[jboss-jira] [JBoss JIRA] (ELY-1192) HTTP status 500 when no principal is returned by aggregate-principal-transformer
Ondrej Lukas (JIRA)
issues at jboss.org
Wed May 24 01:51:01 EDT 2017
Ondrej Lukas created ELY-1192:
---------------------------------
Summary: HTTP status 500 when no principal is returned by aggregate-principal-transformer
Key: ELY-1192
URL: https://issues.jboss.org/browse/ELY-1192
Project: WildFly Elytron
Issue Type: Bug
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
In case security domain used by deployed application uses {{aggregate-principal-transformer}} which includes some {{principal-transformers}} and none of them returns non-null principal then HTTP status 500 with 'ELY01003: No authentication is in progress' is returned by application. It causes that authentication cannot be repeated (e.g. when user provides some typo in username). It should rather throw HTTP status 401 to allow repeating authentication process.
This situation can happen if {{aggregate-principal-transformer}} is used as decision tree (see [1] for details) and uses only transformers which can return null principal (e.g. only chained-principal-transformers).
[1] https://issues.jboss.org/browse/JBEAP-9628?focusedCommentId=13399462&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13399462
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list