I need to include some secure (BASIC authentication) application.
when I open the application URL in the browser, the browser asks me to enter your credentials ...
what I know is that:
- The browser ask the server to get some URL -- the url of the app
- The server checks the request header for the
Authentication headerand didn't find it- The server sends
401to the browser back- The browser interpret this response code into a message dialog that shows to me asking me to enter the username/password to send back to the server in the
Authenticationrequest header
So far... so good, I can write some page (in JSP) that send this required http request header to the request that is calling this page.. So I'll call this application through my page..
The problem here is, this application (in fact a GWT application) contains a reference to some Javascript and CSS files that is coming from the server that hosts this application. the application page that I import looks like:
<html>
<link href="http://application_host/cssfile.css" />
<link href="http://application_host/javascriptfile.js" />
.....
</html>
So, again I found the application asks me for the authentication crenditals for the css and js files!
I am thinking of many solutions but don't know the applicability of each
- One solution is to ask the browser
(via Javascript) to send the request
header (
Authentication) when he asks the server for the js and css files
please give me your opinions about that... and any other suggestions will be very welcomed.
Thanks.