[jira] [Commented] (SLING-11998) SlingPostServlet responds with wrong status code upon Oak Access error
[
https://issues.apache.org/jira/browse/SLING-11998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17764583#comment-17764583
]
Robert Munteanu commented on SLING-11998:
-
[~yumeier] - what kind of access are you trying to perform? I just tried this
with the latest SNAPSHOT version and got a 404
{noformat}$ curl --head http://localhost:8080/apps.json
HTTP/1.1 404 Not Found
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
{noformat}
BTW, you can easily try our latest snapshot version to verify a bug with
{noformat}$ docker run --rm -p 8080:8080 apache/sling:snapshot{noformat}
> SlingPostServlet responds with wrong status code upon Oak Access error
> --
>
> Key: SLING-11998
> URL: https://issues.apache.org/jira/browse/SLING-11998
> Project: Sling
> Issue Type: Bug
> Components: Engine
> Environment: Sling 12
>Reporter: Juerg Meier
>Priority: Major
>
> In Sling 12, the SlingPostServlet sends back a HTTP status 422 Invalid
> Payload if the underlying OAK persistence layer reports an access error to a
> resource.
> The correct response code is HTTP 403 Forbidden:
> ??The request contained valid data and was understood by the server, but the
> server is refusing action. This may be due to the user not having the
> necessary permissions for a resource...??
> This is exactly opposite to 422, which indicates that the payload is
> erroneous. This misleads subsequent debugging efforts. Additionally, this
> error is not logged with launcher/error.log.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (SLING-11998) SlingPostServlet responds with wrong status code upon Oak Access error
[ https://issues.apache.org/jira/browse/SLING-11998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17754507#comment-17754507 ] Juerg Meier commented on SLING-11998: - [~rombert] The version used is the offical Sling12 "LTS" download from [https://sling.apache.org/downloads.cgi,] docker image (oak tar). According to MANIFEST.MF of the org.apache.sling.feature.launcher.jar, this is Implementation-Version: 1.1.26 . > SlingPostServlet responds with wrong status code upon Oak Access error > -- > > Key: SLING-11998 > URL: https://issues.apache.org/jira/browse/SLING-11998 > Project: Sling > Issue Type: Bug > Components: Engine > Environment: Sling 12 >Reporter: Juerg Meier >Priority: Major > > In Sling 12, the SlingPostServlet sends back a HTTP status 422 Invalid > Payload if the underlying OAK persistence layer reports an access error to a > resource. > The correct response code is HTTP 403 Forbidden: > ??The request contained valid data and was understood by the server, but the > server is refusing action. This may be due to the user not having the > necessary permissions for a resource...?? > This is exactly opposite to 422, which indicates that the payload is > erroneous. This misleads subsequent debugging efforts. Additionally, this > error is not logged with launcher/error.log. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (SLING-11998) SlingPostServlet responds with wrong status code upon Oak Access error
[ https://issues.apache.org/jira/browse/SLING-11998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17752788#comment-17752788 ] Robert Munteanu commented on SLING-11998: - [~yumeier] - does this happen with the latest (13-SNAPSHOT) version of the Sling Starter? > SlingPostServlet responds with wrong status code upon Oak Access error > -- > > Key: SLING-11998 > URL: https://issues.apache.org/jira/browse/SLING-11998 > Project: Sling > Issue Type: Bug > Components: Engine > Environment: Sling 12 >Reporter: Juerg Meier >Priority: Major > > In Sling 12, the SlingPostServlet sends back a HTTP status 422 Invalid > Payload if the underlying OAK persistence layer reports an access error to a > resource. > The correct response code is HTTP 403 Forbidden: > ??The request contained valid data and was understood by the server, but the > server is refusing action. This may be due to the user not having the > necessary permissions for a resource...?? > This is exactly opposite to 422, which indicates that the payload is > erroneous. This misleads subsequent debugging efforts. Additionally, this > error is not logged with launcher/error.log. -- This message was sent by Atlassian Jira (v8.20.10#820010)
