Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-9474

Public endpoints are returning 403 with body when enforcement mode is disabled

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 4.8.3.Final
    • Fix Version/s: None
    • Component/s: Authorization Services
    • Labels:
      None

      Description

      When a protected path is public (no security constraints) and the enforcement mode is disabled, the policy enforcer is setting the correct status code 403 but not aborting the request.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                pcraveiro Pedro Igor Silva
                Reporter:
                pcraveiro Pedro Igor Silva
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: