Seeing this and the other replies from the thread I learn that my
question was asking for a to detailed aspect in the first place.
Basically I "just" want a smooth handling of failed authentication
between my Axis2/Rampart/Java-Server app and my Axis2c/Rampartc client app.
Between the flood of documentation about all the esoteric WS-Security
features it is sometimes hard to find substantial information/guidance
about the "core" things.
Thanks for this clarification. I will have a closer how to handle it via
the SOAP layer.
Ansgar
On 07.03.2010 22:14, Andreas Veithen wrote:
Returning 401 here would be in violation of the HTTP protocol because
RFC 2616 requires the server to also return a WWW-Authenticate header
(see section 10.4.2) and thereby request the client to use HTTP
authentication instead of WS-Security.
Andreas
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
