[keycloak-dev] Release status

Bill Burke bburke at redhat.com
Tue Jul 21 14:03:13 EDT 2015

On 7/21/2015 1:06 PM, Stian Thorgersen wrote:
>>> Other things:
>>> -------------
>>> * KEYCLOAK-1539	Accessing secured resource should not return 200 OK when
>>> not authenticated - adapters redirect to login page even for json/xml
>>> requests. That doesn't make any sense. We should only redirect to login
>>> page if Accept header is */*, text/* or text/html.
>> We're not changing the adapters to change their response based on Accept
>> header.  That is a horrible hack solution.  See my recent comment on
>> this issue in jira.
> I don't understand why that's a hack solution? Returning a redirect to a html page for something requesting a json document just isn't right.

REST clients often don't set the Accept header.  A REST client might be 
requesting text/* or text/html within their Accept header.  I'm not sure 
you can do this based on User Agent either.  I think some client libs 
set the User Agent to mozilla, not sure though.

Bill Burke
JBoss, a division of Red Hat

More information about the keycloak-dev mailing list