Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-9783

Suppress HTTP Basic Auth Requests for AJAX Calls

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 21.0.1
    • Fix Version/s: 22.0.0
    • Component/s: Web UI - General
    • Security Level: Default (Default Security Scheme)
    • Labels:
      None
    • Sprint:
      Horizon - Feb 7th 2018, Horizon - Feb 14th 2018, Horizon - Feb 21st 2018, Horizon - March 14th 2018, Horizon - March 21st 2018

      Description

      From a brief discussion on Mattermost with mvrueden:

      https://stackoverflow.com/questions/37763186/spring-boot-security-shows-http-basic-auth-popup-after-failed-login

      It would be nice to have OpenNMS pass the X-Requested-With: XMLHttpRequest header in all of its AJAX requests, so that Spring Security won't send HTTP Basic Auth challenges back, just a 401 Forbidden response.

      Otherwise, the browser may end up opening up a HTTP Basic dialog in some background window, which ends up blocking all interaction in any other tab/window with OpenNMS until it is filled in or canceled out...

      For bonus points, it'd probably be good to have a general handler in the JS code for 401 AJAX responses that redirects the browser back to the login page (but perhaps such a handler already exists, and is just hidden by this issue).

        Attachments

          Activity

            People

            • Assignee:
              ranger Benjamin Reed
              Reporter:
              pioto Mike Kelly
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: