Details
-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
1.4.0.Final, 1.4.7.Final
-
None
Description
When using JASPIC authentication and setting the principal to non-authenticated from the module for a protected resource, Wildfly/Undertow sends and emtpy 200 response instead of a 403 response.
The reason for this is that io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest expects that the module sets the error code, but the JASPIC module used does not set it.
This seems to be similar to UNDERTOW-259.