[jira] [Commented] (SOLR-17247) 'WWW-Authenticate' headers missing in MultiAuthPlugin

Wed, 29 May 2024 06:32:48 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-17247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17850370#comment-17850370
 ] 

ASF subversion and git services commented on SOLR-17247:
--------------------------------------------------------

Commit 4bd265d81f9442b55d86dbb19723cde7ef04cd0f in solr's branch 
refs/heads/branch_9x from Lamine
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=4bd265d81f9 ]

SOLR-17247: Fix bug - 'WWW-Authenticate' headers missing in MultiAuthPlugin 
(#2416)

Co-authored-by: Lamine Idjeraoui <[email protected]>
Co-authored-by: Eric Pugh <[email protected]>

> 'WWW-Authenticate' headers missing in MultiAuthPlugin
> -----------------------------------------------------
>
>                 Key: SOLR-17247
>                 URL: https://issues.apache.org/jira/browse/SOLR-17247
>             Project: Solr
>          Issue Type: Bug
>          Components: Authentication
>            Reporter: Lamine
>            Priority: Minor
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> MultiAuthPlugin does not return WWW-Authenticate' headers
> When returning a 401 response a Web application needs to indicate to the 
> client what authentication challenges it supports, otherwise an exception 
> like "{_}HTTP protocol violation: Authentication challenge without 
> WWW-Authenticate header{_}“ is raised.
> Solr’s MultiAuthPlugin does not supports this.  Solr should return the list 
> of supported schemes (challenges).
>  
> According to HTTP [RFC 
> 7235|https://datatracker.ietf.org/doc/html/rfc7235#section-3.1]:
> _The 401 (Unauthorized) status code indicates that the request has not_
> _been applied because it lacks valid authentication credentials for_
> _the target resource. The server generating a 401 response *MUST* send_
> _a WWW-Authenticate header field ([Section 
> 4.1|https://datatracker.ietf.org/doc/html/rfc7235#section-4.1]) containing at 
> least one_
> _challenge applicable to the target resource._



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to