I'm developping an application in AngularJS for the front-end and JavaEE for the back-end. In my AngularJS application I try to access a REST resource provided by my back-end. this resource is protected with JAAS, so only authenticated users can access the resource.
in my AngularJS app :
$http.get('/webresources/project/').success(function(data){...}).error(function(){...});
The project resource is protected by my web.xml file :
...
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>file</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/webresources/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
...
The thing is that when I try to access this resource when not authenticated the browser display the login prompt and my request is in pending state until I click Cancel then the response is 401 with WWW-Authenticate header.
What I want is that I can get rid of this browser login prompt and display my own login form. So I found some solutions but I don't know how to implement them:
1- Say To the back-end not to send WWW-Authenticate header. How to do this in Java ?
2- Send another status code instead of 401. Is it a correct behavior. ? if yes : how to do that ?
Thanks for your help.
$http.defaults.headers.common['Authorization'] = 'Basic ';and it is working in Firefox (no browser login prompt) but in chrome the browser login prompt still appear.