related to #35 .
the login-fail-handler is good for REST as well, since if no "redirect-uri" is defined, the parent class (SimpleUrlAuthenticationFailureHandler) does not redirect, but sends 401 instead.
However, if account is locked, i have a special treatment here, that DOES redirect. and this is a bug . So there is a need in a flag that indicates whether this is REST call, and if it is, when account is locked, instead of redirection it will return 423 (LOCKED).
related to #35 . the login-fail-handler is good for REST as well, since if no "redirect-uri" is defined, the parent class (SimpleUrlAuthenticationFailureHandler) does not redirect, but sends 401 instead. However, if account is locked, i have a special treatment here, that DOES redirect. and this is a bug . So there is a need in a flag that indicates whether this is REST call, and if it is, when account is locked, instead of redirection it will return 423 (LOCKED).