AngularJS browser authentication prompt

Question

I'm developping an application in AngularJS for the front-end and JavaEE for the back-end. In my AngularJS application I try to access a REST resource provided by my back-end. this resource is protected with JAAS, so only authenticated users can access the resource.

in my AngularJS app :

$http.get('/webresources/project/').success(function(data){...}).error(function(){...});

The project resource is protected by my web.xml file :

...
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>file</realm-name>
</login-config>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Protected Area</web-resource-name>
        <url-pattern>/webresources/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>user</role-name>
    </auth-constraint>
</security-constraint>
...

The thing is that when I try to access this resource when not authenticated the browser display the login prompt and my request is in pending state until I click Cancel then the response is 401 with WWW-Authenticate header.

What I want is that I can get rid of this browser login prompt and display my own login form. So I found some solutions but I don't know how to implement them:

1- Say To the back-end not to send WWW-Authenticate header. How to do this in Java ?
2- Send another status code instead of 401. Is it a correct behavior. ? if yes : how to do that ?

Thanks for your help.

Answer 1

You can do a simple trick:

Create a 401.jsp error page and add it to your web.xml; In it do:

<%
response.reset();
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
%>

This will remove the WWW-Authenticate header because of the reset, but still serve a 401 status.

Hope it helps