I dont think the JAASAuthenticationFilter is a good place for this.
Returning a 401 response is common to SOAP and REST while the JAASAuthenticationFilter is REST only. I think the response should be either generated in the http transport or in a separate interceptor like Sergey suggested.

I am not yet sure what I would suggest as a solution. I have to think a bit more about it and experiment some more. The difficult thing will be to find a solution that covers more than the username/password cases we currently look at.

In any case I am quite sure what causes the NPE. It probably happens because we have no credentials. I am quite sure this can be fixed easily either in karaf (LoginModule) or in the CallbackHandler where we supply the credentials.

Christian

Am 20.01.2015 um 11:41 schrieb Niels Bertram:
Hi Christian, it would probably be better to add the doAs option to the JAASAuthenticationFilter and fix whatever is causing the NPE rather than trying to make the JAASLoginInterceptor do things it may not be designed to do. I'll add some thoughts to the JIRA.

Thanks for the efforts,
Niels


--
Christian Schneider
http://www.liquid-reality.de

Open Source Architect
Talend Application Integration Division http://www.talend.com

Reply via email to