[jboss-jira] [JBoss JIRA] (ELY-1963) Silent Basic let me access resource without credential
Darran Lofthouse (Jira)
issues at jboss.org
Wed May 13 12:25:58 EDT 2020
[ https://issues.redhat.com/browse/ELY-1963?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse moved WFWIP-154 to ELY-1963:
---------------------------------------------
Project: WildFly Elytron (was: WildFly WIP)
Key: ELY-1963 (was: WFWIP-154)
Component/s: HTTP
(was: Security)
> Silent Basic let me access resource without credential
> ------------------------------------------------------
>
> Key: ELY-1963
> URL: https://issues.redhat.com/browse/ELY-1963
> Project: WildFly Elytron
> Issue Type: Bug
> Components: HTTP
> Reporter: Martin Choma
> Priority: Major
> Attachments: SilentBasicMechTestCase-web.xml
>
>
> I use this configuration in web.xml {{<auth-method>BASIC?silent=true,FORM</auth-method>}} and I get 200 + content of protected resource when I access resource without credentials.
> If I use this configuration in web.xml {{<auth-method>BASIC?silent=true</auth-method>}} I get correctly empty content with 200 status code when I access without credentials.
> Zulip Chat 2019-01-04: https://wildfly.zulipchat.com/#narrow/stream/174178-eap/subject/EAP7-1154.20HTTP.20Basic.20Silent.20Operation
> Test Commit: https://github.com/mchoma/wildfly/commit/e191c211c7e224f835c933c31829e59777aa4008
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list