X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FRemoteAuthUtils.java;h=3c436ba1fc40edd772e161d65ea1c70bc5f39cea;hb=b62b143dd3589245f088fb260d6d14edf7a87867;hp=e79032c4c38f0603d1d71d323b038254f2fba104;hpb=b8f50d6d8e7b9c9215d156ba33f9dedfcee913a7;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java
index e79032c4c..3c436ba1f 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/RemoteAuthUtils.java
@@ -12,10 +12,10 @@ import javax.security.auth.login.LoginException;
 import org.argeo.api.cms.CmsAuth;
 import org.argeo.api.cms.CmsLog;
 import org.argeo.api.cms.CmsSession;
+import org.argeo.cms.http.HttpHeader;
+import org.argeo.cms.http.HttpStatus;
 import org.argeo.cms.internal.runtime.CmsContextImpl;
-import org.argeo.util.CurrentSubject;
-import org.argeo.util.http.HttpHeader;
-import org.argeo.util.http.HttpResponseStatus;
+import org.argeo.cms.util.CurrentSubject;
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.GSSManager;
@@ -155,17 +155,21 @@ public class RemoteAuthUtils {
 					.startsWith(HttpHeader.NEGOTIATE)) {
 				negotiateFailed = true;
 			} else {
-				return HttpResponseStatus.FORBIDDEN.getCode();
+				return HttpStatus.FORBIDDEN.getCode();
 			}
 		}
 
 		// response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic
 		// realm=\"" + httpAuthRealm + "\"");
-		if (hasAcceptorCredentials() && !forceBasic && !negotiateFailed)// SPNEGO
-			remoteAuthResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.NEGOTIATE);
-		else
+		if (hasAcceptorCredentials() && !forceBasic && !negotiateFailed) {// SPNEGO
+			remoteAuthResponse.addHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(), HttpHeader.NEGOTIATE);
+			// TODO make it configurable ?
+			remoteAuthResponse.addHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(),
+					HttpHeader.BASIC + " " + HttpHeader.REALM + "=\"" + realm + "\"");
+		} else {
 			remoteAuthResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.getHeaderName(),
 					HttpHeader.BASIC + " " + HttpHeader.REALM + "=\"" + realm + "\"");
+		}
 
 		// response.setDateHeader("Date", System.currentTimeMillis());
 		// response.setDateHeader("Expires", System.currentTimeMillis() + (24 *
@@ -175,7 +179,7 @@ public class RemoteAuthUtils {
 		// response.setHeader("Keep-Alive", "timeout=5, max=97");
 		// response.setContentType("text/html; charset=UTF-8");
 
-		return HttpResponseStatus.UNAUTHORIZED.getCode();
+		return HttpStatus.UNAUTHORIZED.getCode();
 	}
 
 	private static boolean hasAcceptorCredentials() {