We are trying to enable a custom credential handling layer to our ActivePivot tomcat servlet by intercepting incoming requests to the Cube and authenticating them as needed using a Spring Security Filter. Our system provides an "API Key" to logged in users if the username and password are valid and we would like some way of getting Excel to use this key once it has been logged in using HTTP Basic AUthentication.
When entering login credentials into the Excel "Data Connection Wizard" to connect to the AP Cube, it goes through the normal procedure of doing a GET on a Cube URL, where we return a 401 (since no API Key is present in the headers) with a "WWW-Authenticate: Basic Realm=..." header, to which it responds by getting the same URL with an "Authenticate: Basic ..." header with which we perform a username/password login and get an API key and actually return the contents for the request. This is all good and working as expected.
The question is, can we get Excel to remember that it has successfully authenticated and just pass the API Key in the "Authenticate" header in future requests? So far I have tried to send the API Key back in an "Authenticate" header in the response but Excel doesn't seem to notice that. Is there a standard way to pass a 'login token' for basic auth to the client?
This would solve 2 problems on our end: 1) we don't have to do a login every time a request is made and 2) we don't get double the number of requests (GET -> 401 -> GET with Auth -> return) since Excel would know it has already authenticated.