I have implemented bearer token authentication (Authentication in each request with a client-id and access-token in the header).
When I use the wrong credentials (Access-Token), I get back a "200 OK" with empty body, is this expected? Shouldn't it be a 401 or 404? When I use correct credentials I get back "200 OK" expected Json response, with body content. I'm using the DefaultPasswordService and AuthorizingRealm. Maybe I miss something? Using Shiro 1.2.3 -- View this message in context: http://shiro-user.582556.n2.nabble.com/Expected-HTTP-response-in-Apache-Shiro-when-auth-fails-tp7580148.html Sent from the Shiro User mailing list archive at Nabble.com.
