I dont think the JAASAuthenticationFilter is a good place for this.
Returning a 401 response is common to SOAP and REST while the
JAASAuthenticationFilter is REST only. I think the response should be
either generated in the http transport or in a separate interceptor like
Sergey suggested.
I am not yet sure what I would suggest as a solution. I have to think a
bit more about it and experiment some more. The difficult thing will be
to find a solution that covers more than the username/password cases we
currently look at.
In any case I am quite sure what causes the NPE. It probably happens
because we have no credentials. I am quite sure this can be fixed easily
either in karaf (LoginModule) or in the CallbackHandler where we supply
the credentials.
Christian
Am 20.01.2015 um 11:41 schrieb Niels Bertram:
Hi Christian, it would probably be better to add the doAs option to
the JAASAuthenticationFilter and fix whatever is causing the NPE
rather than trying to make the JAASLoginInterceptor do things it may
not be designed to do. I'll add some thoughts to the JIRA.
Thanks for the efforts,
Niels
--
Christian Schneider
http://www.liquid-reality.de
Open Source Architect
Talend Application Integration Division http://www.talend.com
