[ https://issues.jboss.org/browse/WFLY-4618?page=com.atlassian.jira.plugin.... ] Ladislav Petera commented on WFLY-4618: --------------------------------------- Hello guys, I am implementing a JASPI SAM and having trouble following the proposed solution. Contrary to the JSR-196 (chapter 3.7.4) my SAM receives a "null" requestPolicy in ServerAuthModule.initialize call. Checking the isMandatory() property on a null does not work for obvious reasons. This behavior corresponds to what I see in the Pickebox code which is responsible for SAM initialization: [http://grepcode.com/file/repo1.maven.org/maven2/org.picketbox/picketbox/4...] I am Using Wildfly 9.0.2 Final. However decompiling the picketbox lib in 10.0 shows the same behaviour. This bug and all related bugs are marked as RESOLVED, so I would assume that unsecured resources via web.xml should work now. But from what I see, this cannot work yet. Am I missing something? Thanks a lot to anyone taking time to respond. -- This message was sent by Atlassian JIRA (v6.4.11#64026)