laminelam opened a new pull request, #2416: URL: https://github.com/apache/solr/pull/2416
https://issues.apache.org/jira/browse/SOLR-17247 # Description MultiAuthPlugin does not return WWW-Authenticate' headers When returning a 401 response a Web application needs to indicate to the client what authentication challenges it supports, otherwise an exception like "HTTP protocol violation: Authentication challenge without WWW-Authenticate header“ is raised. Solr’s MultiAuthPlugin does not supports this. With this PR Solr would return the list of supported schemes (challenges). According to HTTP [RFC 7235](https://datatracker.ietf.org/doc/html/rfc7235#section-3.1): The 401 (Unauthorized) status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource. The server generating a 401 response MUST send a WWW-Authenticate header field ([Section 4.1](https://datatracker.ietf.org/doc/html/rfc7235#section-4.1)) containing at least one challenge applicable to the target resource. # Solution Add WWW-Authenticate' headers to error responses # Tests Added new test case for missing WWW-Authenticate' headers # Checklist Please review the following and check all that apply: - [x] I have reviewed the guidelines for [How to Contribute](https://github.com/apache/solr/blob/main/CONTRIBUTING.md) and my code conforms to the standards described there to the best of my ability. - [x] I have created a Jira issue and added the issue ID to my pull request title. - [x] I have given Solr maintainers [access](https://help.github.com/en/articles/allowing-changes-to-a-pull-request-branch-created-from-a-fork) to contribute to my PR branch. (optional but recommended) - [x] I have developed this patch against the `main` branch. - [x] I have run `./gradlew check`. - [x] I have added tests for my changes. - [ ] I have added documentation for the [Reference Guide](https://github.com/apache/solr/tree/main/solr/solr-ref-guide) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
