Bug 1317545 - REST API: Different HTTP error codes on different containers
Summary: REST API: Different HTTP error codes on different containers
Keywords:
Status: CLOSED EOL
Alias: None
Product: JBoss BPMS Platform 6
Classification: Retired
Component: Business Central
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ---
: ---
Assignee: Shelly McGowan
QA Contact: Lukáš Petrovický
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-03-14 13:59 UTC by Tomas Livora
Modified: 2020-03-27 19:47 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-03-27 19:47:16 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Tomas Livora 2016-03-14 13:59:18 UTC 
Description of problem:
If a user tries to make some REST API call without the required role for this action, the server returns an HTTP error code as expected. However, this code varies depending on which container is used to run the Business Central.

Version-Release number of selected component (if applicable):
6.3.0 DR2

Steps to Reproduce:
1. Try to start a process with a user without any process role.
2. See the server response on different containers.

Actual results:
401 Unauthorized - EAP and EWS
403 Forbidden - WebSphere and WebLogic

Expected results:
Either 401 or 403 on all containers.

Additional info:
It is not 100% sure how BPMS 6.3 behaves on WebLogic since there are bugs that prevent us from testing this (bug 1314445 and bug 1306309). But the behavior of BPMS 6.2 on WebLogic was the same as on WebSphere.
Comment 1 Tomas Livora 2016-04-25 14:30:50 UTC 
Note that this issue is present not only in BPMS (jBPM) REST API but also in the BRMS (Guvnor) one.
Note You need to log in before you can comment on or make changes to this bug.