[jboss-jira] [JBoss JIRA] (WFLY-5416) Unhandled exceptions from custom JASPI modules should cause the HTTP status code to be set as an error (500, 400, etc)
Bartosz Spyrko-Śmietanko (JIRA)
issues at jboss.org
Fri Sep 25 19:21:01 EDT 2015
[ https://issues.jboss.org/browse/WFLY-5416?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bartosz Spyrko-Śmietanko moved UNDERTOW-540 to WFLY-5416:
---------------------------------------------------------
Project: WildFly (was: Undertow)
Key: WFLY-5416 (was: UNDERTOW-540)
Component/s: Web (Undertow)
(was: Security)
> Unhandled exceptions from custom JASPI modules should cause the HTTP status code to be set as an error (500, 400, etc)
> ----------------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-5416
> URL: https://issues.jboss.org/browse/WFLY-5416
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Reporter: Derek Horton
> Assignee: Stuart Douglas
>
> If a custom JASPI auth module throws an exception, Wildfly/Undertow (the JASPI authenticator) ignores it and returns a 200. The web page that was requested does not get displayed. A blank page and a HTTP 200 are returned.
> Should a 40x or a 500 be returned instead? Or is it the responsibility of the custom JASPI auth module to set the status correctly?
> It seems like the container would need to be careful and not overwrite a status code that the JASPI module had explicitly set.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list