Return-Path: X-Original-To: apmail-cxf-issues-archive@www.apache.org Delivered-To: apmail-cxf-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3F0F110109 for ; Tue, 20 Jan 2015 11:03:49 +0000 (UTC) Received: (qmail 14154 invoked by uid 500); 20 Jan 2015 11:01:14 -0000 Delivered-To: apmail-cxf-issues-archive@cxf.apache.org Received: (qmail 13460 invoked by uid 500); 20 Jan 2015 11:01:13 -0000 Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list issues@cxf.apache.org Received: (qmail 10682 invoked by uid 99); 20 Jan 2015 10:58:34 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 20 Jan 2015 10:58:34 +0000 Date: Tue, 20 Jan 2015 10:58:34 +0000 (UTC) From: "Sergey Beryozkin (JIRA)" To: issues@cxf.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CXF-6206) JAASLoginInterceptor: Return proper unauthorized response when JAAS login with basic auth fails MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CXF-6206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14283699#comment-14283699 ] Sergey Beryozkin commented on CXF-6206: --------------------------------------- Hi, I guess adding AuthenticationType to AuthenticationException would solve it, good idea. Not sure about the specialized exception because JAASLoginInterceptor would need to figure out if it is HTTP or not, and both BasicAuth and WS-Sec can happen over HTTP. The user though would know which endpoint is bound to the HTTP transport and would register the fault interceptor - it would check AuthenticationType and if it is BasicAuth -> 401, otherwise it will let the chain continue, default SOAP fault... > JAASLoginInterceptor: Return proper unauthorized response when JAAS login with basic auth fails > ----------------------------------------------------------------------------------------------- > > Key: CXF-6206 > URL: https://issues.apache.org/jira/browse/CXF-6206 > Project: CXF > Issue Type: Improvement > Components: Core, Transports > Reporter: Christian Schneider > Assignee: Christian Schneider > Fix For: 3.1.0 > > > Currently we return a Fault with a AuthenticationException when JAAS login fails. > The proper response would be a 401 status with a suitable WWW-Authenticate header. > I experimented with turning the AuthenticationException into a 401 response in the http transport. Not sure where to take auth type and realm from though. I am also not sure how to distinguish basic auth from WSS Security UsernameToken. As in the second case 401 is probably not correct. -- This message was sent by Atlassian JIRA (v6.3.4#6332)