[ https://issues.apache.org/jira/browse/FELIX-1983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger resolved FELIX-1983. -------------------------------------- Resolution: Fixed Rev. 898696: Redo sending the 401/UNAUTHORIZED status to just use setStatus and then flush the response. Don't use sendError to prevent any error handlers to kick in -- we really want the 401 status to be sent to the client. > WebConsole HttpContext should flush response after setting response status > -------------------------------------------------------------------------- > > Key: FELIX-1983 > URL: https://issues.apache.org/jira/browse/FELIX-1983 > Project: Felix > Issue Type: Bug > Components: Web Console > Affects Versions: webconsole-2.0.4 > Reporter: Felix Meschberger > Assignee: Felix Meschberger > Fix For: webconsole-2.0.6 > > > The Web Console uses its own HttpContext implementation to handle > authentication. When authentication is missing, it sets (or currently > sendError) the response status 401/UNAUTHENTICATED but does not flush the > response. > The Felix Http Base code overwrites this to 403/FORBIDDEN if the response is > not committed. > So to ensure, the correct status is really sent, the handleSecurity > implementation must flush the response. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.