Ensure that challenge response contains body

[cwperks]

Description

Included Unauthorized in the body of the challenge response to be consistent with the behavior from 2.10 and before.

• Category

Bug fix

Issues Resolved

• [BUG] HTTP Challenge Response changed slightly in 2.11 #3803
• [BUG] Unauthorized response does not have response body only HTTP status #4214

Check List

• New functionality includes testing
• New functionality has been documented
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[cwperks]

@peternied I pushed a fix for the resource-focused tests. For each request in the test it was holding the response in memory which became larger since the response body was now populated. Instead of returning the entire request object, I changed it to only return the status code. This better isolates the resources being tested to the resources of the cluster and not of the test case.

[peternied]

@cwperks Could you look into that test failure from SecurityInterceptorTests, doesn't look related - could you create an issue for follow up?

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 66.04%. Comparing base (d87ab3f) to head (a05a28c).
Report is 10 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4233      +/-   ##
==========================================
- Coverage   66.17%   66.04%   -0.14%     
==========================================
  Files         301      301              
  Lines       21708    21709       +1     
  Branches     3506     3506              
==========================================
- Hits        14365    14337      -28     
- Misses       5580     5610      +30     
+ Partials     1763     1762       -1     

Files	Coverage Δ
...ensearch/security/http/HTTPBasicAuthenticator.java	72.72% <100.00%> (ø)

... and 5 files with indirect coverage changes

[cwperks]

@cwperks Could you look into that test failure from SecurityInterceptorTests, doesn't look related - could you create an issue for follow up?

@peternied I am seeing AddressAlreadyInUse errors:

com.amazon.dlic.auth.http.saml.HTTPSamlAuthenticatorTest > shouldUnescapeSamlEntitiesTest2 FAILED
    java.net.BindException: Address already in use

I will file an issue to see if these errors can be systematically addressed. iirc it does port randomization, but I wonder if there can be port randomization with memory to not assign previously allocated ports.

[DarshitChanpura]

@cwperks Are we only focusing on BasicAuth for this one?

[cwperks]

@cwperks Are we only focusing on BasicAuth for this one?

Yes, this was the instance where the response changed from 2.10 -> 2.11

[DarshitChanpura]

LGTM.