[
https://issues.redhat.com/browse/WFWIP-328?page=com.atlassian.jira.plugin...
]
Marek Kopecky commented on WFWIP-328:
-------------------------------------
bq. client can not be informed of an action to correct this.
Hmm, wouldn't be the correct action this? - "Use proper authentication data
(correct username and password)"
HTTP External Security: Both unauthorized and unauthenticated HTTP
requests return 403
--------------------------------------------------------------------------------------
Key: WFWIP-328
URL:
https://issues.redhat.com/browse/WFWIP-328
Project: WildFly WIP
Issue Type: Bug
Components: Security
Reporter: Marek Kopecky
Assignee: Ashley Abdel-Sayed
Priority: Critical
Related RFE: EAP7-1323 - HTTP External Security Not Supported by Elytron
Both unauthorized and unauthenticated HTTP requests return 403.
Unauthorized user should receive 403 HTTP response, but unauthenticated user should
receive 401 HTTP code
I check it on WebSecurityExternalAuthTestCase (from wf-ts) and my new test for wrong
authentication is failing (see [this
commit|https://github.com/marekkopecky/wildfly/commit/959341c07e3ba5eaaf4...])
This is not a regression against legacy security
--
This message was sent by Atlassian Jira
(v7.13.8#713008)