honeymoose
/
hapi-fhir
mirror of https://github.com/hapifhir/hapi-fhir.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't add WWW-Authenticate header to response on AuthenticationException

This commit is contained in:
James Agnew 2016-02-25 11:03:04 -08:00
parent 1ba0ae3960
commit d11cbab15c
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/RestfulServer.java
View File

@ -649,10 +649,6 @@ public class RestfulServer extends HttpServlet implements IRestfulServer<Servlet
} }
} }
if (requestIsBrowser) {
// if request is coming from a browser, prompt the user to enter login credentials
theResponse.setHeader("WWW-Authenticate", "BASIC realm=\"FHIR\"");
}
writeExceptionToResponse(theResponse, e); writeExceptionToResponse(theResponse, e);
} catch (Throwable e) { } catch (Throwable e) {

11
src/changes/changes.xml
View File

@ -66,6 +66,17 @@
resource. This is being used as a part of the May 2016 Connectathon for resource. This is being used as a part of the May 2016 Connectathon for
a testing scenario. a testing scenario.
</action> </action>
<action type="add">
The server no longer adds a
<![CDATA[<code>WWW-Authenticate</code>]]>
header to the response if any resource provider code throws an
<![CDATA[<code>AuthenticationException</code>]]>. This header is
used for interactive authentication, which isn't generally
appropriate for FHIR. We added code to add this header a long time
ago for testing purposes and it never got removed. Please let us
know if you need the ability to add this header automatically. Thanks
to Lars Kristian Roland for pointing this out.
</action>
</release> </release>
<release version="1.4" date="2016-02-04"> <release version="1.4" date="2016-02-04">
<action type="add"> <action type="add">