From d11cbab15ced54598506df5cd68cf2033a108c4e Mon Sep 17 00:00:00 2001 From: James Agnew Date: Thu, 25 Feb 2016 11:03:04 -0800 Subject: [PATCH] Don't add WWW-Authenticate header to response on AuthenticationException --- .../java/ca/uhn/fhir/rest/server/RestfulServer.java | 4 ---- src/changes/changes.xml | 11 +++++++++++ 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/RestfulServer.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/RestfulServer.java index 42d61e7fd2d..9cdf4f5e69e 100644 --- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/RestfulServer.java +++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/RestfulServer.java @@ -649,10 +649,6 @@ public class RestfulServer extends HttpServlet implements IRestfulServer + + The server no longer adds a + WWW-Authenticate]]> + header to the response if any resource provider code throws an + AuthenticationException]]>. This header is + used for interactive authentication, which isn't generally + appropriate for FHIR. We added code to add this header a long time + ago for testing purposes and it never got removed. Please let us + know if you need the ability to add this header automatically. Thanks + to Lars Kristian Roland for pointing this out. +