In Restlet 2.3 I am using a ChallengeAuthenticator
with ChallengeScheme.HTTP_BASIC
to protect application resources. When the server receives an incorrect set of credentials the server correctly returns a 401 Unauthorized
response. Also correctly it adds the following header:
WWW-Authenticate → Basic realm="My security Realm"
The problem is when that response goes back to a browser rather than a server (as is the case with the AngularJS application GUI), the browser natively interprets that 401
response and launches an 'Authentication Required' modal.
What I would like to try and achieve is to read the request headers (easily done) and if the X-Requested-With: XMLHttpRequest
header is present I would like to suppress the WWW-Authenticate
header in the '401' response.
Currently the WWW-Authenticate
header is automatically set so my question is how can I override this default header being set and handle it manually?