Ok thanks, this sounds like a bug then? The user is not authenticated and so Syncope should be returning 401 instead of 403? As things stand, there is no way to use a web browser to access the REST API unless you manually configure the basic auth parameters somehow.
Colm. On Tue, Jun 28, 2016 at 4:09 PM, Massimiliano Perrone < massimiliano.perr...@tirasa.net> wrote: > > > ----- Messaggio originale ----- > > Da: "Sergey Beryozkin" <sberyoz...@gmail.com> > > A: "dev" <dev@syncope.apache.org> > > Inviato: Martedì, 28 giugno 2016 17:00:05 > > Oggetto: Re: REST API authentication in 2.0.0 > > > 403 is typically reported when the authenticated user is forbidden (not > > in some role) to access a given resource. So might be a regression. I'm > > not 100% sure if some sites do return 403 instead of 401 though when the > > authentication fails. Possible confusion can arise given that 401 error > > message is "Unauthorized" > > > My experience is 100% with 403 for authenticated user with no permissions > (e.g roles), 401 for a resource that needs an authenticated user and you > are trying to use it without authentication. > > BR, > Massi > > > > > Cheers, Sergey > > On 28/06/16 15:40, Colm O hEigeartaigh wrote: > >> Hi, > >> > >> Just wanted to check before filing a JIRA. With the latest > 2.0.0-SNAPSHOT, > >> I noticed that accessing the REST API without supplying a > username/password > >> returns 403 as opposed to the old 401. > >> > >> wget http://localhost:9080/syncope/rest/users > >> > >> --2016-06-28 15:40:01-- http://localhost:9080/syncope/rest/users > >> Resolving localhost (localhost)... 127.0.0.1 > >> Connecting to localhost (localhost)|127.0.0.1|:9080... connected. > >> HTTP request sent, awaiting response... 403 > >> 2016-06-28 15:40:01 ERROR 403: (no description). > >> > >> Whereas with 1.2.7: > >> > >> wget http://localhost:9080/syncope/rest/users > >> --2016-06-28 15:29:42-- http://localhost:9080/syncope/rest/users > >> Resolving localhost (localhost)... 127.0.0.1 > >> Connecting to localhost (localhost)|127.0.0.1|:9080... connected. > >> HTTP request sent, awaiting response... 401 Unauthorized > >> > >> Username/Password Authentication Failed. > >> > >> This means that if you open up a web browser and try to access say: > >> > >> http://localhost:9080/syncope/rest/users > >> > >> a pop-up windows does not appear for the user to enter the > user/password. > >> Was there a reason for this change or will I file a bug? > >> > >> Thanks, > >> > >> Colm. > >> > > -- > Massimiliano Perrone > Tel +39 393 9121310 > > Tirasa S.r.l. > Viale D'Annunzio 267 - 65127 Pescara > Tel +39 0859116307 / FAX +39 0859111173 > http://www.tirasa.net > > "L'apprendere molte cose non insegna l'intelligenza" > (Eraclito) > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
