Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
Unknown
Description
Currently we return a Fault with a AuthenticationException when JAAS login fails.
The proper response would be a 401 status with a suitable WWW-Authenticate header.
I experimented with turning the AuthenticationException into a 401 response in the http transport. Not sure where to take auth type and realm from though. I am also not sure how to distinguish basic auth from WSS Security UsernameToken. As in the second case 401 is probably not correct.