public void handleComplete(HttpServerExchange exchange, HttpCompletionHandler completionHandler) { NegotiationContext negContext = exchange.getAttachment(NegotiationContext.ATTACHMENT_KEY); boolean authAdded = false; if (negContext != null) { byte[] responseChallenge = negContext.useResponseToken(); exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, null); if (responseChallenge != null) { HeaderMap headers = exchange.getResponseHeaders(); headers.add( WWW_AUTHENTICATE, NEGOTIATE_PREFIX + FlexBase64.encodeString(responseChallenge, false)); authAdded = true; } } if (Util.shouldChallenge(exchange)) { if (!authAdded) { exchange.getResponseHeaders().add(WWW_AUTHENTICATE, NEGOTIATE.toString()); } // We only set this is actually challenging the client, the previously set header may have // been a FYI for the // client. exchange.setResponseCode(CODE_401.getCode()); } completionHandler.handleComplete(); }