A user is reporting that our Keycloak AuthMechanism is being called even
with unsecured resources. They have constraints defined in web.xml, but
if the constraint is unmatched (unsecure) the mechanism is still called.
Why is the auth mechanism called for unsecure resources?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com