[jira] [Commented] (SOLR-17247) 'WWW-Authenticate' headers missing in MultiAuthPlugin

Sun, 02 Jun 2024 21:15:10 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-17247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17851509#comment-17851509
 ] 

ASF subversion and git services commented on SOLR-17247:
--------------------------------------------------------

Commit 14a219542bdc709bcc85b9eba2cc748caeb4ea64 in solr's branch 
refs/heads/jira/17134 from Lamine
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=14a219542bd ]

SOLR-17247: Fix bug - 'WWW-Authenticate' headers missing in MultiAuthPlugin 
(#2416)

Co-authored-by: Lamine Idjeraoui <lidjera...@apple.com>
Co-authored-by: Eric Pugh <ep...@opensourceconnections.com>

> 'WWW-Authenticate' headers missing in MultiAuthPlugin
> -----------------------------------------------------
>
>                 Key: SOLR-17247
>                 URL: https://issues.apache.org/jira/browse/SOLR-17247
>             Project: Solr
>          Issue Type: Bug
>          Components: Authentication
>            Reporter: Lamine
>            Assignee: Eric Pugh
>            Priority: Minor
>             Fix For: 9.7
>
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> MultiAuthPlugin does not return WWW-Authenticate' headers
> When returning a 401 response a Web application needs to indicate to the 
> client what authentication challenges it supports, otherwise an exception 
> like "{_}HTTP protocol violation: Authentication challenge without 
> WWW-Authenticate header{_}“ is raised.
> Solr’s MultiAuthPlugin does not supports this.  Solr should return the list 
> of supported schemes (challenges).
>  
> According to HTTP [RFC 
> 7235|https://datatracker.ietf.org/doc/html/rfc7235#section-3.1]:
> _The 401 (Unauthorized) status code indicates that the request has not_
> _been applied because it lacks valid authentication credentials for_
> _the target resource. The server generating a 401 response *MUST* send_
> _a WWW-Authenticate header field ([Section 
> 4.1|https://datatracker.ietf.org/doc/html/rfc7235#section-4.1]) containing at 
> least one_
> _challenge applicable to the target resource._



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to