[
https://issues.apache.org/jira/browse/CXF-6206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14283937#comment-14283937
]
Sergey Beryozkin commented on CXF-6206:
---------------------------------------
Niels, having said all of that, I'd like to repeat I'm open to enhancing the
filter to support doAs, unfortunately it is not as simple as adding an extra
setter to it. To be honest, you can get it work directly with
JAASLoginInterceptor too, the filter is just a little helper. Regitster an
interceptor and JAX-RS AuthenticationException ExceptionMapper and that will
do...
In meantime I'll also explore what can be done at JAX-RS level, example, may be
Subject can be injected as a context or say ContainerRequestContext.getSubject
might be introduced...
> JAASLoginInterceptor: Return proper unauthorized response when JAAS login
> with basic auth fails
> -----------------------------------------------------------------------------------------------
>
> Key: CXF-6206
> URL: https://issues.apache.org/jira/browse/CXF-6206
> Project: CXF
> Issue Type: Improvement
> Components: Core, Transports
> Reporter: Christian Schneider
> Assignee: Christian Schneider
> Fix For: 3.1.0
>
>
> Currently we return a Fault with a AuthenticationException when JAAS login
> fails.
> The proper response would be a 401 status with a suitable WWW-Authenticate
> header.
> I experimented with turning the AuthenticationException into a 401 response
> in the http transport. Not sure where to take auth type and realm from
> though. I am also not sure how to distinguish basic auth from WSS Security
> UsernameToken. As in the second case 401 is probably not correct.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
