Is there any way a client browser can bypass a login screen to a protected servlet (e.g., requiring BASIC or FORM authentication) by passing in its login credentials with the request?
Specifically, I'm using JBoss and I have the following scenario. I'm open to suggestions in the case I'm doing something really strange.
I have a requirement to allow a user to authenticate with my web application via a certificate or user id/password. Since a WAR file can only be configured one way, I'm considering standing up a dummy servlet configured for certificate authentication which will then redirect (in some way) the request to the application which is configured for user id/password authentication. The dummy servlet will be able to, given the certificate, look up the user id/password for the user so it has the information the application needs to authenticate. However, I have not found a way to pass this information to the application in such a way that if provided, the login screen is not displayed. The application needs to be protected because users that do not have a certificate will go directly to the application URL and will need to be prompted for a user id/password.