[JBoss JIRA] (ELY-1963) Silent Basic let me access resource without credential

Friday, 18 September 2020

    [
https://issues.redhat.com/browse/ELY-1963?page=com.atlassian.jira.plugin....
] 

Diana Vilkolakova commented on ELY-1963:
----------------------------------------

Hello [~mchoma], the zulip chat link does not work for me. When
*<auth-method>BASIC?silent=true,FORM</auth-method>* is configured, and there
is no _Authorization_ header provided in the request, then the FORM authentication will
take place. The protected resource will be returned if the FORM authentication was
successful.

...
 Silent Basic let me access resource without credential
 ------------------------------------------------------

                 Key: ELY-1963
                 URL: https://issues.redhat.com/browse/ELY-1963
             Project: WildFly Elytron
          Issue Type: Bug
          Components: HTTP
            Reporter: Martin Choma
            Assignee: Diana Vilkolakova
            Priority: Major
         Attachments: SilentBasicMechTestCase-web.xml

 I use this configuration in web.xml
{{<auth-method>BASIC?silent=true,FORM</auth-method>}} and I get 200 + content
of protected resource when I access resource without credentials.
 If I use this configuration in web.xml
{{<auth-method>BASIC?silent=true</auth-method>}} I get correctly empty content
with 200 status code when I access without credentials. 
 Zulip Chat 2019-01-04:
https://wildfly.zulipchat.com/#narrow/stream/174178-eap/subject/EAP7-1154...
 Test Commit:
https://github.com/mchoma/wildfly/commit/e191c211c7e224f835c933c31829e597... 

--
This message was sent by Atlassian Jira
(v7.13.8#713008)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006