Currently, if a secured URI is accessed a short message is displayed in the HTTP response with the URI to the authentication endpoint. Instead, the required behaviour is that the security middleware should automatically redirect the client to the authentication endpoint. The latter is a login form. This page itself should give a HTTP 401 Unauthorized response. This will enable non-browser based clients to trap the fact that an authentication step is needed.
Currently, if a secured URI is accessed a short message is displayed in the HTTP response with the URI to the authentication endpoint. Instead, the required behaviour is that the security middleware should automatically redirect the client to the authentication endpoint. The latter is a login form. This page itself should give a HTTP 401 Unauthorized response. This will enable non-browser based clients to trap the fact that an authentication step is needed.