-
1. Re: Turn off 'WWW-Authenticate' Response Header upon 401 Status' in Wildfly for angularjs application
jimmy001 Aug 25, 2014 4:42 AM (in response to jimmy001)And a small update:
I found the following github project:
It sounds promising. Unfortunatley it doesn't compile with the latest available artifacts available at the maven central repository.
Since the client sends "Authorization": "Basic", I am not sure if I won't end up in the same problem.
-
2. Re: Turn off 'WWW-Authenticate' Response Header upon 401 Status' in Wildfly for angularjs application
jimmy001 Aug 25, 2014 11:28 AM (in response to jimmy001)Even after referencing the picketlink repository for nightly builds the code doesn't compile. Probably I am going the wrong way by trying to secure the webservices using web.xml and basic authentication.
I have found the following article, which I will try next:
http://www.aschua.de/blog/pairing-angularjs-and-javaee-for-authentication/
-
3. Re: Turn off 'WWW-Authenticate' Response Header upon 401 Status' in Wildfly for angularjs application
pcraveiro Aug 25, 2014 11:57 PM (in response to jimmy001)1 of 1 people found this helpfulHi,
The picketlink-angularjs-rest is a good example about how to avoid this issue when using PicketLink. Basically, what PicketLink does is check for the presence of the X-Requested-With HTTP header. If the request contains this header PL returns a 403 instead of 401.
Please, let me know if you are able to build this quickstart. We're just releasing 2.7.0.Beta1, you should be able to run this quickstart without any issue once the release is done.
Thanks.
-
4. Re: Turn off 'WWW-Authenticate' Response Header upon 401 Status' in Wildfly for angularjs application
jimmy001 Aug 27, 2014 11:32 AM (in response to pcraveiro)Hi!
Thx for your reply. No, it was not possible to build the example.
"HttpSecurityBuilder" has no method "path". I thought, that this might have been replaced with "forPath()".
But then I ended up with the unknown method "authc()" where I landed at a dead end.
-
5. Re: Turn off 'WWW-Authenticate' Response Header upon 401 Status' in Wildfly for angularjs application
jimmy001 Aug 29, 2014 4:27 AM (in response to jimmy001)After changing " HttpSecurityConfiguration"
IdentityBeanConfigurationBuilder icb = builder.identity().stateless();
icb.http().forPath("/rest/private/*").authenticateWith().token();
the source code is compiling. Test is still pending.
-
6. Re: Turn off 'WWW-Authenticate' Response Header upon 401 Status' in Wildfly for angularjs application
jimmy001 Sep 2, 2014 4:45 AM (in response to pcraveiro)One more question:
In "security.js" the authentication is started by
.factory('LoginResource', ['$resource', function($resource) {
return function(newUser) {
return $resource('rest/private/:dest', {}, {
login: {method: 'POST', params: {dest:"authc"}, headers:{"Authorization": "Basic " + btoa(newUser.userId + ":" + newUser.password)} },
});
}}])
But I can't find any endpoint with the path "rest/private/authc". Why not? How does this work?
-
7. Re: Turn off 'WWW-Authenticate' Response Header upon 401 Status' in Wildfly for angularjs application
alekspo Sep 6, 2014 1:26 PM (in response to jimmy001)Hi,
You should add X-Requested-With XMLHttpRequest as said Pedro. Just modify your security.js like this:
.factory('LoginResource', ['$resource', function($resource) { return function(newUser) { return $resource('rest/private/:dest', {}, { login: {method: 'POST', params: {dest:"authc"}, headers:{"Authorization": "Basic " + btoa(newUser.userId + ":" + newUser.password), "X-Requested-With": "XMLHttpRequest" } } }); }}])
-
8. Re: Turn off 'WWW-Authenticate' Response Header upon 401 Status' in Wildfly for angularjs application
pcraveiro Sep 15, 2014 5:16 PM (in response to alekspo)I think Jquery adds this header automatically. Not sure why AngularJS does not do the same
-
9. Re: Turn off 'WWW-Authenticate' Response Header upon 401 Status' in Wildfly for angularjs application
karl_gross Oct 7, 2014 10:46 AM (in response to jimmy001)are you able to run the testcase? I have the same question as you. Thanks!
-
10. Re: Turn off 'WWW-Authenticate' Response Header upon 401 Status' in Wildfly for angularjs application
jimmy001 Oct 9, 2014 7:54 AM (in response to karl_gross)I modified the testcase. The method names must have changed during development
builder
.identity()
.stateless()
.http()
.forPath("/rest/private/*")
.authenticateWith()
.token();
}
-
11. Re: Turn off 'WWW-Authenticate' Response Header upon 401 Status' in Wildfly for angularjs application
icemaker Jul 26, 2017 11:59 AM (in response to jimmy001)Had the same problem.
But adding the X-Requested-With header changed nothing (Wildfly 9.0.2.Final).
Finally we found solution by extending the BASIC authentication mecanism with our own autentication mecanism.
I explained the solution here: java ee - Avoid 401 popup with Wildfly server and Basic Authentication - Stack Overflow