----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/760/ -----------------------------------------------------------
(Updated 2011-05-21 10:15:56.409455) Review request for shindig. Changes ------- Only sets auth header when return status 401. Summary ------- Update the AuthenticationServletFilter: 1. Make the auth realm configurable via property or override able protected method. 2. Sets the auth header from the right handler. Currently the code just sets the response's WWW-Authenticate header whenever an auth handler return null st. So if the next handler return a security token, the response contains WWW-Authenticate header from previous handler. This CR change the logic to also add WWW-Authenticate header if token is not set or InvalidAuthenticationException is thrown. Diffs (updated) ----- trunk/java/common/src/test/java/org/apache/shindig/auth/AuthenticationServletFilterTest.java 1125364 trunk/java/common/src/main/java/org/apache/shindig/auth/AuthenticationServletFilter.java 1125364 Diff: https://reviews.apache.org/r/760/diff Testing ------- Update unit test for null st. Thanks, Henry
