[BSERV-3463] Invalid "Authorization" headers for basic auth result in 500 errors

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 2.4.2
Affects Version/s: 2.3.0
Component/s: None
Labels:
None

Bug Fix Policy:
View Atlassian Server bug fix policy

Parsing for the "Authorization" header is done outside the try/finally block, in StashAuthenticationFilter, but the code may throw a BadCredentialsException if the header is not valid. Since this is outside the exception handling, it results in a 500 error instead of a 401. This is particularly problematic for git hosting operations, which abort after a 500 instead of prompting for credentials like they would on a 401.

Form Name

No work has yet been logged on this issue.

Assignee:: Bryan Turner (Inactive)

Reporter:: Bryan Turner (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 17/May/2013 10:52 AM

Updated:: 20/May/2013 6:55 AM

Resolved:: 20/May/2013 6:55 AM

Details

Description

Attachments

Forms

Activity

People

Dates

Backbone Issue Sync