What we should be sending is "wsse:FailedAuthentication" as the error code of a SOAP fault [1]. And IIRC the SOAP fault is sent with the http error code 500 (Please correct me if I'm wrong). I'm not sure why it is sending a HTTP 200 right now.
Therefore if you want any other behavior you need to write a custom handler for that. Thanks, Ruchith 1. http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf On Sun, Mar 7, 2010 at 3:32 AM, Amila Suriarachchi <[email protected]> wrote: > > > On Tue, Mar 2, 2010 at 4:35 PM, Ruchith Fernando > <[email protected]> wrote: >> >> Hi, >> >> I think you will have to add a handler to detect a failure in >> authentication and then send the error code, if you need it to be > > if the username token fails, why rampart can not set the http code as 401? > > thanks, > Amila. >> >> something other than the default. >> >> Thanks, >> Ruchith >> >> On Tue, Mar 2, 2010 at 3:16 AM, Ansgar Berhorn <[email protected]> >> wrote: >> > Hello mailing list, >> > >> > I have a web service using Axis2 (tested both in 1.4.1 and 1.5.1) with >> > Rampart for the security. >> > >> > When authentication fails, Axis2 will throw an exception internally and >> > respond with http status 200. >> > >> > Is there a way to configure Axis2 or Rampart to responds properly with a >> > 401 >> > (Unauthorized)? Maybe somebody can give a hint what/where to look for? I >> > looked through all the Axis2 examples did not find any hint. >> > >> > <parameter name="InflowSecurity"> >> > <action> >> > <items>UsernameToken</items> >> > <passwordCallbackClass> >> > com.some.organisation.PasswordHandler >> > </passwordCallbackClass> >> > </action> >> > </parameter> >> > >> > The PasswordHandler throws a >> > >> > WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION) >> > >> > What is the way to make my service respond with a 401 instead of a 200? >> > >> > Thanks for any hints in advance! >> > >> > Regards, >> > Ansgar Berhorn >> > >> >> >> >> -- >> http://ruchith.org >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > > > -- > Amila Suriarachchi > WSO2 Inc. > blog: http://amilachinthaka.blogspot.com/ > -- http://ruchith.org --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
