IE，FireFox，Opera和Safari在服务器的连续401响应中不显示BASIC身份验证提示 [英] IE, FireFox, Opera, and Safari don't display BASIC auth prompt on successive 401 responses from server

问题描述

场景:

我有一个在最新的Tomcat 6中运行的Java Web应用程序.我还有一个提供身份验证的servlet过滤器.我支持BASIC身份验证，并且在大多数情况下都可以正常工作.

I have a java web app running in the latest Tomcat 6. I also have a single servlet filter that provides authentication. I support BASIC auth and it appears to work fine - most of the time.

浏览器第一次[选择任何一个-IE，FireFox，Opera，Safari，Chrome]进入我们受保护的网址之一时，它将显示特定于浏览器的标准登录提示.如果输入正确的用户名/密码，一切正常，创建新会话，一切正常.

The first time a browser [pick any one - IE, FireFox, Opera, Safari, Chrome] hits one of our protected URL(s), it displays the standard browser-specific login prompt. IFF you enter the proper username/password - everything is fine, a new session is created, and everything operates normally.

但是，如果您在初始的BASIC身份验证对话框中输入了无效的凭据，则我的身份验证过滤器逻辑会通过返回另一个401响应来处理此问题.

IF, however, you entered invalid credentials in the initial BASIC auth dialog, my authentication filter logic handles this by returning another 401 response.

问题: 不幸的是，目前，Chrome是唯一会显示另一个BASIC身份验证对话框的浏览器.列出的所有其他浏览器会自动发送缓存的"Authorization:Basic .."标头-而不是清除它并再次提示用户.

PROBLEM: Unfortunately, at this point, Chrome is the only browser that will display another BASIC auth dialog. All other browsers listed automatically send the cached "Authorization: Basic.." header - instead of clearing it and prompting the user again.

如果有人看到了此事或可能知道为什么会发生这种情况，我将不胜感激任何建议！

If anyone has seen this or may know why this is happening, I would greatly appreciate any suggestions!

感谢和最好的问候， 鲍勃

Thanks and Best Regards, Bob

推荐答案

问题已解决:

再次查看我的代码后，我发现返回401的位置没有设置WWW-Authenticate HEADER.

After looking over my code again, I found a point where a 401 was being returned without also setting the WWW-Authenticate HEADER.

-bob

这篇关于IE，FireFox，Opera和Safari在服务器的连续401响应中不显示BASIC身份验证提示的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！