[LPS-131194] Force Basic and Force Digest Auth option are not honored - Liferay Issues

XML

Word

Printable

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 7.1.X, 7.2.X, 7.3.X, Master
Fix Version/s: 7.1.10 DXP FP26, 7.1.10.7 SP7, 7.1.X, 7.2.10 DXP FP15, 7.2.X, 7.3.10.3 DXP SP3, 7.3.X, 7.4.1 CE GA2, 7.4.13 DXP GA1, Master
Component/s: Application Security > Auth Verifiers
Labels:

Steps to reproduce:

Configure Digest Authentication:
1. System Settings > API Authentication > Digest Authentication:
2. Force Digest Authentication: True
3. Enabled: True
4. Hosts Allowed: n/a
5. URLs Excludes: n/a
6. URLs Includes: /api/jsonws/company/*
Configure a new System Access Policy:
1. Name: COMPANY_ACCESS
2. Enabled: true
3. Default: false
4. Title: COMPANY_ACCESS
5. Allowed Service Signatures:
  1. Service Class: com.liferay.portal.kernel.service.CompanyService
  2. Method Name: n/al
Open a session in POSTMAN
Create a new request this way (select Digest Auth and add the user and pass)
Uncheck the "Yes disable retrying" option
Test that results are returned
Check the "yes disable retrying" option again (so we are going to see the first call return as result and it's status code)
In you could see that it is 403 instead of 401

Expected result: HTTP response returns 401
Actual result: HTTP response returns 403

demands

LPS-131786 Add test coverage for LPS-131194