From 07fb3ece74a9aa1fad8e2a9fab73b4de3e36853b Mon Sep 17 00:00:00 2001
From: Instrumental <jonathan.gathman@att.com>
Date: Mon, 16 Sep 2019 09:22:24 -0500
Subject: Improved multi Proxy DNSLocator based

Issue-ID: AAF-961
Change-Id: I21d4a8013ca6f65306e32c5a2e2fa4ba230df2b7
Signed-off-by: Instrumental <jonathan.gathman@att.com>
---
 .../src/main/java/org/onap/aaf/auth/service/api/API_Creds.java      | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'auth/auth-service')

diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
index f7c38681..fbc1baa2 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
@@ -143,14 +143,16 @@ public class API_Creds {
                     AuthzTrans trans, 
                     HttpServletRequest req,
                     HttpServletResponse resp) throws Exception {
-                
+                // will be a valid Entity.  Do we need to add permission
+            	//if(trans.fish("ns","password","request")) or the like
                 Result<Date> r = context.doesCredentialMatch(trans, req, resp);
                 if (r.isOK()) {
                     resp.setStatus(HttpStatus.OK_200);
                 } else {
                     // For Security, we don't give any info out on why failed, other than forbidden
                     // Can't do "401", because that is on the call itself
-                    resp.setStatus(HttpStatus.FORBIDDEN_403);
+                	// 403 Implies you MAY NOT Ask.
+                    resp.setStatus(HttpStatus.NOT_ACCEPTABLE_406);
                 }
             }
         });  
-- 
cgit 1.2.3-korg