Use case: After a successful CAS authentication to a web application, asynchronous REST resources are accessed by Javascript code running in the browser. If the CAS SSO session times out or is logged out (e.g. in another window), subsequent attempts to access REST resources using Javascript receive a 302 Found response with a Location header that specifies the CAS login URL. This redirect is not useful.
The CAS profile resource should support the specification of zero or more application paths that should be excluded from redirects to the CAS login form. On an unauthenticated request for access to such a path, the response would be 401 Unauthorized instead of 302 Found with a Location header.
Use case: After a successful CAS authentication to a web application, asynchronous REST resources are accessed by Javascript code running in the browser. If the CAS SSO session times out or is logged out (e.g. in another window), subsequent attempts to access REST resources using Javascript receive a 302 Found response with a Location header that specifies the CAS login URL. This redirect is not useful.
The CAS profile resource should support the specification of zero or more application paths that should be excluded from redirects to the CAS login form. On an unauthenticated request for access to such a path, the response would be 401 Unauthorized instead of 302 Found with a Location header.