----- Messaggio originale ----- > Da: "Colm O hEigeartaigh" <cohei...@apache.org> > A: "dev" <dev@syncope.apache.org> > Inviato: Martedì, 28 giugno 2016 17:15:28 > Oggetto: Re: REST API authentication in 2.0.0
> Ok thanks, this sounds like a bug then? I think so. Max > The user is not authenticated and > so Syncope should be returning 401 instead of 403? As things stand, there > is no way to use a web browser to access the REST API unless you manually > configure the basic auth parameters somehow. > > Colm. > > On Tue, Jun 28, 2016 at 4:09 PM, Massimiliano Perrone < > massimiliano.perr...@tirasa.net> wrote: > >> >> >> ----- Messaggio originale ----- >> > Da: "Sergey Beryozkin" <sberyoz...@gmail.com> >> > A: "dev" <dev@syncope.apache.org> >> > Inviato: Martedì, 28 giugno 2016 17:00:05 >> > Oggetto: Re: REST API authentication in 2.0.0 >> >> > 403 is typically reported when the authenticated user is forbidden (not >> > in some role) to access a given resource. So might be a regression. I'm >> > not 100% sure if some sites do return 403 instead of 401 though when the >> > authentication fails. Possible confusion can arise given that 401 error >> > message is "Unauthorized" >> >> >> My experience is 100% with 403 for authenticated user with no permissions >> (e.g roles), 401 for a resource that needs an authenticated user and you >> are trying to use it without authentication. >> >> BR, >> Massi >> >> > >> > Cheers, Sergey >> > On 28/06/16 15:40, Colm O hEigeartaigh wrote: >> >> Hi, >> >> >> >> Just wanted to check before filing a JIRA. With the latest >> 2.0.0-SNAPSHOT, >> >> I noticed that accessing the REST API without supplying a >> username/password >> >> returns 403 as opposed to the old 401. >> >> >> >> wget http://localhost:9080/syncope/rest/users >> >> >> >> --2016-06-28 15:40:01-- http://localhost:9080/syncope/rest/users >> >> Resolving localhost (localhost)... 127.0.0.1 >> >> Connecting to localhost (localhost)|127.0.0.1|:9080... connected. >> >> HTTP request sent, awaiting response... 403 >> >> 2016-06-28 15:40:01 ERROR 403: (no description). >> >> >> >> Whereas with 1.2.7: >> >> >> >> wget http://localhost:9080/syncope/rest/users >> >> --2016-06-28 15:29:42-- http://localhost:9080/syncope/rest/users >> >> Resolving localhost (localhost)... 127.0.0.1 >> >> Connecting to localhost (localhost)|127.0.0.1|:9080... connected. >> >> HTTP request sent, awaiting response... 401 Unauthorized >> >> >> >> Username/Password Authentication Failed. >> >> >> >> This means that if you open up a web browser and try to access say: >> >> >> >> http://localhost:9080/syncope/rest/users >> >> >> >> a pop-up windows does not appear for the user to enter the >> user/password. >> >> Was there a reason for this change or will I file a bug? >> >> >> >> Thanks, >> >> >> >> Colm. >> >> >> >> -- >> Massimiliano Perrone >> Tel +39 393 9121310 >> >> Tirasa S.r.l. >> Viale D'Annunzio 267 - 65127 Pescara >> Tel +39 0859116307 / FAX +39 0859111173 >> http://www.tirasa.net >> >> "L'apprendere molte cose non insegna l'intelligenza" >> (Eraclito) >> > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com -- Massimiliano Perrone Tel +39 393 9121310 Tirasa S.r.l. Viale D'Annunzio 267 - 65127 Pescara Tel +39 0859116307 / FAX +39 0859111173 http://www.tirasa.net "L'apprendere molte cose non insegna l'intelligenza" (Eraclito)
