[jboss-jira] [JBoss JIRA] (WFWIP-328) HTTP External Security: Both unauthorized and unauthenticated HTTP requests return 403
Marek Kopecky (Jira)
issues at jboss.org
Tue Aug 11 06:52:00 EDT 2020
Marek Kopecky created WFWIP-328:
-----------------------------------
Summary: HTTP External Security: Both unauthorized and unauthenticated HTTP requests return 403
Key: WFWIP-328
URL: https://issues.redhat.com/browse/WFWIP-328
Project: WildFly WIP
Issue Type: Bug
Components: Security
Reporter: Marek Kopecky
Assignee: Ashley Abdel-Sayed
Related RFE: EAP7-1323 - HTTP External Security Not Supported by Elytron
Both unauthorized and unauthenticated HTTP requests return 403.
Unauthorized user should receive 403 HTTP response, but unauthenticated user should receive 401 HTTP code
I check it on WebSecurityExternalAuthTestCase (from wf-ts) and my new test for wrong authentication is failing (see [this commit|https://github.com/marekkopecky/wildfly/commit/959341c07e3ba5eaaf4c003697452366a740757e])
This is not a regression against legacy security
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list