[jboss-jira] [JBoss JIRA] (WFCORE-3251) Elytron, misconfiguration of http-authentication-factory leads to 403 - should be 500
Darran Lofthouse (JIRA)
issues at jboss.org
Wed Sep 6 07:01:04 EDT 2017
[ https://issues.jboss.org/browse/WFCORE-3251?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse moved WFLY-8463 to WFCORE-3251:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-3251 (was: WFLY-8463)
Component/s: Security
(was: Security)
> Elytron, misconfiguration of http-authentication-factory leads to 403 - should be 500
> -------------------------------------------------------------------------------------
>
> Key: WFCORE-3251
> URL: https://issues.jboss.org/browse/WFCORE-3251
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Fix For: 3.0.1.Final
>
>
> When I misconfigured {{http-authentication-factory}}, e.g. with unreal protocol "DOES_NOT_EXIST" I get http status code 403.
> I think 500 would be more appropriate here, as server is misconfigured and can't authenticate.
> 403 means user has not appropriate roles.
> In log there is
> {code}
> 10:08:06,309 TRACE [org.wildfly.security] (management task-6) java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='SPNEGO', hostName='localhost.localdomain', protocol='http'.
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list