[undertow-dev] AuthMechanism called always?

A user is reporting that our Keycloak AuthMechanism is being called even with unsecured resources. They have constraints defined in web.xml, but if the constraint is unmatched (unsecure) the mechanism is still called. Why is the auth mechanism called for unsecure resources? -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com