IE,FireFox,Opera和Safari在服务器的连续401响应中不显示BASIC身份验证提示 [英] IE, FireFox, Opera, and Safari don't display BASIC auth prompt on successive 401 responses from server
问题描述
场景:
我有一个在最新的Tomcat 6中运行的Java Web应用程序.我还有一个提供身份验证的servlet过滤器.我支持BASIC身份验证,并且在大多数情况下都可以正常工作.
I have a java web app running in the latest Tomcat 6. I also have a single servlet filter that provides authentication. I support BASIC auth and it appears to work fine - most of the time.
浏览器第一次[选择任何一个-IE,FireFox,Opera,Safari,Chrome]进入我们受保护的网址之一时,它将显示特定于浏览器的标准登录提示.如果输入正确的用户名/密码,一切正常,创建新会话,一切正常.
The first time a browser [pick any one - IE, FireFox, Opera, Safari, Chrome] hits one of our protected URL(s), it displays the standard browser-specific login prompt. IFF you enter the proper username/password - everything is fine, a new session is created, and everything operates normally.
但是,如果您在初始的BASIC身份验证对话框中输入了无效的凭据,则我的身份验证过滤器逻辑会通过返回另一个401响应来处理此问题.
IF, however, you entered invalid credentials in the initial BASIC auth dialog, my authentication filter logic handles this by returning another 401 response.
问题: 不幸的是,目前,Chrome是唯一会显示另一个BASIC身份验证对话框的浏览器.列出的所有其他浏览器会自动发送缓存的"Authorization:Basic .."标头-而不是清除它并再次提示用户.
PROBLEM: Unfortunately, at this point, Chrome is the only browser that will display another BASIC auth dialog. All other browsers listed automatically send the cached "Authorization: Basic.." header - instead of clearing it and prompting the user again.
如果有人看到了此事或可能知道为什么会发生这种情况,我将不胜感激任何建议!
If anyone has seen this or may know why this is happening, I would greatly appreciate any suggestions!
感谢和最好的问候, 鲍勃
Thanks and Best Regards, Bob
推荐答案
问题已解决:
再次查看我的代码后,我发现返回401的位置没有设置WWW-Authenticate HEADER.
After looking over my code again, I found a point where a 401 was being returned without also setting the WWW-Authenticate HEADER.
-bob
这篇关于IE,FireFox,Opera和Safari在服务器的连续401响应中不显示BASIC身份验证提示的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!