X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fhttp%2FCmsAuthenticator.java;h=e15d074fe4a9435e626cf9f367dd3df2eed7ac0e;hb=0bd819f841b28c7eb869362e67cf424a9e99f862;hp=04312eca3d8abcb573c446f6be45eb434191a244;hpb=4c9ee04e491925b077cec4393a285d7600f9aa8c;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/http/CmsAuthenticator.java b/org.argeo.cms/src/org/argeo/cms/internal/http/CmsAuthenticator.java
index 04312eca3..e15d074fe 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/http/CmsAuthenticator.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/http/CmsAuthenticator.java
@@ -9,14 +9,15 @@ import org.argeo.api.cms.CmsLog;
 import org.argeo.cms.auth.CurrentUser;
 import org.argeo.cms.auth.RemoteAuthCallbackHandler;
 import org.argeo.cms.auth.SpnegoLoginModule;
+import org.argeo.util.http.HttpHeader;
 
 import com.sun.net.httpserver.Authenticator;
 import com.sun.net.httpserver.HttpExchange;
 import com.sun.net.httpserver.HttpPrincipal;
 
 public class CmsAuthenticator extends Authenticator {
-	final static String HEADER_AUTHORIZATION = "Authorization";
-	final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
+//	final static String HEADER_AUTHORIZATION = "Authorization";
+//	final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
 
 	private final static CmsLog log = CmsLog.getLog(CmsAuthenticator.class);
 
@@ -96,9 +97,10 @@ public class CmsAuthenticator extends Authenticator {
 		// response.setHeader(HttpUtils.HEADER_WWW_AUTHENTICATE, "basic
 		// realm=\"" + httpAuthRealm + "\"");
 		if (SpnegoLoginModule.hasAcceptorCredentials() && !forceBasic)// SPNEGO
-			httpExchange.getResponseHeaders().set(HEADER_WWW_AUTHENTICATE, "Negotiate");
+			httpExchange.getResponseHeaders().set(HttpHeader.WWW_AUTHENTICATE.getName(), HttpHeader.NEGOTIATE);
 		else
-			httpExchange.getResponseHeaders().set(HEADER_WWW_AUTHENTICATE, "Basic realm=\"" + httpAuthRealm + "\"");
+			httpExchange.getResponseHeaders().set(HttpHeader.WWW_AUTHENTICATE.getName(),
+					HttpHeader.BASIC + " " + HttpHeader.REALM + "=\"" + httpAuthRealm + "\"");
 
 		// response.setDateHeader("Date", System.currentTimeMillis());
 		// response.setDateHeader("Expires", System.currentTimeMillis() + (24 *