syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: REST API authentication in 2.0.0
Date Tue, 28 Jun 2016 15:00:05 GMT
403 is typically reported when the authenticated user is forbidden (not 
in some role) to access a given resource. So might be a regression. I'm 
not 100% sure if some sites do return 403 instead of 401 though when the 
authentication fails. Possible confusion can arise given that 401 error 
message is "Unauthorized"

Cheers, Sergey
On 28/06/16 15:40, Colm O hEigeartaigh wrote:
> Hi,
>
> Just wanted to check before filing a JIRA. With the latest 2.0.0-SNAPSHOT,
> I noticed that accessing the REST API without supplying a username/password
> returns 403 as opposed to the old 401.
>
> wget http://localhost:9080/syncope/rest/users
>
> --2016-06-28 15:40:01--  http://localhost:9080/syncope/rest/users
> Resolving localhost (localhost)... 127.0.0.1
> Connecting to localhost (localhost)|127.0.0.1|:9080... connected.
> HTTP request sent, awaiting response... 403
> 2016-06-28 15:40:01 ERROR 403: (no description).
>
> Whereas with 1.2.7:
>
> wget http://localhost:9080/syncope/rest/users
> --2016-06-28 15:29:42--  http://localhost:9080/syncope/rest/users
> Resolving localhost (localhost)... 127.0.0.1
> Connecting to localhost (localhost)|127.0.0.1|:9080... connected.
> HTTP request sent, awaiting response... 401 Unauthorized
>
> Username/Password Authentication Failed.
>
> This means that if you open up a web browser and try to access say:
>
> http://localhost:9080/syncope/rest/users
>
> a pop-up windows does not appear for the user to enter the user/password.
> Was there a reason for this change or will I file a bug?
>
> Thanks,
>
> Colm.
>
>


Mime
View raw message