Nevermind...You need this to queue up challenges just in case
ServletRequest.authenticate() is invoked.
On 12/22/2014 10:34 AM, Bill Burke wrote:
A user is reporting that our Keycloak AuthMechanism is being called
even
with unsecured resources. They have constraints defined in web.xml, but
if the constraint is unmatched (unsecure) the mechanism is still called.
Why is the auth mechanism called for unsecure resources?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com