atlas-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nixon Rodrigues (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (ATLAS-1951) Regression: Any REST API request without user credentials results in 302 redirect to login.jsp. Actually, the correct response should be 401.
Date Wed, 26 Jul 2017 14:20:00 GMT

     [ https://issues.apache.org/jira/browse/ATLAS-1951?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Nixon Rodrigues updated ATLAS-1951:
-----------------------------------
    Attachment: ATLAS-1951.patch

[~apoorvnaik],

Can you please review and test this fix.
>From my end i have tested it on browser / chrome rest client and curl client.




> Regression: Any REST API request without user credentials results in 302 redirect to
login.jsp. Actually, the correct response should be 401.
> ---------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ATLAS-1951
>                 URL: https://issues.apache.org/jira/browse/ATLAS-1951
>             Project: Atlas
>          Issue Type: Bug
>          Components:  atlas-core
>    Affects Versions: 0.9-incubating
>            Reporter: Ayub Pathan
>            Priority: Critical
>             Fix For: 0.9-incubating
>
>         Attachments: ATLAS-1951.patch
>
>
> Regression: Any REST API request to atlas without user credentials results in 302 redirect(
login.jsp), but the actual response code should be 401 unauthorized. 
> This issue could have been introduced as part of new spring  changes.
> For example:
> {noformat}
> curl -v -X GET "http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000"
> * Rebuilt URL to: http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/
> *   Trying 172.27.56.2...
> * Connected to ctr-e133-1493418528701-181199-01-000002.hwx.site (172.27.56.2) port 21000
(#0)
> > GET / HTTP/1.1
> > Host: ctr-e133-1493418528701-181199-01-000002.hwx.site:21000
> > User-Agent: curl/7.43.0
> > Accept: */*
> >
> < HTTP/1.1 302 Found
> < Date: Fri, 14 Jul 2017 11:16:42 GMT
> < Set-Cookie: ATLASSESSIONID=1i0rxnm66dd3h17xyhvstk0vck;Path=/;HttpOnly
> < Expires: Thu, 01 Jan 1970 00:00:00 GMT
> < X-Frame-Options: DENY
> < Location: http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/login.jsp
> < Content-Length: 0
> < Server: Jetty(9.2.12.v20150709)
> <
> * Connection #0 to host ctr-e133-1493418528701-181199-01-000002.hwx.site left intact
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message