DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=34515>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=34515 Summary: Recieving a 403 forbidden without a giving the opportunity to authenticate Product: Slide Version: 2.1 Platform: All OS/Version: All Status: UNCONFIRMED Severity: enhancement Priority: P3 Component: Security AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] When an anonymous user (unauthenticated) tries to do an operation on a ressource restricted to a small amount of authenticated users (like modifying the content of a public readable ressource), the webdav servlet send an access denied exception (http error 403). However, sending an authentification required would be more appropriate (this security exception does not come from the fact user access if forbidden, but from the fact there is currently no user authenticated). Webdav tools i have tested so far only send authentification when they receive a 401 along with a Www-authenticate header. So in the case of a read-only ressouce, webdav servlet never gives the webdav client a chance to authenticate user. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
