From 0ad4a26ab6b78b8bb3123faed6fcfaff807f49f3 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Tue, 1 Oct 2019 12:36:49 +0300
Subject: Basic authentication endpoints must provide realm

---
 src/main/java/com/juick/server/configuration/SecurityConfig.java | 5 ++++-
 src/test/java/com/juick/server/tests/ServerTests.java            | 3 ++-
 2 files changed, 6 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/main/java/com/juick/server/configuration/SecurityConfig.java b/src/main/java/com/juick/server/configuration/SecurityConfig.java
index 30632a07..c5fe4fbb 100644
--- a/src/main/java/com/juick/server/configuration/SecurityConfig.java
+++ b/src/main/java/com/juick/server/configuration/SecurityConfig.java
@@ -41,6 +41,7 @@ import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.HttpStatusEntryPoint;
 import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
+import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.web.cors.CorsConfiguration;
@@ -141,7 +142,9 @@ public class SecurityConfig {
 
         @Bean
         public AuthenticationEntryPoint juickAuthenticationEntryPoint() {
-            return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
+            var entryPoint = new BasicAuthenticationEntryPoint();
+            entryPoint.setRealmName("Juick");
+            return entryPoint;
         }
 
         @Override
diff --git a/src/test/java/com/juick/server/tests/ServerTests.java b/src/test/java/com/juick/server/tests/ServerTests.java
index e5d39743..51be7092 100644
--- a/src/test/java/com/juick/server/tests/ServerTests.java
+++ b/src/test/java/com/juick/server/tests/ServerTests.java
@@ -479,7 +479,8 @@ public class ServerTests {
                 .andExpect(status().isMovedPermanently());
 
         mockMvc.perform(get("/api/auth"))
-                .andExpect(status().isUnauthorized());
+                .andExpect(status().isUnauthorized())
+        .andExpect(header().exists("WwW-Authenticate"));
 
         mockMvc.perform(get("/api/home"))
                 .andExpect(status().isUnauthorized());
-- 
cgit v1.2.3