I have create a servlet filter for custom authentication
<servlet-filter name="Authentication Filter" i18n-name-key="authentication-filter.name" key="authentication-filter" class="servlet.filter.AuthenticationFilter" location="after-encoding" weight="5">
I set the location and weight in such a way so that this filter executed 1st and if not authenticated, UNAuthorize response is sent from the filter and return so thatno other filters are called. But although I send 401 error, browser is getting 200 http code. My filter code was
resp.reset();
resp.addHeader(WWW_AUTHENTICATE_HEADER,
BASIC_AUTHENTICATION_CHALLENGE);
resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
reurn;
I was expecting 401 status code but I got 200 status code. Where is the response getting overriden