Liberty default HttpAuthenticationMechanisms do not call HttpMessageContext.responseUnauthorized #23326
Labels
release bug
This bug is present in a released version of Open Liberty
release:220013
f9d0c4
team:Core Security
Describe the bug
A
HttpMessageContextWrapper
can override theresponseUnauthorized
method to enrich the response, by adding headers for example. Liberty's HttpAuthenticationMechanisms do not call HttpMessageContext.responseUnauthorized.Steps to Reproduce
Expected behavior
Liberty default HttpAuthenticationMechanisms should call
HttpMessageContext.responseUnauthorized
for unauthorized requests.Diagnostic information:
The text was updated successfully, but these errors were encountered: