Returning 401 here would be in violation of the HTTP protocol because RFC 2616 requires the server to also return a WWW-Authenticate header (see section 10.4.2) and thereby request the client to use HTTP authentication instead of WS-Security.
Andreas On Sun, Mar 7, 2010 at 09:32, Amila Suriarachchi <[email protected]> wrote: > > > On Tue, Mar 2, 2010 at 4:35 PM, Ruchith Fernando > <[email protected]> wrote: >> >> Hi, >> >> I think you will have to add a handler to detect a failure in >> authentication and then send the error code, if you need it to be > > if the username token fails, why rampart can not set the http code as 401? > > thanks, > Amila. >> >> something other than the default. >> >> Thanks, >> Ruchith >> >> On Tue, Mar 2, 2010 at 3:16 AM, Ansgar Berhorn <[email protected]> >> wrote: >> > Hello mailing list, >> > >> > I have a web service using Axis2 (tested both in 1.4.1 and 1.5.1) with >> > Rampart for the security. >> > >> > When authentication fails, Axis2 will throw an exception internally and >> > respond with http status 200. >> > >> > Is there a way to configure Axis2 or Rampart to responds properly with a >> > 401 >> > (Unauthorized)? Maybe somebody can give a hint what/where to look for? I >> > looked through all the Axis2 examples did not find any hint. >> > >> > <parameter name="InflowSecurity"> >> > <action> >> > <items>UsernameToken</items> >> > <passwordCallbackClass> >> > com.some.organisation.PasswordHandler >> > </passwordCallbackClass> >> > </action> >> > </parameter> >> > >> > The PasswordHandler throws a >> > >> > WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION) >> > >> > What is the way to make my service respond with a 401 instead of a 200? >> > >> > Thanks for any hints in advance! >> > >> > Regards, >> > Ansgar Berhorn >> > >> >> >> >> -- >> http://ruchith.org >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > > > -- > Amila Suriarachchi > WSO2 Inc. > blog: http://amilachinthaka.blogspot.com/ > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
