Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Liberty default HttpAuthenticationMechanisms do not call HttpMessageContext.responseUnauthorized #23326

Closed
Zech-Hein opened this issue Nov 11, 2022 · 0 comments
Closed

Liberty default HttpAuthenticationMechanisms do not call HttpMessageContext.responseUnauthorized #23326

Zech-Hein opened this issue Nov 11, 2022 · 0 comments
Assignees
@Zech-Hein
Labels
release bug This bug is present in a released version of Open Liberty release:220013 f9d0c4 team:Core Security

Comments

@Zech-Hein
Copy link
Contributor

Describe the bug
A HttpMessageContextWrapper can override the responseUnauthorized method to enrich the response, by adding headers for example. Liberty's HttpAuthenticationMechanisms do not call HttpMessageContext.responseUnauthorized.

Steps to Reproduce

  1. Have an authentication mechanism decorator used in application that uses a HttpMessageContextWrapper that overwrites the responseUnauthorized method to enrich the response to an unauthorized request.
  2. Submit an unauthorized request.
  3. Observe the responseUnauthorized method will not be called

Expected behavior
Liberty default HttpAuthenticationMechanisms should call HttpMessageContext.responseUnauthorized for unauthorized requests.

Diagnostic information:

  • OpenLiberty Version: [-22.0.0.12]
  • Affected feature(s) [appSecurity-3.0/4.0/5.0]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Zech-Hein Zech-Hein

Labels
release bug This bug is present in a released version of Open Liberty release:220013 f9d0c4 team:Core Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@LibbyBot @Zech-Hein