[ https://issues.apache.org/jira/browse/RANGER-3663?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17505163#comment-17505163 ]
kirby zhou commented on RANGER-3663: ------------------------------------ Some API returns 400 instead of 401 if user-session is not available after applying this patch. Is it OK? For example: @Path("/services/grant/{serviceName}") @Produces({ "application/json", "application/xml" }) public ServiceRest::RESTResponse grantAccess() calls ServiceDBStore::createPolicy calls PolicyRefUpdater::createNewPolMappingForRefTable calls RangerBizUtils::checkAdminAccess It is used to throw exception with vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED); Now throw exception with gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST); > RangerBizUtil.checkAdminAccess() should return false if user-session is not > available > ------------------------------------------------------------------------------------- > > Key: RANGER-3663 > URL: https://issues.apache.org/jira/browse/RANGER-3663 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Abhay Kulkarni > Assignee: Abhay Kulkarni > Priority: Major > > Instead of throwing exception, RangerBizUtil.checkAdminAccess() should return > false if user-session is not available. -- This message was sent by Atlassian Jira (v8.20.1#820001)