Bug 1317545

Summary: REST API: Different HTTP error codes on different containers
Product: [Retired] JBoss BPMS Platform 6 Reporter: Tomas Livora <tlivora>
Component: Business CentralAssignee: Shelly McGowan <smcgowan>
Status: CLOSED EOL QA Contact: Lukáš Petrovický <lpetrovi>
Severity: medium Docs Contact:
Priority: high    
Version: 6.3.0CC: kverlaen
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-27 19:47:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Tomas Livora 2016-03-14 13:59:18 UTC 
Description of problem:
If a user tries to make some REST API call without the required role for this action, the server returns an HTTP error code as expected. However, this code varies depending on which container is used to run the Business Central.

Version-Release number of selected component (if applicable):
6.3.0 DR2

Steps to Reproduce:
1. Try to start a process with a user without any process role.
2. See the server response on different containers.

Actual results:
401 Unauthorized - EAP and EWS
403 Forbidden - WebSphere and WebLogic

Expected results:
Either 401 or 403 on all containers.

Additional info:
It is not 100% sure how BPMS 6.3 behaves on WebLogic since there are bugs that prevent us from testing this (bug 1314445 and bug 1306309). But the behavior of BPMS 6.2 on WebLogic was the same as on WebSphere.
Comment 1 Tomas Livora 2016-04-25 14:30:50 UTC 
Note that this issue is present not only in BPMS (jBPM) REST API but also in the BRMS (Guvnor) one.