in src/main/java/org/apache/sling/auth/core/AuthUtil.java [674:697]
public static void sendInvalid(
final javax.servlet.http.HttpServletRequest request,
final javax.servlet.http.HttpServletResponse response) {
checkAndReset(response);
try {
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
Object reason = request.getAttribute(JakartaAuthenticationHandler.FAILURE_REASON);
Object reasonCode = request.getAttribute(JakartaAuthenticationHandler.FAILURE_REASON_CODE);
if (reason != null) {
response.setHeader(AuthConstants.X_REASON, reason.toString());
if (reasonCode != null) {
response.setHeader(AuthConstants.X_REASON_CODE, reasonCode.toString());
}
response.setContentType("text/plain");
response.setCharacterEncoding("UTF-8");
response.getWriter().println(reason);
}
response.flushBuffer();
} catch (IOException ioe) {
getLog().error("Failed to send 403/Forbidden response", ioe);
}
}