0

I have implemented a small HTTP server in my Java program based on com.sun.net.httpserver.HttpServer, which also uses basic authentication. This all works fine, however, I want to handle any failed authentication requests.

By default, when a user fails to authenticate (when she hits the Cancel button on the browser's login popup), a blank page is sent back to the client; the handle() method of the HttpHandler is not invoked.

Any ideas how I could catch these failed authentication attempts in my program?

Thanks!

skaffman
  • 398,947
  • 96
  • 818
  • 769
Matthias
  • 9,817
  • 14
  • 66
  • 125

2 Answers2

1

Had a look at the docs... I think you can do this by returning, from your Authenticator, a Authenticator.Retry Result and in it specify a new header "Location: http://mysite/loginpage" or whatever you want to redirect to (just remember you need to specify the absolute URL, starting with http://, not the relative url /loginpage)

EDIT: If you are using a subclass of BasicAuthenticator you will also need to override the authenticate method, you'll want to look at the original source code (see http://xantorohara.blogspot.com/2008/07/sources-of-comsunnethttpserverhttpserve.html) to see what the original authenticate method does... Or you can experiment in your authenticate() method to see what super.authenticate() returns, and if it is a Failure you instead send a Retry with the Location: header

Tor P
  • 1,351
  • 11
  • 9
  • great! was it the fix with the authenticate() override that did it? – Tor P Apr 23 '12 at 23:27
  • There is still a problem: after I have sent back a new Authenticator.Retry(301) to the client, it is correctly redirected to the login-failed-info-page. However, when I then re-try to login, i.e. re-load the login page, I am automatically being redirected again to the login-failed-info-page. It seems the browser "thinks" the (invalid) credentials have been correct in the first place?! – Matthias Apr 24 '12 at 23:29
0

I don't know if filters are called before the Authenticator (You can find out by printing som debugging info to the console in a filter and see if it is written to console before the Authenticator "kicks you out". If so you might do this by creating a Filter that is run before the authentication and redirects the user to an error page

Tor P
  • 1,351
  • 11
  • 9