thanks for the update!
On Tue, Aug 19, 2014 at 8:21 AM, flindby <[email protected]> wrote: > Thank you Brian Demers, I think I solved the problem. > > Before my onAccessDenied() looked like this: > > @Override > protected boolean onAccessDenied(ServletRequest request, > ServletResponse > response) > throws Exception { > if (hasAuthorizationToken(request)) { > // Proceed with authentication > return executeLogin(request, response); > } > // Return 401 if authentication failed > WebUtils.toHttp(response).sendError( > Status.UNAUTHORIZED.getStatusCode(), > "Oops, Authentication required"); > return false; > } > > Now it looks like this: > > @Override > protected boolean onAccessDenied(ServletRequest request, > ServletResponse > response) > throws Exception { > boolean authenticated = false; > if (hasAuthorizationToken(request)) { > // Proceed with authentication > authenticated = executeLogin(request, response); > } > // Return 401 if authentication failed > if (!authenticated) > WebUtils.toHttp(response).sendError( > Status.UNAUTHORIZED.getStatusCode(), > "Oops, Authentication required"); > return authenticated; > } > > I needed to manually return 401 when authentication failed. > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Expected-HTTP-response-in-Apache-Shiro-when-auth-fails-tp7580148p7580158.html > Sent from the Shiro User mailing list archive at Nabble.com. >
