403 is typically reported when the authenticated user is forbidden (not
in some role) to access a given resource. So might be a regression. I'm
not 100% sure if some sites do return 403 instead of 401 though when the
authentication fails. Possible confusion can arise given that 401 error
message is "Unauthorized"
Cheers, Sergey
On 28/06/16 15:40, Colm O hEigeartaigh wrote:
Hi,
Just wanted to check before filing a JIRA. With the latest 2.0.0-SNAPSHOT,
I noticed that accessing the REST API without supplying a username/password
returns 403 as opposed to the old 401.
wget http://localhost:9080/syncope/rest/users
--2016-06-28 15:40:01-- http://localhost:9080/syncope/rest/users
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:9080... connected.
HTTP request sent, awaiting response... 403
2016-06-28 15:40:01 ERROR 403: (no description).
Whereas with 1.2.7:
wget http://localhost:9080/syncope/rest/users
--2016-06-28 15:29:42-- http://localhost:9080/syncope/rest/users
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:9080... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Username/Password Authentication Failed.
This means that if you open up a web browser and try to access say:
http://localhost:9080/syncope/rest/users
a pop-up windows does not appear for the user to enter the user/password.
Was there a reason for this change or will I file a bug?
Thanks,
Colm.
