Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id EBF39200CC8 for ; Fri, 14 Jul 2017 13:42:06 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id EA71916B9F7; Fri, 14 Jul 2017 11:42:06 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 3C4E416B9F5 for ; Fri, 14 Jul 2017 13:42:06 +0200 (CEST) Received: (qmail 25700 invoked by uid 500); 14 Jul 2017 11:42:05 -0000 Mailing-List: contact dev-help@atlas.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@atlas.apache.org Delivered-To: mailing list dev@atlas.apache.org Received: (qmail 25689 invoked by uid 99); 14 Jul 2017 11:42:05 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Jul 2017 11:42:05 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id E398D180706 for ; Fri, 14 Jul 2017 11:42:04 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -97.888 X-Spam-Level: X-Spam-Status: No, score=-97.888 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URI_HEX=1.313, USER_IN_WHITELIST=-100, WEIRD_PORT=0.001] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id QZ3YIkdxuVd3 for ; Fri, 14 Jul 2017 11:42:03 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 6FEC65F238 for ; Fri, 14 Jul 2017 11:42:03 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 83847E0031 for ; Fri, 14 Jul 2017 11:42:02 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id E2BEF24736 for ; Fri, 14 Jul 2017 11:42:00 +0000 (UTC) Date: Fri, 14 Jul 2017 11:42:00 +0000 (UTC) From: "Ayub Pathan (JIRA)" To: dev@atlas.incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (ATLAS-1951) Regression: Any REST API request without user credentials results in 302 redirect to login.jsp. Actually, the correct response should be 401. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Fri, 14 Jul 2017 11:42:07 -0000 [ https://issues.apache.org/jira/browse/ATLAS-1951?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ayub Pathan updated ATLAS-1951: ------------------------------- Description: Regression: Any REST API request to atlas without user credentials results in 302 redirect( login.jsp), but the actual response code should be 401 unauthorized. This issue could have been introduced as part of new spring changes. For example: {noformat} curl -v -X GET "http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000" * Rebuilt URL to: http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/ * Trying 172.27.56.2... * Connected to ctr-e133-1493418528701-181199-01-000002.hwx.site (172.27.56.2) port 21000 (#0) > GET / HTTP/1.1 > Host: ctr-e133-1493418528701-181199-01-000002.hwx.site:21000 > User-Agent: curl/7.43.0 > Accept: */* > < HTTP/1.1 302 Found < Date: Fri, 14 Jul 2017 11:16:42 GMT < Set-Cookie: ATLASSESSIONID=1i0rxnm66dd3h17xyhvstk0vck;Path=/;HttpOnly < Expires: Thu, 01 Jan 1970 00:00:00 GMT < X-Frame-Options: DENY < Location: http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/login.jsp < Content-Length: 0 < Server: Jetty(9.2.12.v20150709) < * Connection #0 to host ctr-e133-1493418528701-181199-01-000002.hwx.site left intact {noformat} was: Regression: Any REST API request to atlas without user credentials results in 302 redirect( login.jsp), but the actual response code should be 401 unauthorized. This issue could have been introduced as part of new spring changes. For example: {noformat} curl -v -X GET "http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000" * Rebuilt URL to: http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/ * Trying 172.27.56.2... * Connected to ctr-e133-1493418528701-181199-01-000002.hwx.site (172.27.56.2) port 21000 (#0) > GET / HTTP/1.1 > Host: ctr-e133-1493418528701-181199-01-000002.hwx.site:21000 > User-Agent: curl/7.43.0 > Accept: */* > < HTTP/1.1 302 Found < Date: Fri, 14 Jul 2017 11:16:42 GMT < Set-Cookie: ATLASSESSIONID=1i0rxnm66dd3h17xyhvstk0vck;Path=/;HttpOnly < Expires: Thu, 01 Jan 1970 00:00:00 GMT < X-Frame-Options: DENY < Location: http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/login.jsp < Content-Length: 0 < Server: Jetty(9.2.12.v20150709) < * Connection #0 to host ctr-e133-1493418528701-181199-01-000002.hwx.site left intact {noformat} CC [~skoneru] > Regression: Any REST API request without user credentials results in 302 redirect to login.jsp. Actually, the correct response should be 401. > --------------------------------------------------------------------------------------------------------------------------------------------- > > Key: ATLAS-1951 > URL: https://issues.apache.org/jira/browse/ATLAS-1951 > Project: Atlas > Issue Type: Bug > Components: atlas-core > Affects Versions: 0.9-incubating > Reporter: Ayub Pathan > Priority: Critical > Fix For: 0.9-incubating > > > Regression: Any REST API request to atlas without user credentials results in 302 redirect( login.jsp), but the actual response code should be 401 unauthorized. > This issue could have been introduced as part of new spring changes. > For example: > {noformat} > curl -v -X GET "http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000" > * Rebuilt URL to: http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/ > * Trying 172.27.56.2... > * Connected to ctr-e133-1493418528701-181199-01-000002.hwx.site (172.27.56.2) port 21000 (#0) > > GET / HTTP/1.1 > > Host: ctr-e133-1493418528701-181199-01-000002.hwx.site:21000 > > User-Agent: curl/7.43.0 > > Accept: */* > > > < HTTP/1.1 302 Found > < Date: Fri, 14 Jul 2017 11:16:42 GMT > < Set-Cookie: ATLASSESSIONID=1i0rxnm66dd3h17xyhvstk0vck;Path=/;HttpOnly > < Expires: Thu, 01 Jan 1970 00:00:00 GMT > < X-Frame-Options: DENY > < Location: http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/login.jsp > < Content-Length: 0 > < Server: Jetty(9.2.12.v20150709) > < > * Connection #0 to host ctr-e133-1493418528701-181199-01-000002.hwx.site left intact > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029)