[jbossseam-issues] [JBoss JIRA] Closed: (JBSEAM-2558) HTTP BASIC authentication support is broken

HTTP BASIC authentication support is broken ------------------------------------------- Key: JBSEAM-2558 URL: http://jira.jboss.com/jira/browse/JBSEAM-2558 Project: JBoss Seam Issue Type: Bug Components: Security Affects Versions: 2.0.1.GA, 2.0.1.CR2, 2.0.1.CR1, 2.0.0.GA Environment: JBoss AS 4.2.2GA, Seam 2.0.0GA Reporter: Alan Feng Assigned To: Shane Bryzak The class org.jboss.seam.web.AuthenticationFilter, which provides HTTP BASIC authentication support, throws exception and never performs the authentication. If the user access the site the first time and the page accessed is protected by HTTP BASIC authentication, a NPE will occur from the AuthenticationFilter.processBasicAuth() method. In addition, the AuthenticationFilter.processBasicAuth() method does not invoke the identity.authenticate() method to actually perform the authentication, although it parses the BASIC authentication headers properly. Please see the related forum post for detailed description of the problem and the proposed fixes.