File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Automatic Basic Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Automatic Basic Authentication" Watch "Automatic Basic Authentication" New topic

Automatic Basic Authentication

Deyan Sultov
Ranch Hand

Joined: Jul 01, 2002
Posts: 32
Hello All,

I have a simple JSP - Servlet application that user interacts with. There is a possibility user to define a set of URL's(as well as user/pass if they are protected) which later he can visit by pressing a button. The user should be able to log authomatically no matter whether these sites are pass protected.

One of these sites uses Basic Authentication. Is is possible to implement an authomatic login in this case. I tried the following mechanism but it didn't work:

String userPassword = theUsername + ":" + thePassword;
String encoding = new sun.misc.BASE64Encoder().encode (userPassword.getBytes());
response.setHeader("Authorization", "Basic " + encoding);
response.sendRedirect('URL to GO');

Please can you help me.

Thanks in advance,
[ May 05, 2005: Message edited by: Deyan Sultov ]
Thomas Mcfarrow
Ranch Hand

Joined: Jul 09, 2001
Posts: 137

I would try using the RequestDispatcher.forward(......). The end result of redirect won't have the headers or parameters set. Forward passes the values on

Deyan Sultov
Ranch Hand

Joined: Jul 01, 2002
Posts: 32
You mean to try something like
RequestDispatcher rd = request.getRequestDispatcher("URL to GO");
response.setHeader("Authorization", "Basic " + encoding);
rd.forward(request, response);

Unfortunately the request.getRequestDispatcher(String path) expects a path which is not outside of the current context. In my case the path is of a completely different site.
Ben Souther

Joined: Dec 11, 2004
Posts: 13410

I don't think you're going to be able to do this from the server.

You used to be able to build links that looked like:

This capability has recently been pulled from MSIE. I think it still works in Mozilla and Firefox.

[ May 09, 2005: Message edited by: Ben Souther ]
[ May 09, 2005: Message edited by: Ben Souther ]

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
I agree. Here's the link:
subject: Automatic Basic Authentication
It's not a secret anymore!