Uploaded image for project: 'WildFly WIP'
  1. WildFly WIP
  2. WFWIP-328

HTTP External Security: Both unauthorized and unauthenticated HTTP requests return 403

    XMLWordPrintable

Details

    • Bug
    • Resolution: Not a Bug
    • Critical
    • Security
    • None

    Description

      Related RFE: EAP7-1323 - HTTP External Security Not Supported by Elytron

      Both unauthorized and unauthenticated HTTP requests return 403.

      Unauthorized user should receive 403 HTTP response, but unauthenticated user should receive 401 HTTP code

      I check it on WebSecurityExternalAuthTestCase (from wf-ts) and my new test for wrong authentication is failing (see this commit)

      This is not a regression against legacy security

      Related RFC: RFC-7235

      Attachments

        Activity

          People

            aabdelsa Ashley Abdel-Sayed (Inactive)
            mkopecky@redhat.com Marek Kopecky
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: