed by the author.

    ReplyDelete
  14. Thanks for sharing your post. If anyone needs audit for smart contract contact us.

    ReplyDelete
  15. Van bướm gang đĩa inox tay quay là thiết bị, được sử dụng sử dụng để đóng mở hoặc điều tiết dòng chảy trong hệ thống đường ống, có đường kính lớn. Loại van này, tương tự như một van bi. Đĩa van được đặt chính giữa đường ống. Đĩa kết nối với thiết bị truyền động bên ngoài ( tay quay ) thông qua một thanh trục bằng kim loại. Khi xoay vô lăng ( tay quay ) thì đĩa van vận động tuy vậy song hoặc vuông góc với dòng chảy tương ứng với việc đóng mở đường ống.

    ReplyDelete
  16. Tekniko Global is an award-winning mobile app development company in Delhi and other city or countries. We develop high-quality.

    ReplyDelete
  17. Cemboard cement sheet is no longer a strange name for users anymore. Because Cemboard is the first choice of contractors and architects in the construction of large and small projects in Vietnam. Today's article let us find out detailed information What is Cemboard? What are the advantages, application, price and quality of the product? But many customers believe so. More: Tấm XPS cách nhiệt , tấm chống nóng, tấm cemboard

    ReplyDelete
  18. Love your content and love....thanks a lots
    NDTeche
    hiring SEO

    ReplyDelete
  19. Hung was formerly an official distributor of industrial lubricants of Shell in the North. Currently, in addition to oil trading, we also trade in transportation and equipment trading. After nearly 12 years of establishment and development, Yen Hung is now a prestigious partner of nearly 10,000 large and small domestic and international factories. Main products:
    giá dầu truyền nhiệt
    dầu bánh răng
    dầu tuần hoàn
    dầu dẫn nhiệt
    dầu thủy lực shell
    mỡ bò bôi trơn chịu nhiệt

    ReplyDelete
  20. Very nice blog post, can watch for the future one. Technical content helps intend to exit the boundaries and skill the top-notch market experiences within the IT world. Reach us being the top-notch mobile app development company. For more details, visit mobile app development company or contact us: +91-9717270746 or email us: sales@appsquadz.com

    ReplyDelete
  21. Bài viết rất hay, cảm ơn tác giả đã chia sẻ những bổ ích, tôi cảm thấy rát phù hợp
    5 lý do nên dùng táp đầu giường tân cổ điển

    ReplyDelete
  22. This comment has been removed by the author.

    ReplyDelete
  23. Sumadhura Folium is a new apartment project launched by Sumadhura Properties Pvt. Ltd. There are 2 & 3 BHK plots for sale in Whitefield, Bengaluru. People are grabbing their dream homes from Sumadhura Folium because of the Pre Launch Offers and the trust on the Sumadhura developer and Builders. website; https://foliumsumadhura.com/

    ReplyDelete
  24. Công ty Cổ Phần Thảo Dược Thiên Nhiên Việt Nam trân trọng truyền thống y học cổ truyền, chắt lọc từ những bài thuốc Đông y gia truyền, các bài thuốc cổ phương với những dược liệu quý hiếm từ thiên nhiên ban tặng kết hợp cùng công nghệ hiện đại của những nhà máy chế biến Dược liệu đạt tiêu chuẩn GMP để đưa ra những sản phẩm tốt, giá trị và mang đậm tính nhân văn đến với người sử dụng.

    *** Địa chỉ liên hệ ***
    Trụ sở: Số 8, liền kề 12, Khu nhà ở cán bộ chiến sĩ Tổng cục 5 Bộ Công An, Yên Xá, Tân Triều, Thanh Trì, Hà Nội
    Hotline: 0962.364.141

    ReplyDelete
  25. This is really interesting, You’re a very skilled blogger.
    AC Repairing Course

    ReplyDelete