[jboss-jira] [JBoss JIRA] (WFLY-5022) The server requires JASPI authentication even if no security-constraint is defined
Josef Cacek (JIRA)
issues at jboss.org
Wed Jul 29 03:07:02 EDT 2015
[ https://issues.jboss.org/browse/WFLY-5022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13093749#comment-13093749 ]
Josef Cacek commented on WFLY-5022:
-----------------------------------
When the `proactive-authentication` is disabled, then the correct response comes.
Nevertheless, IMO it's still the bug - the behavior is not compatible with classic authentication.
> The server requires JASPI authentication even if no security-constraint is defined
> ----------------------------------------------------------------------------------
>
> Key: WFLY-5022
> URL: https://issues.jboss.org/browse/WFLY-5022
> Project: WildFly
> Issue Type: Bug
> Components: Security, Web (Undertow)
> Affects Versions: 10.0.0.Alpha6
> Reporter: Josef Cacek
> Assignee: Darran Lofthouse
> Priority: Critical
>
> If JASPI authentication is configured in security domain, then the server requires authentication even if no security-constraint is defined for web application which uses the security domain.
> With the classic authentication is the behavior correct.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list