Re: HTTP Basic Authentication
Re: HTTP Basic Authentication
- Subject: Re: HTTP Basic Authentication
- From: Steve Quirk <email@hidden>
- Date: Fri, 10 Aug 2007 12:33:42 -0400 (EDT)
On Fri, 10 Aug 2007, John Huss wrote:
Is Apache taking over here and processing these values before they get to my
app? The example code seems to assume not... Maybe I should just leave
this to Apache anyway?
Yes, you probably should. By the time your app gets request, the www
server has replaced "auth" with REMOTE_USER as per the CGI spec. In
addition, the spec doesn't require this header to be passed, so if you get
it working now, it might not always work, esp if you switch from cgi to
mod_webobjects or (heaven forbid) iis.
This is one of those highly installation dependent behaviours that you
should mostly avoid unless you're willing to tie your www server
administration tightly to your app (not a bad thing, really).
- sq
John
On 8/9/07, John Huss <email@hidden> wrote:
I'm trying to use the HTTP Basic Authentication to authenticate users. I
found this Stepwise article that got me started:
http://www.stepwise.com/Articles/Technical/BasicAuthentication.html
But after it prompts for the login and I fill it out I don't see this info
being passed to my WO app.
In Application I have:
public WOResponse dispatchRequest(WORequest aRequest) {
String encodedAuth = aRequest.headerForKey("authorization");
if (encodedAuth != null) {
Application.log.debug( "auth: " + encodedAuth );
NSArray loginAndPasswd = this.decodeAuthorization
(encodedAuth);
String user = (String)loginAndPasswd.objectAtIndex( 0 );
String password = (String)loginAndPasswd.objectAtIndex( 1 );
Application.log.debug( "user: " + user + ", pass: " + password
);
}
encodedAuth is always null. Any help is appreciated.
Thanks,
John
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden