This week's book giveaway is in the OCPJP forum. We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line! See this thread for details.
We are trying to work out how to pass on a request to an external server and catch the response in code.
The situation is this:
Most users need authenticating against AD, but some we'll handle differently.
Our server doesn't have access into our corporate domain so can't authenticate users against Active Directory.
We have been supplied with an aspx page on another server that will do this authentication then redirect the client back to our server with their username in the query string.
Currently we check any new requests, and if we have not yet authenticated the user we use a response.sendRedirect() call to pass them on to the authenticating server.
The problem is this: if the authenticating server's authentication fails, it sends a message back to the client that makes no sense to the user and they can't access our web site. In this case we'd like to handle this (failed) user differently, but have no way of knowing of the authentication failure.
So basically we would like to pass on the original request to the authenticating server and catch the response.
If the response is an authentication challenge we need to pass this back to the client (to facilitate the authorization mechanism).
If the response is a redirection back to our server we know the user is okay and can serve them what they need.
If the response is the failure message we want to do something else.
Is this possible or is it not allowed due to security risks.