On Tuesday, October 2, 2012 at 8:39 AM, Matthias Wessendorf wrote:

See my other mail, but I the WWW-Authenticate is required on 401 responses.

-M

On Tue, Oct 2, 2012 at 1:36 PM, Bruno Oliveira <bruno@abstractj.org> wrote:

We're not using basic authentication, but database authentication only.

--

"The measure of a man is what he does with power" - Plato

-

@abstractj

-

Volenti Nihil Difficile

On Tuesday, October 2, 2012 at 5:33 AM, Matthias Wessendorf wrote:

Hi Bruno,

when issuing a HTTP request against a protected resource (I am not

logged in), I am getting 401 (fine), but I don't see a

'WWW-Authenticate' header on the response. I also don't see any info

on this in the security roadmap (see [1]). Was there a special reason

to leave it out? I ask b/c usually that header is sent for basic,

digest or even oauth on the response header.

Thanks,

Matthias

[1] http://staging.aerogear.org/docs/planning/1.0.0/AeroGearSecurity/

--

Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/

sessions: http://www.slideshare.net/mwessendorf

twitter: http://twitter.com/mwessendorf

_______________________________________________

aerogear-dev mailing list

aerogear-dev@lists.jboss.org

https://lists.jboss.org/mailman/listinfo/aerogear-dev

_______________________________________________

aerogear-dev mailing list

aerogear-dev@lists.jboss.org

https://lists.jboss.org/mailman/listinfo/aerogear-dev

--

Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/

sessions: http://www.slideshare.net/mwessendorf

twitter: http://twitter.com/mwessendorf

_______________________________________________

aerogear-dev mailing list

aerogear-dev@lists.jboss.org

https://lists.jboss.org/mailman/listinfo/aerogear-dev