Merge pull request #2270 from darranl/ELY-2895

darranl · web-flow · commit ec690594ab93 · 2025-04-05T11:20:19.000+01:00
[ELY-2895] Revert "Merge pull request #2108 from darranl/ELY-2548"
diff --git a/http/basic/src/main/java/org/wildfly/security/http/basic/BasicAuthenticationMechanism.java b/http/basic/src/main/java/org/wildfly/security/http/basic/BasicAuthenticationMechanism.java
@@ -42,7 +42,6 @@
 import org.wildfly.common.iteration.ByteIterator;
 import org.wildfly.security.auth.callback.AvailableRealmsCallback;
 import org.wildfly.security.http.HttpAuthenticationException;
-import org.wildfly.security.http.HttpConstants;
 import org.wildfly.security.http.HttpServerRequest;
 import org.wildfly.security.http.HttpServerResponse;
 import org.wildfly.security.mechanism.http.UsernamePasswordAuthenticationMechanism;
@@ -171,7 +170,7 @@ public void evaluateRequest(final HttpServerRequest request) throws HttpAuthenti
                                 httpBasic.debugf("User %s authorization failed.", username);
                                 fail();
 
-                                request.authenticationFailed(httpBasic.authorizationFailed(username), response -> response.setStatusCode(HttpConstants.FORBIDDEN));
+                                request.authenticationFailed(httpBasic.authorizationFailed(username), response -> prepareResponse(request, displayRealmName, response));
                                 return;
                             }
 
diff --git a/tests/base/src/test/java/org/wildfly/security/http/basic/BasicAuthenticationMechanismTest.java b/tests/base/src/test/java/org/wildfly/security/http/basic/BasicAuthenticationMechanismTest.java
@@ -112,15 +112,4 @@ public void testStatefulBasicRFC7617Examples() throws Exception {
         testStatefulBasic("Aladdin", "WallyWorld", "open sesame", "basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==");
         testStatefulBasic("test", "foo", "123\u00A3", "BASIC dGVzdDoxMjPCow==");
     }
-
-    @Test
-    public void testBasicUnauthorizedUser() throws Exception {
-       HttpServerAuthenticationMechanism mechanism = basicFactory.createAuthenticationMechanism(HttpConstants.BASIC_NAME,
-                Collections.singletonMap(HttpConstants.CONFIG_REALM, "test-realm"), getCallbackHandler("unauthorizedUser", "test-realm", "password"));
-        TestingHttpServerRequest request = new TestingHttpServerRequest(new String[] {"Basic dW5hdXRob3JpemVkVXNlcjpwYXNzd29yZA=="});
-        mechanism.evaluateRequest(request);
-        Assert.assertEquals(Status.FAILED, request.getResult());
-        TestingHttpServerResponse response = request.getResponse();
-        Assert.assertEquals(HttpConstants.FORBIDDEN, response.getStatusCode());
-    }
 }
diff --git a/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java b/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java
@@ -544,11 +544,6 @@ protected CallbackHandler getCallbackHandler(String username, String realm, Stri
                 } else if (callback instanceof AuthorizeCallback) {
                     if (token != null) {
                         ((AuthorizeCallback) callback).setAuthorized(true);
-                    } else if(username.equalsIgnoreCase("unauthorizedUser")){
-                        ((AuthorizeCallback) callback).setAuthorized(false);
-                    } else if(username.equals(((AuthorizeCallback) callback).getAuthenticationID()) &&
-                       username.equals(((AuthorizeCallback) callback).getAuthorizationID())) {
-                        ((AuthorizeCallback) callback).setAuthorized(true);
                     } else {
                         if (username.equals(((AuthorizeCallback) callback).getAuthenticationID()) &&
                                 username.equals(((AuthorizeCallback) callback).getAuthorizationID())) {
