Issue #6553 - give 403 response if UNAUTHENTICATED and auth is mandatory
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
This commit is contained in:
parent
5dcc14b114
commit
40c79346c1
|
@ -572,6 +572,11 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
|
|||
authenticator.secureResponse(request, response, isAuthMandatory, null);
|
||||
}
|
||||
}
|
||||
else if ((authentication == Authentication.UNAUTHENTICATED) && isAuthMandatory)
|
||||
{
|
||||
response.sendError(HttpServletResponse.SC_FORBIDDEN, "unauthenticated");
|
||||
baseRequest.setHandled(true);
|
||||
}
|
||||
else
|
||||
{
|
||||
baseRequest.setAuthentication(authentication);
|
||||
|
|
Loading…
Reference in New Issue