/** * Should a basic auth be used * @param req * @return */ protected boolean doBasicAuth(HttpServletRequest req) { boolean allowBasicAuth = ServerConfigurationService.getBoolean( "allow.basic.auth.login", false); if (allowBasicAuth) { if (requestedBasicAuth(req) || !isBrowser(req.getHeader("User-Agent"))) { allowBasicAuth = true; } else { allowBasicAuth = false; } } return allowBasicAuth; }