Details
-
Bug
-
Resolution: Obsolete
-
Major
-
None
-
1.1.0.Beta42
-
None
-
None
Description
In case security domain used by deployed application uses aggregate-principal-transformer which includes some principal-transformers and none of them returns non-null principal then HTTP status 500 with 'ELY01003: No authentication is in progress' is returned by application. It causes that authentication cannot be repeated (e.g. when user provides some typo in username). It should rather throw HTTP status 401 to allow repeating authentication process.
This situation can happen if aggregate-principal-transformer is used as decision tree (see [1] for details) and uses only transformers which can return null principal (e.g. only chained-principal-transformers).
This happens when aggregate-principal-transformer is used in pre-realm-principal-transformer for security domain. It does not happen when aggregate-principal-transformer is used in principal-transformer for realm in security domain.
Attachments
Issue Links
- clones
-
JBEAP-11107 HTTP status 500 when no principal is returned by aggregate-principal-transformer
- Verified