Barbican

API should return 401 for failed authorization and 403 when an authorized user does not have permissions for a resource

Bug #1291008 reported by Steven Gonzales on 2014-03-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Barbican	Fix Released	High	Steven Gonzales	Barbican icehouse

Bug Description

policy.PolicyNotAuthorized should return a 403 instead of a 401. The user is an authenticated user with valid credentials, they just don't have permissions to the resource.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-03-13: Fix merged to barbican (master)

Reviewed: https://review.openstack.org/79749
Committed: https://git.openstack.org/cgit/stackforge/barbican/commit/?id=8abef19c1e7291e8ed970acbfd6042374c2eeb55
Submitter: Jenkins
Branch: master

commit 8abef19c1e7291e8ed970acbfd6042374c2eeb55
Author: Steven Gonzales <email address hidden>
Date: Tue Mar 11 14:59:33 2014 -0500

Correct RBAC response codes

Change response code form 401 to 403 when an authenticated user attempts to access a resource they do not have permission to.

Closes-Bug: 1291008
Change-Id: I3954da658eaa73e96d0ba1eb91c0892bb03f5fea

Changed in barbican:
status:	New → Fix Committed

Revision history for this message

John Vrbanac (john.vrbanac) wrote on 2014-03-13:

Tests have been updated to reflect this change...

Changed in barbican:
assignee:	nobody → Steven Gonzales (stevendgonzales)

John Wood (john-wood-w) on 2014-04-15

Changed in barbican:
milestone:	none → icehouse
importance:	Undecided → High

John Vrbanac (john.vrbanac) on 2014-04-15

Changed in barbican:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1291009

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.