[jira] [Commented] (ATLAS-1951) Regression: Any REST API request without user credentials results in 302 redirect to login.jsp. Actually, the correct response should be 401.

Apoorv Naik (JIRA) Wed, 26 Jul 2017 21:46:32 -0700

    [ 
https://issues.apache.org/jira/browse/ATLAS-1951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16102697#comment-16102697
 ]


Apoorv Naik commented on ATLAS-1951:
------------------------------------

+1 Curl calls return 401 and browser functionality seems to be normal (no side 
effect of this change). Thanks for the patch.

> Regression: Any REST API request without user credentials results in 302 
> redirect to login.jsp. Actually, the correct response should be 401.
> ---------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ATLAS-1951
>                 URL: https://issues.apache.org/jira/browse/ATLAS-1951
>             Project: Atlas
>          Issue Type: Bug
>          Components:  atlas-core
>    Affects Versions: 0.9-incubating
>            Reporter: Ayub Pathan
>            Assignee: Nixon Rodrigues
>            Priority: Critical
>             Fix For: 0.9-incubating
>
>         Attachments: ATLAS-1951.patch
>
>
> Regression: Any REST API request to atlas without user credentials results in 
> 302 redirect( login.jsp), but the actual response code should be 401 
> unauthorized. 
> This issue could have been introduced as part of new spring  changes.
> For example:
> {noformat}
> curl -v -X GET "http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000";
> * Rebuilt URL to: 
> http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/
> *   Trying 172.27.56.2...
> * Connected to ctr-e133-1493418528701-181199-01-000002.hwx.site (172.27.56.2) 
> port 21000 (#0)
> > GET / HTTP/1.1
> > Host: ctr-e133-1493418528701-181199-01-000002.hwx.site:21000
> > User-Agent: curl/7.43.0
> > Accept: */*
> >
> < HTTP/1.1 302 Found
> < Date: Fri, 14 Jul 2017 11:16:42 GMT
> < Set-Cookie: ATLASSESSIONID=1i0rxnm66dd3h17xyhvstk0vck;Path=/;HttpOnly
> < Expires: Thu, 01 Jan 1970 00:00:00 GMT
> < X-Frame-Options: DENY
> < Location: 
> http://ctr-e133-1493418528701-181199-01-000002.hwx.site:21000/login.jsp
> < Content-Length: 0
> < Server: Jetty(9.2.12.v20150709)
> <
> * Connection #0 to host ctr-e133-1493418528701-181199-01-000002.hwx.site left 
> intact
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (ATLAS-1951) Regression: Any REST API request without user credentials results in 302 redirect to login.jsp. Actually, the correct response should be 401.

Reply via email to