[MAGNOLIA-986] Invalid Login does not return status 401 Created: 25/Jul/06  Updated: 23/Jan/13  Resolved: 13/Oct/06

Status: Closed
Project: Magnolia
Component/s: security
Affects Version/s: 3.0 RC2
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Giancarlo Berner Assignee: Sameer Charles
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

JBoss, Linux, Magnolia 3.0, FireFox


Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

I use the same login script like the Magnolia Admin login.

  • In the Browser look for a page where you have NO access rights. The login prompt shows up. With a correct login, the status returned is 403, correct.
  • In the Browser look for a page, where you have access rights. But this time type an invalid login. You will get a white page and the status returned is 200 instead of 401.


 Comments   
Comment by Sameer Charles [ 13/Oct/06 ]

Have you tested this with magnolia login form?
I cannot reproduce this behaviour.

Generated at Mon Feb 12 03:22:34 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.