[jira] [Work logged] (KNOX-2215) Token service should return a 401 or 403 response when the renewer is not white-listed

Sun, 02 Feb 2020 15:10:12 -0800 


     [ 
https://issues.apache.org/jira/browse/KNOX-2215?focusedWorklogId=380606&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-380606
 ]

ASF GitHub Bot logged work on KNOX-2215:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 02/Feb/20 23:09
            Start Date: 02/Feb/20 23:09
    Worklog Time Spent: 10m 
      Work Description: pzampino commented on issue #251: KNOX-2215 - Token 
service should return a 401 response when the renew…
URL: https://github.com/apache/knox/pull/251#issuecomment-581188149
 
 
   @risdenk, my rational for choosing 401 is the definition from 
https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html:
   
   401: "If the request already included Authorization credentials, then the 
401 response indicates that **authorization** has been refused for those 
credentials."
   
   403: "The server understood the request, but is refusing to fulfill it. 
Authorization will not help"
   
   So, in this case, the renewing/revoking user is _AUTHENTICATED_, but **NOT 
AUTHORIZED** to perform the requested operation.
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 380606)
    Time Spent: 20m  (was: 10m)

> Token service should return a 401 or 403 response when the renewer is not 
> white-listed
> --------------------------------------------------------------------------------------
>
>                 Key: KNOX-2215
>                 URL: https://issues.apache.org/jira/browse/KNOX-2215
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 1.4.0
>            Reporter: Philip Zampino
>            Assignee: Philip Zampino
>            Priority: Major
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Currently, when the Knox Token service receives a renewal or revocation 
> request from a user who is not white-listed, it responds with a HTTP 400 
> response. It should instead respond with a HTTP 401 or 403 to better reflect 
> the nature of the error.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to