[
https://issues.apache.org/jira/browse/CXF-6206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14285453#comment-14285453
]
Sergey Beryozkin commented on CXF-6206:
---------------------------------------
Hi Christian, yes, I'm expecting it to work with JAX-RS too. However I'll keep
the filter for the following reasons:
- it is a JAX-RS 2.0 filter and as such it offers a different registration
option (as a JAX-RS Provider, via the auto-discovery or from JAX-RS Application)
- I'm interested in making sure getting pre-match JAX-RS filters possibly work
in scope of an independent CXF interceptor and thus work with doAs, etc
- I've had a plan for it to support interacting with form login services by
doing proper redirects, etc
> JAASLoginInterceptor: Return proper unauthorized response when JAAS login
> with basic auth fails
> -----------------------------------------------------------------------------------------------
>
> Key: CXF-6206
> URL: https://issues.apache.org/jira/browse/CXF-6206
> Project: CXF
> Issue Type: Improvement
> Components: Core, Transports
> Reporter: Christian Schneider
> Assignee: Christian Schneider
> Fix For: 3.1.0
>
>
> Currently we return a Fault with a AuthenticationException when JAAS login
> fails.
> The proper response would be a 401 status with a suitable WWW-Authenticate
> header.
> I experimented with turning the AuthenticationException into a 401 response
> in the http transport. Not sure where to take auth type and realm from
> though. I am also not sure how to distinguish basic auth from WSS Security
> UsernameToken. As in the second case 401 is probably not correct.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
