[MAGNOLIA-4389] URISecurityFilter#isAllowed does not set proper status code for anonymous user Created: 25/Apr/12  Updated: 24/May/12  Resolved: 16/May/12

Status: Closed
Project: Magnolia
Component/s: security
Affects Version/s: 4.5.2
Fix Version/s: 4.5.3

Type: Bug Priority: Major
Reporter: Daniel Lipp Assignee: Daniel Lipp
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
dependency
is depended upon by JRDVX-2 Figure out auth/callback issues Resolved
duplicate
is duplicated by MAGNOLIA-4395 Security filters should set 401 or 40... Closed
relation
is related to MGNLWEBDAV-29 Authorization for WebDAV access is br... Closed
is related to MAGNOLIA-4397 ContentSecurityFilter#isAllowed does ... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

BasicAuthentication's prompting for credentials is only triggered when status is set to HttpServletResponse.SC_UNAUTHORIZED.
We should set status HttpServletResponse.SC_UNAUTHORIZED for anonymous user - HttpServletResponse.SC_FORBIDDEN else.



 Comments   
Comment by Magnolia International [ 26/Apr/12 ]

How about applying this to ContentSecurityFilter as well ?

Comment by Jan Haderka [ 27/Apr/12 ]

Good point. Change indeed needs to be applied to both URISecurity and ContentSecurity.

Comment by Daniel Lipp [ 16/May/12 ]

Reopening happened because of missing changes in ContentSecurityFilter - these have been applied under MAGNOLIA-4397

Generated at Mon Feb 12 03:55:18 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.