/**
   * Convenience method for logging an {@link AuthenticationException}.
   *
   * <p>This method will log the following exception types at the FINE level:
   *
   * <ul>
   *   <li>{@link UsernameNotFoundException}
   *   <li>{@link BadCredentialsException}
   *   <li>{@link DisabledException}
   * </ul>
   *
   * All other exception types are logged at WARNING.
   */
  protected void log(AuthenticationException ex) {
    Level l = Level.WARNING;
    if (ex instanceof UsernameNotFoundException
        || ex instanceof BadCredentialsException
        || ex instanceof DisabledException) {
      l = Level.FINE;
    }

    LOGGER.log(l, ex.getLocalizedMessage(), ex);
  }
  @Override
  public void commence(
      HttpServletRequest request,
      HttpServletResponse response,
      AuthenticationException authException)
      throws IOException, ServletException {
    //        if( authException instanceof InsufficientAuthenticationException) {
    //           return;
    //       }
    response.addHeader("Access-Control-Allow-Origin", "null");
    response.addHeader("WWW-Authenticate", "Basic realm=\"" + getRealmName() + "\"");
    response.addHeader("Content-Type", "application/json");
    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

    PrintWriter writer = response.getWriter();

    ObjectMapper mapper = new ObjectMapper();
    ErrorInfo errorInfo =
        new ErrorInfo(HttpServletResponse.SC_UNAUTHORIZED, authException.getLocalizedMessage());
    String jsonError = mapper.writeValueAsString(errorInfo);
    writer.println(jsonError);
    LOG.info("result = " + jsonError);
  }