HTTP Authentication Basic header is case sensitive -------------------------------------------------- Key: WFLY-5618 URL: https://issues.jboss.org/browse/WFLY-5618 Project: WildFly Issue Type: Bug Components: Web (Undertow) Affects Versions: 9.0.2.Final Environment: Wildfly 9.0.1.Final. Reporter: Karl Nicholas Assignee: Stuart Douglas Labels: authorization, http, security-constraint Fix For: 10.1.0.Final I wrote client code to login to a rest service with security-constraint. The client code must use an HTTP header of Authorization: Basic [Base 64 username:password]. If 'Basic' is sent as uppercase 'BASIC' it didn't work, but if sent as 'Basic' then it did work. I don't think the HTTP header fields should be case sensitive. https://tools.ietf.org/rfc/rfc2617.txt