fix for OvationException instead of UserAuthenticationException for l…

…ogin failure and returning AUTHENTICATE challenge response for all auth failures (instead of FORBIDDEN)
lukehan · Feb 6, 2012 · 7d61c23 · 7d61c23
1 parent 402091e
commit 7d61c23
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/src/ovation/odata/service/JerseyAuthenticator.java b/src/ovation/odata/service/JerseyAuthenticator.java
@@ -94,10 +94,13 @@ public Result authenticate(HttpExchange xchng) {
 							return new Authenticator.Success(new HttpPrincipal(userName, "ovodata"));
 						}
 					} catch (UserAuthenticationException uax) {
-						_log.warn("failed to authenticate '" + userName + "'");
+					} catch (OvationException ox) {
+						// FIXME - special-case for change in auth failure in DataContext.authenticateUser()
+						if ("Incorrect password".equals(ox.getMessage()) == false) {
+							throw ox;
+						}
 					}
 					_log.info("failed to authenticate user '" + userName + "'");
-					return new Authenticator.Failure(Response.Status.FORBIDDEN.getStatusCode());
 				} catch (IllegalArgumentException iax) {
 					_log.error(iax.toString());
 				}