We noticed the error while upgrading to Wildfly 25. Wildfly 24.0.1 works fine.
Basically all request with basic auth that are sent to our deployed WARs are answered by Wildfly with "<html><head><title>Error</title></head><body>Unauthorized</body></html>; status code 401". The request don't even reach our code as we have seen in our logging.
This also breaks some of our WARs - which manage (Basic) Authentifcation in the application themselfs - completely.
I also read the release notes of Wildfly 25 and couldn't find anything that hints this behavior in the first place (note that some notes in https://www.wildfly.org/news/2021/10/05/WildFly25-Final-Released/ point to the old doc of Wildfly 24).
Deploy any WAR that exposes some kind of web-endpoint and send a request with Basic auth.
Example how to reproduce it with docker:
- Execute docker run --rm -it -p 8080:8080 -p 9990:9990 jboss/wildfly:25.0.0.Final sh
- Create an user (admin; password=admin) using wildfly/bin/add-user.sh admin admin
- Start the server wildfly/bin/standalone.sh -b 0.0.0.0 -bmanagement 0.0.0.0
- Open the browser at http://localhost:9990
- Login using admin admin
- Download/Deploy a war file with a web-endpoint, e.g. this [sample war from Tomcat](https://tomcat.apache.org/tomcat-7.0-doc/appdev/sample/)
- Try to access the page with Basic auth, e.g. with curl -u admin:admin http://localhost:8080/sample/
→ Returns <html><head><title>Error</title></head><body>Unauthorized</body></html> and status code 401
As no authentication was configured the page it should return the same when called with or without basic auth. (like it was in Wildfly 24.0.1)