[
https://issues.apache.org/jira/browse/TUSCANY-3389?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Luciano Resende resolved TUSCANY-3389.
--------------------------------------
Resolution: Fixed
Fix Version/s: Java-SCA-1.6
Fixed by providing different http status code depending on the
authentication/authorization error. 401 when user could not be authenticated,
403 when user was authenticated but it does not have the proper role to execute
the operation. Please let me know if this works on your scenario.
> Tuscany Policies is returning an error code of 401 instead of 403 when an
> authenticated user requests a service which is not authorized for their role
> ------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: TUSCANY-3389
> URL: https://issues.apache.org/jira/browse/TUSCANY-3389
> Project: Tuscany
> Issue Type: Bug
> Components: Java SCA Policy
> Affects Versions: Java-SCA-Next
> Environment: WASCE on Mac
> Reporter: Abraham Guerra
> Assignee: Luciano Resende
> Priority: Minor
> Fix For: Java-SCA-1.6, Java-SCA-Next
>
>
> I defined a secured service and provided authorized roles.
> I authenticated as a user who is not in the appropriate role and requested
> the above service.
> Policies returned a 401 error instead of 403
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
