Set headers before calling sendError() method

Closes #23325
This commit is contained in:
Emilien Bondu 2023-09-18 15:50:00 +02:00 committed by Pedro Igor
parent c2fc2c2b03
commit 95a45f0910

View file

@ -337,9 +337,9 @@ public class PolicyEnforcer {
String ticket = getPermissionTicket(pathConfig, methodConfig, authzClient, request);
if (ticket != null) {
response.sendError(401);
response.setHeader("WWW-Authenticate", new StringBuilder("UMA realm=\"").append(authzClient.getConfiguration().getRealm()).append("\"").append(",as_uri=\"")
.append(authzClient.getServerConfiguration().getIssuer()).append("\"").append(",ticket=\"").append(ticket).append("\"").toString());
response.sendError(401);
} else {
response.sendError(403);
}
@ -360,8 +360,8 @@ public class PolicyEnforcer {
String accessDeniedPath = enforcerConfig.getOnDenyRedirectTo();
if (accessDeniedPath != null) {
response.sendError(302);
response.setHeader("Location", accessDeniedPath);
response.sendError(302);
} else {
response.sendError(403);
}