[undertow-dev] AuthMechanism called always?
Bill Burke
bburke at redhat.com
Mon Dec 22 16:03:42 EST 2014
Nevermind...You need this to queue up challenges just in case
ServletRequest.authenticate() is invoked.
On 12/22/2014 10:34 AM, Bill Burke wrote:
> A user is reporting that our Keycloak AuthMechanism is being called even
> with unsecured resources. They have constraints defined in web.xml, but
> if the constraint is unmatched (unsecure) the mechanism is still called.
>
> Why is the auth mechanism called for unsecure resources?
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the undertow-dev
mailing list