Martin Choma created WFWIP-154:
----------------------------------
Summary: Silent Basic let me access resource without credential
Key: WFWIP-154
URL:
https://issues.jboss.org/browse/WFWIP-154
Project: WildFly WIP
Issue Type: Bug
Components: Security
Reporter: Martin Choma
Assignee: Darran Lofthouse
Attachments: FormMechTestCase-web.xml, SilentBasicMechTestCase-web.xml
I use this configuration in web.xml
<auth-method>BASIC?silent=true,FORM</auth-method> and I get 200 + content of
protected resource when I access resource without credentials.
If I use this configuration in web.xml
<auth-method>BASIC?silent=true</auth-method> I get correctly empty content
with 200 status code when I access without credentials.
Zulip Chat 2019-01-04:
https://wildfly.zulipchat.com/#narrow/stream/174178-eap/subject/EAP7-1154...
Test Commit:
https://github.com/mchoma/wildfly/commit/e191c211c7e224f835c933c31829e597...
--
This message was sent by Atlassian Jira
(v7.12.1#712002)