/** * Builds the challenge for authorization by setting a HTTP <code>401</code> (Unauthorized) status as well as the * response's {@link #AUTHENTICATE_HEADER AUTHENTICATE_HEADER}. * <p/> * The header value constructed is equal to: * <p/> * <code>{@link #getAuthcScheme() getAuthcScheme()} + " realm=\"" + {@link #getApplicationName() getApplicationName()} + "\"";</code> * * @param request incoming ServletRequest, ignored by this implementation * @param response outgoing ServletResponse * @return false - this sends the challenge to be sent back */ protected boolean sendChallenge(ServletRequest request, ServletResponse response) { log.debug("Authentication required: sending 401 Authentication challenge response."); HttpServletResponse httpResponse = WebUtils.toHttp(response); httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED); String authcHeader = getAuthcScheme() + " realm=\"" + getApplicationName() + "\""; httpResponse.setHeader(AUTHENTICATE_HEADER, authcHeader); return false; }