Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-5416

Unhandled exceptions from custom JASPI modules should cause the HTTP status code to be set as an error (500, 400, etc)

    Details

      Description

      If a custom JASPI auth module throws an exception, Wildfly/Undertow (the JASPI authenticator) ignores it and returns a 200. The web page that was requested does not get displayed. A blank page and a HTTP 200 are returned.

      Should a 40x or a 500 be returned instead? Or is it the responsibility of the custom JASPI auth module to set the status correctly?

      It seems like the container would need to be careful and not overwrite a status code that the JASPI module had explicitly set.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                swd847 Stuart Douglas
                Reporter:
                dehort Derek Horton
              • Votes:
                1 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: