Issue #6553 - give 403 response if UNAUTHENTICATED and auth is mandatory

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
This commit is contained in:
Lachlan Roberts 2021-07-29 20:17:34 +10:00
parent 5dcc14b114
commit 40c79346c1
1 changed files with 5 additions and 0 deletions

View File

@ -572,6 +572,11 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
authenticator.secureResponse(request, response, isAuthMandatory, null);
}
}
else if ((authentication == Authentication.UNAUTHENTICATED) && isAuthMandatory)
{
response.sendError(HttpServletResponse.SC_FORBIDDEN, "unauthenticated");
baseRequest.setHandled(true);
}
else
{
baseRequest.setAuthentication(authentication);