如何防止基本身份验证表单弹出 [英] How to prevent Basic Authentication form to popup
问题描述
我有一个Java的JSF应用程序,它使用javascript连接到需要基本身份验证的网站.
I have a application in Java, JSF that uses javascript to connect to a website that needs Basic authentication.
我想帮忙的事情与在弹出窗口中输入用户名和密码时发生的事情完全一样.
The thing I want to accomplice is the exact same thing that happens when I type in username and password in the popupform.
我尝试了许多关于该主题的不同方式,但是没有一种有效.奇怪的是,ajax调用返回了响应,但是无论如何我还是得到了Windows安全性弹出窗口.我是否需要将其缓存? 例如,下面的两个代码都无法正常工作.下面的一个使用base64
I have tried many different ways that I have seen on the topic, but none of them works. The strange thing is that the ajax calls return a respone, but then I get the windows security popup anyway. Do I need to cache it someway? For example the both of the codes below I dont get to work. The one below uses the base64
$.ajax(
{
'password' : password,
'username' : username,
'url' : url,
'type' : 'GET',
'success' : function(){ alert("success"); },
'error' : function(err){ alert('Bad Login Details' + err);},
}
);
$.ajax({
url : url,
method : 'GET',
beforeSend : function(req) {
req.setRequestHeader('Authorization', auth);
},
error : function(xhr, ajaxOptions, thrownError) {
alert('Invalid username or password. Please try again. thrownError:' + thrownError + 'xhr:' + xhr + 'ajaxOptions:'+ajaxOptions);
},
sucess: function(result) {
alert('done');
}
});
推荐答案
如果可以控制服务器端代码,则可以滚动自己的Authenticate标头,以防止浏览器弹出标准的基本挑战".例如,如果标题为:
If you have control of the server side code, you could roll your own Authenticate header to prevent the browser from popping up the standard Basic Challenge. For example, if you header is:
WWW-Authenticate: Basic realm="realm here"
然后浏览器将弹出挑战.但是如果标题是:
Then the browser will pop up the challenge. But if you header is:
WWW-Authenticate: my-basic realm="insert realm"
然后浏览器将不会弹出401质询.
Then the browser will not pop up a 401 challenge.
这篇关于如何防止基本身份验证表单弹出的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
