Re: [undertow-dev] Unprotected areas still trigger auth

On 14/11/13 17:34, Bill Burke wrote: Design but it can be disabled, we may still need to expose the option however. There are two reasons for this: - 1 - Authentication mechanisms based on mechanism specific processes once authentication has commenced, e.g. DIGEST where the nonce count is incremented on each request or the client or server are signing the request. 2 - Regular user demand that the authenticated identity is available to the web app even when the non secured resources are accessed.