Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-6206

JAASLoginInterceptor: Return proper unauthorized response when JAAS login with basic auth fails

          Details

          • Type: Improvement
          • Status: Closed
          • Priority: Major
          • Resolution: Fixed
          • Affects Version/s: None
          • Fix Version/s: 3.0.4, 3.1
          • Component/s: Core, Transports
          • Labels:
            None
          • Estimated Complexity:
            Unknown

            Description

            Currently we return a Fault with a AuthenticationException when JAAS login fails.

            The proper response would be a 401 status with a suitable WWW-Authenticate header.

            I experimented with turning the AuthenticationException into a 401 response in the http transport. Not sure where to take auth type and realm from though. I am also not sure how to distinguish basic auth from WSS Security UsernameToken. As in the second case 401 is probably not correct.

              Attachments

                Activity

                  People

                  • Assignee:
                    chris@die-schneider.net Christian Schneider
                    Reporter:
                    chris@die-schneider.net Christian Schneider
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    4 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: