The server requires JASPI authentication even if no security-constraint is defined ---------------------------------------------------------------------------------- Key: WFLY-5022 URL: https://issues.jboss.org/browse/WFLY-5022 Project: WildFly Issue Type: Bug Components: Security, Web (Undertow) Affects Versions: 10.0.0.Alpha6 Reporter: Josef Cacek Assignee: Stuart Douglas Priority: Critical Fix For: 10.0.0.Beta2 If JASPI authentication is configured in security domain, then the server requires authentication even if no security-constraint is defined for web application which uses the security domain. With the classic authentication is the behavior correct.