Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
webconsole-2.0.4
-
None
Description
The Web Console uses its own HttpContext implementation to handle authentication. When authentication is missing, it sets (or currently sendError) the response status 401/UNAUTHENTICATED but does not flush the response.
The Felix Http Base code overwrites this to 403/FORBIDDEN if the response is not committed.
So to ensure, the correct status is really sent, the handleSecurity implementation must flush the response.