Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-15478

All requests with Basic-Auth to a deployment get intercepted and returned with 401 [Wildfly 25]



    • User Experience


      We noticed the error while upgrading to Wildfly 25. Wildfly 24.0.1 works fine.

      Basically all request with basic auth that are sent to our deployed WARs are answered by Wildfly with "<html><head><title>Error</title></head><body>Unauthorized</body></html>; status code 401". The request don't even reach our code as we have seen in our logging.

      This also breaks some of our WARs - which manage (Basic) Authentifcation in the application themselfs - completely.

      I also read the release notes of Wildfly 25 and couldn't find anything that hints this behavior in the first place (note that some notes in https://www.wildfly.org/news/2021/10/05/WildFly25-Final-Released/ point to the old doc of Wildfly 24).


       Steps to reproduce

      Deploy any WAR that exposes some kind of web-endpoint and send a request with Basic auth.

      Example how to reproduce it with docker:

      1. Execute docker run --rm -it -p 8080:8080 -p 9990:9990 jboss/wildfly:25.0.0.Final sh
      2. Create an user (admin; password=admin) using wildfly/bin/add-user.sh admin admin
      3. Start the server wildfly/bin/standalone.sh -b -bmanagement
      4. Open the browser at http://localhost:9990
      5. Login using admin admin
      6. Download/Deploy a war file with a web-endpoint, e.g. this [sample war from Tomcat](https://tomcat.apache.org/tomcat-7.0-doc/appdev/sample/)
      7. Try to access the page with Basic auth, e.g. with curl -u admin:admin http://localhost:8080/sample/

      → Returns <html><head><title>Error</title></head><body>Unauthorized</body></html> and status code 401

      As no authentication was configured the page it should return the same when called with or without basic auth. (like it was in Wildfly 24.0.1)


        Issue Links



              fjuma1@redhat.com Farah Juma
              ab-xdev Alexander B (Inactive)
              0 Vote for this issue
              3 Start watching this issue