----- Messaggio originale ----- > Da: "Sergey Beryozkin" <sberyoz...@gmail.com> > A: "dev" <dev@syncope.apache.org> > Inviato: Martedì, 28 giugno 2016 17:00:05 > Oggetto: Re: REST API authentication in 2.0.0
> 403 is typically reported when the authenticated user is forbidden (not > in some role) to access a given resource. So might be a regression. I'm > not 100% sure if some sites do return 403 instead of 401 though when the > authentication fails. Possible confusion can arise given that 401 error > message is "Unauthorized" My experience is 100% with 403 for authenticated user with no permissions (e.g roles), 401 for a resource that needs an authenticated user and you are trying to use it without authentication. BR, Massi > > Cheers, Sergey > On 28/06/16 15:40, Colm O hEigeartaigh wrote: >> Hi, >> >> Just wanted to check before filing a JIRA. With the latest 2.0.0-SNAPSHOT, >> I noticed that accessing the REST API without supplying a username/password >> returns 403 as opposed to the old 401. >> >> wget http://localhost:9080/syncope/rest/users >> >> --2016-06-28 15:40:01-- http://localhost:9080/syncope/rest/users >> Resolving localhost (localhost)... 127.0.0.1 >> Connecting to localhost (localhost)|127.0.0.1|:9080... connected. >> HTTP request sent, awaiting response... 403 >> 2016-06-28 15:40:01 ERROR 403: (no description). >> >> Whereas with 1.2.7: >> >> wget http://localhost:9080/syncope/rest/users >> --2016-06-28 15:29:42-- http://localhost:9080/syncope/rest/users >> Resolving localhost (localhost)... 127.0.0.1 >> Connecting to localhost (localhost)|127.0.0.1|:9080... connected. >> HTTP request sent, awaiting response... 401 Unauthorized >> >> Username/Password Authentication Failed. >> >> This means that if you open up a web browser and try to access say: >> >> http://localhost:9080/syncope/rest/users >> >> a pop-up windows does not appear for the user to enter the user/password. >> Was there a reason for this change or will I file a bug? >> >> Thanks, >> >> Colm. >> -- Massimiliano Perrone Tel +39 393 9121310 Tirasa S.r.l. Viale D'Annunzio 267 - 65127 Pescara Tel +39 0859116307 / FAX +39 0859111173 http://www.tirasa.net "L'apprendere molte cose non insegna l'intelligenza" (Eraclito)