These are chat archives for alvarosanchez/spring-security-rest

12th
Nov 2014
sbrady
@sbrady
Nov 12 2014 20:49
Hey @alvarosanchez , thanks for the release
I have a question/suggestion re rfc6750, I think when a user makes a request to a secured url with out any token, it should respond with a 401, (https://tools.ietf.org/html/rfc6750#section-3.1)
I'd expect to get a 403, when I have an authenticated token but my access scope is forbidden