atlas-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ayub Pathan (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (ATLAS-1951) Regression: Any REST API request without user credentials results in 302 redirect to login.jsp. Actually, the correct response should be 401.
Date Fri, 14 Jul 2017 11:42:00 GMT

     [ https://issues.apache.org/jira/browse/ATLAS-1951?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ayub Pathan updated ATLAS-1951:
-------------------------------
    Description: 
Regression: Any REST API request to atlas without user credentials results in 302 redirect(
login.jsp), but the actual response code should be 401 unauthorized. 

This issue could have been introduced as part of new spring  changes.

For example:
{noformat}
curl -v -X GET "http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000"
* Rebuilt URL to: http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/
*   Trying 172.27.56.2...
* Connected to ctr-e133-1493418528701-181199-01-000002.hwx.site (172.27.56.2) port 21000 (#0)
> GET / HTTP/1.1
> Host: ctr-e133-1493418528701-181199-01-000002.hwx.site:21000
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Fri, 14 Jul 2017 11:16:42 GMT
< Set-Cookie: ATLASSESSIONID=1i0rxnm66dd3h17xyhvstk0vck;Path=/;HttpOnly
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< X-Frame-Options: DENY
< Location: http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/login.jsp
< Content-Length: 0
< Server: Jetty(9.2.12.v20150709)
<
* Connection #0 to host ctr-e133-1493418528701-181199-01-000002.hwx.site left intact
{noformat}


  was:
Regression: Any REST API request to atlas without user credentials results in 302 redirect(
login.jsp), but the actual response code should be 401 unauthorized. 

This issue could have been introduced as part of new spring  changes.

For example:
{noformat}
curl -v -X GET "http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000"
* Rebuilt URL to: http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/
*   Trying 172.27.56.2...
* Connected to ctr-e133-1493418528701-181199-01-000002.hwx.site (172.27.56.2) port 21000 (#0)
> GET / HTTP/1.1
> Host: ctr-e133-1493418528701-181199-01-000002.hwx.site:21000
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Fri, 14 Jul 2017 11:16:42 GMT
< Set-Cookie: ATLASSESSIONID=1i0rxnm66dd3h17xyhvstk0vck;Path=/;HttpOnly
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< X-Frame-Options: DENY
< Location: http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/login.jsp
< Content-Length: 0
< Server: Jetty(9.2.12.v20150709)
<
* Connection #0 to host ctr-e133-1493418528701-181199-01-000002.hwx.site left intact
{noformat}

CC [~skoneru]


> Regression: Any REST API request without user credentials results in 302 redirect to
login.jsp. Actually, the correct response should be 401.
> ---------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ATLAS-1951
>                 URL: https://issues.apache.org/jira/browse/ATLAS-1951
>             Project: Atlas
>          Issue Type: Bug
>          Components:  atlas-core
>    Affects Versions: 0.9-incubating
>            Reporter: Ayub Pathan
>            Priority: Critical
>             Fix For: 0.9-incubating
>
>
> Regression: Any REST API request to atlas without user credentials results in 302 redirect(
login.jsp), but the actual response code should be 401 unauthorized. 
> This issue could have been introduced as part of new spring  changes.
> For example:
> {noformat}
> curl -v -X GET "http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000"
> * Rebuilt URL to: http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/
> *   Trying 172.27.56.2...
> * Connected to ctr-e133-1493418528701-181199-01-000002.hwx.site (172.27.56.2) port 21000
(#0)
> > GET / HTTP/1.1
> > Host: ctr-e133-1493418528701-181199-01-000002.hwx.site:21000
> > User-Agent: curl/7.43.0
> > Accept: */*
> >
> < HTTP/1.1 302 Found
> < Date: Fri, 14 Jul 2017 11:16:42 GMT
> < Set-Cookie: ATLASSESSIONID=1i0rxnm66dd3h17xyhvstk0vck;Path=/;HttpOnly
> < Expires: Thu, 01 Jan 1970 00:00:00 GMT
> < X-Frame-Options: DENY
> < Location: http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/login.jsp
> < Content-Length: 0
> < Server: Jetty(9.2.12.v20150709)
> <
> * Connection #0 to host ctr-e133-1493418528701-181199-01-000002.hwx.site left intact
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message