InvalidOAuthParametersException should return 401 error code

[kyrielia]

At the moment I'm using an implementation of a ConsumerDetailsService to look up consumer keys. If a consumer key has not been found, then I want to throw a InvalidOAuthParametersException and for the server to respond with a 401 Unauthorized exception.

However in the OAuthProcessingFilterEntryPoint, if an InvalidOAuthParametersException is thrown this is mapped to a 400 Bad Request response:

public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
      if (authException instanceof InvalidOAuthParametersException) {
          response.sendError(400, authException.getMessage());
      }
          .
          .
          .
}

According to the HTTP specification, a 400 response should be used when:

A request could not be understood by the server due to malformed syntax.

And a 401 response should be used when:

authorization has been refused for those credentials.

This filter should be updated to use a 401 response.