OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cmis message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (CMIS-559) 3.4.1 common exceptions- permissionDenied exception issue

    [ http://tools.oasis-open.org/issues/browse/CMIS-559?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16750#action_16750 ] 

Al Brown commented on CMIS-559:

remove text in p1 (don't change 403 to 401)

> 3.4.1 common exceptions - permissionDenied exception issue
> ----------------------------------------------------------
>                 Key: CMIS-559
>                 URL: http://tools.oasis-open.org/issues/browse/CMIS-559
>             Project: OASIS Content Management Interoperability Services (CMIS) TC
>          Issue Type: Bug
>          Components: REST/AtomPub Binding
>    Affects Versions: Draft 0.70
>            Reporter: Ryan McVeigh
>            Assignee: Al Brown
> permissionDenied (per Part I is "the caller of the service does not have sufficient permissions to perform the operation") is mapped to status 403 (Forbidden). The HTTP spec defines this status as "The server ... is refusing to fulfill [the request]. Authorization will not help..." This does not match with Part I's "insufficient permissions" (which implies that [re-]authorization could help). Seems to me the mapping should be to HTTP status 401 (Unauthorized), or at least should map to one of 401 or 403 as a repository decision.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]