[JBoss JIRA] (ELY-1948) wildfly-elytron HTTP JWT Bearer realm CORS

Wednesday, 25 March 2020

    [
https://issues.redhat.com/browse/ELY-1948?page=com.atlassian.jira.plugin....
] 

Darran Lofthouse commented on ELY-1948:
---------------------------------------

I think this will always be the nature of custom filters vs server managed authentication,
the authentication will always occur before the request is allowed through and be turned
around if it fails.

Having said that specific support for CORS before authentication may be a valid feature
request.

...
 wildfly-elytron HTTP JWT Bearer realm CORS
 ------------------------------------------

                 Key: ELY-1948
                 URL: https://issues.redhat.com/browse/ELY-1948
             Project: WildFly Elytron
          Issue Type: Bug
            Reporter: Jan Bárta
            Assignee: Darran Lofthouse
            Priority: Optional

 Hi,
 i found possible problem with HTTP Bearer JWT. 
 If you need create dynamically CORS by +own policy JAXRS filter+, then it will be problem
with expired/invalid (any other problem) JWT token. You will see CORS exception on
expired/invalid JWT because wildfly-elytron refuse request before own policy JAXRS filters
(as e.g. @PreMatching ContainerRequestFilter, ContainerResponseFilter). 

--
This message was sent by Atlassian Jira
(v7.13.8#713008)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006