From 7f4be5588233d97b332a75a82a8c9969cb8da0ec Mon Sep 17 00:00:00 2001
From: Valentin Aitken <bostko@gmail.com>
Date: Wed, 3 Aug 2016 22:56:11 +0300
Subject: [PATCH] BROOKLYN-323: Use proper WWW-Authorization header in karaf

 - Give valid WWW-Authorization header to the client.
   Previously it was just WWW-Authorization: Basic
   Where it has to be WWW-Authorization: Basic realm="something"
- LogoutApi#unAuthorize method useful for making browsers forget Basic Authentication
---
 .../main/java/org/apache/brooklyn/rest/api/LogoutApi.java  | 7 +++++++
 .../org/apache/brooklyn/rest/resources/LogoutResource.java | 7 +++++++
 .../src/main/resources/OSGI-INF/blueprint/service.xml      | 1 +
 3 files changed, 15 insertions(+)

diff --git a/rest/rest-api/src/main/java/org/apache/brooklyn/rest/api/LogoutApi.java b/rest/rest-api/src/main/java/org/apache/brooklyn/rest/api/LogoutApi.java
index ac1a345ea5..f0ca328e85 100644
--- a/rest/rest-api/src/main/java/org/apache/brooklyn/rest/api/LogoutApi.java
+++ b/rest/rest-api/src/main/java/org/apache/brooklyn/rest/api/LogoutApi.java
@@ -40,10 +40,17 @@ public interface LogoutApi {
     })
     Response logout();
 
+
+    @POST
+    @Path("/unauthorize")
+    @ApiOperation(value = "Return UNAUTHORIZED 401 response")
+    Response unAuthorize();
+
     @POST
     @Path("/{user}")
     @ApiOperation(value = "Logout and clean session if matching user logged")
     Response logoutUser(
         @ApiParam(value = "User to log out", required = true)
         @PathParam("user") final String user);
+
 }
diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/LogoutResource.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/LogoutResource.java
index d24b8d358b..e3329d2f8a 100644
--- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/LogoutResource.java
+++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/LogoutResource.java
@@ -61,6 +61,13 @@ public Response logout() {
         return Response.temporaryRedirect(dest).build();
     }
 
+    @Override
+    public Response unAuthorize() {
+        return Response.status(Status.UNAUTHORIZED)
+            .header(HttpHeaders.WWW_AUTHENTICATE, BASIC_REALM_WEBCONSOLE)
+            .build();
+    }
+
     @Override
     public Response logoutUser(String user) {
         // Will work when switching users, but will keep re-authenticating if user types in same user name.
diff --git a/rest/rest-resources/src/main/resources/OSGI-INF/blueprint/service.xml b/rest/rest-resources/src/main/resources/OSGI-INF/blueprint/service.xml
index dfc11ceae2..2cfb915f69 100644
--- a/rest/rest-resources/src/main/resources/OSGI-INF/blueprint/service.xml
+++ b/rest/rest-resources/src/main/resources/OSGI-INF/blueprint/service.xml
@@ -114,6 +114,7 @@ limitations under the License.
             <bean class="org.apache.brooklyn.rest.util.FormMapProvider"/>
             <bean class="org.apache.cxf.jaxrs.security.JAASAuthenticationFilter">
                 <property name="contextName" value="webconsole"/>
+                <property name="realmName" value="webconsole"/>
             </bean>
             <bean class="org.apache.brooklyn.rest.util.ManagementContextProvider">
                 <argument ref="localManagementContext"/>