Details
-
Bug
-
Resolution: Fixed
-
Major
-
4.5.2
-
None
Description
BasicAuthentication's prompting for credentials is only triggered when status is set to HttpServletResponse.SC_UNAUTHORIZED.
We should set status HttpServletResponse.SC_UNAUTHORIZED for anonymous user - HttpServletResponse.SC_FORBIDDEN else.
Checklists
Acceptance criteria
Attachments
Issue Links
- is depended upon by
-
JRDVX-2 Figure out auth/callback issues
-
- Resolved
-
- is duplicated by
-
MAGNOLIA-4395 Security filters should set 401 or 403 more appropriately
-
- Closed
-
- is related to
-
MGNLWEBDAV-29 Authorization for WebDAV access is broken
-
- Closed
-
-
MAGNOLIA-4397 ContentSecurityFilter#isAllowed does not set proper status code for anonymous user
-
- Closed
-