[keycloak-dev] Release status
bburke at redhat.com
Tue Jul 21 14:03:13 EDT 2015
On 7/21/2015 1:06 PM, Stian Thorgersen wrote:
>>> Other things:
>>> * KEYCLOAK-1539 Accessing secured resource should not return 200 OK when
>>> not authenticated - adapters redirect to login page even for json/xml
>>> requests. That doesn't make any sense. We should only redirect to login
>>> page if Accept header is */*, text/* or text/html.
>> We're not changing the adapters to change their response based on Accept
>> header. That is a horrible hack solution. See my recent comment on
>> this issue in jira.
> I don't understand why that's a hack solution? Returning a redirect to a html page for something requesting a json document just isn't right.
REST clients often don't set the Accept header. A REST client might be
requesting text/* or text/html within their Accept header. I'm not sure
you can do this based on User Agent either. I think some client libs
set the User Agent to mozilla, not sure though.
JBoss, a division of Red Hat
More information about the keycloak-dev