Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-131194

Force Basic and Force Digest Auth option are not honored

    Details

      Description

      Steps to reproduce:

      1. Configure Digest Authentication:
        1. System Settings > API Authentication > Digest Authentication:
        2. Force Digest Authentication: True
        3. Enabled: True
        4. Hosts Allowed: n/a
        5. URLs Excludes: n/a
        6. URLs Includes: /api/jsonws/company/*
      2. Configure a new System Access Policy:
        1. Name: COMPANY_ACCESS
        2. Enabled: true
        3. Default: false
        4. Title: COMPANY_ACCESS
        5. Allowed Service Signatures:
          1. Service Class: com.liferay.portal.kernel.service.CompanyService
          2. Method Name: n/al
      3. Open a session in POSTMAN
      4. Create a new request this way (select Digest Auth and add the user and pass)
      5. Uncheck the "Yes disable retrying" option
      6. Test that results are returned
      7. Check the "yes disable retrying" option again (so we are going to see the first call return as result and it's status code)
      8. In you could see that it is 403 instead of 401

       Expected result: HTTP response returns 401
       Actual result: HTTP response returns 403

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              gabor.lovas Gábor Lovas
              Reporter:
              tomas.polesovsky Tomáš Polešovský
              Participants of an Issue:
              Recent user:
              Clarissa Velazquez
              Engineering Assignee:
              Arthur Chen
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                1 year, 3 weeks, 1 day ago

                  Packages

                  Version Package
                  7.1.10 DXP FP26
                  7.1.10.7 SP7
                  7.1.X
                  7.2.10 DXP FP15
                  7.2.X
                  7.3.10.3 DXP SP3
                  7.3.X
                  7.4.1 CE GA2 DXP 7,4
                  7.4.13 DXP GA1
                  Master