◐ Shell
clean mode source ↗

JASPIC ServerAuthModule and ServerAuthContext spec compliance fixes by stoty · Pull Request #375 · javaee-samples/javaee7-samples

@stoty 

This contains two sets of fixes:
- The SAMs no longer return SUCCESS with emtpy principals for mandatory
authentication
- The ServerAuthContext sets up two SAM module instances to satisfy the
spec requirement that the mandatory flag can be accessed from the
requestPolicy

The first fix is important, as currently the tests fail to return proper
http status codes for unathenticated protected resources on multiple app
servers.

The second fix is just for complying with the letter of the spec, as the
requestPolicy is not actually used in any of the current tests.