https://connect.hyland.com/t5/alfresco-archive/activiti-rest-returns-403-forbidden/m-p/127691#M89783 <HTML><HEAD></HEAD><BODY><SPAN>When we make an unauthenticated request to activiti-rest, we get a '403 forbidden' response.&nbsp; I believe the correct response should be a 401 unauthorized.&nbsp; This would enable normal rest clients (and web browsers) to properly interact with the basic authentication mechanism of activiti-rest.</SPAN></BODY></HTML> Thu, 04 Apr 2013 18:29:21 GMT groopk 2013-04-04T18:29:21Z https://connect.hyland.com/t5/alfresco-archive/activiti-rest-returns-403-forbidden/m-p/127691#M89783 When we make an unauthenticated request to activiti-rest, we get a '403 forbidden' response.&nbsp; I believe the correct response should be a 401 unauthorized.&nbsp; This would enable normal rest clients (and web browsers) to properly interact with the basic authentication mechanism of activiti-rest. Thu, 04 Apr 2013 18:29:21 GMT https://connect.hyland.com/t5/alfresco-archive/activiti-rest-returns-403-forbidden/m-p/127691#M89783 groopk 2013-04-04T18:29:21Z https://connect.hyland.com/t5/alfresco-archive/activiti-rest-returns-403-forbidden/m-p/127692#M89784 <HTML><HEAD></HEAD><BODY><SPAN>That's a coincidence, I stumbled upon that myself this morning when working on the docs for a new and improved REST-API that's coming up. This is indeed not right, as the 403 tells the client to NOT try again because authentication won't help either…</SPAN><BR /><BR /><SPAN>To not break backwards-compatibility with existing clients, the current REST-API will keep returning 403's. The new one, will return 401's as I docked this morning:</SPAN><BR /><BR /><BLOCKQUOTE class="jive-quote">Response Description<BR />200 - Ok The operation was successful and a response has been returned (GET and PUT requests).<BR />201 - Created The operation was successful and the entity has been created and is returned in the response-body (POST request).<BR />204 - No content The operation was successful and entity has been deleted and therefor there is no response-body returned (DELETE request).<BR />401 - Unauthorized The operation failed. The operation requires an Authentication header to be set. If this was present in the request, the supplied credentials are not valid or the user is not authorized to perform this operation.<BR />404 - Not found The operation failed.The requested resource was not found.<BR />405 - Method not allowed The operation failed. The used method is not allowed for this resource. Eg. trying to update (PUT) a deployment-resource will result in a 405 status.<BR />409 - Conflict The operation failed. The operation causes an update of a resource that has been updated by another operation, which makes the update no longer valid.<BR />500 - Internal server error The operation failed. An unexpected exception occured while executing the operation. The response-body contains details about the error.</BLOCKQUOTE></BODY></HTML> Fri, 05 Apr 2013 10:55:01 GMT https://connect.hyland.com/t5/alfresco-archive/activiti-rest-returns-403-forbidden/m-p/127692#M89784 frederikherema1 2013-04-05T10:55:01Z