if (cv.validate(bp.getName(), Type.PASSWORD, bp.getCred(), null) ) {
resp.setStatus(HttpStatus.OK_200);
} else {
- resp.setStatus(HttpStatus.FORBIDDEN_403);
+ resp.setStatus(HttpStatus.UNAUTHORIZED_401);
}
}
} else {
decoded.substring(0,colon),
CredVal.Type.PASSWORD ,
decoded.substring(colon+1).getBytes(),trans)) {
-
resp.setStatus(HttpStatus.OK_200);
} else {
// DME2 at this version crashes without some sort of response
AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+ // will be a valid Entity. Do we need to add permission
+ //if(trans.fish("ns","password","request")) or the like
Result<Date> r = context.doesCredentialMatch(trans, req, resp);
if (r.isOK()) {
resp.setStatus(HttpStatus.OK_200);
} else {
// For Security, we don't give any info out on why failed, other than forbidden
// Can't do "401", because that is on the call itself
- resp.setStatus(HttpStatus.FORBIDDEN_403);
+ // 403 Implies you MAY NOT Ask.
+ resp.setStatus(HttpStatus.NOT_ACCEPTABLE_406);
}
}
});
authzAPI.route(POST,"/authn/cred",API.CRED_REQ,new Code(facade,"Add a New ID/Credential", true) {
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- Result<Void> r = context.createUserCred(trans, req);
+ Result<Void> r = context.createUserCred(trans, req);
if (r.isOK()) {
resp.setStatus(HttpStatus.CREATED_201);
} else {