1 Reply Latest reply on Oct 5, 2016 5:45 AM by dlofthouse

    Form based authentication status code always 200 despite failure

    harish_k_s007

      We are using wildfly 10, form based authentication. Whether authentication is successful or failure,

      response status code is 200.  In case of authentication failure, should not status code be different from 200 like 401 unauthorized ?

       

      Is there way to return different status code other then 200 in case of authentication failure ?

       

      web.xml

      <login-config>

        <auth-method>FORM</auth-method>

        <realm-name>ServerAuthRealm</realm-name>

        <form-login-config>

        <form-login-page>/login.html</form-login-page>

        <form-error-page>/loginError.html</form-error-page>

        </form-login-config>

      </login-config>

       

        • 1. Re: Form based authentication status code always 200 despite failure
          dlofthouse

          This is the status code as defined within the Servlet specification, this was changed after version 2.3 of the servlet specification.

           

          The reason for this is the 401 status code is a special signal to the browser that it is being challenged to authenticate, the browser then inspects the HTTP headers to decide how it can do that - in the case of a failed FORM authentication that is not appropriate.