Hi,
so it seems my memory isn't that good, after all :-)
I could not find any valid reason supporting the status quo - most
likely some errors during the code migration and refactoring from 1_2_X
to master.
Anyway, I am working right now on SYNCOPE-883, fix should be available
soon, implementing the general policy of returning:
* 403 for authenticated users not allowed to invoke a given REST endpoint
* 401 for anonymous users attempting to access a given REST endpoint
which requires authentication
Regards.
On 29/06/2016 08:12, Francesco Chicchiriccò wrote:
Hi Colm,
I remember there was some good reason supporting this change (possibly as part
of one of initial 2.0.0 issues): I'll investigate tomorrow and report.
Regards.
On 28 June 2016 16:40:49 CEST, Colm O hEigeartaigh <cohei...@apache.org> wrote:
Hi,
Just wanted to check before filing a JIRA. With the latest
2.0.0-SNAPSHOT,
I noticed that accessing the REST API without supplying a
username/password
returns 403 as opposed to the old 401.
wget http://localhost:9080/syncope/rest/users
--2016-06-28 15:40:01-- http://localhost:9080/syncope/rest/users
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:9080... connected.
HTTP request sent, awaiting response... 403
2016-06-28 15:40:01 ERROR 403: (no description).
Whereas with 1.2.7:
wget http://localhost:9080/syncope/rest/users
--2016-06-28 15:29:42-- http://localhost:9080/syncope/rest/users
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:9080... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Username/Password Authentication Failed.
This means that if you open up a web browser and try to access say:
http://localhost:9080/syncope/rest/users
a pop-up windows does not appear for the user to enter the
user/password.
Was there a reason for this change or will I file a bug?
Thanks,
Colm.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC,
CXF Committer, OpenJPA Committer, PonyMail PPMC
http://home.apache.org/~ilgrosso/