From 90d34bfd06d6bb7e139db90ce03e69f964ef03d7 Mon Sep 17 00:00:00 2001 From: Thomas Raehalme Date: Wed, 9 Sep 2015 18:31:25 +0300 Subject: [PATCH] unsuccessfulAuthentication now returns HTTP response status 401 instead of 403. --- .../filter/KeycloakAuthenticationProcessingFilter.java | 4 ++-- .../filter/KeycloakAuthenticationProcessingFilterTest.java | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java b/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java index 67b950bb7b..1a29a87aac 100644 --- a/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java +++ b/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java @@ -190,12 +190,12 @@ public class KeycloakAuthenticationProcessingFilter extends AbstractAuthenticati if (this.isBearerTokenRequest(request)) { SecurityContextHolder.clearContext(); - response.sendError(HttpServletResponse.SC_FORBIDDEN, "Unable to authenticate bearer token"); + response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unable to authenticate bearer token"); return; } else if (this.isBasicAuthRequest(request)) { SecurityContextHolder.clearContext(); - response.sendError(HttpServletResponse.SC_FORBIDDEN, "Unable to authenticate with basic authentication"); + response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unable to authenticate with basic authentication"); return; } diff --git a/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilterTest.java b/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilterTest.java index 034e212001..dfaa3e30b4 100644 --- a/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilterTest.java +++ b/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilterTest.java @@ -148,7 +148,7 @@ public class KeycloakAuthenticationProcessingFilterTest { AuthenticationException exception = new BadCredentialsException("OOPS"); this.setBearerAuthHeader(request); filter.unsuccessfulAuthentication(request, response, exception); - verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString()); + verify(response).sendError(eq(HttpServletResponse.SC_UNAUTHORIZED), anyString()); verify(failureHandler, never()).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); } @@ -158,7 +158,7 @@ public class KeycloakAuthenticationProcessingFilterTest { AuthenticationException exception = new BadCredentialsException("OOPS"); this.setBasicAuthHeader(request); filter.unsuccessfulAuthentication(request, response, exception); - verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString()); + verify(response).sendError(eq(HttpServletResponse.SC_UNAUTHORIZED), anyString()); verify(failureHandler, never()).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class)); }