Affects Version/s: 6.2-rc-1
Fix Version/s: None
Component/s: Configuration resources (Tool)
There are in default xwiki.cfg:
"HTTP status code to sent when the authentication failed."
I think 401 (OR 403) is more appropriate.
Thomas noticed that:
Note that I just tested to fail the login and got 403 so additionally it's not really fully taken into account (I don't really see the point of making it configurable anyway).