[英]Bypass tomcat basic authentication using adobe flex
I have configured apache tomcat web.xml for basic authentication for specifc address by pasting code below in web.xml 我已经通过将下面的代码粘贴到web.xml中来为特定地址的基本身份验证配置了apache tomcat web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>
Protected Site
</web-resource-name>
<!-- This would protect the entire site -->
<url-pattern> /Documents/* </url-pattern>
<!-- If you list http methods,
only those methods are protected -->
<http-method> DELETE </http-method>
<http-method> GET </http-method>
<http-method> POST </http-method>
<http-method> PUT </http-method>
</web-resource-collection>
<auth-constraint>
<!-- Roles that have access -->
<role-name>role1</role-name>
</auth-constraint>
</security-constraint>
<!-- BASIC authentication -->
<login-config>
<auth-method> BASIC </auth-method>
<realm-name>Authentication </realm-name>
</login-config>
<!-- Define security roles -->
<security-role>
<description> Test role </description>
<role-name>role1</role-name>
</security-role>
I got browser basic authentication dialog for getting username and password. 我得到了用于获取用户名和密码的浏览器基本身份验证对话框。 and after correct username and password i get authenticated and able to see document otherwise not. 正确的用户名和密码后,我将获得身份验证,并能够查看文档,否则无法查看。
Now every thing works fine but "I want to bypass this authentication using Adobe flex programming ie by giving username N password in flex code, i want that this dialog should not appear and user gets authenticated by code." 现在一切正常,但是“我想使用Adobe Flex编程绕过此身份验证,即通过在弹性代码中给用户名N密码,我希望该对话框不出现并且用户通过代码进行身份验证。”
You should add the authentication header to your service:HTTPService
object. 您应该将身份验证标头添加到service:HTTPService
对象。
import mx.utils.Base64Encoder;
private function addAuthenticationHeader(service:HTTPService):void
{
var encoder:Base64Encoder = new Base64Encoder();
encoder.insertNewLines = false;
encoder.encode("django:reinhardt");
service.headers = {Authorization:"Basic " + encoder.toString()};
service.send();
}
In my opinion 1 is not possible because Basic-Authentication (BA) does not rely on cookies or session id. 我认为1是不可能的,因为基本身份验证(BA)不依赖Cookie或会话ID。 If the browser does not re ask you the password on every protected pages this is just because it stores the BA header in an internal session that is not shared across all the page components especially with flash (for evident security reasons...). 如果浏览器没有在每个受保护的页面上都询问您密码,那仅仅是因为它在一个内部会话中存储了BA标头,而该内部会话并未在所有页面组件之间共享,尤其是与Flash共享(出于明显的安全原因...)。
If it is the second option then you should use such url that contains everything https//django:reinhardt@localhost/myApp/Documents/mySecret.mp3
and that will be mapped by the browser. 如果是第二个选项,则应使用包含所有内容的url,例如https//django:reinhardt@localhost/myApp/Documents/mySecret.mp3
,它将由浏览器映射。
HIH HIH
You can't do it in your Flex web application. 您无法在Flex Web应用程序中执行此操作。
Only an AIR application or mobile app could do it - 只有AIR应用程序或移动应用程序可以做到-
because the following headers are not allowed for the former in URLRequestHeader : 因为在URLRequestHeader中 ,前者不允许以下头:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.