Is your code getting hit before the you get the 200? Is something getting cached?
On Mon, Aug 11, 2014 at 7:58 AM, flindby <[email protected]> wrote: > I have implemented bearer token authentication (Authentication in each > request with a client-id and access-token in the header). > > When I use the wrong credentials (Access-Token), I get back a "200 OK" with > empty body, is this expected? Shouldn't it be a 401 or 404? When I use > correct credentials I get back "200 OK" expected Json response, with body > content. > > I'm using the DefaultPasswordService and AuthorizingRealm. Maybe I miss > something? > > Using Shiro 1.2.3 > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Expected-HTTP-response-in-Apache-Shiro-when-auth-fails-tp7580148.html > Sent from the Shiro User mailing list archive at Nabble.com. >
