Hi Alex, We made a recent change to Guard in SVN trunk. There is now a "rechallengeEnabled" property that is available (and even set to true by default). This should definitely work better for you.
If you are in 1.0, the only option I see is to override the Guard.doHandle() method to change the behavior. Have a look at the new behavior in trunk for guidance. Best regards, Jerome > -----Message d'origine----- > De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la > part de Alex Milowski > Envoyé : jeudi 22 novembre 2007 05:03 > À : [email protected] > Objet : Guards and 403 Responses > > I've been having continuous problems with guards returning > 403 responses > for wrong passwords. Many clients (e.g. Firefox) do not > handle the 403 properly > without a challenge. > > I wonder if the default response for a wrong password should include a > challenge? > > Maybe the forbid() method of Guard class could differentiate > between an > unauthorized request (e.g. authenticated by authorize() > returned false) and > an non-authenticated request where the credentials do no match. > > A simple flag on the forbid method would suffice: > > public void forbid(Response response, boolean > authenticated) { ... } > > and that way someone like myself could override the forbid > method on a Guard > instance to add a challenge. > > This would fix the problem where Firefox et. al. remember the > bad password > and require that I "clear passwords" before I get the challenge again. > > --Alex Milowski
