-
Type: Bug
-
Status: Closed
-
Priority: Major
-
Resolution: Applied
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: REST/AtomPub Binding
-
Labels:None
permissionDenied (per Part I is "the caller of the service does not have sufficient permissions to perform the operation") is mapped to status 403 (Forbidden). The HTTP spec defines this status as "The server ... is refusing to fulfill [the request]. Authorization will not help..." This does not match with Part I's "insufficient permissions" (which implies that [re-]authorization could help). Seems to me the mapping should be to HTTP status 401 (Unauthorized), or at least should map to one of 401 or 403 as a repository decision.