[jboss-jira] [JBoss JIRA] (ELY-1034) Updated HTTP Authentication Mechanism Status Code Handling

Darran Lofthouse (JIRA) issues at jboss.org
Thu Mar 30 07:03:00 EDT 2017 

     [ https://issues.jboss.org/browse/ELY-1034?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse updated ELY-1034:
----------------------------------
    Description: 
Update the HTTP status code handling within HTTP authentication to cover the following scenarios: -

# If authentication is required and no mechanisms are available report status 500.
# If a mechanism fails by throwing an exception and no other mechanisms are able to challenge report status 500.
# If a mechanism fails but other mechanisms can still challenge use the challenge from the available mechanisms.
# If mechanisms were available but none authenticated and none able to challenge report status 403.

 



  was:
Some mechanisms are unable to operate correctly due to internal errors / configuration issues.

When this happens they should be able to provide a responder which sets the status code to 500.  However if other mechanisms can respond they should and the 500 be dropped.



> Updated HTTP Authentication Mechanism Status Code Handling
> ----------------------------------------------------------
>
>                 Key: ELY-1034
>                 URL: https://issues.jboss.org/browse/ELY-1034
>             Project: WildFly Elytron
>          Issue Type: Enhancement
>          Components: HTTP
>            Reporter: Darran Lofthouse
>            Assignee: Darran Lofthouse
>             Fix For: 1.1.0.Beta34
>
>
> Update the HTTP status code handling within HTTP authentication to cover the following scenarios: -
> # If authentication is required and no mechanisms are available report status 500.
> # If a mechanism fails by throwing an exception and no other mechanisms are able to challenge report status 500.
> # If a mechanism fails but other mechanisms can still challenge use the challenge from the available mechanisms.
> # If mechanisms were available but none authenticated and none able to challenge report status 403.
>  



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list