Christian Schneider created CXF-6206:
----------------------------------------
Summary: JAASLoginInterceptor: Return proper unauthorized response
when JAAS login with basic auth fails
Key: CXF-6206
URL: https://issues.apache.org/jira/browse/CXF-6206
Project: CXF
Issue Type: Improvement
Components: Core, Transports
Reporter: Christian Schneider
Assignee: Christian Schneider
Fix For: 3.1.0
Currently we return a Fault with a AuthenticationException when JAAS login
fails.
The proper response would be a 401 status with a suitable WWW-Authenticate
header.
I experimented with turning the AuthenticationException into a 401 response in
the http transport. Not sure where to take auth type and realm from though. I
am also not sure how to distinguish basic auth from WSS Security UsernameToken.
As in the second case 401 is probably not correct.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
