/auth/login endpoint responds html on invalid credentials

[Arrvi]

When login is successful /auth/login respects Accept header (for xml and json). On failure (invalid credentials) server returns 403 html error page. This kind of API should never return HTML pages - errors should also have object representations.

Success:

> POST /TrpServer/rest/auth/login HTTP/1.1
> Host: transkribus.eu
> User-Agent: curl/7.47.0
> Accept: application/json
> Content-Length: 42
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 42 out of 42 bytes
< HTTP/1.1 200 OK
< Date: Wed, 22 Aug 2018 07:38:09 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/4.5.14 Python/3.4
* Added cookie JSESSIONID="CD8A1A141AEB509C8ADA5E92D7AF4A75" for domain transkribus.eu, path /TrpServer/, expire 0
< Set-Cookie: JSESSIONID=CD8A1A141AEB509C8ADA5E92D7AF4A75; Domain=transkribus.eu; Path=/TrpServer/; Secure; HttpOnly
< Content-Type: application/json;charset=utf-8
< Content-Length: 389
< Access-Control-Allow-Origin: https://kws.transkribus.eu
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Headers: Content-Type
< P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
< 
* Connection #0 to host transkribus.eu left intact
{"type":"trpUserLogin","userId":20137,"userName":"[email protected]","email":"[email protected]","affiliation":"None","firstname":"Kristian","lastname":"Kann","gender":"Male","isActive":1,"isAdmin":false,"created":"2018-08-22T09:07:18+02:00","loginTime":"2018-08-22T09:38:09.837+02:00","sessionId":"CD8A1A141AEB509C8ADA5E92D7AF4A75","userAgent":"curl/7.47.0","ip":"46.134.114.238"}

Failure:

> POST /TrpServer/rest/auth/login HTTP/1.1
> Host: transkribus.eu
> User-Agent: curl/7.47.0
> Accept: application/json
> Content-Length: 47
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 47 out of 47 bytes
< HTTP/1.1 403 Forbidden
< Date: Wed, 22 Aug 2018 07:38:00 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/4.5.14 Python/3.4
* Added cookie JSESSIONID="89217F7405EFC1D17B363A01AF769A8E" for domain transkribus.eu, path /TrpServer/, expire 0
< Set-Cookie: JSESSIONID=89217F7405EFC1D17B363A01AF769A8E; Domain=transkribus.eu; Path=/TrpServer/; Secure; HttpOnly
< Content-Type: text/html;charset=utf-8
< Content-Language: en
< Content-Length: 979
< Access-Control-Allow-Origin: https://kws.transkribus.eu
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Headers: Content-Type
< P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
< 
* Connection #0 to host transkribus.eu left intact
<html><head><title>Apache Tomcat/7.0.52 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 403 - Forbidden</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Forbidden</u></p><p><b>description</b> <u>Access to the specified resource has been forbidden.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.52</h3></body></html>```