Merge pull request #1487 from lprimak/jaxrs-response-flipped

[#1383] bugfix(jax-rs): unauthenticated vs. authorized HTTP response codes we…
apache · May 21, 2024 · 7f7743d · 7f7743d
2 parents 9531508 + 1b2d26f
commit 7f7743d
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 7 deletions.
diff --git a/.../jaxrs/tests/src/main/java/org/apache/shiro/testing/jaxrs/tests/AbstractShiroJaxRsIT.java b/.../jaxrs/tests/src/main/java/org/apache/shiro/testing/jaxrs/tests/AbstractShiroJaxRsIT.java
@@ -58,7 +58,7 @@ public void testGetUsersUnauthenticated() {
         final Response usersResponse = usersTarget.request(MediaType.APPLICATION_JSON_TYPE)
                 .buildGet()
                 .invoke();
-        assertEquals(Status.FORBIDDEN.getStatusCode(), usersResponse.getStatus());
+        assertEquals(Status.UNAUTHORIZED.getStatusCode(), usersResponse.getStatus());
     }
 
     @SuppressWarnings({"checkstyle:MagicNumber"})

diff --git a/...xrs/src/main/java/org/apache/shiro/web/jaxrs/UnauthenticatedExceptionExceptionMapper.java b/...xrs/src/main/java/org/apache/shiro/web/jaxrs/UnauthenticatedExceptionExceptionMapper.java
@@ -43,6 +43,6 @@ public Response toResponse(UnauthenticatedException exception) {
             LOG.debug("unauthenticated.", exception);
         }
 
-        return Response.status(Status.FORBIDDEN).build();
+        return Response.status(Status.UNAUTHORIZED).build();
     }
 }
diff --git a/.../jaxrs/src/main/java/org/apache/shiro/web/jaxrs/UnauthorizedExceptionExceptionMapper.java b/.../jaxrs/src/main/java/org/apache/shiro/web/jaxrs/UnauthorizedExceptionExceptionMapper.java
@@ -41,9 +41,9 @@ public class UnauthorizedExceptionExceptionMapper implements ExceptionMapper<Una
     public Response toResponse(UnauthorizedException exception) {
 
         if (LOG.isDebugEnabled()) {
-            LOG.debug("unauthenticated.", exception);
+            LOG.debug("unauthorized.", exception);
         }
 
-        return Response.status(Status.UNAUTHORIZED).build();
+        return Response.status(Status.FORBIDDEN).build();
     }
 }
diff --git a/...rc/test/groovy/org/apache/shiro/web/jaxrs/UnauthorizedExceptionExceptionMapperTest.groovy b/...rc/test/groovy/org/apache/shiro/web/jaxrs/UnauthorizedExceptionExceptionMapperTest.groovy
@@ -37,9 +37,9 @@ class UnauthorizedExceptionExceptionMapperTest {
 
     @Test
     void testUnauthorizedException() {
-        doTest(new UnauthorizedException("expected test exception."), Response.Status.UNAUTHORIZED, new UnauthorizedExceptionExceptionMapper())
-        doTest(new HostUnauthorizedException("expected test exception."), Response.Status.UNAUTHORIZED, new UnauthorizedExceptionExceptionMapper())
-        doTest(new UnauthenticatedException("expected test exception."), Response.Status.FORBIDDEN, new UnauthenticatedExceptionExceptionMapper())
+        doTest(new UnauthorizedException("expected test exception."), Response.Status.FORBIDDEN, new UnauthorizedExceptionExceptionMapper())
+        doTest(new HostUnauthorizedException("expected test exception."), Response.Status.FORBIDDEN, new UnauthorizedExceptionExceptionMapper())
+        doTest(new UnauthenticatedException("expected test exception."), Response.Status.UNAUTHORIZED, new UnauthenticatedExceptionExceptionMapper())
     }
 
     private static void doTest(AuthorizationException exception, Response.StatusType expectedStatus, ExceptionMapper<? extends Throwable> exceptionMapper) {