Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-11038

xwiki.authentication.unauthorized_code has a bad default value and is not taken into account

    Details

    • Type: Bug
    • Status: Open
    • Priority: Trivial
    • Resolution: Unresolved
    • Affects Version/s: 6.2-rc-1
    • Fix Version/s: None
    • Labels:
      None
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      Hello,

      There are in default xwiki.cfg:
      "HTTP status code to sent when the authentication failed."
      xwiki.authentication.unauthorized_code=200

      I think 401 (OR 403) is more appropriate.

      Thomas noticed that:
      Note that I just tested to fail the login and got 403 so additionally it's not really fully taken into account (I don't really see the point of making it configurable anyway).

      Thxs

      Pascal B

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              Pbas Pascal BASTIEN
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Date of First Response: