<div>It was team's choice ;)
</div>
<div><div><br></div><div><br></div><div><div>-- </div><div>"The measure of a man is what he does with power" - Plato</div><div>-</div><div>@abstractj</div><div>-</div><div>Volenti Nihil Difficile</div></div></div>
<p style="color: #A0A0A8;">On Tuesday, October 2, 2012 at 8:39 AM, Matthias Wessendorf wrote:</p>
<blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;">
<span><div><div><div>See my other mail, but I the WWW-Authenticate is required on 401 responses.</div><div><br></div><div>-M</div><div><br></div><div>On Tue, Oct 2, 2012 at 1:36 PM, Bruno Oliveira <<a href="mailto:bruno@abstractj.org">bruno@abstractj.org</a>> wrote:</div><blockquote type="cite"><div><div>We're not using basic authentication, but database authentication only.</div><div><br></div><div><br></div><div>--</div><div>"The measure of a man is what he does with power" - Plato</div><div>-</div><div>@abstractj</div><div>-</div><div>Volenti Nihil Difficile</div><div><br></div><div>On Tuesday, October 2, 2012 at 5:33 AM, Matthias Wessendorf wrote:</div><div><br></div><div>Hi Bruno,</div><div><br></div><div>when issuing a HTTP request against a protected resource (I am not</div><div>logged in), I am getting 401 (fine), but I don't see a</div><div>'WWW-Authenticate' header on the response. I also don't see any info</div><div>on this in the security roadmap (see [1]). Was there a special reason</div><div>to leave it out? I ask b/c usually that header is sent for basic,</div><div>digest or even oauth on the response header.</div><div><br></div><div>Thanks,</div><div>Matthias</div><div><br></div><div>[1] <a href="http://staging.aerogear.org/docs/planning/1.0.0/AeroGearSecurity/">http://staging.aerogear.org/docs/planning/1.0.0/AeroGearSecurity/</a></div><div><br></div><div><br></div><div>--</div><div>Matthias Wessendorf</div><div><br></div><div>blog: <a href="http://matthiaswessendorf.wordpress.com">http://matthiaswessendorf.wordpress.com</a>/</div><div>sessions: <a href="http://www.slideshare.net/mwessendorf">http://www.slideshare.net/mwessendorf</a></div><div>twitter: <a href="http://twitter.com/mwessendorf">http://twitter.com/mwessendorf</a></div><div>_______________________________________________</div><div>aerogear-dev mailing list</div><div><a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a></div><div><a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></div><div><br></div><div><br></div><div><br></div><div>_______________________________________________</div><div>aerogear-dev mailing list</div><div><a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a></div><div><a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></div></div></blockquote><div><br></div><div><br></div><div><br></div><div>-- </div><div>Matthias Wessendorf</div><div><br></div><div>blog: <a href="http://matthiaswessendorf.wordpress.com">http://matthiaswessendorf.wordpress.com</a>/</div><div>sessions: <a href="http://www.slideshare.net/mwessendorf">http://www.slideshare.net/mwessendorf</a></div><div>twitter: <a href="http://twitter.com/mwessendorf">http://twitter.com/mwessendorf</a></div><div>_______________________________________________</div><div>aerogear-dev mailing list</div><div><a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a></div><div><a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></div></div></div></span>
</blockquote>
<div>
<br>
</div>