New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue #6553 - give 401 response if UNAUTHENTICATED and auth is mandatory #6568
Issue #6553 - give 401 response if UNAUTHENTICATED and auth is mandatory #6568
Conversation
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
Show resolved
Hide resolved
jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
Outdated
Show resolved
Hide resolved
jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
Show resolved
Hide resolved
…for DeferredAuth Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
…6553-SecurityHandler
@gregw do you think this should be brought back to 9.4? |
@lachlan-roberts if we updated the JASPI auth in 9.4 to be usable, then yes this needs to be backported. But if the recent jaspi changes were 10 only, then I say leave 9.4 as is. |
@gregw this is not related to the JASPI updates. Looks like the existing JASPI implementation in 9.4 to can also return |
OK then I think backport is needed. |
Issue #6553
If
Authenticator
returnsUNAUTHENTICATED
and auth is mandatory then we should return 403 response.