On 7/21/2015 1:06 PM, Stian Thorgersen wrote:
>
>> Other things:
>> -------------
>> * KEYCLOAK-1539 Accessing secured resource should not return 200 OK when
>> not authenticated - adapters redirect to login page even for json/xml
>> requests. That doesn't make any sense. We should only redirect to login
>> page if Accept header is */*, text/* or text/html.
>
> We're not changing the adapters to change their response based on Accept
> header. That is a horrible hack solution. See my recent comment on
> this issue in jira.
I don't understand why that's a hack solution? Returning a redirect to a html
page for something requesting a json document just isn't right.
REST clients often don't set the Accept header. A REST client might be
requesting text/* or text/html within their Accept header. I'm not sure
you can do this based on User Agent either. I think some client libs
set the User Agent to mozilla, not sure though.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com