@slangley ,

Sorry, I clicked "Accept as Solution" by mistake, could you rollback the status of the post ? 

I tried throw AuthenticatorException, but the server just response with http code 401 and the browser's login prompt get displayed instead of user friendly error page .  

Regards,

Sean

@slangley ,

The following code is what I called in the method issueAuthenticationChallenge: 

AuthenticatorException authenticatorException =
    new AuthenticatorException(
        new InvalidRequestException(exceptionMsg, StatusCode.STATUS_UNAUTHORIZED));
authenticatorException.setAuthenticationType(AuthenticationType.AUTH_THINGWORX_FORM);

throw authenticatorException;

 I notice that the web.xml has error-page for code 401 configured,  but I have no idea why it's not captured . 

one of the possible reason would be the response has to set  " httpResponse.addHeader("WWW-Authenticate", "Basic realm=realm"); "

http://www.axlrosen.net/stuff/401.html(https://bz.apache.org/bugzilla/show_bug.cgi?id=13430)

but I found the response does has the setting ,  any more idea ? 

Regards,

Sean

Is it that you would like the failed attempt to go to the general ThingWorx login screen, the login screen for an organization, or something else?

Since you have access to the HTTP Response, have you tried redirecting to a specific URL (like the URL for the login)?

issueAuthenticationChallenge - This method is not always necessary. However, if an exception is thrown from the Authenticate method or if you set the RequiresChallenge flag to true, then the issueAuthenticationchallenge method will be called.

@thingw0rxgenie ,

I tried to call response.sendRedirect , but whatever I call it in the method authenticate or issueAuthenticationChallenge,  it doesn't work.   The final http code received by the browser is 401. 

I guess the Thingworx AuthenticationFilter still continue the filter chain instead of break(return) after calling my CustomeAuthenticator as Thingworx don't know I called sendRedirect. 

Or maybe the Thingworx checks the certain response header to know if CustomeAuthenticator call redirect ?   I tried to call response.setHeader("Location", redirectURL),  but it still doesn't work and return http code 404. (The redirectURL is another system's URL ,not thingworx )

Regards,

Sean

@thingw0rxgenie  @slangley ,

I found request.redirect() does work in the CustomAuthenticator ONLY when accessing the URL of Thingworx fundation,  if access from the Thingworx Flow URL then it always return 404 whatever redirect to a internal URL like /Thingworx/Home or external URL , while the response location has the redirect URL value. 

In my case , my customer always need to access via the URL of  Thingworx's flow ,  it would be problem.   I guess it may be  related to certain configuration of Nginx,  but have no idea how to solve it .  could you give some suggestion ? 

Regards,

Sean

@thingw0rxgenie @slangley ,

And strangely,  I created  a customized servlet filter(just implement the interface javax.servlet.Filter) and register it in tomcat's web.xml.  I called response.redirect() the the filter and it works !  I still access from the Thingworx flow's URL.  

in a summary: 

So ,  Why does the AuthenticationFilter return 404 for redirect call while the normal servlet filter won't ? 

Regards,

Sean