X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;ds=sidebyside;f=auth%2Fauth-service%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fservice%2Fapi%2FAPI_Creds.java;h=fbc1baa245c4fe93e356eaac36b31b40b0d076a4;hb=07fb3ece74a9aa1fad8e2a9fab73b4de3e36853b;hp=c8bae9f00efdd1ba837293709803e12d515dc3e1;hpb=ff1417ff60baee231a28272f9a16ef2c9c8ea0a2;p=aaf%2Fauthz.git

diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
index c8bae9f0..fbc1baa2 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
@@ -143,14 +143,16 @@ public class API_Creds {
                     AuthzTrans trans, 
                     HttpServletRequest req,
                     HttpServletResponse resp) throws Exception {
-                
+                // will be a valid Entity.  Do we need to add permission
+            	//if(trans.fish("ns","password","request")) or the like
                 Result<Date> r = context.doesCredentialMatch(trans, req, resp);
                 if (r.isOK()) {
                     resp.setStatus(HttpStatus.OK_200);
                 } else {
                     // For Security, we don't give any info out on why failed, other than forbidden
                     // Can't do "401", because that is on the call itself
-                    resp.setStatus(HttpStatus.FORBIDDEN_403);
+                	// 403 Implies you MAY NOT Ask.
+                    resp.setStatus(HttpStatus.NOT_ACCEPTABLE_406);
                 }
             }
         });  
@@ -194,7 +196,7 @@ public class API_Creds {
         authzAPI.route(POST,"/authn/cred",API.CRED_REQ,new Code(facade,"Add a New ID/Credential", true) {
             @Override
             public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {                
-            	Result<Void> r = context.createUserCred(trans, req);
+                Result<Void> r = context.createUserCred(trans, req);
                 if (r.isOK()) {
                     resp.setStatus(HttpStatus.CREATED_201);
                 } else {