[jboss-jira] [JBoss JIRA] (ELY-1192) HTTP status 500 when no principal is returned by aggregate-principal-transformer
Ondrej Lukas (JIRA)
issues at jboss.org
Wed May 24 01:51:01 EDT 2017
[ https://issues.jboss.org/browse/ELY-1192?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ondrej Lukas updated ELY-1192:
------------------------------
Affects Version/s: 1.1.0.Beta42
> HTTP status 500 when no principal is returned by aggregate-principal-transformer
> --------------------------------------------------------------------------------
>
> Key: ELY-1192
> URL: https://issues.jboss.org/browse/ELY-1192
> Project: WildFly Elytron
> Issue Type: Bug
> Affects Versions: 1.1.0.Beta42
> Reporter: Ondrej Lukas
> Assignee: Darran Lofthouse
>
> In case security domain used by deployed application uses {{aggregate-principal-transformer}} which includes some {{principal-transformers}} and none of them returns non-null principal then HTTP status 500 with 'ELY01003: No authentication is in progress' is returned by application. It causes that authentication cannot be repeated (e.g. when user provides some typo in username). It should rather throw HTTP status 401 to allow repeating authentication process.
> This situation can happen if {{aggregate-principal-transformer}} is used as decision tree (see [1] for details) and uses only transformers which can return null principal (e.g. only chained-principal-transformers).
> [1] https://issues.jboss.org/browse/JBEAP-9628?focusedCommentId=13399462&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13399462
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list