Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-11038

xwiki.authentication.unauthorized_code has a bad default value and is not taken into account

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Fix
    • Trivial
    • None
    • 6.2-rc-1
    • Configuration resources (Tool)
    • None
    • Unknown
    • N/A
    • N/A

    Description

      Hello,

      There are in default xwiki.cfg:
      "HTTP status code to sent when the authentication failed."
      xwiki.authentication.unauthorized_code=200

      I think 401 (OR 403) is more appropriate.

      Thomas noticed that:
      Note that I just tested to fail the login and got 403 so additionally it's not really fully taken into account (I don't really see the point of making it configurable anyway).

      Thxs

      Pascal B

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-20233 Parameter xwiki.authentication.unauthorized_code is not taken into account

          • Major - Major loss of function.
          • Closed

          Activity

            People

              surli Simon Urli
              Pbas Pascal BASTIEN
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: