I have a spring-mvc application (WAR) running on jetty web server. Authentication is done with j_security_check action. User provides credentials from login page which are validated with J_Security_check action and later user is able to browse all pages. JSessionID is maintained at server and cookie is sent back in response. UI is in JSP and controllers are defined for functional handling.This part is working fine properly.
Now we had one more client (UI) which wants to use the same controllers by sending http request (get/post) to it. Here view is a different application and they just want to use controllers. They will send http request, want to get http response and will handle display part.
The difference here is that they want the authentication logic to be little different, they will provide authorization header (base 16 encoded credentials) in each request which we can validate with DB transaction and pass it to controller and we are supposed to skip JSessionId validation. we don't need any session for this particular client.
I am able to add this logic in interceptor where based on header, we can identify that this particular request is from another client and add authentication logic. But problem is that webServer is not allowing the request to land on server if another client does not send JSessionID in request.
is there a way to skip JSesssionID validation for one particular client and same should continue for our spring mvc war application?
Please reply and suggest. I can elaborate more if my question is not that clear.
Regards Munish
Aucun commentaire:
Enregistrer un commentaire