Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.0.0.ER6
Affects Version/s: 7.0.0.DR11
Component/s: REST
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.0.0.GA

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

If RoleBased authorization fails the response returned doesn't contain a body text (only the reponse status code is set to 403).

I have following resource:

@GET
@Path("/deny")
@DenyAll
public String deny() {
  return "SHOULD NOT BE REACHED";
}

Exexuting get method on this resource returns Response with status code 403 and empty response.getEntity().

The HTTP specification for 403 code [1] says:
"... If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead."

The response should either provide and explanation for 403 code or return 404.

[1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4

is blocked by

JBEAP-3248 Upgrade Resteasy to release 3.0.16.Final

Closed

is cloned by

RESTEASY-1249 If RoleBased authorization fails the response returned doesn't contain a body text

Closed

is related to

JBEAP-1617 Response entity cannot be read with getEntity() after readEntity() is used (IllegalStateException is thrown)

Closed

Assignee:: Ronald Sigal

Reporter:: Katerina Odabasi

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2015/10/21 9:02 AM

Updated:: 2020/09/14 5:31 AM

Resolved:: 2016/01/20 9:28 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates