Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-5416

Unhandled exceptions from custom JASPI modules should cause the HTTP status code to be set as an error (500, 400, etc)

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 10.0.0.CR4
    • None
    • Web (Undertow)
    • None

    Description

      If a custom JASPI auth module throws an exception, Wildfly/Undertow (the JASPI authenticator) ignores it and returns a 200. The web page that was requested does not get displayed. A blank page and a HTTP 200 are returned.

      Should a 40x or a 500 be returned instead? Or is it the responsibility of the custom JASPI auth module to set the status correctly?

      It seems like the container would need to be careful and not overwrite a status code that the JASPI module had explicitly set.

      Attachments

        Activity

          People

            sdouglas1@redhat.com Stuart Douglas
            rhn-support-dehort Derek Horton
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: