Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reopened: Incorrect response when Unauthorised expected #38

Closed
anupash opened this issue Jul 4, 2016 · 1 comment

Comments

Projects
None yet
3 participants
@anupash
Copy link

commented Jul 4, 2016

On Performing the following request,

curl http://:8080/testcontainer

{"timestamp":1467279042812,"status":400,"error":"Bad Request","exception":"org.springframework.web.bind.ServletRequestBindingException","message":"Missing request header 'Authorization' for method parameter of type String","path":"/testcontainer"}

Http Response "401: Unauthorized" expected.

As per www standards : http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

400 Bad Request

The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.

As per the CDMI document Section [5.12.3]:

5.12.3 Client authentication
A CDMI client shall comply with all security requirements for HTTP that apply to clients. CDMI clients can be responsible for initiating user authentication for each CDMI operation that is performed. The CDMI server functions as the authenticator and receives and validates authentication credentials from the client.

RFC 2616 and RFC 2617 define requirements for HTTP authentication, which generally starts with an HTTP client request. If the client request does not include an "Authorization" header and authentication is required, the server responds with an HTTP status code of 401 Unauthorized and a WWW-Authenticate response header. The HTTP client shall then respond with the appropriate Authorisation header in a subsequent request.

@bertl4398

This comment has been minimized.

Copy link
Collaborator

commented Jul 5, 2016

should be fixed

@bertl4398 bertl4398 closed this Jul 5, 2016

@orviz orviz added the bug label Dec 14, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.