[jboss-jira] [JBoss JIRA] (ELY-1948) wildfly-elytron HTTP JWT Bearer realm CORS
Darran Lofthouse (Jira)
issues at jboss.org
Wed Mar 25 08:28:52 EDT 2020
[ https://issues.redhat.com/browse/ELY-1948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14008538#comment-14008538 ]
Darran Lofthouse commented on ELY-1948:
---------------------------------------
I think this will always be the nature of custom filters vs server managed authentication, the authentication will always occur before the request is allowed through and be turned around if it fails.
Having said that specific support for CORS before authentication may be a valid feature request.
> wildfly-elytron HTTP JWT Bearer realm CORS
> ------------------------------------------
>
> Key: ELY-1948
> URL: https://issues.redhat.com/browse/ELY-1948
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Jan Bárta
> Assignee: Darran Lofthouse
> Priority: Optional
>
> Hi,
> i found possible problem with HTTP Bearer JWT.
> If you need create dynamically CORS by +own policy JAXRS filter+, then it will be problem with expired/invalid (any other problem) JWT token. You will see CORS exception on expired/invalid JWT because wildfly-elytron refuse request before own policy JAXRS filters (as e.g. @PreMatching ContainerRequestFilter, ContainerResponseFilter).
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list