diff --git a/rest/rest-api/src/main/java/org/apache/brooklyn/rest/api/LogoutApi.java b/rest/rest-api/src/main/java/org/apache/brooklyn/rest/api/LogoutApi.java
index ac1a345ea5..f0ca328e85 100644
--- a/rest/rest-api/src/main/java/org/apache/brooklyn/rest/api/LogoutApi.java
+++ b/rest/rest-api/src/main/java/org/apache/brooklyn/rest/api/LogoutApi.java
@@ -40,10 +40,17 @@ public interface LogoutApi {
})
Response logout();
+
+ @POST
+ @Path("/unauthorize")
+ @ApiOperation(value = "Return UNAUTHORIZED 401 response")
+ Response unAuthorize();
+
@POST
@Path("/{user}")
@ApiOperation(value = "Logout and clean session if matching user logged")
Response logoutUser(
@ApiParam(value = "User to log out", required = true)
@PathParam("user") final String user);
+
}
diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/LogoutResource.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/LogoutResource.java
index d24b8d358b..e3329d2f8a 100644
--- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/LogoutResource.java
+++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/LogoutResource.java
@@ -61,6 +61,13 @@ public Response logout() {
return Response.temporaryRedirect(dest).build();
}
+ @Override
+ public Response unAuthorize() {
+ return Response.status(Status.UNAUTHORIZED)
+ .header(HttpHeaders.WWW_AUTHENTICATE, BASIC_REALM_WEBCONSOLE)
+ .build();
+ }
+
@Override
public Response logoutUser(String user) {
// Will work when switching users, but will keep re-authenticating if user types in same user name.
diff --git a/rest/rest-resources/src/main/resources/OSGI-INF/blueprint/service.xml b/rest/rest-resources/src/main/resources/OSGI-INF/blueprint/service.xml
index dfc11ceae2..2cfb915f69 100644
--- a/rest/rest-resources/src/main/resources/OSGI-INF/blueprint/service.xml
+++ b/rest/rest-resources/src/main/resources/OSGI-INF/blueprint/service.xml
@@ -114,6 +114,7 @@ limitations under the License.
+