-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
8.2.0.Final, 9.0.0.CR1
-
None
When using JASPIC authentication in web-projects, then serving unsecured resources (like unsecured pages, css/js-resources) ends in calling configured JASPI auth-modules.
The problem is located in class JASPIAuthenticationMechanism (Undertow extension) where SecurityContext is never asked if the request has to be authenticated.
So JASPIC can't be used wor web-applications which consist of secured AND unsecured parts.
- relates to
-
WFLY-5022 The server requires JASPI authentication even if no security-constraint is defined
- Closed