11 Replies Latest reply on Jul 26, 2017 11:59 AM by Olivier Masseau

    Turn off 'WWW-Authenticate' Response Header upon 401 Status' in Wildfly for angularjs application

    jimmy001 Apprentice

      Hello,

       

      as the title says I am looking for a way to turn off the WWW-Authenticate header responded by wildfly in case of a failed basic authentication.

       

      The background:


      In my angular application I want to authenticate to a backend consisting of REST Webservices, by using basic authentication.

      This works fine, if the user enters in the login form his/ her valid credentials. But if the credentials are not valid the server (in my case wildfly) responds with a 'WWW-Authenticate' which results in the

      browser displaying its native login dialog, which I dislike. Instead I would like to update my login page with an error message.


      • In its best case I would be able to tell the server with my request not to send 401 or authenticate. No configuration on the server would be great. One source I have found says to add the following header. $http.defaults.headers.common['X-StatusOnLoginFail'] = '418'; But this doesn't seem to have any effect.
      • Or I would be able to turn the challenge off for the paths under which the services reside.
      • Globaly turn off the authenication challenge. Only return 401


      For those who like code :


      angular.module("app")
          .constant("authUrl", "http://localhost:8080/app/resources/private/useraccount")
          .controller("authCtrl", function($scope, $http, $base64, $location, authUrl){        
              $scope.authenticate = function(user, pass){
                  $http.defaults.headers.common['X-StatusOnLoginFail'] = '418';        
                  var authString = user + ":" + pass;
                  console.log(authString)
                  console.log($base64.encode(authString))
                  authString = "Basic " + $base64.encode(authString);
              $http({method: 'GET', url: authUrl, 
                  headers: {'Authorization': authString}})
              .success(function (data){
                  console.log("success");
              }).error(function (error){
                  console.log("error");
              });
              
              }
          });
      

       

      Perhaps there is some completely different way of doing this. Unfortunatley I haven't thought about this problem when the webinar "angularjs and jboss" took place,

      but I like to use this post to say thx for it.

       

      Thx to anybody who shares his own expiriences and thoughts.

       

      Jimmy