steinarb commented on issue #1383: URL: https://github.com/apache/shiro/issues/1383#issuecomment-2121189462
There may still be something wrong with this...? I tried the current main snapshot today and my unit tests were flipped: The test expecting status code 401 got 403 and the test expecting status code 403 got 401. I tried the snapshot since I got failing unit tests when using shiro 2.0.0: https://lists.apache.org/thread/fwslydgdtnscv5tg6yqgnx88zdl50gco With shiro 2.0.0 I got 401 Unauthorized responses where I was expecting 403 Forbidden (accessing rest endpoint with a logged in user without the required role) and I got UnauthenticatedException where I was expecting a 401 Unauthorized response. But with a snapshot built from the current main I no longer got UnauthenticatedException, but the tests expected 401 and 403 status code got unexpected results (the actual values of the tests were flipped wrt the expected values). - This is the test expecting 401 and getting 403: https://github.com/steinarb/servlet/blob/master/servlet/servlet.jersey/src/test/java/no/priv/bang/servlet/jersey/JerseyServletTest.java#L127 - This is the test expecting 403 and getting 401: https://github.com/steinarb/servlet/blob/master/servlet/servlet.jersey/src/test/java/no/priv/bang/servlet/jersey/JerseyServletTest.java#L147 Here is the shiro-jaxrs annotated jersey resource used by the tests: https://github.com/steinarb/servlet/blob/master/servlet/servlet.jersey/src/test/java/no/priv/bang/servlet/jersey/test/resources/ProtectedHelloResource.java#L13 Here is the shiro.ini file defining the users and role used by the tests: https://github.com/steinarb/servlet/blob/master/servlet/servlet.jersey/src/test/resources/test.shiro.ini -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
