security: add charset to the WWW-Authenticate header

The WWW-Authenticate header can optionally specify the charset that the server uses after
decoding credentials. If this is not specified, most clients will limit the available characters to
ISO-8859-1, which causes issues for certain characters.

See RFC 7617

Closes elastic/elasticsearch#2290

Original commit: elastic/x-pack-elasticsearch@44411eebe7

elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/Exceptions.java

@@ -19,13 +19,13 @@ public class Exceptions {
 
     public static ElasticsearchSecurityException authenticationError(String msg, Throwable cause, Object... args) {
         ElasticsearchSecurityException e = new ElasticsearchSecurityException(msg, RestStatus.UNAUTHORIZED, cause, args);
-        e.addHeader("WWW-Authenticate", "Basic realm=\"" + Security.NAME + "\"");
+        e.addHeader("WWW-Authenticate", "Basic realm=\"" + Security.NAME + "\" charset=\"UTF-8\"");
         return e;
     }
 
     public static ElasticsearchSecurityException authenticationError(String msg, Object... args) {
         ElasticsearchSecurityException e = new ElasticsearchSecurityException(msg, RestStatus.UNAUTHORIZED, args);
-        e.addHeader("WWW-Authenticate", "Basic realm=\"" + Security.NAME + "\"");
+        e.addHeader("WWW-Authenticate", "Basic realm=\"" + Security.NAME + "\" charset=\"UTF-8\"");
         return e;
     }
 

elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/test/ShieldAssertions.java

@@ -21,6 +21,6 @@ public class ShieldAssertions {
         assertThat(e.status(), is(RestStatus.UNAUTHORIZED));
         assertThat(e.getHeaderKeys(), hasSize(1));
         assertThat(e.getHeader("WWW-Authenticate"), notNullValue());
-        assertThat(e.getHeader("WWW-Authenticate"), contains("Basic realm=\"" + Security.NAME + "\""));
+        assertThat(e.getHeader("WWW-Authenticate"), contains("Basic realm=\"" + Security.NAME + "\" charset=\"UTF-8\""));
     }
 }