[
https://issues.apache.org/jira/browse/FELIX-1983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger resolved FELIX-1983.
--------------------------------------
Resolution: Fixed
Rev. 898696: Redo sending the 401/UNAUTHORIZED status to just use setStatus and
then flush the response. Don't use sendError to prevent any error handlers to
kick in -- we really want the 401 status to be sent to the client.
> WebConsole HttpContext should flush response after setting response status
> --------------------------------------------------------------------------
>
> Key: FELIX-1983
> URL: https://issues.apache.org/jira/browse/FELIX-1983
> Project: Felix
> Issue Type: Bug
> Components: Web Console
> Affects Versions: webconsole-2.0.4
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: webconsole-2.0.6
>
>
> The Web Console uses its own HttpContext implementation to handle
> authentication. When authentication is missing, it sets (or currently
> sendError) the response status 401/UNAUTHENTICATED but does not flush the
> response.
> The Felix Http Base code overwrites this to 403/FORBIDDEN if the response is
> not committed.
> So to ensure, the correct status is really sent, the handleSecurity
> implementation must flush the response.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
