[jboss-jira] [JBoss JIRA] (WFWIP-154) Silent Basic let me access resource without credential

Martin Choma created WFWIP-154: ---------------------------------- Summary: Silent Basic let me access resource without credential Key: WFWIP-154 URL: https://issues.jboss.org/browse/WFWIP-154 Project: WildFly WIP Issue Type: Bug Components: Security Reporter: Martin Choma Assignee: Darran Lofthouse Attachments: FormMechTestCase-web.xml, SilentBasicMechTestCase-web.xml I use this configuration in web.xml <auth-method>BASIC?silent=true,FORM</auth-method> and I get 200 + content of protected resource when I access resource without credentials. If I use this configuration in web.xml <auth-method>BASIC?silent=true</auth-method> I get correctly empty content with 200 status code when I access without credentials. Zulip Chat 2019-01-04: https://wildfly.zulipchat.com/#narrow/stream/174178-eap/subject/EAP7-1154... Test Commit: https://github.com/mchoma/wildfly/commit/e191c211c7e224f835c933c31829e597... -- This message was sent by Atlassian Jira (v7.12.1#712002)