[jira] [Updated] (ATLAS-1951) Regression: Any REST API request without user credentials results in 302 redirect to login.jsp. Actually, the correct response should be 401.

Ayub Pathan (JIRA) Fri, 14 Jul 2017 04:42:49 -0700

     [ 
https://issues.apache.org/jira/browse/ATLAS-1951?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ayub Pathan updated ATLAS-1951:
-------------------------------
    Description: 
Regression: Any REST API request to atlas without user credentials results in 
302 redirect( login.jsp), but the actual response code should be 401 
unauthorized. 

This issue could have been introduced as part of new spring  changes.

For example:
{noformat}
curl -v -X GET "http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000";
* Rebuilt URL to: http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/
*   Trying 172.27.56.2...
* Connected to ctr-e133-1493418528701-181199-01-000002.hwx.site (172.27.56.2) 
port 21000 (#0)
> GET / HTTP/1.1
> Host: ctr-e133-1493418528701-181199-01-000002.hwx.site:21000
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Fri, 14 Jul 2017 11:16:42 GMT
< Set-Cookie: ATLASSESSIONID=1i0rxnm66dd3h17xyhvstk0vck;Path=/;HttpOnly
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< X-Frame-Options: DENY
< Location: 
http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/login.jsp
< Content-Length: 0
< Server: Jetty(9.2.12.v20150709)
<
* Connection #0 to host ctr-e133-1493418528701-181199-01-000002.hwx.site left 
intact
{noformat}


  was:
Regression: Any REST API request to atlas without user credentials results in 
302 redirect( login.jsp), but the actual response code should be 401 
unauthorized. 

This issue could have been introduced as part of new spring  changes.

For example:
{noformat}
curl -v -X GET "http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000";
* Rebuilt URL to: http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/
*   Trying 172.27.56.2...
* Connected to ctr-e133-1493418528701-181199-01-000002.hwx.site (172.27.56.2) 
port 21000 (#0)
> GET / HTTP/1.1
> Host: ctr-e133-1493418528701-181199-01-000002.hwx.site:21000
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Fri, 14 Jul 2017 11:16:42 GMT
< Set-Cookie: ATLASSESSIONID=1i0rxnm66dd3h17xyhvstk0vck;Path=/;HttpOnly
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< X-Frame-Options: DENY
< Location: 
http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/login.jsp
< Content-Length: 0
< Server: Jetty(9.2.12.v20150709)
<
* Connection #0 to host ctr-e133-1493418528701-181199-01-000002.hwx.site left 
intact
{noformat}

CC [~skoneru]


> Regression: Any REST API request without user credentials results in 302 
> redirect to login.jsp. Actually, the correct response should be 401.
> ---------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ATLAS-1951
>                 URL: https://issues.apache.org/jira/browse/ATLAS-1951
>             Project: Atlas
>          Issue Type: Bug
>          Components:  atlas-core
>    Affects Versions: 0.9-incubating
>            Reporter: Ayub Pathan
>            Priority: Critical
>             Fix For: 0.9-incubating
>
>
> Regression: Any REST API request to atlas without user credentials results in 
> 302 redirect( login.jsp), but the actual response code should be 401 
> unauthorized. 
> This issue could have been introduced as part of new spring  changes.
> For example:
> {noformat}
> curl -v -X GET "http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000";
> * Rebuilt URL to: 
> http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/
> *   Trying 172.27.56.2...
> * Connected to ctr-e133-1493418528701-181199-01-000002.hwx.site (172.27.56.2) 
> port 21000 (#0)
> > GET / HTTP/1.1
> > Host: ctr-e133-1493418528701-181199-01-000002.hwx.site:21000
> > User-Agent: curl/7.43.0
> > Accept: */*
> >
> < HTTP/1.1 302 Found
> < Date: Fri, 14 Jul 2017 11:16:42 GMT
> < Set-Cookie: ATLASSESSIONID=1i0rxnm66dd3h17xyhvstk0vck;Path=/;HttpOnly
> < Expires: Thu, 01 Jan 1970 00:00:00 GMT
> < X-Frame-Options: DENY
> < Location: 
> http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/login.jsp
> < Content-Length: 0
> < Server: Jetty(9.2.12.v20150709)
> <
> * Connection #0 to host ctr-e133-1493418528701-181199-01-000002.hwx.site left 
> intact
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (ATLAS-1951) Regression: Any REST API request without user credentials results in 302 redirect to login.jsp. Actually, the correct response should be 401.

Reply via email to