Giving an invalid auth token to authkey results in anonymous authentication

Description

The other authentication mechanisms would raise a 401 in case of invalid credentials.
For example, this capabilities request is open, an anonymous can ask for it, but if passing invalid basic auth credentials, it results in a 401:

1 2 3 4 curl -u pippo:paperino "http://cloudsdi.geo-solutions.it/geoserver/ows?service=wms&version=1.3.0&request=GetCapabilities" -D - HTTP/1.1 401 Unauthorized Date: Tue, 30 Jan 2018 09:17:38 GMT ...

(remove the ``-u pippoaperino`` to get a valid response instead).

The authkey should behave the same, in case an attempt to login via authkey is detecting and the credentials are not valid, then a request to present valid credentials (401) should be returned, instead of falling back on the auth chain and eventually allow to proceed like anonymous.

For extra upgrade safety, a system variable might be rolled to restore the existing behavior, in case anyone is actually depending on it.

Environment

None

Status

Assignee

Mauro Bartolomeoli

Reporter

Andrea Aime

Triage

None

Fix versions

None

Affects versions

None

Components

Priority

Medium
Configure