-
Bug
-
Resolution: Fixed
-
Major
-
4.5.2
-
None
BasicAuthentication's prompting for credentials is only triggered when status is set to HttpServletResponse.SC_UNAUTHORIZED.
We should set status HttpServletResponse.SC_UNAUTHORIZED for anonymous user - HttpServletResponse.SC_FORBIDDEN else.
Acceptance criteria
- is depended upon by
-
JRDVX-2 Figure out auth/callback issues
- Resolved
- is duplicated by
-
MAGNOLIA-4395 Security filters should set 401 or 403 more appropriately
- Closed
- is related to
-
MGNLWEBDAV-29 Authorization for WebDAV access is broken
- Closed
-
MAGNOLIA-4397 ContentSecurityFilter#isAllowed does not set proper status code for anonymous user
- Closed