From e569f70dd1cc95ee8d30970389b718c529039261 Mon Sep 17 00:00:00 2001
From: lresende <lresende@13f79535-47bb-0310-9956-ffa450edef68>
Date: Tue, 15 Dec 2009 00:58:47 +0000
Subject: TUSCANY-3389 - Providing different http status code depending on the
 authentication/authorization error. 401 when user could not be authenticated,
 403 when user was authenticated but it does not have the proper role to
 execute the operation

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@890591 13f79535-47bb-0310-9956-ffa450edef68
---
 .../tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java   | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca')

diff --git a/sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java b/sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java
index a6ccd195ae..346a51e5e7 100644
--- a/sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java
+++ b/sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java
@@ -97,7 +97,9 @@ public class JSONRPCServiceServlet extends JSONRPCServlet {
                 handleServiceRequest(request, response);
                 
             } catch(RuntimeException re) {
-                if (re.getCause() instanceof javax.security.auth.login.LoginException) {
+                if (re.getCause() instanceof javax.security.auth.login.FailedLoginException) {
+                    response.sendError(HttpServletResponse.SC_FORBIDDEN);                    
+                }else if (re.getCause() instanceof javax.security.auth.login.LoginException) {
                     response.setHeader("WWW-Authenticate", "BASIC realm=\"" + "ldap-realm" + "\"");
                     response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                 }
-- 
cgit v1.2.3