DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24732>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24732 HTTP 400 is send to unauthorized user instead of HTTP 403 Summary: HTTP 400 is send to unauthorized user instead of HTTP 403 Product: Struts Version: 1.1 Final Platform: All OS/Version: Other Status: NEW Severity: Normal Priority: Other Component: Controller AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] When a user has no access to an action because it is has not a required role as defined in the roles attribute of an action, an HTTP 400 is returned instead of an HTTP 403. With this behaviour is is difficult to redirect to a login page for an authorized user without the required role. See RequestProcessor.java line 890. // The current user is not authorized for this action if (log.isDebugEnabled()) { log.debug(" User '" + request.getRemoteUser() + "' does not have any required role, denying access"); } response.sendError(HttpServletResponse.SC_BAD_REQUEST, getInternal().getMessage("notAuthorized", mapping.getPath())); --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]