----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/760/ -----------------------------------------------------------
Review request for shindig. Summary ------- Update the AuthenticationServletFilter: 1. Make the auth realm configurable via property or override able protected method. 2. Sets the auth header from the right handler. Currently the code sets the response's WWW-Authenticate header whenever an auth handler return null st. So if the next handler return a security token, the response contains WWW-Authenticate header from previous handler. This CR change the logic to only add WWW-Authenticate header if token is not set or InvalidAuthenticationException is thrown. Diffs ----- trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationServletFilter.java 1125043 trunk/java/common/src/test/java/org/apache/shindig/auth/AuthenticationServletFilterTest.java 1125043 Diff: https://reviews.apache.org/r/760/diff Testing ------- Update unit test for null st. Thanks, Henry
