Problem with HTTP Basic Authorization and certain object types

Alastair Irvine4 years ago

I can successfully use HTTP Basic Authorization to get the the /api/server endpoint.

However, when I try to access /api/devices?all=true I get a 401 Unauthorized response with text WebApplicationException (SecurityRequestFilter:113 < ...). However, I am definitely sending a Authorization: Basic ... header because I'm using the the same client object that worked to get the server details.

Anton Tananaev4 years ago

Server endpoint don't require any authorization.

Alastair Irvine4 years ago

The confusion on my part occurred because in the HTTP standard, there doesn't appear to be a semantic difference between the response when no Authorization header is supplied, vs. the response for an invalid password. And due to a server misconfiguration, the latter scenario was occurring when I thought it was the former.