syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Chicchiriccò <ilgro...@apache.org>
Subject Re: REST API authentication in 2.0.0
Date Thu, 30 Jun 2016 15:00:20 GMT
Hi,
so it seems my memory isn't that good, after all :-)

I could not find any valid reason supporting the status quo - most 
likely some errors during the code migration and refactoring from 1_2_X 
to master.

Anyway, I am working right now on SYNCOPE-883, fix should be available 
soon, implementing the general policy of returning:

  * 403 for authenticated users not allowed to invoke a given REST endpoint
  * 401 for anonymous users attempting to access a given REST endpoint 
which requires authentication

Regards.

On 29/06/2016 08:12, Francesco Chicchiriccò wrote:
> Hi Colm,
> I remember there was some good reason supporting this change (possibly as part of one
of initial 2.0.0 issues): I'll investigate tomorrow and report.
>
> Regards.
>
> On 28 June 2016 16:40:49 CEST, Colm O hEigeartaigh <coheigea@apache.org> wrote:
>> Hi,
>>
>> Just wanted to check before filing a JIRA. With the latest
>> 2.0.0-SNAPSHOT,
>> I noticed that accessing the REST API without supplying a
>> username/password
>> returns 403 as opposed to the old 401.
>>
>> wget http://localhost:9080/syncope/rest/users
>>
>> --2016-06-28 15:40:01--  http://localhost:9080/syncope/rest/users
>> Resolving localhost (localhost)... 127.0.0.1
>> Connecting to localhost (localhost)|127.0.0.1|:9080... connected.
>> HTTP request sent, awaiting response... 403
>> 2016-06-28 15:40:01 ERROR 403: (no description).
>>
>> Whereas with 1.2.7:
>>
>> wget http://localhost:9080/syncope/rest/users
>> --2016-06-28 15:29:42--  http://localhost:9080/syncope/rest/users
>> Resolving localhost (localhost)... 127.0.0.1
>> Connecting to localhost (localhost)|127.0.0.1|:9080... connected.
>> HTTP request sent, awaiting response... 401 Unauthorized
>>
>> Username/Password Authentication Failed.
>>
>> This means that if you open up a web browser and try to access say:
>>
>> http://localhost:9080/syncope/rest/users
>>
>> a pop-up windows does not appear for the user to enter the
>> user/password.
>> Was there a reason for this change or will I file a bug?
>>
>> Thanks,
>>
>> Colm.

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC,
CXF Committer, OpenJPA Committer, PonyMail PPMC
http://home.apache.org/~ilgrosso/


Mime
View raw message