[undertow-dev] AuthMechanism called always?

[Bill Burke]

A user is reporting that our Keycloak AuthMechanism is being called even 
with unsecured resources.  They have constraints defined in web.xml, but 
if the constraint is unmatched (unsecure) the mechanism is still called.

Why is the auth mechanism called for unsecure resources?

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com