[CXF-6206] JAASLoginInterceptor: Return proper unauthorized response when JAAS login with basic auth fails - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.0.4, 3.1
Component/s: Core, Transports
Labels:
None

Estimated Complexity:
Unknown

Description

Currently we return a Fault with a AuthenticationException when JAAS login fails.

The proper response would be a 401 status with a suitable WWW-Authenticate header.

I experimented with turning the AuthenticationException into a 401 response in the http transport. Not sure where to take auth type and realm from though. I am also not sure how to distinguish basic auth from WSS Security UsernameToken. As in the second case 401 is probably not correct.

Attachments

Activity

People

Assignee:: Christian Schneider

Reporter:: Christian Schneider

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 20/Jan/15 09:53

Updated:: 16/Feb/15 16:09

Resolved:: 21/Jan/15 10:19