Possible to redirect 401?

Jul 20, 2011 at 11:45 PM

I have a unique situation.  I have a java application that currently allows guest user access.  It also has a username/password form to allow logging in.  We would like to automatically log in those users that can use Windows Integrated Authentication.  The problem is we want to leave the user experience unchanged for those who can't authenticate with WIA.  I've implemented the NegotiateSecurityFilter on the application and it works great for WIA users.  But for those who can't authenticate via WIA (for a variety of reasons), they are prompted for a user id and password.  I know this is occurring because the filter is sending back a 401 error code and the browser is responding as it should.  Is there anyway that I can bypass this so that I can tell the application to treat the user as a guest?  Any help would be appreciated.

Jul 21, 2011 at 1:01 PM

Once the Negotiate protocol started you can no longer do that. That's because negotiate can fail on both sides of the wire - either the server or the client can receive a token and fail to continue authentication. In fact, most of the time the server is stuck in the "keep trying" sequence as it receives valid tokens and resends some kind of continuation back to the client - accompanied with a 401. The client gives up and puts up a dialog.

The best solution we ever found was to do "mixed" authentication when the user has a form in which he chooses what mode to use. That didn't seem to shock people.

Jul 21, 2011 at 1:56 PM

Thanks for the response.  I'm not sure that the "mixed" authentication is what I want.  I really just want it to try the authentication and if it fails, just send back a null in getRemoteUser or something like that.  The application has its own way of dealing with the "form-based" authentication and I don't really want to mess with that.  I wanted to try the Windows authentication and if it works, great.  If it doesn't, just continue into the app as usual with the anonymous guest id.  I'll continue to look and see if I can come up with a solution.  Thanks again.