Return-Path: 
 <issues-return-33004-apmail-cxf-issues-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-issues-archive@www.apache.org
Delivered-To: apmail-cxf-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 626A3102B1
	for <apmail-cxf-issues-archive@www.apache.org>;
 Wed, 21 Jan 2015 08:03:35 +0000 (UTC)
Received: (qmail 46149 invoked by uid 500); 21 Jan 2015 08:03:35 -0000
Delivered-To: apmail-cxf-issues-archive@cxf.apache.org
Received: (qmail 46114 invoked by uid 500); 21 Jan 2015 08:03:35 -0000
Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@cxf.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@cxf.apache.org>
List-Post: <mailto:issues@cxf.apache.org>
List-Id: <issues.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list issues@cxf.apache.org
Received: (qmail 46102 invoked by uid 99); 21 Jan 2015 08:03:35 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 Jan 2015 08:03:35 +0000
Date: Wed, 21 Jan 2015 08:03:35 +0000 (UTC)
From: "Christian Schneider (JIRA)" <jira@apache.org>
To: issues@cxf.apache.org
Message-ID: <JIRA.12768634.1421747593000.132260.1421827415221@Atlassian.JIRA>
In-Reply-To: <JIRA.12768634.1421747593000@Atlassian.JIRA>
References: <JIRA.12768634.1421747593000@Atlassian.JIRA>
 <JIRA.12768634.1421747593705@arcas>
Subject: [jira] [Commented] (CXF-6206) JAASLoginInterceptor: Return proper
 unauthorized response when JAAS login with basic auth fails
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/CXF-6206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14285317#comment-14285317 ] 

Christian Schneider commented on CXF-6206:
------------------------------------------

Are you sure subject.doAs starts a new thread? The javadoc of it does not say that. Apart from that I agree. I will also look into using an ExceptionMapper for the response. Perhaps we could add and configure it in the JAASLoginFeature. So the complexity stays out of the jaas interceptor and is still easy to configure for users.

> JAASLoginInterceptor: Return proper unauthorized response when JAAS login with basic auth fails
> -----------------------------------------------------------------------------------------------
>
>                 Key: CXF-6206
>                 URL: https://issues.apache.org/jira/browse/CXF-6206
>             Project: CXF
>          Issue Type: Improvement
>          Components: Core, Transports
>            Reporter: Christian Schneider
>            Assignee: Christian Schneider
>             Fix For: 3.1.0
>
>
> Currently we return a Fault with a AuthenticationException when JAAS login fails.
> The proper response would be a 401 status with a suitable WWW-Authenticate header.
> I experimented with turning the AuthenticationException into a 401 response in the http transport. Not sure where to take auth type and realm from though. I am also not sure how to distinguish basic auth from WSS Security UsernameToken. As in the second case 401 is probably not correct.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)