[
https://issues.apache.org/jira/browse/MESOS-3933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15082830#comment-15082830
]
Jan Schlicht commented on MESOS-3933:
-------------------------------------
Authentication and authorization of HTTP endpoints use the credentials provided
by the {{WW-Authenticate}} field of the HTTP request header. The Mesos tests
are a good resource for examples, i.e.
{{TeardownTest.TeardownEndpointBadCredentials}} creates a HTTP request with
wrong credentials and expects an {{Unauthorized}} HTTP response.
> Use a simpler realm for "Unauthorized" HTTP responses.
> ------------------------------------------------------
>
> Key: MESOS-3933
> URL: https://issues.apache.org/jira/browse/MESOS-3933
> Project: Mesos
> Issue Type: Bug
> Components: HTTP API
> Reporter: Jan Schlicht
> Priority: Trivial
> Labels: easyfix, newbie
>
> Currently, if a HTTP request cannot be authorized, an {{Unauthorized}}
> response is returned using "Mesos master" for the {{realm}} parameter. While
> not strictly forbidden by the HTTP RFC, strings with spaces seem to be very
> uncommon for the {{realm}} parameter. A simpler realm such as "Mesos" should
> be used instead.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
