[jira] [Updated] (CXF-6206) JAASLoginInterceptor: Return proper unauthorized response when JAAS login with basic auth fails

Christian Schneider (JIRA) Mon, 26 Jan 2015 01:47:06 -0800

     [ 
https://issues.apache.org/jira/browse/CXF-6206?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Christian Schneider updated CXF-6206:
-------------------------------------
    Fix Version/s: 3.0.4

> JAASLoginInterceptor: Return proper unauthorized response when JAAS login 
> with basic auth fails
> -----------------------------------------------------------------------------------------------
>
>                 Key: CXF-6206
>                 URL: https://issues.apache.org/jira/browse/CXF-6206
>             Project: CXF
>          Issue Type: Improvement
>          Components: Core, Transports
>            Reporter: Christian Schneider
>            Assignee: Christian Schneider
>             Fix For: 3.0.4, 3.1.0
>
>
> Currently we return a Fault with a AuthenticationException when JAAS login 
> fails.
> The proper response would be a 401 status with a suitable WWW-Authenticate 
> header.
> I experimented with turning the AuthenticationException into a 401 response 
> in the http transport. Not sure where to take auth type and realm from 
> though. I am also not sure how to distinguish basic auth from WSS Security 
> UsernameToken. As in the second case 401 is probably not correct.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (CXF-6206) JAASLoginInterceptor: Return proper unauthorized response when JAAS login with basic auth fails

Reply via email to