[Geoserver-devel] [JIRA] (GEOS-8560) Giving an invalid auth token to authkey results in anonymous authentication

GeoServer GeoServer Developer
1

Andrea Aime created an issue

GeoServer / BugGEOS-8560

Giving an invalid auth token to authkey results in anonymous authentication

Issue Type:

BugBug

Assignee:

Unassigned

Components:

Community modules

Created:

30/Jan/18 10:20 AM

Priority:

MediumMedium

Reporter:

Andrea Aime

The other authentication mechanisms would raise a 401 in case of invalid credentials.
For example, this capabilities request is open, an anonymous can ask for it, but if passing invalid basic auth credentials, it results in a 401:

curl -u pippo:paperino "http://cloudsdi.geo-solutions.it/geoserver/ows?service=wms&version=1.3.0&request=GetCapabilities" -D -
HTTP/1.1 401 Unauthorized
Date: Tue, 30 Jan 2018 09:17:38 GMT
...

(remove the -u pippo:paperino to get a valid response instead).

The authkey should behave the same, in case an attempt to login via authkey is detecting and the credentials are not valid, then a request to present valid credentials (401) should be returned, instead of falling back on the auth chain and eventually allow to proceed like anonymous.

Add Comment

Add Comment

Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS

This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100077-sha1:0710d44)

Atlassian logo