Bug 975752
Summary: | A user isn't properly logged out in BASIC auth method | ||
---|---|---|---|
Product: | [Retired] JBoss BPMS Platform 6 | Reporter: | Ivo Bek <ibek> |
Component: | Business Central | Assignee: | Jervis Liu <jliu> |
Status: | CLOSED NOTABUG | QA Contact: | Ivo Bek <ibek> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.0.0 | CC: | jliu, mproctor, rzhang |
Target Milestone: | ER3 | ||
Target Release: | 6.0.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-09-23 11:33:39 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ivo Bek
2013-06-19 09:29:31 UTC
Not a bug. It is wrong to configure the whole webapp with basic authentication. Basic authentication is a per-request based authentication mechanism, it should only be used in circumstances like http based API access eg REST etc. Thus Basic authentication can not be used in web.xml to configure the whole web application. On the other hand, Basic authentication is already supported under the scene without any explicit configuration. If you send a http request with "Authorization" header to the REST server, the server will authentication the request using Basic authentication. If you send a http request without "Authorization" header, the server wont know which authentication schema the client is preferred thus the client will receive a login page as a challenge with 401 response code. Well this bug is quite out-dated and now it doesn't make sense to change the login config when we have https://bugzilla.redhat.com/show_bug.cgi?id=986208, so I think we can close it. |