[undertow-dev] AuthMechanism called always?
Stuart Douglas
sdouglas at redhat.com
Mon Dec 22 16:56:29 EST 2014
We always authenticate if the credentials are supplied, there is a way to change this in undertow core by changing the AuthenticationMode from PRO_ACTIVE to CONSTRAINT_DRIVEN, however I just realised we have not actually added this option to Servlet deployments. I have added this option to Undertow upstream so 1.2.0 will support it.
Stuart
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: undertow-dev at lists.jboss.org
> Sent: Tuesday, 23 December, 2014 8:03:42 AM
> Subject: Re: [undertow-dev] AuthMechanism called always?
>
> Nevermind...You need this to queue up challenges just in case
> ServletRequest.authenticate() is invoked.
>
> On 12/22/2014 10:34 AM, Bill Burke wrote:
> > A user is reporting that our Keycloak AuthMechanism is being called even
> > with unsecured resources. They have constraints defined in web.xml, but
> > if the constraint is unmatched (unsecure) the mechanism is still called.
> >
> > Why is the auth mechanism called for unsecure resources?
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>
More information about the undertow-dev
mailing list