Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue #6553 - give 403 response if UNAUTHENTICATED and auth is mandatory 

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
This commit is contained in:
Lachlan Roberts 2021-07-29 20:17:34 +10:00
parent 5dcc14b114
commit 40c79346c1
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
View File

@ -572,6 +572,11 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
authenticator.secureResponse(request, response, isAuthMandatory, null); authenticator.secureResponse(request, response, isAuthMandatory, null);
} }
} }
else if ((authentication == Authentication.UNAUTHENTICATED) && isAuthMandatory)
{
response.sendError(HttpServletResponse.SC_FORBIDDEN, "unauthenticated");
baseRequest.setHandled(true);
}
else else
{ {
baseRequest.setAuthentication(authentication); baseRequest.setAuthentication(authentication);